facta1104_qanda - BOL Learning Connect
facta1104_qanda - BOL Learning Connect
facta1104_qanda - BOL Learning Connect
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
Suspicious Activity Reporting<br />
2004<br />
Questions and Answers<br />
by<br />
Ken Golliher<br />
SAR FILING AND ADMINISTRATION<br />
Question: What is really suspicious activity? Does it mean we have to think<br />
there is illegal activity? Example, we have someone who is depositing $5,000<br />
into each kid's account (cash). Although we don't think she is suspicious, but<br />
since it is cash do you report it?<br />
Answer: As noted during the presentation, the paragraph at the bottom of page<br />
18 is the best description of what is “suspicious.” In addition to that, you look for<br />
a violation of federal criminal law that involves an amount above any applicable<br />
dollar threshold. The fact that cash is involved is a factor, but the presence of<br />
cash alone does not make your decision.<br />
Question: Is a name used by a suspect sufficient to "identify a suspect" for SAR<br />
reporting purposes even though it may be bogus? In other words, is he a "known<br />
or unknown" suspect?<br />
Answer: Oftentimes, you are not in a position to verify the identity of the<br />
suspect. As long as you do not believe that the suspect has stolen the name of a<br />
victim, I suggest you consider the information you have as identifying a known<br />
suspect.<br />
Question: Does the dollar threshold apply in true ID cases?<br />
Answer: Yes, the dollar threshold applies. In most ID theft cases, you<br />
generally only know the identity of the victim, not the suspect so the threshold for<br />
reporting is high..<br />
Copyright, 2004, Pegasus Educational Services, LLC. 1
Question: What SAR reportable activities do not have a $ threshold other than<br />
computer intrusion and terrorist financing? Are there any others?<br />
Answer: A literal reading of the agency regulations indicates insider abuse is<br />
the only reportable activity that is not specifically tied to a dollar threshold.<br />
As a practical matter, a computer intrusion may not involve any specific dollar<br />
amount. However, considering the potential effects on the bank and its<br />
customers, it would not be difficult to hypothesize an enormous amount of<br />
damage. My suggestion is that you report all computer intrusions – do not stall<br />
while trying to precisely calculate an amount that is no more than hypothetical in<br />
any circumstance. While terrorist financing is technically tied to a dollar amount,<br />
filling a voluntary SAR is always permissible. It is one of the few instances where<br />
I believe voluntary SAR filing is unquestionably appropriate.<br />
Question: Is there a dollar threshold for Computer Intrusion SARs?<br />
Answer: Literally, yes. However, as noted above, assigning any specific dollar<br />
amount to a computer intrusion would be an exercise in subjectivity. Report it.<br />
Question: I was a little confused on a response you gave to a question in your<br />
first Q&A. From what I understood, the question was that the bank was<br />
encountering losses from Check Fraud and asked if they should be reporting<br />
these on a SAR. I understood you to say that they should, but I didn't hear you<br />
qualify that with any amounts (triggers). Is this correct?<br />
Answer: Dollar thresholds apply in all cases other than insider abuse.<br />
Question: How do we know which offenses are federal crimes?<br />
Answer: There is a link on page 36 of your materials to the SAR Activity Guide<br />
where the various federal crimes are explained.<br />
Question: What about sharing SAR with agents of the bank such as outside<br />
attorney or a bank underwriter?<br />
Answer: The statutory prohibition on SAR disclosure is aimed at assuring that<br />
the object of the SAR is not told of its existence. The regulation makes the<br />
prohibition seem more absolute. Obviously, limiting the information to those who<br />
“need to know” wherever possible helps assure the object of the filing does not<br />
learn of its existence. If “sharing” means allowing service providers to review the<br />
form in the ordinary course of their services, it is a practical necessity. However,<br />
my opinion is that sharing should stop short of providing copies that might leave<br />
your institution.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 2
Question: Relative to confidentiality of SAR's, is it appropriate for internal<br />
auditors performing a BSA/AML audit to request to see 'all SARS that were filed',<br />
or should they review the banks suspicious activity monitoring process and ask<br />
whether a SAR has been filed on specific accounts?<br />
Answer: It is essential that auditors have access to all SARs filed. In criticizing<br />
AmSouth’s independent examination, FinCEN noted that the “…internal audit<br />
was inadequate and limited to a review of the ‘reasonableness and<br />
completeness’ check of the suspicious activity reports actually filed.” The point<br />
is, FinCEN is saying that merely reviewing the SARs is not enough; they do not<br />
even consider the possibility that any audit could take place without reviewing the<br />
SARs. The audit function must evaluate the SARs and the system that brings<br />
suspicious activity to the attention of bank personnel.<br />
Question: What SAR information or how much should be disclosed to board of<br />
directors. Should it be a general report or report each and every SAR?<br />
Answer: There is no formal regulatory advice on how much information should<br />
be reported to the board of directors. The manual illustrates two alternatives. In<br />
an institution where a great number of SARs are filed, a statistical summary or<br />
abstract should suffice for most cases. As we discussed in the Webinar, even<br />
when it is necessary to report information from an individual SAR to the Board of<br />
Directors, there should be a justification for disclosing identifying information<br />
regarding the individuals involved.<br />
The prohibition on SAR disclosure is generally aimed at assuring that the object<br />
of the SAR does not learn of its existence. Obviously, limiting the information to<br />
those who “need to know” is an internal control that helps assure that goal is met.<br />
Question: What does 'promptly' mean when addressing filing to the Board of<br />
Directors? Is the next scheduled meeting adequate even if they only meet<br />
quarterly?<br />
Answer: Reporting SAR filings to the board (or its appropriate committee) at its<br />
next regularly scheduled meeting (assuming they meet monthly) should suffice.<br />
Question: Would it be appropriate for a board member to be part of a committee<br />
to determine SAR filings?<br />
Answer: Any member of a SAR filing committee should be well trained and<br />
bring some form of relevant experience or expertise to the process. Being a<br />
board member alone does not necessarily incorporate either of those things. My<br />
opinion is that board membership is neither a positive nor a negative factor in<br />
deciding who is on the committee, consider experience and expertise only.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 3
Question: AmSouth seems to indicate a SAR is required on receipt of a grand<br />
jury subpoena. Please discuss.<br />
Answer: On page 3 of the consent decree FinCEN criticizes the bank for failing<br />
to make adequate use of outside information that could have served as a logical<br />
catalyst to internal investigations. One example that it cites is the fact that<br />
subpoenas were not shared with BSA personnel.<br />
However, I don’t think it suggests that receipt of a grand jury subpoena is a SAR<br />
filing trigger. Oftentimes, a subpoena requests the records of one person while<br />
the actual target of the investigation is another. In addition, even if the customer<br />
whose information is sought is the actual target of the investigation, there will not<br />
be any indication of what crimes are suspected. The proper effect of a bank’s<br />
receipt of a subpoena is to trigger a review of customer activity to see whether<br />
the bank should have suspicions of its own.<br />
Question: If a bank receives a subpoena, is it true that only the supporting<br />
documentation and not the actual SAR can be supplied?<br />
Answer: Yes, without calling them the “supporting documentation,” you can<br />
supply all documents requested, even if they were the basis for filing the SAR.<br />
The BSA FAQs I mentioned http://www.fincen.gov/reg_faqs.html discuss this in<br />
question 7. You are prohibited from disclosing the fact that the SAR was filed<br />
and, thus, any specifics about the actual SAR filing.<br />
Question: If a SAR has been filed and resulting subpoenas and investigations<br />
ensue, do we still need to file subsequent SARs every 90 days?<br />
Answer: Yes, if the suspicious activity continues, you should continue to file<br />
SARs. Again, referring to the BSA FAQs, http://www.fincen.gov/reg_faqs.html<br />
see question 8. The necessity of continued filing is not conditioned on whether<br />
law enforcement has or has not indicated an interest in the fact situation.<br />
Question: When filing 'repeat SAR' - what amount should be completed in Part<br />
III box #34. The amount for the current 90 days or the amount from the<br />
beginning of the suspicious activity? Also, when involving 'structuring,' do you<br />
report only the amount of the 'structured activity' or the amount of all activity for<br />
that account/customer for the entire review period?<br />
Answer: The “repeat” SAR should stand alone in its rendition of the facts; i.e. it<br />
should reflect cumulative amounts, not just those for the period since the last<br />
filing. However, it should clearly indicate there have been a number of prior<br />
filings on this fact situation.<br />
The only activity you report is that which you believe is suspicious, not<br />
necessarily all of the customer’s activity.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 4
Question: Given the fact that there is a risk the SAR can become public, why do<br />
you believe it is necessary for a financial institution to 'hook' the reader and state<br />
conclusions about the suspected criminal activity. We take the position that a<br />
terse statement of facts, along with checking the appropriate boxes in Item 35, is<br />
sufficient.<br />
Answer: Aside from the fact that I would not act on a presumption that a SAR<br />
might become public, I’m not certain that we are disagreeing dramatically. The<br />
bank is always going to have to indicate a specific reason for filing the SAR in<br />
response to question 35; it’s not something that can or should be avoided. My<br />
primary suggestion is that the opening paragraph reiterate that reason and<br />
support it with a condensed statement of facts that indicates to the reader that<br />
your fact situation supports your categorization.<br />
Question: Part iv of the SAR form is the narrative portion. There is not a lot of<br />
room to type. Can this page be made to expand to hold all the narrative<br />
information so you don't have to make several page 3 and continue your<br />
narrative? It would be very helpful for a expanding page three to hold all<br />
information.<br />
Answer: You might make this suggestion to FinCEN.<br />
Question: If the lead bank on a participation loan files a SAR should the<br />
participating bank be informed of the filing?<br />
Answer: There is plenty of room for disagreement here, but my opinion is,<br />
“Yes.” On one side of the scale is the prohibition against disclosure. On the<br />
other is the fact that the suspicious activity may have a material effect on the<br />
value of the credit. In addition the party to whom the information is to be<br />
disclosed, another bank, is subject to the same prohibition on SAR disclosures.<br />
Question: If a lead bank in a multi-bank loan syndication group files a SAR on<br />
behalf of the group, are the other banks in the group required to file a SAR?<br />
Answer: My opinion is, “No.” The activity has already been reported by the bank<br />
that has the most effective grasp of the facts involved and it is highly unlikely that<br />
the participating banks had enough information to have suspicions of their own.<br />
The participants might be provided with a copy of the SAR and file their own if<br />
they find they have facts not included there. Any participating bank verify its<br />
conclusion not to file with its regulatory agency, not because I doubt the logic of<br />
the approach, but because I would like some protection from the possibility that<br />
an on site examiner might have a personal opinion to the contrary.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 5
Question: After this seminar, we will be reviewing some of our previous<br />
suspicious activity that we had previously thought to be unreportable. We now<br />
believe that we should have reported these transactions as suspicious. What are<br />
the ramifications for reporting these past the 30 day threshold and are there any<br />
penalties?<br />
Answer: Your analysis should focus on a comparison of what happens if you do<br />
file them versus what happens if you do not. If, as you suspect, they should have<br />
been filed, leaving them for your regulatory agency to discover will likely result in<br />
being directed to file them at some future date and may include a possible<br />
enforcement action. The primary lesson to be learned from AmSouth is that it<br />
was systemic, not individual, failures that got punished. It sounds as if your<br />
problem, although attributable to a misunderstanding of what was reportable,<br />
might be categorized as systemic.<br />
If you file them now, without regulatory compulsion, you will lessen, if not<br />
eliminate, the regulatory impact. There are no “automatic” penalties for late filing.<br />
Without knowing the size of your institution or the number of SAR situations you<br />
are thinking about reviewing, it’s difficult to be specific. However, I believe you<br />
might look at all your possible SAR “cases” since your last on site examination.<br />
For those that you did not file where you determine the decision was appropriate,<br />
document the reason for not filing; i.e. write a brief memo saying why the SAR<br />
was not filed. For those where you determine that the SAR should have been<br />
filed, file it promptly. I suggest you include a short paragraph in the narrative<br />
indicating why the SAR is being filed late. Involve your audit staff in the analysis<br />
and remediation of the problem. When the SARs that are being filed in arrears<br />
are reported to the board they should be accompanied by an explanation of why<br />
they are being filed late.<br />
The protocol generally followed in regulatory examinations is that if the bank both<br />
found and fixed the problem, the regulatory agency should not attempt to criticize<br />
the bank further. However, you must fully identify and fully repair the problem as<br />
well as put in controls to assure it does not recur in order to claim that “grace.”<br />
Question: If a teller is the person discovering the suspicious activity, shouldn't<br />
they be trained to correctly fill out the SAR since he/she is the person who knows<br />
the 'story' about the suspicious activity?<br />
Answer: Many banks have forms that all employees are required to complete<br />
when they are aware of suspicious activity. Some even base those forms on the<br />
SAR. Those in-house forms may instigate and serve as the source document for<br />
investigations. However, I do not believe that SAR completion responsibilities<br />
should be extended to any significant number of employees or that any contact<br />
personnel would be up to the task. Nor would I suggest that the employee most<br />
intimately familiar with the fact situation is necessarily the one who should<br />
Copyright, 2004, Pegasus Educational Services, LLC. 6
complete the form. I think completing the form requires its own kind of expertise<br />
and the author can verify his or her understanding of the facts pretty readily.<br />
Question: How does a bank file a copy of a SAR with local law enforcement<br />
agencies? I thought it was required to keep SAR filings confidential?<br />
Answer: The regulations only “encourage” you to file SARs with state or local<br />
law enforcement. Purely as a matter of personal opinion, I do not think it is<br />
usually necessary or advisable. First, state and local law enforcement have<br />
access to the SAR data base through the Gateway program. Second,<br />
presumably they have their own internal controls over who can have access to<br />
that system and what use can be made of that information. When you give the<br />
information to the individual of your choosing, you subvert those internal controls.<br />
Third, any decision to provide the information state and local law enforcement<br />
should be conditioned on an evaluation of relevant state law.<br />
Question: It states that any bank subpoenaed shall decline to produce the<br />
suspicious activity report or to provide any information that would disclose that a<br />
SAR has been prepared or filed but you stated that local law enforcement can<br />
request information involving a SAR & we should release information to them?<br />
Please explain.<br />
Answer: As noted, purely as a matter of personal opinion, I do not suggest that<br />
you file SARs locally. However, see paragraph (e) on page 8 of your materials,<br />
particularly the last sentence:<br />
“A bank must make all supporting documentation available to appropriate law<br />
enforcement authorities upon request.”<br />
If local law enforcement has the SAR you have pretty much made the decision<br />
that they are an appropriate law enforcement agency. Are you going to give<br />
them the supporting documentation like you would an FBI or DEA agent even<br />
though they do not have a subpoena? I would not, but I would be dealing with a<br />
problem of my own making when I was explaining the refusal to do so.<br />
Question: We are a non-deposit mortgage lender, are we required to file a SAR<br />
when we find fraud committed by our borrower…<br />
Answer: “Banks” as defined in the BSA regulation are required to file SARs.<br />
Here’s a link to the relevant section: http://www.bankersonline.com/regs/103/103-<br />
11.html My reading is that your organization is not included in the definition.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 7
ANTI MONEY LAUNDERING PROGRAM<br />
Question: From a regulatory exam standpoint, how important is a<br />
product/business line risk assessment in establishing a financial institution's<br />
BSA/AML policy, how detailed does documentation of the risk assessment need<br />
to be, and have the regulators published any guides for internal auditors to<br />
facilitate the review of policy documentation?<br />
Answer: It is critical. It is the second document requested in the FDIC’s recently<br />
revised pre-examination questionnaire. In the Amsouth decree one of the<br />
internal control deficiencies cited was that “…AmSouth failed to conduct a risk<br />
assessment of its customer base to identify categories of high risk customers,<br />
products and geographic locations.”<br />
As a practical matter, it is impossible to design an effective AML program without<br />
first conducting a risk assessment.<br />
The regulators’ only attempt at providing guidance on what is acceptable<br />
documentation is that which they provide to their own personnel through<br />
examination procedures. Auditors should consider them the equivalent of<br />
generally accepted auditing standards and, when they are not sufficiently<br />
detailed, enhance them based on their own knowledge and experience.<br />
Question: Is there a sample written AML risk assessment anywhere we could<br />
view?<br />
Answer: I’m not aware of any. Those looking for a “go by” might consider that<br />
developing a written risk assessment is analogous to developing a written policy<br />
– the value is in developing it, not in having it. The information the bank has to<br />
pull together is about the bank, its clientele and its community – no outsider<br />
should know more about that than you. That real value of the exercise is to help<br />
you decide what the right AML program for your institution would look like and to<br />
help you defend that decision to an outsider who might disagree with you.<br />
Question: Do you have any tales from the trenches that involve risk<br />
assessments and their impact in developing BSA/AML policies?<br />
Answer: http://www.fincen.gov/amsouthassessmentcivilmoney.pdf<br />
Question: Does connection with any of these countries include if they have<br />
family members over there?<br />
Answer: Yes.<br />
Question: What is a NAICS code?<br />
Copyright, 2004, Pegasus Educational Services, LLC. 8
Answer: It’s a numeric code that identifies a specific industry. Its use allows<br />
banks to identify concentrations of credit or to develop lists of customers involved<br />
in particular types of businesses; e.g. check cashers. Page 26 in your materials<br />
contains a link to the NAICS web site and a detailed explanation of how the<br />
codes are established.<br />
Question: What is Vanilla version in Monitoring Section?<br />
Answer: During the Webinar I believe I referred to the Internal Controls<br />
paragraph on page 25 as the “vanilla” approach to an AML program; i.e. the<br />
lowest possible level of effort and sophistication. I referred to the possible<br />
ancillary internal controls at the bottom of the same page as “sprinkles.”<br />
Question: If we have a high risk business that we can not monitor, how do we<br />
legally tell them that we can no longer support their business?<br />
Answer: There is no prohibition on your simply telling them the truth. “Our<br />
bank’s federal regulatory agency requires us to monitor the activities of a<br />
[business]. We are unable to meet those requirements in a cost effective manner<br />
and, thus, regret that we must terminate this relationship.”<br />
Question: How do you determine if a customer is structuring to avoid CTR filing?<br />
Answer: When their cash activity appears to follow a pattern of avoidance. For<br />
example, multiple cash deposits made the same day but at different branches;<br />
consistent cash deposits of $9,900, but never a cash deposit exceeding $10,000<br />
etc. You should investigate to determine if there is an alternative explanation for<br />
unusual cash activity.<br />
Question: Is the $1,000 threshold with any one person on the same day Or is it<br />
the fact that they can engage in selling/exchanging money orders,etc. necessary<br />
to be defined as an MSB?<br />
Answer: The threshold is dollar based. From the MSB web site:<br />
1. Question: Who is required to register as a Money Services Business (MSB)?<br />
A business is an MSB and must register if it conducts more than $1,000 in business with<br />
one person in one or more transactions (in any category of activity listed below) on the<br />
same day in one or more of the following services:<br />
• Money Orders<br />
• Traveler’s Checks<br />
• Check Cashing<br />
• Currency Dealing or Exchange<br />
OR the business provides Money Transfer services in any amount.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 9
Question: When we have a mom & pop store that cashed a check over $1,000.<br />
We notify them they need to register as a MSB. We file SAR. Do we continue to<br />
file SAR anytime they cash over $1,000 until they get registered? Or do we need<br />
to close them out after the 2nd check that is cashed for $1,000?<br />
Answer: My interpretation is that you do not file a SAR for every single instance<br />
of check cashing for an MSB. You filed the first form because they were not<br />
registered. You continue to file a SAR every 90 days under the heading of<br />
continuing activity. The regulators will not give you any firm direction regarding<br />
SARs and account closure. See question # 5<br />
http://www.fincen.gov/reg_faqs.html<br />
In the case of an MSB, I suggest you consider the cost of continuing to monitor<br />
their activity and file SARs. In other cases, such as where you believe the<br />
customer is involved in illegal activity such as selling drugs, I suggest you<br />
evaluate whether you want to provide financial services to such people.<br />
Generally, if you plan to close an account on which you have filed SARs in the<br />
past I suggest you mention your plan in the last SAR you file, giving law<br />
enforcement 30 days notice of your plans. See the example on page 46 of your<br />
materials.<br />
Question: If you identify a customer as an MSB due to periodic activity of<br />
cashing checks in excess of $1,000, but the customer was unaware of the<br />
requirement, would you file a SAR if the activity immediately ceased?<br />
Answer: The regulatory guidance on this point only suggests a SAR is<br />
necessary if an MSB continues the relevant activity without registering.<br />
Question: If we see that a customer is structuring, but not involved in illegal<br />
activity, should we (and how should we) tell the customer to discontinue this<br />
pattern of activity. (A SAR was filed, but the account not closed. Of course, the<br />
customer would not be informed of the filing.)<br />
Answer: Here’s a lengthy thread from <strong>BOL</strong> where this subject was discussed<br />
recently:<br />
http://www.bankersonline.com/ubbthreads/showflat.php?Cat=0&Board=cip&Num<br />
ber=224230&Searchpage=1&Main=223481&Words=Ken+kaybee&topic=&Searc<br />
h=true#Post224230<br />
By referring you to this, you will get the benefit of several opinions. Personally, I<br />
think that counseling a customer not to structure is acceptable and have laid out<br />
the conditions under which it might reasonably be done.<br />
Two speakers from the FDIC at the ABA MLES seminar did not feel counseling<br />
was acceptable. Although they gave no reason for their opinions, they felt the<br />
Copyright, 2004, Pegasus Educational Services, LLC. 10
ank should only attempt to determine “what’s going on” not to talk to the<br />
customer about CTR filing.<br />
Question: Suppose the bank has a deposit and loan customer that they have<br />
heard is involved in drug sales. This customer also does construction work. He<br />
has wire activity. They have filed CTR's on this customer. He structured a<br />
transaction taking $9,999.00 in cash from a $20,000 check which was payment<br />
for construction work and deposited the remainder. The bank has to file a SAR<br />
because of the structuring. Based on the above information how much of that<br />
information should be put in the narrative?<br />
Answer: Although it is the obvious structuring that triggered the SAR, I would<br />
include the other information. The SAR should be as complete a rendition of the<br />
relevant facts as possible. Without it, reporting the structuring is required, but the<br />
report is a waste of time and effort.<br />
SHOULD WE FILE?<br />
In none of the questions that follow am I suggesting that the bank should<br />
or should not file a SAR. That decision is to be based on a significant<br />
amount of research and a full knowledge of the facts – in none of these<br />
cases do I have enough information to reach any conclusion which would<br />
be defensible by either myself or the questioner.<br />
Question: We have been receiving several fraudulent cashier checks from Ebay<br />
purchases. If the check is over $5,000 is this reportable on an SAR? We don't<br />
usually have the information of who the check was from without getting more<br />
information from the customer. They may question why we need that<br />
information. When we know we have a fraudulent cashier check in our hand,<br />
what can we do so that check does not get taken to another bank when we give it<br />
back to the customer. Can we write refused on it or mark it some other way? Is<br />
there a procedure for this?<br />
Answer: If the check was actually deposited to your institution and returned as<br />
“fraudulent” it would be check fraud. In that circumstance, I assume the<br />
customer would be cooperative in providing you with whatever information is at<br />
his disposal, but, as your question suggests, the dollar threshold would be<br />
$25,000 if you were unable to identify a suspect. If the fraudulent item was<br />
caught prior to deposit and returned to the customer, then I do not think a SAR is<br />
necessary or appropriate – there was no transaction through your bank.<br />
Your second question doesn’t actually relate to SAR filing, but it is intriguing and I<br />
have saved it until last in order to give it some thought. I do not think you can<br />
reasonably keep the check, but I’m not comfortable with marking it as<br />
“fraudulent” or “counterfeit” either – my opinion is that only the drawee bank<br />
Copyright, 2004, Pegasus Educational Services, LLC. 11
could do that with confidence. In an effort to enlist other opinions, I have posted<br />
the question in <strong>BOL</strong>’s Security Forum.<br />
Question: We have a customer who was caught in a scam out of Canada. He<br />
received a $29,000 from Canada, which was counterfeit - he deposited it. He<br />
then took part of the money and deposited it at a bank that the letter instructed<br />
him to. Is this reportable?<br />
Answer: Since the check was deposited in your institution, it was check fraud.<br />
Question: If a customer is a victim of a lottery scam, should the bank file a SAR.<br />
The bank did not incur a loss.<br />
Answer: Although the SAR asks for the amount of any loss the bank may have<br />
incurred, reporting is not conditioned on that fact alone. The issue is whether<br />
your bank was used to further the transaction.<br />
Question: Should we be completing a SAR for any customers that we believe<br />
have given us an invalid ss #?<br />
Answer: An invalid taxpayer identification number may be evidence that you<br />
would cite as part of an attempt to commit a crime such as loan fraud or identity<br />
theft, but offering a false taxpayer identification number is not a crime in itself.<br />
Question: Several months ago we had a counterfeit ring cash several counterfeit<br />
checks. Local law enforcement was notified and most of the suspects were<br />
apprehended. The question arose from our CEO about whether a SAR should<br />
have been filed. It is my understanding that a SAR only need be filled out if there<br />
is suspicion of criminal activity, not when criminal activity is known. Does a SAR<br />
need to be filled out or is this a situation where a SAR is unnecessary?<br />
Answer: Actually knowing that the customer is involved in illegal activity does<br />
not lessen the responsibility for filing a Suspicious Activity Report. In several of<br />
the SAR filing omissions cited in the AmSouth decree, the parties involved had<br />
not only already been convicted, not just accused, of committing crimes. The<br />
bank is required to report when it becomes suspicious, even if law enforcement<br />
became suspicious long before…<br />
Question: A former employee takes a customer's loan application to an<br />
institution where they are now employed. The application was never processed<br />
through our institution. It was processed through the new employer.<br />
Subsequently, an adverse notification was sent to the customer on the other<br />
bank's letterhead. The customer was confused and did not know what was going<br />
on. The customer refuses to provide evidence nor press any charges. Does the<br />
bank file a SAR on the employee? If so, under what scenario (explanation).<br />
We do not have any proof except the customer's word that this occurred.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 12
Answer: Clearly, the employee abused his position in the practical sense, but<br />
there does not appear to be any federal crime involved.<br />
Question: A non U.S. bank customer that is an import of consumer goods gets<br />
several cash advances on his non US visa card and deposits it into his acct with<br />
us. He does this because his US customers will only take US checks or currency.<br />
Should a SAR be filed? We don't think so. He does not get cash<br />
Answer: Clearly, his method of financing is unconventional. You should<br />
investigate further and make certain you understand how your customer’s<br />
business works – I do not.<br />
Question: In the credit card industry, we see cases of family fraud, where a<br />
family member uses the identity of another. Is this a SAR reportable activity?<br />
Answer: The legal relationship between the perpetrator and the victim; e.g.<br />
parent – child does not affect whether the crime is reportable.<br />
Question: Should a SAR be filed if the activity involves an indirect loan<br />
relationship where the dealer is inflating the salary of the applicant to get the loan<br />
approved?<br />
Answer: Lying about income, assets, liabilities etc. on a loan application would<br />
constitute loan fraud.<br />
Question: Is a SAR filing required for counterfeit checks received in conjunction<br />
with a Nigerian scam? Are there $ amount thresholds?<br />
Answer: If a monetary loss has not been incurred from an advance fee fraud<br />
scheme and there are no other indicators of illegal activity warranting the filing of<br />
a Suspicious Activity Report, a financial institution should not file a Suspicious<br />
Activity Report and no further action is necessary. See page 47 (document, not<br />
PDF page number) on SAR Activity Review # 7<br />
http://www.fincen.gov/sarreviewissue7.pdf<br />
Question: We had a part time teller who tried to pass a counterfeit 20 at a store.<br />
He was caught and the bank was questioned. He was prosecuted. Should we<br />
have reported it, or because it was actually caught can we pass on filing?<br />
Answer: Whether the employee was caught does not affect your filing<br />
responsibility. However, there is no indication that your bank was actually<br />
involved in the employee’s actions; i.e. there is no evidence that he abused his<br />
position in connection with passing the counterfeit currency.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 13
Question: A construction customer deposited 355,000.00 & has told the<br />
manager that the contract they were awarded will total 1 mil in cash, should we<br />
file an SAR?<br />
Answer: I am assuming that the $355,000 deposited to date was in currency. If<br />
that’s the case and you are looking at the prospect of another million dollars, I<br />
would focus on the last paragraph of the Treasury regulation on page 7 of your<br />
materials:<br />
(iii) The transaction …is not the sort of transaction in which the particular customer<br />
would normally be expected to engage, and the bank knows of no reasonable<br />
explanation for the transaction after examining the available facts, including the<br />
background and possible purpose of the transaction.<br />
It comes down to whether you think that either an individual or a business would<br />
actually pay for a project of this size in currency.<br />
Question: A contractor with several loans indicates that work is being done in<br />
the next few days, and the officer gives the draw. The work is not done, and the<br />
money is spent without paying for the materials or doing the work. Granted, it<br />
was poor judgment, but it appears that the officer was shocked that the work was<br />
not done, and not involved with the contractor.<br />
Answer: If you are asking if the officer should be included as a suspect on the<br />
SAR, your question seems to indicate that you have reached the conclusion that<br />
he is not suspected of involvement. If you do not suspect him of a criminal act,<br />
he should not be listed as a suspect.<br />
To say that many SAR filing decisions are subjective burdens the obvious, but it’s<br />
particularly true when employees are involved. In my opinion, you don’t file<br />
SARs every time a teller is short, nor do you do file a SAR every time a loan is<br />
charged off. An employee might be fired in either of those circumstances<br />
because he failed to follow procedures, but that does not mean his intentions<br />
were criminal. If you do believe the employee’s actions were criminal, you do list<br />
him as a suspect and then consider whether retaining him as an employee is<br />
advisable.<br />
Question: Under what conditions should a SAR be filed in regards to Kiting? Do<br />
you have to show malicious intent?<br />
Answer: Kiting is a federal crime that falls under the heading of “bank fraud.”<br />
Unlike the previous example, incompetence is not an alternative explanation –<br />
kiting is something that people do on purpose and it’s always a crime. See the<br />
discussion on page 47 (document, not PDF page number) of SAR Review # 7<br />
http://www.fincen.gov/sarreviewissue7.pdf<br />
Copyright, 2004, Pegasus Educational Services, LLC. 14
Question: What about filing under the circumstances where an unsecured<br />
guarantor is transferring personal assets while the related corporate loan is in a<br />
workout or in default?<br />
Answer: If you conclude that the actions are intended to defraud your institution<br />
of resources from which the indebtedness could be paid you would file. I would<br />
assume that you would take civil action to stop the guarantor’s actions well<br />
before you considered filing a SAR.<br />
Question: Do you think we should file a SAR if we are aware that an outside<br />
source has taken graphics and logos, etc. from our website. In addition, we are<br />
aware that another Bank in our localiity has also had the same penetration into<br />
their website. No computer intrusion and no customer information impacted at<br />
this time.<br />
Answer: From the instructions to the SAR:<br />
For purposes of this report, “computer intrusion” is defined as gaining access to a<br />
computer system of a financial institution to:<br />
a. Remove, steal, procure, or otherwise affect funds of the institution or the<br />
institution’s customers;<br />
b. Remove, steal, procure or otherwise affect critical information of the institution<br />
including customer account information; or<br />
c. Damage, disable or otherwise affect critical systems of the institution.<br />
For purposes of this reporting requirement, computer intrusion does not mean<br />
attempted intrusions of websites (emphasis added) or other non-critical<br />
information systems of the institution that provide no access to institution or<br />
customer financial or other critical information.<br />
Question: Will you have a SAR presentation covering Credit Cards and many of<br />
the unique situations encountered by the industry?<br />
Answer: There are no current plans, but <strong>BOL</strong> is very responsive to member<br />
requests – if they think there is enough demand to support a Webinar on a<br />
particular topic they will do it. Any time you have a request for a program, let<br />
Mary Beth know what you are looking for.<br />
MISCELLANEOUS<br />
Question: How many CTR's are getting file monthly, particularly in my state of<br />
Iowa?<br />
Answer: That information is contained in the “By the Numbers” publication linked<br />
in page 2 of your materials.<br />
Copyright, 2004, Pegasus Educational Services, LLC. 15
Question: Do all vendor payments need to be reviewed against the OFAC list?<br />
Answer: There is no legal requirement that you verify anything against the<br />
OFAC list. What you check against the OFAC list is a function of your bank’s<br />
unique tolerance for risk; i.e. your analysis of the possibility that one of your<br />
vendors may be on that list relative to the amount of time it would take you to<br />
check the list.<br />
Question: Can the bank open an account for an individual who has a passport<br />
from a country on the OFAC list? e.g., a customer with a passport from Cuba?<br />
Answer: The OFAC sanctions are not uniform from one country to another; i.e.<br />
you cannot generalize about the effects on the citizens of a particular country.<br />
The information on the sanctions against a particular country are found on the<br />
OFAC web site, but <strong>BOL</strong> contains a much more user friendly synopsis:<br />
http://www.bankersonline.com/ofac/ofacchart.html<br />
Copyright, 2004, Pegasus Educational Services, LLC. 16