SARs are confidential reports to FinCEN - not accusations, but reports of suspicion for law enforcement review

A Suspicious Activity Report (SAR) is a confidential report filed with FinCEN - the Financial Crimes Enforcement Network - when a financial institution detects a transaction or pattern of activity that may involve money laundering, fraud, terrorist financing, or other financial crimes. SARs are the primary mechanism through which the private financial sector communicates suspicious activity to law enforcement. They are not accusations - they are reports of suspicion, and the decision to investigate belongs to law enforcement, not the filer.

The $5,000 threshold is lower than most expect - it applies to most covered institutions

The SAR filing obligation applies to a broad range of financial institutions under the Bank Secrecy Act: banks, credit unions, money services businesses, casinos, broker-dealers, insurance companies, non-bank mortgage lenders, and others. If your business is subject to the BSA, you almost certainly have a SAR filing obligation. The specific dollar thresholds and triggering criteria vary by institution type, but the core obligation - report suspicious activity - is universal.

Suspicious activity is context-dependent: inconsistency with known customer behavior is the key test

For most covered institutions, a SAR is required when a transaction involves $5,000 or more and the institution knows, suspects, or has reason to suspect that the transaction involves funds from illegal activity, is designed to evade BSA reporting requirements, lacks a lawful purpose, or involves the use of the institution to facilitate criminal activity. The $5,000 threshold is lower than most business owners expect - it's not just large transactions that trigger SAR obligations.

SAR narratives must answer who, what, when, where, and why - vague narratives have no investigative value

What makes a transaction "suspicious" is the question most compliance officers struggle with. The answer is context-dependent: a $9,000 cash deposit from a customer who regularly deposits $9,000 in cash is suspicious in a way that a $9,000 cash deposit from a cash-intensive retail business is not. Suspicious activity is activity that is inconsistent with what you know about the customer, their business, and their normal transaction patterns. This is why customer due diligence - knowing your customer - is the foundation of effective SAR identification.

The SAR safe harbor protects good-faith filers from civil liability; tipping off subjects is a federal crime

The SAR narrative is the most important part of the filing, and it's where most businesses underperform. The narrative must answer five questions: who is involved, what happened, when it happened, where it happened, and why it's suspicious. Law enforcement uses SAR narratives as investigative tools - a vague narrative that says "customer conducted unusual transactions" provides almost no investigative value. A specific narrative that describes the transaction pattern, the customer's stated business purpose, the inconsistency with known customer behavior, and the specific red flags observed is genuinely useful to investigators.

The SAR safe harbor is one of the most important protections in the BSA. Financial institutions that file SARs in good faith are protected from civil liability - you cannot be sued by the subject of a SAR for filing it. Equally important: you are prohibited from disclosing to the subject of a SAR that a report has been filed. This prohibition is absolute. Tipping off a customer that a SAR has been filed is a federal crime, regardless of your relationship with the customer.

SARs must be filed within 30 calendar days of the date the suspicious activity is initially detected. If no suspect can be identified, the deadline extends to 60 days. For continuing suspicious activity - a pattern that persists over time - a SAR must be filed every 90 days for as long as the activity continues. Missing SAR filing deadlines is itself an examination finding, separate from the underlying suspicious activity.