Suspicious Activity Reports: An Overview


Suspicious Activity Reports (SARs) are a mandatory anti-money laundering (AML) measure for a wide range of financial and money services businesses. Failing to report suspicious activity correctly can result in serious penalties, including fines and the loss of financial services licenses. 


In this article, we explore what SARs are, which organizations are required to submit them, and why many organizations choose to automate reporting.




What Is a Suspicious Activity Report?

A SAR is a document that financial businesses and some other organizations must file with the Financial Crimes Enforcement Network (FinCEN), which is part of the U.S. Department of the Treasury. Their purpose is to harness the unique positions of certain organizations in the financial ecosystem to detect, deter, and disrupt illicit financial activities.


Suspicious activities that must be reported range from unusually large cash withdrawals or deposits, to more complex and subtle activities, such as structured transactions designed to evade detection thresholds.


In the United States, the Bank Secrecy Act (BSA) is the primary legislation requiring financial institutions to assist government agencies in detecting and preventing money laundering. Under the BSA, banks and other regulated entities must file a SAR if they detect suspicious activity that may indicate financial crime, including money laundering or fraud.


In addition to the BSA, the USA PATRIOT Act increased SAR requirements by expanding the range of institutions required to file reports and enhancing the penalties for non-compliance.



Which Organizations Are Required to File SARs?

Companies in various sectors are required to file Suspicious Activity Reports as part of their regulatory obligations. Here is a list of organizations required by FinCEN to submit a report when they notice suspicious activities:


  • Banks and Credit Unions: These are the most common SARS filers. Given their central role in handling money transactions, they can often spot suspicious activities indicative of money laundering or fraud.
  • Money Service Businesses (MSBs): These include currency and cryptocurrency exchanges, check cashing services, and providers of digital currencies. MSBs are required to file SARs due to their exposure to cash-intensive transactions, which can be easily exploited for illicit purposes.
  • Mutual Funds, Securities Brokers and Dealers: These entities often manage large and complex financial transactions. Their involvement in a potentially wide array of financial products makes them critical in identifying and reporting suspicious activities.
  • Casinos: Casinos handle substantial cash transactions and may be targeted by criminals looking to launder ill-gotten gains. They are required to report any suspicious activities that may indicate an attempt to launder money. For additional information, view our blog overviewing SARs for casinos
  • Insurance Companies: Certain insurance companies, particularly those dealing with life insurance or other cash-value products, are also required to file SARs. They may encounter suspicious activities in the form of unusual premium payments or policy surrender patterns.
  • Futures Commission Merchants and Introducing Brokers in Commodities
  • Residential Mortgage Lenders and Originators1




Suspicious Activity Reporting Requirements

SAR requirements are triggered when an organization identifies a transaction or pattern of transactions that could signal illegal activity. The threshold for reporting varies depending on the type of business and the nature of the activity. But, as a general rule, transactions should be reported whenever the organization suspects that a transaction:


  • involves funds derived from illegal activities
  • is designed to evade reporting requirements
  • has no apparent business or lawful purpose


Here are some examples of suspicious activities that might warrant a SAR:


  • Large Cash Deposits or Withdrawals: Unusually large cash transactions, especially if they seem to be structured to evade the $10,000 reporting threshold for Currency Transaction Reports (CTR), can be a red flag for money laundering.
  • Frequent Wire Transfers: Frequent or unusually large wire transfers, particularly to or from locations known for high levels of criminal activity or corruption, can be suspicious.
  • Rapid Movement of Funds: Quick movement of funds between bank accounts or between different types of accounts within the same institution can indicate an attempt to hide the origin of the funds.
  • Mismatched Records: If a customer’s provided information does not match the records of the financial institution or appears to be falsified, it may warrant a SAR.
  • Overcomplicated Transactions: Transactions that seem unnecessarily complex can be an attempt to obscure the money trail and could be a sign of money laundering.


Regulated organizations must file reports no later than 30 calendar days after the date of the initial detection of suspicious activity. The 30-day period provides time to carry out an appropriate review of the transaction to determine if it is, indeed, suspicious.


However, if no suspect is identified, they can delay filing for an additional 30 days, but reporting must not be delayed more than 60 days after the date of initial detection. Failure to file within the stipulated time frame can result in hefty penalties, including fines and sanctions.


Remember, it’s not the responsibility of the reporter to prove that illegal activity is taking place — that’s the job of law enforcement. The business’s role is to alert authorities to potential illegal activity when transactions appear to be suspicious.


For further information on report writing, view our webinar overviewing effective SAR writing and our writing tips.




SARs and Unauthorized Disclosure

Businesses and their employees must not disclose information related to SARs to any unauthorized party, particularly anyone involved in the transaction. Under the BSA, no officer, director, employee, or agent of any company that makes a report may notify any person involved in the transaction that it has been reported. 


The prohibition of disclosure is designed to protect the integrity of reports and to prevent tipping off potential criminals. Prohibited actions include revealing the existence or non-existence of SARs or any information that would divulge the existence of a report, such as details of the filing process or follow-up actions.




How to Submit a Suspicious Activity Report

SAR filing is a structured process designed to capture vital details about suspicious activity. It generally involves the following steps:


  • Detection: The first step is the detection of suspicious activity. This often involves automated transaction monitoring systems that flag unusual transactions, followed by manual investigation to confirm the suspicious nature of the activity.
  • Documentation: Once suspicious activity is confirmed, the financial institution must gather all relevant information, including the date and time of the activity, the parties involved, the nature and amount of the transactions, and why the activity was deemed suspicious.
  • Submission: After the information has been compiled, the institution must submit the report. In the United States, SARs are submitted electronically to the Financial Crimes Enforcement Network (FinCEN) using the BSA E-Filing System.


The report itself is a detailed document with several sections, including an executive summary, a detailed narrative, involved parties’ information, and transaction details. The SAR narrative section is particularly critical as it provides a comprehensive account of the suspicious activity, including what happened, when and where it happened, who was involved, and why it was suspicious.


For additional information on what to do once a report is filed, view our overview of case management and tracking for SARs.




Manual vs. Automatic Suspicious Activity Reporting

As part of your SAR program, your financial institution must choose between two main methods of filing Suspicious Activity Reports (SARs) via the BSA E-Filing System: manual and automatic.


In manual SAR filing, each report is filled out by hand by compliance officers or other designated staff. This is a time-consuming and outdated process, especially considering that each FinCEN SAR may contain 500 fields that need to be accurately completed.


The average time taken to complete manual reporting is estimated to be around 90 minutes. This significant time investment can quickly add up, particularly for larger institutions handling a high volume of reports.


The alternative to this manual process is automatic regulatory reporting, which relies on a software solution like Alessa to streamline the reporting process. Automatic reporting systems pre-fill many of the fields based on the institution’s existing data, significantly reducing the time spent on each report, and increasing the accuracy, removing the element of human error. Alessa can fill between 70% and 100% of fields automatically.


To learn more about how Alessa can help your organization accelerate regulatory reporting for SARs, CTRs, and other reports, request a free demonstration.





1 Electronic Filing Instructions

Schedule a free demo

See how Alessa can help your organization

100% Commitment Free

Schedule a free demo

See how Alessa can help your organization

100% Commitment Free

Recent Posts

AML geographic risk

Assessing AML Geographic Risk

Learn more about a methodology used by financial institutions on how to interpret an AML country risk rating assessment.

Please fill out the form to access the webinar: