How do I know when I am suspicious?

by Rowan Bosworth-Davies

The global approach to anti-money laundering seeks to prevent criminals and terrorists from benefiting from the proceeds of their crimes, or from the monies made available to them to finance their terrorist activities. All jurisdictions operating under these principles require that those institutions who operate under their regulatory oversight disclose to the relevant authorities whenever they suspect that such a proscribed activity is taking, or has taken, place.

Looked at in the round, adhering to such a statement would seem to lead to a simple approach toward assisting financial practitioners in determining how they should go about making such "suspicious" disclosures. Unhappily, as is so often the case, what at first sight appears to be easy to reconcile, turns out to be considerably complicated.

In this article, I intend to set out the significant distinctions between the law in one European country – specifically, the UK – and the law in the U.S. to amplify just how the differences between two jurisdictions can lead to a regulatory shortfall in "best practice" compliance standards, if these laws are inadvertently assumed to be the same.

Filing a SAR

U.S. federal law requires every financial institution to file a report of any suspicious activity relevant to a possible violation of law or regulation. Under the law, a suspicious activity report (SAR) is triggered if the dollar amount involves at least $5000 (€3825) in funds or other assets and the institution knows, suspects or has reason to suspect that the transaction involves any of the following:

• Funds derived from illegal activity.
• Attempts to evade any requirements under the Bank Secrecy Act.
• No apparent business or lawful purpose, or is not the sort of transaction in which the particular customer would normally be expected to be engaged in.

The SAR should be filed with FinCEN no later than 30 calendar days after the date that the institution initially detects the facts that may form the basis for filing the report. If no suspect was identified on the date of the detection of the incident that triggered the filing, an institution may delay its filing for an additional 30 calendar days to identify a suspect. Under no circumstance can an institution delay filing a SAR by more than 60 days after the date of initial detection of a reportable transaction. Finally, if the situation requires immediate attention, the institution is expected to notify appropriate law enforcement by telephone in addition to filing a SAR.

This statement of affairs provides for a fairly straightforward description of the U.S. citizen's duties with regard to the making of a SAR. It is also of interest for a non-U.S. practitioner to note that the circumstances in which a SAR has to be filed are defined by both financial amount and by a limited number of reasonably predeterminable activities. These definitions delimit the amount of information any institution has to collect about the activities of each individual client, apart from the basic client identification requirements. These standards reflect, in part, the traditional U.S. resistance to a requirement for demanding too great a degree of invasive KYC, 'Know Your Customer', information about an individual client's affairs, for fear of breaching personal privacy considerations.

The UK Equivalent of a SAR

In the UK, our law requires that all regulated institutions – financial institutions, insurance companies, fund managers, brokers and financial dealers, as well as lawyers, accountants, estate agents, casinos and general commercial dealers whose businesses could involve transactions in excess of €15,000 (US$19,600) and who would be willing, in principle, to accept cash in payment – that have reasonable cause to suspect that any sum of money (no matter how small) could have arisen as a result of any criminal activity, including terrorist financing, must disclose that fact to the National Criminal Intelligence Service, the UK FIU.

Originally passed in 1994, this law was extended after initial analyses of existing disclosures revealed that nearly 60 percent of all the disclosures made to NCIS were reported by just the 11 major retail banks. The government, or rather the Policy Innovation Unit of the Cabinet Office, reviewed this statistic and formed the view that a wide cross-sector of the financial services industry, and others who should be included within the group of practitioners who ought to have been making disclosures, were not complying with the law. These institutions justified their noncompliance by saying that they were just not suspicious of any of the transactions they saw. The government disagreed with this assertion and determined that these organizations were not making the necessary degree of disclosures.

To enforce this determination, the government responded by extending the definition of "suspicion" to mean "having reasonable grounds to know or suspect." They changed the nature of the disclosure principles and turned what had been a subjective test to an objective standard by stating:

"...The Government…has concluded that the introduction of a negligence test is now necessary as a deterrent against those in the financial sector and other relevant sectors who fail to act competently and reasonably where information before them ought to make them suspect money laundering..."

What will this mean in practice?

In real terms, this new standard means that any member of the UK regulated sector has to disclose any suspicion of even the smallest sum of possible criminally derived money. For example, a lawyer or an accountant must report any of his tax clients that he suspects may have possibly been underdeclaring his annual revenue, even by only a few pounds a month. In the past, if such a situation arose, the professional adviser would have made a voluntary admission to the Revenue authorities, and an agreed sum of money would have been paid over to meet the undeclared sums, by way of a voluntary agreement. Now, a disclosure has to be made to the National Criminal Intelligence Service.

The problem faced by UK practitioners is not dissimilar to practitioners in other EU countries, with the minor exception that the test of suspicion within UK law is now an "objective" test as opposed to a "subjective" test.

In other words, it is no longer the case that a member of the UK regulated sector is merely required to disclose his or her own personal subjective suspicions. They are now required to disclose any circumstances where they ought to have had reasonable cause to suspect, or where an objective test of suspicion arises, a standard of conduct that the court will ultimately define, if necessary.

This standard has grown out of an old element of UK law that is common to other "common law" countries. When we start to talk about conduct that ought to make us suspicious, we are delving into a very complicated area of the law indeed. Ironically, it is the same area of the law that governs the issue of constructive trusteeship; I intend to deal with the two issues together here.

Constructive Trusteeship

When the law on the issue of suspicious transactions was first introduced, it determined that the practitioners who disclosed their suspicions to the police were, in reality, identifying the fact that they did not believe the beneficial ownership of the money being introduced to them.

The law on constructive trusteeship, put at its simplest, maintains that whenever a person or an institution comes into possession of property and, for whatever reason, forms the opinion that the property is not lawfully or properly that of the person depositing the property with them, the receiver automatically becomes a constructive trustee of that property.

Because they are now in possession of property that they suspect may lawfully belong to someone else, this individual or institution becomes a trustee, meaning that the law requires them to keep that property safe until the lawful owner asks for it back. Indeed, the law really goes a bit further than that, expecting the trustee to take reasonable steps to ascertain and identify the lawful owner of the property, and then return it.

These individuals or institutions become constructive trustees because they have not been formally appointed as a trustee in the usual way, i.e., by being identified in a trust deed, rather they have effectively nominated themselves as trustees without the need of a formal appointment.

The civil law that governs constructive trusteeship has been responsible for many cases that have created the definition of the law. As it stands today, the law on the "knowledge" that the individual has to have of the relevant circumstances is defined by the decision in a famous case, Baden and others v Societe Generale [1983] (BCLC 325).

The relevant tests that the courts will apply to satisfy themselves that a person had the relevant knowledge required are called the Baden tests, and there are five of them.

The Baden Tests

In the Baden case, the court sought to differentiate between what they termed "actual knowledge" and "constructive knowledge," and stated that a person could be said to "know" a certain fact, subject to one of the five definitions of knowledge.

In ascending order, they are:

• Knowledge of circumstances that would put an honest and reasonable person on enquiry.
• Knowledge of circumstances that would indicate the facts to an honest and reasonable person.
• Wilfully and recklessly failing to make such enquiries as an honest and reasonable person would make.
• Wilfully shutting one's eyes to the obvious (otherwise known as the "Nelsonian" blind eye test, after the actions of Lord Horatio Nelson at the Battle of Copenhagen when, having been recalled to the main battle fleet by a signal flown by his admiral, chose to put his telescope to his blind eye, so that he could say later that he hadn't seen any signal).
• Actual knowledge.

In the future, the courts will measure the behavior of financial practitioners against these tests when the question of whether the practitioners have behaved reasonably with regard to financial suspicion arises. It will no longer simply be sufficient for a practitioner, when faced with an allegation of money laundering, to say, "But I wasn't suspicious." The court will, if an individual is charged with an offence, conduct a preliminary hearing to establish whether or not, in the eyes of the court, evidence exists to show that the individual "ought to have been suspicious." This is how it will happen:

First, the court will examine all the facts and will hear the defendant on oath to establish whether, in the eyes of the court, there was sufficient evidence to demonstrate that the defendant was suspicious "subjectively," i.e., following the traditional test. Defendants will have little difficulty in maintaining their position that they were not suspicious, if that is their defense.

If the court is satisfied that there is insufficient evidence to show that the defendant did suspect at the time he or she is alleged to have committed the offence, then the court will go to Stage Two of the process and evaluate whether, in the minds of the court, there was sufficient evidence to demonstrate that the defendant "ought to have suspected" money laundering, i.e., that the defendant was merely being negligent in his or her approach to the question of the truth of the situation.

If the court finds that there was sufficient evidence to demonstrate that the defendant was negligent, and ought to have known, then the court will move to Stage Three of the process, which is designed to establish whether the defendant is a reasonable person within the meaning of the law.

To establish this fact, the court will look at the individual concerned, analyze the defendant's experience, length of service, amount of training, general level of intelligence, insightfulness, demeanor, manner and the position held by the defendant at the time of the alleged offence. The court will then apply those findings to the hypothetical concept of the "reasonable compliance officer" of a similar length of service, experience, amount of training, etc., and will make a finding as to whether the defendant was a reasonable or "unreasonable" person, in all the circumstances.

If the court finds that in its eyes, the defendant was a reasonable person in all the circumstances and ought to have reasonably known or suspected the truth of the situation, then the court will allow the matter to be tested by the jury, and the whole process will have to be repeated in front of it.

If you now go back and reread the five Baden tests, you will see that the court made great use of the word "honest." The courts place a huge premium on honesty and honest conduct, determining that honesty is something that judges can test when considering human conduct.

Perhaps the most important piece of legal commentary in this area was first penned by the then Sir Peter Millet, later to become Lord Justice Millet, one of England's leading Chancery Judges, and an expert on constructive trust issues. He made the following observations:

"...It is surely no answer for a man charged with having knowingly assisted in a fraudulent and dishonest scheme to say that he thought that it was 'only' a breach of exchange controls or 'only' a case of tax evasion. A man who consciously assists in laundering money, that is to say in making arrangements which he knows are calculated to conceal what has happened to the money not only from the proper authorities but also from a particular third party, takes the obvious risk that they are part of a fraud practised on that third party; and he is clearly liable if he does not take steps to satisfy himself that they are not. But arguably the law should go further than this, and require no more than a general awareness of the dishonest nature of the arrangements such that an honest man would have nothing to do with them. The standard of what constitutes honest conduct is not subjective. Honesty is not an optional scale, with higher or lower values according to the moral standards of each individual. If a person knowingly appropriates another's property, he will not escape a finding of dishonesty simply because he sees nothing wrong in such behaviour. In most situations there is little difficulty in identifying how an honest person would behave. Honest people do not intentionally deceive others to their detriment. Honest people do not knowingly take others' property..."

Know Your Customer

Because the UK now has the "all-crimes" provision, and because of the existence of the constructive trust situation, and because we have no de minimis rule that provides for a lower value threshold below which no suspicious transaction report has to be made, means that the UK and those other countries who share similar requirements must, as a matter of course, require their customers to provide a far higher degree of KYC information when opening their client relationships.

This standard leads to questions being raised about a wide variety of peripheral subjects relating to the client's wealth; his means of acquiring it; his business affairs; his financial profile; his personal and financial ambitions; his savings, pension plan and other investment products; the financial dealings engaged in; and the source of his unearned income, if any. Most U.S. citizens would find such questions hugely invasive, but in the EU and particularly in the UK, they are generally tolerated with a robust good humor, even when they are usually disliked.

The reason for this required depth of personal knowledge is that without it, no financial practitioner would be able to develop sufficient knowledge of his client's affairs to be able to satisfy the very high regulatory requirement imposed on them to demonstrate that they can make effective suspicious transaction disclosures. In other words, to achieve parity with our legal requirements, we in the UK have to demonstrate a very high knowledge of our client's activities and his financial affairs. If we don't, how would we be able to judge whether a specific transaction is "suspicious" or not? In this jurisdiction, each client is treated individually, and what might be suspicious about one client's actions, might not be so for another.

This might, at first be considered to be a somewhat tautologous argument, but when it is borne in mind that in UK law and, indeed, in other international legal systems, when we talk about the need for bona fide disclosures, this places a legal standard on the quality of the disclosure being made. If a disclosing party fails to make the necessary background inquiries, and it turns out later that the person being disclosed against is innocent and has suffered loss or damage thereby, the courts would examine the quality of the disclosure made by the reporting institution. If it were to transpire that the discloser had merely made a blanket disclosure without making any necessary preliminary investigations, then it is likely that a claim for damages could lie against the discloser for a failure to make a bona fide disclosure since he or she had not behaved reasonably in all the circumstances.

Another regulatory burden in the EU and in most common-law countries is that our disclosures have to be made "as soon as is reasonably practicable." This distinction is generally taken to mean about 72 hours from first becoming aware of the possibility that an unusual transaction had taken place.

We use the words "unusual" or "abnormal" in the first instance to differentiate the transaction from a "suspicious" one, because we need to give the compliance team enough time to make sufficient investigative enquiries to satisfy themselves that the transaction is either legitimate or suspicious. If the team were to assume that the alerts they were shown at the start of the process were of themselves "suspicious," they would have no alternative but to make an immediate disclosure of those alerts to the FIU.

Distinctions between the U.S. and EU countries

As can be seen, in the UK, we have no guideline or benchmark to standardize our disclosures, and therefore we have tried to ascertain if there are any guidelines by which we can provide even the most basic set of criteria by which compliance managers can be assisted.

These significant distinctions between the "suspicion" requirements of the U.S. and the EU (UK) laws lead, inevitably, to a very different way of establishing whether an individual is indeed suspicious, within the meaning of the law. It also sets up a series of potential conflicts in the way predefined scenarios or rules are more or less effective in providing the level of best practice support that the compliance function requires.