Is Your SAR Committee Really a Best Practice?

Guest Editorial by Becki LaPorte, Founder and CEO, Exodus Partners Group

Let me begin by saying that regulations are silent when it comes to SAR (Suspicious Activity Report) committees. There is neither a requirement to have one nor a prohibition against it. Credit unions choose to have one for a variety of reasons. Primarily, there seems to be a notion that deciding to file SARs by committee will mitigate the credit union's risk and help better manage members. But is that true, or is having a SAR committee actually increasing your risk instead of mitigating it?

What is a SAR committee?

Although the structure varies among credit unions, SAR committees typically comprise members of leadership, including the Chief Risk Officer, Chief Compliance Officer, and AML Compliance Officer. Some include leadership from non-compliance functions such as the Chief Operations Officer, Chief Lending Officer, and Chief Executive Officer. These individuals meet either on a regular cadence or as-needed basis to determine whether filing a SAR is warranted. Some committees function like any other meeting—with an agenda and minutes—while others may be more informal in nature.

What are some advantages?

Credit unions that use SAR committees will tout the advantages. Decisions are made with a more holistic view of the member. Different departments can weigh in on a member's activity and potentially alleviate the suspicion. A broad view of a member's risk can be shared throughout the organization. The team can make a collective decision to maintain the member relationship with enhanced due diligence, or collectively agree to expel the member due to activity that lies outside the credit union's risk model.

The challenge with all these identified advantages is that the credit union might be losing sight of the actual purpose of a SAR. A SAR does not exist to manage financial institution risk. Its purpose is to provide intelligence to law enforcement. Period. The threshold isn't proof of criminal activity—it's suspicion. It has nothing to do with an institution's risk tolerance.

What are some disadvantages?

SARs are highly confidential. Each person who becomes aware of a SAR's existence raises the risk of tipping. Even without tipping, employees who have a relationship with a member whose activity may have alerted as suspicious could inadvertently train that member to alter their activity to avoid future suspicion. If the activity is, in fact, criminal in nature, that employee could be charged with aiding and abetting. Although SAR committees often consist of individuals with a high level of trust within an organization, they are human and do make mistakes. What happens if they tell someone they trust about a particular member, who may in turn tell someone they trust? Perhaps the credit union member is a family member or friend, and they choose to tell them. It happens.

Another sticky situation arises when a SAR needs to be filed on a friend or family member of someone on the SAR committee, or perhaps on an employee who directly reports to a committee member. Many members of leadership will say this is one of the primary reasons they need to know about SAR filings. Again, they are losing sight of the SAR's purpose. It is not to mitigate risk within the credit union but to provide intelligence to law enforcement. If a conversation needs to be had about an employee's financial activity, that should occur separate and apart from any discussion about SAR filing.

Oftentimes, leadership wants a say in SAR filing due to the nature of the member's relationship with the credit union. They don't want a SAR filed, as it may negatively impact the relationship. That should never be a reason not to file a SAR. First and foremost, the member should never know a SAR was filed. Secondly, law enforcement does not act on every SAR. Many are simply suspicious transactions that don't warrant further investigation. If the activity related to the SAR results in law enforcement intervention, there is likely good reason and evidence beyond what was reported in the SAR. Keep in mind that many criminals will intentionally create good relationships with leaders at financial institutions so that they are notified when questionable activity is raised.

Additional eyes on SAR filing decisions increase the credit union's risk. At the end of the day, it is the responsibility of the person registered with FinCEN as the AML Compliance Officer to manage the credit union's AML program.

Is your SAR committee really a best practice?

The answer will vary from one credit union to another. Look at the makeup of your committee. Do you have individuals with direct customer relationships on your committee? If so, why? Ask yourself why you have a committee instead of leaving SAR filing decisions to your AML Compliance Officer or another appropriate member of compliance leadership. Do you have ways of escalating members who now pose a high risk due to a SAR filing to the proper members of leadership to institute enhanced due diligence or possibly expel the member? Doing so is a best practice, and it's always best to do that without revealing the existence of a SAR when possible.

Ask yourself—is your SAR committee really mitigating your risk?

Becki LaPorte is the Founder and CEO of Exodus Partners Group, LLC a boutique consulting firm supporting the financial services industry in the areas of financial crime investigation, education and prevention. She also serves as the Principal, AML Strategy and Innovation for FinScan an Innovative Systems Solution (www.innovativesystems.com). She provides insight and expertise into product marketing strategy and supports innovation in AML, sanctions screening and AI-driven compliance.