Suspicious Activity Reports: Perceptions & Reality in Anti-Money Laundering InvestigationsInterview with Investigator Kevin Sullivan At the heart of the Bank Secrecy Act (BSA) and the core of any good Anti-Money Laundering (AML) program is the Suspicious Activity Report (SAR), which all financial institutions - banks, credit unions, brokers, casinos, insurance companies, etc. - must file when confronting questionable transactions. In this exclusive interview, anti-money laundering investigator Kevin Sullivan discusses:
Also, be sure to check out Sullivan's upcoming webinar: Expert's Guide to Suspicious Activity Reports (SARS): Tips to Avoid Regulatory Pitfalls & Penalties
TOM FIELD: Hi, this is Tom Field, with Information Security Media Group. The topic today is the SARS, or dancing with the SARS as our guest likes to refer to it. And we are talking with Kevin Sullivan, Anti-Money Laundering Investigator. Kevin, thanks so much for joining me today.
KEVIN SULLIVAN: You are very welcome, Tom.
FIELD: Dancing with the SARS you say ... Now, SARS often are perceived by banks as a nuisance and as something that they don't want to dance to, why is that?
SULLIVAN: I believe it all starts with confusion over what constitutes suspicious and exactly how much information is necessary to include in the SAR. Add to that reporting deadlines, and mandatory reviews and internal logs describing why you didn't complete a SAR, and then the frustration reaches it apex with the erroneous perception that the SARS fall into this black hole after they leave your desk.
FIELD: So Kevin, obviously SARS are just a crucial part of any kind of anti-money laundering investigation. What has to be done to correct the perceptions that you've outlined for us?
SULLIVAN: Well, I think the correction process has already begun. Between FinCEN's guidelines on SAR reporting and the new FFIEC manual written guidelines, all these rules are now available and it is less of a guessing game than it used to be. Additionally, law enforcement has reached out to the financial community with programs such as Operation Cornerstone, which provides guidance and feedback to the financial community.
FIELD: Now, you have spent years in anti-money laundering investigations, what do you find is most misunderstood about SARS?
SULLIVAN: I think the concept that drops the drawer of most bankers I talk to is the fact that law enforcement actually does read the SARS. We find them very valuable with providing us with intelligence. Usually we investigate a crime and then try to find the assets, however with SARS we are able to do what we call reverse engineering. That is where we take the situation and now we are finding the money and are looking to discover what crime was committed.
FIELD: You know, it occurs to me, Kevin, we are mid-way through this conversation and we have said SARS, SARS, SARS and haven't stopped once to say we are talking about Suspicious Activity Reports for people that don't know what the acronym stands for.
SULLIVAN: That's right, and if it's international, standards call it the STR, Suspicious Transaction Report.
FIELD: So Kevin, give us a real life example of an effective Suspicious Activity Report or a SAR, to help you in an investigation.
SULLIVAN: I think probably the most well known example of how a SAR has helped was the recent New York Governor Eliott Spitzer case. That investigation began with a SAR. The SAR was completed by a financial institution as a result of some odd money movements. That prompted the bank to conduct due diligence, which resulted in some additional unusual transactions being uncovered. After completing enhanced due diligence, the situation had finally risen to a level of suspicious. The bank completed a SAR and like I mentioned earlier, law enforcement does read them, and the SAR was then turned over into an intelligence lead for law enforcement and from there it is all history.
FIELD: Yeah, from there the governor resigned and the overwhelming reaction I heard afterwards was the system worked.
SULLIVAN: The system worked perfectly. The banks did exactly what they were supposed to do, and they reported it just like they were supposed to report it, and law enforcement read it and picked up on it.
FIELD: Now, Kevin you have been in this business a long time. How many SARS would you say you review in the course of a month?
SULLIVAN: We look, at the New York HIFCA where I'm assigned at, we only look at the BSA SARS and we read over 4,000 BSA SARS each month.
FIELD: Is it safe to say that is a lot of good, bad and ugly?
SULLIVAN: Yeah for the most part; a lot of them, you still have your defensive filings, a lot of them could be tax evasion cases, a lot of them are just easily explained, however of the 4,000 we try to use a filtering process and we narrow it down to maybe a couple hundred that we can do some enhanced due diligence on and then at the end of the month we try to have it down to about maybe 35-40 SARS that we are actually taking active looks at.
FIELD: So you see a lot of these Kevin, I am sure that there are some bad habits that emerge form these. What are some of the worst traits that you currently see in the SARS that you review?
SULLIVAN: I must say that the SARS really have dramatically improved over the last several years. However, if I were to put my finger on it I would say that incomplete narratives are probably the largest common mistake.
For a long time there were just so many conflicting concepts about what to put into the narrative. Some institutions said to keep it light, don't put too much in, don't say too much. Other institutions said put everything in; put every little detail into it. So we would go from one SAR, which had a narrative of two sentences long, to the next SAR being 12 pages long. Of course as the institutions, the regulators and law enforcement each put their two cents in, some better guidelines were eventually crafted and hence the FinCEN Report and the FFIEC Manual.
FIELD: So you are starting to see better standards now?
SULLIVAN: Oh, absolutely, absolutely. Now it's--the banks have it all pretty much together. Now we are seeing, because the insurance industry is new to the game, and the jewelry industry is going to be very new to the game, we are going to go through the same process with them and it will take a while to get them up to speed in composing a quality narrative.
FIELD: Well that's a good point because we tend to think of banking institutions but really we do have to think about jewelry stores and insurance companies and casinos even.
SULLIVAN: Oh absolutely, absolutely. That is just another whole realm that hasn't had attention focused o it and I feel bad for some of these new institutions because they just don't understand this stuff yet. So it is going to be a long process to get them up to speed.
FIELD: Kevin, you have got a webinar upcoming for us where you are going to talk about some of these SARS issues. What are some of the areas that you are going to tackle in this presentation?
SULLIVAN: I have broken down the webinar into a couple of sections. Firstly, the SAR process, the basics of SAR writing, who is monitoring the transactions, the narrative, which is the biggest section, and finally the aftermath or what happens once the SAR leaves your desk.
FIELD: Kevin, one last question for you. You deal with an awful lot of SARS in your business, you've been in the anti-money laundering business for a long time. When it comes to SARS what would you say is the most frequently asked question that you get?
SULLIVAN: "Do you guys read them?" That, hands down by far, do you guys read them, meaning law enforcement. "Do you guys in law enforcement read these things?" Because that is the perception out there, is that nothing ever happens. Well, we read every one of them and we have to have human eyes on it because we can't use software because every institution writes the narrative a little differently, so no software can pick up on it. We have to have human eyes; a human experience and human skills look through it and decide if it is something that we want to proceed with.
And, sometimes we can't call you up and tell you we have a case going on. First of all, we can't share information, and secondly we may be looking at other things and we can't talk to you about it. But sometimes you do get the phone call, I'll give a call to one of the bankers and say I read one of your SARS and I am interested in this case and then we have to get the nurse up thee because he just had a coronary because he cant believe that law enforcement actually called him on it, but we are doing more of that also. You are seeing more and more law enforcement dedicating to looking at the SARS now because we have realized this is just a wealth of possible leads for us.
FIELD: So clearly they are read and as you said, the Spitzer case showed us quite recently that the system does work.
SULLIVAN: Well, absolutely. And I can't guarantee you what goes on in farm country and middle America, but I can certainly guarantee you in New York we read everything that comes out. I can also tell you that all these HIFCA areas, and there are seven HIFCA areas in the country, that is their mandate is to read all of these SARS. So in the big drug areas, which are why HIFCA's were developed, all the SARS are getting read. And there are other agencies, law enforcement, FBI, and other task forces, certainly ICE and the IRS, that are also reading these things all over the country. So if there is one thing that I would like to get across is that we read them and we do care about them and they do provide us with great information.
FIELD: Excellent. Kevin, I appreciate your time and your insight today, and I look forward to your upcoming webinar.
SULLIVAN: You are welcome, Tom.
FIELD: I've been talking with Kevin Sullivan Anti-Money Laundering Investigator about Suspicious Activity Reports. For Information Security Media Group, I'm Tom Field. Thank you very much.