SAR Form Completion When Reporting Identity Theft
Identity theft occurs in many forms and can include additional crimes of false statement, computer intrusion, credit or debit card fraud, mortgage loan fraud, or wire transfer fraud. As a means of better identifying and tracking known or suspected criminal violations of identity theft, a financial institution should report identity theft and any additional suspicious activities involved on a SAR. In situations involving multiple violations of law, reporting identity theft in conjunction with additional suspicious activities can be of significant assistance to law enforcement. This serves to notify law enforcement of the nature of the activity and may be valuable to law enforcement personnel in seeking a greater awareness of an entire pattern of activity.
It is important that the SAR narrative contain a full picture of the suspicious activity involved. The narrative should be a chronological and complete account of the possible violation of law. For example:
- A suspect accesses the victim?s investment account via the internet using the victim?s name and account information and places trades for all of the securities in the account. The suspect then attempts to wire the proceeds to a bank account in a foreign country. The broker-dealer becomes aware of the identity theft after contacting the victim to verify the unusual account activity and the unusual destination of the wire transfer.
- A suspect establishes an investment account with a broker-dealer via the internet using the victim?s personal information and attempts to wire funds from the victim?s bank account. The account activity appears legitimate. The brokerdealer becomes aware of the identity theft only when informed by the victim?s bank that the transfer of funds is unauthorized.
The SAR narrative should include information about the suspect (if available), how the account was accessed, if the attempt involved an online virus (e.g., a trojan or spyware) and what instruments or mechanisms were used in the transaction(s). The narrative should also include the accounts involved, the date and period of time the suspicious activity took place, whether the attempt appears duplicative and frequently occurred in different customer accounts, the place the activity occurred, whether a foreign jurisdiction was involved, whether another financial institution was involved, how the identity theft was detected, and why the activity is suspicious.
Further, it is important to note that all filers should ensure that they have provided as much detail as possible in the narrative regarding the suspect and activities involved in the identity theft. Unless the victim is suspected to have contributed to the identity theft scheme, the victim is not a suspect. If suspect information is unknown or unavailable, any partial or incomplete identifying information should be included. For example, a suspect through a trojan online-virus obtains personal information of the victim, contacts the victim?s bank by phone and submits a notice of a change in address and requests for a new or additional debit/credit card. The filer when completing the narrative may be able to provide the suspect?s address and phone number used to contact the bank.
Alternatively, the suspect information may be unknown or unavailable. For example, a suspect using the victim?s personal information may attempt a transaction, such as a funds transfer at the victim?s bank, but when asked for identification cannot provide authenticating information and terminates the transaction. In these instances, the financial institution should include whatever identifying information is available (email address, description, etc.) in the narrative.
Excerpted from SAR Activity Review Issue 15, page 43
print
share