If you see something, say something. You've seen the phrase thousands of times. Commuters know what to look for: Unattended bags, or garbage cans with suspicious packages. Perhaps you've even called in to report seeing something unusual.
Imagine fielding two million such calls every year. That's precisely what the Treasury Department's Financial Crimes Enforcement Network has to sort through, and critics say the system hurts as much as it helps.
Virtually every crime and terrorist activity have a financial component. Drug dealers have to get paid; International con-men have to get their money out of the country. Even the 9/11 hijackers had to move money around the U.S. banking system for months before their attack. So banks and other financial institutions also have a see something, say something policy, but theirs is far more rigorous.
Source: U.S. Treasury Department
What Is a Suspicious Activity Report?
Back in 1970, Congress put banks on the front lines of crime fighting with the Bank Secrecy Act. Then in 1992, with the passage of the Anti-Money Laundering Act, banks were essentially deputized. The law created a procedure known to banks as the SAR—Suspicious Activity Report. Any time banks see unusual transactions conducted by account holders, they are legally bound to flag the activity by filing a SAR with the Treasury Department through its Financial Crimes Enforcement Network, FinCEN. Unlike commuters, however, banks that fail to say something after they see something can be subject to big fines.
Requirements for filing a SAR a fairly broad. Somewhere in your travels, you've probably heard that transactions over more than $10,000 are reported to federal authorities. That's true, but those don't generate SARs. Those reports are known as CTRs, or currency transaction reports. The bar for filing a SAR is actually lower. It's any suspicious transaction over $5,000, or a transaction that involves illegal activity, or "is not the sort in which the particular customer would normally be expected to engage."
Initially designed to stop organized crime, SARs became far more important after the 9/11 attacks, when banks were seen as a crucial front line in the fight against international terrorism. The USA Patriot Act expanded the ranks of firms required to file SARs. And FinCEN stepped up enforcement efforts, with $100 million-plus fines now relatively common.
It makes sense, incentivizing banks that see something to say something—and it works.
FinCEN's Website lists dozens of cases where SARs led to arrests and prosecutions. It also lists a mountain ofenforcement actions against financial institutions that failed to do a good enough job looking for bad guys.
Catching The Bad Guys
Few things get the attention of financial institutions as well as regulatory fines, and they've had this predictable impact: "defensive SARs." Financial institutions send mountains of CYA SARs to FinCEN now, just to avoid any future trouble with regulators.
"I can't remember the last time I tried to catch a bad guy; I spend all my time filing reports with regulators," complained one anti-money launder executive recently, according to Greg Baer, President of The Clearing House Association, an industry trade group. "That defensive approach greatly increases the ratio of noise to signal."
The number of SARs filed has increased nearly 5-fold since 9/11, as banks now work to stay in the good graces of FinCEN. In 2013, 1.2 million SARs were filed. Last year, the total nearly reached 2 million, creating a mountain of paperwork that critics say makes that data nearly useless as a crime-fighting tool. The largest banks file roughly one SAR per minute, according to The Clearing House. Also adding to the volume of SARs—the USA Patriot Act forced securities broker/dealers to file SARs, and the 2006 Bank Secrecy Act update extended responsibility to insurance companies.
Is There a Better Way?
To use the industry standard metaphor, a well-intentioned effort to choke off crimes at the financial level is better at creating large haystacks than finding needles.
"Our current… system is broken," Baer said in testimony before a House Financial Services Subcommittee earlier this year. "It is extraordinarily inefficient and outdated and driven by perverse incentives. Fundamental change is required to make that system an effective law enforcement and national security tool, and reduce the collateral damage it is doing to global development, financial inclusion, and other U.S. policy interests."
And the definition of SAR continues to expand. Just last year, the Treasury Department added cyber-attacks to the list, warning banks they had to file SARs if they endured a distributed denial of service attack or ransomware attack, even if there were no losses.
So a coalition of groups led by the Clearing House issued a report in February calling for a complete overhaul of the SARs system.
"Now we tell banks to file a (report) on everything that might be criminal," said Gary Shiffman, CEO of compliance software maker Giant Oak, said to Reuters in reaction to the report. "But when everything is a priority, nothing ends up being a priority."
Financial institutions have a large financial incentive to ask for reform. In addition to the risk of large fine banks and other firms pay their employees a lot of money to make those large haystacks. Each SAR requires an investigation and painstaking details provided along with every case. The Heritage Foundation claims compliance costs banks up to $8 billion annually.
The burden of banks-as-crime-fighters goes beyond those 2 million suspicious activity reports. Kevin Sullivan used to sort through SARs as a money laundering investigator for the New York State Police. Now he runs training sessions for banks through his AML (Anti-Money Laundering) Academy. He says for every event that triggers suspicion at a bank and leads to a SAR, there's another 20 or so that are investigated and dropped, or "cleared."
"I can tell you they hire a lot of people to clear alerts," he said. "The average 'hit' rate is 2 to 8%," he said. That means banks are dealing with about 40 million "hits" every year that require investigation. A hit can be generated by something as simple as an account holder's trip to Cuba, or as automated as an account holder with a name similar to someone who's just been arrested, or as human as a teller who notes that an all-cash deposit reeks of marijuana.
"There's a lot of non-productive activity," Sullivan said, "I can't tell you that all SARs are effective."
That doesn't mean SARs are a waste, however.
"Contrary to popular belief, we don't make paper airplanes out of them," Sullivan joked in a recent post.
"In New York, I can tell you we read every one of them," he said during an interview.
Often, the value of a SAR doesn't become evident for months, for even longer. SARs form a large transaction database that can be searched in perpetuity for criminal patterns. If an arrest is made, investigators can pull a string through millions of reports and find the relevant needles—when they know what to look for. So Sullivan is wary of any changes banks propose that would reduce the number of SAR filings.
"It's that one needle you are looking for," he said. "You don't want to be the banker that lets the next Bin Laden through."
Baer says the call for reform isn't about money. It's about the waste of time.
"In talking to senior executives at banks large and small, I have never heard a single one complain about how much money they spend. Rather, they complain about how much of that money is wasted. And that waste derives from a series of perverse incentives embedded in an archaic system," Baer wrote recently.
Who Should Be Responsible?
If banks have their way, the SAR system changed or scrapped altogether, and much of the burden of policing transactions would be shifted back to the Treasury Department and law enforcement agencies. In its report, "A New Paradigm: Redesigning the U.S. AMA/CFT Framework," the Clearing House argued that when FinCEN was created, it make sense to deputize banks. Not anymore.
"The nation had over 10,000 banks, and those banks were more alike than different. Given the choice between supervising 10,000 banks or none, it logically chose none," the report says. Today, about half of SARs filed by depository institutions are filed by four banks. So centralizing investigative efforts makes more sense now, the report argues. It also calls for the creation of an advisory group that includes the FBI, Homeland Security, and banking regulators, which would tell banks which kind of crimes to prioritize.
Not everyone agrees. Heather Lowe, Director of Government Affairs at watchdog group Global Financial Integrity, cautioned against taking too much responsibility away from financial institutions.
"Banks are best placed to understand their business and their systems and the money laundering risks inherent therein, and create the systems that work best in their business models to combat money laundering," Lowe told Congress earlier this year. She also cautioned against Congress lending too much credence to banks' complaint about the increased volume of SARs filings and increased fines.
"Money laundering and sanctions violation cases over the past few years relate to willful, knowing, and egregious violations of U.S. laws and regulations that have resulted in U.S. and foreign banks granting access to hundreds of millions of dollars in funds supporting genocide and funds supporting major, violent South American drug cartels into our system, to name a few examples," she said. "I would… remind Members of Congress that the regulatory "burden" has not actually been increasing, the threat of being found out is what has actually increased.
Some of the industry's requests are hard to bicker with, however. Due in part to the secrecy surrounding SAR filings, information flow has generally gone one way—from banks to law enforcement. The Clearing House report calls for increased two-way communication, in part so bank investigators know if their SARs are doing any good. More important, such feedback loops would also facilitate the use of Big Data and artificial intelligence to help catch criminals.
Bank investigators, many who are former military and law enforcement officials, are anxious to improve their fraud-fighting efforts, Baer says, "Their goal is not to save banks money or embarrassment. Their goal is to do what is best for our country," he said. "The banks we represent—and more particularly the tens of thousands of individuals at those banks doing this work…are desperate to innovate and investigate. They want to catch the bad guys too."