The following information is provided as guidance. Refer to FinCEN's Suspicious Activity Report (FinCEN SAR) Electronic Filing Requirements, Release Date October 2012, Version 1.2.306Refer to the FinCEN's SAR Electronic Filing Instructions. FinCEN's instructions contain a checklist as a guide for preparing the narrative. FinCEN has requested banks include certain key terms in the narrative section of the SAR. A consolidated listing of SAR narrative key terms and a link to the related advisories and guidance can be found on FinCEN's website.307Refer to the FinCEN's SAR Advisory Key Terms. Banks also should consult Suggestions for Addressing Common Errors Noted in Suspicious Activity Reporting (October 10, 2007).308Refer to Suggestions for Addressing Common Errors Noted in Suspicious Activity Reporting(October 10, 2007).

Often SARs have been instrumental in enabling law enforcement to initiate or supplement major money laundering or terrorist financing investigations and other criminal cases. Information provided in SARs also allow FinCEN and the federal banking agencies to identify emerging trends and patterns associated with financial crimes. The information about those trends and patterns is vital to law enforcement agencies and provides valuable feedback to financial institutions.

Banks must file SARs that are complete, sufficient, and timely. Unfortunately, some banks file SARs that contain incomplete, incorrect, or disorganized narratives, making further analysis difficult, if not impossible. Because the SAR narrative serves as the only free text area for summarizing suspicious activity, the narrative section is "critical." The care with which the narrative is written may make the difference in whether or not the described conduct and its possible criminal nature are clearly understood by law enforcement, and thus a failure to adequately describe the factors making a transaction or activity suspicious undermines the purpose of the SAR.

The SARs should include any information readily available to the filing bank obtained through the account opening process and due diligence efforts. In general, a SAR narrative should identify the five essential elements of information (who? what? when? where? and why?) for the suspicious activity being reported. The method of operation (or how?) is also important and should be included in the narrative.

Who is conducting the suspicious activity?

While one section of the SAR calls for specific suspect information, the narrative should be used to further describe the suspect or suspects, including occupation, position or title within the suspect's business, the nature of the suspect's business (or businesses), and any other information and identification numbers associated with the suspects.

What instruments or mechanisms are being used to facilitate the suspect transactions?

A list of instruments or mechanisms that may be used in suspicious activity includes, but is not limited to, funds transfers, letters of credit and other trade instruments, correspondent accounts, casinos, structuring, shell companies, bonds or notes, stocks, mutual funds, insurance policies, traveler's checks, bank drafts, money orders, credit or debit cards, prepaid cards, and digital currency business services. The SAR includes a number of check boxes to record the instrument type(s)/payment mechanism(s) involved in the suspicious activity and type(s) of suspicious activity being reported. FinCEN requests that banks check the appropriate box(es) in the Suspicious Activity Information section and include certain key terms in the narrative section of the SAR. If necessary, the instrument and type of suspicious activity can be described in further detail in the narrative. If a SAR narrative summarizes the flow of funds, the narrative should always include the source of the funds (origination) and the use, destination, or beneficiary of the funds.

When did the suspicious activity take place?

If the activity takes place over a period of time, indicate the date when the suspicious activity was first noticed and describe the duration of the activity.  When possible, in order to better track the flow of funds, individual dates and amounts of transactions should be included in the narrative rather than only the aggregated amount.

Where did the suspicious activity take place?

The narrative should indicate where the suspicious activity took place. . The narrative should also specify if the suspected activity or transactions involves a foreign jurisdiction.

Why does the filer think the activity is suspicious?

The SAR should describe, as fully as possible, why the activity or transaction is unusual for the customer, considering the types of products and services offered by the filing bank’s industry, and drawing any applicable contrasts with the nature and normally expected activities of similar customers.

How did the suspicious activity occur?

The narrative should describe the “modus operandi” or the method of operation of the subject conducting the suspicious activity.  In a concise, accurate, and logical manner, the narrative should describe how the suspect transaction or pattern of transactions was committed.  For example, if what appears to be structuring of currency deposits is matched with outgoing funds transfers from the accounts, the SAR narrative should include information about both the structuring and outbound transfers (including dates, destinations, amounts, accounts, frequency, and beneficiaries of the funds transfers).

Supporting Documentation

Filers can include a single, Microsoft Excel file with no more than one megabyte of data as an attachment to the SAR. This file would be most suitable for documenting transaction records that are too numerous to record in Part V. Do not include any other supporting documentation with the SAR. Instead, describe in Part V other supporting documentation not included in the spreadsheet. Filers must retain all supporting documentation or a business record equivalent for five (5) years from the date of the report. All supporting documentation must be made available to appropriate authorities upon request.


< Previous Page
Appendix K – Customer Risk Versus Due Diligence and Suspicious Activity Monitoring
Next Page >
Appendix M – Quantity of Risk Matrix – OFAC Procedures