When a suspicious transaction takes place, the right people need to know. A Suspicious Activity Report (SAR) is the tool financial institutions use to report potential suspicious activity to the authorities.
But do you know when to fill out a SAR? Or why SARs are even relevant to cryptocurrency?
The truth is that filling out a SAR is an important compliance step that keeps your business in the clear with the law. Fortunately, you can easily model your SAR filing policies on the rules used in commercial banks.
Every cryptocurrency business needs to use these models to create their own SAR policy that explains the details of when and how a SAR should be filed.
However, the way commercial banks handle SAR filing is quite different from how a crypto ATM should do it, which causes understandable confusion among crypto entrepreneurs.
This article is part of our series of cryptocompliance 101 posts to help cryptocurrency business owners understand the regulatory landscape, its nuances, and what steps need to be taken to strengthen their compliance.
We’re here to help. While this article will give a general overview of the process, it’s vital to get everything exactly right. Feel free to reach out to us if you have further questions at the end of this post.
What Is A SAR?
A Suspicious Activity Report (SAR) is filled when you get an alert of suspicious activity. These alerts can come from your in-house software, a third-party anti-money laundering (AML) software vendor, or manual screening.
The next step is that the alert is reviewed by your BSA Compliance Officer who will ultimately decide whether a SAR filing is needed. This can be a subjective decision, but ultimately the compliance officer needs to consider the reason for the alert and look carefully at SAR filing requirements.
FinCEN allows for the electronic filing of SARs, but they should also be tracked internally so that you can keep an eye on follow-ups and look for repeated suspicious activity from the same customers.
A SAR is strictly confidential – for obvious reasons, the existence of a SAR cannot be revealed unless FinCEN authorizes it.
A SAR is a vital part of AML compliance and is critical to law enforcement. This is not an area where a crypto company can afford to get lazy, and FinCEN takes cryptocurrency compliance very seriously.
When Do You File A SAR?
When do you know a SAR should be filed? The first clue, of course, is the existence of some kind of suspicious activity.
For a cryptocurrency business, this could be:
- A high volume of transactions in a short time
- An unusually large transaction
- A customer attempting to subvert KYC requirements
- You know or suspect that the funds were derived from illegal activities
Anything you notice that raises a red flag should be passed to the BSA Compliance Officer. They will look at the situation and decide if a SAR should be filed.
A SAR filing must take place within 30 days of when the activity was noticed, or within 60 days if there is no clear suspect. It’s important to remember that a SAR is not a legal accusation of wrongdoing. It’s simply a note to law enforcement; the beginning of a paper trail that allows authorities to investigate if necessary.
If another red flag comes up on the same account, you’ll file a Continued Activity SAR to notify FinCEN. Afterward, you’ll need to check by for additional suspicious activity at least every 90 days.
Now that you know when to file a SAR, it’s time for the next step – what on earth do you include?
What Should A Crypto SAR Include?
When you create a SAR, it doesn’t have to be complex. You can create a memo that you fill out when your company detects suspicious activity.
You’ll need the date of the filing and a statement that your company detected suspicious activity. Assign a case number and give the full details of the suspect customer account.
From there, simply describe the suspicious activity you saw and how the customer responded to your attempts to ask for clarification. It’s important to create a “narrative” and “tell a story” in a SAR and include all of the necessary details, like wallet address, date, time, and amount. Leaving out critical information can make a SAR all but useless to law enforcement.
In a final summary section, reiterate the reason that the activity was suspicious and the date that you filed the SAR.
How Do You File Crypto SARs?
Creating a memo is simple enough, but then what do you do with it?
You’ll want to keep the original on file within your company records and track its existence in a spreadsheet or database. This allows you to follow up in 90 days to see if further suspicious activity has happened.
You’ll also file the SAR electronically with FinCEN, using FinCEN Form 111. They will decide if they want to take further action once they receive the notice.
SARs Are Part Of A Robust Crypto AML Compliance Program
As a cryptocurrency business, you’re the first line of defense against money laundering and fraudulent activity. Yes, you’ll see a lot of unusual activity on a daily basis, and not all of it is criminal. But some of it may be, and the fines for non-compliance can be very high.
What kinds of fines are we talking about?
In 2019, FinCEN took action against Eric Powers, a bitcoin trader, for failure to comply with the Bank Secrecy Act. This was a pretty big story, and the first enforcement action FinCEN has taken against a peer-to-peer exchange in the industry. The action included a $35,000 fine and Powers was effectively banned for life from the industry.
The penalties involved for failure to implement and enforce a competent AML program are listed on the FinCEN website.
You don’t want your firm on the wrong end of a major fine. Not only does it affect your bottom line, but it also impacts your reputation in the industry.
Most crypto businesses need help in setting up an appropriate compliance program. That’s normal – and that’s what we do. Work with compliance experts to develop your SAR filing and other processes.
Key Takeaways For Crypto Businesses
As a cryptocurrency business, you can’t afford to be slack when it comes to monitoring and reporting potentially suspicious activity. Unfortunately, the crypto industry is in the crosshairs of financial criminals trying to take advantage of new technology and a relatively lax regulatory environment.
By keeping an eye on unusual activity and filing a SAR within 30 days of noticing it, you can not only keep your company in the good graces of FinCEN, but you can also make a difference. Taking a stand against illegal activity helps legitimize the cryptocurrency industry and creates a better environment for your business to grow.
If you’re ready to develop stronger protocols, reach out for a free consultation today.