Title Dusting Off of Old (But Still Relevant) SAR Filing Instructions
Filing suspicious activity reports (SARs) is routine and commonplace for most financial institutions. I mean, you know absolutely everything there is to know about filing a SAR, right? Every report you file is error free and never subject to criticism by examiners or auditors – so reviewing filing instructions isn’t anything you need to spend time on. Plus, how important could these instructions be if FinCEN hasn’t bothered to update them since 2021? Or maybe consider this … even the most accomplished SAR filing virtuoso could benefit from a refresher course when it comes to filing these critical (and highly useful) regulatory reports.
When accessing the instructions, there are 130+ initial pages of schema that help program systems for electronic filing of the reports; however, the “instructions” for reporting staff appear later in that same document. These instructions provide details on how to complete each field and even provide examples of situations filers might come across. If you haven’t already added these instructions to your reference library, we recommend you bookmark such for easy access going forward.
One area that can cause confusion is the timing of filing continuing SARs. The instructions lay out very clearly, generally stating that continuing SARs should be filed on successive 90-day review periods until the suspicious activity ceases but may be filed more frequently if warranted. After the 90-day review period, the institution has an additional 30 days to file the continuing report for a total of 120 days before the filing deadline. The continuing report should be completed in its entirety, including all information on the subjects but should only cover suspicious activity for that 90-day period as necessary.
Did you know that FinCEN has a list of prohibited words and phrases that are no-no’s when it comes to any SAR field outside of the narrative? If you are a fan of words such as NONE, NOT APPLICABLE, SAME, OTHER, UNKNOWN, etc., you need to pay attention to this list because these are all regarded as prohibited.
Let’s not forget the SAR FAQs from 2013, which are still very relevant and helpful when answering questions such as, “do we need to complete the fields on the SAR form, or other FinCEN reports, that aren’t considered critical (i.e., don’t have an asterisk)?” This is the first question in the FAQ’s and the answer remains “yes” – if you have the information, provide it. FinCEN expects financial institutions to provide the most complete filing information available within each report. Remember that SAR information is used by law enforcement, so including as much information as possible is helpful to law enforcement for querying purposes. On the flip side, if the field is not deemed critical and the institution does not have the information, there is no penalty for leaving that field blank. One non-critical field we frequently see not completed or completed incorrectly is the RSSD Number, a unique identifier assigned to financial institutions and their branches by the Federal Reserve. This information is readily accessible to everyone (including us as your auditor!) by just a quick internet search. See the FFEIC link below to find your institution/branch’s RSSD number.
Our compliance auditors are subject matter experts in performing BSA audits, and although the filing instructions and FAQs are available for all filers to use, we continually find exceptions related to such in our audits. We highly recommend you keep these resources handy and add FinCEN advisories to your reading list to ensure SARs are completed accurately and serve as a valuable tool for law enforcement to find and prosecute the bad guys. Of course, not giving examiners anything to write in their report is just another perk.
In case you were wondering … FinCEN has developed a similar instructional document for completing Currency Transaction Reports (CTR). The link for such is also shown below.
Frequently Asked Questions Regarding the FinCEN Suspicious Activity Report (SAR) | FinCEN.gov
Search Institutions – National Information Center
FinCEN Currency Transaction Report (CTR) Electronic Filing Requirements
Neovera SV (formerly 10-D Security) is an independent firm specializing in IT security and compliance for financial institutions. We help clients mitigate risk and comply with GLBA requirements, offering tailored services and expertise to strengthen cybersecurity programs.