26 Jul 2017
After the European Commission’s landmark ruling against Google over anti-trust violations, which saw the internet giant fined $2.7 billion, a former senior official at the Central Bank of Ireland posed an interesting question on LinkedIn. If Google’s actions were illegal, he asked, does that mean it is in possession of the proceeds of crime—and therefore, that companies that have done business with Google should file suspicious activity reports (“SARs”)?
The question provoked some erudite legal analyses, but in a sense it’s a moot point. Regulators already know about Google’s behaviour. A SAR would tell them nothing new.
The SARs regime as it currently operates in the UK is barely fit for purpose. This is not a controversial point. The number of SARs filed each year is ballooning: in 2014-15, for example, the National Crime Agency received more than 380,000 SARs, an 8% increase on the previous year. Nor is the problem limited to the UK: in Italy the number of money laundering reports reached 100,000 last year, a nearly 25% rise on the previous year.
The NCA has 7 days to review a SAR and decide if the transaction in question can go ahead. If it chooses to hold the transaction, it has a further 31 days to investigate, and, thanks to the new Criminal Finances Act, can extend this moratorium in 31 day increments to just over six months. But the agency is woefully under-resourced in relation to the volume of reports submitted, and has to operate a stringent triage system, selecting only the most serious (or rather, most apparently serious) cases for investigation. Many questionable transactions go ahead because the NCA does not have sufficient resources to hold and investigate them.
It wouldn’t be fair to blame SAR submitters for this. Financial institutions and other regulated firms face serious consequences if they fail to file a SAR about a transaction that later turns out to involve criminal funds. They are incentivised to file defensively.
The solution lies in thinking about what SARs are actually supposed to do. Holding transactions is a one element of their function but—to return to the Google question—primarily, SARs are an intelligence gathering tool for regulatory enforcement. Just as there’s no point filing a SAR about Google’s known misbehaviour, there would be no point filing about dealings with HSBC, or Standard Bank. Both have been convicted for criminal activity and punished with deferred prosecution agreements, so they fit the bill for filing. But a SAR wouldn’t give regulators anything new.
As such, the NCA should issue a checklist of companies with known violations, against which MLROs or other senior compliance staff could check SARs before submitting them. The list would need to be fairly detailed of course, with the specifics of the activity, jurisdictions, and so on, to ensure that intelligence about new criminal behaviour by known offenders isn’t withheld. But in essence, if a company and particular activity were already on the list, there would be no need to file a repetitious SAR. This, as far as I can see, would be a win-win: the inflation in SAR numbers would be checked, and compliance staff would save time they currently spend on pointless filings.
Count reading this article to your CPD minutes, by signing up to our CPD WalletFREE CPD Wallet