We are unsure of a few anti-money laundering issues. We know that you probably come across some of these issues all the time in your AML testing. Please enlighten us on how to deal with these questions.
- After the filing of one or more SARs, what do we do if law enforcement contacts us requesting more specific information about the suspicious activity or requesting supporting documentation, and also if a law enforcement agency tells us that it does not intend to investigate the matter reported on the SAR?
- Do we file the SAR on activity deemed to be suspicious even when a portion of the activity occurs outside of the United States or the funds involved in the activity originated from outside the United States?
- Should we close an account (i.e., a loan application), if we identify suspicious activity?
- How do we decide to extend the SAR filing period passed the 30-day rule requirement?
- What should be done during an AML Program test?
Over the years our AML tests and risk assessments have given us considerable insight into the FinCEN requirements for residential mortgage lenders and originators.
Your questions are good and reflect the concerns of many financial institutions. Here follows some guidance responsive to your questions.
- If conduct continues for which a SAR has been filed, companies should report continuing suspicious activity with a SAR being filed at least every 90 days, even if a law enforcement agency has declined to investigate or there is the knowledge that an investigation has begun. Moreover, the information contained in a SAR that one law enforcement agency has declined to investigate may be of interest to other law enforcement agencies, as well as supervisory agencies.
- Although foreign-located operations of U.S. companies are not required to file SARs, a financial institution may wish to file a SAR with regard to suspicious activity that occurs outside the United States that is so egregious that it has the potential to cause harm to the entire organization.
- Closing a customer account as the result of the suspicious activity is a determination to make in light of the information available. Filing a SAR, on its own, should not necessarily be the basis for terminating a customer relationship. Rather, a determination should be made with the knowledge of the facts and circumstances giving rise to the SAR filing, as well as other available information that could tend to impact on such a decision. When faced with this decision, it may be advisable to include the organization's counsel, as well as other senior staff, in such determinations.
- SAR rules require that a SAR is filed no later than 30 calendar days from the date of the initial detection of the suspicious activity, unless no suspect can be identified, in which case, the time period for filing a SAR is extended to 60 days. The fact that a review of customer activity or transactions is determined to be needed is not necessarily indicative of the need to file a SAR, even if a reasonable review of the activity or transactions might take an extended period of time. The time to file a SAR starts when the financial institution, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity and/or transactions under review meet one or more definitions of suspicious activity.
- The AML Program test should provide a fair and unbiased appraisal of each of the required elements of the anti-money laundering program, including its Bank Secrecy Act (“BSA”) policies, procedures, internal controls, recordkeeping and reporting functions, and training. The test should consider internal controls and transactional systems and procedures to identify problems and weaknesses and, if necessary, recommend to management appropriate corrective actions. The test also should cover all anti-money laundering program actions taken by – or defined as part of the responsibility of – the designated compliance officer, including a determination of the level of money laundering risks faced by the business, the frequency of BSA anti-money laundering training for employees, and the adoption of procedures for implementation and oversight of program-related controls and transactional systems. A risk rating should be provided to assess continuity over time.
Lenders Compliance Group