persona-logo
Industry
Published October 24, 2022
Last updated February 26, 2025

What is a suspicious activity report (SAR)?

Financial institutions are legally required to report potential criminal activity to the appropriate investigation agency by filing a suspicious activity report (SAR).
Emily Sachs
Emily Sachs
8 mins
An icon showing a SAR report
Key takeaways
In addition to financial institutions' legal requirement to continuously monitor for suspicious activity, it’s also their duty to create and file a suspicious activity report (SAR) whenever they suspect that fraud, money laundering, or financial crimes are taking place.
SARs must be filed within 30 days of the suspicious transaction.
SARs are highly confidential — the individual who discovers the activity isn't required to disclose their name or contact information, and the filer is prohibited from disclosing information that could reveal the report's existence.

Banks and other financial institutions are mandated to monitor for and identify concerning activity that could indicate money laundering, the financing of terrorism, and other crimes.

When a suspicious transaction occurs, these institutions must use a suspicious activity report (SAR) to escalate the activity to the appropriate body for legal investigation. These reports are a key part of preventing criminal activity, and neglecting to file them is a serious violation. Brokerage firm Merrill Lynch failed to file hundreds of SARs over a decade-long period ending in 2019, and was fined $12 million in penalties by the U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Agency (FINRA).

What is a suspicious activity report?

A suspicious activity report (SAR) is an electronic form that financial institutions use to record and report suspicious activity, not just about account holders, but anyone who may attempt to transact with the bank. As part of these organizations’ legal requirement to continuously monitor for suspicious activity, it’s also their duty to create and file a SAR whenever they suspect that fraud, money laundering, or other illegal activities are taking place.

The Bank Secrecy Act (BSA) first implemented SARs in 1970 and officially made them the standard method to report suspicious activity in 1996. 

The Financial Action Task Force (FATF), the global watchdog responsible for monitoring financial crimes, has listed SARs among its 40 recommendations to fight against money laundering. Respective law enforcement and financial networks within every adherent country are responsible for monitoring and regulating SAR filings. In the U.S., the Financial Crimes Enforcement Network (FinCEN) is the primary agency that manages reporting within the network of other government regulators, including the SEC, FINRA, and other regulatory agencies that also have SAR mandates.

How does a suspicious activity report help identify and prevent money laundering?

With millions of transactions taking place across thousands of institutions every day, it’s impossible for law enforcement and financial crimes networks to track and investigate them all. Banks are the first and best line of defense against financial criminals. They have the people and processes — and ideally the technology — in place to flag suspicious activity. 

The information provided via a SAR report is critical for identifying and locating bad actors, revealing criminal networks, and shedding light on their cash flow source. Once identified, law enforcement can take action to prevent future money laundering incidents. An example of this was in 2013, when a SAR filing helped dismantle a multi-state cigarette smuggling operation.

When do financial institutions need to file a suspicious activity report?

Financial institutions are expected to file a SAR as soon as they flag any unusual activity. The law states that the report must be filed within 30 days of the attempted or completed transaction. The only exception is if the organization needs to collect more evidence. In this case, they may receive an extension of up to 60 days.

Institutions should file a SAR for any kind of suspicious activity that could indicate involvement in money laundering, terrorism, or other financial crimes, including trafficking and abuse. As SARs are a preventative and investigative tool, banks can and should submit them even if there is no proof of an actual crime.

Examples of situations where a financial institution might file a SAR include:

  • Suspected insider trading

  • Large or unusual cash transactions

  • Transactions that don’t correlate with the type of business (for example, a seasonal fireworks stand receiving wire transfers for licensing fees)

  • A high level of sudden activity in usually dormant accounts

  • Unusual, frequent, or large international and/or domestic wire transfers

  • Any other transaction in which the individual appears to be improperly accessing funds or hiding activity, such as tax evasion

Who needs to file a suspicious activity report?

All financial institutions, including community and retail banks, commodities brokerage firms, casinos, cryptocurrency exchanges, mortgage brokers, and nontraditional money lenders are legally required to submit a SAR whenever they notice suspicious activity.

Failure to file a SAR can result in large regulatory fines, prison time, costly mitigation, legal costs, reputational risk, business disruption, and even revoked contracts.

In many cases, employees are the first to notice suspicious activity and they should report it to management. Though any employee can file a SAR, typically a member of the compliance or anti-money laundering (AML) team formally files the report.

SARs are most often filed by financial institutions, but any business or even a member of the general public can use them to report suspicious financial activity.

What does a SAR look like, and how is it filed?

In the U.S., a SAR is a multi-page document provided by FinCEN that requires several pieces of information, including:

  • The name, date of birth, address, Social Security number, and phone number for all account holders involved in the suspicious activity

  • Dates and documentation of the suspicious transaction(s)

  • Contact information for the financial institution

The first few sections of the form include fields to document the category of crime, transaction amount, and the financial services and instruments involved.

Suspicious Activity Report (SAR) example
Suspicious Activity Report (SAR) example

All SARs include a narrative section. This is a written description of the event and the reasons why the person filing the report believes the transaction is suspicious. FinCEN offers guidelines on how to write SAR narratives. This ensures that investigators get a full picture of the activity so any subsequent probe is more successful.

Suspicious Activity Report (SAR) example

After an institution completes the SAR, it must be filed with the appropriate agency. The submission process is now electronic in most countries, including the U.S., where FinCEN uses the BSA E-Filing System.

Investigation and suspicious activity report confidentiality

The possibility of suspicious activity does not necessarily mean a crime was actually committed, so after someone submits a SAR, the next step is an investigation. Law enforcement will dig into the details of the transaction to determine if it’s truly illegal or linked to some criminal activity. If so, they’ll take appropriate action.

Bank secrecy extends to the highly confidential nature of SARs to ensure the sanctity of the process and to protect the public. The filer is expressly prohibited from disclosing the existence of a SAR or any key details. This ensures that the subjects of the report do not know they have been identified on a SAR. Similarly, publishing any details about a SAR in the media is a federal crime.

In addition, the individual who discovered the activity is not required to disclose their name or personal contact information when filing the SAR. Once received by FinCEN, each report is reviewed by financial managers and government attorneys who understand the importance of confidentiality and privacy. For all these reasons, any person being investigated will not know about the report unless and until they are contacted by law enforcement.

How to more easily flag suspicious activity

While monitoring account activity is essential, even small institutions can process thousands of transactions per day. This makes it challenging and inefficient to catalog all potential criminal activity.

One critical solution is to rigorously train employees. Employees will be more likely to notice suspicious transactions and act accordingly if you educate them on common red flags and warning signs, teach them how to identify suspicious transactions, and empower them to escalate activity that warrants a SAR.

However, the most efficient and large-scale method to detect suspicious activity is through automated transaction monitoring as part of a larger Know Your Customer (KYC) program supported by due diligence and AML tools that can help deter bad actors and, ultimately, catch criminals infiltrating the monetary system.

Free white paper
See how experts evaluate KYC/AML solutions
Get the guide

Level up your AML compliance with Persona

SARs are a key step to preventing money laundering and financial crime on a global scale. Appropriate and timely filing is essential for all financial institutions to protect themselves and their customers — and remain compliant. However, SARs can become a time-consuming process when they rely on traditional, manual monitoring and reporting solutions. Manual reporting is also error prone and hamstrings your team’s productivity.

At Persona, we understand the challenges compliance teams face on a daily basis. That’s why we’ve launched AML Case Management & Automated SAR Filing, Persona’s all-in-one solution designed to help your team streamline investigations while adhering to regulations. Collect identity data, investigate suspicious transactions, and file a SAR — all in one place. Powered by our case management platform, we provide a reliable way to manage active and pending AML investigations, keep track of upcoming deadlines, and track approvals. If you’d like to learn more about how our new SAR filing solution can help your business, please reach out — we’d love to chat.

The information provided is not intended to constitute legal advice; all information provided is for general informational purposes only and may not constitute the most up-to-date information. Any links to other third-party websites are only for the convenience of the reader.
Emily Sachs
Emily Sachs
Emily Sachs is a freelance writer and editor with equal parts professional experience as an award-winning newspaper reporter and an AML/KYC analyst at two major financial institutions. She lives in Brooklyn in a very small apartment with a very large cat.
Continue reading
  • Unusual activity reports (UARs) vs. suspicious activity reports (SARs)
    5 mins

    Unusual activity reports (UARs) vs. suspicious activity reports (SARs)

    Find out if you should be filing UARs, why they’re used, and how to streamline the reporting process.

  • What is AML transaction monitoring?
    7 mins

    What is AML transaction monitoring?

    Learn how transaction monitoring works, why it's important, and more.

  • What is anti-money laundering (AML), and why is it important?
    12 mins

    What is anti-money laundering (AML), and why is it important?

    Learn about the stages and harms of money laundering, key AML regulations, and how to meet constantly evolving compliance standards.