News
AML/CFT Legal Obligations for Accountants: Suspicious Activity Reporting (SAR)
26-Aug-2024
This section provides important information for accountants about the reporting regime that should be available in a country, what must be reported, what the reporting procedures are, and what happens after reporting.
The Financial Action Task Force (FATF) Recommendation 20 stipulates, “If a financial institution suspects or has reasonable grounds to suspect that funds are the proceeds of a criminal activity, or are related to terrorism financing, it should be required, by law, to report promptly its suspicions to the Financial Intelligence Unit (FIU).”
FATF Recommendation 23 requires accountants to report suspicious transactions set out in R.20. R23 stipulates that “Lawyers, notaries, other independent legal professionals, and accountants should be required to report suspicious transactions when, on behalf of or for a client, they engage in a financial transaction in relation to the activities described in paragraph (d) of Recommendation 22. Countries are strongly encouraged to extend the reporting requirement to the rest of the professional activities of accountants, including auditing.”
Accountants are required to report suspicious activities, as well as specific suspicious transactions, and so may make reports on a number of scenarios including suspicious business structures or management profiles which have no legitimate economic rationale and suspicious transactions, such as the misappropriation of funds, false invoicing or company purchase of goods unrelated to the company's business. As specified under Interpretive Note to R 23 (INR.23), where accountants seek to dissuade a client from engaging in illegal activity, this does not amount to tipping-off.
However, it should be noted that a RBA is appropriate for the purpose of identifying a suspicious activity or transaction, by directing additional resources at those areas that have been identified as higher risk. The designated competent authorities or Self-Regulatory Bodies (SRBs) may provide information to accountants, which can inform their approach to identifying suspicious activity or transactions, as part of an RBA. Accountants should also periodically assess the adequacy of their system for identifying and reporting suspicious activity or transactions.
Accountants should review CDD if they have a suspicion of ML/TF.
1. The Reporting Regime
Arab governments should make sure that their AML/CFT Regulations include accountants as reporting entities and as such, are expected to file external reports with the FIU. Also should make sure that an internal reporting procedure that enables employees to report their knowledge or suspicions of ML/TF is in place. A Money Laundering Reporting Officer (MLRO) must be appointed to receive these reports.
It is an offense for someone who knows or suspects that ML/TF has occurred (or has reasonable grounds to do so) not to report their concerns to their MLRO (or, in exceptional circumstances, directly to the related FIU).
The MLRO has a duty to consider all such internal Suspicious Transaction Reports (STRs) and, if the MLRO also suspects ML/TF, then an external report must be filed to the related FIU.
While there is no definitive guidance on what constitutes ‘suspicion’ with regard to ML, what one is looking for is an indication that funds or assets that are the subject of a transaction came into the customer’s hands as a result of illegal activity. In the case of TF, one is looking for an indication that the transaction is connected in some way with a terrorist, a terrorist group, or an act (planned or past) of terrorism.
A suspicious transaction is one that raises questions or gives rise to discomfort, apprehension, or mistrust – even without sufficient evidence. Note that the term ‘transaction’ includes completed, proposed, or attempted transactions.
Suspicion is not mere idle wondering, a vague feeling of unease, or a lack of understanding whether due to insufficient knowledge, ignorance, naivety, or ineffective due diligence on the part of the employee or reporting institution.
Accountants are in a position to discover ML/TF because of their expertise and involvement in the execution and facilitation of a wide range of accountancy services.
2. What Must be Reported and When?
A reporting institution shall file suspicious transaction reports and cash transaction reports, as required, to the related FIU. Suspicious Transaction Reports (STR) apply where suspicious activity is identified whilst cash transaction reports (CTR) apply to all cash transactions that exceed USD$10,000, or any equivalent amount in local currencies, whether suspicious or not. All reporting institutions must also submit an Annual Compliance Report (ACR).
Suspicious Transaction Reports - STRs must be filed immediately and within seven days of the date of the transaction or occurrence of the activity that is considered suspicious. Sufficient information such as the nature of and reason for the suspicion must be disclosed. Where additional supporting documentation is available, these should be provided. The STRs shall be in the form prescribed by the related FIU and the FRC will acknowledge receipt of the report.
Cash Transaction Reports - CTRs must be filed on all cash transactions equivalent to or exceeding US$10,000 or its equivalent in any other currency, whether or not the transaction appears to be suspicious. CTRs must be made electronically, in the week in which the transaction occurred. The FIU will acknowledge receipt of the report.
Annual Compliance Report, the AML/CFT Acts and Regulations should require reporting institutions to submit to the FIU a report indicating the institutions' level of compliance with MLA/CFT Acts, Regulations, and the institution’s internal anti-money laundering rules. The report should be submitted by January 31 of the following year unless the date is changed in writing by the FIU.
3. Internal Reporting
Accountants in employment when reporting suspicious transactions should follow procedures developed by their respective employers; and if no such procedures exist, they should advise their employers to put in place reporting procedures and appoint an MLRO for reporting suspicious transactions and any other money laundering activities.
Firms should put in place internal reporting procedures. Such internal procedures should clearly set out what is expected of individuals who discover suspicions or obtain knowledge of possible money laundering. The MLRO is responsible for making decisions on whether the information contained in the suspicious transactions needs to be relayed to the FIU.
It is recommended under this guideline that all details of internal reports of suspicious activity be held by the MLRO and excluded from client files. Exclusion of information from client files assists in avoiding inappropriate disclosure of information and protects against the risk of tipping off. Client files should retain only information relevant to and required for the professional work being undertaken.
4. When Accountants Should Do SAR/STR Directly to the Regulator?
When accountants cannot complete CDD because the client refuses to provide the information or when they discover that the customers’ data is fictitious or incomplete, they:-
(A) Should not establish or continue the business relationship with the customer or carry out the transaction for the customer.
(B) Should strongly consider filing an STR with the relevant FIU or AML unit in relation to the customer, especially if the customer refuses to provide information, backs out of the process halfway through, or provides fictitious information.
5. Onward Reports by the MLRO to the NCA
It is the MLRO’s responsibility to decide whether the information reported internally needs to be reported to the NCA. MLROs should approach external reporting with caution. When deciding what to do they should consider the following questions:
Do I know or suspect (or have reasonable grounds for either) that someone is engaged in MLTF?
Do I think that someone involved in the activity or in possession of the proceeds of that activity, knew or suspected that it was criminal?
From the contents of the internal SAR, can I identify the suspect or the whereabouts of any laundered property?
Is an application for consent required?
Do I believe, or is it reasonable for me to believe, that the contents of the internal SAR will, or may, help identify the suspect or the whereabouts of any laundered property?
Can I provide the information essential to an external SAR without disclosing information acquired in privileged circumstances? The privilege reporting exemption is limited to relevant professional advisers and is available only to members of professional bodies.
Further guidance on the privilege reporting exemption should be found in each country’s related legislation.
The MLRO may want to make reasonable inquiries of other relevant employees and systems within the business. These may confirm the suspicion, but they may also eliminate it, enabling the matter to be closed without the need for a SAR.
There is no prescribed format for an external SAR to the NCA. Various submission methods are available. The NCA SAR Online System is the NCA’s preferred submission mechanism. It is available through the NCA website and allows businesses to make SARs in a secure online environment. The NCA accepts hard copies of SARs, but will not provide a reference number in response to these.
6. What Information should be Included in an External SAR?
The following should be regarded as essential information: -
Name of reporter;
Date of report;
The name of the suspect or information that may help identify them. This may simply be details of the victim if their identity is known. As many details as possible should be provided to assist with the identification of the suspect;
Details of who else is involved, associated, and how;
The facts regarding what is suspected and why. The ‘why’ should be explained clearly so that it can be understood without professional or specialist knowledge;
The whereabouts of any criminal property or information that may help locate it, such as details of the victim;
The actions that the business is taking which require consent
It is also recommended that reporters:
do not include confidential information not required by the related laws and regulations;
show the name of the business, individual, or MLRO submitting the report only once, in the source ID field and nowhere else;
do not include the names of the relevant employees who made the internal SARs to the MLRO;
include other parties as ‘subjects’ only when the information is necessary for an understanding of the external SAR or to meet required disclosure standards; and
highlight clearly any particular concerns the reporter might have about safety (whether physical, reputational, or other). This information should be included in the ‘reasons for suspicion/disclosure’ field.
7. Confidentiality
A correctly made external SAR provides full immunity from action for any form of breach of confidentiality, whether it arises out of professional ethical requirements or a legal duty created by contract (e.g., a non-disclosure agreement).
There will be no such immunity if the external SAR is not based on knowledge or suspicion, or if it is intended to be ‘defensive’ i.e., for the purposes of regulatory compliance rather than because of a genuine suspicion.
8. Documenting Reporting Decisions
In order to control legal risks, it is important that adequate records of internal SARs are kept. This is usually done by the MLRO and would normally include details of: -
all internal SARs made;
how the MLRO handled matters, including any requests for further information;
assessments of the information provided, along with any subsequent decisions about whether or not to await developments or seek extra information;
the rationale for deciding whether or not to make an external SAR;
Any advice given to engagement teams about continued working and any consent requests made. These records can be simple or sophisticated, depending on the size of the business and the volume of reporting, but they always need to contain broadly the same information and be supported by the relevant working papers. They are important because they may be needed later if the MLRO or some other person is required to justify and defend their actions.
For the MLRO’s efficiency and ease of reference, a reporting index may be kept and each internal SAR given a unique reference number.
Reporting and the Privileged Circumstances Exemption
AML/CFT should also contain a privileged circumstances reporting exemption. Members of relevant professional bodies (which are referred to as ‘relevant professional advisers’) who know about or suspect MLTF (or have reasonable grounds for either) are not required to submit a SAR if the information came to them in privileged circumstances (i.e. during the provision of legal advice and acting in respect of litigation). In these circumstances, and as long as the information was not provided with the intention of advancing a crime, then the information must not be reported. The privileged reporting exemption only covers SARs and should not be confused with legal professional privilege, which also extends to other documentation and advice.