Stuart Clarke, CEO, Blackdot Solutions
In the most recent reporting year, UK regulated institutions submitted 866,616 Suspicious Activity Reports (SARs) to the National Crime Agency’s (NCA) UK Financial Intelligence Unit (UKFIU), with the banking sector alone accounting for 85% of reports.
The UKFIU’s annual report lauds the total number of SARs as a symbol of the UK’s position as a leader in using the submitted information to prevent financial crime. But is volume alone a measure of success? It could be argued that, rather than being an accurate portrayal of effectiveness, volume is a façade for compliance.
The question we really need to answer is: are we actually detecting and stopping crime, or simply documenting suspicion?
Current SAR volumes show the system isn’t working
In the last financial year, according to the report, 58,055 integrity related SARs were read and triaged by the UKFIU for potentially significant intelligence. On the surface, that’s an impressive number of processed reports. But only 533 were subsequently disseminated to UKFIU enforcement partners. That’s less than one percent warranting further investigation – and perhaps why the findings outlining the number of SARs that are read vs. shared come towards the end of the report.
There are several possible reasons for this gap. The fact so few reach enforcement suggests that many reports are lacking key, actionable intelligence. Then, the volume of submissions indicates that FIU resources are being stretched, making it harder for FIUs to process each SAR with the rigour and scrutiny that is required. But these findings also imply that many SARs are likely to be defensive filings – in other words, firms submit them to show they are being compliant (in fear of penalties, reputational damage etc.) instead of basing them on genuine evidence.
Defensive filings as an explanation for the volume of SARs and disparity between reports and action is something previous experts, like Jim Richards, president of RegTech Consulting and former Global Head of Financial Crimes Risk Management at Wells Fargo, have stated. As Richards said, while you get fined for late SARs or not filing, you don’t get penalised for overreporting.
As such, this regulatory environment can contribute to a ‘if in doubt, file a report’ mentality. Yet while reporting is encouraged, high volumes of low-value reports dilute intelligence rather than contributing to it. And as the FCA’s recent £44m fine for Nationwide shows, penalties for large banks are often due to inadequate investigation.
Crucially, the real cost of this gap extends beyond fines or stretched resources. Criminals can exploit this fragmented network and lack of effective real-time data sharing between institutions and law enforcement to carry out illicit activity.
Misaligned incentives drive volume over quality
The NCA recognises that submitting a SAR can provide firms with a legal defence under the Proceeds of Crime Act. So, for firms, it makes sense to embed defensive reporting within risk management frameworks. Because of the potential damage from non-compliance, their main concern centres on whether they can turn around SARs quickly, rather than considering their investigative quality and impact further downstream.
This is in part because of a limited feedback loop – compliance teams rarely know whether the SARs they submit were actually useful. But it’s also to do with their internal processes.
Financial institutions often rely on internal transaction data and client information; they spend huge sums on tech designed for transaction monitoring and automating reports. However, the same priority isn’t given to external data. In fact, these systems often lack integration with external data entirely, and this means there is a void of contextual information and intelligence in the SARs they submit.
Given organisations want their compliance functions to detect and file SARs over conducting quality intelligence, compliance teams often have limited capacity to perform thorough investigations after detecting suspicious activity. All of this produces an environment that nurtures volume over quality.
So, is there a way to rebalance the system?
Proactive, intelligence-led investigation
Rather than perpetually reacting to suspicious activity alerts, firms should prioritise an approach that proactively looks at any client risks that are emerging – through ongoing, intelligence-led work – and outlines steps in tackling these risks. This will improve their internal processes and resourcefulness while also enhancing the quality of SARs that the UKFIU receives.
Imperatively, this proactive strategy looks to use data from external sources to provide a fuller picture on suspicious activity – and that depends on OSINT. OSINT is the targeted collection and analysis of publicly available data to produce actionable intelligence. Instead of simply relying on internal data, OSINT empowers firms to access information like corporate registries, sanctions lists, publicly available social media activity and adverse media mentions.
With this data, compliance teams can then map networks of individuals and entities and identify risks like hidden relationships or beneficial ownership. This provides SARs with crucial context that is absent from internal transactional data. In turn, this investment into OSINT for proactive risk assessment can extend to reactive investigations, which will always remain a core part of SARs, as there is more information to draw on for the entire compliance ecosystem.
By bridging the gap between internal data and external intelligence, financial institutions can filter out lower risk cases earlier and thereby reduce low-value or poorly contextualised SARs. It’s a process that prioritises fewer SARs but higher-quality, intelligence-driven submissions that help to solve cases.
These changes also depend on regulators rethinking their approach. The sector must prioritise measuring SARs based on successful outcomes such as their contribution to the disruption of criminal networks or prosecutions instead of their volume. The UKFIU report does exactly this with Defence Against Money Laundering SARs cases, which have led to “the highest amount of assets ever denied (…) within a single year period”. It’s an excellent example of how investigations can lead to tangible action.
By helping and incentivising firms to focus on improving the quality of SARs from the outset, we can build a system that provides law enforcement with better intelligence and the ability to prevent financial crime.
