Legislative Decree 231/2007, Article 41, requires a broad range of persons, namely financial intermediaries and other persons engaging in financial activity (Article 11 of the Decree), professionals (Article 12), auditors (Article 13), and a series of persons engaged in other (non-financial) activities (Article 14) to send the FIU a suspicious transaction report “whenever they know, suspect or have reason to suspect that money-laundering or terrorist financing is being or has been carried out or attempted.” Since 2008, for financial intermediaries the reporting requirement has also extended to suspicion of financing of programmes of weapons of mass destruction, in the framework of the restrictive measures against Iran adopted by the UN and the EU.
The suspicion may arise from the characteristics, size, or nature of the transaction or from any other circumstances that come to the reporting institution’s attention by reason of its functions, and taking account of the economic capacity or business activity of the persons carrying out the transaction.
The suspicion must be grounded in a comprehensive assessment of all elements – objective and subjective – of the transactions that are known to the reporting institution, acquired in the course of the customer’s activity or as the result of conferral of an assignment.
To facilitate the detection of suspicious transactions, the Decree provides for several operational tools: anomaly indicators issued by other authorities on a proposal from the FIU (Article 41 and ); and models and patterns representing anomalous conduct, devised and issued by the FIU itself (Article 6[b]).
Reports must be made without delay, where possible before the transaction is effected (Article 41 and ). The reporting procedures differ according to category of reporting institution (Articles 42, 43 and 44).
Reports are transmitted to the FIU electronically via the INFOSTAT-UIF portal, after the reporting institution has been registered and authorized to use the system by the procedures described in a special set of instructions.
Reports of suspicious transactions do not constitute a violation of secrecy requirements or professional secrecy, and if they are made in good faith and for the purposes envisaged by the law, they do not incur liability of any kind (Article 41).
The content of suspicious transaction reports has been specified by the FIU’s Instructions of 4 May 2011 issued under Article 6[e-bis] and Article 41[1-bis] of the Decree.
The FIU conducts financial analysis of the reports it receives (Articles 6[b] and 47[a]). For this purpose it may acquire additional information from the persons subject to the reporting requirement, use the archives to which it has access, and exchange information with the financial intelligence units of other countries.
Financial analysis of the reports consists in a series of technical-financial examinations designed to use all the information acquired in order to understand the context that generated the report, pinpoint personal and operational ties, trace the suspicious financial flows and determine their likely purposes.
Upon completion of financial analysis, the FIU transmits the suspicious transaction reports, accompanied by a technical report, to the special currency unit of the Finance Police and to the National Antimafia Prosecutor for further investigation, if required. It also notifes the judicial authorities of any penally relevant findings. It closes the reports that it considers unfounded and so informs the reporting institution via a return flow of information (Article 9 and , Article 47.1[c] and [d], Article 48).
Fulfilment of the reporting obligation is protected by a guarantee of confidentiality and the anonymity of the individual making the report. In this regard Legislative Decree 231/2007 provides that reporting institutions and professional associations receiving reports from their members must adopt adequate measures to ensure the maximum protection of the identity of the individuals who make reports (Article 45 and ). The reports transmitted must not name the source (Articles 42, 43 and 44). In the event of a complaint or a report submitted to the courts, the investigative bodies must not mention the identity of the natural persons and other persons with reporting obligations (Article 45). The identity of natural persons can only be revealed when the judicial authority, by reasoned decree, deems it indispensable for the purposes of ascertaining the crimes that are the subject of proceedings (Article 45).
The way suspicious transaction reports are to be compiled and their information content are specified in the FIU measure of 4 May 2011, “Instructions on the data and information to include in suspicious transaction reports,” issued in implementation of Legislative Decree 231/2007, Article 6[e-bis], and its technical annexes, posted on this site and regularly updated.
The reports are transmitted only electronically, via the Bank of Italy’s dedicated INFOSTAT-UIF portal. To gain access to the portal, the reporting institutions must first be entered in the register of FIU reporters. Entry involves registration with the portal and compiling and e-mailing the “membership form” to the FIU, in some cases together with additional documentation. Authorization of access is ordinarily granted within 48 hours of reception of the application. Once registered, each reporting person is assigned a “reporter code” to identify it unequivocally within the FIU’s archives. The code is to be used in all information exchanges.
Detailed information on the registration procedure and accompanying documentation is available in the section of this site entitled “Portale INFOSTAT-UIF – Modalità di registrazione”.
In terms of content, the report has four main sections:
- data on the report itself, i.e. the information that identifies and qualifies the report and the reporting institution
- structured information items on the transactions, persons and accounts involved and their interrelations
- free-form description of the transactions reported and the grounds for suspicion
- any documents attached.
The reports are compiled and transmitted using the data entry function on the INFOSTAT-UIF portal or by uploading from the portal files containing proprietary applications that comply with the standards mandated in Annexes 3a and 3b of the Instructions.
The reports are subjected to two sets of automatic controls – one by the reporting institution itself, through diagnostic tools available on the portal and one by the FIU’s information system (in the report acquisition phase) – to ensure data integrity and compatibility.