THE LINE IN THE SAND: FRAUD AWARENESS, PREVENTION, & DETECTION THE FOUR COMPONENTS OF A SUSPICIOUS ACTIVITY PROGRAM

Transcription

1 THE LINE IN THE SAND: FRAUD AWARENESS, PREVENTION, & DETECTION THE FOUR COMPONENTS OF A SUSPICIOUS ACTIVITY PROGRAM In the latest update by the Federal Financial Institutions Examination Council of the Bank Secrecy Act/Anti-Money Laundering Examination Manual, an effective monitoring program of suspicious activity was said to need four essential components. Having these four key components is vital to any complete fraud deterrence program. Learn these components and discover the steps needed to build an effective suspicious-activity monitoring program. MALEKA ALI, CAMS Manager of Education and Consulting Banker s Toolbox, Inc. North Hollywood, CA Maleka Ali has over 25 years of experience servicing the financial community. She joined Banker s Toolbox in 2005 where she is currently the Manager of Consulting and Education. Prior to joining Banker s Toolbox, Maleka worked at several financial institutions in Southern California. Experience includes Operations/BSA management, fraud/risk control, product development, marketing, and training along with participation in the creation of two new denovo financial institutions. She also served on task forces for several mergers, acquisitions, and system conversions. She is CAMS certified and has developed and implemented BSA programs along with comprehensive risk assessments at several financial institutions. At Banker s Toolbox, she has trained over 500 financial institutions on BSA/OFAC compliance and how to effectively manage BSA/fraud risk and utilize automated monitoring systems. Maleka was a faculty member on BSA/AML fraud at America s Community Bankers Council, National School of Banking in Connecticut and has served as a guest speaker and workshop instructor at their National Compliance Conferences. She has also been a guest speaker at several national conferences, as well as at many financial and corporate compliance organizations, addressing the subjects of BSA/AML/OFAC compliance, risk assessment management, fraud, and identity theft. Association of Certified Fraud Examiners, Certified Fraud Examiner, CFE, ACFE, and the ACFE Logo are trademarks owned by the Association of Certified Fraud Examiners, Inc. 2011

2 Introduction You ve been given the task by Senior Management at your institution to build a robust Bank Secrecy Act/Anti-Money Laundering (BSA/AML) monitoring program. Or as an auditor or consultant you have the responsibility to review a financial institution to ensure that their BSA/AML monitoring program is sufficient for their risk level. Where do you begin? The Federal Financial Institutions Examination Council s (FFIEC) BSA/AML Examination Manual states that an effective suspicious activity monitoring program needs four essential components: 1.) identification of unusual activity, 2.) managing alerts, 3.) the SAR decision-making process, and 4.) the completion and filing of suspicious activity reports. A suspicious activity report is known as a SAR. The identification of suspicious activity is critical to our government s ability to utilize financial information to combat terrorism, terrorist financing, money laundering, and other financial crimes. Examiners, auditors, and financial institutions should recognize that the quality and content of suspicious activity reporting is critical to the adequacy and effectiveness of the suspicious activity reporting system. History FinCEN In 1990, the U.S. Department of the Treasury established a branch responsible for suspicious activity reporting and guidelines called the Financial Crimes Enforcement Network, also known as FinCEN. FinCEN has the mission of enhancing U.S. national security, deterring and detecting criminal activity, and safeguarding financial systems from abuse by promoting transparency in the U.S. and international

3 financial systems. FinCEN s operation was expanded in 1994 to include regulatory responsibilities for administering the Bank Secrecy Act. Bank Secrecy Act The Bank Secrecy Act (BSA), enacted in 1970, requires financial institutions in the U.S. to assist government agencies in the detection and prevention of money laundering. Financial institutions are subject to BSA reporting and recordkeeping requirements. These financial institutions include depository institutions (e.g., banks, credit unions, and thrifts); brokers or dealers in securities; insurance companies that issue or underwrite certain products; money services businesses (e.g., money transmitters; issuers, redeemers and sellers of money orders and traveler s checks; check cashers and currency exchangers); casinos and card clubs; and dealers in precious metals, stones, or jewels. The USA PATRIOT Act of 2001, which was passed soon after the 9/11 attacks in America expanded the scope of the Bank Secrecy Act to include terrorist financing as well as money laundering and other financial crimes. The FFIEC BSA/AML Examination Manual The FFIEC BSA/AML examination manual was created to provide guidance to examiners to ensure that financial institutions are in compliance with the BSA and to help the examiners evaluate whether an institution has an effective program for identifying and reporting suspicious activity. Federal agencies recognize that it is not possible for a financial institution to identify and report all potentially suspicious transactions; however, the institution needs to prove that the level of their program is sufficient for the level of risk at the institution. Examiners will focus

4 on evaluating an institution s policies, procedures, and processes that have been created to identify, evaluate, and report suspicious activity. As part of the exam process, examiners will also review individual filing decisions related to suspicious activity reports to determine if the suspicious activity program is effective. Per the examination manual, financial institutions, bank holding companies, and their subsidiaries are required by federal regulations to file a SAR if they detect: Criminal violations involving insider abuse for any amount Criminal violations aggregating $5,000 or more when the suspect can be identified Criminal violations aggregating $25,000 or more even if they can t identify the potential suspect Transactions conducted or attempted by, at, or through the bank (or an affiliate) and aggregating $5,000 or more, if the bank or affiliate knows, suspects, or has reason to suspect that the transaction: Involves potential money laundering or other illegal activity (e.g., terrorist financing or human smuggling) Is designed to evade the BSA or its implementing regulations or recordkeeping requirements (i.e., structuring) Has no business or apparent lawful purpose or is not the type of transaction that the particular customer would normally be expected to engage in, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction

5 A transaction may include a deposit; a withdrawal; a transfer between accounts; an exchange of currency; an extension of credit; a purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security; or any other payment, transfer, or delivery by, through, or to a bank. The Four Components of a Suspicious Activity Program In order to be effective, policies, procedures, and processes need to be in place to monitor and identify unusual activity but the complexity of the program needs to be dictated by the bank s risk profile. They will need to consider their higher-risk products, services, customers, entities, and geographies and will need to allocate adequate staff to these tasks, taking into consideration their overall risk profile and the volume of transactions. In the FFIEC manual, Appendix S, titled Key Suspicious Activity Monitoring Components, advises that an effective suspicious activity monitoring and reporting system should include four components. The components, listed below, should all be integrated in combination with each other and an effective process should include a successful implementation of all the components. The absence of any of these components might adversely affect suspicious reporting and BSA compliance. The four components are: 1. Identification or alert of unusual activity 2. Managing alerts 3. SAR decision making 4. SAR completion and filing The structure and number of employees allocated to each component may differ but all four components need to be present regardless of the size of the institution. The policies and procedures of each institution should detail how they handle each component and identify the employees or

6 departments responsible for each task. Smaller institutions may even have only one or two individuals who are responsible for all four components. Identification or Alert of Unusual Activity There are many methods to identify potentially suspicious activity, and often institutions will use a combination, including but not limited to: Activity identified by employees during day-to-day operations Law enforcement inquiries or requests Transaction monitoring systems Surveillance monitoring system output Activity Identified by Employees Employees are the frontline of defense and might detect unusual or potentially suspicious transaction activity as they go about their normal daily duties. Each institution should have appropriate training, policies, and procedures to ensure that all personnel know how to identify suspicious activity and have an internal process for how that should be escalated or reported to the appropriate party or department. (Usually this will be escalated to the BSA department.) The institution should also establish a method of reporting suspicious activity to the appropriate department to initiate an investigation. Communications methods may include phone, , fax, interoffice mail, company intranet, or other computer software solution. Of those methods, the phone is probably the least effective since there is no documentation or evidence of the report. By providing a formal worksheet or method of reporting, you not only create documentation but there is also more control over information reported

7 Sample of a Suspicious Activity Worksheet Plus, if there is no documentation or evidence that other branches or departments at the institution are reporting suspicious activity, then an auditor or examiner might conclude that there is a gap or insufficient training at the institution and that the other departments do not know how to identify what is suspicious or unusual activity. Law Enforcement Inquiries and Requests Institutions need to also have policies, procedures, and processes for when they receive a law enforcement request for information. When received they need to be able to identify the subject of the request, monitor the activity of those subjects if appropriate and identify any unusual or potentially suspicious activity related to those subjects. If suspicious activity is identified they should file a SAR, if appropriate. Law enforcement inquiries and requests can include grand jury

8 subpoenas, National Security Letters (NSL), and USA PATRIOT Act Section 314(a) requests. Just because a law enforcement inquiry is received does not mean that the institution should file a SAR. However, the receipt of the inquiry should trigger a review of the accounts of the subject to see if there is any evidence of suspicious activity. The institution should then assess all the facts and information before making the decision to file a SAR. NATIONAL SECURITY LETTERS NSLs are demands that may be issued by the FBI and other federal government authorities in counterintelligence and counterterrorism investigations to obtain information on suspects. They are highly confidential documents and examiners and auditors should not ask to review specific NSLs. No institution, officer, employee, or agent of the institution can even disclose to any person that a government authority or has sought access to records through a Right to Financial Privacy Act NSL [12 USC 3414(a) (3) and (5) (D)]. If an institution receives an NSL management must take appropriate measures to maintain the confidentiality of NSLs and this must be noted in their policies and procedures. Questions regarding NSLs should be directed to the FBI local field office. Contact information for the FBI field offices can be found at Please Note: Due to the confidentiality of grand jury proceedings and NSLs, if an institution files a SAR after receiving a grand jury subpoena or an NSL, do not include any reference to the receipt or even the existence of the grand jury subpoena or the NSL in the SAR. Instead only reference the activities and details that support a finding of suspicious activity

9 SECTION 314(A) REQUESTS A federal, state, local, or foreign law enforcement agency that is investigating terrorist activity or money laundering may send a request through FinCEN to obtain information from financial institutions. Upon receiving these requests, FinCEN will compile a list of individuals and entities to send to financial institutions for them to complete a onetime search of their records to determine whether they maintain or had maintained accounts in the last 12 months, or had engaged in transactions with any individuals or entities on the current list in the last six months. Similar to NSLs, the identification of a suspect should not trigger a SAR, but should alert the institution to take a closer look at the account for suspicious activity. If any is identified, then a SAR should be filed. Institution cannot disclose information regarding the entities on the 314(a) list to any person other than FinCEN, the regulator, or the law enforcement agency who made the request. Management can share the list with a third-party vendor for the sole purpose of scanning their records, as long as the institution has an agreement to ensure that the third party safeguards the confidentiality of the information. Transaction Monitoring (Manual Transaction Monitoring) A transaction monitoring system or process looks at specific types of transactions and involves a manual review of various reports. These reports will generally be available from the institution s core data processor or can be created by using various logs or spreadsheets maintained by the institution. Examples of reports that

10 will be reviewed include large currency activity, funds transfer, monetary instrument sales, significant balance changes, and reports of nonsufficient funds. The process involves a manual daily or monthly review of reports. The institution s level of BSA/AML risk should be taken into consideration when creating the type and schedule of reviews. Management should also consider its higher risk products, services, customers, entities and geographic locations. These reports will typically use a discretionary dollar threshold. The thresholds used should enable the reviewer to detect unusual activity. If unusual activity is identified, assigned personnel should review all relevant information to determine if the activity is suspicious. Management at the financial institution should periodically evaluate the effectiveness of their filtering criteria to determine if their thresholds are still appropriate for identifying suspicious activity. There should also be a periodic independent review of the filtering criteria to decide if the processes are appropriate for the institution. This independent review should determine if the processes the institution is using are sufficient, based on the risk level, to catch potentially suspicious activity. Depending on the size and risk level at the institution, not all manual monitoring programs will include the same reviews. The FFIEC s BSA/AML Examination Manual lists the following examples of reports that may be reviewed as part of a transaction monitoring process. CASH ACTIVITY REPORTS Cash activity reports are used to review all cash activity or activity that exceeds $10,000. These

11 reports can assist with the filing of standard currency transaction reports or the identification of suspicious currency activity. Most institution information service providers offer cash activity reports that can also filter cash transactions using various parameters, for example: 1. Activity greater than $10, Activity (single and multiple transactions) just below the $10,000 reporting requirement 3. Transactions involving multiple low-dollar transactions (e.g., $2,000) that over a period of time aggregate to a substantial sum of money (e.g., $30,000 or more). 4. Transactions aggregated by customer name, tax identification number, or customer information file number All of the examples listed in the FFIEC manual might indicate suspicious activity or they might be normal and expected activity for that account holder. These filtering reports will allow the reviewer to look at a sample of the higher-risk activity instead of reviewing all the cash activity occurring at the institution. FUNDS TRANSFER RECORDS BSA requires institutions to maintain records of funds transfers worth $3,000 and more. However periodic review of this information can also assist institutions in identifying patterns of unusual activity. For institutions with low volumes, a periodic review is usually sufficient to identify unusual activity; however, institutions with significant activity may need to use spreadsheets or vendor software to review funds transfer activity for unusual patterns. These reports may concentrate the review on large

12 volume activity or activity from higher risk geographic locations. Once again each institution should establish its own filtering criteria, taking into consideration their level of risk. Any unusual activity identified during these reviews should trigger additional research to determine if the activity makes sense and is consistent with account type and expected activity. MONETARY INSTRUMENT RECORDS Financial institutions are also required by the BSA to keep records for the sales of monetary instruments. These records also assist the institution in identifying possible suspicious activity. A periodic review of these records may identify frequent purchasers of monetary instruments and common payees. Reviews for suspicious activity should include activity over an extended period of time (e.g., 30, 60, or 90 days). Besides looking for excessive instruments purchased with cash, the reviewer should also identify commonalities, such as common payees and purchasers, or consecutively numbered purchased monetary instruments. ACH AND ATM TRANSACTION ACTIVITY ACH and ATM transactions are not included in the examination manual, but should nevertheless be reviewed because of the frequency in which they appear in money laundering, fraud, and terrorist financing. Look for customers with large, frequent, or international ACH or ATM transactions or accounts with excessive unauthorized returns regarding fraudulent or duplicate ACH transactions

13 Surveillance Monitoring (Automated Account Monitoring) A surveillance monitoring system or process might cover multiple types of transactions and use various rules to identify high-risk activity. Rule-based systems are more sophisticated than the basic manual system listed above, which only filters on one rule. These processes use computer programs developed internally or from software vendors, to identify individual transactions, patterns of unusual activity, or deviations from expected activity. They will typically capture a wide range of transaction activity, such as deposits, withdrawals, funds transfers, automated clearing house (ACH) transactions, and automated teller machine (ATM) transactions. Institutions that are large or have a large volume of higher-risk customers or activity are more likely to use surveillance monitoring systems. They might also include rule-based and intelligent systems to detect unusual or high-risk transactions. Many of these systems are able to adapt over time based on historical activity or trends, using alerts that involve spikes or velocity. Some may even conduct internal peer analysis group comparisons. These systems include rule-based or alert-based systems that are designed to identify unusual transactions that are outside normal activity for the institution. The process can involve a few or dozens of rules depending on the complexity of the product. These rules are typically applied by using a series of filters or alerts. Since these systems will generally review transactions in context with other transactions along with the customer s profile, the results allow

14 management to see the overall picture instead of just one piece of the puzzle. The parameters and filters used in the process should be reasonable and tailored to the activity that the institution is trying to identify or control and should be reviewed by the institution before implementing the process to identify any gaps that might not have been addressed, especially taking into consideration the level of risk present at the institution. During this review management might decide to change filters to avoid missing potentially suspicious activity. After processes have been established, just like the manual monitoring process, management should review and test system capabilities, parameters, and filters periodically to make sure they are identifying potential suspicious activity and that the program is still sufficient for any changes in the bank s volumes or risk levels. Also a thorough understanding of the surveillance monitoring system and its capabilities is critical to assessing the effectiveness of the system. Filters should be based on what is reasonable and expected for each type of account. Monitoring accounts based purely on historical activity can be misleading if the activity is not consistent with similar types of accounts and customers. Institutions management should document and/or be able to explain their filtering criteria and explain why they are appropriate for the institution. In addition, the system s programming methodology and effectiveness should also be independently validated to ensure that the models are detecting potentially suspicious activity. It would also be helpful

15 if the evaluator had a basic understanding of the monitoring system they are trying to evaluate. Managing Alerts The second component of a suspicious activity program is managing alerts. After management decides what methods to use to identify potential suspicious activity, the alertmanagement process focuses on the procedures used to investigate and evaluate the identified activity. Management should consider all methods of identification available and enact procedures to evaluate unusual activity regardless of how it was identified. There should also be policies, procedures, and processes in place for referring activity from all areas of the institution to the personnel responsible for evaluating unusual activity. These procedures should define a clear escalation process from initial detection to disposition of the investigation. There should be enough staff allocated to the identification, evaluation, and reporting of potentially suspicious activities. Staff members should have the necessary experience and take ongoing training to maintain their level of expertise. Staff should also be provided with the sufficient internal and external tools to allow them to adequately research the activity and form conclusions. Internal tools may include access to account systems and account information, including employee records. External tools may include Internet media search tools. For example, some institutions restrict employee Internet access, but employees assigned to research suspicious activity might need the unrestricted Internet access during their research

16 After their analysis, reviewers should document conclusions and whether they recommend filing a suspicious activity report. When multiple parties are responsible for researching unusual activity, the channels of communication need to be clear and open. All departments will gain from a mutual level of cooperation and sharing of information, thereby reducing replication of efforts and ensuring that all suspicious activity is identified and reported. Please note: While institutions are required to report suspicious activity that may involve money laundering, BSA violations, terrorist financing, and certain other crimes, they are not obligated to investigate or confirm the crime. That investigation is the responsibility of law enforcement. When reporting the suspicious activity, institutions should just to do their best to include in the narrative all the characteristics of the suspicious activity and why they believe it is suspicious. SAR Decision Making The third component of an effective suspicious activity program is the SAR decision making process. After the investigators thoroughly analyze the potential suspicious activity, their research is usually forwarded to the final decision maker. This may be an individual or a committee at the institution. The decision maker should have the authority to make the final decision as to whether to file the suspicious activity report. If the institution uses a committee, it needs to have a clearly defined process to resolve differences of opinion on filing decisions. Management needs to clearly document the decision, including the specific reason for filing or not filing a SAR

17 The FFIEC s manual says the decision to file a SAR is an inherently subjective judgment. Examiners and auditors are asked to instead focus on whether the institution has an effective SAR decision-making process and not concentrate on individual SAR decisions. Examiners and auditors might nevertheless review individual SAR decisions to test the effectiveness of the SAR monitoring, reporting, and decision-making process. The manual also says that as long as the institution has an established SAR decision-making process; has followed their existing policies, procedures, and processes; and has decided not to file a SAR, the institution should not be criticized unless the failure to file is significant or accompanied by evidence of bad faith. SAR Completion and Filing The SAR completion and filing component is the final component in an effective suspicious activity program and is a critical part of the SAR monitoring and reporting process. Suspicious activity reports must be complete and filed in a timely manner, and the narrative must include a sufficient description of the activity as well as the reason for filing. Timing of a SAR Filing Regulations require that a suspicious activity report be filed no later than 30 calendar days from the date of the initial detection of facts on which the filing is based. If no suspect can be identified, the time period is extended to 60 days. This has been misinterpreted by many to mean 30 or 60 days from the date the transaction occurred or 30 or 60 days from the date the transaction appeared on a report or an alert. The manual says the phrase initial detection should not be interpreted as

18 meaning the moment a transaction is highlighted for review. There could be many legitimate reasons a transaction or account appears on an alert or report. The need to review a customer s account or activity does not necessarily mean you will need to file a suspicious activity report. You may need to research the transaction to determine if there is a legitimate reason for the activity. The 30 or 60 day clock actually starts ticking when, during your research, you determine that the transaction meets one or more of the definitions of suspicious activity and you can t find a legitimate reason for the activity. The appearance of a transaction on a report brings the transaction to someone s attention, but should not be considered the initial detection of potential suspicious activity. The filing period does not begin until an appropriate analysis is conducted and a decision is made that the transaction is suspicious per the SAR regulation. This does not release the institution from an obligation of expeditious reviews, which can be of great assistance to law enforcement. The regulations require the review to be completed in a reasonable period of time, but what constitutes reasonable varies greatly depending on the activity and the effectiveness of the monitoring and reporting procedures. What is most critical is whether to organization adheres to the following SAR requirement: Are there established adequate procedures for reviewing and assessing facts and circumstances identified as potentially suspicious, and are those procedures documented and followed?

19 For situations requiring immediate attention (e.g., terrorism or knowledge of a serious crime), in addition to filing the SAR, management should immediately notify, by telephone, an appropriate law enforcement authority and, if necessary, the institution s primary regulator. The appropriate authority is generally the local office of the IRS Criminal Investigation Division or the FBI. But remember, notifying law enforcement of a suspicious activity does not relieve an institution of its obligation to file a SAR. SAR Quality It is extremely imperative for SAR forms to be complete and thorough, and to include all known information on the suspect. Inaccurate, incomplete, or disorganized SARs can make proper analysis by law enforcement impossible. The narrative is the only area of the SAR that summarizes the suspicious activity so it is critical to clearly and thoroughly describe the activity. A good rule is to always list the five Ws (who, what, when, where, and why). Who is conducting the suspicious activity? What instruments or mechanisms are being used to facilitate the suspect transactions? When did the suspicious activity take place? Where did the suspicious activity take place? Why does the institution think the activity is suspicious? Plus, law enforcement also needs to know how the suspicious activity occurred. Since SAR narratives are subjective, examiners and auditors are asked to not criticize the interpretation of

20 facts, but they will want to ensure that they are thorough and describe the extent and nature of the suspicious activity. The institution should never include any supporting documentation with a filed SAR. (Currently no attachments to the narrative section can be stored in the BSA-reporting database.) Also FinCEN only enters into its system information provided in a narrative format, so tables, spreadsheets, and pictures should not be included. All supporting documentation should be retained by the institution for five years so that it may be available to law enforcement if needed. Additional guidance on completing a SAR can be found in Appendix L of the FFIEC s Examination Manual and from FinCEN at: Repetitive SAR Filings Once a SAR has been filed, if this activity continues over a period of time, law enforcement and the federal banking agencies need to be made aware of the situation. FinCEN s guidelines recommend that institutions report continuing suspicious activity by filing a SAR at least every 90 days. This way law enforcement will be made aware of the continuing activity. In addition, this practice was designed to remind managers that they should continually review accounts to determine whether other actions are appropriate. For example management might decide to contact law enforcement or to terminate a relationship with the customer or employee that is the subject of the SAR filing

21 Please Note: Law enforcement might want you to keep the account open regardless of the suspicious or potential criminal activity. This can aid them in an open investigation and avoid tipping off the customer that he is under suspicion. If law enforcement requests that an account remain open, ask for a written request including the purpose and duration of the request. Regardless, the institution will still be able to make the ultimate decision to keep or close an account. The institution needs to include in their policies and procedures how they will handle accounts with repetitive SAR filings. Accounts should be reviewed by senior management and legal staff, and criteria should be established for analysis of the overall customer relationship, for closing the account, and for notifying law enforcement if an account is closed. RECORD RETENTION Institutions need to retain copies of all SARs and their supporting documentation for five years after the date of filing. They must also provide all documentation supporting the filing of a SAR upon request by FinCEN or an appropriate law enforcement or federal banking agency. Supporting documentation refers to all documents or records that contributed to the determination that a SAR was required. No legal process is required for FinCEN or an appropriate law enforcement or federal banking agency to obtain copies of the supporting documentation. Sharing SAR Information NOTIFYING BOARD OF DIRECTORS OF SAR FILINGS Institutions are required to notify their board of directors or an appropriate board committee of the SARs being filed at the institution, but regulations

22 do not mandate the form or frequency of notification, although most institutions provide a report monthly or quarterly. Institutions are allowed but not required to share a copy of the actual SAR or to share only a summary or table listing the volumes and the type of suspicious activity. Regardless of the format used, the board or the board committee must be given enough information to fulfill their fiduciary duties. SHARING SARS WITH HEAD OFFICES, CONTROLLING COMPANIES, AND AFFILIATES Interagency guidance allows institutions to share SARs with head offices and controlling companies and affiliates, either located in the United States or abroad. To manage risk internally, institutions that file a SAR are allowed to disclose to entities internally the information underlying the SAR filing. Regardless, financial institutions are still advised to maintain appropriate arrangements to protect the confidentiality of SARs. PROHIBITION OF SAR DISCLOSURE TO SUSPECTS Per the regulation, no institution, and no director, officer, employee, or agent of an institution that reports a suspicious transaction may notify any person involved in the transaction that the transaction has been reported. Unless requested by FinCEN, an appropriate law enforcement agency, or a federal banking agency, the institution is to refuse to produce or disclose that a SAR was prepared or filed, even if subpoenaed (31 CFR (e) and 31 USC 5318(g) (2)). If management receives such a request, they are to

23 immediately notify FinCEN and their federal banking agency. In January 2011, for the first time ever, a former bank officer faced up to 95 years in prison after being convicted of disclosing the existence of a suspicious activity report to the suspect. Frank Mendoza, a former Chase Bank loan loss mitigation specialist approached the subject of a SAR, disclosed the existence of the SAR, and suggested that the suspect pay him $25,000 for more information about the investigation htm Conclusion As stated in the introduction, the identification of suspicious activity is critical to our government s ability to utilize financial information to combat terrorism, money laundering, and other financial crimes. The best way to do this is to follow the money. Law enforcement has been doing that for years to track down money laundering, tax fraud, drug smugglers, and other crimes, but they need our help. And now since 9/11, the information submitted in suspicious activity reports is also helping track down suspected terrorists. It is vital for financial institutions to have a strong and effective suspicious activity program to identify potential criminal activity and provide this much needed money trail to law enforcement