(A previous version of this article was published in October of 2018, titled “The Problem with Suspicious Activity Reports – You Can’t Handle The Data”)
When bankers, mortgage lenders, or financial companies notice specific behavior from their clients, a Suspicious Activity Report (SAR) is required to be completed and filed under the U.S. Bank Secrecy Act (BSA) of 1970. The idea behind SAR filings is to assist the government in identifying individuals, groups, and organizations who are involved in fraud, money laundering, terrorist financing, and other crimes. SARs empower law enforcement to initiate or augment significant money laundering or terrorist financing investigations.
SARs are legally required to be filed to Financial Crimes Enforcement Network (FinCEN) within thirty days of the detection of an incident of suspicious activity and the volume of reports filed increases annually. “The trend is that more SARs are being filed every year. Almost 960,000 were filed in 2016 alone!” Financial companies required to file include banks, credit unions, mortgage lenders, brokers, insurance companies, precious metals and gems dealers. casinos, money service companies, check cashing stores, and currency exchange bureaus.
Data provided in SARs gives FinCEN a deep pool for identifying emerging trends and patterns associated with financial crimes. Cash made from criminal activity is usually spent through small, less-obvious transactions, recycled within the organized crime network, or processed through financial institutions and services companies in an effort to launder the money.
Here are a few of the activities financial companies report on SARs:
- Account transactions that are inconsistent with previous patterns — sudden wire transfer, large amounts of cash, etc.
- A high volume of inbound or outbound wire transfers, with no logical connection, that come from, go to, or transit through locations of concern (such as sanctioned countries, non-cooperative nations and sympathizer nations.
- Unexplainable clearing or negotiation of third-party checks and their deposits in foreign bank accounts.
- Structuring at multiple branches or the same branch with multiple activities.
- Corporate layering, transferring sums between accounts of related entities or charities with no logical reasons.
- Wire transfers by charitable organizations to companies located in countries known to be bank or tax havens.
- Lack of apparent fundraising activity, for example, a lack of small checks or typical donations associated with charitable bank deposits.
- Using multiple accounts to collect funds that are then transferred to the same foreign beneficiaries.
- Overlapping corporate officers, bank signatories, or other identifiable similarities associated with addresses, references and financial activities.
- Cash debiting schemes in which deposits in the US correlate directly with ATM withdrawals in countries of concern. Reverse transactions of this nature also suspicious.
- Issuing checks, money orders or other financial instruments, often numbered sequentially, to the same person or business, or to a person or company whose name is spelled similarly.
Without context it would be challenging to determine by such activity alone whether the particular act was related to a crime organization or terrorism financing operation.
By following the clues on SARs, investigators take note of simple suspect transactions including operations like retail foreign exchange and international transfer of funds, uncovering ties to other countries including Financial Action Task Force (FATF) blacklisted countries. Some customers may have police records related to trafficking in narcotics and weapons, with possible ties to foreign terror groups. It’s possible the funds moved through a state sponsor of terrorism or a country where there is a terrorism problem.
A link with a Politically Exposed Person (PEP) can connect to a terrorism problem. A charity may be a link in the transaction. Bank accounts (usually student) which only receive periodic deposits withdrawn from an ATM over a few months and are then dormant for other periods could mean that they are becoming active to prepare for an attack.
What’s a Government to do?
The FBI is working to develop advanced technologies to exploit Suspicious Activity Reports (SARs) and other Bank Secrecy Act (BSA) data from FinCEN by using computer software to visualize financial patterns, link distinct criminal activities, and display the activity in link analysis charts. The FBI is also implementing a next-generation electronic file management system that will help manage investigative, administrative, and intelligence needs while also improving ways to encourage information sharing with other agencies.
FinCEN is changing the way it analyzes information, moving away from functioning merely as a clearinghouse, and moving towards higher-level research and analysis, which will utilize all sources of information to analyze the cutting-edge systems of money laundering and illicit finance.
IRS-CI (Criminal Investigation) special agents “follow the money” within various inter-agency task forces and centers to detect money laundering. There are forty-one active Suspicious Activity Report Review Teams (SAR-RT) who review and analyze SAR data for case development and support within the USA. Recently-acquired “data mining” software is improving the ability of IRS-CI’s investigators and analysts to make connections and identify patterns in the SAR data.
In The Future…
CTT will develop software applications for the intelligence community to analyze the SAR data collected by FinCEN and cross check these suspicious transactions against CTT’s database of currency tracking information gathered from law enforcement. CTT’s intuitive artificial intelligence algorithms will develop patterns of currency movement throughout the country to assist in detecting or solving various crimes.