The Peculiar Question: Should We File a Suspicious Activity Report?
In the midst of a routine internal investigation involving a magician with questionable actions, a surprising inquiry arose from an unexpected source – the Human Resources (HR) representative responsible for managing the bank’s disciplinary response. They asked, “Should we file a Suspicious Activity Report (SAR) on them?” This was the first time anyone outside of the compliance and investigations team had raised such a question among the bank’s 200,000 employees. While taken aback, I emphasized the importance of confidentiality and the risks associated with unwarranted inquiries. This incident brought to light a serious concern about the inventorying and reporting of misconduct.
The Inside Job: Insider Abuse Category Explained
Financial institutions employ an extensive category for filing SARs known as Insider Abuse, specifically designed to report instances of employee misconduct. According to FinCEN, Insider Abuse encompasses criminal activities committed, aided, or abetted by bank employees, including directors, officers, agents, and other institution-affiliated parties. However, the Insider Abuse category faces two significant challenges:
- Identifying the precise conditions that warrant SAR filing, such as the violation of criminal law.
- Ensuring that all relevant instances of misconduct are properly documented and recorded.
Typically, financial institutions provide multiple channels for reporting misconduct, including direct referrals to the investigations unit, escalation to HR, external referrals, and a dedicated whistleblower hotline. The critical issue lies in the fact that while only the investigations team should handle SAR filings, other entities within the institution may review incidents of SAR-filing-worthy misconduct without referring them to the investigations team. Consequently, actions that should trigger a SAR might be overlooked. Moreover, if widespread or institutional misconduct goes unreported, regulators could exploit this oversight to expose deficiencies in the bank’s compliance risk framework.
Did You Mean “Oversight” or “Oversight?” Clarifying Reporting Responsibilities
Most financial institutions’ Bank Secrecy Act/Anti-Money Laundering (BSA/AML) policies encompass comprehensive definitions and references to SAR filing and their purpose. They may even touch on the confidentiality of SARs. Similarly, general BSA/AML training usually covers the concept of SARs, while technical training delves into the intricacies of suspicious activity reporting itself. Moreover, these policies, procedures, and training materials typically mention the existence of an ethics hotline, whistleblower procedures, and other internal mechanisms.
In the aforementioned anecdote, it was a mere coincidence that the HR representative happened to be aware of SAR filing and knew that their engagement was with a team responsible for issuing SARs. From this perspective, any team within a financial institution dealing with misconduct must possess documented awareness of the SAR-filing process and proper escalation procedures.
Pen to Paper: Establishing Oversight Across Referral Points
Striking the right balance, it is crucial for departments outside of the investigations team to remain unaware of any contemplated SAR filings. However, there should still be oversight across various points of contact to ensure that a SAR-filing team conducts at least a review. While HR or legal decision-making processes operate in silos, potential SAR filings for underlying misconduct depend on their awareness and collaboration.
One possible solution is to develop a centralized procedure through collaboration between the compliance department and relevant parties (investigations, HR, legal, whistleblower/ethics team, etc.). This coordinated effort would guarantee that the investigations team becomes aware of all internal misconduct incidents, placing the responsibility of determining whether a SAR should be filed solely on the entity equipped and authorized to do so.
Alternatively, if a centralized approach appears overly burdensome, respective units could establish their own procedures for assessing the merit and necessity of potential referrals. However, in this case, the procedures must explicitly reference the need to maintain SAR privilege.
Objects May Be Closer Than They Appear: Identifying Reporting Gaps
To date, the failure to file SARs related to misconduct has not triggered enforcement actions. Nevertheless, as SAR failures point to broader compliance gaps, it would be prudent to consider establishing a review panel. This panel could examine misconduct incidents where SARs were filed and compare them to incidents where the bank’s SAR-filing arm had no visibility. Any incidents where SAR filing could have been considered, but the relevant function was not notified, would highlight areas of concern. By identifying the reporting channels most frequently used for misconduct referrals that lack proper processes, training, or oversight, the organization can address its reporting gaps.
Remember, maintaining a strong compliance framework is essential for financial institutions. For more insights and guidance on compliance and risk management, visit Garrity Traina, the leading authority in the field.