How do you define “suspicious” and “ongoing monitoring” in safe deposit boxes?

 

If you think that it can be quite difficult to spot suspicious transactions/behaviors in customers’ bank accounts, let’s think how it is to spot them in a financial service where you don’t even see what the customer is doing.

What is the definition of “suspicious” when the bank is 80% blind and where the AML scenarios from the monitoring systems do not apply anymore? How can we spot and report suspicious in such cases? How can you monitor this activity and what mitigations measures can you implement?

I will share with you my conclusions on safe-deposit boxes hoping that you will enlarge them with your own personal experience, considering that there is relatively little documentation on this subject.

 

aml safe deposit box-opaque serviceThe safe deposit box is an opaque service

You cannot see what the customer is keeping in it or what goes in and out as in the case of current accounts. However, safe deposit boxes are subject to the same AML / CFT / Sanctions regulations as current accounts which in turn are visible to the bank and subject to its transactions monitoring system.

 

Safe deposit boxes should be offered only to existing customers, that already have a history with the bank

If you cannot see in the safe deposit box and monitor it, then you must allow yourself the luxury to have a current account used by the customer in which you can look and which you can analyze.


You must have a customer transactional profile that you can correlate with the safe deposit box behavior.

It is not sufficient that the bank procedures state that safe deposit boxes are only granted to bank customers. They must be offered to customers that already have a transactional history with the bank. Otherwise, you will find yourself in the situation where customers open bank accounts just to benefit of the safe deposit box but do not use their current accounts. In this case, you will have no transactional profile that could give you hints and AML alerts about possible misuse of the safe deposit box.

I found myself in the situation of analyzing customers with safe deposit boxes that had no activity on their current accounts. In the absence of a transactional profile I realized that I was forced to base much of my analysis on external information in order to understand the customer, his current activity, his reasons for having a safe deposit box (and of a particular size) and especially his method of using the safe deposit box (number of visits in a certain period, time spent, etc.).

I thus used all the available databases that I could consult without the customer’s prior consent (the national registry of companies to see if the customer has companies, the ministry of finance website to see the financial situation of his companies, court decisions or trials involving the customer or his companies, google for extra information, facebook, linkedin, etc.).

 

How do you spot suspicious indicia in safe deposit boxes?

In the case of safe deposit boxes, “suspicious” is first of all behavioral and behavior cannot be included in AML scenarios

In this situation, more than in the case of current accounts, the front line people represent the bank’s most essential resource in identifying and reporting suspicious activity in due time.

The front line people dealing with safe deposit boxes must receive specialized training in order to be able to spot suspicious behavior and report it in due time (before an AML control on this activity). If the number of safe deposit box visits is not linked to a system that electronically monitors them, registers them and creates alerts when a certain threshold is exceeded, then the only chance of the AML officer to spot suspicious activity is during periodical controls…and then it can be too late.

Suspicious indicia

  • Large number of visits of the safe deposit box in a given period compared to other customers (especially if the customer profile doesn’t justify it);
  • The safe deposit box is visited only/mainly by the empowered person/delegate of the customer (hint that the customer is just a front man and the beneficiary owner of the safe deposit box is actually the empowered person/delegate who for some reason wants to hide this ownership);
  • A person already having a current account opened with the bank, doesn’t have a safe deposit box on his name but frequently uses the safe deposit box of another customer as empowered person/delegate;
  • The customer is always brought by / comes with someone else to visit the safe deposit box. The other person tries to keep a low profile (waits for the customer outside or doesn’t engage in any conversation with the bank employees) – hint that the other person may be the actual beneficiary owner;
  • Discrepancy between the customer profile and his need for a safe deposit box (eg. students, low income customers, customers that reside in a different area or town than where the safe deposit box is – hint that they may be used as front men);
  • Different customers always come in the same time / at a very short period one after another to visit their safe deposit box, although they didn’t declare any business/personal relation;
  • The customer remains a long time in the safe deposit box area (hint that he may have large amounts to number / order or that he may even engage in illegal activities in the safe deposit box area, like drug packaging);
  • After visiting the safe deposit box, the customer frequently deposits cash at the cashier below the reporting threshold (sign that he has much cash in the safe deposit box which he intends to introduce in the financial system in a structured way);
  • The customer has a large number of safe deposit box visits but no activity on his current accounts;
  • Sudden change in the way the customer uses his safe deposit box (increase/decrease in number of visits; the customer doesn’t come to the bank anymore but send his delegate or vice-versa; long inactivity of the safe deposit box followed by an increased number of visits in just a few days, etc.);
  • The customer holds a safe deposit box for a period of time with little activity, returns the keys and after some time returns and ask for a different type of safe deposit box without a clear justification regarding his reasons for renouncing at the first one or for having another one (hint of fraud – there were cases in the Romanian banking scenery when customers duplicated the key of the initial safe deposit box and returned after a time to steal the goods that other customers placed in it in the meantime).

The indicia above are just a few that I have observed and used in my AML analysis. Some of them were explained by the customer profile, some were not.

This is why I repeat myself and say that it is essential that the bank has a customer profile for the customers to whom it offers safe deposit boxes. The customers’ statements at the account opening are insufficient, especially if there is little or no current account activity that can help you understand the customer’s activity. External information on the customer and a trained observance of the customer from the front office staff are important to monitor these customers correctly.

Please feel free to contribute with other suspicious indicia, methods of on-going monitoring and other elements that you find useful.

By Andreea Tampu, ACAMS

3 Comments
  1. thanks for sharing Andreea, though safe deposit box is considered as a unexciting and sleepy area, but in risk profiling of a customer having a safe deposit box could be one of the criteria to make them a high risk customer and the suspicious indicia in your article are quite helpful for AML monitoring

  2. That’s really a food for thought for all AML professionals,money laundering tends to happen at the most obvious situations which can easily be overlooked most of the times,safe handling just one of them!
    Looking forward to more of such articles.

  3. Great insights and a risk profile I’m sure many have overlooked.

Leave a reply