Chapter 11 Quiz

Suspicious Activity Reporting and Case Management

18 questions. Answers follow.

1. Under the US Bank Secrecy Act, a bank must file a SAR when it knows, suspects, or has reason to suspect that a transaction of at least what minimum amount is involved in suspicious activity?

A) $1,000 B) $2,000 C) $5,000 D) $10,000

2. The "tipping off" prohibition in SAR regulations means:

A) Financial institutions must notify law enforcement before filing a SAR B) Financial institutions that file a SAR are prohibited from disclosing the SAR's existence to the subject of the SAR C) Law enforcement must notify financial institutions when a subject of a SAR is arrested D) Financial institutions must disclose to their regulators when they choose not to file a SAR

3. The US SAR filing deadline from the date of initial detection of suspicious activity is:

A) 10 business days B) 30 calendar days (60 days if subject is unknown) C) 90 calendar days D) 12 months (with quarterly status updates)

4. A UK institution has "knowledge or suspicion" that a customer's account contains proceeds of drug trafficking. Under the Proceeds of Crime Act 2002, what is the primary legal obligation of the institution?

A) File a SAR with FinCEN within 30 days B) Immediately close the customer's account and return the funds C) Submit a SAR to the National Crime Agency's Financial Intelligence Unit D) Notify the customer that their account is under investigation

5. The UK "Defence SAR" mechanism (also called an "appropriate consent" SAR) is designed to:

A) Protect the institution from prosecution when it was unaware of money laundering B) Allow the institution to request permission from the NCA to proceed with a transaction that would otherwise constitute money laundering — protecting the institution from POCA liability C) Automatically close the customer account pending NCA investigation D) Provide the institution with immunity from regulatory examination of the suspicious transaction

6. FinCEN has noted concerns about "defensive filing" of SARs. What is defensive filing?

A) Filing a SAR specifically to report suspected terrorist financing as opposed to money laundering B) Filing SARs of little or no intelligence value primarily to protect the institution from regulatory criticism if suspicious activity is later identified — diluting law enforcement's ability to prioritize actionable intelligence C) Filing a SAR and simultaneously notifying the customer to give them an opportunity to provide an explanation D) Filing a SAR with incomplete information and amending it later when more facts are available

7. In the five elements of an effective SAR narrative, "the suspicious pattern" refers to:

A) The full transaction history of the account over the prior 12 months B) The analyst's explanation of why the activity is suspicious — what specific indicators crossed the threshold from "unusual" to "suspected money laundering" C) A comparison of the subject's activity to peer group benchmarks D) A description of the regulatory provisions potentially violated by the subject's activity

8. Network visualization in a case management system is particularly useful for identifying:

A) Which regulatory reporting deadlines are approaching for a given case B) Structural patterns in financial crime — hub accounts, rapid transit nodes, and structuring networks that are difficult to detect from transaction tables alone C) The specific regulations that the suspicious activity may violate D) Discrepancies in the subject's KYC documentation

9. In a transaction network graph, an account with HIGH betweenness centrality would typically indicate:

A) The account holds a large balance relative to other accounts in the network B) The account conducts an unusually high volume of transactions C) The account is positioned on many of the shortest paths through the network — suggesting it may be acting as an intermediary or hub in a money laundering scheme D) The account has a high number of incoming transactions from different sources

10. The "rapid transit node" AML risk indicator in network analysis is identified by:

A) An account that processes transactions faster than the institution's standard settlement time B) An account with a high in/out ratio — receiving significant funds and paying out most of those funds — suggesting a pass-through role rather than a genuine account holder C) An account that moves funds between different currencies within a single day D) An account that accesses online banking from multiple geographic locations

11. AI-assisted SAR drafting is most appropriately used for:

A) Making the final judgment about whether suspicious activity exists B) Characterizing the legal nature of the potentially criminal conduct C) Synthesizing transaction data into structured narrative format, identifying matched typologies, and filling in standard SAR fields — with human review and finalization D) Automatically filing SARs for transactions above defined risk thresholds without analyst involvement

12. A financial institution files a SAR on January 15 for suspicious activity identified on December 20. Suspicious activity continues in February and March. What is the institution's obligation?

A) No further SAR filing required — the January SAR covers all past and future suspicious activity B) File a new SAR for each month of continuing activity C) Monitor the activity at 90-day intervals; file continuing activity SARs if warranted by ongoing suspicious patterns D) Immediately exit the relationship — continuing the relationship after filing a SAR is always prohibited

13. The SAR narrative quality element "context" refers to:

A) The institutional context — which branch, which product, which relationship manager B) How the suspicious activity differs from the customer's declared purpose and historical transaction pattern — providing law enforcement with the baseline needed to assess the significance of the deviation C) The broader macroeconomic context that may explain the transaction patterns D) The historical context of the money laundering typology matched by the suspicious activity

14. A compliance officer discovers that a SAR filed 15 months ago describes activity that is directly related to an ongoing federal investigation into organized crime. The subject's account is still active. What considerations should guide the compliance officer's decision about the account?

A) The account should be closed immediately — maintaining a relationship with a subject of law enforcement investigation is always prohibited B) The compliance officer should contact the investigating federal agency to offer cooperation C) The account should continue normally — SAR filing creates no relationship exit obligation D) Consult legal counsel; consider whether law enforcement contact is appropriate and legal; continue monitoring for additional suspicious activity; file continuing activity SARs if warranted; assess timing of any account exit carefully to avoid tipping off implications

15. The SAR registry maintained in a case management system typically tracks:

A) All customer accounts at the institution, not just those subject to SAR investigation B) The personal information of all individuals whose transactions generated monitoring alerts C) All filed SARs including subject identifiers, filing date, activity period, and subsequent relationship status — enabling ongoing monitoring and continuing SAR assessment D) Information shared by law enforcement about subjects of previous SAR filings

16. Under AMLD5, EU financial institutions must submit Suspicious Transaction Reports (STRs) to:

A) FATF's global suspicious transaction database B) OFAC, as the primary international AML authority C) The national financial intelligence unit (FIU) of the member state where the institution is licensed D) The European Banking Authority (EBA) within 72 hours of detection

17. An effective SAR narrative includes "complete subject identification." Which of the following identifiers should be included where known?

A) Name and account number only — additional identifiers are prohibited under data privacy regulations B) All known identifiers: name, address, date of birth, account numbers, tax identification number, phone numbers, email addresses, associated entities C) Only verified identifiers — unverified information (such as an address the customer provided verbally) should be excluded D) Government-issued ID numbers only — other identifiers create SAR subject privacy liability

18. The chapter's opening case study featured an analyst who identified suspicious activity across multiple closed alerts. This illustrates which fundamental limitation of automated alert management?

A) Transaction monitoring systems cannot detect structuring patterns B) Individual alert review, even when conducted correctly, can miss the suspicious significance of a pattern that only becomes apparent across multiple alerts reviewed in aggregate C) Automated alert closure systems always produce higher false positive rates than manual review D) Law enforcement cannot act on SARs that were generated from monitoring alert closures

Answer Key