SARs: Guess Who's Watching You Now?
Last week’s settlement by JP Morgan gives advisers and investors yet another aspect of the enforcement landscape to consider when undertaking daily activities. SARs may play a significant role behind the scenes in future regulatory enforcement efforts.
What is a SAR? Under the US Bank Secrecy Act (“BSA”) a “financial institution” is required to file a Suspicious Activity Report or SAR if it has reason to suspect a transaction is suspicious. An activity is suspicious if it involves funds derived from illegal activity, is designed to evade requirements of the BSA, has no business or apparent lawful purpose or is not the sort of activity that the customer would normally be expected to engage in. The subject of a SAR cannot be told about it. In fact, the firm filing the SAR is not liable for disclosing the information to authorities or failing to provide notice of the disclosure to any person identified in the filing.
Currently, advisers do not fall within the “financial institution” definition and therefore (unless affiliated with an entity that does qualify) they are not required to file SARs. However, regulators are reportedly working on a proposal to change this. If so, advisers may have an affirmative duty to report on clients, employees, expert networks and competitors. This could have a far-reaching impact on how advisers interact with other market participants. But this is still in the future.
So why do SARs matter today?
Assume that counterparties, and any bank undertaking a due diligence review, will file a SAR if there is any reason to believe that a “suspicious” activity has occurred. The regulators are increasing their focus on whether financial institutions are filing SARs. This may be reflected during the exam process. For example, during an exam regulators may ask why a SAR was not filed and how this determination was made. A recent case in point is JP Morgan's announcement that federal prosecutors have agreed to defer prosecution of the bank for criminal violations of the BSA and dismiss the charges after two years, if the bank complies with the agreement. The bank must pay a $1.7 billion fine and change its compliance program. The charges centered on the failure to report to US authorities suspicious activity uncovered as part of a due diligence into how returns were generated in Madoff accounts.
For an adviser, this is simply another reason to seriously consider self-reporting of issues as soon as they are identified. Internal whistleblowers are not the only stakeholders motivated to provide information to regulators and, as we have mentioned so much in the recent past, there is reason to seek credit from enforcement staff for self-identification.
Investors selecting a fund or adviser to invest with should proceed cautiously if results seem suspicious. Unless the firm can clearly explain how the results were generated, consider the possibility that management’s time may be diverted from its investment strategy to discussions with regulators.
Of course, both advisers and investors should confirm that firms operating in multiple jurisdictions have processes to comply with the requirements of each applicable regulatory regime. JP Morgan notified UK regulators but not the US authorities about its suspicions. This partial notification only hurt the bank later, as the conduct was seen as suspicious in every jurisdiction it touched, not just the UK.