What is SAR Report?

When financial institutions detect unusual behavior that could signal potential money laundering or fraud, they turn to Suspicious Activity Reports (SARs) to initiate a closer examination. SARs are crucial components of anti-money laundering (AML) and counter-terrorist financing (CTF) efforts, serving as an early warning system to flag transactions that deviate from normal patterns. In fact, recent data reveals that over 1.5 million SARs were filed in the U.S. alone in the past year, underscoring the vital role these reports play in combating financial crime. 

What is a Suspicious Activity Report (SAR)?

A Suspicious Activity Report (SAR) is a document filed to track suspicious activities and to inform regulatory bodies about them by related institutions. The Bank Secrecy Act (BSA) of 1970 introduced the Suspicious Activity Report (SAR) as a crucial tool for overseeing and identifying suspicious activities and criminal activity not typically highlighted in other reports, such as the currency transaction report. In 1996, the SAR report emerged as the standardized form for reporting suspicious activity to defend against money laundering. 

When to File a SAR Report 

SAR Report must be filed when a financial institution or individual suspects a customer is involved in suspicious or potentially criminal activities, such as money laundering, terrorism financing, or other illegal activities. The SAR should be filed as soon as possible after the suspicious activity is detected, typically within 30 days, to comply with reporting requirements set by regulatory agencies such as the FinCEN.

Companies must raise SAR when they detect one of the following:

  • Extremely high-value deposits
  • Unusual transactions in terms of sender, receiver, location, and volume
  • High-value transactions across countries
  • Abnormal customer behavior
  • Non-commercial transactions

What Can Be Considered a Suspicious Activity?

Suspicious activities are defined by specific values in currency, known as thresholds of currency. In the United States, the Financial Crimes Enforcement Network (FinCEN) sets these thresholds for national US banks and international banks operating under the jurisdiction of the Office of the Comptroller of the Currency (OCC). These definitions, while specific to US banks, give a general idea of the types of activity that qualify as suspicious.

According to the OCC, an SAR (Suspicious Activity Report) must be required with FinCEN in certain circumstances, such as: 

  • If insider trading abuse is suspected,
  • If a violation involving $5,000 or more is identified,
  • If a violation involving $25,000 or more is detected, regardless of the suspect.

Additionally, transactions that violate the Bank Secrecy Act (BSA) or are intended to evade existing regulations must also trigger a SAR filing and can be seen as suspicious activity. In general, reasonable suspicion is considered a reasonable possibility that relevant evidence exists, and a "vague feeling of unease" would not be sufficient.

Best Practices for Compliance Officers to Manage Suspicious Activity Reports

Common Patterns of Suspicious Activity

The observed patterns of suspicious activity encompass various indicators that may signal potential illicit financial behavior and criminal activity. These include:


PatternsDescription
Lack of Legitimate Business ActivityParties involved in transactions show little or no evidence of legitimate business operations.
Unusual Financial NexusesUncommon financial connections and transactions between businesses, such as a food importer engaging with an auto parts exporter.
Inconsistent TransactionsTransactions that do not align with the stated business type or differ significantly from the typical volumes seen in similar local businesses.
Large or Repetitive Wire TransfersAbnormally high numbers and volumes of wire transfers, including repetitive patterns.
Bulk Cash TransactionsTransactions involving substantial amounts of cash or monetary instruments.
Complex Transaction SeriesUnusually intricate sequences of transactions involving multiple accounts, banks, and parties.
Mixed DepositsUnusual mixed deposits into a business account that deviate from typical transaction patterns.
Bursts of ActivitySudden surges in transactions within short timeframes, particularly in dormant accounts.
Inconsistency with Account PurposeTransactions or activity volumes that do not align with the initially stated purpose of the account.
Attempted Evasion of Reporting RequirementsTransactions designed to circumvent reporting and recordkeeping obligations.


What Institutions Need to be Aware of Suspicious Activity Reports?

  1. Institutions such as banks, financial establishments, and other entities handling large sums of money need to be acutely aware of suspicious activity reports. These reports are crucial for the detection and prevention of illegal activities such as money laundering, fraud, and terrorism financing.
  2. To effectively identify and report suspicious activity, institutions must have a thorough understanding of the types of red flags that may indicate criminal behavior. This can include unusual transactions, inconsistencies in customer information, and high-risk activities that deviate from normal behavior patterns.
  3. Institutions need to have robust anti-money laundering and compliance programs in place to ensure that they are equipped to properly identify and report suspicious activity. This includes training staff to recognize red flags, implementing strict monitoring procedures, and staying up-to-date on regulatory requirements.
  4. By being vigilant and proactive in reporting suspicious activity, institutions play a critical role in safeguarding the financial system and protecting their customers from potential harm. Failure to report suspicious activity can result in severe consequences, including hefty fines and damage to reputation. Therefore, institutions need to prioritize compliance and ensure that they are actively working to combat financial crime.

What is a Bank SAR Report?

A Bank Secrecy Act Suspicious Activity Report (BSA-SAR) is a report filed by financial institutions to report potential money laundering or other suspicious activities to the FinCEN of the U.S. Department of Treasury. Banks and other financial institutions are legally required to monitor their customers' transactions and report any suspicious activity that may indicate money laundering, fraud, terrorism financing, or other illegal activities.

Suspicious Activity Report in Transaction Monitoring

Transaction Monitoring also has an important place for Suspicious Activity Reports. Transaction Monitoring responds to companies' AML (Anti-Money Laundering), CFT (Counter-Financing of Terrorism), and KYC (Know Your Customer) requirements. Transaction monitoring generates an alarm for suspicious situations and suspicious activities. When the software issues an alarm, the transaction is automatically stopped, and the transaction is reviewed in detail by the Firm's Compliance or Risk Department. At this point, if the SAR comes into play and detects crime in the customer transaction, the suspicious transactions report to the AML, CFT, and KYC regulators.

Comprehensive strategies and best practices for effective transaction monitoring to enhance compliance and security in financial operations.

Suspicious Activity Reporting Process

Suspicious Activity Reports are a tool provided by the BSA of 1970. SARs allow governments to identify and analyze trends and patterns that arise in a wide range of personal and organized crime. With this information, they can predict and resist fraudulent and criminal behavior before gaining a place. Even though most SAR reports come from the financial sector, institutions such as law enforcement, public safety workers, and business owners also submit a SAR report. Federal law requires that a financial institution and its managers, officers, employees, and agents reporting suspicious or known criminal violations or suspicious activities not report to any person reporting the transaction.

SAR Report Requirements

The following information sections are required to submit a SAR file:

  • Information such as the names, passport numbers, birth dates, addresses, social security numbers, and phone numbers of all parties related to the suspicious event is collected.
  • Dates of suspicious events that took place and documentation of suspicious activity codes are required.
  • Contact information is required for the financial institution and the institution where the auspicious event took place.
  • A written description of the suspicious activity event is developed.

According to NCA, every single suspicious activity must be reported immediately in regulated sector companies under  Part 7 of the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000. However, if a company in a different sector detects an abnormality that suspects money laundering, criminal property, or any kind of financial crime, it must raise SAR, too.

When is a Suspicious Activity Report Required?

The requirements for filing a SAR can differ based on jurisdiction and industry specifics. In the United States, the FinCEN sets clear guidelines for when SARs must be filed:

  • Financial institutions are required to file a SAR when they identify activities that may suggest money laundering or breaches of the BSA.
  • If there's suspicion that an employee is involved in illicit activities or internal fraud, a SAR must be reported.
  • The detection of customers engaging in activities related to unlicensed money services businesses also triggers the need for a SAR.

Who Can Report Suspicious Activity?

SAR report is made by a financial institution that observes suspicious activity in an account. The suspicious activity report is sent to NCA in the UK, which is investigating the incident. The financial institution can report within 30 days of any account activity they deem suspicious or unusual, and a 60-day extension can be obtained to gather more evidence as needed. Financial institutions should keep a copy of the SAR report for five years. Failure to comply with any of these regulations may result in civil and criminal penalties, including significant fines, legal restrictions, loss of banking contracts, and even prison terms. Total monetary settlements collected by regulatory agencies and law enforcement agencies for money laundering, sanctions, and tax evasion.

How Confidential Are Suspicious Activity Reports?

The Suspicious Activity Report's effectiveness depends on these reports' extreme confidentiality because they contain customers' confidential personal information and potentially have significant legal consequences. The person under investigation is never informed about the pending report. Similarly, discussions with third parties like media companies are a federal crime. When a bank or financial institution submits a SAR file, the information provided is reviewed by financial researchers, management staff, and lawyers before concluding the SAR. As a result. Special privileges are given to protect those who submit SARs as part of a company or alone; for example, people who submit SARs do not need to disclose their organization's name.

The data collection and analysis methods used by the FinCEN.

How Do You Submit a Suspicious Activity Report?

Since 2012, all Suspicious Activity Report (SAR) filings must be processed through FinCEN's BSA e-file system. This system increases efficiency and ensures uniformity in the information provided, especially in cases where public safety is at risk. Reporters need to provide information in five key sections when submitting a SAR. Initially, they gather all involved parties' names, addresses, social security numbers, birth dates, occupations, and contact numbers. Following this, documentation of incident dates and codes for the suspicious behavior is required. Subsequently, information about the financial institution where the activity transpired, including contact details, must be provided. Lastly, a written account describing the suspicious activity is drafted to complement the data.

Where Can I Find SARs Forms?

The standard SAR form is accessible through the BSA e-file system. However, some various online guides and resources aid financial professionals, legal experts, and individuals in understanding the intricacies of the reporting process.

The Current State of SAR Filings

In January 2022, the number of SARs filed exceeded any other month on record, showing an increase compared to January 2021 and 2020. Additionally, in 2021, the number of SARs filed surpassed 3 million for the first time, and it is projected to reach 3.5 million by the end of 2022. Depository institutions, such as banks and credit unions, account for 45% of all SARs filed, while money services businesses file around 40%. Out of the 90 different categories of suspicious activity that can be reported, two stand out: "transactions below the BSA threshold" were used by MSBs 50,142 times and by depository institutions 34,057 times.

How Can Sanction Scanner Help

As a leading AML compliance Regtech, Sanction Scanner offers a Transaction Monitoring tool to detect suspicious activities of your customers or individuals using your financial services. The product monitors every activity that your company mediates, and its machine-learning algorithm detects suspicious attempts. On the other hand, it allows you to create your own rules and rule sets and create your own scenarios according to your company's risk appetite, size, sector, etc. The rules can be adjusted for different customer groups according to their risk levels. After setting up, AML Transaction Monitoring software watches the activities of customers for your compliance team and notifies them if it detects a suspicious transaction and suspicious activity by real-time alerts. If you want to know more about our solution, you can contact us or request a demo of the product.

Sanction Scanner Request Demo