04 Mar Cryptocompliance 101: Do Crypto MSBs Need To File SARs?
As you manage your cryptocurrency business, you will encounter unusual transactions, potentially every day. What do you do?
This is a common situation that cryptocurrency financial institutions face every day, and the solution to keep your business in the good graces of regulators is to file a Suspicious Activity Report (SAR) with the Financial Crimes Enforcement Network (FinCEN) so it can investigate.
We’re continuing our series of cryptocompliance 101 posts to help cryptocurrency business owners understand the regulatory landscape, its nuances, and what steps need to be taken to strengthen their compliance.
Today, we’re talking about Suspicious Activity Reports (SARs) – what they are, under what conditions they should be filed and how to file them, and the importance of strong suspicious activity monitoring in a robust compliance program.
What Is A Suspicious Activity Report?
A Suspicious Activity Report is a form that cryptocurrency businesses operating as money services businesses (MSBs) are required to complete and submit under the Bank Secrecy Act (BSA) whenever suspicious transaction activity is observed that involves $2,000 or more.
The purpose of the Suspicious Activity Report is to stop money laundering crimes where money launderers funnel money through a financial institution (including cryptocurrency businesses) to disguise the source of that money.
During 2018, FinCEN received 873,479 Suspicious Activity Reports from MSBs.
Most Suspicious Activity Reports are triggered by behaviors that differ from typical transaction activity, such as:
- Unusually large transaction by a user
- Identical or similar transactions made frequently by a user
- Unusual type of transaction
If your business has a comprehensive cryptocurrency compliance program in place, as is required of all MSBs by law, then your team members can follow the procedures you have in place to monitor and report suspicious activity.
However, it’s important to understand that every business is unique and activities that trigger the filing of a SAR are customized to different companies. The only way to build a strong, compliant SAR policy and procedures to implement the policy for your crypto MSB is to consult with compliance experts.
In addition, keep in mind that suspicious activities could be one-time anomalies or patterns of behavior. Using cryptocurrency compliance tools can help you improve your illegal activity prevention and monitoring processes.
How Do You File A SAR?
Filing a cryptocurrency SAR can be done online through the Bank Secrecy Act e-filing system using FinCEN Form 111. You don’t need to have proof that someone is involved in illegal activity to file a crypto SAR. You simply need to identify unusual and suspicious activity amounting to at least $2,000.
You have 30 days from the date you become aware of suspicious activity to file a SAR. When you file a SAR, you must not tell the account owner that the report will be or has been submitted. Just as it’s a violation of BSA regulations to ignore suspicious behavior, it’s also a violation to notify the suspect when you file a SAR related to them.
Each SAR should include as many details about the activity as possible along with dates and an explanation of why the activity was flagged as suspicious. Include the customer’s name, identification number, phone number, crypto wallet address, physical address, and date of birth. Your goal should be to make it as easy as possible for FinCEN to investigate the matter, so tell the story using as much description as possible.
Why A SAR Policy Is Absolutely Critical In Cryptocurrency
Cryptocurrency compliance is critical to your business, and having a rock-solid SAR policy is an important component of your compliance program.
Think of it this way – your KYC/CDD procedures are your first line of defense against money laundering, and Suspicious Activity Reports are the final step you can take when it appears that illegal activities slipped through all of the barriers that your compliance program puts in place.
You need a SAR policy that provides the right guidance and requirements. This can be tricky, so it’s best to work with compliance experts to develop your SAR policy and implementation procedures.
We recommend that your Suspicious Activity Report Policy includes the following at a minimum:
- Purpose: Why the policy exists
- Summary: What the policy details
- Overview: Top-level description of your SAR filing process
- Process: The specific SAR filing process your BSA Compliance Officer will follow
- Deadline: Timing requirements related to SAR filing
- Confidentiality: Reminding everyone that SARs must not be disclosed
- Records: Retention requirements (at least five years for SARs)
- Reporting: Required internal reporting
- Criteria: Documenting conditions that prompt a SAR filing
Bottom line, your SAR policy is an important component of your AML compliance program based on the regulations of the BSA, so it’s critical that all of your team members understand it and follow it.
FinCEN has prioritized reducing money laundering and illegal activities related to cryptocurrency in recent years, so you need to be prepared. Failing to adhere to compliance regulations is punishable through civil and criminal fines and jail time.
For example, in 2015, Ripple Labs and its subsidiary, SRP II, were fined $700,000 for failing to create and use an AML compliance program. In 2018, the CEO of Bitcoins Inc. was arrested on criminal charges related to violating AML laws.
The risk of non-compliance gets worse.
In 2017, FinCEN assessed a nearly $110 million penalty against Canton Business Corporation (BTC-e) and a $12 million penalty against Alexander Vinnik who controlled BTC-e operations and accounting, and it issued a criminal indictment that included 21 counts related to a lack of cryptocurrency compliance processes, failure to file Suspicious Activity Reports, and failure to maintain appropriate records.
SAR filing is critical to crypto MSBs and their ability to do business in compliance with federal regulations. If your SAR reporting is inadequate (or worse, if you’re not filing SARs at all), then you need to start taking it seriously and get a policy and procedures in place as soon as possible.
Key Takeaways For SAR Reports
FinCEN is watching cryptocurrency MSBs, so reduce your risk of being examined and getting into legal and financial trouble by ensuring your cryptocompliance is complete, current, and comprehensive.
Monitoring and reporting of suspicious activities is a requirement for money services businesses. It really is that simple. As Title 31, Part 1022, Subpart B of the U.S. Code of Federal Regulations says, money services businesses must, “Provide education and/or training of appropriate personnel concerning their responsibilities under the program, including training in the detection of suspicious transactions.”
In other words, it’s not enough to simply create a SAR policy and file it away. You need to train your team to follow it, test and update it periodically, and your BSA Compliance Officer needs to be responsible for holding everyone accountable.
To make sure you create an effective SAR policy and procedures that will satisfy regulatory requirements, our experienced cryptocurrency compliance experts are standing by. Contact us today with any questions: