A new era of payments is here. Download the State of Payment Operations 2023 report now.Learn more


Suspicious Activity Report

A Suspicious Activity Report (SAR) is a report that a bank or other financial institution must file if it suspects that a customer might be breaking the law and committing fraud, financing terrorism, or laundering money.

Financial institutions must file these reports with the Financial Crimes Enforcement Network (FinCEN) via the e-filing system of the Bank Secrecy Act (BSA).

The Financial Action Task Force (FATF) provides recommendations to financial institutions for filing SAR and detecting terrorist financing.

History of the Suspicious Activity Report

Suspicious activity reports have been part of the anti-money laundering statutes and regulations since the BSA became law in 1970. Then in 2001, the USA Patriot Act expanded the requirements for what constitutes suspicious activity to battle domestic and global terrorism.

What Is the Purpose of a Suspicious Activity Report?

The purpose of a suspicious activity report is to provide financial institutions with a way to report potentially suspicious or illegal activities.

Suspicious activity could include:

  • Particularly large numbers of wire transfers and/or a pattern of wire transfers.
  • Transactions that look like they’re trying to sidestep recordkeeping and reporting requirements.
  • An unusual mix of deposits into a business account, e.g., third-party checks, payroll checks, money orders, etc.

This information helps FinCEN identify emerging patterns and trends involving financial crimes — information law enforcement agencies need to investigate crimes like money laundering and terrorism financing.

How Does a Suspicious Activity Report Work?

Once a financial institution discovers suspicious activity, it has 30 days to file a SAR.  If it needs more time to identify the person associated with the suspicious transaction, it can get a 30-day extension. But all reports must be filed no more than 60 days after the suspicious activity is discovered. The bank is not allowed to mention the report to any person or entity included in the filing (also known as “tipping off”).

Financial institutions have to keep copies of their suspicious activity reports and any supporting documentation for five years from the dates they filed the reports. They are also required to hand over supporting documentation to FinCEN or other law enforcement or federal banking agencies if they’re asked for it.

Under FinCEN, financial institutions must identify five essential components of the suspicious activities they're reporting:

  1. Who is conducting the suspicious activity?
  2. What method is the person using to facilitate the suspicious activity?
  3. When did the suspicious activity take place?
  4. Where did the suspicious activity take place?
  5. Why does the financial institution think the activity is suspicious?

A financial institution might consider a transaction suspicious if it is different from other activities that have occurred within an account. However, just because a transaction is different does not necessarily mean that it is malicious,  fraudulent, or otherwise illegal. FIs should confirm that unusual activity does not have a valid explanation.

Try Modern Treasury

See how smooth payment operations can be.

Talk to us

Subscribe to Journal updates

Discover product features and get primers on the payments industry.



Modern Treasury For

Case Studies





© Modern Treasury Corp.