An Investigation into a customer’s account has identified that your customer has been involved in suspicious activity. So what do you do next? Do you exit the customer immediately, raise a SMR, or do you let the customer do what they are doing? Let’s find out.
Here are four responses you might make after unusual activity is identified
The Challenge of Making a SMR/No SMR Decision:
Firstly, if you believe a suspicious activity is linked to a crime, then you must report this to a Financial Intelligence Unit or a regulatory body in your jurisdiction (in Australia, you report to AUSTRAC, USA-FinCEN, and New Zealand-Police FIU). You also must submit this report within 3 business days if it is a money laundering related suspicion and within 24 hours if the suspicion is related to terrorist financing (AUSTRAC timelines as of writing), which includes situations where you reasonably suspect that a person is committing a crime, is misrepresenting their identity, or might be a victim of a crime.
However, in cases where it is unusual activity and not related to criminal or terrorist financing, filing a SAR is based on a case-by-case basis. While the investigation process varies by case, decisions to file a suspicious matter report (SAR) should always be fact-based. The condition for filing a SAR again differs across jurisdictions and institutions, which means decisions are not uniform. Similar transactions might trigger a SAR in one scenario but be deemed reasonable in another. Institutions must follow their policies and seek regulatory guidance from a Financial Intelligence Unit (FIU) as and when necessary.
When deciding to file a SAR, regulators set specific criteria, but institutions, based on their risk tolerance, ultimately determine if an activity warrants a SAR. Documentation supporting the decision is crucial as it forms the SAR’s core content.
Analysts and investigation teams must investigate customer activity, providing facts that justify the SAR decision. This includes assessing updated CDD of the customer or the Transaction Monitoring Rule description which led to an alert in Banks system amongst other documentation.
Decision-making varies by institution size and type, requiring guidelines to distinguish normal from suspicious behaviour. For example, a student transferring $70,000 to a high-risk country is suspicious, but a business with suppliers there might do so regularly without raising alarms.
Maintaining an Account After Unusual Activity
After filing a SMR, financial institutions must decide whether to keep or close the impacted account, based on their risk tolerance and guidelines. Law enforcement may request the account remain open for further investigation. Post-SMR, it is critical to perform enhanced due diligence (EDD) if the customer is high-risk, reviewing transaction monitoring processes to mitigate additional risks.
Next steps for institutions include regular review and enhanced monitoring of the account, adhering to legal restrictions, and possibly altering the customer relationship. If the account remains open, the institution should monitor for further suspicious activity, perform EDD, and ensure compliance with all legal and reporting requirements. Additional measures may include senior management approval before transactions. Institutions should also be aware of law enforcement restrictions and understand that terminating certain customer relationships, like loans, can be complex. Institutions must maintain lending relationships where required but can prevent customers from opening new accounts, ensuring principal and interest payments are legitimate.
Customer Exit
Institutions may exit customers who fall outside their risk appetite, considering factors on a case-by-case basis. Although regulators provide guidelines, specific processes for managing AML-related decisions vary and regulators also advise Financial Institutions provide enough notice before ending the relationship with a customer.
An account closure strategy should outline types of risks, accounts, or behaviours warranting closure. Before agreeing to closure, steps include giving the customer enough time for closure so they can find an alternative financial institution where possible. After closure, usually with a closure form, acquiring fin-crime teams review, and adding the client to a prohibited list. Other examples to be included in the closure form are Repeat SMRs, negative news, or high-risk transactions without legitimacy often lead to closure recommendations. The closure form, which is reviewed at multiple levels before final approval and execution by the Operations Team within the FI.
These processes vary by institution and jurisdiction, so you should check with your local FIU and relevant regulatory bodies for what is related to your business and for steps to be taken.
Preventing the Customer from Opening a New Account
After multiple SARs, institutions may end the relationship and prevent new account openings, though this doesn’t eliminate the risk entirely. Customers may use alternate identities. Adequate onboarding information, robust monitoring systems, and knowledge of the customer’s related parties help detect and prevent new accounts. Institutions need comprehensive controls and processes to prevent re-entry, using enhanced due diligence and specific transaction monitoring filters to mitigate risk.
Updating the Transaction Monitoring system with this trend for future alerts and reviews
Transaction monitoring systems are most effective when you keep feeding regular information involving the good and bad activities in your business. This will lead to any future alerts of the customer identifiable information provided. Ideally, the customer information should be picked up at the KYC stage, however, in case it gets missed there, the transaction monitoring system should pick it up.