28 Most Asked Questions about Suspicious Activity Reports (SARs)

The Financial Crimes Enforcement Network (FinCEN) received more than 12 million SARs from 2011 to 2017 and more than two million in 2019 alone – International Consortium of Investigative Journalists 

What is a Suspicious Activity Report (SAR)?

A Suspicious Activity Report (SAR) is a tool for the United States financial institutions to assist the government agencies in detecting and preventing financial crimes. When an institution comes across an irregular transaction or possible criminal activity, the institution must report it. SAR is a mechanism set in place to alert the authorities of any potential financial fraud. The investigating agencies don’t use SARs as concrete evidence against the suspect. Instead, they use SARs as a basis of the investigation to find proof.

What is the history of Suspicious Activity Report (SAR)?

SAR was initially called a Criminal Referral Form. The Bank Secrecy Act (also known as ‘The Currency and Foreign Transactions Reporting Act of 1970’) requires financial institutions to disclose any suspicious economic activity. SAR became the standard form of reporting suspicious activity in 1996. The USA Patriot Act further expanded SAR requirements to help combat domestic and global terrorism.

What is the definition of suspicious activity in banking?

Suspicious activity is any conducted or attempted transaction or pattern of transactions that you know, suspect, or have reason to suspect meets any of the following conditions:

  • The activity involves funds derived from illegal activity
  • The activity that by design hides assets derived from illegal activities to evade federal law or avoid reporting requirements
  • The activity is to evade the Bank Secrecy Act requirements
  • There is no business or apparent lawful purpose
  • The activity involves insider abuse of a financial institution or facilitates criminal activity

Which institutions need to file SAR?

All financial institutions operating in the United States, including insured banks, savings associations, savings association service corporations, credit unions, bank holding companies, nonbank subsidiaries of bank holding companies, Edge and Agreement corporations, stock and mutual fund brokers, and various money service businesses (check-cashing companies, money order providers, etc.), and United States branches and agencies of foreign banks, are required to make this report.

In addition, the casinos and card clubs, precious metals or gems dealers, insurance companies, and those involved in the mortgage business all fall under the stipulations of the Bank Secrecy Act (BSA).

What are the triggers for a SAR?

The primary triggers for a SAR are:

  1. The daily aggregate amount of cash transactions exceeding $10,000
  2. Detection of any suspicious activity that signals criminal activity like money laundering, tax evasion, etc.
  3. International money transactions over a particular value
  4. If there is a repeated pattern 

What are the examples of typical patterns of suspicious activity?

Here are some of the common examples indicating suspicious activity:

  1. Lack of evidence of legitimate business activity, or any business operations, undertaken by the parties to the transaction(s);
  2. Unusual financial nexuses and transactions occurring among certain business types (e.g., food importer dealing with an auto parts exporter);
  3. Transactions that are not commensurate with the stated business type or that are unusual and unexpected in comparison with the volumes of similar businesses operating in the same locale;
  4. Huge numbers or volumes of wire transfers or repetitive wire transfer patterns;
  5. Complex series of transactions indicative of layering activity involving multiple accounts, banks, parties, jurisdictions; 
  6. Suspected shell entities;
  7. Bulk cash and monetary instrument transactions;
  8. Unusual mixed deposits of money orders, third party checks, payroll checks, etc., into a business account;
  9. Transactions being conducted in bursts of activities within a short period, especially in previously dormant accounts;
  10. Transactions or volumes of aggregate activity inconsistent with the expected purpose of the account and expected levels and types of account activity conveyed to the financial institution by the account holder at the time of the account opening;
  11. Beneficiaries maintaining accounts at foreign banks that have been subjects of previous SAR filings;
  12. Parties and businesses that do not meet the standards of routinely initiated due diligence and anti-money laundering oversight programs (e.g., unregistered/unlicensed companies);
  13. Transactions seemingly designed to, or attempting to avoid reporting and recordkeeping requirements; and 
  14. Correspondent accounts being utilized as “pass-through” points by foreign jurisdictions with subsequent outgoing funds to another foreign jurisdiction

Where should you file the Suspicious Activity Report (SAR)?

The financial institution must file the SAR with the Financial Crimes Enforcement Network (FinCEN) that promotes national security through the strategic use of monetary authorities.

What happens when a financial institution files a SAR?

When a financial institution files a SAR, FinCEN shares it with law enforcement authorities, including the Federal Bureau of Investigation and United States Immigration and Customs Enforcement. In turn, the law enforcement authorities use SARs to detect crimes and further investigate the matter to find concrete evidence.

When must a SAR be reported?

The financial institutions must file the SAR within 30 (thirty) days from detecting the suspicious activity. However, if the institution cannot identify the subject or requires more evidence, an extension not exceeding 60 (sixty) days is available.

Is SAR confidential?

A SAR and any information that would reveal the existence of a SAR is highly confidential. The report contains the suspected customer’s personal and financial data. The financial institutions shall not disclose the SAR or information about the existence of SAR to any person other than for investigation purposes. Sharing the SAR information with third parties like the media is a federal crime.

With Whom Can a SAR be Shared?

Apart from filing the SAR with FinCEN, the financial institutions can also share it with any Federal, State, or local law enforcement agency or regulatory authority that examines the financial institution for compliance with the Bank Secrecy Act. Additionally, the financial institutions can share the SAR with:

  • Another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR
  • In connection with specific employment references or termination notices, to the full extent authorized in Title 31 United States Code (U.S.C.) §5318(g)(2)(B)
  • Within the bank’s corporate organizational structure for purposes consistent with the provisions of the Bank Secrecy Act

Can the SAR be Shared With the Client?

Title 31 U.S.C. § 5318(g)(2) prohibits the sharing of SAR or any information indicating the existence of SAR with any person involved in the suspicious transaction.  

How to file a SAR?

As of April 1, 2013, financial institutions must use the new FinCEN reports available only electronically through the BSA E-Filing System. The FinCEN SAR Electronic Filing Instructions document provides the instructions for filing SAR.

The home page of SAR looks like this:

Suspicious Activity Report ScanWriter

Source: FinCEN

What are the requirements for suspicious activity reporting?

Filing Institution Contact Information 

It includes information like the type of financial institution, primary federal regulator, identification, contact details, etc.

Suspicious Activity Report ScanWriter

Source: FinCEN

Information about Financial Institution Where Activity Occurred 

If the activity has occurred at the same institution filing the SAR, you can click on yes otherwise, provide the branch details where the suspicious activity has occurred. This section also requires some additional information like financial institutions’ role in the transaction.

Suspicious Activity Report ScanWriter

Source: FinCEN

Subject Information 

It requires the name, occupation, contact details of the client suspected of criminal activity. Fill in as much information as available to help the investigating authority identify the person. For example, providing the occupation or the type of business of the subject is essential as it will assist in determining the income bracket of the client. Thus, the financial institution or investigating agency can flag any amount beyond the income bracket or sudden increase in income as a suspicious activity. 

Suspicious Activity Report ScanWriter

Source: FinCEN

Suspicious Activity Information 

The suspicious activity information field requires the date, amount, type of activity, etc., involved in the suspicious transaction.

Source: FinCEN


The narrative section of the report is critical to understanding the nature and circumstances of the suspicious activity. It needs to be clear and concise to provide clarity regarding the suspicious activity. Here are some tips to keep in mind while writing the narrative:

  • Since the preceding sections provide necessary contact details and other information, avoid repeating that information 
  • Describe the transaction and how it was detected
  • Explain the irregularity in it that makes it suspicious and different from the regular transactions
  • Do not provide a lengthy list of transactions in the narrative as there is a character limit of 20,000
  • Make sure to include all the necessary information
  • Keep it simple and relevant
  • Provide a list of reasons like tax refund fraud, foreign corruption, bankruptcy, funnel account, etc. to help categorize the report

Source: FinCEN


If available, documents evidencing the suspicious activity can be attached. For example, you can provide a record showing that one of the parties to the suspicious transaction has prior money laundering antecedents. Also, a note can be attached if the narrative exceeds the maximum character limit. 

Source: FinCEN

Should financial institutions file additional SARs on the same suspicious activity to accommodate narratives that are longer than the SAR narrative character limits?

No. The narrative should include a clear and concise description of suspicious activity. If the filing institution reaches the character limit, it should not file an additional SAR to avoid duplicate filings on the same action in the database. However, if the institution cannot provide all the relevant information within the narrative character limit, the filing institution can include an additional attachment to the SAR.

How to write an effective SAR?

Financial institutions should incorporate overall solid risk management practices for suspicious activity monitoring. Writing a SAR requires conducting thorough research and analysis of the suspicious activity. Numerous tools help with financial data collation, processing, and verification that come in handy while dealing with voluminous data.

The e-filing form of SAR should be filled as comprehensively as possible and should detail the following:

  • Details of the subject or client against whom the financial institution suspects fraudulent activity
  • The nature of the transaction that indicates suspicious activity
  • Date and time of the suspicious transactions
  • Instruments used by the client to commit the suspected criminal activity
  • The irregularities in dealings and the difference from the usual transactions

An effective SAR contains complete factual data collected and compiled after thorough research, analysis, and verification detailing all the relevant information that shows the nature of the suspicious activity.

Which transaction must the financial institutions report on a SAR?

The financial institutions must report the following kind of transactions on a SAR:

  • Structuring transactions, for example, an altered transaction to avoid BSA recordkeeping requirements or to avoid Currency Transaction Reports (CTR) requirements
  • Transactions by known or suspected terrorist or terrorist organization
  • Money laundering transactions
  • Tax evasion transactions
  • Any other transactions which indicate a financial crime

Should a financial institution file a SAR solely on receiving a grand jury subpoena or other law enforcement inquiries?

No. The financial institution should decide whether SAR filing is necessary based on the review and assessment of all the relevant information of its client under investigation. 

Is a financial institution required to terminate a customer relationship following the filing of a SAR or multiple SARs?

No. BSA does not require the financial institution to terminate the relationship with the client after filing SAR against it. Instead, keeping the account of the client open will help the financial institution detect any continuing suspicious activity to be reported. Keeping the account open will also help combat ongoing money laundering, terrorist financing, and other illicit economic activities. 

Is a financial institution required to file a SAR based solely on negative news?

No. The financial institution can review the negative news and assess the information of its client. It should conduct its due diligence and determine whether the institution requires filing a SAR against the client.

Who is responsible for sending a SAR to the Financial Intelligence Unit?

Usually, the financial institution where the suspicious activity has been detected or committed sends SAR. However, the institution’s headquarters can also send the SAR on behalf of a financial institution’s branch.

In many cases, financial institutions have automated monitoring systems for detecting suspicious activity. However, financial institutions must train their employees to identify suspicious activity. Additionally, the institutions can appoint a designated Anti-Money Laundering (AML) officer whom the employees can inform about the suspicious activity for reporting to FinCEN.

How long must a SAR be maintained?

The financial institution must maintain the SAR filing records and relevant documents for 5 (five) years from the filing date.

When should a continuing activity SAR be filed?

FinCEN recommends filing SARs for continuing activity after a 90 days’ review, with an extension of 30 more days from the previous SAR filing date. Financial institutions may also file SARs on continuing activity earlier than the 120-day deadline if the institution believes the activity warrants earlier review by law enforcement.

Are there any penalties for non-compliance with BSA regulations?

Failure to comply with any of the provisions of BSA or any other law requiring the filing of SAR can result in civil and criminal penalties, including substantial fines, regulatory restrictions, loss of banking charter, and even imprisonment.

Are Safe Harbor Provisions Applicable to Suspicious Activity Reporting?

Yes. The law offers protection from any civil liability to the financial institutions for SARs filed within the required reporting thresholds and to SARs filed voluntarily on any activity below the threshold.

What are the exceptions from the filing of SAR?

A financial institution is not required to file a SAR for a robbery or burglary committed or attempted or for lost, missing, counterfeit, or stolen securities. That is because there are separate reporting procedures in place under the law for such activities.

How do financial institutions detect suspicious activity?

Numerous Anti-Money Laundering (AML) tools help detect suspicious transactions by analyzing the client data. In addition, it automates the detection activities involved in the process and allows financial institutions to save time. Such software use Artificial Intelligence (AI) and machine learning to optimize the AML process.

How to aggregate the data after detection of suspicious activity in a client’s account?

Once the AML tool detects suspicious activity in a client’s transactions, software like ScanWriter by Personable Inc. can automate the data capture effort. Also, it helps collate the data and investigate data from various financial institutions of the same client for aggregated analysis. In addition, its sophisticated analytical tools and modeling techniques make it easy to follow the money trail. Thus, it is the perfect tool for financial fraud investigation with financial intelligence tools.


Try ScanWriter Today