Fine-Tune Your SAR System

Fine-Tune Your SAR System

Assess the effectiveness of your policies, procedures, and processes.

March 7, 2016

“Suspicious activity reporting forms the cornerstone of the Bank Secrecy Act (BSA) reporting system” and is critical to combating terrorist financing, money laundering, and other financial crimes.

So says the Federal Financial Institutions Examination Council’s (FFIEC) Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual.

To that end, the Financial Crimes Enforcement Network (FinCEN) requires credit unions to file suspicious activity reports (SARs) with respect to these four situations:

1. Insider abuse (by a credit union officer, employee, agent) involving any amount of money.

2. Criminal violations aggregating $5,000 or more by an identifiable suspect.

3. Criminal violations aggregating $25,000 or more, regardless of a potential suspect.

4. Transactions aggregating $5,000 or more that the credit union suspects:

Might involve potential money laundering or other illegal activity (e.g., terrorism financing).

Are designed to evade the BSA or its implementing regulations (e.g., structuring to evade currency transaction reporting).

Have no business or apparent lawful purpose.

To meet these regulatory obligations, credit unions must have in place the appropriate policies, procedures, and processes to monitor, identify, and report suspicious activity.

As the BSA/AML Examination Manual explains, examiners will look for the following five key components in a credit union’s suspicious activity monitoring and reporting system:

1. Identifying unusual activity;

2. Managing alerts;

3. SAR decision making;

4. Completing and filing a SAR;

5. Monitoring and SAR filing on continuing activity.

A credit union’s policies, procedures, and processes should describe the steps staff will take to address each of these components and indicate the individual(s) or departments responsible for each of these components.

A failure in any one of these areas might adversely affect your credit union’s SAR reporting and BSA compliance.

Identifying unusual activity

Credit unions have at their disposal a number of methods to identify potentially suspicious activity, including but not limited to:

Activity identified by employees during day-to-day operations. Credit unions should ensure they’ve properly trained staff to identify and refer potentially suspicious activity to appropriate personnel.

Law enforcement inquiries and requests. Receiving a law enforcement inquiry doesn’t require you to file an SAR, but the request should trigger a review of the member’s account activity and a reassessment of the member’s risk profile. When filing a SAR, don’t include any reference to a grand jury subpoena or National Security Letter.

Advisories issued by regulators or law enforcement agencies. For example, FinCEN advisories provide guidance on potential “red flags” that could indicate illicit activity flowing through an institution.

Transaction and surveillance monitoring system output. Credit unions use a variety of software programs to assist in monitoring for unusual transactions. Some of these systems generate reports you must review manually. Surveillance programs automatically detect unusual transactions using a “rules based” or “intelligent” system.

Any combination of these methods.

Managing alerts

Managing alerts involves the processes institutions use to investigate and evaluate identified unusual activity.

Credit unions should have in place policies, procedures, and processes for referring unusual activity from all areas of the institution to the BSA officer or other personnel responsible for evaluating unusual activity.

Within these procedures, the credit union should establish a clear and defined escalation process from the initial detection of unusual activity to an investigation’s completion.

To effectively identify, evaluate, and report potentially suspicious activities, a credit union needs experienced staff. It’s important that assigned staff receive comprehensive and ongoing training (as necessary) to maintain their expertise.

Credit unions also should provide staff with sufficient internal and external tools—such as access to account systems and account information, and Internet search capabilities—to allow them to properly research activities and formulate conclusions.

After thorough research and analysis, staff should document conclusions, including a recommendation whether or not to file a SAR.

SAR decision making

Staff typically forwards results from a thorough investigation to a final decision maker, which can be an individual or committee. The BSA officer or SAR committee should have the authority to make the final SAR filing decision.

If the credit union uses a committee, clearly define a process to resolve differences of opinion on filing decisions.

Credit unions should thoroughly document SAR decisions, including the specific reason for filing or not filing a SAR.

Notably, FinCEN doesn’t require a specific type of documentation when a credit union decides to not file a SAR, because credit unions use a variety of systems to identify, track, and report suspicious activity—and because they base each suspicious activity reporting decision on unique facts and circumstances.

Completing and filing a SAR

Credit unions must implement policies, procedures, and processes to ensure filing timely, complete, and accurate SARs that provide a sufficient description of the activity reported and the basis for filing the SAR.

BSA regulations require a credit union to electronically file a SAR through FinCEN’s BSA e-filing system “no later than 30 calendar days from the date of the initial detection of facts that might constitute a basis for filing a SAR.”

Credit unions have 60 days to file a SAR if they can’t identify a suspect.

The phrase “initial detection” doesn’t refer to the moment a credit union highlights a transaction for review. A variety of legitimate transactions could raise a red flag simply because they’re inconsistent with an accountholder’s normal account activity.

The 30-day (or 60-day) period doesn’t begin until the credit union conducts an appropriate review and determines the transaction under review is “suspicious” activity it should report in accordance with BSA regulations (e.g., a series of structured transactions designed to evade currency transaction reporting).

Monitoring and filing on continuing activity

FinCEN’s guidelines permit credit unions to file SARs for continuing suspicious activity after a 90-day review, with a filing deadline 120 calendar days after the date of the previously related SAR filing. Credit unions may file SARs on continuing activity earlier than the 120-day deadline if the institution believes the activity warrants earlier review by law enforcement.

Your credit union should develop policies, procedures, and processes indicating when to escalate issues or problems identified as the result of repeat SAR filings on accounts. The procedures should include:

• Review by the BSA compliance officer, SAR committee, senior management, and/or legal staff (as appropriate).

• Criteria for determining when analysis of the overall membership relationship is necessary.

• Criteria for deciding whether to close the account—and, if so, when.

• Criteria for determining when to notify law enforcement, if appropriate.

This article only covers a fraction of a credit union’s BSA/AML compliance program. For more detailed information on all of the BSA requirements, visit CUNA’s e-Guide to Federal Laws and Regulations at and the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual at

VALERIE Y. MOSS is CUNA’s senior director of compliance analysis. Contact CUNA’s compliance department at