Key elements of an effective SAR investigation
The documentation process and completion requirements for suspicious activity reports (SARs) get a lot of attention among financial institutions, but the criteria needed to conduct a proper suspicious activity investigation in the first place can be subject to misunderstanding.
Investigating suspicious activity is a critical part of compliance with the Bank Secrecy Act (BSA), as it helps to prevent money laundering, terrorist financing and other financial crimes. Financial institutions have a responsibility to establish and maintain an effective anti-money laundering (AML) program, which includes procedures for detecting and reporting suspicious activity.
A suspicious activity investigation is most likely to begin in one of three ways:
- Alerts generated from the financial institution’s automated surveillance monitoring (ASM) system such as Verafin, FCRM or YellowHammer
- Notification of activity from frontline staff
- Monitoring of internal system reports created to show specific types of activity
The way in which the investigation is built can vary depending on which of these avenues is used to notify the BSA officer of a potentially concerning situation or transaction. They all, however, should follow a similar standard with respect to investigating and documenting the results.
A solid SAR investigation starts with obtaining an understanding of the behavior that prompted the notification or alert. The investigator should gather all available information about the transaction or activity in question. This may include transaction records, customer information and any other relevant data.
Avoiding an unintentional disclosure
Depending on the circumstances, it may also be appropriate to have a conversation with the customer. This can be an effective tool in making a determination regarding the nature of the transaction or activity and whether there was a legitimate purpose. These conversations should be carefully constructed to avoid unintentionally disclosing the possibility of a SAR filing.
Once all the facts surrounding the investigation are gathered, the information should be analyzed to identify any unusual patterns or trends. A detailed narrative should be prepared and retained. The narrative should clearly outline the circumstances of the triggering behavior and the methodology behind the investigation, such as pertinent due diligence facts, prior history with the customer in question and data regarding historical transaction patterns.
When a SAR is not warranted
What’s also needed is clear documentation of the conclusion and why that conclusion was appropriate, including the reasons behind any decision not to file a SAR. The timeline of events should be clearly spelled out within the records of the investigation.
It is imperative that the documentation retained to support the investigation fully address the underlying behavior and the financial institution’s thought process on why that behavior was not suspicious in nature, along with pertinent documentation used to support the investigation.
General notes such as “normal activity” or “one-time transaction” are insufficient to explain a well thought-out investigation.
Financial institutions must take suspicious activity seriously and to that end, conduct thorough and timely investigations. Failure to do so can result in significant penalties, including fines and reputation damage.
But the fundamental reason for conducting an effective investigation of suspicious activity is that it can help to prevent financial crimes and protect the integrity of the financial system.
How Wipfli can help
Detecting and reporting suspicious activity involves many complex rules. Financial institutions have an important obligation to prepare a concise and comprehensive SAR narrative to support law enforcement. Wipfli is a trusted partner who can assist your organization in meetings its compliance requirements under the Bank Secrecy Act.
Contact us for help or continue reading:
