Bank Secrecy Act (BSA) compliance starts with well-trained, attentive front-line staff—the first line of defense against illegal activities such as money laundering and terrorist funding.
Every credit union must have a program that monitors and reports suspicious activity. When the system works well, you’ll quickly and accurately convey your observations about suspicious activity to the credit union’s designated BSA compliance officer.
One of this official’s responsibilities is deciding whether to file a Suspicious Activity Report (SAR).
The process can vary extensively depending on the size and complexity of your credit union’s operations. Understanding your policies and procedures is a good starting point.
BSA regulations require financial institutions to file SARs when they discover suspicious activities that meet certain criteria.
Keep in mind that your credit union’s policies and procedures might demand more stringent reporting than do the regulations. Also, you can file nonmandatory SARs for activity that falls short of regulatory thresholds if the suspicious activity has no apparent business or lawful purpose.
You must file a SAR within 30 days after detecting any of these four types of transactions:
• Might involve potential money laundering or other illegal activity (e.g., terrorism financing).
• Is designed to evade the BSA or its implementing regulations.
• Has no business or apparent lawful purpose.
You also must understand the distinction between a SAR and a Currency Transaction Report (CTR).
Your credit union must file a CTR for any cash transaction exceeding $10,000. This includes multiple cash transactions that total more than $10,000 during any one business day when you suspect one person conducted or orchestrated the transactions.
It’s important to identify the member making any transaction. BSA requires credit unions to include these methods as part of its Customer Identification Program (CIP).
When dealing with a new member in particular, follow your credit union’s CIP policies and procedures to determine the identity of the person visiting your branch or opening an account digitally. At a minimum, a new member must present his or her name, address, Social Security number, and date of birth.
Your credit union must have a “reasonable” belief in the identity of the individual opening the account. Typically, you’d verify the member’s identity using a nonexpired, government-issued document bearing a photo, or similar safeguard.
Internal member identification policies should include a process for handling membership requests when the person can’t provide the identifying documents your CIP policy requires. This might include referring the person’s application to your designated BSA compliance officer.
Again, credit unions’ member identification processes vary, so it’s vital to understand proper procedures.
Identifying the member and monitoring for suspicious activity make up the first of four steps to an adequate and successful BSA compliance process.
From there, senior staff typically complete the next three steps—research, decision making, and reporting.
Don't base a decision on whether to file a SAR on a “gut feeling.” Knowing the requirements for reporting suspicious activity, and your credit union’s internal policies and process for notifying superiors, should provide a blueprint for compliance.
ZAC POLLOCK is a compliance consultant with PolicyWorks. The services provided by PolicyWorks shouldn’t be construed as legal services, legal advice, or in any way establishing an attorney-client relationship.