Pomegra Wiki

Suspicious Activity Report Filing Thresholds

U.S. financial institutions must file a Suspicious Activity Report (SAR) with the Financial Crimes Enforcement Network (FinCEN) when they know, suspect, or have reason to suspect that a transaction or pattern of activity involves money laundering, terrorism financing, or other financial crimes. Contrary to common belief, there is no single dollar threshold—a $500 transaction can trigger a SAR, and a $100,000 transaction may not.

SAR filings are mandatory for banks, credit unions, casinos, and money services businesses. The “knows, suspects, or has reason to suspect” standard gives compliance officers wide discretion and places the burden squarely on the financial institution.

The “knows, suspects, or has reason to suspect” standard

The triggering standard for a SAR is deceptively simple but operationally complex. A financial institution must file when it knows, suspects, or has reason to suspect that a customer or transaction involves:

  • Money laundering
  • Terrorist financing
  • Tax evasion
  • Fraud
  • Structuring or currency smuggling
  • Bribery or corruption
  • Sanctions violations

The key word is suspects. The bank does not need proof or a high degree of certainty. The threshold is much lower than “probable cause” in criminal law. If a compliance officer has a reasonable basis to think something is amiss, filing is appropriate and safe.

This flexibility is intentional. Regulators want banks to err on the side of reporting rather than stay silent. Conversely, financial institutions are protected by safe harbor: they cannot be sued for filing a SAR if it was done in good faith, even if the underlying suspicion later proves unfounded.

Transaction size is not the primary driver

The most common misconception is that SARs are filed only for large transactions. In fact:

  • A $5,000 cash deposit by a customer with no business explanation can trigger a SAR.
  • A $250,000 wire transfer from a known, established business customer rarely does.
  • A $8,500 deposit followed immediately by a $9,200 deposit (suggestive of structuring) can prompt a SAR, even though neither transaction alone exceeds the old $5,000 threshold.

The $5,000 minimum (now repealed)

Historically, FinCEN guidance suggested that SARs should involve transactions of at least $5,000. This created a bright-line rule: many banks filed SARs only for suspicious activity involving $5,000 or more.

In 2020, FinCEN formally rescinded the $5,000 guidance, clarifying that no minimum dollar threshold applies. A $500 transaction involving a Cash-Intensive Business AML Risk customer can now trigger a SAR if the circumstances warrant.

This change has subtle implications. Smaller financial institutions, which often lack sophisticated compliance analytics, now face discretionary decisions on smaller transactions. A $2,000 suspicious deposit at a community bank requires judgment about whether to file, rather than a mechanical rule.

Patterns and cumulative suspicion

SARs often arise not from a single large transaction but from patterns:

  • Ten deposits of $9,800 each (suggesting deliberate structuring to avoid the $10,000 Currency Transaction Report threshold)
  • Deposits followed immediately by wire transfers to high-risk countries
  • A customer opening accounts under multiple names with similar transaction profiles
  • Customers with no stated business depositing large cash amounts regularly

The “reason to suspect” language captures this cumulative reasoning. No single deposit is inherently suspicious, but the sequence and timing create a pattern that must be reported.

Timing: the 30-day window

Financial institutions have 30 days from detection to file a SAR. “Detection” typically means when a compliance officer becomes aware of the suspicious activity, not necessarily when the transaction was posted.

A 60-day extension is available in narrow cases, typically when a law enforcement agency requests delayed filing to support an ongoing investigation. This extension requires specific notification to FinCEN and law enforcement.

Who files and who reviews

Financial institutions—banks, credit unions, money services businesses, casinos, and brokers—are responsible for filing. Larger institutions maintain dedicated SAR teams; smaller banks may delegate the decision to a compliance officer or branch manager.

Once filed, FinCEN does not investigate every SAR. Instead, FinCEN de-duplicates and analyzes patterns across millions of SARs annually. Law enforcement (FBI, DEA, IRS, FinCEN’s own investigation division) may use SAR data to initiate investigations into specific people or entities.

Conversely, law enforcement can ask a bank to file a SAR as part of an investigation. The bank is not obligated to comply unless subpoenaed, but cooperation is common and expected.

Sanctions and BSA violations

SAR filings are also required when a financial institution detects potential violations of economic sanctions (OFAC, Treasury Department restrictions on transactions with specific countries or entities). A bank that suspects it may have processed a transaction with a sanctioned person or country can file a SAR in addition to any direct notification to OFAC.

Similarly, Bank Secrecy Act (BSA) violations—failures to file required CTRs or SARs, inadequate KYC processes—can themselves become the subject of a SAR if a third party reports them.

Safe harbor and liability protection

The safe harbor in 31 U.S.C. § 5318(g) is broadly protective: a financial institution is not liable for filing a SAR if the report is made in good faith and based on facts known to the institution, even if the report is later found to be inaccurate or the alleged conduct never occurred.

This protection is strong and intentional. Regulators want banks to file even when uncertain; the alternative—under-reporting due to fear of litigation—creates systemic risk.

Conversely, the safe harbor does not protect an institution from filing recklessly or in bad faith, or from failing to file when circumstances clearly warrant it. Regulators have brought enforcement actions against institutions with systemic SAR-filing failures.

Perpetual monitoring and threshold compliance

Under the Perpetual KYC vs Periodic Review framework, SAR identification is becoming more continuous. Rather than waiting for an unusual transaction to occur, institutions now monitor customers against evolving risk profiles—sanctions lists, politically exposed person (PEP) databases, news screening—in near real-time.

This perpetual approach means SARs are filed proactively, not just reactively. A customer’s profile may degrade over time (e.g., they relocate to a higher-risk jurisdiction or their apparent business legitimacy declines), triggering a SAR even if no single transaction is out of line.

See also

Wider context