In the US, financial institutions must engage in transaction monitoring, processes designed to detect and identify potentially suspicious activity. In addition to transaction monitoring, suspicious activity may also be detected through other customer activities, such as false or inaccurate documentation provided during customer identification or customer due diligence. Suspicious activity refers to unusual activity that a financial institution suspects may be connected to illicit activity, violations of the BSA, or activities with no lawful or understandable purpose.
In the UK, regulated firms must conduct ongoing monitoring of business relationships, including:
- scrutinizing transactions undertaken throughout the course of those relationships (including, where necessary, the source of funds) to ensure that transactions are consistent with the firm’s knowledge of the customer, the customer’s business, and the customer’s risk profile; and
- reviewing existing records and updating documents or information obtained for the purpose of conducting customer due diligence.
Where information comes to an individual in the course of his or her business in the regulated sector, leading that person to suspect (or have reasonable grounds for suspecting) that another person is engaged in money laundering, a SAR must be made either to the firm’s Money Laundering Reporting Officer, or to the National Crime Agency. For a more detailed discussion of SARs in the UK, see here.
In addition, there is an obligation on regulated firms to apply customer due diligence “when the relevant person has a legal duty in the course of the calendar year to contact an existing customer for the purpose of reviewing any information which is relevant to the [regulated firm’s] risk assessment for that customer, and relates to the beneficial ownership of that customer (including information which enables the [regulated firm] to understand the ownership or control structure of a legal person or similar which is the beneficial owner of that customer).”