The Federal Bank Secrecy Act is aimed at preventing money laundering and the financing of terrorism or other criminal activity, and suspicious activity reporting is a key component of the BSA framework. A bank’s failure to file suspicious activity reports or its failure to have policies and procedures to identify, relay, and report suspicious activity may result in civil money penalties, criminal penalties, and, at worst, imprisonment. Davenport Evans lawyer Dixie Hieb offers an outline of FinCen guidance and red flags for suspicious activity.
A bank is required to file a suspicious activity report (SAR) when a transaction conducted or attempted through the bank involves at least $5,000 in the aggregate, and the bank knows, suspects, or has reason to suspect that the transaction involves funds derived from illegal activities or is intended to hide or disguise funds derived from illegal activities. A SAR is also required when a transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts. The definition of “transaction” is broad and includes a deposit, withdrawal, transfer between accounts, exchange of currency, loan, CD, and purchase or redemption of any money order.
FinCEN has issued guidance explaining the five essential elements of information – “who? what? when? where? and why?” – that must be collected in connection with completing a SAR narrative. Recognizing the SAR filing requirements is more straightforward, however, than recognizing actual suspicious activity. While larger banks may have personnel dedicated to BSA compliance, banks of all sizes must rely on personnel throughout the bank to identify suspicious activity and relay that information per the bank’s BSA policies and procedures. BSA training can include examples of suspicious activity that will help personnel in all departments recognize suspicious activity.
The FinCEN guidance includes examples of common patterns of suspicious activity, including:
- A lack of evidence of legitimate business activity, or any business operations at all, by parties to the transaction.
- Unusual financial transactions occurring among certain business types (e.g., food importer dealing with auto parts exporter).
- Complex transactions indicative of layering activity involving multiple accounts, banks, parties, and jurisdictions.
- Suspected shell entities.
- Beneficiaries maintaining accounts at foreign banks that have been the subject of previous SAR filings.
- Businesses that do not meet routine customer due diligence requirements (e.g., unregistered/unlicensed businesses).
With the recent legalization of medical marijuana, recognizing red flags related to marijuana-related businesses (MRBs) is especially important. FinCEN guidance has identified the following MRB-related red flags:
- Use of a state-licensed MRB as a front to launder money derived from other criminal activity.
- Cash deposits or withdrawals over a short period of time that are excessive relative to local competitors or the expected activity of the business.
- Rapid movement of funds, such as cash deposits followed by immediate cash withdrawals.
- Deposits by third parties with no apparent connection to the accountholder.
- Inability to produce satisfactory licensing documentation.
- Publicly available sources and databases about the business, its owners, managers, or other related parties, reveal negative information.
FinCEN Alerts provide additional, activity-specific red flags. Recent alerts highlighted red flags indicating attempts to evade export controls and OFAC-impacted sanctions in connection with Russia’s invasion of Ukraine, including:
- The nature of a customer’s underlying business (specifically military or government-related work), type of services or products offered, and geographical presence pose additional risks of unintentional involvement in the evasion of export controls.
- Parties to transactions with addresses that do not appear consistent with the business or are otherwise problematic (e.g., either the physical address does not exist or it is residential).
- Use of legal entity arrangements to obscure ownership, source of funds, or countries involved, particularly sanctioned jurisdictions.
- Use of third parties to shield the identity of sanctioned persons or “politically exposed persons” seeking to hide the origin or ownership of funds, for example, to hide the purchase or sale of real estate.
Enforcement actions by various regulatory agencies serve to identify other types of red flags, including check fraud schemes involving a customer’s deposit of numerous checks payable to a third party and identify theft schemes involving multiple attempts to hack a bank’s customer database.
Notably, the federal regulations provide that a bank may file a report of any suspicious transaction that it believes is relevant to the possible violation of any law even if reporting is not required. The BSA includes a safe harbor provision protecting a SAR filer from civil liability. Failure to file required SARs can, on the other hand, subject the bank and its officers to civil penalties of up to $100,000 for willful violations, as well as possible criminal penalties and jail terms of up to 10 years.
A bank’s BSA policies and procedures, including required staff training and procedures to relay and report suspicious activity, are key to meeting the bank’s SAR filing obligations. With appropriate training, bank personnel in all areas will recognize suspicious activity when they see it.