Tips on Writing Suspicious Activity Report (SAR) Narratives
Filing Suspicious Activity Reports (SARs) is a key part of the financial business. However, optimizing these reports and making sure that supporting case reports are thorough and tell the entire story is vital.
If you are interested in brushing up on your knowledge, watch as Laurie Kelly, CAMS, presents detailed recommendations for constructing an effective SAR narrative. She also reviews the appropriate use of SAR form checkboxes, the SAR attachment feature, the distinction between “new” and “continuing activity” SARs and much more!
Disclaimer: The contents of this article are intended to provide a general understanding of the subject matter. It is not intended to provide legal or other professional advice, and should not be relied on as such.
Q: Is it best to contact the nearest law enforcement office, or the nearest office of where the activity is happening?
A: I don’t think it really matters so much. There were instances where I had made acquaintances and contacts with different law enforcement officials at different offices, and I had a case where it involved what seemed to be some issues with the owner of a business customer’s actual legitimacy to be in the U.S., because he was not a U.S. citizen.
I had someone that I knew at our local office of Homeland Security investigations, and I reached out to him, before I even filed the SAR, and told him about the situation and said, “Is this SAR-worthy?” He said, “Absolutely. So, after you file the SAR, let me know what the BSA ID number is on it, and then I will get it to the right people,” because this was actually taking place in a different state than where we were based. And my bank did business all over the U.S., too, so we just had one central location.
So, I think whomever you reach out to will either say, “Yes, I can get this to someone who needs to see it,” or they may refer you to somebody else to refer it to. But I think perhaps starting with somebody local would probably be the best approach, and then they can tell you what they would like you to do.
Q: Should banks file a SAR for OFAC violations?
A: Only if there is some other underlying activity involved. That’s a good question.
If all it is is an OFAC violation, you file the report with OFAC. But if there’s something else besides an OFAC violation, like, you may think that there might be money laundering involved, or fraud involved, or something like that, then you should file a SAR as well, on the suspicious activity. But just purely because it’s an OFAC violation does not immediately warrant a SAR.
Q: Am I wasting time filing SARs that do not have a regulatory requirement for dollar amounts for filing?
A: I don’t think so. And that’s a really good question, actually, because FinCEN actually even states that, you know, they have the dollar thresholds, right? Which is $5,000 when you know who the subject is, and $25,000 or more regardless of whether you know the names of potential subjects, and actually $5,000 or more that involve money laundering or violations of the BSA.
But they do recognize that an institution is allowed to file a SAR any time, on any kind of activity, regardless of dollar thresholds, as long as you believe that this is suspicious activity that warrants law enforcement attention.
Now, I have had situations before where something happened, but we didn’t have any information that we could provide to law enforcement about it, like, say, we had someone call in to a call center trying to impersonate a customer, and they never got past our authentication controls. So, we didn’t know who this person really was, and all we basically had was the phone number that they called from, but nothing ever happened other than they just made this attempt.
In that case, we did not file a SAR because we didn’t have anything to give law enforcement. But if you have information that you can give law enforcement, like that example that I gave you about the fax, where we had, there was a name in that fax header sheet, so we said, “Okay, let’s go ahead and file this,” then that little SAR ended up being valuable, so…
Q: Should account numbers be included in the SAR, or in the case report?
A: Well, we included them in both, because the case report is where we capture everything, and we can quickly refer to it. The account numbers go along with the subject’s information, in the section of the SAR where you have a different page or a different section for each subject, and that’s where all their account numbers are listed.
Q: How would you file a SAR for suspicious activities related to correspondent account? Should the subject be the bank or the customer?
A: That’s a good question, too. Typically the subject is the actual customer, or the parties involved in the transaction itself, and not so much the correspondent bank.
Again, that is what they’re most interested in – who are the people that are doing this, what are they doing, what were the amounts, and so forth. You can mention in your SAR narrative that this was a transaction process for a correspondent, as an additional detail, but the actual bank itself, unless you have something that would be indicating to you that the other bank was complicit in this activity, but usually that’s not the case. They’re much more concerned with the activity itself.
Q: Out of caution, our financial institution has made the stance to file SARs on customers who trade marijuana stock over a certain threshold. Is this information truly beneficial to law enforcement?
A: That is a good question because there are very specific rules around the banking of marijuana businesses.
This is purely my opinion. Just trading in stock would not be a suspicious activity, because if the company is publicly traded. So it’s not really an illegal activity, and it’s not directly involved in the marijuana business itself.
When you are a bank who banks a marijuana business, you have SAR filing requirements that relate to just describing all the activity that that customer did, and, during a 90-day period, regardless of whether it’s suspicious or not.
Then you have to file a separate SAR for suspicious activity that that marijuana business may have engaged in. But this circumstance seems to me to be not really involving any truly suspicious activity, when anyone who wants to purchase stock in this company can do so.
Q: Can you clarify the variance between the monitoring period and continuing activity timeline?
A: So, they’re giving you guidelines as to what period of time you should watch for additional activity to occur. What we did at my bank was that we looked at everything on a monthly basis. That’s when our alerts were generated.
We followed a monthly timeframe, but I suppose technically what it is, is from the date that the last suspicious activity transaction occurred, 90 days from then, was there anything else new that occurred?
But something else that we did was, so you have this 90-day monitoring period, and then that ends, and then you get an extra 30 days to prepare your SAR.
If we had any additional transactions that came in after the 90 days and before the 120, we’d include those as well, because otherwise, they’d have to wait a whole another 120 days to see those transactions. Basically, if we knew about them, we’d include them. So that’s why the case report was helpful to just be able to record what was the date of the last suspicious activity.
Q: Are SARs required for attempted transactions, or only completed transactions?
A: Definitely both. Obviously, in my example with the fraudulent fax which was a wire request, that was an attempted transaction that didn’t occur.
A lot of times, you’ve stopped the fraud from actually occurring, but you have all these details about the suspect and what they attempted to do, that you can file and provide to law enforcement.
Now, with money laundering, typically it has taken place, because it’s an alert that was generated, but especially in your fraud cases, it may not have occurred, money may not have gone out the door, but you’ve got valuable information to provide.
Q: Do you have a most effective length for a narrative?
A: No, not really. You know, just enough to be able to capture all of those particular points that I was talking about, where, you know, you summarize in the first paragraph, what is going on, to grab their attention.
Then you go into a little more detail about things that they wouldn’t be able to tell just from, who the subjects are, the amounts, and so forth, nuances that are not readily apparent just from the objective data.
Q: We were led to believe that the boxes on the SAR, including the bank names, should be summarized in the narrative so that law enforcement can easily identify the identity of the filer, the reason, etc., when they review the narrative. If I understood you, it’s just the opposite. We also detail a number of transactions expecting that the narrative is relied upon over an attachment. So, how do we know what’s correct? And should they discuss it with their examiners?
A: I would suggest discussing it with your examiners. It has been my experience and what I have learned from many discussions with law enforcement and SAR reviewers, that they don’t need that information in the narrative because they have all that information where you filled in the institution’s name, the account numbers, and if you provide an attachment, you’ve got all the transaction details for them there.
Remembering how they’re reading thousands of these a day, potentially, and they have to be able to succinctly figure out what is going on and whether it’s SAR-worthy. So that data really is redundant, based on my experience.
But if you have regulators who may insist on it, you can evaluate that, you can contact FinCEN directly, and see what they say, or review FinCEN guidance on it as well. But I have never actually seen specific FinCEN guidance that says you need to identify yourself in the narrative.