On January 19, 2021, several federal banking regulators including FinCEN, the Federal Reserve, the FDIC, NCUA, and the OCC jointly issued answers to several frequently asked questions (FAQs) regarding suspicious activity reports (SARs) and other anti-money laundering (AML) considerations for financial institutions covered by SAR rules. As used below, the term “financial institution” includes money services businesses.
Importantly, the FAQs do not alter existing BSA/AML legal or regulatory requirements, nor do they establish new supervisory expectations. Instead, they are intended to clarify the regulatory requirements related to SARs to assist financial institutions with their compliance obligations.
The full FAQs can be found here. Below is a summary of a few highlights from the FAQs:
Some of the guidance addresses technical questions related to the character limits imposed on the narratives within the SAR form as well as duplicative information within the form. Other topics address more substantive risk compliance issues such as a financial institution’s BSA obligations in response to a customer grand jury subpoena or other law enforcement inquries including “keep open” requests to maintain an account or customer relationship.
The regulators also clarified that financial institutions are not automatically required to terminate a customer relationship following the filing of a SAR or multiple SARs. That decision is a determination for the financial institution to make based on the “information available to it, its assessment of money laundering or other illicit financial activity risks, and established policies, procedures, and processes.” There is no specific number of SAR filings that a financial institution must consider to trigger any particular escalation step because the number of SAR filings and other factors that trigger escalation steps (including account termination) may vary from customer to customer based among several factors including: the risk profile of the customer, the geographical locations involved, the volume and type of transactions, the type of account, and the types of SARs filed.
The FAQs also address a financial institution’s obligations to investigate negative news alerts and to file SARs based on such information. In short, the existence of negative news related to a customer or other activity at a financial institution does not in and of itself indicate that the criteria requiring the filing of a SAR have been met, and does not automatically require the filing of a SAR by a financial institution. However, “[a]s with other identified unusual or potentially suspicious activity, financial institutions should comply with applicable regulatory requirements and follow their established policies, procedures, and processes to determine the extent to which it investigates and evaluates negative news, in conjunction with its review of transactions occurring by, at, or through the institution, to determine if a SAR filing is required.”
In the case of multiple negative news events based on the same event, a financial institution is not expected to independently investigate each alert, but rather may consider whether the alert contains new or different information that warrants further investigation or whether the negative news otherwise assists or informs the evaluation of the activity at issue. Ultimately, the way in which each financial institution handles negative news will vary based on its own risk-based procedures and monitoring processes.
The release of clarifying information about SAR requirements by the regulatory agencies should assist financial institutions in complying with those mandates. Please contact us if you would like further information.