Suspicious Activity Reports (Part 2)

Part one of this two-part series in the March/April issue focused on law enforcement’s investigation of leads from Suspicious Activity Reports (SARs). In part two, financial service industry CFEs, attorneys, and former law enforcement officers offer inside tips on preparing accurate, complete SARs. – ed.

Among the myriad of SARs that the Financial Crimes Enforcement Network (FinCEN) receives each year, many are timely and informative enough to put investigators squarely on the trail of a financial criminal. In 2009, FinCEN released a description of one such case.

Two convicted fraudsters just didn’t have the cash to pay court-ordered penalties for preying on elderly investors. So what to do? Pull off another scheme to raise extra money. They began a multi-state advertising campaign to entice victims to buy nonexistent certificates of deposit (CDs).

They assembled a network of offices in several states staffed with hired workers to solicit investors. The fraudsters shuttled victims’ funds through a series of mail drops and ultimately into several shell accounts in a single bank.

However, alert bank staff reviewed transactions related to the accounts, filed a SAR, and notified law enforcement. The bank had become wary when the fraudsters repeatedly moved funds among their various business accounts, seemingly without any legitimate business purpose.

When bank staff carefully prepared a comprehensive SAR, they spelled out critical elements of the suspected crime in a detailed narrative:

• Memo lines on deposited checks referred to the purchase of CDs.
• The businesses’ CD investors were elderly and thus potentially vulnerable.
• The fraudsters withdrew funds from their accounts via checks made out to “cash,” all for amounts below the $10,000 CTR threshold.
• Pending an investigation, the bank froze one of the suspects’ accounts. Although its balance was $400,000, they protested only mildly, and their lawyer took no action.

Following the fraudsters’ arrest, indictment, and conviction for fraud and money laundering, law enforcement and prosecutors said the bank’s well-crafted SAR was instrumental in ending the scheme and jailing its perpetrators.

One defendant, who had led both schemes and refused to account for the rest of the stolen funds, received a 30-year sentence. His accomplice drew a seven-year term.

COLLABORATING WITH FINCEN 

Depository institutions filed 57 percent of the more than 650,000 SARs FinCEN received in the first six months of 2009. In many respects, Sovereign Bank is typical of such entities. It operates 750 branches and 2,300 ATMs from Maine to Maryland, offering various financial services including retail, business, and corporate banking. To protect its diverse locations, operations and customers from fraud, the bank closely cooperates with FinCEN.

Craig Sinnamon, CFE, manages a team of fraud investigators in Sovereign’s loss prevention and security unit in Reading, Pa. Sinnamon is responsible for SAR reporting, and quality control (QC) and maintenance of his department’s SAR policies and procedures. He said FinCEN’s publications and communications outreach are important weapons in his fraud-fighting arsenal.  

“The primary basis for our policies and procedures is FinCEN so that we can be sure we’re providing the information they need,” he said.

Sovereign’s SAR reporting process begins with its case management system, which Sinnamon’s staff uses to input data on potentially suspicious behavior or transactions. If the bank determines an activity is suspicious, a digital file is exported from the system for attachment to a SAR, which the bank submits through FinCEN’s BSA e-filing system. Before filing, Sovereign double-checks the entire SAR, including the narrative, to ensure its accuracy and completeness.

“You don’t want to constrain your staff by creating an iron-clad template [for writing SAR narratives],” Sinnamon said. “But do provide a formatting guideline everyone can follow to ensure the narrative contains everything it should.”

Sinnamon’s department notifies management of significant SAR cases as events occur, and the board-appointed audit committee receives detailed reports on particularly noteworthy SARs and filing trends. “These provisions should be so clear that if a bank examiner read them, he or she would completely understand all your SAR operations,” Sinnamon said.

Sinnamon said reports of potentially suspicious activity come to Sovereign’s loss prevention and security unit from the full gamut of sources – tellers, branch managers, regional operations managers, the wire room, Automated Clearing House operations, and debit card operations, among others. An analyst, an investigator, and the investigations manager review each case in sequence.  “After we decide whether or not to file a SAR, the investigations manager periodically reviews the case and posts its status in our case management system,” Sinnamon said. The system documents the reasons Sovereign might not have filed SARs after it initially flagged cases.

Sinnamon’s bottom line: “If I were advising a CFE in another bank, I’d recommend very detailed and comprehensive policies and procedures for filing SARs, as well as training staff to apply them consistently.”

But even with the best compliance provisions in place, maintaining morale on the front lines can be difficult because the fruits of financial institutions’ (FI) SAR-related labors are mostly shrouded in unavoidable secrecy.

Arnie Scher, CAMS, is a director at BDO Consulting in New York. His firm advises banks and brokerages under BSA enforcement actions by regulators. According to Scher, no one in the banking or securities industries knows what happens to SARs after they go into what is generally known as the “black hole.” He said that FinCEN reassures FIs by providing at conferences a few examples in which cases were successfully prosecuted because of a SAR or sometimes hundreds of SARs. (Throughout each year, in locations across the country, FinCEN participates in meetings, conferences, and other outreach efforts that foster its ongoing exchange of views and information with FIs.) Scher realizes FinCEN can’t be more detailed than that because it’s illegal to disclose anything about specific SARs.  

“The [statutory disclosure restrictions create] a tremendous amount of secrecy around the SAR process,” Scher said. “But everyone in law enforcement says they’re very useful, so I trust that.”

Even so, while Scher follows FinCEN’s directives and recommendations, he would like to see certain changes. “FinCEN doesn’t provide extensive guidance on completing the narrative – the data element most often completed poorly by FIs,” he said. As he understands it, FinCEN’s reasoning is that too much guidance would make it harder, not easier, for FI staff to fully describe an activity and explain why they think it’s suspicious. “I see their position,” he said. “But I think it sometimes results in unfocused narratives that don’t clearly provide the information law enforcement needs to investigate the reported activity.”

Bill Grassano, a spokesman for FinCEN, said it wants FIs to freely apply their expertise when writing SAR narratives. “We don’t want the narrative to be simply a checklist,” he said. “The FIs are on site, and we want them to use all their professional instincts to fully report what they’ve seen.”

SAR REPORTING: RESOLVING PROBLEMS AND UNDERSTANDING CONSEQUENCES 

Timothy Mohr, CFE, is a BDO partner and a colleague of Scher. He specializes in investigative due diligence and advises clients on determining whether and when to file a SAR.

“When you’re unsure that a situation warrants a SAR, don’t file one just to be safe,” Mohr said. It could cause an innocent party to unfairly lose its relationship with the bank, merely because you weren’t sure what to do, he said. But, he added, don’t go to the opposite extreme and fail to report suspicious activity.

If you’re unable to decide confidently on your own, Mohr recommended, seek guidance from colleagues and consult established policies and procedures, which every organization should have. “If you don’t follow them,” he said, “you’re doing your organization a disservice.”

Manage your risk proactively when establishing customer relationships, Mohr advised. Do the necessary enhanced due diligence before entering a relationship with a potential client of the FI. Find out where the client’s funds come from and go to.

“For a relatively small amount of time and money,” he said, “you’ll get the data you need to make an informed decision before any potential negative consequences can arise.”

Enhanced due diligence is the process of discovering all relevant background information on a potential customer. “For U.S. entities, a lot of the information you need is readily available in courthouse records or from other qualified sources,” Mohr said. Outside the United States, though, the availability of information varies from one country to another, so investigators must be familiar with the context and language in each investigation location. “Always obtain your information by legitimate methods from publicly available sources,” Mohr said.

By relying on confirmable sources, investigators can ensure their findings do justice to the subjects of their investigations. Few know this better than special agents of the Criminal Investigation Division (CID) of the Internal Revenue Service (IRS), whose probes are sometimes triggered by reports from unofficial sources. David Gannaway, CFE, served as an IRS special agent for 16 years, using SARs while leading investigations of BSA violations, money laundering, and fraud. He is now director of litigation and corporate financial advisory services for Marks Paneth & Shron LLP, a New York CPA firm that provides litigation and corporate advisory services.

For example, Gannaway said, when a member of the public informs the IRS that a third party has allegedly violated tax laws, the IRS routinely performs a background check on whomever reported the supposed infraction. Thus, by performing due diligence on the source of its information, the IRS minimizes the chance of mishandling the accusation or unnecessarily conducting an investigation.

Likewise, it’s essential that a financial services provider know its customers, Gannaway said. “SARs must contain clear and concise information. If an FI says a certain person executed a transaction but the FI didn’t verify his identification documents, it can’t be sure who that person is, and it may inadvertently report the name of someone not involved in the transaction.”

Another former IRS-CI special agent, David Landrum, CFE, shares Gannaway’s concern about reporting the facts accurately. Over the course of a 28-year IRS-CI career, Landrum saw how important it is to maintain a balance between effective crime-fighting and respect for the legal rights of individuals and organizations.

“When determining whether to file a SAR, investigators have to distinguish transactions that are merely unusual from those that are suspicious and must be reported to FinCEN,” he said.

Suppose a narcotics detective began depositing thousands of dollars in cash in an FI account, he said. It might be suspicious, or it might be merely unusual. An investigation could reveal the detective sells used cars as a sideline, which would explain the non-salary cash deposits. Investigators have to follow up on these possibilities to accurately determine if deposits are suspicious and therefore reportable to FinCEN.

“The reputational and financial damage to a person or a business unreasonably reported to be engaged in suspicious activity can be personally catastrophic to them,” Landrum said.

Now a principal of Ronin Resources in Mustang, Okla., Landrum advises FIs on BSA matters and provides BSA training to FI investigators and state and local law enforcement officers. During frequent engagements as a BSA QC reviewer, Landrum often finds FIs suffering the consequences of having small and inexperienced QC staffs.

“The QC manager should be a senior investigator and expert on the BSA, money laundering, and fraud,” he said. “And the QC staff should be a mix of law enforcement and industry experts who have come up through the ranks as CFEs or in a bank or brokerage as investigators with a good knowledge of investigative techniques and the BSA.”

The work is difficult, Landrum acknowledged. But he believes people choose a career in compliance because they want to make a valuable contribution to society. “That makes for good job satisfaction and strong camaraderie,” he said, “the same reasons people become CFEs.”

Robert Tie is a New York business writer and contributing editor at the AICPA’s Journal of Accountancy. 

The Association of Certified Fraud Examiners assumes sole copyright of any article published on www.Fraud-Magazine.com or ACFE.com. Permission of the publisher is required before an article can be copied or reproduced. 

FINCEN SAR and 314(A) Resources

• Suspicious Activity Reporting Guidance 
• SAR Activity Review Trends, Tips and Issues 
• SAR Activity Review – By the Numbers 
• SAR Narrative Guidance 
• Section 314(a) Final Rule 
• FinCEN 314(a) Fact Sheet 

Greater Sharing of Information

On Feb. 10, FinCEN issued a final rule that expanded section 314(a) of the USA PATRIOT Act. One of the BSA’s purposes is to facilitate information-sharing among governmental entities and financial institutions (FIs) to combat terrorism and money laundering.

Since 2002, FinCEN’s regulations under section 314(a) have enabled federal law enforcement agencies to ask FIs, through FinCEN, if they maintain accounts for certain individuals named in the inquiry. This provision has enhanced federal law enforcement’s ability to further investigate suspicions it had about named individuals’ involvement in money laundering or financing of terrorism.

The new rule makes this capability available to additional law enforcement agencies and satisfies obligations the United States assumed as part of its Agreement on Mutual Legal Assistance with the European Union (EU). The United States entered into this treaty to streamline extradition proceedings that had become inefficient under earlier individual agreements between the United States and the 27 EU member states. The rule conforms FinCEN’s 314(a) program to the treaty.

Under the expanded provisions, EU law enforcement agencies and U.S. state and local law enforcement agencies can make 314(a) requests. The agreement also entitles U.S. law enforcement agencies and FinCEN to make equivalent inquiries of EU FIs.

Jamal El-Hindi, FinCEN’s associate director for regulatory policy and programs, said that even though FinCEN didn’t initiate the expanded provision, it supports the broader sharing of investigative information so all law enforcement agencies can better detect and deter money laundering and terrorism-related activities – the only crimes to which 314(a) applies. El-Hindi said the 314(a) process won’t change for FIs, although the sources of inquiries will expand.

Although the entire universe of about 55,000 FIs currently subject to FinCEN rules could be asked to respond to 314(a) requests, FinCEN presently plans to continue sending requests only to approximately 20,000 FIs, most of which are depository institutions and broker-dealers. “FinCEN is ensuring that FIs will not be burdened unnecessarily,” El-Hindi said.

Kenneth D. Bell, an attorney in the Government, Regulatory, and Criminal Investigations Department of McGuire Woods in Charlotte, N.C., a law firm serving corporate clients, said the expanded 314(a) provisions are a wake-up call to FIs.

“If law enforcement is suspicious of someone who turns out to be one of an FI’s account holders, the FI should make sure it understands everything about that person’s relationship with the institution,” he said. “That could include other customers or account holders, perhaps in different lines of business in the same FI. It’s important not to let business ‘silos’ interfere with understanding the FI’s entire relationship with the subject of a 314(a) request. Having that capability, and using it proactively, strengthens an FI’s anti-money laundering and BSA compliance.”