Suspicious Activity Reports (SARs) are part and parcel of dealing with AML compliance but its important to get it right. Submitting reports which are vague on specific details, or do not include your views on why you think the reported activity is suspicious will make it difficult for law enforcement agencies to assess and effectively take action.
Make your SAR count by ensuring you have reasonable grounds for suspicion before filing your report, and by following these few simple guidelines.
What triggers a suspicious activity report?
We’re often asked when should a SAR be submitted? The Financial Intelligence Unit (FIU) states that: ‘Suspicious Activity Reporting is based on an objective test applied to reasonable grounds for suspicion.”
So, what does that really mean? Well, if you have formed a suspicion based on what you’re seeing from a customer which triggers red flags, and you reasonably believe they are trying to use your business for nefarious purposes it’s time to file a SAR.
While it can sometimes be difficult to assess ‘reasonable grounds’, don’t use SARs as a defensive strategy to cover your back. Doing this won’t lead to any meaningful outcomes and may lead to a breach of other obligations. Be careful to review what you know about your customer, examine deviations from expected behaviour and conduct thorough enquiries.
Once reasonable grounds for suspicion exist, you are legally required to submit a SAR to the FIU as soon as possible, but no later than three working days.
Red flags
Another common question – what constitutes a red flag? Answer: it depends. Nobody likes this as an answer but it is truly dependent on a couple of factors.
- It depends on your industry
- It depends on your customer base, and customers in general
For example, if you are an estate agent dealing with residential properties, you might have a client who buys and sells properties as a way of making money. There is nothing unusual about that, but if you see they are suddenly keen to sell a property without showing the expected amount of interest in the profit, that may raise some questions. Normally, you’d expect a real estate investor to very much care about their portfolio and the financial gains made.
Or you may have a smooth, uneventful relationship with a long-term customer who starts to introduce activity that doesn’t fit with their profile. Maybe they start asking about setting up a trust in the Bahamas, or want to add assets you are unaware of to an existing trust. These are all red flags that should be investigated.
Another red flag for all sectors, is a client that takes a lot of interest in your AML processes, asking why and how you go about doing it, and also clients that straight up refuse to provide information.
It all comes down to knowing your customer, and knowing the risk for your business and your sector, and having good practices around ongoing due diligence.
Think about whether the level of care from a customer changes for the better or the worse, and if requests or activity is unusual given what you know about them.
Dealing with suspicious transactions
Suspicious transactions are slightly different to other forms of suspicious activity as you are specifically looking at money and what money is doing. In a bank for example, you should be looking at what someone is depositing. If cash under the $10,000 reporting threshold is consistently being deposited, it could be suspicious. And, if deposits are going into one account from different locations, at the same time, which when combined reach the threshold it could also be suspicious.
Reporting entities have to file a Prescribed Transaction Report (PTR) for all transactions over $1,000. Most organisations will be set up to do this automatically with software which uploads information automatically to the FIU. However, software cannot completely replace the power of human intelligence and information still needs to be analysed based on what you know about your customer.
It wasn’t that long ago that Westpac received a massive $1.3 billion fine from AUSTRAC for failure to stop transactions going to Thailand and the Philippines. Westpac should have known money going to those countries could facilitate child exploitation and should be investigated. A reminder to us all that money moving between countries with no legitimate explanation, or with explanations that don’t match up should raise red flags.
How to report suspicious activity
If you are dealing with a customer or looking at transactions and spot something which raises a red flag in your mind, you should gather as much information as you can and send to your compliance officer.
It is then up to the compliance officer to assess the information and decide if there is a legitimate reason for suspicion or not. If they believe there is suspicion they need to decide if enhanced due diligence (EDD) is required or if a SAR needs to be filed. And if when gathering information for your EDD you still decide the activity or behaviour displayed is suspicious then a SAR should be filed.
All SARs should be filed through GoAML.
When you’re filing a SAR it’s really important to spell out why you’re suspicious and what actions you’ve seen that are suspicious. The more detail you give the easier it will be for the FIU, and may help them connect activity with other suspicious activity reports.
Create your own report as well as the official SAR submitted to GoAML
It’s important to ensure you keep your own suspicious activity reports. Record all actions taken, all your findings and all the information gathered. This should all be stored separately to your clients file to minimise potential breach of confidentiality. All of your notes should be kept whether a SAR is filed or not in case somebody needs to look at the information at a later date. The information may also be required by the FIU if you later start to see unusual suspicious patterns in customer behaviour.
In summary
To be able to create meaningful, accurate SARs, knowing your customer, understanding the risks to your business and having robust ongoing due diligence practices in place is essential. It’s not always easy to identify red flags which may prompt a suspicious activity report but having the essentials in place will certainly help.
If you need some help ensuring you have the right practices in place contact us for expert AML advice from our consultant team.
tic company 
Shane Marsh 
