As a financial institution, SAR reporting is a critical function that can result in violations being cited in an exam report.  Because of this, it is extremely important to fully understand FinCEN SAR guidance and the SAR reporting rules, of which there are quite a few.  One of those rules relates to the timeframe for SAR reporting - i.e., how long a financial institution has to file SAR.

The BSA Exam Manual outlines this timeframe by stating the following:

“The SAR rules require that a SAR be electronically filed through the BSA E-Filing System no later than 30 calendar days from the date of the initial detection of facts that may constitute a basis for filing a SAR.  If no suspect can be identified, the time period for filing a SAR is extended to 60 days.”

To summarize, a financial institution has either 30 or 60 days to file a SAR depending on whether or not they know the identity of the subject.  If they know the subject, they have 30 days.  If they don’t know the subject, they get a slightly longer period of time to complete their investigation as the SAR must be filed within 60 days of the initial detection.

Initial Detection of a SAR

Now, many financial institutions follow a conservative approach in SAR filings and ensure that each applicable SAR is filed within either 30 or 60 days of the initial transaction.  This approach, however, is more conservative than the actual expectations of FinCEN who is concerned about the date of “initial detection” rather than the date of the “initial transaction.”

The BSA Exam Manual gives a general overview of this requirement:

“Organizations may need to review transaction or account activity for a customer to determine whether to file a SAR. The need for a review of customer activity or transactions does not necessarily indicate a need to file a SAR. The time period for filing a SAR starts when the organization, during its review or because of other factors, knows or has reason to suspect that the activity or transactions under review meet one or more of the definitions of suspicious activity.”

FinCEN Guidance on SAR Timing

Over years, FinCEN has regularly provided guidance stating that the 30 (or 60) day clock does not start until the financial institution determines that a transaction is suspicious.  They have provided several different clarifications that the “initial detection” does not start until an appropriate review has taken place and the transaction has been determined to be suspicious.

SAR Activity Review Issue 1

In fact, this topic was first addressed nearly two decades ago (October 2000) in the very first issue of the (now discontinued) SAR Activity Review which states the following:

"The SAR rules require that a SAR be filed no later than 30 calendar days from the date of the initial detection of the suspicious activity, unless no suspect can be identified, in which case, the time period for filing a SAR is extended to 60 days. It may be appropriate for organizations to conduct a review of the activity to determine whether a need exists to file a SAR. The fact that a review of customer activity or transactions is determined to be necessary is not necessarily indicative of the need to file a SAR, even if a reasonable review of the activity or transactions might take an extended period of time. [b]The time to file a SAR starts when the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity."

SAR Activity Review Issue 10

The topic was then addressed again in May of 2006 as Issue 10 of The SAR Activity Review expands on the original guidance:

"Our suspicious activity reporting rules require that a SAR be filed no later than 30 calendar days from the date of the initial detection of facts that may constitute a basis for filing a SAR. If no suspect can be identified, the time period for filing a SAR is extended to 60 days. Upon identification of unusual activity, additional research is typically conducted, and institutions may need to review transaction or account activity for a customer to determine whether to file a SAR. The need to review a customer’s account activity, including transactions, does not necessarily indicate the need to file a SAR, even if a reasonable review of the activity or transaction might take an extended period of time. The time period to file a SAR starts when the institution, in the course of its review or as a result of other factors, reaches the conclusion in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.  

The phrase “initial detection” should not be interpreted as meaning the moment a transaction is highlighted for review. There are a variety of legitimate transactions that could raise a red flag simply because they are inconsistent with an accountholder’s normal account activity. A real estate investment (purchase or sale), the receipt of an inheritance, or a gift, for example, may cause an account to have a significant credit or debit that would be inconsistent with typical account activity. The institution’s automated account monitoring system or initial discovery of information, such as system-generated reports, may flag the transaction; however, this should not be considered initial detection of potential suspicious activity. The 30-day (or 60-day) period does not begin until an appropriate review is conducted and a determination is made that the transaction under review is “suspicious” within the meaning of the SAR regulations.

A review must be initiated promptly upon identification of unusual activity that warrants investigation. The timeframe required for completing review of the identified activity, however, may vary given the situation. According to the FFIEC’s 2005 Bank Secrecy Act/Anti-Money Laundering Examination Manual, “an expeditious review of the transaction or the account is recommended and can be of significant assistance to law enforcement. In any event, the review should be completed in a reasonable period of time.” What constitutes a “reasonable period of time” will vary according to the facts and circumstances of the particular matter being reviewed and the effectiveness of the SAR monitoring, reporting, and decision-making process of each institution. The key factor is that an institution has established adequate procedures for reviewing and assessing facts and circumstances identified as potentially suspicious, and that those procedures are documented and followed."

SAR Activity Review Issue 14

The was then again addressed in the October 2008 Issue of The SAR Activity Review which provides even further clarification and also provides some examples:

“Bank Secrecy Act suspicious activity reporting rules require that a SAR be filed no later than 30 calendar days from the date of the initial detection of facts that may constitute a basis for filing a SAR .6 Upon identification of unusual activity, additional research is typically conducted and institutions may need to review customer transaction or account activity to determine whether to file a SAR. The need to review a customer’s account activity, including transactions, does not necessarily indicate the need to file a SAR, even if a reasonable review of the activity or transaction might take an extended period of time. The time period for filing a SAR starts when the institution, in the course of its review or as a result of other factors, reaches the conclusion that it knows, or has reason to suspect, that the activity or transactions under review meets one or more definitions of suspicious activity.

Guidance on the timing of when a SAR must be filed was first set forth in the October 2000 SAR Activity Review: Tips, Trends & Issues (Issue 1). 7 In May of 2006, FinCEN issued additional guidance in The SAR Activity Review: Tips, Trends & Issues (Issue 10) to clarify any ambiguity in the interpretation of the original guidance. Institutions continue to seek clarification about the phrase “initial detection”, and so FinCEN is issuing additional guidance with examples that illustrate appropriate timing for filing a SAR.

As clarified in the May 2006 SAR Activity Review: Tips, Trends & Issues (Issue 10), the phrase “initial detection” should not be interpreted as meaning the moment a transaction is highlighted for review. There are a variety of legitimate transactions that could raise a red flag simply because they are inconsistent with an accountholder’s normal account activity. A real estate investment (purchase or sale), or the receipt of an inheritance or gift, for example, may cause an account to have a significant credit or debit that would be inconsistent with typical account activity. An institution’s automated account monitoring system or initial discovery of activity, such as system-generated reports, may flag the transaction for review; however, this should not be considered initial detection of potential suspicious activity. The 30-day (or 60-day) period does not begin until an appropriate review is conducted and a determination is made that the transaction under review is “suspicious” within the meaning of the SAR regulations.

Institutions may have implemented multi-layer review procedures and/or systems in order to better detect and report suspicious activity. FinCEN recognizes that these multi-layer review processes may involve such steps as a red flag notice from an account monitoring system, a brief review by an analyst, and an investigation by an investigator. For example, an institution may have implemented an automated red flag system that detects unusual patterns in transactions. It may then utilize an analyst as a first step in determining whether the red flag notice is an obvious “false positive” or whether the activity should be forwarded to an investigator. In this example, the analyst makes no formal determination as to whether the activity may be suspicious based on the unusual transaction pattern and instead refers the matter to an investigator. After a period of appropriate review, the investigator determines whether the activity is suspicious. Thus, the date of initial detection is the date when the investigator has appropriately reviewed the activity and makes a determination that it is suspicious, not when the analyst refers the matter to the investigator. The following examples illustrate that the date of initial detection does not necessarily occur on the date of the transaction(s), the date when an automated system generates a notice or red flag alert, or the date when an employee initially reviews the transaction(s).

The following examples assume that the monetary thresholds have been met per the SAR regulation applicable to the specific type of institution. Note: Institutions are reminded that reviews of suspicious activity should be completed in a reasonable period of time.

Example 1

A customer makes two deposits of $9,900 over the course of two business days. On the third day, an alert teller notifies the BSA analyst that the customer has made deposits of just below $10,000 two days in a row. The analyst makes a determination that the two deposits of $9,900 are most likely indicative of structuring and therefore, the transactions are suspicious. That same day, the analyst refers the matter to the investigator and notes that the transactions are suspicious and likely involve intent to structure transactions to avoid CTR reporting requirements. The date of initial detection in this example is the date when the analyst was able to make a determination that the activity is suspicious. The institution has 30 days to file a SAR from the date of the analyst’s determination.

Example 2

An import/export business customer suddenly begins sending and receiving large wire transfers from high risk jurisdictions. The institution’s automated account monitoring system generates a red flag notification to the BSA officer, who conducts an initial review of the transactions. Given the complexity of the customer’s business, the BSA officer is not in a position to determine whether the transactions may be suspicious. The officer refers the information to the institution’s SAR investigator, who spends several days reviewing the customer’s transactions and researching the nature of the customer’s import/export business. After ten days of research, the investigator is able to make a determination that the activity does not appear to have a business or lawful purpose, and, therefore, the activity is suspicious. The day on which the investigator makes such a determination should be considered the date of the initial detection, and the institution has 30 days from that date to file a SAR.

Example 3

An individual purchases money orders at several agent locations of an institution within the same city on the same business day. The next day, the institution’s software system alerts the BSA assistant to the pattern of transactions. The assistant reviews the transactions and determines that transactions should be reviewed by the institution’s BSA officer. The officer commences a review and a few days later the officer identifies another series of transactions conducted by the individual but still does not have enough information to determine if the activity is suspicious. A week later, the individual initiates a wire transfer to a high risk jurisdiction and provides the agent’s employee with alarming information during a conversation. The employee informs the BSA officer of the updated information, and the officer makes a determination that the activity is suspicious, that a SAR should be filed, and that law enforcement should be contacted immediately. From that date, the institution has 30 days to file a SAR.”

Conclusion

The bottom line is that a financial institution must have reasonable procedures and processes to identify potential suspicious activity.  When they do this, the timeframe for SAR filing does not begin until the financial institution conducts a formal review of the transaction and determines it to be suspicious.  Once determined, the timeframe for SAR filing begins.