Suspicious Activity Report

A Suspicious Activity Report (SAR) is a mandatory disclosure that a financial institution must file with the Treasury Department when it detects a transaction or pattern of activity that could signal money laundering, terrorist financing, fraud, or other financial crime. SARs are the primary mechanism through which banks and money services businesses alert authorities to potential criminal conduct without tipping off the suspect.

The legal mandate

In the United States, the Bank Secrecy Act of 1970 requires banks to report “suspicious transactions.” The term was codified more precisely in a 1992 rule: institutions must file a SAR when they detect activity that is inconsistent with a customer’s normal pattern, lacks a clear economic purpose, or suggests knowledge of illicit activity. The threshold is deliberately low—there need not be proof or even strong conviction of wrongdoing, only reasonable suspicion.

The Financial Crimes Enforcement Network (FinCEN), part of the Treasury Department, is the federal hub collecting SARs. Financial institutions must file within 30 days of detecting the suspicious activity. The report is not public; instead, it flows into law enforcement intelligence systems used by the Federal Bureau of Investigation, the Drug Enforcement Administration, and state and local authorities.

What triggers a filing

SARs cover a broad spectrum of red flags. A customer who deposits $9,999 repeatedly in separate transactions—just below the $10,000 reporting threshold—to evade currency reporting requirements (called “structuring”) warrants a SAR. A sudden inflow of deposits into an otherwise dormant account, with rapid wire transfers to foreign jurisdictions, suggests money laundering. A series of loans with unusual terms to shell companies that immediately move funds elsewhere raises fraud concerns.

SARs also cover account takeover (when a third party gains unauthorised access), theft of funds by employees, cheque fraud, and suspicious mortgage applications. The scope expands with each regulatory update: recent guidance emphasises terrorist financing indicators, virtual asset transfers, and sanctions-related activity.

The decision to file is not left to individual employees. Banks maintain compliance departments with transaction monitoring software that flags patterns automatically. A human analyst then reviews the alert to determine if reasonable suspicion exists. The institution’s compliance officer typically approves the SAR before submission.

The feedback gap: why reports often vanish

A major weakness in the SAR system is that financial institutions rarely learn what becomes of their filings. Once submitted to FinCEN, a SAR disappears into law enforcement’s evidence locker. The bank may never know if authorities pursued the lead, arrested anyone, recovered funds, or deemed it a false alarm. This silence serves a purpose: it prevents suspects from learning they are under investigation (disclosure of a SAR to the subject is forbidden, with narrow exceptions).

But the feedback gap creates compliance challenges. Without knowing which kinds of reports prove actionable versus noise, compliance teams struggle to refine their thresholds. Over-reporting (filing on marginal activity) clutters the system and wastes law enforcement resources. Under-reporting (setting the bar too high) allows real crime to slip through. FinCEN publishes aggregate statistics—it processes roughly 2 million SARs annually—but individual banks do not see the return on their due diligence.

The three-day rule and timing tension

SARs must be filed within 30 days of detection, but there is a practical sub-rule: if the activity poses immediate risk (such as a customer attempting to withdraw funds flagged as tied to terrorism), institutions must notify law enforcement within three days. This creates a race against time, especially for large transactions. A $50 million wire to an unfamiliar jurisdiction triggered at 3 p.m. on a Friday demands weekend work to assemble documentation and file before the Monday deadline.

The 30-day window can feel generous for routine matters but punishing for high-velocity trading or payment systems where volume swamps monitoring capacity. Some institutions maintain standing SARs—reports filed as templates for recurring patterns—to manage this pressure.

Scope beyond banks

Banking regulators apply SAR requirements to all depository institutions, but the mandate extends further. Money services businesses (cheque cashers, remittance operators, currency exchanges), broker-dealers, casinos, and precious metals dealers all file SARs. Each sector has industry-specific red flags: a casino notices a customer buying chips with no gaming activity; a dealer suspects gold smuggling based on purchase frequency and timing.

Some non-financial businesses (such as jewellers) are not covered, which creates blind spots. A smuggling network might deliberately route contraband proceeds through channels outside SAR jurisdiction.

Defensive compliance vs. real investigation

Institutions file SARs partly from genuine law enforcement partnership and partly from defensive compliance—if a major crime later emerges and the institution did not file a SAR, regulators will impose penalties. This creates incentive misalignment: the safer compliance choice is to file, even on low-confidence suspicions. FinCEN has tried to address this by clarifying that over-reporting is not punished, but the chilling effect persists.

Criticism from both banks and law enforcement suggests the system is overburdened. Banks struggle with false positives (SARs on legitimate transactions); authorities struggle with volume and quality. A transaction flagged for structuring might be a small business owner managing cash flow, not a money launderer.

See also