German authorities earlier this month reportedly raided the offices of the financial intelligence unit (FIU) in the city of Cologne. Picture the scene:
German authorities: “Open up, it’s the police.”
FIU staff: “Wait, we are the police” (well customs, but you get the line).
The raid was conducted because the FIU staff had allegedly failed, in a timely manner, to forward eight suspicious activity reports (SARs) to be further investigated. Some FIU staff are now the subject of a criminal investigation, accused of obstructing justice.
“Too little, too late,” a German prosecutor has protested. In Germany, banks block some suspicious transactions when reporting the same to the FIU. The FIU then has three days to take further action, failing which the bank can complete the transaction. It was widely reported the FIU had fallen behind, and a significant backlog of some 45,000-plus SARs materialized.
The situation in Germany is not unique, and over time “SARchasms” have cropped up in multiple countries. In the United States over 4 million SARs are filed annually; in the United Kingdom the number is in excess of 500,000. In both countries there are insufficient law enforcement resources allocated to the assessment and investigation of the suspicions reported within the SARs. All too often the SARs find a resting place in a big black hole—a repository of intelligence that is not fully exploited but remains available to law enforcement to search, screen, and cross-reference against.
The German case perhaps illustrates a system that is not working. One public body has taken action against another public authority, but can the private sector demand more from the public sector? Moreover, is the private sector obliged to take action against the public sector, pursuant to the expenditure of shareholder funds wasted if the public sector takes no or inadequate action?
Some say there are too many SARs, and legislators have failed to take action to tend to the issue. Consequently, banks and other regulated businesses continue to spend significant sums monitoring, assessing, and reporting transactions that appear to them to be suspicious. The level of expenditure and application of resources is not matched by the public sector, resulting in reporting for the sake of reporting without any meaningful outcome.
In Australia there are tens of millions of reports filed every year. Not all of them are SARs—most are mandatory threshold reports or international fund transfers. The reports are extensively used by law enforcement to track suspects and their funds, as well as the identification of hitherto unknown associations. Interestingly, it is the reports banks fail to file that all too often generate most interest to law enforcement officials.
An enforcement action against Commonwealth Bank of Australia arose because law enforcement officers witnessed the suspect paying large sums of cash into smart ATMs. Subsequently, the law enforcement officers waited for the bank to file a mandatory cash transaction report (CTR), in order to establish which account/s the cash was paid into. Much to the irritation of the law enforcement officers, the CTR, along with thousands of others, was not filed, and the bank paid a $700 million penalty.
Similarly, police officers sought copies of “international fund transfer instructions” (IFTIs) submitted by Westpac regarding payments made by sex offenders travelling to Asia. There were no reports, and Westpac is now the subject of charges asserting the bank failed to submit 23 million IFTIs.
The mandatory threshold and IFTI reports add to an intelligence database and are not intended to provoke immediate investigations. It is because law enforcement officers know what transactions should be reported that they screen the databases for transactions connected to, or undertaken by, the parties they may be investigating. SARs are to some extent random, but all should clearly present grounds for the suspicion that gives rise to the filing of the report. It is a legal requirement for regulated firms and banks to file SARs, regardless of the value of any associated transaction/s.
It is acknowledged law enforcement agencies around the world have finite resources, and they must prioritize how such resources are deployed. Many police forces do not investigate low fiscal value crimes, including theft and online fraud, but nonetheless banks and regulated firms are legally obliged to file SARs regarding such crimes.
If the global anti-money laundering (AML) community, including regulators, law enforcement officials, and compliance professionals, wants to be more successful in the fight against money launderers, there is need for a new approach. There is a need for improved collaboration, targeting of all resources, and recognition that too much valuable time is spent filing too many low-value SARs that will never become the subject of any law enforcement action.
The process runs contrary to the application of a risk-based approach to AML, and consequently, too much time is spent achieving too little. Action needs to be taken to generate better outcomes before it is too late for many more overworked AML professionals, be they compliance officers or law enforcement officers.