STORs and SARs: Birds of a Feather or Apples & Pears

Reporting suspicions to regulators is nothing new but it can often be done in silos, especially in larger firms where financial crime and market conduct risks are managed by distinct teams.

Financial crime risk teams using information from STORs and market abuse risk teams learning from SARs is common sense and something regulators look for but how easy is it in practice?

What is all this Alphabetti spaghetti!?

SARs are Suspicious Activity Reports and are required for suspicions of money laundering or terrorist financing. In the UK these go to the National Crime Agency rather than the FCA due to the remit of the need to report suspicions going beyond regulated financial services firms, for example solicitors, accountants and estate agents must also report suspicions. From a regulatory viewpoint in the UK most offenses will fall under the Proceeds of Crime Act 2002 (POCA) or the Terrorism Act 2000.

STORs are Suspicious Transaction and Order Reports and relate to suspicions of market abuse, for example civil offences under the Market Abuse Regulation / MAR (or the onshored UK version of this) or criminal offences including Insider Dealing covered by the Criminal Justice Act 1993 and the Financial Services Act 2012. They cover most financial instruments but are generally framed in terms of whether the instrument or an underlying instrument are admitted to trading on a UK or EEA venue.

So broadly SARs relate to financial crime (though not all types) and STORs relate to market abuse.

What is the history?

In the UK the need to reports suspicious activity in relation to financial crimes dates back to the Drug Trafficking Offences Act of 1986 but the focus originally was potential immunity from prosecution, it was not until the 1990s that more formal reporting requirements began to be established when the Criminal Justice Act came in as well as the EU’s first money laundering directive.

The regime to report suspicions in relation to market abuse grew up completely separately and in the UK was driven by FCA and its’ predecessor organisations including the exchanges. Previously called STRs (Suspicious Transaction Reports) they evolved into STORs in July 2016 after the implementation of MAR added orders into what needs reporting.

What do UK regulators expect in terms of cross over?

As mentioned earlier the regimes grew up separately in the UK with reports going to different regulators.

However, the FCA have always retained responsibility for how the firms it supervises manage the financial crime risks they face, it provides detailed guidance about how regulated firms are expected to manage these risks and has taken frequent enforcement action against firms and individuals for weaknesses in financial crime controls.

A more recent development has been the FCA challenging the industry about taking more holistic lessons from their STORs and SARs and not looking at these in siloes. In 2019 they published a thematic review looking at the risks of money laundering through capital markets (TR19/4 - Thematic Review 19/4: Understanding the Money Laundering Risks in the Capital Markets).

The thematic review found issues including:

  • only reporting STORs and not SARs

  • a lack of knowledge about money laundering in capital markets businesses

  • a lack of capability to detect money laundering

  • few typologies being available for money laundering scenarios in capital markets

  • assumptions that money laundering risks sat elsewhere in the trading chain

  • very low numbers of SARs being submitted by firms in capital markets businesses.

The FCA review makes reference to the ‘mirror trading’ enforcement action against Deutsche Bank in 2017 (Final Notice 2017: Deutsche Bank) as an important example of how markets activity can facilitate money laundering activity and how firms covered by their thematic review were generally using this as a typology but lacked others. As such the FCA published some additional typologies in an annex to TR19/4.

What should firms do in practice?

A key lesson is that firms cannot rely on having made a STOR as having satisfied any obligations to make a SAR. Whilst the NCA and FCA cooperate and share information extensively the FCA will not repot to NCA on your behalf and vice versa.

Good practice is for the team responsible for reviewing and / or submitting STORs should share these as soon as possible for those responsible for investigation and submission of SARs, for example the MLRO.

Another good practice is for these different teams / individuals to meet regularly to discuss areas of suspicions so that potential additional STORs or SARs can be identified.

Firms should also stay alert form the latest guidance from bodies like FATF and the JMLSG to get the benefit of the experience of the wider industry as there has been more focussed work on the risks of money laundering through markets.

Understand who really does what risk management in your firm, we have seen examples of where financial crime staff assumed that market abuse surveillance covered financial crims risks when it didn’t and control areas covering markets businesses with limited knowledge of money laundering risks and typologies. For example, you might assume that communications surveillance covers AML risks when possibly it does not.

All of this points towards much closer working relationships between staff focussed on market abuse risks and staff looking at financial crime risks.

Remember that it is still likely that suspicions need different investigations so it will be unlikely you will be able to lump all this together in one team or using one surveillance system. For example, looking at trading data and patterns is pretty different from investigating the source or use of funds.

Different reports go to different authorities for good reasons and the regulators have different appetites for what they want to receive.

Over recent years the FCA has generally been encouraging more STOR reporting, even in situations where suspicions might not be that strong. Conversely the NCA, who receive very high volumes of SARs, has discouraged defensive reporting and generally want more concrete suspicions.

The STOR regime is also broader as it includes attempts to trade, change orders etc. Whereas such activity would be unlikely covered by POCA (and hence SARs) as no transaction has taken place.

As such just assuming every STOR should lead to a SAR is probably a bit clumsy and it would be better if firms exercised some discretion and criteria before making the SAR.

Fruit or Fowl?

SARs and STORs are pretty clearly different and have been set up to meet different public policy objectives so probably looking more like apples and pears.

The overlap is key particularly when thinking about the money laundering risks markets activity poses.