The U.S. Treasury Department’s inspector general’s office said it has opened an investigation into whether confidential banking records, SARs and other BSA information, have been “improperly disseminated” or leaked. All of this is in relation to the swirl of a media storm that has developed, potentially linking a certain political figure’s attorney to hush money paid. It is not often we see something like a SAR mentioned in such a publicized story, so let’s review what we know about the first rule of SARs.
Suspicious Activity Report filing also known as a SAR, must absolutely, with no exceptions, be kept confidential. You do not talk about or disclose a SAR. A member should NEVER know you are reporting their transaction. The fewer employees involved the better. Remember SARs may also uncover insider abuse. The law is very specific about the confidentiality that must be kept surrounding SAR filings.
You are not responsible for enforcing the law, however, it is your responsibility to identify occurrences that do not appear to have a legitimate purpose and other activity that seems suspicious. Suspicious activity is not clearly defined but it is often referred to as any kind of activity that raises the hairs on the back of your neck or gives you a funny feeling in your stomach. Clearly, these are not technical terms, nor very scientific definitions, but they get the point across.
Although some of us have software to detect suspicious activity, it is the frontline staff, or those that work mostly with our members who are the first to recognize situations that just seem strange. That feeling should not be ignored. You should report this information to a supervisor or someone with authority to investigate the situation. Often that funny feeling results in the discovery of insider abuse, credit/debit card fraud, identity theft, check fraud, loan fraud, a computer intrusion, structuring, kiting, elder financial abuse, or illegal marijuana sales. Any kind of transaction that doesn’t have a reasonable business purpose should be considered suspicious. And rest assured that there is a Safe Harbor so that if a SAR is filed in good faith and no illegal activity is discovered, no action can be taken against the credit union.
Unauthorized disclosure is a violation of federal law, and both civil and criminal penalties may be imposed for SAR disclosure violations, including fines of up to $250,000 and up to five years in prison. In addition, financial institutions could be liable for civil money penalties resulting from anti-money laundering program deficiencies (such as internal controls or training, for instance) that led to the SAR disclosure. This latest news is a good reminder of what is really at risk. By having the right training and policies in place, and following the proper processes, you can thwart the threat of this happening at your credit union.
Here is FFIEC’s Suspicious Activity Reporting—Overview