Last week we recieved an email supposedly from our customer that a wire be sent to a bank in Mississippi to a beneficiary other than himself. Because of our procedures requiring calls to verify a wire request and forms filled out, our CSR was able to determine that this was a fraudulent wire request and that the customer's email address was being used unbeknowst them. The person who sent the request had the customer's account and routing number and even the customer's signature. We were able to contact the beneficiary bank and found out that the person who was going to receive the wire was not aware of it either. We think this is a reason to file a SAR but are stuck on how to go about filling out the SAR form. It was potential fraud but it was not something our customer was trying to do. And do we still include our customer's name, account number, address, etc. on the SAR even though he was not at fault. Or do we include his information and then spell it out in the narrative?

Your customer is not the suspect, but was the apparent victim of a fraudulent wire request. Typically Banks will list victim in the SAR narrative and list the suspect, if one can be identified, in the appropriate section of the SAR itself.

And if we cannot identify the suspect do we not file the SAR?

Your suspect in this case is the unknown party who hijacked your customer's email account. If the attempted wire exceeded $25,000, then it meets the mandatory reporting threshold for activity with no suspect.

It is appropriate to include pertinent information about your customer in the narrative (and not all of your customer's information will be pertinent), but your customer should not be listed as a suspect.

Of course the attempted wire was just under $24,000.00 so that means I am just going to make note of why I did not do a SAR and keep the documents as record.

This scam has been on the rise. Here's some more info about it:

http://www.fbi.gov/seattle/press-release...area-businesses

http://www.ic3.gov/media/2014/140627.aspx

There is language in the SAR filing requirements that would make it seem as if a SAR would be required for this type of activiy. The specific language below makes it sound like you have to file if it was $5,000 or more and it pertains to either 1 or more of these 4 criteria regardless if there's a suspect.

3. Filing Requirements for Financial Institutions:

A financial institution must report any transaction that requires reporting under the terms of 31 CFR Chapter X if the transaction is conducted or attempted by, at, or through the financial institution and involves or aggregates at least $5,000 and the financial institution knows, suspects, or has reason to suspect that the transaction or pattern of transactions of which the transaction is a part:

A. Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation;

B. Is designed, whether through structuring or other means, to evade any requirement of 31 CFR Chapter X or any other regulation promulgated under the Bank Secrecy Act, Public Law 91-508, as amended, codified at 12 U.S.C 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-5332;

C. Has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction, or

D. Involves the use of the financial institution to facilitate criminal activity.

Wouldn't C and D apply to the situation you described? Does anyone happen to follow this guideline?.

It appears to contridict the language about the $25,000 or more with no suspect.

Interesting. Never heard that sort of analysis and conclusion before, but interesting. Normally I just follow the guidance in the filing instructions:

Violations aggregating $25,000 or more regardless of a potential suspect. Whenever the bank detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank and involving or aggregating $25,000 or more in funds or other assets, where the bank believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the bank was used to facilitate a criminal transaction, even though there is no substantial basis for identifying a possible suspect or group of suspects.

I always felt you have to view the rules in their entirety. Here are the triggers, but here are the thresholds.