Skip to content
 

SAR Audit Criticizes Reporting: 62% of SARs Have Data Quality Problems

On March 23 the Office of Inspector General (OIG), Department of the Treasury sent the results of their Suspicious Activity Reporting (SAR) Audit to the Financial Crime Enforcement Network (FinCEN). The audit specifically criticizes financial institution SAR reporting as being incomplete, and also finds fault with FinCEN and IRS DCC.

OIG statistically sampled and reviewed over 400 SARs filed over a 12 month period ending October 2003. They report that they met with four different federal law enforcement agencies and asked them to identify the types of SAR information that would be critical for (1) identifying potential investigative leads, and (2) developing trend analysis for such things as strategic planning and intelligence gathering. OIG wrote that by focusing their review on these critical data fields, their intention was to avoid identifying trivial or minor technical SAR data quality problems.

They said they found that 251 (62%) of the 406 sampled SARs contained one or more data quality problems (i.e., missing, incomplete, inappropriate, and/or inconsistent information) in a data field critical to law enforcement agencies. The problem SARs had been filed by 110 (68%) of the 161 filers in the sample. Based on the sample results, they estimate that approximately 247,000 of the 416,000 SARs filed during the 12 month audit period contained similar errors.

The Office of Inspector General also reported observations that include: (1) although MSBs had more data quality problems than depository institutions, both groups had data quality problem rates in excess of 55%, (2) SARs filed electronically were not more accurate than paper filings, and (3) the most frequent type of data quality problem involved missing data that law enforcement would use to identify suspects for investigative purposes. By far the most frequent type of data quality problem was missing information.

Although OIG did not specifically criticize timely filing, they looked at how long it took financial institutions to file and the IRS to process SARs onto the automated system. Under SAR regulations, we are required to file a SAR within 30 days of discovery of the suspicious activity, with an additional 30 days if unable to identify a suspect. In the audit, it took on average 71 days between the day of the suspicious activity to the date the SAR was posted to the system.

Broken down to time frames, it took an average of 53 days from the suspected activity to the SAR preparation, 12 days from the preparation to IRS DCC receipt, 7 days from the time IRS gets it until it is posted on the system. Interestingly, total elapsed time differed very little between paper and electronic filings (72 vs. 69 days) but it appears to take financial institutions longer to prepare the SAR when using an electronic media (59 vs. 48 days for paper filing.)

The audit says that FinCEN relies on the federal regulators to ensure that SARs are complete and accurate. However, of the six regulators responsible for examining depository institutions for BSA compliance, only two exam handbooks specifically provided for assessing the completeness and accuracy of SARs. And those two had no guidance or criteria as to how the assessments were to be completed or what even constituted a complete and accurate SAR. The other four regulators focused only on whether financial institutions were filing SARs when warranted.

FinCEN, in their response to the Office of the Inspector General defended financial institutions, stating that the conclusion that 62% of the suspicious activity reports filed contained data quality problems is potentially misleading. What OIG considered to be "problem" SARs included those reports filed with a single field missing, such as the phone number of the suspects. "Such information may be difficult or impossible to obtain, and alone does not serve a foundation for concluding that the SAR is of little value," said William Fox, Director of FinCEN. "The suspicious activity report is designed to provide leads, not established evidence."

FinCEN also noted the data quality problems were clearly higher for MSBs than for depository institutions and stressed that the "...report could be read to portray unfairly the level of industry compliance with the suspicious activity reporting rules.".

The complete report, titled "FinCEN: Heightened Management Attention Needed Over Longstanding SAR Data Quality Problems" is at http://www.treas.gov/inspector-general/audit-reports/2005/by-date.shtml

Copyright © 2005 Bankers' Hotline. Originally appeared in Bankers' Hotline, Vol. 15, No. 3, 4/05

First published on 04/01/2005

Filed under: 
Compliance
Filed under compliance as: 
Audit
FinCEN
IRS
IT
Management
Regulators
Reporting
SAR
Suspicious Activity

Report a problem with this page

Search Topics