At the end of the day, what constitutes suspicious activity can sometimes be hard to determine. To help you decide when you should (and shouldn’t) file a SAR, we outline a few different example cases below.
Ultimately, any suspicious behavior should be reported. It’s often better to err on the side of caution and report behavior that may not end up being suspicious in nature.
Example of a case where a SAR must be filed
A customer has a relatively new account, which has historically only been used for domestic payments. Onboarding was completed, and no red flags were presented.
Their account receives an international transfer of $27,000.
In this instance, a SAR must be filed, as the $25,000 transaction threshold has been exceeded.
Example of a case where a SAR may or may not be filed
A customer has been a client for 5 years. They are in good standing with the financial institution and have had no suspicious activity in the past. They make relatively routine transactions that have not raised any flags.
Seemingly out of nowhere, the customer makes a handful of transactions of $4,000 each. In total, they make 5 transactions two weeks apart, amounting to $20,000.
While this could be a legitimate attempt to transfer a large amount of money (spread out over a period of time), it could also be an attempt to skirt the $5,000 threshold for automatic AML filings.
Having a transaction monitoring solution can detect this anomaly, flagging it for investigation. After investigation, an analyst may find that the transactions are not suspicious, or could still have suspicions about the legitimacy of the transfers. This could be ruled out or could be escalated, with a SAR being filed.
Example of a case where a SAR does not need to be filed
A customer has been a client for over 5 years, and is in good standing with the financial institution. They have consistent transaction activity, none of which raises red flags.
The customer is in the process of purchasing their first home, and makes a large down payment. This transaction is undoubtedly out of the norm for their account activity, but it isn’t malicious. This would likely prompt an investigation, but an investigation should determine that this is a legitimate transaction. In most cases, this would not warrant a SAR filing.
FAQs
When a SAR is filed, five sections of information are required. First, reporters collect names, addresses, social security numbers, birth dates, driver licenses or passport numbers, occupations, and phone numbers of all parties involved.
What information should be included in a SAR? ›
What information must we supply? The focus of a SAR is usually a copy of the requester's personal data. However, you should remember that the right of access also entitles an individual to other supplementary information (eg the purposes of processing).
What is an example of suspicious activity? ›
Suspicious activities or behaviors may include, but are not limited to: Wandering around campus areas attempting to open multiple doors. Seeming nervous and looking over their shoulders. Entering restricted areas when not authorized or following immediately behind others into card-access areas while the door is open.
How do you write a SAR format? ›
A good rule when writing a SAR is to break it into parts to include: (1) an introduction; (2) account information and descrip- tion; (3) how the information was received and any relevant details obtained in the due diligence investigation; (4) exam- ples of dates and activity; and (4) conclusion.
What does a SAR report look like? ›
In the U.S., a SAR is a multi-page document provided by FinCEN that requires several pieces of information, including: The name, date of birth, address, Social Security number, and phone number for all account holders involved in the suspicious activity. Dates and documentation of the suspicious transaction(s)
What are 5 essential elements of information in a SAR narrative? ›
An effective narrative will include an introductory paragraph that provides information on the financial institution filing the SARs, the subject(s) of the SAR, the account(s), the date range of the suspicious activity, the nature of the suspicious activity, and the total of the suspicious activity.
What are red flags that may trigger filing a SAR? ›
Red flags for suspicious activity can vary, but common patterns include unusual transaction amounts, frequency, or locations. It is crucial for financial institutions to stay alert to these warning signs, as they can signal criminal activity and potentially lead to financial crimes such as money laundering.
What are SAR requirements? ›
Under 12 CFR 21.11, national banks are required to report known or suspected criminal offenses, at specified thresholds, or transactions over $5,000 that they suspect involve money laundering or violate the Bank Secrecy Act. Similar regulations by other regulators apply to other financial institutions.
What should be included in a suspicious activity report? ›
state your reason(s) for suspecting the property is criminal. explicitly describe the prohibited act(s) you plan to undertake involving the property. identify the other party/parties involved in dealing with the property, including their dates of birth and addresses.
How do I reply to a SAR request? ›
Before responding to a SAR you should talk to the person to find out how best to meet their needs. This may be by providing the response in a particular format that is accessible to the person, such as large print, audio formats, email or Braille.
Examples of suspicious activity might include: Someone who you may consider to be a trespasser or prowler looking in vehicles or car doors. Scoping out addresses. Conducting occupancy checks prior to a burglary.
What are the 5 key components of SAR? ›
Final answer: The five components of an effective SAR monitoring and reporting system are: identifying suspicious activity, managing alerts, making decisions, completing and filing the SAR, and continuing monitoring or filing of SAR.
What amount must be filed for a SAR? ›
Dollar Amount Thresholds – Banks are required to file a SAR in the following circ*mstances: insider abuse involving any amount; transactions aggregating $5,000 or more where a suspect can be identified; transactions aggregating $25,000 or more regardless of potential suspects; and transactions aggregating $5,000 or ...
What does part 3 of the SAR ask you to provide? ›
A Part 3 SAR is a request made by or on behalf of someone for the information they are entitled to ask for under section 45(1). They may ask you to: confirm whether or not you are processing their information; and if so, provide them with access to it.
How do I file a suspicious transaction report? ›
File Suspicious Transaction Report (“STR”) with STRO where there is suspicion of money laundering/terrorism financing/proliferation financing (“ML/TF/PF”). Apply for a SONAR account to e-file your STR. By e-filing via SONAR, a copy of the STR would be extended to ACD.
