Are you in compliance?

Don't miss out! Sign up today for our weekly newsletters and stay abreast of important GRC-related information and news.

Get updates on Compliance Week offerings, including new features, databases, research, and other resources, along with announcements of upcoming Webcasts, conferences, seminars, CPE/CLE opportunities and more.

Published every Thursday, Compliance Week Europe offers a condensed summary of risk, audit, and compliance news either originating in Europe, or of special interest to European compliance professionals. This newsletter will follow developments by the European Commission, as well as those of national governments across the region, or any U.S.-based news that might have consequence across the Atlantic. Frequency: weekly; Thursday a.m.

A fresh edition of Compliance Week delivered via e-mail and online every Tuesday morning, relentlessly focused on the disclosure, reporting and compliance requirements of our 25,000+ paying subscribers.

Published every Friday, Compliance Weekend was launched at the behest of subscribers, and offers a quick Plain English review of the week's key developments. We hope you enjoy this supplement to Compliance Week's Tuesday edition.

The Battle to Balance Vigilance and Suspicion

Carole Switzer | June 4, 2013

While they would never utter the
words “Why bother?” aloud,
and even suggesting they might
think it is bound to be controversial, frustrated
financial services professionals
can be excused if they occasionally feel
this phrase forming in their minds when
thinking about their role in the ongoing
battle against money laundering.

After all, the magnitude of this conflict—not to mention the scope of complying
with anti-money laundering (AML)
regulations—is staggering.

For starters, banks must file a suspicious
activity report (SAR) when suspicious
activity arises. What qualifies as a
suspicion often is a difficult question—as
is the determination of whether or not to
file a SAR. The filing
of too many (and/or incomplete) SARs
can overwhelm regulatory
agencies, reducing
their ability
to address genuine
criminal activity. File
too few SARs and a
company can turn a
blind eye to potential
money laundering, opening itself and, in
some cases, its top managers to significant

This explains why the most effective
AML programs are based on the understanding
that financial institutions have
an obligation to all of their stakeholders to
remain vigilant about AML risks. Banks
are not required to prove money laundering;
rather they are required to strike the
right balance in their vigilant reporting of
suspicious activity.

The investigation lifecycle marks a
crucial enabler of this vigilance as well
as a facilitator of balance. The lifecycle's
purpose is to signal a possible AML issue
and then follow up by investigating it in
a thorough manner. Alerts and investigations
also represent complex challenges.
Leading AML programs field high volumes
of inbound alerts, the vast majority
of which wind up being false alarms after
subsequent scrutiny.

Striking the right detection/investigation
balance is tricky, as this pop quiz
demonstrates: Which of the following activities
qualify as potentially suspicious,
and which are red herrings?

  • The stated occupation of the customer
    is not commensurate with the
    types or level of activity;
  • A customer's home or business telephone
    is disconnected;
  • A customer makes frequent or large
    transactions and has no record of past
    or present employment experience;
  • Fund transfers are sent or received
    from the same person to or from different
  • A retail business has dramatically
    different patterns of currency deposits
    from similar businesses in the
    same general location; or
  • Unusually high levels of transactions
    are initiated over the Internet or by

The answer is that they are all money
laundering and terrorist financing red
flags, according to the Federal Financial
Institutions Examination Council
(FFIEC), whose Website lists these
among more than 135 other potentially
suspicious activities.

The variety of these red flags is staggering:
some relate to individual customers,
others to business; some concern automated
clearing house (ACH) transactions
while others involve lending activity;
some are conducted by employees while
others may indicate terrorist financing.

The FFIEC emphasizes that management's
primary AML responsibility is to
report suspicious activities in a clear and
timely fashion, rather than to prove that
suspicious activity actually qualifies as
money laundering, terrorist financing,
or another serious crime.

Still, the reporting alone qualifies as
extremely difficult work. The complexity
and high volume of potential alerts an
effective AML program must be prepared
to issue and investigate help explain why
the investigation cycle should:

1. Consistently challenge past and current
2. Continually adapt to new variations
of AML activities and tip-offs; and
3. Sustain a vigilant monitoring capability.

Achieving and sustaining these practices
requires a holistic and integrated
GRC approach that cultivates a speak-up
culture. These capabilities also require an
ongoing emphasis on documentation and,
wherever possible, supporting technology
that replaces the investigation's human
capital requirements with automated

Like an integrated GRC capability,
an effective AML program anchored by
a responsive investigation lifecycle takes
time and care to nurture and promote.
It should be systematically developed
through specific steps, practices, and
processes that establish transparency;
encourage communication and understanding;
and enable identification of
risks and appropriate controls and responses
to incidents and the potential
for issues.

It's arduous, highly collaborative, and
document-intensive work. Yet, it ultimately
proves a much more effective approach
to sustaining a company's honesty
and integrity than getting caught up in

Suspicious Activity Investigation and Reporting: An OCEG Roundtable

Switzer: The Bank Secrecy Act of 1970
requires financial institutions in the
United States to assist U.S. government
agencies to detect and prevent money
laundering, including a requirement to
file a suspicious activity report (SAR)
in some circumstances. Tom, what
kicks off a SAR requirement?

Raad: According to the Financial
Crimes Enforcement Network (“Fin-
CEN”), an AML-related SAR must be
filed when an institution becomes aware
of known or suspicious criminal activity
or transactions over $5,000 involving
money laundering or that violate
the Bank Secrecy Act. This starts with
the generation of alerts based on a set
of pre-defined rules then triaged into a
case for further investigation. The investigation
involves research for negative
news on the originating and beneficiary
parties of the alerted transactions,
inquiries to personnel maintaining the
relationship with the client and/or other
financial institutions as well as a detailed
analysis of the transactional data.
Financial institutions are then required
to file a SAR when they have enough information
to suspect that illegal activity
is taking place, or when they can't substantiate
a reasonable explanation for
the purpose of the transaction.

Switzer: Just how certain do you need
to be that money laundering may be
taking place before you file a SAR? Is it
better to err on the side of over-reporting
rather than spending time and resources
on investigation of suspicions?

Raad: The role institutions play is to assist
law enforcement agencies in detecting
suspicious behavior that may indicate
financial crimes. That being said,
an institution is often aware of only one
thread of the web and is not required to
unveil the entire scheme. This helps law
enforcement agencies put all the pieces
of the puzzle together. It is important
however, to strike a balance between
filing meaningful and helpful information
and filing as soon as an alert is generated,
generally erring on the side of
over-reporting. However, over-reporting
suspicious activity could eventually
overwhelm agencies and bury actual
serious activity. As such, regulators will
eventually comment on over-reporting
of SARs that do not, to a minimum,
satisfy FinCEN's guidance on filing a
complete and sufficient SAR narrative
that tells a meaningful story—the who,
what, when, where, and why?


Carole Switzer,

Thomas O'Donnell,
Senior Manager,
Ernst & Young

Walid Raad,
Senior Manager,
Ernst & Young

Andrew Yuille,
VP, Business
Segment Marketing,
Thomson Reuters

Source: OCEG.

Yuille: There is no doubt that sometimes
it can be hard to strike the right balance,
particularly as an isolated activity
or transaction has little context for
the AML team at the institution. Where
FIUs share data on SARs with institutions
they will often comment that the
majority of SARs come from a few institutions
and that there is sometimes
an indication that some institutions
file “defensively.” Flooding the system
with SARs is clearly not what is intended,
and most agencies publish guidance
notes to ensure that the focus is right.

Switzer: When you investigate, what are
you trying to determine?

Raad: The purpose of an investigation
is to gather the relevant facts and information
regarding suspicious activity
that would assist law enforcement in
gathering evidence that money laundering
was indeed occurring. An institution
investigates primarily to present
the facts uncovered and report on critical
items for law enforcement, such as
suspect names and amounts, and any
relevant commentary from responses
received from relationship managers
or 314(b) inquiries (section 314(b) of
the USA PATRIOT Act allows financial
institutions to share information
with one another in order to identify
suspicious activity involving money
laundering and terrorist financing). It
is not the institution's responsibility to
prove money laundering is occurring,
as the institution is not privy to all activity
that the suspect(s) may be part of
elsewhere. Typically, law enforcement
uses the information gathered through
several institutions' SAR filings in order
to build a case against one or more
individuals and/or entities.

Yuille: The objective is to identify suspicious
activity and to investigate concerning
activity to a level of confidence
that it is suspicious and therefore warrants
a SAR. Reviewing actual cases of
money laundering highlights the sophistication
behind the crime and the
significant number of activities that
supported the investigation, some of
which will have traversed the financial
community and may have triggered
a SAR. The role of the AML team is
to identify the suspicious activity and
pass the details to law enforcement via
a SAR; it is then the role of law enforcement
to add this intelligence into a wider
investigation, or to discount it.

Switzer: Do you turn over the files of
your investigation, or the findings, to
the government when you do file a SAR
after an investigation?

Raad: While it is important for an institution
to maintain internal documentation
for the facts and findings gathered
during the course of an investigation,
the actual information that is presented
from the institution to government law
enforcement agencies, primarily the
FinCEN, is through the BSA SAR e-
Filing System. The critical fields within
the SAR form of this electronic filing
system should be easily obtainable
from the case documentation and assist
law enforcement in categorizing activity.
This form also contains contact information
should the suspicious activity
warrant further explanation for law
enforcement. It is worth noting though,
that FinCEN is implementing, starting
April 2013, a new online filing system
that allows financial institutions to attach
(upload) documentation that they
deem relevant and helpful to law enforcement
agencies as they investigate
the suspicious activity reported.

Yuille: The specific requirements for the
filing of SARs vary by jurisdiction albeit
that the general principles are the
same. The volume of SARs flowing into
any of the agencies is significant, hence
the increased use of electronic gateways.
While SARs of immediate concern
will be acted on, in many cases the
content of a SAR is more likely to be
mined by sophisticated software tools
to identify information that can support
a much wider intelligence-led approach
to policing and investigations.
When preparing a SAR it is also worth
considering that in some jurisdictions
the subject of a SAR can request access
to the report and seek to challenge the
content through the courts. Although
this is a rare occurrence it is worth considering
during the preparation.

Switzer: Andrew, in addition to case
management tools and external AML
databases, what sort of software can
support the investigative process?

Yuille: The volume of client and transaction
data moving through an organization
of any scale mandates the use of
specialist software to identify potentially
suspicious activity. During client
on-boarding or reviews of existing
accounts, ID details may be verified
and enhanced using external databases
typically compiled from government
and public records prior to undertaking
due diligence using specialist AML,
CFT and sanctions databases and/
or commissioning enhanced due diligence.
Routine due diligence typical requires
software that uses sophisticated
matching and rules engines to identify
client records that require further review
based on legislation, regulations,
and the institution's own policies. Following
on-boarding, rules-based transaction
surveillance software can be
used to monitor account activity and
payments for potentially suspicious
behavior. Ideally these systems will be
connected to a workflow engine and
case management tool that enables the
compliance team to investigate alerts
for suspicious behavior and review the
history of earlier alerts.

Switzer: What is the potential outcome
for a bank if it does not have a strong
approach to investigating and reporting
suspicious activity? I see that these procedures
are part of what the bank examiners
look at, but what happens if the examiner's
conclusion is that the procedures are
weak, or are not implemented well?

O'Donnell: A bank that doesn't perform
adequate investigations or fails
to report suspicious activity could face
regulatory fines and/or orders. These
can include impacts from requiring
lookbacks (which can cost millions of
dollars) to inability to onboard new
customers or develop new products to
failure to receive approval for ongoing
bank activities. If the bank continues to
ignore regulatory mandates or is found
to have willfully facilitated money
laundering, it could be shut down (this
has only happened a couple of times—
Riggs bank being the most notable).
There can also be personal liability issues
for AML compliance officers including
jail time and fines though these
have more commonly been imposed
where such an officer was found to have
actually facilitated money laundering
rather than doing an inadequate job.
For overfiling, there haven't been as
many regulatory findings directly but
there have been fines and orders related
to SAR quality (including lookbacks)
which is sometimes a back door way of
imposing fines for overfiling as well as
orders related to improving investigative
procedures (ranging from MRAs
to MRIAs to Consent/C&D orders).

Yuille: AML best practice frameworks
have evolved significantly over the last
decade and are now generally well understood,
well documented, and supported
by some outstanding tools and
education programs so outcomes similar
to Riggs are rare. Approach varies
globally but generally review by regulators
will initially result in changes to
internal controls and processes rather
than enforcement. ‘Lookbacks' can
have challenges, not least understanding
the full context of the original decision
so comprehensive records on the reason
a decision was taken, in the context of
the then current regulations and procedures.
are an important discipline.