suspicious activity reporting system (sars) and...

SUSPICIOUS ACTIVITY REPORTING SYSTEM (SARS) AND IDENTITY THEFT

Peoples Home Equity, Inc.December 2013

What is SARs?

� A “suspicious activity report” or SAR is a report made by a financial institution to the Financial Crimes Enforcement Network (FinCEN), an agency of the US Dept. of the Treasury.� The goal of SAR filings is to help the federal

government identify individuals, groups or organizations involved in fraud, terrorist financing, money laundering, and other crimes.

� PHE employees involved in the origination, underwriting, and closing/funding processes are required to file a SARs upon discovery of suspicious activity.

Filing a SARs

� FinCEN requires a SAR to be filed when we notice a suspicious incident or suspected violations of law subject to the Bank Secrecy Act (BSA).

� Each SAR must be filed within 30days of the initial determination of suspicious activity.

� PHE must maintain our SARs filings for a period of 5years from the date of the filing.

Confidentiality of SARs filing

� You are prohibited from discussing your SARs filing with anyone. It is required to be only between yourself and our SARs Administrator, Brian Dutton.� Unauthorized disclosure of a SAR filing is a

federal criminal offense.

� PHE and its employees face civil & criminal penalties for failing to properly file SARs; including a large combination of fines, regulatory restrictions, cease & desist order, or imprisonment.

SARs filing options

� 5 sections to complete containing info about the individual/organization of the suspicious activity in question.

� Part 1 – PHE’s name, address, tax ID#, location of the activity, and any account numbers involved in the activity.

� Part 2 – Any name, address, SSN or tax ID’s, birth date, drivers license#, passport#, occupation and phone#’s of all parties involved with the activity.

SARs filing options

� Part 3 – the Date range of the activity, total dollar amount and a list of any law enforcement agency that has been contacted while investigating the activity.

� Part 4 – contains the contact information of PHE’s SAR Administrator; Brian Dutton, 5205 Maryland Way, Suite 100, Brentwood, TN 37027.

PH: 865-934-1414 or [email protected].

� Part 5 – a written description of the activity.

Who conducts fraud?

� 1st place = Employees

� 2nd place = Customer

� 3rd place = Broker or Brokering Agent

� 4th place = An Officer of the institution

� 8th place = Appraiser

� 10th place = Attorney

What is mortgage loan fraud?

� Mortgage loan fraud is when someone engages in submitting misrepresentations of customer income, employment, credit, occupancy and other requirements; submission of improper gift letters; unduly influencing appraisers to increase values; misrepresenting equity and other information to the underwriting team. Loan Officers were often identified as employees in these activities.

What is mortgage loan fraud?

� Some accountants/customers committed fraud by providing false financial or occupancy information with their loan application.

� Altered or falsified CPA Letters – where either the CPA, the customer, or someone else altered the document.

� Fraud by accountants or CPAs include loan modification, debt elimination or short sale fraud schemes in cases of pending foreclosure.

� Fraud tax letters stating the customer had self-employment income and owned their own business. Fraudulent tax returns were prepared with the knowledge that they were not intended to be filed with the IRS.

Types of activity to report SARs

� Elder financial exploitation – perpetrated by a relative or caregiver against elderly victims. Coercing or cajoling the victim into gaining access to financial accounts and/or power of attorney over the victims accounts. Abuse involves forgery, check fraud, suspicious documents or ID presented, wire fraud, embezzlement/theft, and mail fraud. Often involves the sweetheart scam as described below.

� Sweetheart scam – involves the fraudster feigning romantic intentions toward a victim, gaining their trust and affection to where the financial accounts and/or identity security are at risk. Most victims are unwilling to charge fraud against the perpetrator or others on the perpetrator’s behalf.


� Insider abuse – involving relatives or friends of current or former employees, or third-party vendors who commit documentation fraud to improve the creditworthiness of a borrower. Examples: Accountant, Appraiser, Attorney, Borrower, Broker, Real Estate Agent, etc.

� Occupancy fraud – some borrowers commit mortgage loan fraud by providing false occupancy information with their loan application. Better rates/LTV limits are available for owner-occ vs. investment properties.


� Identity fraud – in one instance a cash-out 2nd lien was applied for by a married couple. When the closing occurred the husband was wrapped head to mid-waist (including hands) in gauze. The closing agent could not verify his identity, only seeing his eyes, and became suspicious. She excused herself to make copies of the ID’s presented, taking the loan file with her, and called the husband’s work to discover he was still at work and had no knowledge of the loan being applied for. The police were notified and it was discovered the wife and her ‘boyfriend’ were using the 2nd lien funds to take a trip to the tropics.


� Assets fraud – in one instance a VOD was received and appeared to have been altered. The current balance amount seemed to have changed to a larger amount by inserting a “1” between the $ sign and the actual amount. When the bank was contacted to verify the amount they listed on the VOD form, they confirmed the amount was different from what they submitted to the Broker. It was changed so the customer could qualify for their loan requiring 6mos PITI.


� Assets fraud – in another instance on a Purchase loan the customer was using $50,000 down payment from the sale of their home. The HUD-1 from that sale showed the funds were sufficient, however, the customer only deposited $25,000 into their bank account and placed the remaining $25,000 cash into their safe at home. When sourcing the funds they provided a photo of the cash in their safe for the $25k, along with a bank statement for the remaining $25k deposited amount. Because PHE cannot confirm where the cash amount came from, even though it seems likely that it was from the sale proceeds, it becomes a suspicious incident for filing a SAR. FinCEN representatives said PHE should file a SAR.


� Identity fraud – in one instance a customer meets face-to-face with a loan officer to pre-qualify themselves for a mortgage loan. The loan officer pulls a credit report that returns an unacceptable result due to SSN validation. The customer then pulls out another SSN card and says to use a different SSN to order credit under his same name. Because a customer cannot have different or multiple SSNs this is a classic case of ID theft and the LO is required to file a SARs.


� Identity fraud – in one another instance a 2year previous customer came back to PHE for repeat business. The LO copied the previous loan and signed up the customer without re-verifying any possible changed information; the customer signed how they were prepared. During the UW process it was discovered the ID had a different last name for the customer and had been recently been issued within the last 6mos. Investigations showed the customer had divorced within the year and had changed back to her maiden name. When the new re-apped package was signed it was further discovered that the customer signature was “entirely” different than those on the recent package. No similarities between the 2 signatures at all. When questioned, the customer stated that when she changed her name she also changed her signature. Although the explanation sounded reasonable, PHE still could not verify the correct identity and filed a SARs.


� Seller fraud – in one instance the HUD-1 from a Purchase transaction reflected 2 mortgage loan payoffs on the seller side. There was only 1 mortgage listed on the title commitment for $800,000. The payoff amount for the 2nd payoff was for an even dollar amount, $300,000. The title agency refused to insure over an un-recorded 2nd lien, and further discovered the disbursement agent was in on the seller scheme and split the $300k between 5 other fraudsters (including herself) when disbursement verification was requested. A SARs was filed by Closing/Funding.

The 5 W’s to the SAR narrative

� WHO: is conducting the suspicious activity?

� WHAT: instruments or mechanisms are being used to identify the suspicious activity?

� WHEN: did the suspicious activity take place?

� WHERE: did the suspicious activity take place?

� WHY: does the SARs filer think the activity is suspicious?

The HOW to the SAR narrative

� HOW: did the suspicious activity occur?

� This is an important feature of a SAR narrative.

� The narrative section of the SAR should describe the method of operation of the conducted suspicious activity. In a concise, accurate, and logical manner, the SARs filer should provide a description of how the suspect transaction or pattern of transactions were committed.

� Avoid long ramblings. But the narrative should offer a full picture of the suspicious activity.

Triggering Events

� FinCEN has made it clear that certain triggering events constitute the appearance of mortgage loan fraud. Perpetrators seem to invent new scams all the time.

� Some salient schemes are listed next.

� Some Documentation Red Flags are listed.

� Red Flags do not only pertain to the document process but also extend to the way a customer or loan officer behaves.

Salient Schemes

� Occupancy Fraud

� Income Fraud

� Appraisal Fraud

� Employment Fraud

� Liability Fraud

� Debt Elimination

� Foreclosure Rescue

� SSN / ID Theft

� HECM Fraud – reverse mortgage fraud to acquire taking title to a home.

Document Red Flags

� Customer submits invalid documents to cancel mortgage obligations or to payoff loan balances.

� Some notary public prepares, signs, and sends packages of nearly identical debt elimination documents for multiple customers with outstanding mortgage balances.

� Some notary public works with and/or receives payments from unusually large numbers of customers.

Document Red Flags

� Falsification of certified checks, cashier’s checks drawn against customer’s account, rather than from the account of a financial institution.

� Customer applies for a “primary residence” loan but does not reside in the new residence as indicated on the loan application; instead it is being used as a 2nd home or investment property.

� Customer of a younger age purchases a “primary residence” in a senior citizen residential development.

Document Red Flags

� Low appraisal values, non-arm’s length relationships between short sale buyers and sellers, or previous fraudulent sale attempts in short-sale transactions.

� Agent of the buyer and/or seller in mortgage transaction is unlicensed.

� Customer reluctance to provide more information and/or unfulfilled promises to provide it.

� Apparent resubmission of a rejected loan application with key applicant details changed or modified.

Document Red Flags

� Request from 3rd party affiliates on behalf of distressed homeowners to pay fees in advance of the homeowner receiving mortgage counseling, foreclosure avoidance, a loan modification, or other related services.

� 3rd party solicitation of distressed homeowners for purported mortgage counseling services may claim to be associated with legitimate mortgage lenders, the US government, or a US government program.

Applicant Red Flags

� Appears nervous for no good reason.� Avoids eye contact.� Asks about reporting rules.� Asks that rules be “bent.”� Questionable source of funds.� “Forgot” drivers license claim, lost due to drunk

driving, or had wallet/purse stolen.� Drivers license is outdated or picture is smudged

beyond recognition.� Comes in just before closing and asks for ‘paper work’

to be skipped.� Is impatient and tries to hurry.

Applicant Red Flags

� Offers a cash bonus (aka ‘bribe’) for skipping required information.

� Pretends to be sick or very tired and just ‘wants to get the application over with.’

� Provides incomplete or suspicious information.� Behaves abnormal or irregular.� Claims the application is for a friend and does not have the

required information.� Lists funds that are inconsistent with the customers

financial or economic situation.� Causes suspicion of attempting a straw buyer transaction.� Elicits suspicion of structuring.� Provides apparent fraudulent documentation.

Loan Officer Red Flags

� Almost never takes a vacation.

� Does not want supervisory personnel to see or be aware of transactions with an applicant.

� Behavior changes to secretive with certain applicants.

� Whispers with certain applicants.

� Asks certain applicants to come back later when nobody is in the office.

� Acts guilty. (Whatever that means!)

� Lives beyond means.

Q3 2013 Fraud Hot Spots

� The 10 highest overall mortgage fraud risks areas in the United States:� 1 Fayetteville-Springdale-Rogers, AR-MO� 2 San Francisco-Oakland-Fremont, CA� 3 Los Angeles-Long Beach-Santa Ana, CA� 4 San Diego-Carlsbad-San Marcos, CA� 5 Modesto, CA� 6 Miami-Ft Lauderdale-Pompano Beach, FL� 7 San Jose-Sunnyvale-Santa Clara, CA� 8 Bakersfield, CA� 9 San Luis Obispo-Paso Robles, CA� 10 Tulsa, OK

Q3 2013 Fraud Hot Spots

� The 10 highest ZIP code fraud risks areas in the United States:� 1 Hercules, CA 94547, 362 incidents � 2 Rogers, AR 72756, 358 incidents � 3 La Jolla, CA 92037, 357 incidents � 4 San Jose, CA 95111, 348 incidents � 5 San Diego, CA 92127, 343 incidents � 6 Downey, CA 90240, 336 incidents � 7 Harbor City, CA 90710, 330 incidents � 8 Alhambra, CA 91801, 317 incidents � 9 Joliet, IL 60435, 317 incidents� 10 San Mateo, CA 94403, 307 incidents

Q3 2013 Mortgage Fraud Types

� The chart below shows the changes in overall risk from Q2 2013 to Q3 2013. Large increases were discovered in Identity / Occupancy, while a large decrease is seen in Employment / Income fraud risks.

Identity Theft Prevention

� The moment you give your personal information to another entity – a bank, the DMV, or even a medical provider – you give up control over that information and how it might be used.

� We can’t control what happens when we willingly share our information with a company or with friends.� Short of hiding in a closet and using cash only for purchases,

every person is at risk of identity theft.

ID Theft signs

� There are several things people do everyday that makes it easier for thieves to steal their identities:

� Giving personal info to those who call or email you

� Post personal info on social media sites

� Carry your SSN card in your wallet

� Access the internet over public/insecure Wi-Fi networks

� Throw away mail, checks or financial docs intact

� Leave outgoing mail in your mailbox

� Let online retailers save your credit card number

What is ID Theft used for?

� Financial fraud� Includes bank fraud, credit card fraud, social program

fraud, tax refund fraud, mail fraud, etc.� Typically used to fund a criminal enterprise� Financial fraud is investigated by the U.S. Secret

Service

� Criminal activities� Taking someone’s identity in order to commit a crime,

enter a country, get special permits, hide one’s own identity, or commit an act of terrorism

� Can include: computer/cyber crimes, organized crime, drug trafficking, alien smuggling, and money laundering

ID Theft victims get their life back

� ID Theft Victim To Do List; take your life back in 7 steps (website: http://www.idhijack.com)

� 1) contact the credit bureaus; ask that they issue a fraud alert and attach a statement to your credit report, get copies from the 3 credit bureaus (TransUnion, Equifax, and Experian)

� 2) review your credit reports thoroughly; look for accounts you didn’t apply for or open, inquiries you didn’t initiate, or defaults and delinquencies you didn’t cause

� 3) file a report with your local police or in the community where the ID theft took place; keep a copy of the police report

ID Theft victims get their life back

� 4) fill out an ID theft victim’s complaint and affidavit form; available from the FTC at www.ftc.gov/idtheft

� 5) close any accounts that have been accessed fraudulently; contact all creditors, including banks, credit card companies, and other service providers where your accounts have been compromised

� 6) stop payment on checks; if a thief stole checks or opened bank accounts in your name, contact a major check verification company to report the fraud activity

� 7) contact the local postal inspector; if you believe someone has changed your address through the post office or has committed mail fraud, ask the postmaster to forward all mail in your name to your own address

Other ways to protect your ID

� Monitor your credit annually

� Request fraud alerts from the 3 credit bureaus

� Opt out of junk mail / internal marketing lists

� Use a P.O. Box

� Small box costs around $5 range

� Freeze your credit

� Freezing/unfreezing costs around $10 range

Hacked/Phished ID Theft

� To Do List when computer is hacked or phished

� Change all passwords

� Run anti-spyware and anti-virus

� Clear out private info in your browsers

� Clear out sensitive data from Temp folder

� Close online accounts

Contacting 3 credit bureaus

� EquifaxCredit Information Services - Consumer Fraud Div.P.O. Box 105496Atlanta, Georgia 30348-5496Tel: (800) 997-2493www.equifax.com

� ExperianP.O. Box 2104Allen, Texas 75013-2104Tel: (888) EXPERIAN (397-3742)www.experian.com

� TransUnionFraud Victim Assistance Dept.P.O. Box 390Springfield, PA 19064-0390Tel: (800) 680-7289www.transunion.com

Prosecuting ID Theft

� Reporting to the FTC

� Consumer Response CenterFederal Trade Commission600 Pennsylvania Ave, NWWashington, DC 20580 Toll-free 877-FTC-HELP (382-4357)On the Web: www.ftc.gov/ftc/complaint.htmFor consumer information: www.ftc.gov/ftc/consumer.htm

What will PHE do?

� If a customers personal information becomes compromised at PHE, we will enroll each customer into monitoring services for a period of 24-months to help track changes to their identity, credit, and/or account information.

� Staff training and reporting� PHE employees are trained to detect and

respond to Red Flags.

� Report any incident of ID theft to the Compliance Committee at 615-872-0220 x603 or [email protected]

1 Check box below only if correcting a prior report.Corrects Prior Report (see instruction #3 under “How to Make a Report”)

d

31 Is the relationship an insider relationship? a Yes b No

Closed? Yes No

Yes Noab

1SuspiciousActivity Report

March 2011Previous editions will not be accepted after September 30, 2011

ALWAYS COMPLETE ENTIRE REPORT(see instructions)

FRB: FR 2230 OMB No. 7100-0212FDIC: 6710/06 OMB No. 3064-0077OCC: 8010-9,8010-1 OMB No. 1557-0180OTS: 1601 OMB No. 1550-0003NCUA: 2362 OMB No. 3133-0094TREASURY: TD F 90-22.47 OMB No. 1506-0001

Part I Reporting Financial Institution Information2 Name of Financial Institution

4 Address of Financial Institution

6 City

11 State 12 Zip Code10 City

9 Address of Branch Of fice(s) where activity occurred Multiple Branches (include information in narrative, Part V)

14 Account number(s) af fected, if any

Part II Suspect Information15 Last Name or Name of Entity 16 First Name 17 Middle

18 Address 19 SSN, EIN or TIN

7 State 8 Zip Code

20 City 21 State 22 Zip Code 23 Country (Enter 2 digit code)

27 Date of Birth

24 Phone Number - Residence (include area code)

( )25 Phone Number - Work (include area code)

( )26 Occup ation/Type of Business

29 Forms of Identification for Suspect:

a Driver ’s License/State ID b Passport c Alien Registration d Othe r ______________

Number __________________________ Issuing Authority ______________________

c Still employed at financial institution e Terminated

d Suspended f Resigned

32 Date of Suspension, Termination, Resignation

c

Suspect Information Unavailable

Closed? Yes No

Yes No

3 EIN

5 Primary Federal Regulator

a Federal Reserve d OCC

b FDIC e OTS

c NCUA

If Yes specify:

13 If institution closed, date closed

28 Admission/Confession?

a Yes b No

30 Relationship to Financial Institution:

a Accountant d Attorney g Customer j Officer

b Agent e Borrower h Director k Shareholder

c Appraiser f Broker i Employee l Other ________________________________

IRS Cat. No. 22285L

_____/ _____/ ______MM DD YYYY

_____/ _____/ ______MM DD YYYY

_____/ _____/ ______MM DD YYYY

03-01-11

37 Dollar amount of recovery (if applicable)

.00

( )

34 Total dollar amount involved in known or suspicious activity $ .00

40 Has any law enforcement agency already been advised by telephone, written communication, or otherwise?a DEA d Postal Inspection g Other Federalb FBI e Secret Service h Statec IRS f U.S. Customs i Local

j Agency Name (for g, h or i)

2Part III Suspicious Activity Information33 Date or date range of suspicious activity

36 Amount of loss prior to recovery

.00

38 Has the suspicious activity had a material impact on, or otherwise affected, the financial soundness of the institution?

a Yes b No

51 Agency (if not filed by financial institution)

Part IV Contact for Assistance45 Last Name 46 First Name

50 Date Prepared48 Title/Occupation 49 Phone Number (include area code) ( )

47 Middle

(type of activity)

,,,

,,$ ,,$

41 Name of person(s) contacted at Law Enforcement Agency 42 Phone Number (include area code)

44 Phone Number (include area code)

( )43 Name of person(s) contacted at Law Enforcement Agency

39 Has the institution’s bonding company been notified? a Yes b No

a Bank Secrecy Act/Structuring/Money Laundering

b Bribery/Gratuity c Check Fraud d Check Kiting e Commercial Loan Fraud

s Other

f Computer Intrusion g Consumer Loan Fraud h Counterfeit Check i Counterfeit Credit/Debit Card j Counterfeit Instrument (other) k Credit Card Fraud

l Debit Card Fraud m Defalcation/Embezzlement n False Statement o Misuse of Position or Self Dealing p Mortgage Loan Fraud q Mysterious Disappearance r Wire Transfer Fraud t Terrorist Financing u Identity Theft

35 Summary characterization of suspicious activity:

_____/ _____/ ______MM DD YYYY

From: To: ____/ ___/ ______MM DD YYYY

____/ ___/ ______MM DD YYYY

3Part V *Suspicious Activity Information Explanation/DescriptionExplanation/description of known or suspected violationof law or suspicious activity.

This section of the report is critical. The care with which it iswritten may make the difference in whether or not the describedconduct and its possible criminal nature are clearly understood.Provide below a chronological and complete account of thepossible violation of law , including what is unusual, irregular orsuspicious about the transaction, using the following checklist asyou prepare your account. If necessary, continue thenarrative on a duplicate of this page.

a Describe supporting documentation and retain for 5 years.b Explain who benefited, financially or otherwise, from the

transaction, how much, and how.c Retain any confession, admission, or explanation of the

transaction provided by the suspect and indicate towhom and when it was given.

d Retain any confession, admission, or explanation of thetransaction provided by any other person and indicateto whom and when it was given.

e Retain any evidence of cover-up or evidence of an attemptto deceive federal or state examiners or others.

f Indicate where the possible violation took place(e.g., main office, branch, other).

g Indicate whether the possible violation is an isolatedincident or relates to other transactions.

h Indicate whether there is any related litigation; if so,specify.

i Recommend any further investigation that might assist lawenforcement authorities.

j Indicate whether any information has been excluded fromthis report; if so, why?

k If you are correcting a previously filed report, describe thechanges that are being made.

For Bank Secrecy Act/Structuring/Money Laundering report s,include the following additional information:l Indicate whether currency and/or monetary instruments

were involved. If so, provide the amount and/or descrip tionof the instrument (for example, bank draft, letter ofcredit, domestic or international money order , stocks,bonds, traveler’s checks, wire transfers sent or received,cash, etc.).

m Indicate any account number that may be involvedor affected.

Paperwork Reduction Act Notice: The purpose of this form is to provide an e ffective and consistent means for financial institutions to notify appropriate law enforcement agencies of knownor suspected criminal conduct or suspicious activities that take place at or were perpetrated against financial institutions. This report is required by law, pursuant to authority contained inthe following statutes. Board of Governors of the Federal Reserve System: 12 U.S.C. 324, 334, 611a, 1844(b) and (c), 3105(c) (2) and 3106(a). Federal Deposit Insurance Corporation:12 U.S.C. 93a, 1818, 1881-84, 3401-22. Of fice of the Comptroller of the Currency: 12 U.S.C. 93a, 1818, 1881-84, 3401-22. Of fice of Thrift Supervision: 12 U.S.C. 1463 and 1464.National Credit Union Administration: 12 U.S.C. 1766(a), 1786(q). Financial Crimes Enforcement Network: 31 U.S.C. 5318(g). Information collected on this report is confidential (5U.S.C. 552(b)(7) and 552a(k)(2), and 31 U.S.C. 5318(g)). The Federal financial institutions’ regulatory agencies and the U S . . Departments of Justice and Treasury may use and share the information.Public reporting and recordkeeping burden for this information collection is estimated to average 30 minutes per response, and includes time to gather and maintain data in the required report, reviewthe instructions, and complete the information collection. Send comments regarding this burden estimate, including suggestions for reducing the burden, to the Office of Management and Budget,Paperwork Reduction Project, Washington, DC 20503 and, depending on your primary Federal regulatory agency, to Secretary, Board of Governors of the Federal Reserve System, W ashington, DC 20551;or Assistant Executive Secretary, Federal Deposit Insurance Corporation, W ashington, DC 20429; or Legislative and Regulatory Analysis Division, Office of the Comptroller of the Currency, Washington,DC 20219; or Office of Thrift Supervision, Enforcement Office, Washington, DC 20552; or National Credit Union Administration, 1775 Duke S treet, Alexandria, VA 22314; or Office of the Director, FinancialCrimes Enforcement Network, Department of the Treasury, P.O. Box 39, Vienna, VA 22183. The agencies may not conduct or sponsor, and an organization (or a person) is not required to respond to,a collection of information unless it displays a currently valid OMB control number.

Tips on SAR Form prep aration and filing are available in the SAR Activity Review at www .fincen.gov/pub_reports.html

Suspicious Activity ReportInstructions

Safe Harbor Federal law (31 U.S.C. 5318(g)(3)) provides complete protection from civil liability for all reports of suspicious transactions made to appropriate authorities, including supporting documentation, regardless of whether such reports are filed pursuant to this report’s instructions or are filed on a voluntary basis. Specifically, the law provides that a financial institution, and its directors, officers, employees and agents, that make a disclosure of any possible violation of law or regulation, including in connection with the preparation of suspicious activity reports, “shall not be liable to any person under any law or regulation of the United States, any constitution, law, or regulation of any State or political subdivision of any State, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such disclosure or for any failure to provide notice of such disclosure to the person who is the subject of such disclosure or any other person identified in the disclosure”. Notification Prohibited Federal law (31 U.S.C. 5318(g)(2)) requires that a financial institution, and its directors, officers, employees and agents who, voluntarily or by means of a suspicious activity report, report suspected or known criminal violations or suspicious activities may not notify any person involved in the transaction that the transaction has been reported.

In situations involving violations requiring immediate attention, such as when a reportable violation is ongoing, the financial institution shall immediately notify, by telephone, appropriate law enforcement and financial institution supervisory authorities in addition to filing a timely suspicious activity report.

WHEN TO MAKE A REPORT:

1. All financial institutions operating in the United States, including insured banks, savings associations, savingsassociation service corporations, credit unions, bank holding companies, nonbank subsidiaries of bank holdingcompanies, Edge and Agreement corporations, and U.S. branches and agencies of foreign banks, are re-quired to make this report following the discovery of:

a. Insider abuse involving any amount. Whenever the financial institution detects any known or suspectedFederal criminal violation, or pattern of criminal violations, committed or attempted against the financialinstitution or involving a transaction or transactions conducted through the financial institution, where thefinancial institution believes that it was either an actual or potential victim of a criminal violation, or series ofcriminal violations, or that the financial institution was used to facilitate a criminal transaction, and thefinancial institution has a substantial basis for identifying one of its directors, officers, employees, agents orother institution-affiliated parties as having committed or aided in the commission of a criminal act regardlessof the amount involved in the violation.

b. Violations aggregating $5,000 or more where a suspect can be identified. Whenever the financialinstitution detects any known or suspected Federal criminal violation, or pattern of criminal violations, com-mitted or attempted against the financial institution or involving a transaction or transactions conductedthrough the financial institution and involving or aggregating $5,000 or more in funds or other assets, wherethe financial institution believes that it was either an actual or potential victim of a criminal violation, or seriesof criminal violations, or that the financial institution was used to facilitate a criminal transaction, and thefinancial institution has a substantial basis for identifying a possible suspect or group of suspects. If it isdetermined prior to filing this report that the identified suspect or group of suspects has used an “alias,” theninformation regarding the true identity of the suspect or group of suspects, as well as alias identifiers, suchas drivers’ licenses or social security numbers, addresses and telephone numbers, must be reported.

c. Violations aggregating $25,000 or more regardless of a potential suspect. Whenever the financialinstitution detects any known or suspected Federal criminal violation, or pattern of criminal violations, com-mitted or attempted against the financial institution or involving a transaction or transactions conductedthrough the financial institution and involving or aggregating $25,000 or more in funds or other assets, wherethe financial institution believes that it was either an actual or potential victim of a criminal violation, or seriesof criminal violations, or that the financial institution was used to facilitate a criminal transaction, even thoughthere is no substantial basis for identifying a possible suspect or group of suspects.

d. Transactions aggregating $5,000 or more that involve potential money laundering or violations of theBank Secrecy Act. Any transaction (which for purposes of this subsection means a deposit, withdrawal,transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock,bond, certificate of deposit, or other monetary instrument or investment security, or any other payment, transfer,or delivery by, through, or to a financial institution, by whatever means effected) conducted or attempted by, at

or through the financial institution and involving or aggregating $5,000 or more in funds or other assets, if the financialinstitution knows, suspects, or has reason to suspect that:

i. The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature,

source, location, or control of such funds or assets) as part of a plan to violate or evade any law or regulation or to avoid any transaction reporting requirement under Federal law;

ii. The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or

iii. The transaction has no business or apparent lawful purpose or is not the sort in which the particular customerwould normally be expected to engage, and the financial institution knows of no reasonable explanation for thetransaction after examining the available facts, including the background and possible purpose of the transaction.

The Bank Secrecy Act requires all financial institutions to file currency transaction reports (CTRs) in accordance with the Department of the Treasury’s implementing regulations (31 CFR Chapter X). These regulations require a financial institution to file a CTR whenever a currency transaction exceeds $10,000. If a currency transaction exceeds $10,000and is suspicious, the institution must file both a CTR (reporting the currency transaction) and a suspicious activityreport (reporting the suspicious or criminal aspects of the transaction). If a currency transaction equals or is below $10,000 and is suspicious, the institution should only file a suspicious activity report.

2. Computer Intrusion. For purposes of this report, “computer intrusion” is defined as gaining access to a computer system of a financial institution to:

a. Remove, steal, procure, or otherwise affect funds of the institution or the institution’s customers; b. Remove, steal, procure or otherwise affect critical information of the institution including customer account

information; orc. Damage, disable or otherwise affect critical systems of the institution.

For purposes of this reporting requirement, computer intrusion does not mean attempted intrusions of websites or other non-critical information systems of the institution that provide no access to institution or customer financial or other critical information.

3. A financial institution is required to file a suspicious activity report no later than 30 calendar days after the date of initial detection of facts that may constitute a basis for filing a suspicious activity report. If no suspect was identified

on the date of detection of the incident requiring the filing, a financial institution may delay filing a suspicious activity report for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction.

4. This suspicious activity report does not need to be filed for those robberies and burglaries that are reported to local authorities, or (except for savings associations and service corporations) for lost, missing, counterfeit, or stolen securities that are reported pursuant to the requirements of 17 CFR 240.17f-1.

HOW TO MAKE A REPORT:

1. Send each completed suspicious activity report to:

Detroit Computing Center, P.O. Box 33980, Detroit, Ml 48232-0980

2. For items that do not apply or for which information is not available, leave blank. 3. If you are correcting a previously filed report, check the box at the top of the report (line 1). Complete the report in its

entirety and include the corrected information in the applicable boxes. Then describe the changes that are being made in Part V (Description of Suspicious Activity), line k.

4. Do not include any supporting documentation with the suspicious activity report. Identify and retain a copy of the suspicious activity report and all original supporting documentation or business record equivalent for five (5) years from the date of the suspicious activity report. All supporting documentation must be made available to appropriate authorities upon request.

5. If more space is needed to report additional suspects, attach copies of page 1 to provide the additional information. If more space is needed to report additional branch addresses, include this information in the narrative, Part V.

6. Financial institutions are encouraged to provide copies of suspicious activity reports to state and local authorities, where appropriate.

Thank You!

� When filing a SARs it must be filed using the attached fillable PDF form.

� Questions?

� File your SARs with the SAR Administrator, Brian Dutton, 865-934-1414 or [email protected]

� Report any incident of ID theft to the Compliance Committee at 615-872-0220 x603 or [email protected]

suspicious activity reporting system (sars) and...

Documents