Suspicious activity in banking and financial institutions is widespread. In fact, in less than two decades—between 1999 and 2017—American financial institutions identified more than $2 trillion of suspicious activities. That figure mirrors the entire annual GDP of Italy, the country with the eighth highest GDP in the world.
Furthermore, keep in mind that this figure merely represents the level of suspicious activity filed via a SAR (Suspicious Activity Report)—it is highly likely that plenty more suspicious activity, perhaps as much as $1 trillion worth, occurred during this same period.
Since it’s not an exact science, there is always going to be some level of manual investigation into potentially suspicious transactions needed to determine whether a report must be filed. Here, we’ll dig into this topic to help you understand the nuances around what constitutes a suspicious transaction and what doesn’t, including:
- What Are Suspicious Transactions in Banking?
- What is the Threshold for Reporting Suspicious Transactions?
Let’s dive in with the basics of what actually counts as suspicious activity when it comes to financial transactions.
What Are Suspicious Transactions in Banking?
Suspicious transactions are any event within a financial institution that could be possibly related to fraud, money laundering, terrorist financing, or other illegal activities. Suspicious transactions are flagged to be investigated, but many suspicious transactions are simply false positives.
What Makes a Transaction Suspicious?
One of the problems with filing suspicious activity reports is that there is no universal definition of what constitutes suspicious activity. A given action might be deemed suspicious if it occurs within one account, while the same activity would be considered “normal” if it occurs in another.
For example, it might make sense for a petroleum supplier to receive a $100 million wire transfer from a foreign conglomerate, but if that same action were to appear in the account of a local non-profit, it would raise some red flags.
Finding the “threshold” for what constitutes suspicious activity is far from easy. However, by keeping a few basic principles and protocols in mind, financial institutions of all kinds can make some much-needed changes and improve how they monitor suspicious activity.
Generally speaking, a financial transaction might be deemed suspicious if it is unlike any other activity that has occurred within that account. Of course, an activity being new will not necessarily mean that any malicious actions have occurred.
For example, an individual making a sizeable down payment on their first home is an activity that is unusual but not malicious. The processes involved in identifying suspicious activity are far from cut and dry. However, it is still a good idea to flag—and potentially follow up on—any action that seems far from the norm.
Regulations Around Suspicious Transactions
As FinCEN—the Financial Crimes Enforcement Network—has helped describe, transactions that “serve no business or other legal purpose and for which available facts provide no reasonable explanation” are one of the most common signs of suspicious activity.
This means that, in some cases, financial institutions will need to monitor the size of transactions occurring within their system and monitor the types of transactions taking place and determine where these transactions originated from.
The Bank Secrecy Act (BSA), which was signed into law in 1970, establishes responsibility for financial institutions to keep an eye out for signs of suspicious activities and report them to the corresponding authorities (usually within 30 days). The purpose of the BSA is to combat some of the most common forms of suspicious activity, including money laundering, theft, tax evasion, financial fraud, and more.
However, the BSA, contrary to some other financial regulations, still contains a lot of gray areas. Financial institutions will want to ensure they are compliant and report these sorts of activities within a timely manner (or else face fines and possible legal consequences). But at the same time, they will need to balance their account holders’ fundamental rights to privacy.
Ultimately, no formula will clarify that a given activity must be reported or will never need to be reported. But carefully monitoring for a few common red flags—substantial transactions, transactions from an unclear location, foreign transactions, identity fraud, and others—will help these institutions better balance their seemingly “competing” interests.
9 Financial & Bank Suspicious Activity Examples
As the Federal Deposit Insurance Corporation (FDIC) helps explain, many different types of transactions might trigger the need to file a SAR. These can include, but are by no means limited to, the following transactions:
1. Money Laundering
This process involves taking money generated by an illicit activity and “cleaning” the money by falsely presenting it as if it were earned through a legitimate business. One of the largest money laundering schemes of all time, dubbed the 1MDB scandal, involved the theft of more than $4.5 billion from a Malaysian state fund that was then laundered through Goldman Sachs. Following trial, Goldman Sachs was forced to return most of the funds to Malaysia and pay a $600 million fine.
Money laundering is one of the most costly types of fraud occurring in financial institutions, making Anti-Money Laundering compliance paramount in any fraud management system.
2. Cash Transaction Structuring
This involves splitting or otherwise altering financial transactions to avoid automatic reporting to tax authorities. Usually, structuring is done to avoid being subject to certain taxes or to conceal otherwise an organization’s wealth (which may help them qualify for certain loans, etc.).
3. Check Fraud
A broad term used to describe any deliberate misrepresentation, use or creation of checks, check fraud can include writing fraudulent checks, altering checks, creating bad checks (checks you know will bounce), and more. According to one recent estimate, roughly 2 million bad checks are processed daily through the Automatic Clearing House (ACH) system.
4. Check Kiting
This is a form of check fraud that involves writing a check from an account with insufficient funds and depositing that check into another bank account. Due to “the float”—the time before checks are cashed between banks—this can temporarily give people access to uncovered funds.
5. Wire Transfer Fraud
This is a broad term used to describe any situation in which malicious activity occurs during the course of a wire transfer. Perhaps one of the most well-known wire transfer scams was the “Nigerian Prince” email fraud, which happened in the early 2000s (and still makes a considerable amount of money today).
6. Mortgage and Consumer Loan Fraud
This type of fraud involves consumers deliberately misrepresenting their financial position to secure a loan (usually, a large loan, like a mortgage). Misrepresenting income, overvaluing assets, and underreporting expenses are all types of consumer loan fraud.
7. Misuse of Position (Self-Dealing)
This term describes any instance where a fiduciary—a financial agent acting on behalf of their client—takes action or makes a suggestion that is their own best interest, rather than the client’s. For example, if a fiduciary invests a client’s funds into their account, that would be considered self-dealing.
8. Identity Theft or Fraud
While identity theft is used to describe an instance where someone is pretending to be someone else, identity fraud is used to describe any misrepresentation of a person’s identity. These suspicious activities can result in severe punishments, even if no financial transactions have occurred.
9. Terrorist Financing
While the federal government has laws and regulations banning financial transactions connected to any illegal activity, it is particularly strict about activity that could be linked to terrorism. Since the passage (and subsequent renewal) of the USA PATRIOT Act, regulators have a broad ability to monitor certain accounts for terrorist financing.
These are just a few of the most common types of suspicious activity a financial institution can potentially encounter. Therefore, if there are any indicators that these, among other, suspicious activities have occurred, financial institutions are required by law to file a SAR.
What is the Threshold for Reporting Suspicious Transactions?
There are several different types of suspicion that might, eventually, necessitate the need to file a report.
At first, a financial institution might have a “simple suspicion”—at this point in time, they might have a hunch or believe that suspicious activity might be occurring but do not yet have enough evidence or reason to file a report. Because this stage does not include articulating any reasons for suspicion, this hunch can come from as little as a simple irregular activity within an account.
Eventually, this simple suspicion might grow into reasonable grounds to suspect—this occurs once they have a legitimate reason to suspect illicit activity is occurring. Then, they have some evidence to prove that their suspicion is more than an ordinary “hunch.” This would include some reporting around the irregularities and an explanation for what makes them suspicious, though does not require any proof that the activity is fraudulent or illegal.
At this point, it is unlikely that the accused party could be convicted of any crime within the criminal justice system. Nevertheless, by law, even a tiny red flag or a single piece of tangible evidence should be considered enough to file a suspicious activity report. Keep in mind, only some SARs are followed up on (The Bank Policy Institute reports that as few as 4% are reviewed by law enforcement), and an even smaller fraction ever results in a criminal conviction. Not all red flags are related to the transactions themselves either—non-monetary indicators can be just as fruitful in identifying suspicious activity.
As evidence continues to build—more suspicious transactions occur, there are signs of financial crimes, etc.—a suspicion might eventually become grounds to believe that illicit activity has occurred. By this point, financial institutions have a legal (and perhaps moral) obligation to report this activity to authorities.
Once the threshold is reached and there is no reasonable justifiable reason for the behavior, then a SAR is required for each incident of suspicious activity. SARs must be submitted to FinCEN within 30 calendar days of the suspicious activity occurring. To follow guidelines and avoid fines and penalties, read more about our detailed instructions on how and when to file a Suspicious Activity Report (SAR).
How to Identify Suspicious Activity & Money Laundering
Ultimately, while there is not an explicit cutoff for what constitutes suspicious activity, it is the responsibility of financial institutions to keep an eye out for the early signs that any of the activities listed above have occurred. It's important to incorporate transaction monitoring into your fraud and AML system to effectively combat threats.
Luckily, with technologies like Unit21, monitoring, investigating, and reporting these sorts of activities is easier than ever before. With diligence, a thorough understanding of the law, and a commitment to consistent banking, both large and small financial institutions can develop the SAR protocols they need to remain compliant and help in the fight against financial fraud.
For more information about how Unit21 can help, get in touch today.