Suspicious Activity Report (SAR): Tracking Your Investigation


In the fight against financial crimes, filing Suspicious Activity Reports (SARs) is a key part of the financial business. However, optimizing these reports and making sure that supporting case reports are thorough and tell the entire story is key.


Recently, Laurie Kelly, former Director of Compliance for CoBank ACB, a $136B Farm Credit System institution, hosted a webinar for us to explain why case reports are such an important tool for compliance teams.


So what is a case report and what does it look like?


“A case report is a comprehensive report that provides all the details of the suspicious activity case and its related SAR filings all in one place,” Laurie stated in the webinar. “We developed standard formats for these case reports for money laundering cases and fraud cases, and we found this tool had a number of benefits. First and foremost, it allowed us to quickly and efficiently deliver on law enforcement requests for full details of a SAR case.”


Case reports can also be an effective tool to document flagged activities that were not filed as SARs – questions that may be faced by compliance officers by an audit or a regulatory review team.  Having this readily available will improve collaboration with regulators, give enforcement meaningful insights that only the FI can provide and streamline and reduce the manual efforts associated with reporting for an AML team.


Critical sections of a case report

Based on Laurie’s experience, case reports should comprise of six key sections.

Section 1 – Basic reference information

  • Customer name
  • Date case opened
  • Category of suspicious activity (cross-referencing the SAR form categories, perhaps)
  • Case number

Section 2 – Detailed background information in narrative form

  • How suspicious activity was detected
  • What follow-up, research and/or customer inquiries were performed and by whom
  • What prompted the SAR filing
  • Background details about the customer and/or subjects involved
  • References to other SARs on same customer

Section 3 – Detailed transaction history

  • Check numbers, wire transfer details, payees/payors, beneficiaries/originators, all banks involved, all textual fields on wires/ACH

Section 4 – Law enforcement communications log

  • Track the date, name, title, contact details, and method of contact for each communication to or from any law enforcement representative regarding the case

Section 5 – SAR filing log

  • Tracking record to document all regulatory deadlines were met – especially important in ongoing cases
  • Record these dates for each SAR:
    • Activity detected
    • Decision to file SAR
    • SAR filed
    • Due date of next continuing activity SAR due date (120 days from date of last SAR)
  • BSA ID number for quick reference

Section 6 – SAR narrative:

  • Much easier to draft the SAR narrative outside of the form itself (or form-generating software)
  • Final narrative verbatim in the case report allows others reviewing and/or approving to read the narrative along with all supporting information.


As you can see, there is a lot of detail required to ensure a case report is thorough but maintains the practice of capturing this information to ensure proper investigation of suspicious activities as well as compliance to AML/CTF obligations.

Case Report and Automated Environment

During the webinar, one attendee asked why there is so much effort to create a standalone case report document when an automated suspicious activity monitoring/SAR case management system exists.


Part of the answer to that question depends on your organization’s level of automation. A case report provides high value when an automated system:

  • Has limited capability to store freeform text notes; cannot print a full report of all notes entered
  • Does not retain the SAR narrative as a separate field
  • Cannot produce a summary report (with content like that of a case report) which can be provided to law enforcement, internal management, or examiners/auditors
  • Cannot maintain specific records of law enforcement communications


The more detail we can give the regulators and the more specifics we can provide the better. All too often, I have seen clients submit SARs with missing fields or invalid fields due to system issues. I have also seen many AML teams struggling to manually manage reports.


The challenges for FIs that have multiple business units is especially greater since the narrative can change from business to business. A FINRA-regulated sell-side broker-dealer, for example, will have a totally different feel than a loans services group or the overseas banking operations of a commercial retail bank.


Each of these case reports and associated processes needs to be automated and connected to the transaction monitoring system to reduce manual effort and mitigate risk, while at the same time giving the regulators meaningful insights that only FIs have.


However, be cautious. Even if you have the most automated system in the market, case reports are necessary because you need to document the human judgment made when interpreting the data provided for suspicious activities.  This human element of AML investigation is highly valuable for the regulators and a piece of the puzzle that cannot be left out.


We would be happy to discuss how our case management system works and how it can work for your regulatory reporting obligations. Please contact us today.



Recent Posts

Please fill out the form to access the webinar: