Industry

What is a suspicious activity report (SAR)?

Financial institutions must use suspicious activity reports (SARs) to report questionable activity to the appropriate body for legal investigation

An icon showing a SAR report
Read time:
Share this post
Copied
Table of contents
⚡ Key takeaways
  • In addition to financial institutions' legal requirement to continuously monitor for suspicious activity, it’s also their duty to create and file a suspicious activity report (SAR) whenever they suspect that fraud, money laundering, or financial crimes are taking place.
  • SARs must be filed within 30 days of the suspicious transaction.
  • SARs are highly confidential — the individual who discovers the activity isn't required to disclose their name or contact information, and the filer is prohibited from disclosing information that could reveal the report's existence.

Banks and other financial institutions are mandated to monitor for and identify concerning activity that could indicate money laundering, the financing of terrorism, and other crimes.

When a suspicious transaction occurs, these institutions must use a suspicious activity report (SAR) to escalate the activity to the appropriate body for legal investigation. These reports are a key part of preventing criminal activity and neglecting to file them is a serious violation. Brokerage firm Merrill Lynch failed to file hundreds of SARs over a decade-long period ending in 2019, and was fined $12 million in penalties by the U.S. Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Agency (FINRA).

What is a suspicious activity report?

A suspicious activity report (SAR) is an electronic form that financial institutions use to record and report suspicious activity, not just about account holders but anyone who may attempt to transact with the bank. As part of these organizations’ legal requirement to continuously monitor for suspicious activity, it’s also their duty to create and file a SAR whenever they suspect that fraud, money laundering, or other illegal activities are taking place.

The Bank Secrecy Act (BSA) first implemented SARs in 1970 and officially made them the standard method to report suspicious activity in 1996. 

The Financial Action Task Force (FATF), the global watchdog responsible for monitoring financial crimes, has listed SARs among its 40 recommendations to fight against money laundering. Respective law enforcement and financial networks within every adherent country are responsible for monitoring and regulating SAR filings. In the U.S., the Financial Crimes Enforcement Network (FinCEN) is the primary agency that manages reporting within the network of other government regulators, including the SEC, FINRA, and other regulatory agencies that also have SAR mandates.

How does a suspicious activity report help identify and prevent money laundering?

With millions of transactions taking place across thousands of institutions every day, it’s impossible for law enforcement and financial crimes networks to track and investigate them all. Banks are the first and best line of defense against financial criminals. They have the people and processes — and ideally the technology — in place to flag suspicious activity. 

The information provided via a SAR report is critical for identifying and locating bad actors, revealing criminal networks, and shedding light on their cash flow source. Once identified, law enforcement can take action to prevent future money laundering incidents. An example of this was in 2013, when a SAR filing helped dismantle a multi-state cigarette smuggling operation.

When do financial institutions need to file a suspicious activity report?

Financial institutions are expected to file a SAR as soon as they flag any unusual activity. The law states that the report must be filed within 30 days of the attempted or completed transaction. The only exception is if the organization needs to collect more evidence. In this case, they may receive an extension of up to 60 days.

Institutions should file a SAR for any kind of suspicious activity that could indicate involvement in money laundering, terrorism, or other financial crimes, including trafficking and abuse. As SARs are a preventative and investigative tool, banks can and should submit them even if there is no proof of an actual crime.

Examples of situations where a financial institution might file a SAR include:

  • Suspected insider trading
  • Large or unusual cash transactions
  • Transactions that don’t correlate with the type of business (for example, a seasonal fireworks stand receiving wire transfers for licensing fees)
  • A high level of sudden activity in usually dormant accounts
  • Unusual, frequent, or large international and/or domestic wire transfers
  • Any other transaction in which the individual appears to be improperly accessing funds or hiding activity, such as tax evasion

Who needs to file a suspicious activity report?

All financial institutions, including community and retail banks, commodities brokerage firms, casinos, cryptocurrency exchanges, mortgage brokers, and nontraditional money lenders are legally required to submit a SAR whenever they notice suspicious activity.

Failure to file a SAR can result in large regulatory fines, prison time, costly mitigation, legal costs, reputational risk, business disruption, and even revoked contracts.

In many cases, employees are the first to notice suspicious activity and they should report it to management. Though any employee can file a SAR, typically a member of the compliance or anti-money laundering (AML) team formally files the report.

SARs are most often filed by financial institutions, but any business or even a member of the general public can use them to report suspicious financial activity.

What does a SAR look like, and how is it filed?

In the U.S., a SAR is a multi-page document provided by FinCEN that requires several pieces of information, including:

  • The name, date of birth, address, Social Security number, and phone number for all account holders involved in the suspicious activity
  • Dates and documentation of the suspicious transaction(s)
  • Contact information for the financial institution

The first few sections of the form includes fields to document the category of crime, the amount of the transaction, and the financial services and instruments involved.

Suspicious Activity Report (SAR) example
Suspicious Activity Report (SAR) example

All SARs include a narrative section. This is a written description of the event and the reasons why the person filing the report believes the transaction is suspicious. FinCEN offers guidelines on the form on how to write SAR narratives. This ensures that investigators get the full picture of the activity so that any subsequent probe is more successful.

Suspicious Activity Report (SAR) example

After an institution completes the SAR, it must be filed with the appropriate agency. The submission process is now electronic in most countries, including the U.S., where FinCEN uses the BSA E-Filing System.

Investigation and suspicious activity report confidentiality

The possibility of suspicious activity does not necessarily mean a crime was actually committed, so after someone submits a SAR, the next step is an investigation. Law enforcement will dig into the details of the transaction to determine if it’s truly illegal or linked to some criminal activity. If so, they’ll take appropriate action.

Bank secrecy extends to the highly confidential nature of SARs to ensure the sanctity of the process and to protect the public. The filer is expressly prohibited from disclosing the existence of a SAR or any key details. This ensures that the subjects of the report do not know they have been identified on a SAR. Similarly, publishing any details about a SAR in the media is a federal crime.

In addition, the individual who discovered the activity is not required to disclose their name or personal contact information when filing the SAR. Once received by FinCEN, each report is reviewed by financial managers and government attorneys who understand the importance of confidentiality and privacy. For all these reasons, any person being investigated will not know about the report unless and until they are contacted by law enforcement.

How to more easily flag suspicious activity

While monitoring account activity is essential, even small institutions can process thousands of transactions per day. This makes it challenging and inefficient to catalog all potential criminal activity.

One critical solution is to rigorously train employees. Employees will be more likely to notice suspicious transactions and act accordingly if you educate them on common red flags and warning signs, teach them how to identify suspicious transactions, and empower them to escalate activity that warrants a SAR.

However, the most efficient and large-scale method to detect suspicious activity is through automated transaction monitoring as part of a larger Know Your Customer (KYC) program supported by due diligence and anti-money laundering (AML) tools that can help deter bad actors and, ultimately, catch criminals infiltrating the monetary system. 

Free white paper
See how experts evaluate KYC/AML solutions

Level up your AML compliance with Persona

SARs are a key step to preventing money laundering and financial crime on a global scale. Appropriate and timely filing is essential for all financial institutions to protect themselves and their customers — and remain compliant. However, SARs can become a time-consuming process when they rely on traditional, manual monitoring and reporting solutions. Manual reporting is also error prone and hamstrings your team’s productivity.

Our case management solutions provide automated alerts and streamline the review process to make it easy to search for statuses of escalations and ensure timely submission of SARs. If you’d like to learn more about how our products can help your business, please reach out — we’d love to chat.

Frequently asked questions

No items found.

Continue reading

Continue reading

Know Your Employee (KYE): How identity verification fits in the picture
Know Your Employee (KYE): How identity verification fits in the picture
Industry

Know Your Employee (KYE): How identity verification fits in the picture

A thorough Know Your Employee (KYE) process helps you verify the identity, credentials, and background of new and existing employees to control for fraud.

Data subject access requests for the GDPR
Data subject access requests for the GDPR
Industry

Data subject access requests for the GDPR

Learn about data subject access requests (DSARs) for the GDPR and individuals’ rights to access their personal data.

Online KYC during user onboarding
Online KYC during user onboarding
Industry

Online KYC during user onboarding

Many businesses need to have a KYC process for onboarding new users. Learn what's required, common steps, and more.

Unusual activity reports (UARs) vs. suspicious activity reports (SARs)
Industry

Unusual activity reports (UARs) vs. suspicious activity reports (SARs)

Find out if you should be filing UARs, why they’re used, and how to streamline the reporting process.

What is AML transaction monitoring?
Industry

What is AML transaction monitoring?

Learn how transaction monitoring works, why it's important, and more.

What is anti-money laundering (AML), and why is it important?
Industry

What is anti-money laundering (AML), and why is it important?

Learn about the stages and harms of money laundering, key AML regulations, and how to meet constantly evolving compliance standards.

Ready to get started?

Get in touch or start exploring Persona today.