Suspicious Activity Report Filing Procedure

SUSPICIOUS ACTIVITY REPORT (SAR) FILING PROCEDURE

DOCUMENT INFORMATION

SECTION 1: OVERVIEW AND PURPOSE

1.1 Purpose

This procedure establishes the process for identifying, investigating, and reporting suspicious activity in compliance with the Bank Secrecy Act (BSA) and FinCEN regulations.

1.2 Scope

This procedure applies to all employees responsible for:

☐ Monitoring customer transactions
☐ Reviewing exception reports
☐ Investigating potential suspicious activity
☐ Filing Suspicious Activity Reports

1.3 Key Personnel

SECTION 2: SAR FILING REQUIREMENTS

2.1 Mandatory Filing Criteria

A SAR must be filed when the institution knows, suspects, or has reason to suspect that a transaction:

☐ Involves funds derived from illegal activity
☐ Is designed to evade BSA reporting requirements
☐ Lacks a lawful purpose or is not the type normally expected for that customer
☐ Involves use of the institution to facilitate criminal activity

2.2 Dollar Thresholds by Institution Type

Note: No SAR is required for certain theft or embezzlement under $25,000 committed by a customer against the institution.

2.3 Filing Deadlines

2.4 When SAR Filing is NOT Required

Per October 2025 FinCEN FAQs:

☐ Mere presence of transactions at or near $10,000 CTR threshold (without additional suspicious indicators)
☐ Completed investigation determines no suspicious activity occurred
☐ Transaction is fully lawful with no red flags

SECTION 3: DETECTION OF SUSPICIOUS ACTIVITY

3.1 Detection Sources

Suspicious activity may be detected through:

☐ Automated transaction monitoring alerts
☐ Manual review of exception reports
☐ Employee referrals/tips
☐ Customer complaints
☐ Law enforcement inquiries (314(a) requests)
☐ Media/adverse news alerts
☐ Periodic account reviews
☐ Third-party reports

3.2 Transaction Monitoring System Alerts

3.3 Employee Referral Process

Suspicious Activity Referral Form:

SECTION 4: RED FLAGS AND SUSPICIOUS INDICATORS

4.1 Customer Behavior Red Flags

☐ Reluctance to provide identification information
☐ Providing false or inconsistent information
☐ Attempting to convince employees not to file required reports
☐ Unusually knowledgeable about BSA reporting requirements
☐ Nervous or evasive behavior during transactions
☐ Conducting transactions immediately after opening account
☐ Inquiring about how to avoid reporting requirements

4.2 Transaction Red Flags

☐ Structuring: Breaking transactions into smaller amounts to avoid reporting thresholds
☐ Layering: Complex series of transactions to obscure money trail
☐ Round-tripping: Funds deposited and immediately withdrawn
☐ Unusual wire patterns: Multiple wires to/from high-risk jurisdictions
☐ Inconsistent activity: Transactions inconsistent with stated business purpose
☐ Cash intensity: Unexplained large cash deposits
☐ Third-party funding: Unexplained third-party deposits
☐ Rapid movement: Funds moved quickly through multiple accounts

4.3 Account Red Flags

☐ Multiple accounts with same signers, addresses, or beneficial owners
☐ Accounts with no apparent business purpose
☐ Dormant accounts suddenly becoming active
☐ Accounts opened and closed quickly
☐ Accounts used as pass-through (funds in and immediately out)
☐ Significant unexplained changes in account activity

4.4 High-Risk Customer Types

☐ Politically Exposed Persons (PEPs)
☐ Non-resident aliens
☐ Cash-intensive businesses
☐ Money services businesses
☐ Non-profit organizations
☐ Shell companies
☐ Customers from high-risk jurisdictions

SECTION 5: INVESTIGATION PROCEDURES

5.1 Investigation Workflow

Alert/Referral Received
         ↓
    Initial Review
         ↓
   Assigned to Analyst
         ↓
   Gather Information
         ↓
   Document Analysis
         ↓
  Determine SAR Decision
         ↓
   ┌─────────────────┐
   │    File SAR?    │
   └────────┬────────┘
     Yes ↙     ↘ No
  Draft SAR    Document
     ↓         Decision
   Review        ↓
     ↓         Close Case
  Approval
     ↓
  File with
   FinCEN
     ↓
  Close Case

5.2 Investigation Steps

Step 1: Initial Assessment

☐ Review alert or referral details
☐ Determine if investigation is warranted
☐ Assign case number: [________________________________]
☐ Assign to analyst: [________________________________]
☐ Set deadline for completion

Step 2: Information Gathering

☐ Pull customer account application and supporting documents
☐ Review transaction history (minimum 12 months)
☐ Review prior SARs filed on customer
☐ Review 314(a) search results
☐ Check OFAC and sanctions lists
☐ Review adverse media/news searches
☐ Interview relevant employees (if needed)
☐ Contact customer (only if appropriate and will not tip off)

Step 3: Analysis

☐ Analyze transaction patterns
☐ Compare activity to customer profile and stated purpose
☐ Identify all connected accounts or parties
☐ Calculate total suspicious amount
☐ Document timeline of suspicious activity
☐ Identify red flags and suspicious indicators
☐ Research relevant typologies

Step 4: Documentation

☐ Complete investigation narrative
☐ Attach supporting documentation
☐ Document analysis and conclusions
☐ Make SAR filing recommendation

5.3 Investigation Timeline

5.4 Investigation Documentation Checklist

☐ Case summary/narrative
☐ Customer identification documents
☐ Account opening documents
☐ Transaction records
☐ Correspondence with customer
☐ Employee interview notes
☐ Alert/referral documentation
☐ Prior SAR filings
☐ 314(a) search results
☐ OFAC/sanctions screening results
☐ Media/adverse news search results
☐ SAR decision and rationale

SECTION 6: SAR FILING DECISION

6.1 Decision Tree

Question 1: Does the activity meet the dollar threshold?

• No → Document and close (no SAR required)
• Yes → Proceed to Question 2

Question 2: Does the activity involve known or suspected illegal funds, evade BSA requirements, have no lawful purpose, or facilitate criminal activity?

• No → Document decision not to file, close case
• Yes → File SAR

6.2 Approval Authority

6.3 Documenting Decision Not to File

Per October 2025 FinCEN FAQs, there is no requirement to document a decision not to file. However, the Company's practice is:

☐ Document the investigated activity
☐ Document the analysis performed
☐ Document the reason for not filing
☐ Retain documentation per records retention policy

SECTION 7: SAR PREPARATION AND FILING

7.1 SAR Form Components

Part I: Subject Information

☐ Subject type (individual/entity)
☐ Full legal name
☐ All known aliases
☐ Date of birth / formation date
☐ Government ID numbers (SSN, EIN, passport, etc.)
☐ Address(es)
☐ Phone number(s)
☐ Email address(es)
☐ Occupation/business type
☐ Relationship to financial institution

Part II: Suspicious Activity Information

☐ Date/time of suspicious activity
☐ Dollar amount involved
☐ Type of suspicious activity (from FinCEN categories)
☐ Product/instrument type

Part III: Financial Institution Information

☐ Filing institution identification
☐ Branch/location information
☐ Role in transaction

Part IV: Narrative

☐ Who - Subject(s) involved
☐ What - Description of suspicious activity
☐ When - Date range of activity
☐ Where - Location(s) of activity
☐ Why - Why the activity is suspicious
☐ How - Method/scheme used

7.2 Narrative Writing Guidelines

Best Practices:

☐ Write in clear, concise language
☐ Use chronological order when possible
☐ Include specific dates, amounts, and account numbers
☐ Describe how activity deviates from expected behavior
☐ Include relevant red flags identified
☐ Describe relationship between subjects
☐ Include relevant context and background
☐ Avoid conclusions about guilt or innocence
☐ Reference prior SARs if continuation

Sample Narrative Structure:

INTRODUCTION: [Company Name] ("the Firm") is filing this SAR to report
suspicious activity involving [Subject Name] ("Subject"), a customer
of the Firm since [Date].

SUBJECT INFORMATION: [Provide background on subject]

ACCOUNT INFORMATION: [Describe relevant accounts]

SUSPICIOUS ACTIVITY: [Describe the activity in detail]

RED FLAGS: [List specific red flags identified]

AMOUNT: The suspicious activity involves approximately $[Amount]
between [Start Date] and [End Date].

PRIOR FILINGS: [Reference any prior SARs on subject]

ACTIONS TAKEN: [Describe any actions taken by the Firm]

7.3 Filing Process

Step 1: Access FinCEN BSA E-Filing System (https://bsaefiling.fincen.treas.gov)

Step 2: Complete all required fields

Step 3: Quality control review:
☐ All required fields completed
☐ Subject information accurate
☐ Narrative comprehensive and clear
☐ Attachments included (if any)
☐ Proper characterization codes selected

Step 4: Supervisory approval obtained

Step 5: Submit electronically to FinCEN

Step 6: Save confirmation (BSA ID):

• Confirmation Number: [________________________________]
• Filing Date: [__/__/____]
• Document Control Number: [________________________________]

7.4 Amendments and Corrections

☐ Amendments filed for material changes or corrections
☐ Reference original SAR BSA ID in amendment
☐ Clearly indicate what is being corrected/updated

SECTION 8: CONTINUING ACTIVITY REPORTS

8.1 Monitoring for Continuing Activity

☐ Accounts with prior SARs flagged for enhanced monitoring
☐ Transaction activity reviewed for continuation of pattern
☐ New suspicious activity documented

8.2 Continuing SAR Filing Timeline (Per October 2025 FAQs)

Note: Per October 2025 FinCEN FAQs, institutions are NOT required to file continuing SARs at least every 90 days. The 120-day timeline is a maximum, not a requirement.

8.3 Continuing SAR Requirements

☐ Reference prior SAR(s) by BSA ID
☐ Describe new/continuing suspicious activity
☐ Provide updated subject information
☐ Include updated dollar amounts
☐ Document any changes to pattern or methods

SECTION 9: SAR CONFIDENTIALITY

9.1 Prohibition on Disclosure ("Tipping Off")

CRITICAL: It is a federal crime to disclose:

☐ The existence of a SAR
☐ That a SAR has been or will be filed
☐ Information that would reveal a SAR filing
☐ Any details about a SAR investigation

Penalties: Up to $250,000 fine and/or 5 years imprisonment (31 U.S.C. § 5322)

9.2 Permissible Disclosures

SAR information may only be disclosed to:

☐ FinCEN and other regulators
☐ Law enforcement agencies (upon request)
☐ Financial institution's legal counsel
☐ Auditors and examiners
☐ Section 314(b) information sharing partners (limited)
☐ Parent company/holding company (with controls)

9.3 Safe Harbor Protection

The BSA provides safe harbor protection (31 U.S.C. § 5318(g)(3)) for:

☐ Good faith SAR filings
☐ Even if the report is later determined to be unnecessary
☐ Protection from liability for disclosure to government

SECTION 10: LAW ENFORCEMENT REQUESTS

10.1 Handling Law Enforcement Contact

☐ Direct all law enforcement inquiries to AML Compliance Officer
☐ Verify identity and authority of requesting agent
☐ Document all requests received
☐ Respond within required timeframes

10.2 Types of Requests

10.3 Keep Open Requests

If law enforcement requests that an account be kept open:

☐ Document the request (agency, agent, date, duration)
☐ Continue monitoring and filing SARs as appropriate
☐ Extend filing deadline only if specifically authorized
☐ Consult legal counsel

SECTION 11: RECORDKEEPING

11.1 SAR Records Retention

11.2 Record Security

☐ SAR files stored separately from other customer records
☐ Access limited to AML personnel and management
☐ Physical files secured in locked location
☐ Electronic files encrypted and access-controlled
☐ No SAR information in customer-facing files

SECTION 12: QUALITY ASSURANCE

12.1 SAR Quality Metrics

12.2 Quality Review Process

☐ Random sample of SARs reviewed monthly
☐ Narrative quality assessed
☐ Filing timeliness verified
☐ Supporting documentation reviewed
☐ Feedback provided to analysts

SECTION 13: REPORTING AND ESCALATION

13.1 Internal Reporting

13.2 Escalation Triggers

Immediate escalation to senior management required for:

☐ Suspected insider involvement
☐ Suspected terrorist financing
☐ Transactions exceeding $1 million
☐ Involvement of senior executives
☐ Potential regulatory violation
☐ Law enforcement contact

SECTION 14: PROCEDURE APPROVAL

This Suspicious Activity Report Filing Procedure is hereby approved:

______________________________________
AML Compliance Officer Signature

[________________________________]
Name (Print)

Date: [__/__/____]

______________________________________
Chief Compliance Officer Signature

[________________________________]
Name (Print)

Date: [__/__/____]

APPENDICES

Appendix A: SAR Characterization Codes

Appendix B: Sample SAR Narratives

Appendix C: Investigation Checklist

Appendix D: Red Flag Reference Guide

Appendix E: Suspicious Activity Referral Form

Appendix F: Law Enforcement Contact Log

SOURCES AND REFERENCES

• FinCEN SAR Filing Instructions: https://www.fincen.gov/sites/default/files/shared/FinCEN%20SAR%20ElectronicFilingInstructions.pdf
• FinCEN SAR FAQs (October 2025): https://www.fincen.gov/resources/frequently-asked-questions-regarding-fincen-suspicious-activity-report-sar
• FFIEC BSA/AML Examination Manual - SAR Section: https://bsaaml.ffiec.gov/manual/AssessingComplianceWithBSARegulatoryRequirements/04
• FinCEN BSA E-Filing System: https://bsaefiling.fincen.treas.gov

This template is provided for informational purposes only and does not constitute legal advice. SAR filing requirements vary by institution type and are subject to regulatory change. Consult with qualified AML professionals and legal counsel.