To File or Not to File?

Review your SAR processes so they’re commensurate with your risk.

November 14, 2011

Many credit unions have had examiners tell them they should have filed Suspicious Activity Reports (SAR) for certain activities the examiners found to be suspicious. As a result of these findings, credit unions usually end up filing the SARs without questioning their decision-making process. But it’s worth noting “the decision to file a SAR is an inherently subjective judgment,” according to the Federal Financial Institutions Examination Council’s Bank Secrecy Act (BSA)/Anti-Money Laundering Examination Manual.

And whether you file a SAR should be more about your credit union’s SAR escalation process, which includes the identification, evaluation, and reporting processes.


Credit unions have various methods that they may use to identify suspicious activity, but the most common methods are:

  • Employee observations of unusual or potentially suspicious transaction activity; or
  • Reports your data processor or BSA software produces.

All credit unions should have policies and procedures to ensure employees understand and follow the process to identify and refer potentially suspicious activity. Employees should know to whom and in what manner they should report suspicious activity. Do they complete a form that’s then e-mailed to the BSA officer? Do they report the activity verbally to the branch manager? Detail these steps in procedures employees receive.

The credit union also might discover unusual activity by reviewing various types of cash transaction reports or reports that identify  patterns of account activity or
deviations from expected activity.

If you discover unusual activity through a review of these reports, take additional steps to determine whether, in fact, the activity is suspicious.


Once you identify unusual or potentially suspicious activity, your credit union must manage the alert.

This is the process used to investigate and analyze any unusual activity you’ve identified. Depending on the activity, the credit union may need to review additional account or member due diligence information, or conduct outside research.

You should conduct your investigation and analysis quickly following the identification of the activity. What’s “reasonable” will vary according to the facts and circumstances.

Despite the use of the term “investigate,” the credit union isn’t obligated to investigate or confirm the alleged crime. That’s law enforcement’s job. The credit union’s responsibility is to determine whether the activity is sus-picious and take appropriate action.


Once your credit union completes its research and analysis, you must decide whether to file a SAR.

Generally the BSA officer oranother individual with authority makes the decision, although some credit unions may use a committee. The end result should be whether the decision-making process was effective, not the ultimate decision.

But the examiner still has an opportunity to make a finding despite the result. If the process is ineffective, the failure to file is significant, or the decision not to file is accompanied by evidence of bad faith, the examiner may be critical of the credit union’s decision not to file the SAR.

The credit union should clearly document its investigation and evaluation process, as well as its conclusion.

If you determine the transaction is suspicious and you should file a SAR, the filing must be timely, complete, and accurate. Filing a SAR provides protection for the credit union from civil liability.

So, before you give the examiner an opportunity to be critical of your SAR decisions, review your process. You want a system that’s commensurate with your risk and one that identifies, evaluates, and reports suspicious activity.

For more details on Bank Secrecy Act regulations, sign up for CUNA’s Bank Secrecy Act Conference, scheduled for Oct. 30-Nov. 2 in San Diego. Visit

ANDREA STRITZKE is vice president, regulatory compliance, for PolicyWorks. Contact her at  or at