Verification knowledge hub
Suspicious activity report (SAR) is an integral and at the same time puzzling aspect of compliance in any company. Businesses often get into turmoil as to what triggers such a report, are there any specific tools to create it and can it be reported under the whistle-blower concept or do the informants need solid proof of the suspicious activity?
Besides, being ignorant of SAR essentials comes at a high price. As an example, Capital One bank was fined $100 Million over the absence of suspicious activity reports on controversial transactions and inadequate risk management.
Here, we want to highlight the up-to-date key elements and best practices of the SAR.
A SAR is a report that has to be submitted for a review in case a business is suspecting criminal activity. As a rule, a SAR is never requested by a financial authority — the company itself is obliged to report suspicious user behaviour or transaction as soon as it is revealed to them.
Usually, a suspicious activity report will incorporate detailed information on the company and the incident to advance the investigation.
The AML laws describing how to file the report and its contents vary across countries, depending on the nature of the suspicious activity and the particularities of the financial institution itself, but the core stays the same.
SAR is a must for any financial institution that can be targeted by criminals. Anything from banks and money processors to casinos and gems dealers. The institution or its employees will have to file a SAR if they suspect and have certain proof of the illegal activity.
Note: the organization or individual involved in filing the report can remain anonymous if they wish so.
If a business finds itself immersed in a worrisome position over suspicious activity they have to be proactive and submit valid information to the authorities before receiving punishment for failing to do so.
Global outlook on SARs can vary in the circumstances and transaction values that trigger the necessity of a SAR and the size of a fine for not aligning with these demands.
Financial Crimes Enforcement Network (FinCEN) acts on the Bank Secrecy Act (BSA) to ensure that financial institutions will raise awareness of the suspected violations.
In the US, SARs must be filled if a suspicious transaction involves over $5,000. A SAR must be filed within 30 days after the suspicion came to exist. If the case requires more time to gather supporting evidence, the deadline can be moved by 60 days. BSA encourages nominated officers to submit reports online.
The US also requires SAR to be kept for five years. Penalties for non-compliance range from fines, loss of banking charter and restrictions to prison sentences.
In the UK, the National Crime Agency (NCA) supervises the submission of the SARs in case of unusual or exceptionally large transactions. The NCA accepts reports in physical format and through the SAR online system filed by an assigned officer.
In Switzerland, financial institutions report the suspicion to the Swiss Financial Intelligence Unit otherwise known as the Money Laundering Reporting Office of Switzerland (MROS). Failure to comply results in severe monetary penalties (up to CHF500,000 or CHF150,000 in case of negligence) and opening of criminal proceedings.
A general reporting form should be printed and emailed to MROS.
In Germany, STRs are regulated under the GwG. BaFin sets the thresholds, saying that there must be sufficient, clear indications for a SAR to be triggered. The SARs should be sent to the Federal Criminal Police Office — BKA and kept for five years.
In the Czech Republic, obliged entities are required to report suspicious transactions to the Financial Analytical Unit (FAU).
Latvian regulations require to file an Unusual or Suspicious Transaction Report (UTR or STR). The reports must be submitted to the Financial Intelligence Service.
In Cyprus, suspicious activity and suspicious transactions are reported to MOKAS. Failing these legal obligations is punishable by imprisonment for up to 2 years and/or by a financial penalty up to €5,000. The report can be filed through a ‘goAML system’.
In Singapore, businesses report to Suspicious Transaction Reporting Office (STRO). You can file a Cash Transaction Report (“CTR”) (Form NP 784) electronically or via paper form. For individuals, the maximum penalty for failing to file a Suspicious Transaction Report is S$250,000 and/or up-to three years’ jail. For corporations, the maximum fine reaches S$500,000.
In Hong Kong, businesses must approach the Joint Financial Intelligence Unit (JFIU) of the Hong Kong Police. Failure to report suspicious transactions is a criminal offense with a maximum penalty of three months imprisonment and a $50,000 fine.
Australian suspicious matter reports (SMRs) are submitted to AUSTRAC online. Failing to submit an SMR in time leads to 20,000 penalty units in the Federal Court of Australia or 100,000 penalty units for body corporations. The amount of the penalty units differs depending on the date of the crime from $210 on or after 1 July 2017 to $110 before 27 December 2012.
Anyhow, the rules around SAR that we have described here might undergo further changes. The best way to comply would be to turn to the relevant regulator for valid instructions as soon as the business’s trained personnel expressed their suspicions.
Any employee of a financial institution, who spotted suspicious criminal patterns, is eligible to file a SAR. Usually, a supervisor or a business owner decides, whether a report is necessary for the specific situation. You can submit a report manually or through an automated reporting system.
To file a SAR manually, a business has to check out the website of the regulator they are reporting to. Many of them have standard SAR forms to fill out online. Businesses will have to put the findings and the requested data on the paper report or into an e-form.
Suits for: above average size firms with a relatively small and mainly local client base.
Submitting a SAR can be made effortless by reporting through an automated tool. Sumsub compliance dashboard can tune reports to the relevant regulatory demands and deliver them for the authoritative review automatically.
Suits for: medium to bigger companies with a large number of clients and transactions, international corporations.
SARs is an important instrument to supervise the domestic and international financial market. Thus, a business has to prioritize their SAR’s quality, scrupulousness, and promptness that affect the ability and the efficiency of further investigation of the criminal case.