Financial services firms are required to issue Suspicious Activity Reports (SARs) when they suspect money laundering or other illicit activities. This includes transactions of around $10,000 or structured transactions that break up the movement of money. A bank must file a SAR no later than 30 calendar days after the initial detection and maintain records for up to 5 years. Obviously this generates enormous amounts of data and $10K today is not the same amount when compared to just a few years ago.
In an update to SARs reporting, FinCEN, part of the US Department of Treasury, states that you do not always need to report these larger transactions. To quote the FAQ:
“The mere presence of a transaction or series of transactions by or on behalf of the same person at or near the $10,000 CTR [currency transaction reporting] threshold is not information sufficient to require the filing of a SAR. Financial institutions are only required to file a SAR if the institution knows, suspects, or has reason to suspect that the transaction or series of transactions are designed to evade CTR reporting requirements. Absent this knowledge, suspicion, or reason to suspect, financial institutions are not required to file a SAR.”
Emily Griffin, Director of Financial Crimes Practice at Moody’s, has issued a statement welcoming this change.
“The Financial Crimes Enforcement Network’s (FinCEN) updated FAQs regarding Suspicious Activity Reports (SARs) is a step toward reducing the volume of low-value reports, allowing banks to focus resources on truly suspicious activity. However, while the guidance may streamline compliance, larger financial institutions are unlikely to abandon their internal ‘No SAR’ documentation processes. These banks already use case management tools that capture and compile alerts, review transactions, and compose narratives explaining why a SAR wasn’t filed which provide a clearer audit trail for regulators and future investigations.”
Griffin says that smaller institutions may struggle to replicate this rigor without similar infrastructure but current practices will probably persist.
“Ultimately, while the regulatory shift is positive, the industry will likely continue to rely on robust internal documentation to mitigate risk and maintain accountability,” she says.
