Certified Regulatory Compliance Manager (CRCM) — Question 232

In which of the following circumstances is it LEAST appropriate for a bank to file a SAR regarding Internet activity?

Answer options

• A. Bank determines that one of its customers is the victim of identity theft
• B. Bank becomes aware of identity theft of its domain name (i.e., another entity selects a name similar to the bank's in order to confuse customers and obtain confidential financial information)
• C. Bank discovers that someone has hacked into its data system in order to obtain confidential customer data
• D. Bank determines through its transaction-monitoring program that a customer is making electronic transfers between his own checking and savings accounts that are just below the $10,000 reporting level

Correct answer: D

Explanation

The correct answer is D because routine transfers between a customer's own accounts, even if they are just below the reporting threshold, typically do not indicate suspicious activity warranting a SAR. In contrast, the other options involve clear instances of fraud or malicious activity that would necessitate reporting.