Reporting SARs immediately

As is often the case, we need to be aware of the relevant legislation – so that we may better understand the requirements, and why a supervisory authority takes the approach that it does in respect of suspicious activity reports (SARs). It may be worth remembering that most professional body supervisors (PBSs) try to support their members in AML compliance, and so refrain from placing an unnecessary regulatory burden on their members.

The Money Laundering Regulations

The term “suspicious activity report” does not appear in MLR 2017. It mentions “suspicious activity disclosures” a few times, which has the meaning set out in regulation 104(4). A “suspicious activity disclosure” is simply a disclosure made to the National Crime Agency (NCA) under Part 7 of POCA or Part III of the Terrorism Act. It is important to be clear what a suspicious activity disclosure is, because a recent amendment to MLR 2017 gives a supervisory authority the power to require a firm to provide a copy of any suspicious activity disclosure made to the NCA.

A firm must appoint a “Nominated Officer” (often referred to as the Money Laundering Reporting Officer, or “MLRO”). The Nominated Officer is defined as “a person who is nominated to receive disclosures under Part III of the Terrorism Act 2000 or Part 7 of the Proceeds of Crime Act 2002”. Their role is to consider disclosures made to them, in light of any other relevant information available to the firm, and determine whether it gives rise to knowledge or suspicion (or reasonable grounds for knowledge or suspicion) that a person is engaged in money laundering or terrorist financing.

Proceeds of Crime Act 2002

Although we tend to focus on MLR 2017 when we think about AML compliance, we often need to refer to POCA too, because we need to be clear about the various money laundering offences that we are seeking to avoid committing. That includes the failure to detect a possible money laundering offence committed by someone else.

The money laundering offences are set out in Part 7 of POCA. Sections 327 to 329 list the offences of:

• concealing, disguising, converting, acquiring, using or possessing criminal property,
• transferring criminal property from England and Wales, from Scotland or from Northern Ireland, and
• being involved in an arrangement that one knows or suspects facilitates the acquisition, retention, use or control of criminal property.

Each of sections 327 to 329 states that a person does not commit an offence if they make an “authorised disclosure”, seeking a defence against money laundering. (See below.)

Sections 330 and 331 of POCA are particularly important to firms of accountants, as they set out the specific offences of failure to disclose relating to the regulated sector. A principal or relevant employee in an accountancy practice commits an offence if:

• they know, suspect, or have reasonable grounds for knowing or suspecting that a person is involved in money laundering;
• the relevant information came to light in the course of the business; and
• they fail to make the required disclosure.

The “required disclosure” must be to the practice’s Nominated Officer or, if the Nominated Officer is the person required to make the disclosure, direct to the NCA in the form of a SAR. (Very similar provisions in respect of terrorist financing are in Part III of the Terrorism Act.)

As a relevant employee in a firm of accountants, you may be surprised to learn that you have a personal responsibility to disclose reasonable suspicion of money laundering or terrorist financing. However, as a principal in a firm (or the AML Compliance Officer), you should be clear that a relevant employee does not commit the offence of failure to disclose if they failed to suspect money laundering (or terrorist financing) and they have not been provided with relevant training by their employer. Clearly, a breach of paragraph 24 of MLR 2017 (the requirement to provide appropriate training) is a serious one.

This states that relevant employees must be:

• made aware of the law relating to money laundering, terrorist financing and proliferation financing, and
• regularly given training in how to recognise and deal with situations that may be related to money laundering, terrorist financing or proliferation financing.

The PBSs will often circulate among their members the NCA’s SARs in Action publication, which is aimed at all stakeholders in the SARs regime. Firms will often use the publication as part of their staff training.

Having received a report of suspicious activity from a member of staff under section 330 of POCA, a Nominated Officer must determine whether to submit a SAR to the NCA. (You are reminded of the requirement to reperform appropriate CDD when reasonable suspicion of money laundering arises.)

How to submit a SAR

Details of how to submit a SAR may be found on the NCA website, which also provides a link to the new secure SAR Portal as well as forms for manual completion if preferred. (Your firm’s Nominated Officer will need to register, to be able to use the SAR Portal.) On the NCA website, you can also find issues of the SARs Reporter Booklet, which carries examples of SARs submitted and what the outcome was in each case. Case studies such as these are a useful form of staff training.

The NCA provides a guidance document on Submitting Better Quality SARs, which includes useful contact details, examples and tips for effective reporting. Key points are as follows:

• Provide all relevant information (including client ID information), but be concise.
• For incorporated entities, include the trading name, company name, beneficial ownership, etc.
• Be clear, avoiding acronyms and jargon.
• Briefly summarise your suspicion. Provide a chronology if it helps to clarify.
• Give details, such as bank details and bank account numbers.
• Fully populate all fields. Be clear if you do not have the information, entering “UNKNOWN” in the field.
• Use the correct glossary code(s) and put it/them upfront if submitting the SAR using the forms.
• Link to previous SARs using reference numbers provided.

AML policies, controls and procedures

As you know, regulations 19 and 19A of MLR 2017 require a firm to have documented policies and procedures to manage the money laundering, terrorist financing and proliferation financing risks identified in its firmwide risk assessment (FWRA). There must be evidence that those policies and procedures have been communicated within the firm.

Regulation 19 specifically requires the firm’s policies and procedures to include policies and procedures requiring anyone in the firm who knows or suspects that a person is engaged in money laundering or terrorist financing to comply with Part III of the Terrorism Act 2000 or Part 7 of the Proceeds of Crime Act 2002. Therefore, your documented policies and procedures must:

• make clear the firm’s obligation to report knowledge or suspicion of a money laundering or terrorist financing offence to the NCA;
• identify the firm’s Nominated Officer (or “MLRO”);
• require all principals and relevant employees to report any suspicious activity to the Nominated Officer;
• set out the format of any such report to the Nominated Officer (usually requiring the use of standard documentation;
• require clear documentation of the decision of whether or not to report suspicion to the NCA;
• state how SARs are to be delivered to the NCA (e.g. using the NCA’s online portal);
• state where copies of SARs should be filed (securely);
• reinforce requirements regarding confidentiality and minimising the risk of “tipping off”;
• consider the need for consent to proceed with a transaction (which would amount to a money laundering offence under section 327(1), 328(1) or 329(1)).

On that note, we proceed to think a little about obtaining consent …

DAML SARs

Obtaining consent to proceed with a transaction is a defence against money laundering (DAML) or a defence against terrorist financing (DATF). Consent from the NCA is sought by way of a DAML SAR, as set out in section 335 of POCA, or a DATF SAR under section 21ZA of the Terrorism Act. When submitting a SAR, you must use a glossary code appropriate for requesting the defence, and tick the “consent” box if using the SAR Portal.

An example of when a defence may be needed would be where a client has sought to use the firm’s client account for reasons the firm does not understand – reasons that appear to be unrelated to the services being provided by the firm. It is easy for someone to deposit funds into the firm’s account, but when it comes time to return those funds (or even remit them to another party), if the rationale is unclear, a relevant employee would be expected to be suspicious of the transaction in which the firm is becoming involved. Receiving consent (by the appropriate means) to complete the transaction serves as a defence against an allegation of money laundering or terrorist financing in respect of that transaction.

Having submitted a DAML SAR (or DATF SAR), a person obtains the relevant consent if they do not, within 7 working days (the “notice period”), receive notice from the NCA that consent is refused. Although the statutory period for considering all DAML requests is 7 days, in recent years, the average time was, in practice, just over 3 days.

If you receive, within the notice period, notice from the NCA that consent is refused, there is a “moratorium period” of 31 days, during which the firm is prohibited from carrying out the transaction. (There is no moratorium period under TACT.) Once that period has expired (and not been extended by an application to the court), the firm is deemed to have received the required consent. Note that this process cannot provide a defence in relation to financial sanctions. (A separate process will need to be undertaken through OFSI for transactions that may breach financial sanctions.)

When seeking a DAML (or DATF), a firm must be clear about the activity for which a defence is needed. It must be for a specific activity and not be open-ended. A DAML SAR – like any SAR - must be made diligently. The NCA may refer poor quality SARs to a firm’s supervisory authority, or it may close a case, meaning that a new DAML SAR would have to be submitted to obtain the relevant defence.

What happens after a SAR is submitted?

Upon submitting a SAR to the NCA, the firm (i.e. the Nominated Officer) will receive an acknowledgement. The SAR will be triaged, with reference to the glossary codes used and other fields, and may be referred on to the appropriate law enforcement agency immediately.

In any event, a SAR may be used multiple times and may be combined with other intelligence. So the NCA will not respond to the firm with the outcome of the SAR. But the NCA may seek further information from the firm – especially in the case of a DAML SAR or DATF SAR. If your firm does receive an enquiry for further information, care must be taken to ensure the enquirer’s identity is verified before the firm responds to the request.

Having submitted a SAR, the firm does not have to stop working for the client, except in respect of the subject matter of a DAML SAR. However, it may wish to disengage from the client for its own reasons. If so, care must be taken to ensure that the firm meets its statutory obligations while avoiding the offence of “tipping off” (e.g. the need for an auditor to file a resignation statement at Companies House).

Tipping off

According to section 333A of POCA, the offence of tipping off is committed when:

• a person (usually within the accountancy practice) discloses that a SAR has been made;
• an investigation is underway (or being contemplated); and
• the disclosure is likely to prejudice that investigation.

No tipping off offence is committed if the person did not know or reasonably suspect that the disclosure was likely to prejudice any investigation. Nevertheless, a strict policy that the existence of a SAR must not be discussed without the permission of the Nominated Officer would be a reasonable safeguard for the firm to implement.

Also, a tipping off offence is not committed if a disclosure is made:

• to another relevant employee in the firm (although safeguards are recommended),
• to a relevant employee in a different undertaking where both undertakings are under common ownership or management,
• to an AML supervisory authority,
• for the purposes of the prevention, investigation or prosecution of a criminal offence, or an investigation under POCA; or
• to the subject of the report following notification that the moratorium period for a consent SAR has been extended beyond 31 days (in which case, you should seek legal advice). 

There are other specific exceptions set out in AMLGAS, but you would be well-advised to consult with your supervisory authority if in any doubt. In any event, a person should not disclose the existence of any SAR without good reason. The firm should retain (securely) clear records of any consultations and deliberations and document the conclusions reached in each case.

No tipping off offence is committed if a relevant employee makes enquiries of a client regarding something that properly falls within the normal scope of the business relationship, e.g. on discovering a sales invoice that has been omitted from a VAT return. But no attempt should be made to investigate the matter.

Record-keeping and SARs

Regulation 40 specifies that detailed records must be retained in respect of any transactions that are the subject of CDD, including where there is reasonable suspicion of money laundering or terrorist financing. Reasonable suspicion should be reported internally to the firm’s Nominated Officer (or MLRO), unless the firm is a sole practitioner with no relevant employees. In any case, the need to submit a SAR to the NCA must be considered.

SARs are a critical component of the fight against organised crime, and the reporting of suspicious activity is a requirement of POCA and the Terrorism Act. So, proper documentation is essential as a means of protecting the firm (and individuals within it) from allegations of noncompliance and even allegations of money laundering or terrorist financing.

Documentation

Relevant employees must understand how to make a high quality report to the Nominated Officer, including as much detail as possible about the transaction or circumstances giving rise to the suspicion. The documentation must also evidence the important factors considered, and the relevant discussions and consultation undertaken, in arriving at the decision to submit (or not to submit) a SAR. In addition to this documentation, the firm must retain copies of any SARs submitted, as its supervisory authority has the right to inspect them.

In respect of suspicious activity identified during the course of a business relationship, the records must be retained for five years from the date the business relationship came to an end. If suspicious activity is identified without entering into a relationship (e.g. the firm decides not to accept a potential client), the records must be kept for five years from the interaction giving rise to the suspicion.

In any event, you are not required to retain records relating to a transaction for more than ten years and, once the necessary retention period has expired, the firm must delete any records containing personal data. An exception to this is where the firm is required to retain the records for the purpose of court proceedings or it has reasonable grounds for believing that the records should be retained for the purpose of legal proceedings. 

Confidentiality

As outlined above, when a SAR has been submitted, the firm must seek to avoid the offence of tipping off. Similarly, on receiving an internal report of suspicious activity, the Nominated Officer must take care to consult only with appropriate people and explain to the person making the internal report the importance of confidentiality. Clearly, the documentation relating to any suspicious activity must be stored securely, using encryption and access controls as appropriate. To be clear, the offence of tipping off occurs when either a SAR or an internal report of suspicious activity has been made, and a person (made aware of the suspicion through their work) discloses the report of suspicious activity such that the disclosure is likely to prejudice any investigation that might be conducted as a result of a SAR.

Conclusion

The timely and controlled reporting of suspicious activity – within the firm and, if appropriate, to the NCA – is expected of accountancy practices in the UK. The number of SARs made by firms of accountants (and TCSPs) would appear to be increasing each year, but only slowly. It is still thought that the number of SARs submitted by accountants is too low, bearing in mind that the PBSs together supervise more than 34,000 firms and HMRC supervises around 16,500 practices (more than 50,000 in total).

It is worth remembering the following points:

• A firm should establish and communicate clear policies and procedures covering the importance of recognising suspicious activity and how to report reasonable suspicion – internally and externally (to the NCA).
• Staff training should cover the identification of suspicious activity, including emerging risks and red flags, and how to report suspicious activity to the Nominated Officer.
• All staff must be aware who holds the roles of Nominated Officer and AML Compliance Officer (usually referred to as the MLRO if the roles are combined).
• If the subject matter of a SAR concerns a transaction in which the firm is expected to be involved, the need to seek a defence against money laundering or a defence against terrorist financing must be considered.
• Discussions and formal consultations concerning suspicious activity must be recorded.
• Software can help with document management, including the secure storage of internal reports of suspicious activity and copies of SARs submitted to the NCA.
• AML policies and procedures must minimise the risk of tipping off following the submission of a SAR to the NCA.

‍

‍