To catch a Money Launderer: The Black Hole of SAR
Back when I was a junior analyst I once stumbled on a case that carried the telltale signs of money laundering activity. To be clear, most real money laundering is subtle and attempts to evade detection by not looking too 'textbook'. This case on the other hand had all the hallmarks, large sums of money moving at high velocity and a transaction pattern that lacked any economic sense.
"I think I caught a big one…"
I remember it like it was yesterday. A series of 35 accounts each taking in funds from a single source that was hard to pinpoint if it was consumer retail or corporate. The accounts contained millions of dollars that just sat dormant for months, nine months to be precise, before suddenly and violently beginning movements circularly between a further 72 accounts and eventually exiting into a single foreign bank account belonging to an unfamiliar corporate entity. I say unfamiliar because the sums of money being moved were so large that you'd expect the recipient to at least have a significant web or media presence.
Like anyone who was even remotely paying attention, I knew something was amiss and at this point, there was a fork in the road - should I, as a non-fincrime analyst, take a 'not my zoo, not my monkeys' stance or take a 'see something, say something' approach. I collected all the information about the accounts, documented the money movements, and filled in a standardized form, known in the business as an Internal Suspicious Activity Report (iSAR) or an Internal Suspicious Transaction Report (iSTR), and forwarded it off to the investigations team of the institution I worked at.
…then, nothing happened
I'll be honest, the naive junior analyst in me expected a scene out of a Jason Bourne film to ensue. Okay, so I'm exaggerating, but I did expect something to get done. I spent the next two weeks checking in on the account and waiting for the outcome of the review. But nothing happened, not to the accounts, not to the report I filed. I only received a single acknowledgment email that it was received. I even sent email chasers and went to the extent of calling other people in the investigations team to figure out what happened to the report.
There is a chance that I just had way too much time on my hands back then but the fincrime junkie in me wanted to get answers. I wanted concrete evidence that our industry took financial crime seriously and that investigators working the cases were at the very least as invested as I was to see action taken. I got none of the above. Instead, I was met with disappointment, inaction, and an impression that the place I worked at wouldn't recognize financial crime if it broke through their living room window and made off with their TV.
…but that isn't necessarily the truth of what actually went down that day.
There are rules to fincrime investigations
It took me several years to find my way professionally to the world of compliance and fincrime investigations, all the while never forgetting that one case and how it made me feel. However, since joining this side of the investigation a few things have become evident:
Investigations are on a need-to-know basis - this is a basic tenet of investigative work. You have to keep the circle of information tight, sharing is restricted to those with a strong business justification, and office gossip is actually a violation of some regulations and most investigators' employment contracts.
Investigations don't always result in an account lockdown - while most of the time it makes sense to freeze suspicious assets, it's not always the case. Sometimes you don't freeze an account you're investigating because there isn't sufficient evidence, sometimes it's because you believe it will alert the suspect of your investigation and result in them disappearing into the aether before you even get started.
Sometimes it's so bad, that you don't even ask questions - there's a concept called 'tipping off' which is related to the first two points. It basically means you're abetting a crime by letting the suspected party know the authorities are on to them. In the movies you would interpret this as a mysterious cloaked figure in the shadows, opening a hidden door behind the cellar that allows the main character to escape. However, in financial services, its definition can be a lot broader which includes tipping off by accident. This sometimes can be as simple as asking a customer why they made a transaction. This is why when the money laundering seems sufficiently sophisticated, sometimes you don't probe at all, just file a report to the authorities and as they say, 'leave it to the pros'.
Things happen behind the scenes
This brings me back to what I now speculate happened. After I filed the report it was most likely reviewed by an investigator and because of the ridiculous amounts (all of which had exited the system by that point), they likely decided that it might be connected to something larger than what happened within our institution alone. The investigators would likely have reached out to law enforcement directly to ask if they were interested in taking a crack at the case. This is usually done by the Anti Money Laundering Officer (AMLO) or the compliance officer in smaller companies. And finally, they would have filed a Suspicious Activity Report (SAR) directly with them.
The SAR is the culmination of the investigation when a financial institution has completed its review and decides that what happened smells like potentially criminal activity. The reports themselves are confidential and while they can be filed by anyone in the organization (you'll find a template on most financial regulators' websites), most often for simplicity's sake the responsibility falls to a fincrime team to do it. As with all confidential documents, just because I spotted it, it didn't mean I had the right to know what the report contained, which explains why my report went into a black hole of information and I never heard about it ever again.
So the moral of the story here is that's how these types of cases are supposed to work. Financial institutions have refined this process over the years and while they don't always get things right, there's a reason things unfold the way they do and if you work in financial services you should trust the process. So when you find yourself at the crossroads of what to do in a similar situation, just remember, 'see something, say something'.