Case Management and SAR (Suspicious Activity Report) filing go hand-in-hand, with an effective case management program significantly bolstering the quality of SAR filing and recordkeeping capabilities. So, what should you look for in a case management and SAR filing programs?

The panelists that led in our “Case Management & SAR Filing” webinar provided a wealth of information regarding the importance of case management, SAR filing, and the best practices for both. Here’s what we learned:

Planning the Process

Case Management can help augment your SAR filing capabilities. A good case management solution should include the following:

  • Automated Transaction Monitoring
  • Transaction Monitoring Alerts
  • Management Framework for SAR Cases
  • Transaction Testing
  • Filing and Recordkeeping

Automated Transaction Monitoring allows your business to scale in number of transactions without having to ramp up hiring of investigation analysts.

An automated transaction monitoring system that automatically generates Transaction Monitoring Alerts is critical in identifying and aggregating the relevant transaction data into a case.

A Management Framework for SAR Cases will aid in keeping track of all the SARs filed by your analysts, and should be updated as the SAR statuses change, which is important for recordkeeping.

Transaction Testing allows an investigator to initiate further research into the suspicious activity if necessary, for example, running identity verification tests, to provide enough information to elevate the case and file a SAR if necessary.

Finally, the transaction data should be stored for five years.

In addition, a good case management system should automate and facilitate the SAR process as much as possible.

Why File a SAR?

If you are a financial services company and you conduct business involving United States citizens, you are required to electronically file SARs by FinCEN.

SARs must be created if you receive a transaction over a certain dollar threshold where there is suspicion or reason to suspect any of the following:

  • The funds used in the transaction are involved with or derived from illegal activity
  • The transaction is being used to hide or disguise funds derived from illegal activity
  • The transaction was designed to evade Bank Secrecy Act requirements
  • The transaction does not serve a business or apparent lawful purpose

Having the pieces, policies, and procedures in place to detect suspicious activity takes a sustained and focused effort, from an entire organization as well as executive buy-in.

There are benefits to having a robust SAR filing system, outside of the obvious role of catching illegal activities; it helps prove to regulators, partners and other parties that your organization takes preventing and reporting suspicious activity seriously.

Financial services companies, such as Money Service Businesses (MSBs), have a very difficult time finding banks who will bank them, this is especially true for MSBs that deal with virtual currencies.

In the United States, less than ten banks are actively and knowingly banking virtual currency MSBs. If a bank does accept a MSB, they are required by the (FFIEC) to apply enhanced due diligence (EDD), including a review of the MSBs Bank Secrecy Act (BSA)/ Anti-Money Laundering (AML) program.

The number of SARs filed by a MSB is a key indicator of how serious they take their BSA/AML program. Too few and they may not have a grasp of the money-laundering risk at their institution. Too many, and regulators may view it as defensive filing which indicates filing reports whether or not an action is suspicious.
FinCEN has also been known to target MSBs, with 37% of non-registration cases within the last five years coming from MSBs, and 60% of MSB cases involving SAR related violations.

There are three primary violations FinCEN looks for:

  • Program violation: Failure to develop, implement, and maintain an effective AML program
  • Reporting violation: Failure to file a SAR on a case-by-case basis
  • Recordkeeping violation: Not commonly enforced, data must be retained for at least five years

Developing Your SAR Decisioning Process: Things to Consider

  • What are your detection capabilities and what are your criteria to trigger an investigation?
  • Within your staff, who will investigate what? Define responsibilities:
    • Who is in charge of investigation?
    • Who is documenting the decision process?
    • Who will inform senior staff?
    • Who will maintain a log of file/no file decisions?
  • What is my decision making process in regards to SAR filing?
    • Where can we automate this process? Where can’t we?
    • Are we able to reasonably justify our actions?
  • What are the key elements in the SAR narrative?
    • How do we validate the information in the SAR?
    • Are we gathering the right data?
      • IP addresses, bitcoin addresses, email addresses, activity keywords
      • Are you gathering as much as you can?
    • How do we make our data easily available to law enforcement if requested?
  • How well is our process working?
    • Are we keeping the right documentation?
    • Are we filing SARs in a timely manner?
    • Are there any bottlenecks?
    • Are we maintaining our records?
    • Have we recently reviewed our process outside of an annual audit?
    • When did an independent party last review our process?

Your SARs should provide sufficient context for law enforcement or regulators to understand your decision. The data within a SAR should also be easily to sort through, and SARs need to filed in a timely manner, within 30 days of detection if the individual is known.

How IdentityMind Can Help

IdentityMind offers a fully featured Case Management system, that can automatically prepopulate SARs with all the relevant information in one click.

IdentityMind also provides automated Transaction Monitoring, Transaction Monitoring Alerts, and Know Your Customer (KYC) ability to verify the individuals involved.

Contact us at [email protected] to learn more.