Israel’s approach to combating money laundering and ensuring transparency in financial transactions is based on international standards aligned with the Financial Action Task Force requirements. Central to this system is the Israeli Money Laundering Prohibition Authority (IMPA), which serves as Israel’s Financial Intelligence Unit (FIU). IMPA doesn’t possess direct supervisory powers. Instead, financial institutions are overseen by their supervising regulator, who conducts audits to ensure that IMPA requirements are implemented effectively.

IMPA places a strong emphasis on data collection, focusing its efforts on obtaining comprehensive information from regulated financial institutions (FIs). This is facilitated through two main reporting requirements for financial institutions: Currency Transaction Reports (CTRs) and Unusual Activity Reports (UARs). While IMPA is at the helm of gathering and processing this intelligence, it entrusts FIs with the responsibility of providing timely, high-quality data via robust reporting requirements.

Currency Transactions Reports to the FIU – Israeli Financial Institutions (FIs) are required to  submit CTRs either weekly or monthly, based on detailed formats published by IMPA. The report includes information about customers’ activities when they reach certain thresholds defined in the various AML orders. Usually, transactions over NIS50,000 or those over NIS5,000 that involve high-risk countries must be reported.

Certain sectors, such as international money transfer and currency exchange, have an additional layer of reporting. They need to submit quarterly reports to the Israeli Tax Authority, similar to the CTR formats used by IMPA.

Unusual Activity reports to the FIU – FIs are required to file Unusual Activity Reports (UARs) with IMPA. Unlike SAR reports, which are submitted once there is clear foundational evidence for suspicions that a customer has committed illegal activity, UAR reporting is expected in the early stages of identifying unusual activity (or attempts) that deviate from the FI’s expectations for activity in customer’s account. UAR report is generally filed when a behavioral red flag is triggered rather than when there is evidence of illegal activity. Red flags and typologies are stipulated in the order and published by IMPA and other regulators.

UAR Report Format – To enable the IMPA to maximize the purpose of the report, namely the provision of quality information to enforcement bodies, it must be clear and concise. The person drafting the report should be familiar with the nature and type of the reported activity. Additionally, they should examine the client’s activity, information obtained through the “Know Your Customer” questionnaire, identification documents, and the “Beneficiary and Control Owner” declaration. If the information is inadequate or unclear, the FI can reinitiate the “Know Your Customer” process or investigate the client regarding suspicious activities.

Generally, a quality report should address the following questions: Who, What, When, Where, How, and Why (often abbreviated to WWWWHW). For example:

• Who conducted the activity, and who is identified as the ultimate “beneficiary”?
• What is the nature of the activity, and what raised suspicion?
• What are the amounts involved in the activity?
• Where did the activity take place? Given the international nature of money laundering, which countries are involved, and are they high risk?
• When was the activity performed, and what is the timeline of the activity?
• Why did the FIs choose to file the report, and why does the activity seem unusual?

UAR Report Structure –  UAR report consists of the details of the reporter and the details of the subject of the report (the client), either an individual or a corporation. All fields must be filled out based on the information received in the “Know Your Customer” process. For non-Israeli residents, it’s mandatory to update the client’s full identification number (including letters) and enter the client’s name in English. The reporting FI must assign a unique sequential number for the report, enabling identification by the supervisory body. The client’s address should be updated according to the detailed format in the relevant field.

The essence of the report serves as its title. It should specify the report’s topic and consist of a single sentence. IMPA performs statistical analyses based on these titles, so similar reports should use the same format for their title.

The body of the report must provide details about the reported event, the circumstances, and any other relevant information, such as the nature of the suspicions. Maximum detail is required in accordance with the above (WWWWHW) with a special emphasis on the event dates, involved account numbers, transaction identifiers, and the involved payment methods. If it’s a follow-up report, the relevant previous report number should also be mentioned.

In the section addressing involved parties, it’s necessary to list all entities involved in the event that haven’t been mentioned in the client’s details, including signatories, power of attorneys, beneficiaries, and parties involved on the opposite side of the transaction.

Relevant attachments should be added to the report, including information gathered in the “Know Your Customer” process, details of the client’s activities, tables with recent transactions, and information or images about the payment methods.

UAR Report Timelines – Since the IMPA forwards the information it gathers to enforcement agencies that may pursue “hot leads”, early access to the information may impact the investigation’s success. As a result, the IMPA places a strong emphasis on receiving information within the shortest time frame possible.

UARs must be filed with IMPA in the shortest period of time possible under the circumstances after the unusual activity was identified. Attempts to conduct activity identified as “unregular” but not finalized should also be reported. In case of an unavoidable delay, the FI must document why the delay occurred. 

There are a few work methods that may help file UAR reports in the shortest time frame possible. These include filing a report in the early stages of identification of unusual activity and later submitting an additional, more conclusive report when the internal investigation is complete, An additional practical approach is setting more frequent monitoring rules and issuing alerts with overlapping lookback periods.

Identifying Unusual Activity – Identification of “Unusual” transactions for filing UAR reports requires strong internal work processes ensuring periodic collection and processing of information regarding customers and their activity from multiple sources. This process should be regularly reviewed and updated to reflect any changes in the environment, customer risk profile, or industry trends.  Information requiring further investigation about customers may be obtained from various sources such as external data, internal employee reporting, and transaction monitoring systems.

External data sources – information from the media, public and commercial databases, and legal repositories, among others. 

Internal reporting – Employee reports are essential to this matrix. Employees must be trained to recognize “red flags” and anomalous behaviors. Internal reporting is a collective responsibility, requiring vigilance from all parties involved in customer interactions or operations.

Internal reviews and transaction monitoring – Continuous review of customer transactions is essential to identifying unusual activity. Internal review processes and transaction monitoring systems ensure continuous surveillance of customer transactions. It is vital to analyze transactional patterns and activities to determine whether they are suspicious. As part of the monitoring process, both automated and manual alerts should be reviewed. Regular reviews should be conducted to ensure the effectiveness of the internal review processes and transaction monitoring systems.

Types of UAR Reports – UAR reports may be filed for multiple reasons ranging from obtaining “hard evidence” of illicit activity to abuse of company policy or deviations from expectations for a certain type of activity or customer profile. Below are some examples of typical UAR report types:

· Refusal to comply with AML regulations – The customer intentionally conducts activity below the identification or CTR reporting thresholds by concealing or undiscoring ties between entities performing multiple “one-to-many” and “many-to-one” transactions without reasonable explanation. When asked for documents and KYC & CDD information, the customer refuses to cooperate. The customer provides information or documents that are inconsistent or irrelevant about the source of funds or source of income.

· Deviation from the customer’s profile – the customer conducts activity different from the information provided during the “Know Your Customer” process in terms of volume or type of activity. The volume and scope of the customer’s activity do not correlate with stated income. The nature of the activity does not match the customer’s profile or the profile of similar customers. Significant and unexpected spikes in customer activity without a logical explanation. The activity of the customer raises suspicions of an account takeover.

· Illicit activity red flags – Customers conducting business activity in private accounts without tax registration. “Pipeline account” A high percentage of the funds received are transferred to another beneficiary. Suspicion of illegal activity – fraud, theft, forgery, extortion, ransomware, identity theft, elderly abuse, human trafficking, illegal gambling, sanctions avoidance , or terrorist financing. Customers conduct unlicensed business activities in regulated industries – finance, pharmaceuticals, cannabis, weapons, and crypto. Illegal activity – human trafficking, prostitution, drugs, etc. Suspicions for bribery and corruption involving politically exposed persons,

· Involvement of undisclosed third parties – Third party involvement without clear affinity to the customer, for example, account top-ups, debt repayment, collateral ownership.

·Untransparent activity – Involvement of high-risk geographies. Reliance on intermediaries and complex corporate structures, including trusts and non-profit organizations, without revealing the ultimate beneficiaries. Transactions involving multiple third parties and financial institutions, complex financial instruments, and cash transactions.

Closing Accounts

Unlike in many other countries, filing a report does not automatically require closing the account. Frequently, we are posed with the question: “Is the report sufficient? Can I report and proceed with operations on behalf of the client? At what point should we terminate our relationship with the customer?” Despite the legal protections available for reporting entities, if a FI possesses information indicating illegal activity—particularly where funds have origins or destinations related in any manner to offenses outlined in the Money Laundering Prohibition Act—we recommend considering terminating the relationship. This advice is also grounded on the potential reputational and image risks to the FI.

Documentation – Given the subjective nature of decision-making in unusual reporting mechanisms, it is paramount to document all decisions related to forwarding or archiving a particular report. Furthermore, it’s essential to document due diligence processes and the documents or information received during the relevant investigation or inquiry. Such materials might be reviewed in regulatory audit processes where the FI’s obligations in this area are being assessed.

Keywords – The use of keywords aids IMPA in analyzing the content of unusual reports more efficiently and initiating a comprehensive review of the reported case and its circumstances. If relevant to the report, the phrase should be incorporated into the content, preceded by “Keyword expression: __________.”