As you manage your cryptocurrency business, you will encounter suspicious or unusual transactions. What do you do?
This is a common situation that cryptocurrency financial institutions face every day, and the solution to keep your business in compliance and in the good graces of regulators is to file a Suspicious Activity Report (SAR) with the Financial Crimes Enforcement Network (FinCEN).
We’re continuing our series of cryptocompliance 101 posts to help cryptocurrency business owners understand the regulatory landscape, its nuances, and what steps need to be taken to strengthen their compliance.
Today, we’re talking about SARs — what they are, under what conditions they should be filed and how to file them, and the importance of strong suspicious activity monitoring as part of a robust AML compliance program.
What Is A Suspicious Activity Report?
A Suspicious Activity Report is a form that cryptocurrency businesses operating as money services businesses (MSBs) are required to complete and submit to FinCEN whenever suspicious and/or unusual activity involving $2,000 or more is identified.
The purpose of the Suspicious Activity Report is to stop money laundering crimes where money launderers funnel money through a financial institution (including cryptocurrency businesses) to disguise the source of that money.
During 2019, the last year with available data, FinCEN received 852,925 Suspicious Activity Reports from MSBs:
Most Suspicious Activity Reports are triggered by behaviors that differ from typical transaction activity, such as:
- Unusually large transaction by a user
- Identical or similar transactions made frequently by a user
- An unusual type of transaction
If your business has a comprehensive cryptocurrency compliance program in place, as is required of all MSBs by law, then your team members can follow the procedures you have in place to monitor and report suspicious activity.
However, it’s important to understand that every business is unique and activities that trigger the filing of a SAR are customized to different companies. The only way to build a strong, compliant SAR policy and procedures to implement the policy for your crypto MSB is to consult with compliance experts.
In addition, keep in mind that suspicious activities could be one-time anomalies or patterns of behavior. Using cryptocurrency compliance tools can help you improve your illegal activity prevention and monitoring processes.
How Do You File A SAR?
Filing a cryptocurrency SAR takes place online through the Bank Secrecy Act e-filing system using FinCEN SAR Form 111.
You have 30 days from the date you become aware of suspicious activity to file a SAR. When you file a SAR, you must not tell the account owner that the report will be or has been submitted.
Just as it’s a violation of BSA regulations to ignore suspicious behavior, it’s also a violation to notify the suspect when you file a SAR related to them.
Remember, you don’t need to have proof that someone is involved in illegal activity to file a crypto SAR. You simply need to identify unusual and/or suspicious activity amounting to $2,000 or more.
Each SAR should include as many details about the activity as possible, along with dates and an explanation of why the activity was flagged as suspicious. Include the customer’s name, identification number, phone number, crypto wallet address (we hear this is a big one for FinCEN), physical address, date of birth, and any other information you have on file for the customer.
In the narrative section, your goal should be to make it as easy as possible for FinCEN to investigate the matter.
It’s often recommended that the narrative section “tell a story” and use as much descriptive detail as possible. As you read over your narrative, be sure to ask yourself if we’ve answered as much of the who, what, where, when, why, and how, as possible. As well, make sure the reader can easily follow your narrative. No insider jargon or acronyms.
As an additional protip, we also find it helpful to include an “About Us” section in the narrative for the benefit of the reader. Not only does this add context, but it may assist a member of law enforcement who might not be as familiar with crypto and your financial products and services.
Why A SAR Policy Is Absolutely Critical In Cryptocurrency
Compliance is critical to your business, and having a rock-solid SAR policy is an important component of your AML program.
You need a SAR policy that provides the right guidance and requirements. This can be tricky, so it’s best to work with compliance experts to develop your SAR policy and implementation procedures.
We recommend that your Suspicious Activity Report Policy includes the following at a minimum:
- Purpose: Why the policy exists
- Summary: What the policy details
- Overview: Top-level description of your SAR filing process
- Process: The specific SAR filing process your BSA Compliance Officer will follow
- Deadline: Timing requirements related to SAR filing
- Confidentiality: Reminding everyone that SARs must not be disclosed
- Records: Retention requirements (at least five years for SARs)
- Reporting: Required internal reporting
- Criteria: Documenting conditions that prompt a SAR filing
Bottom line, your SAR policy is an important component of your AML compliance program based on the regulations of the BSA, so it’s critical that all of your team members understand it and follow it.
FinCEN has prioritized reducing money laundering and illegal activities related to cryptocurrency in recent years, so you need to be prepared. Failing to adhere to compliance regulations is punishable by civil and criminal fines, including possible jail time.
For example, in 2015, Ripple Labs and its subsidiary, SRP II, were fined $700,000 for failing to create and use an AML compliance program. In 2018, the CEO of Bitcoins Inc. was arrested on criminal charges related to violating AML laws.
The risk of non-compliance gets worse.
In 2017, FinCEN assessed a nearly $110 million penalty against Canton Business Corporation (BTC-e) and a $12 million penalty against Alexander Vinnik who controlled BTC-e operations and accounting, and it issued a criminal indictment that included 21 counts related to a lack of cryptocurrency compliance processes, failure to file Suspicious Activity Reports, and failure to maintain appropriate records.
SAR filing is critical to crypto MSBs and their ability to do business in compliance with federal regulations. If your SAR reporting is inadequate (or worse, if you’re not filing SARs at all), then you need to start taking it seriously and get a policy and procedures in place as soon as possible.
Key Takeaways For SAR Reports
FinCEN is watching cryptocurrency MSBs, so reduce your risk of legal and financial trouble by ensuring your AML program is complete, current, and comprehensive.
Monitoring and reporting of suspicious activities is a requirement for money services businesses. It really is that simple. As Title 31, Part 1022, Subpart B of the U.S. Code of Federal Regulations says, money services businesses must, “Provide education and/or training of appropriate personnel concerning their responsibilities under the program, including training in the detection of suspicious transactions.”
In other words, it’s not enough to simply create a SAR policy and file it away. You need to train your team to follow it, test and update it periodically, and your BSA Compliance Officer needs to be responsible for holding everyone accountable.
To make sure you create an effective SAR policy and procedures that will satisfy regulatory requirements, our experienced cryptocurrency compliance experts are standing by. Contact us today with any questions.