Yesterday I attended a presentation from a software company selling an automated CTR & SAR tracking package. Typically, their sales pitch mixed regulatory information with the solutions provided by the software. They also used as fact some information that seemed unfactual. For example, that one in ten SARs filed results in an investigation by FinCEN? This seemed high to me, if any of you experts are aware of any stats published by FinCEN Enforcement, PLEASE reply.

However, the main feedback I'm interested in is this. If a financial institution has followed the spirit and letter of the BSA et al, is there now a need to have an automated system to identify transactions down to the tenth signer on an account or screen telephone numbers looking for names that do not match.

It seems to me that we are headed down a slipery slope. For example, once I discover that "Sally X" and "Bobby Y" share a common telephone number, what do I do with the information? Are they now a suspicious terrorist cell? Any feedback would be greatly appreciated.

There may not be a specific requirement that I have software to "discover that 'Sally X' and 'Bobby Y' share a common telephone number...(and may be a) terrorist cell", but if they ARE criminals or terrorists, I'm sure going to wish I had noticed it before law enforcement moves in. The need to manage customer risks has grown steadily - SAR, OFAC, AML and now, anti-terrorism. Hard to imagine that only a few years ago we limited our customer worries to losses and fraud.