Suspicious Activity Report (SAR)

Action Highlights that Even Sophisticated Companies Serious about Compliance are not Immune from AML Enforcement – and the Importance of Cooperation When Cutting a Deal

On May 12, 2021, the Securities and Exchange Commission (“SEC”) issued an Order instituting a cease-and-desist proceeding under Sections 15(b) and 21C of the Securities and Exchange Act of 1934 (the “Exchange Act”), and imposed a $1.5 million monetary penalty against broker-dealer, GWFS Equities, Inc. (“GWFS”) for its alleged violations of the Bank Secrecy Act (“BSA”) due to its claimed failure to file Suspicious Activity Reports (“SARs”) when it was required to do so, and because certain filed SARs were inadequate.  The suspicious activity at issue involved primarily so-called “account takeovers” by cyber criminals, which is of course a growing and pernicious threat.

What is particularly notable about the case is that the SEC targeted GWFS for enforcement for allegedly filing 297 deficient SARs between September 2015 through October 2018 (the “Relevant Period”), despite GWFS having a seemingly otherwise robust  anti-money laundering (“AML”) program, a designated and capable BSA/AML Officer, a SAR review committee, written supervisory procedures that stressed the importance of providing “clear, complete, and concise descriptions of” suspicious activity, including the five essential elements of the suspicious activity—who, what, when, where and why (the “five essential elements”)—and GWFS providing formal and informal training to combat and report suspicious activity.  Stated otherwise, this AML enforcement action involves an actor clearly serious in general about compliance, rather than a compliance “outlier” representing an easy enforcement target. Crucially, cetain filed SARs allegedly omitted the “five essential elements” required in a SAR, even though GWFS allegedly knew the information and also knew that it was obligated to include the information in its SARs.  Instead, GWFS utilized a generic format for its SARs that did not contain much useful information.

The lesson here is clear: in regards to the allegedly inadequate filed SARs, the SEC is sending a message that a perceived cookie-cutter, cut-and-paste approach to fulfilling one’s obligations under the BSA will not be enough to stave off scrutiny and potential costly liability from government regulators.  With incidences of identity theft and other cybercrimes showing no signs of abating, and the government’s interest in ensuring that financial institutions are playing their role to guard against and to combat cybercrime, additional regulatory actions for deficient compliance are likely to follow.  It is not enough to just have a compliance program in place.  Broker-dealers should ensure that their compliance staff is well-trained and reports suspicious activity through the issuance of SARs that, at a minimum, contain the five essential elements.
Continue Reading SEC Extracts AML Settlement From Broker-Dealer Based on Alleged Failure to Comply with “Five Essential Elements” of SAR Filings Regarding Cyber Crime

Eighth Blog Post in an Extended Series on Legislative Changes to the BSA/AML Regulatory Regime

As we have blogged, the Anti-Money Laundering Act of 2020 (“AMLA”) contains major changes to the Bank Secrecy Act (“BSA”), coupled with other changes relating to money laundering, anti-money laundering (“AML”), counter-terrorism financing (“CTF”) and protecting the U.S. financial system against illicit foreign actors.   In this post, we review several provisions of the AMLA section entitled “Modernizing the Anti-Money Laundering and Countering the Financing of Terrorism System.” These provisions signal potentially significant changes in the BSA reporting regime for suspicious activity and currency transactions – albeit in the future, after the performance of studies and reports which Congress has required regarding the effectiveness of Suspicious Activity Report (“SAR”) and Currency Transaction Report (“CTR”) filings.

These provisions of the AMLA require the Treasury Secretary to acquire a fuller picture of the reporting regime as it currently functions in regards to SAR and CTR filings. We repeatedly have blogged about the ongoing debate regarding the utility of SARs and other BSA reports versus the onus the system places on financial institutions (see, for example, here, here, here and here). The AMLA now creates the opportunity for the government to respond to that debate with a data-driven approach. The theme of these AMLA provisions is feedback – both internal and external – regarding how (and whether) SARs work.  Notably, they also address the issue of whether the monetary filing thresholds for SARs (generally, $5,000) and CTRs ($10,000) should be increased.


Continue Reading Review, then Reform? AMLA Charts a Path for the Future of SARs and CTRs

On March 29, 2021, the Securities and Exchange Commission (“SEC”) began to make good on its promise to make AML a key examination priority in 2021 by issuing a risk alert authored by the Division of Examinations (“EXAMS”) detailing the results of a review of broker-dealers’ compliance with anti-money laundering (“AML”) requirements (the “Alert”).

The Alert details the obligations of broker-dealers to comply with AML programs and SAR monitoring and reporting requirements pursuant to the “AML Program Rule,” 31 C.F.R. § 1023.210, and the “SAR Rule,” 31 C.F.R. § 1023.320, as well as similar obligations under Rule 17a-8 of the Securities Exchange Act of 1934 (“Exchange Act”), which incorporates the Bank Secrecy Act (“BSA”) reporting and record-keeping obligations applicable to broker-dealers.  The Alert further issues findings that indicate certain firms are experiencing shortcomings when it comes to establishing and implementing sufficient suspicious activity monitoring and reporting policies and procedures, which is leading to inadequate SAR reporting in several respects.

Perhaps not coincidentally, EXAMS issued the Alert shortly after the U.S. Court of Appeals for the Second Circuit ruled in December 2020 in SEC vs. Alpine Securities Corp. that the SEC has the authority to bring an enforcement action against broker-dealers under Section 17(a) and Rule 17a-8 of the Exchange Act on the basis of alleged BSA failures, including failures to comply with the SAR Rule.  Whether the Alert is a true “heads up” or a forewarning of enforcement actions to come, firms are encouraged not to replicate the specific deficiencies identified in the Alert.
Continue Reading Broker-Dealers Fail SEC AML Examinations

In its most recent Marijuana Banking Update, the Financial Crimes Enforcement Network (FinCEN) stated that the decline in the number of banks and credit unions actively banking marijuana-related businesses (MRBs) in the United States “appears to have leveled off.”  As of December 31, 2020, there were 684 banks and credit unions banking MRBs.  That

The Financial Crimes Enforcement Network (“FinCEN”) issued on February 24, 2021 “an [A]dvisory to alert financial institutions to fraud and other financial crimes related to Economic Impact Payments (EIPs), authorized by the Coronavirus Aid, Relief, and Economic Security (CARES) Act, and the Coronavirus Response and Relief Supplemental Appropriations Act of 2021.” The Advisory describes EIP

Case Highlights Confidentiality of BSA Reporting and Continued Focus on Real Estate as Money Laundering Tool

The Northern District of California granted summary judgment to the Financial Crimes Enforcement Network (“FinCEN”) in a Freedom of Information Act (“FOIA”) case pertaining to an attempt by a group of investigative journalists to obtain information reported to FinCEN on the beneficial owners of high-end real estate.  This case clearly indicates that the Bank Secrecy Act (“BSA”) will continue to prevent efforts by journalists to seek, via FOIA, sensitive and protected information reported to FinCEN.  Of course, and as the world has witnessed, journalists still can turn to leaks and data hacks to obtain and distribute such information.  This case also reminds us that the use of real estate as a potential vehicle for money laundering remains a hot topic not only for regulators and enforcement personnel, but also for journalists and watchdog groups.

In The Center for Investigative Reporting, et al. v. United States Department of the Treasury, the Court held that FinCEN was not required to produce documents indicating the “real human owners” of residential real estate purchased with cash that had been requested by The Center for Investigative Reporting (“CIR”).  The Court’s ruling – affirming the confidentiality protections that are critical to the effectiveness of financial institution reporting under BSA – comes at pivotal moment, as journalistic agencies such as the International Consortium of Investigative Journalists (“ICIJ”) and BuzzFeed News reported less than six months ago on leaked documents referred to as the “FinCEN Files,” describing alleged transactions valued at over $2 trillion U.S. dollars and reported by financial institutions to FinCEN through Suspicious Activity Reports (“SARs”). Under the BSA, it is illegal to reveal the decision to file or not file a SAR to the subject of the SAR.  The ICIJ also played a key role in the release of the notorious Panama Papers, which detailed an alleged web of international money laundering and tax evasion obtained through a massive data leak.
Continue Reading Investigative Journalists Lose FOIA Bid to Obtain GTO Info Reported to FinCEN

SARs Do Not Need to Be Filed At the First Sign of Potential Problems

Honoring “Keep Open” Letters from Law Enforcement Should Not Lead to Criticism

On January 19, 2021, the Financial Crimes Enforcement Network (FinCEN), along with the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Board of Governors of the Federal Reserve System, and the National Credit Union Administration jointly published Answers to Frequently Asked Questions Regarding Suspicious Activity Reporting and Other Anti-Money Laundering Considerations.  The agencies provided answers to certain frequently asked questions (FAQs) in an effort to (1) clarify for financial institutions the regulatory requirements related to Suspicious Activity Reports (SARs) that they must comply with; and (2) help financial institutions focus their resources on Bank Secrecy Act (BSA) reporting activities that provide the most value to law enforcement.

The banking agencies developed these FAQs in response to recommendations made by the Bank Secrecy Act Advisory Group, which are detailed in FinCEN’s Advance Notice of Proposed Rulemaking on Anti-Money Laundering Program Effectiveness published in September 2020.  Notably, the FAQs do not change existing legal obligations or create new regulatory requirements.  Instead, they address several questions that have emerged among anti-money laundering compliance personnel.  Generally, they are helpful and make clear that a decision to file a SAR in a particular case is driven by specific circumstances and good judgment, rather than a rigid “check the box” mentality.
Continue Reading FinCEN and Other Federal Banking Agencies Provide Much-Needed Guidance on Suspicious Activity Reports

The Comptroller of the Currency (the “OCC”) has been busy, and focused on technology.  We discuss two recent developments: proposed regulations that would allow the OCC to grant exemptions relating to Suspicious Acivity Reports (“SARs”), and the OCC’s announcement that national banks and federal savings associations may employ both independent node verification networks (“INVNs”) and stablecoins to perform banking functions.

SAR Filing Exemptions

In late December, the OCC proposed new regulations to amend the “Suspicious Activity Report regulations to allow the OCC to issue exemptions . . . for national banks or federal savings associations that develop innovative solutions intended to meet Bank Secrecy Act requirements more efficiently and effectively.” While the Financial Crimes Enforcement Network (“FinCEN”) has long held the power to grant exemptions, the OCC does not possess equivalent authority. “As financial technology and innovation” rapidly evolve in monitoring and reporting financial crime, the OCC has determined it must create a flexible regulatory mechanism to keep pace.
Continue Reading The OCC Embraces Technology, Proposes Exemption to SAR Requirements and Announces Acceptance of Distributed Ledgers and Stablecoins

Providing yet more proof that anything positive can be twisted into something negative, the Financial Crimes Enforcement Network (“FinCEN”) released a Notice yesterday “to alert financial institutions about the potential for fraud, ransomware attacks, or similar types of criminal activity related to COVID-19 vaccines and their distribution.”  This Notice comes on the heels of several

On December 18, 2020, the Office of the Comptroller of the Current (OCC), Federal Reserve Board (FRB), and Federal Deposit Insurance Corporation (FDIC) announced an interagency notice of proposed rulemaking that would require supervised banking organizations to provide notification of significant computer security incidents to their primary federal regulator.  Under the proposed rule, for incidents