The phrase “if you see something, say something” isn’t just about packages left on the subway. Banks around the world have a similar duty. The first line of defense against money laundering and other financial crimes often boils down to the thousands of bank employees flagging transactions that somehow don’t look right or sending them to the government for investigation. In the U.S., those referrals are called suspicious activity reports, or SARs. They are in the news again after a group of media organizations published a series of stories based on leaked SARs, which flagged more than $2 trillion in suspicious transactions between 1999 and 2017 at banks including Deutsche Bank AG and HSBC Holdings Plc. Unlike some other kinds of financial monitoring, SARs often inhabit a world of gray areas rather than definitive proof.

1. What’s a SAR?

Banks and other financial institutions have been required to file suspicious activity reports to the U.S. Treasury since 1992. They’re meant to alert the authorities to potential money laundering, the financing of terrorists, sanction violations or political corruption. And no, this is not the same as the rule requiring banks to report large cash transactions that’s found its way into innumerable crime dramas. That’s a currency transaction report, or CTR.

2. What’s the difference?

Currency transaction reports have clear-cut dollar-value thresholds, most notably any transaction between individuals over $10,000. SARs have much more subjective guidelines. For instance, former New York Governor Eliot Spitzer knew enough about CTRs that when he transferred money to a prostitution ring he made sure that none exceeded $10,000. But because he made a series of transfers to the same business within a short time, the activity was flagged by anti-money laundering staff at the banks involved and led to a SAR being filed.

3. Who decides what’s suspicious?

Although the process varies by firm, it typically starts with alerts generated automatically by computers based on certain pre-defined criteria. Then actual people go through those one by one -- some big banks have outsourced this function to lower-paid clerks in India or other emerging markets -- and eliminate most of them. A subset of more suspicious transactions is forwarded to another group within the bank, which analyzes them again and narrows down the pile before filing SARs with the Treasury. Some of the most egregious transactions are also investigated further internally to see whether some clients should be dropped for being too much of a financial crime risk. These teams usually act autonomously within firms, filing the SARs they deem necessary without seeking approval from upper management.

4. What happens then?

The Treasury’s Financial Crimes Enforcement Network, known as FinCEN, acts like a giant clearinghouse where all the SARs initially land, are looked at and then, if deemed noteworthy, forwarded to the relevant law enforcement authority such as the Federal Bureau of Investigation or the local police department in the corresponding region. Banks complain that they usually don’t get any feedback on whether the SARs they filed helped in catching bad guys. Authorities ask banks about only 4% of the reports filed, according to a 2018 survey of the nation’s biggest banks. There’s no data on what percentage of SARs end up in arrests or convictions. A former Treasury official was arrested in 2018 and charged with leaking SARs to the media. She pleaded guilty in January to conspiring to give the sensitive financial information to reporters.

5. How often are SARs filed?

For the first two decades after the system was created, SARs filings averaged about 100,000 a year. In 2013, that number jumped to over a million after the Justice Department and bank regulators fined HSBC $1.9 billion for failing to do enough to monitor money laundering in its global operations. A flurry of other high-profile prosecutions of big banks followed, resulting in $20 billion in fines related to money laundering and sanctions violations. U.S. bank regulators also tightened supervision of efforts to police money transfers. All those steps have led to a surge of SARs filings in the U.S., reaching more than 3 million last year from banks, according to FinCen data.

6. How much does that cost?

A lot. Following its fine, HSBC quintupled the number of employees fighting financial crime, to 5,000, Other large global banks doubled staff levels and now on average employ 2,000 in such divisions. The 14 largest banks now spend $2.6 billion a year in the fight, the 2018 survey found.

7. Is this only done in the U.S.?

Some form of suspicious activity reporting is required from financial institutions in all major economies. Europol, the European Union’s central agency for fighting crime, has set up a computer network to facilitate exchange of information between the bloc’s financial intelligence units. About a million STRs (suspicious transaction reports) are filed in EU member states annually. The EU is currently debating whether it should have a central banking regulator tasked with supervising its lenders’ financial crime efforts, after recent high-profile money laundering revelations exposed the lack of coordination within the bloc. The same issue dogs China’s efforts to fight money laundering, as its version of SARs are sent to 38 different authorities, fragmenting analysis and dissemination.

8. Which banks are in the spotlight?

In the new investigation by the International Consortium of Investigative Journalists, based on documents obtained by BuzzFeed News, the five banks that appeared most in the leaked SARs were Deutsche Bank, JPMorgan, HSBC, Standard Chartered and Bank of New York Mellon. Among the allegations are that Deutsche Bank Chairman Paul Achleitner was warned about serious compliance failures that exposed the bank to money launderers. A Deutsche Bank spokesman said the bank had no record that Achleitner had been involved in discussions with another bank in which it raised concerns about Deutsche Bank’s compliance standards. The spokesman said the bank has devoted significant resources to strengthening its controls and that SARs are “alerts of potential issues, not proven facts.” Last year, Treasury Secretary Steve Mnuchin told Congress that he would have FinCEN look into whether Deutsche Bank has the right policies on filing SARs after the New York Times reported that the bank had declined to flag transactions involving President Donald Trump’s businesses.

For more articles like this, please visit us at bloomberg.com

©2020 Bloomberg L.P.