The Anti-Money Laundering (AML) and compliance space is full of guidance about suspicious activity reports (SARs) — and if your business is regulated by the Bank Secrecy Act (BSA), you’re likely already familiar with them. But what about unusual activity reports (UARs)?
Discover the differences between SARs and UARs, what UARs are used for (and whether you should be using them), and how automation can simplify the process of reporting questionable activity.
What are unusual activity reports?
An unusual activity report (UAR) is a document that summarizes the details of unusual activity conducted by an account holder, such as an abnormal transaction.
Unusual activity is more nebulous than the traditional signs of money laundering, terrorism financing, and other financial crimes. Examples may include unexpected large transactions, a sudden increase in account activity, activity outside the purported use of an account, or anything else that seems out of the ordinary.
Fintech companies typically own their customer data and carefully monitor account usage. This means they are often the first to notice unusual activity and will create the UAR.
UARs are also used in situations where a business governed by AML regulations is unable to file and resolve a formal SAR within the legally mandated 30-day timeframe. Initiating an unusual activity report gives a company more time to collect information and helps them avoid filing penalties.
It’s worth noting that UARs are not yet legally required — although regulators seem to be paying more attention to them in recent months, which indicates this may change.
UARs vs SARs
As mentioned above, fintechs are often the first to recognize unusual activity — and they’ll use a UAR to report it to their sponsor bank (the chartered bank that provides licenses, insurance, and other programs to allow the fintech to offer traditional banking services) to figure out next steps. As such, an unusual activity report can be thought of as something of a “pre-SAR.”
While unusual activities should be treated with the same level of caution as suspicious activities reported through traditional SARs, the trigger for a UAR is often more uncertain and vague. A sponsor bank that receives a UAR will use its discretion to decide whether it’ll subsequently file a SAR with the appropriate regulatory body.
As SARs are often populated from UARs, both contain information about the incident in question. They also serve the same primary purpose: to report on suspicious activity that may indicate or relate to financial crimes.
The key difference is that SARs are a legal requirement for financial institutions — and are therefore quite serious. UARs are a newer concept and are not yet legally mandated. This may change in the future as more and more sponsor banks require fintechs to submit UARs as part of efforts to meet BSA obligations.
You can think of UARs as comparable to the national early warning score in healthcare: they serve as an additional method you can use for early detection. Identifying and recognizing red flags promptly will allow your business to better address problems.
How does the UAR process work?
If and when a fintech detects unusual activity, it will fill out an unusual activity report form that collects much of the same information as a SAR. This includes account holder information, the details of the unusual activity, and any supporting facts. The necessary document is typically defined by the sponsor bank: unlike SARs, there is no standardized unusual activity report form.
After the fintech has filed the UAR with its sponsor bank or other appropriate entity, the bank will determine whether a formal SAR is necessary. If it is, the bank may use a formal Request for Information to collect supplemental details that will help inform the SAR.
Without automation and streamlining, unusual activity reporting relies on extensive manual data collection that can quickly become burdensome for fintechs and their teams. Completing, filing, and investigating a UAR requires a fintech company and its sponsor bank to collect and exchange sensitive information. The external exchange of this data also presents privacy and security risks.
If your company uses UARs as part of your efforts to identify activity that may help combat financial crime, you should use KYC/AML software that can identify and detect potentially unusual activity the moment it happens. This software can also automatically pull subject information into the UAR form, freeing team members to analyze and act on the data they receive.
Use UARs more effectively with Persona
Unusual activity reports (UARs) are a useful tool that help identify and investigate suspicious activity that may be a signal of financial crime and illicit activities. But without the right strategies and technology in place, UARs can also be a complex and overwhelming burden for internal teams.
Level up compliance and increase security at your business with Persona’s help. Use Persona's identity infrastructure to consolidate your data in one place. And if a SAR ends up being necessary, our case management tool can send automated alerts and streamline the review process. If you’d like to learn more about how we can help your business expedite the SAR process, reach out and we’d love to chat.