6 min read

The Fault In Our SARs: The importance of realignment towards actionable intelligence

The principle of a Suspicious Activity Report (SAR) is very simple – the transmission of information, typically from regulated firms, which alerts law enforcement that a certain client or activity is in some way suspicious and may indicate money laundering or terrorist financing. The significant media attention following the FinCen Files leak has focused much attention globally on SARs, along with calls from some experts on the need for reform around money laundering efforts. Aside from reform, there are immediate actions those involved in investigating money laundering and submitting SARs can take, namely improvement in the quality of intelligence provided in SARs.

In the UK, consideration around reform of elements of the SAR regime was underway as far back as 2017, when the Law Commission agreed with the Home Office to review, as well as make recommendations, for reform of particular aspects of the anti-money laundering regime. One of the findings in the review was the poor quality of the SAR disclosures, of which one of the reasons for this was stated as “…confusion as to the concept of suspicion. Some reporters struggle with applying the nebulous concept of suspicion…overall quality of the SAR is diminished when reporters do not understand the concept of suspicion. Many SARs fail to provide relevant information that will assist law enforcement agencies in a presentable, easy-to-read format to enable swift action”.

What may constitute ‘suspicion’?

The UK’s Joint Money Laundering Steering Group (JMLSG), a body made up of a collective of UK trade associations in the financial services industry, produces guidance on the interpretation of UK Money Laundering Regulations and the Proceeds of Crime Act 2002 (POCA 2002), which underpin the UK’s efforts in tackling money laundering.

‘Suspicion’ is described in JMLSG guidance as “…more subjective and falls short of proof based on firm evidence. Suspicion has been defined by the courts as being beyond mere speculation and based on some foundation…”. The guidance also goes on to give an example:

“A degree of satisfaction and not necessarily amounting to belief but at least extending beyond speculation as to whether an event has occurred or not”; and

“Although the creation of suspicion requires a lesser factual basis than the creation of a belief, it must nonetheless be built upon some foundation.”

UK National Crime Agency’s SARs Annual Report

The UK National Crime Agency’s (NCA) latest Suspicious Activity Reports Annual Report saw a 20% increase in SARs during 2019-2020 to 573,085, as well as an 81% increase to 62,408 in Defence Against Money Laundering (DAML) requests during the same period.

DAMLs, previously preferred to as ‘consents’, are requests made to the NCA when the person submitting a SAR has suspicion that property they intend to deal with (e.g. carrying out a transaction for a customer) is in some way criminal, and that by going ahead with the transaction they may be committing a principal money laundering offence themselves under POCA 2002. Therefore the requester would need to receive ‘appropriate consent’ from the NCA via the DAML submission before they transact, for example. While such a request is under consideration from the NCA, the funds should effectively be frozen and firms need to be cognisant of the risks of ‘tipping off’ the customer, which itself is an offence under POCA 2002.

Whilst SAR regimes in many countries may not have a similar process to the UK DAML process, in the UK this can create challenges for both financial institutions and law enforcement in terms of managing risks and taking appropriate actions respectively.

The SARs Annual Report also noted the growth of the challenger bank sector as well as the increase in volume of DAMLs this sector had submitted, which were often for very low amounts and less likely to result in action being taken by law enforcement.

Media reports earlier in the year emerged that a popular UK challenger bank had been “freezing accounts for no apparent reason”. Although the possibility of mis-application of the DAML money laundering controls was not categorically quoted in the media, compliance professionals may have speculated it to have been the cause.

Submitting poor quality SARs isn’t a new issue. As far back as September 2014, the NCA issued a guidance notice informing regulated firms that they had decided to put in place a new process where they would reject consent requests (DAMLs) which were missing reasons for suspicion or a statement regarding criminal property.

Challenges in submitting quality SARs is not restricted to newer financial institutions nor is it limited to the finance sector; other sectors such as solicitors have also focussed on improving the quality of SARs. The SARs Annual Report outlines initiatives between the NCA and law societies, as well as the accountancy sector, to improve SAR quality and raise awareness of risks.

First-hand insights

Having been involved in both small and large-scale money laundering investigations at retail and investment banks, as well as having trained many money laundering investigators over the years, I have seen first-hand the origins of poor quality SARs.

In one case, the money laundering investigator was adamant on the need to file a SAR due to a significant transfer of funds from a third party individual to the bank customer’s personal account. The amount was said to be out of profile for the customer and was followed by a transfer out to another third party, this time a business.

Having looked at the activity in question, the significant transfer into the account appeared to give little in the way of an explanation as to its purpose. A small piece of text included in the payment reference, made up of numbers and letters, appeared to be a code at first glance and was dismissed by the investigator as nothing of value. I noticed that this code also happened to look like a license plate number once a space was inserted at a certain point in the text. When this code was run through a free license plate search feature, available on a popular UK car sales website, it returned results for a high performance vehicle, therefore was in fact a license plate and not an unusable code.

Checks of the customer’s profile, including their account application form, found they owned a well established car dealership – the same business the funds were transferred to following the transfer in from the third party. An open source search of the customer’s work telephone number found it linked to a car dealership and a search of vehicles listed on the site showed that the one matching the license plate had recently been sold.

Further inquiries revealed the third party was a customer buying the vehicle but wasn’t able to transfer directly to the business account for the dealership due to a processing issue on part of the dealership, hence transferred to the owner’s personal account for immediate onward transmission to the business account. No issues were found with the third party making the transfer for the vehicle purchase, nor any issues were found with the customer or their business.

Although it wouldn’t be appropriate to detail specific scenarios, there have been many occasions where I have instructed money laundering investigators, who initially dismissed activity which should have been of concern, to revisit their initial conclusion in the face of the surrounding circumstances and activity seen.

Without due care, skill and attention, instances similar to the above could potentially end up increasing SAR volumes, unnecessarily, with poor quality or invalid SARs.

Practical tips

The NCA has issued guidance on submitting better quality SARs which includes information on the basic structuring of SARs, good practise tips, as well as examples of what to include as part of narratives in write ups. They also publish a regular ‘SARs in Action’ magazine on their website, which is focused on financial intelligence to help detect and prevent crime and includes a wealth of valuable information.

The following are also some points for consideration I typically suggest to anti-money laundering professionals:

  • Understand the ‘why’ of money laundering risk management, not just the ‘how’ – if you know why you are doing what you are doing, your overall approach to anti-money laundering will be much more complete and you may become aware of risks previously not noticed.
  • ‘Rationale is king’ – back up your points and your line of thinking. This is particularly important as you may be criminally liable for failing to disclose information where there were reasonable grounds for knowing or suspecting that somebody was engaged in money laundering/terrorist financing.
  • Make use of Open-Source Intelligence (OSINT) training, techniques and tools – there is a wealth of information in the public domain which can be exploited with the open-source intelligence training and techniques, which can greatly enhance money laundering investigations and the quality of SARs submitted.
  • Stay up to date on financial crime – financial crime is dynamic, from new typologies to emerging threats. The landscape is ever-evolving, therefore actively seek to keep up to date on developments and money laundering cases. Subscriptions to free newsletters and setting up email alerts can help with this.
  • Read the JMLSG Guidance – from clarification on what suspicion is to guidance on sectoral risks, there is a wealth of information that can greatly assist in money laundering knowledge. Although this is UK-centric, the sectoral guidance in Part II may also be of interest to a wider-audience in understanding risks and controls in different sectors.

The future

In an era driven by data and technology, greater sharing of information may enhance efforts to provide quality intelligence to law enforcement and equally tackle money laundering. The UK’s Joint Money Laundering Intelligence Taskforce (JMLIT), a partnership between the financial sector and law enforcement aims to exchange and analyse information relating to money laundering and wider economic threats. The introduction of the UK’s Criminal Finances Act 2017 (CFA 2017) also inserted certain sections into POCA 2002, which allowed for the filing of joint-SARs by institutions, if certain conditions were met under the circumstances. In the U.S., FinCEN recently issued a new ‘314(b) Fact Sheet’ encouraging the sharing of information to better identify and report activities that may involve money laundering or terrorist financing.

Both initiatives, under the CFA 2017 and updates by FinCEN related to section 314(b), are voluntary. This could be met with some level of initial hesitancy by financial institutions, in terms of privacy, given the underlying information may relate to customers. The introduction of Privacy Enhancing Technology (PET) could accelerate data sharing initiatives by removing data privacy concerns and allowing for a more joined-up approaching to tackling money laundering.

Combining data sharing with higher quality SAR submissions may allow for the concentration of efforts to tackle some of the most damaging money laundering-related crimes. Intelligence is good, but actionable intelligence is better.