Whether or not certain customer behavior results in a crime, a lot of financial activity can be considered suspicious. Financial institutions need to report this potentially malicious activity to the proper authorities, ensuring that it gets investigated.
Typically, this is done using suspicious activity reports. It can be difficult to know when a SAR needs to be filed, what information to include, and what happens after a report is filed. To ensure you know exactly what a SAR is and when one needs to be filed, we cover all that in detail below.
A suspicious activity report (SAR) is a report used by FIs to announce incidents of suspicious activity to the appropriate regulatory authorities. SARs can be filed for various purposes, but they are commonly used in relation to fraud, money laundering, and other financial crimes.
In the United States, the concept of the suspicious activity report was introduced with the Bank Secrecy Act of 1970 and is currently managed by the BSA. By 1996, the SAR had become the standard protocol used by American financial institutions to report any suspicious activity. Over the years, as banking has become increasingly global and digital, the possible uses for these reports have been extended.
While these have traditionally been filed using paper documents, as of July 1st, 2012, SARs are required to be filed electronically, making it much easier for organizations to manage SAR filing.
It’s best practice to file SARs as timely as possible so that the activity can be reported to the appropriate authorities and thoroughly investigated.
In most cases, a financial institution has a maximum of 30 calendar days to submit the SAR from the time of detection. If the FI cannot identify the suspect associated with the transaction in question, the SAR filing can be delayed for an additional period of 30 days; or a total of 60 calendar days. There are no circumstances that allow a SAR to be filed beyond 60 days.
It’s also important to note that SARs filed late are subject to fines and penalties.
While countries have slightly different reporting procedures, the general principle is the same; FIs are required to report any suspicious activity. One of the biggest universal challenges with this is that suspicious activity can vary significantly from individual to individual, and even more so between individuals and entities.
For example, a petroleum supplier receiving a $100 million wire transfer from a foreign conglomerate would be a legitimate transaction, but if another entity performed that same action, it could raise red flags.
For this reason, determining the proper thresholds to trigger suspicious activity can be very challenging. Really, it comes down to deciding if the behavior is abnormal for customers, which often needs to be done on a case-by-case basis.
To help you determine when you do and don’t need to file a SAR, we’ve created this handy flow chart:
While there are many reasons to file a suspicious activity report (and one should be filed for any behavior that raises suspicions about the legitimacy of accounts or transactions), it can be challenging to determine if a particular behavior or incident qualifies as ‘suspicious’ activity.
There is no universal standard for suspicious activity, and what qualifies may vary depending on the country. Even within the United States, it’s sometimes difficult to know if behavior qualifies as suspicious or not.
Below, we outline what constitutes suspicious activity - and therefore warrants a suspicious activity report.
Sometimes, it can be difficult to determine if suspicious activity warrants a SAR filing. To stay on the safe side (and avoid any potential fines or penalties), it’s best to file a SAR for any activity where there is a reasonable suspicion of fraud or money laundering.
To report suspicious activity, teams need to be able to monitor transactions and customer behavior for anomalies. To streamline the process, it’s essential to follow best practices for identifying and reporting SARs.
Below, we explain the main, high-level steps that need to be taken to file a SAR.
Once suspicious activity has been found, a SAR form needs to be filled out. All pertinent information needs to be completed, and any additional documents or resources need to be attached to the file.
Reporting software can significantly reduce the time to create these reports. They automate much of the process and guide investigators, ensuring no information is missed. This can save a significant amount of time in completing the actual report.
Once the SARs are completed, the SARs need to be submitted to FinCEN. This can be done individually or in batches, as long as the reports are filed within the appropriate time frame.
While this process can be completed manually, it’s tedious and time-consuming. Regulatory reporting software can automate SAR filing, submitting all reports in batches to the appropriate authorities (like FinCEN, goAML, NCA, and more). This saves you time - and also peace of mind - knowing that reports will be submitted promptly.
PRO TIP: In 2022, Unit21 customers filled 16,030 SARs. Unit21’s case management software is specifically designed to reduce investigations and SAR filing times by 78%. With automated SAR filing, teams never miss a deadline.
There is no actual follow-up for FIs after SARs have been filed. FinCEN will take necessary action, escalating the case to the appropriate authorities and law enforcement. While there is no further action required on the financial organization’s end, it’s best to keep records for a period of time in case the regulatory body requires more information or wants to follow up.
The requirements for reporting suspicious activity can vary significantly in different countries. That being said, most regulators require similar details about the suspicious activity.
In the United States, FinCEN has the following requirements for their suspicious activity report forms:
Once a FI files suspicious activity, the SAR is escalated to the appropriate law enforcement agency, where the findings can be investigated. FinCEN does this automatically, escalating the case to the proper authorities, such as the FBI.
It’s essential to remember that the SAR itself is not used as legal evidence, but simply to report the crime.
At the end of the day, what constitutes suspicious activity can sometimes be hard to determine. To help you decide when you should (and shouldn’t) file a SAR, we outline a few different example cases below.
Ultimately, any suspicious behavior should be reported. It’s often better to err on the side of caution and report behavior that may not end up being suspicious in nature.
A customer has a relatively new account, which has historically only been used for domestic payments. Onboarding was completed, and no red flags were presented.
Their account receives an international transfer of $27,000.
In this instance, a SAR must be filed, as the $25,000 transaction threshold has been exceeded.
A customer has been a client for 5 years. They are in good standing with the financial institution and have had no suspicious activity in the past. They make relatively routine transactions that have not raised any flags.
Seemingly out of nowhere, the customer makes a handful of transactions of $4,000 each. In total, they make 5 transactions two weeks apart, amounting to $20,000.
While this could be a legitimate attempt to transfer a large amount of money (spread out over a period of time), it could also be an attempt to skirt the $5,000 threshold for automatic AML filings.
Having a transaction monitoring solution can detect this anomaly, flagging it for investigation. After investigation, an analyst may find that the transactions are not suspicious, or could still have suspicions about the legitimacy of the transfers. This could be ruled out or could be escalated, with a SAR being filed.
A customer has been a client for over 5 years, and is in good standing with the financial institution. They have consistent transaction activity, none of which raises red flags.
The customer is in the process of purchasing their first home, and makes a large down payment. This transaction is undoubtedly out of the norm for their account activity, but it isn’t malicious. This would likely prompt an investigation, but an investigation should determine that this is a legitimate transaction. In most cases, this would not warrant a SAR filing.