Back to All Blog Posts

Special ACFCS Report: The Front Lines – The Investigations Series Part One, ‘The Suspicious Mind’

Suspect Board

The skinny:

  • ACFCS unveils a new series, “The Front Lines,” by Erin O’Loughlin, Senior Director of Training for ACFCS – former front-line investigator and manager for multiple large financial institutions, to include a crypto currency exchange, as well as a former intelligence officer for the U.S.
  • Here she will tackle issues that directly affect your everyday work life, with the goal of offering practical, tactical takeaways that can immediately help you think differently, analyze more fully and act and react more quickly looking at historical and emerging challenges through the lens of an experienced investigator.
  • Where to start? First, by having what Elvis called “a suspicious mind.” Such a stratagem is crucial in allowing you to objectively perform a full fraud or AML investigation within your organization – and choose when, and when not, to file suspicious activity reports.

By Erin O’Loughlin Senior Director of Training for ACFCSformer front-line investigator and manager for multiple large financial institutions, to include a crypto currency exchange, as well as a former intelligence officer for the U.S. Government. 
June 23, 2021

Welcome to The Front Lines, a publication for the front-line investigator, risk officer and compliance professional.

Here, ACFCS will discuss issues that directly affect your everyday work life, with the goal of offering practical, tactical takeaways that can immediately help you think differently, analyze more fully and act and react more quickly looking at historical and emerging challenges through the lens of an experienced investigator.  

There are many areas where compliance professionals can benefit from sharpening what many consider the most subjective, and oft-criticized area of fincrime compliance: human decision-making on what, how and when to file – even in an era of loudly blaring buzzwords like artificial intelligence, automation and machine learning.  

Some perennial topics include:

“Why do I have to click SO MUCH just to complete an investigation?”

“Are suspicious activity report (SAR) quotas a federal regulation or my bank’s policy?” “What makes an effective compliance/investigations manager?”

“What is my spreadsheet showing me??”

At issue is that industry conferences worldwide often highlight high level topics, such as impending regulations, red flags, typologies or trends. But speakers on these topics do not tend to dive into full investigations from beginning to end.

While they have a TON to teach us about a lot of things, the question is: What matters to you, the investigator?  

Like most of you, as a front-line investigator for several large financial institutions, I learned this industry via on-the-job training. While I did receive the requisite regulatory training, learning how to “be an investigator” was something I had to learn by doing.

But how does one do that?

First, having what Elvis called “a suspicious mind” is crucial in allowing you to objectively perform a full fraud or AML investigation within your organization.

What makes a suspicious mind? 

Merriam-Webster defines suspicious as “Questionable” or “Distrustful.” These two words are essential to not only surviving your environment, but to also performing an objective fraud or anti-money laundering (AML) investigation.    

From an evolutionary perspective, when the Cro-Magnon man traversed among predatory animals, he had to develop an extra “sense” to detect when that animal was hunting him.

He created tools, such as spears, to counteract these predators that had a physical advantage over him.

The “distrustful” or “suspicious mind” is also inherent within women, due to their typically smaller stature, compared to men. In order to survive, or avoid assault, particularly in riskier regions with weak rule of law, women must perpetually live in such a “suspicious mindset.”

Suspicion, or distrust is not a novel concept in our society and transcends all facets of our lives.

As you can see, it is not only the cornerstone of what has protected us for a millennia, but is also what makes an effective investigator.

What does this all mean?

As much as we have advanced from our Cro-Magnon ancestors, human beings still hurt one another, they still manipulate, lie, steal, and cheat.  

While not every human does this, we all have the ability to conduct these actions.

Because of this, investigators within the financial industry need to corroborate what your financial institutions’ customer has stated what their account will be used for – in financial crime parlance, this would be the “expected activity.”  

This, coupled with knowledge of what is normal for the customer’s stated industry can help lay the foundation for developing your investigative “suspicious mind.”

For many large and mid-size banks, this effort is supported by a customer “risk ranking” that engages in a highly numeric and analytics-driven exercise to arrive at a distinction of low, medium or high.

That determination later sensitizes an institution’s transaction monitoring system, which chirps alerts when – as we mentioned above – expected activity wavers beyond predetermined thresholds.    

The term “trust but verify” is a useful one, however, I found it easier to develop my investigative skills by saying to myself, “Distrust until I corroborate.”  

By the time a case crosses your desk, there is a reason for it.

Whether it be an alert due to the rules written by your company or a law enforcement request, there is a reason you are being asked by your employer to determine suspicion within an account.

Sometimes not all the accounts/customers you come across are participating in illicit activity but until you corroborate what the customer has stated is normal for their account, distrusting the activity will help hone your investigative, i.e. “suspicious mind.”

Beyond simply dispositioning the alert, the thinking process you undertake, and why or why not you did or didn’t file, can be highly scrutinized after the fact by nitpicky examiners.

At the same time, being careful how you manage transactional alerts – they all must be investigated, but the time spent and resources used depends on the number of investigators and accumulated acumen – choosing shorter investigations, or even not filing at all, might actually be the right decision.  

Man pointing at search icon

Suspicious mind case study: How to mightily mitigate out of a SAR 

I once worked a case that involved a Lebanese-owned, U.S.-based restaurant that alerted due to cash deposits to a business account, immediately followed by transfers to a personal account, then followed shortly by cash withdrawals from ATMs in Beirut, the capital of Lebanon.

So you might be wondering: why did Lebanon give me pause. The answer: because it has so many ties to high-profile money laundering cases and terror groups.

Which ones?

“Terrorist groups operating in Lebanon included Hizballah, ISIS, Hamas, and the Abdullah Azzam Brigades,” according to the U.S. government’s “Country Reports on Terrorism 2019: Lebanon.”

To read the full report, click here.

“Of these, the Lebanon-based and Iran-backed terrorist group Hizballah remained the most capable,” according to the report, adding that Israel in 2019 noted the group was producing precision-guided missiles in the country.

As well, despite the Lebanese government’s “official policy of disassociation from regional conflicts, Hizballah continued its military role in Iraq, Syria, and Yemen, in collaboration with the Iranian regime.”

Further ramping up risk: “In addition, several individuals on the FBI’s most wanted list or listed by the State or Treasury Departments as Specially Designated Global Terrorists reportedly remained in Lebanon.”

So, not surprisingly, cognizant of the regional roiling cauldron of risk, this was the distrust portion of my investigation.

The cash withdrawals alone may have been enough to have filed a SAR and be done with it.

However, the obvious nature of the cash transactions seemed as though the account holder was not trying to conceal anything from the bank or law enforcement.  

I decided to look deeper to better corroborate what I was seeing.  

One thing that jumped out to me: the amount of cash being withdrawn was minimal and only the location of the withdrawals was what triggered the alert.

Without contacting the customer, I dug deeper into open-source intelligence (OSINT) by Googling the account holder’s name.

While researching, I found out a key detail that helped mitigate, or somewhat douse, my original incendiary inclinations: I found a Facebook account for the customer with pictures of him and his family standing in front of the restaurant.

Here I was able to see that the restaurant did exist.

I then looked at the pictures of his family and saw that his teenage daughters had their own Facebook and Instagram accounts, both of which were public/open accounts.

After perusing the daughters’ pages, I discovered pictures of them on what appeared to be the American University campus in Beirut and other places in and around Beirut.  

From these posts I was able to deduce that the daughters appeared to be utilizing the cash deposited into the personal account, thus making these transactions normal for the customer.

While this customer did not state (he probably should have alerted the bank that these withdrawals would be a normal occurrence) that he was putting money into the joint account he had with his daughters and that the cash withdrawals would be taking place from Beirut, I was able to corroborate his stated nationality and thus the account activity looked normal for him.  

While every investigation is different, this is just one example of how my suspicious mind turned out to not detect any illicit activity and corroborated what made sense for the account.  

These thought processes, magnified across an industry, can help better manage investigative resources and be seen as crafting effective AML programs producing intelligence that would be of use to law enforcement – the new incoming standard of the just-passed Anti-Money Laundering Act (AMLA).

So, in a sense, working to hone your “suspicion” sixth sense isn’t just a tactic to make your fincrime compliance program more ready, relevant and in-tune with regulatory expectations, it is a tacit requirement to better acclimate, adapt and adopt to a regime where the focus has shifted from easily auditable processes to investigative results.  

What makes you a better investigator? Where is your mind when you open your spreadsheet and does this influence your case results?

If you have any suggestions for what you would like The Front Lines to discuss – For the Investigator, by the Investigator – please submit them to

About the author

Erin O'Loughlin Headshot

Erin O’Loughlin comes to ACFCS with deep-rooted experience gained working inside the financial crimes/compliance industry in a variety of roles, including AML investigations for Bank of America, scouring dark web markets to identify proactive risk on the TOR network for Western Union, and supervising crypto fraud and money laundering investigations for Coinbase.

Prior to entering the private sector, O’Loughlin served as an operations officer in the Central Intelligence Agency for ten years. She was posted in both overseas and domestic positions, specializing in Counter Terrorism, conflict resolution, mediation, and due diligence.

See What Certified Financial Crime Specialists Are Saying

"The CFCS tests the skills necessary to fight financial crime. It's comprehensive. Passing it should be considered a mark of high achievement, distinguishing qualified experts in this growing specialty area."


(JD, Washington)

"It's a vigorous exam. Anyone passing it should have a great sense of achievement."


(CFCS, Official Superior

de Cumplimiento Cidel

Bank & Trust Inc. Nueva York)

"The exam tests one's ability to apply concepts in practical scenarios. Passing it can be a great asset for professionals in the converging disciplines of financial crime."


(CFCS, Royal Band of

Canada, Montreal)

"The Exam is far-reaching. I love that the questions are scenario based. I recommend it to anyone in the financial crime detection and prevention profession."


(CFCS, CAMS Lead Compliance

Trainer, FINRA, Member Regulation

Training, Washington, DC)

"This certification comes at a very ripe time. Professionals can no longer get away with having siloed knowledge. Compliance is all-encompassing and enterprise-driven."

Director, Global Risk
& Investigation Practice
FTI Consulting, Los Angeles