Frequently Asked Questions Regarding the FinCEN Suspicious Activity Report (SAR)

The following frequently asked questions (FAQs) have been provided to assist financial institutions in their use of the FinCEN SAR, which, as of April 1, 2013, is the only acceptable format for submitting suspicious activity reports to FinCEN. FinCEN will issue additional FAQs and guidance as needed.

FAQs associated with the Home page of the FinCEN SAR


1. What are the expectations for completing the Items with an asterisk (“critical”) and without an asterisk (“non-critical”) found on the FinCEN SAR or any other FinCEN report?

As explained in FinCEN’s March 2012 guidance (FIN-2012-G002), for both critical and non-critical elements, financial institutions should complete those Items for which they have relevant information, regardless of whether or not the individual Items are deemed critical for technical filing purposes.

For critical Items, financial institutions must either provide the requested information or affirmatively check the “Unknown” (Unk.) box that is provided on the FinCEN SAR and FinCEN Currency Transaction Report (CTR) (or any other FinCEN Report).

For non-critical Items, FinCEN expects financial institutions will provide the most complete filing information available within each report consistent with existing regulatory expectations. Based upon feedback from law enforcement officials, such information is important for query purposes. However, the new FinCEN SAR and FinCEN CTR do not create any new obligations to collect data, either manually or through an enterprise-wide IT management system, where such collection is not already required by current statutes and regulations, especially when such collection would be in conflict with the financial institution’s obligations under any other applicable law. Therefore, a financial institution may leave non-critical fields without an asterisk blank when information is not readily available.

2. How do I meet my underlying obligation to submit a complete and accurate report if my filing software does not allow me to include known information for a field without an asterisk? (SAR)

FinCEN expects financial institutions to have the capability to submit information for any of the data fields in the FinCEN SAR or CTR (or any other FinCEN report). In general, if your financial institution’s filing software does not permit the institution to include information in a field without an asterisk where information has been collected and is pertinent to the report, the financial institution should instead complete a discrete filing for those transactions until the software is updated. If a filing has been submitted in which such information was not included because of such a limitation in the filing software, an amended filing should be completed using either the discrete filing method or an amended batch filing, once the software is updated. Such software updates should be implemented within a reasonable period of time.

If your institution has questions regarding the applicability of this general guidance, please contact the FinCEN Regulatory Helpline at (800) 949-2732 for further information.

3. When I log into BSA E-Filing, I do not see the new FinCEN SAR.

“General users” of the Bank Secrecy Act (BSA) E-Filing System can only view those reports that the “supervisory user” has given them permission to see. If you cannot view or access the new FinCEN SAR, please contact your supervisory user to request access.

Supervisory users of the BSA E-Filing System are able to view all available FinCEN reports when they log into the BSA E-Filing System. The supervisory user must grant access for the general users to be able to view the new FinCEN reports.

To do so, a supervisory user first must:

1. Log into the BSA E-Filing System.

2. Select “Manage Users” from the left-hand side under “User Management.”

3. Select the general user whose access roles require updating.

4. Select “Reassign Roles.”

Upon reaching the next webpage, the supervisory user must:

1. Select the roles (“FinCEN SAR Filer,” “FinCEN SAR Batch Filer,” “FinCEN CTR Filer,” “FinCEN CTR Batch Filer,” “FinCEN DOEP Filer,” “FinCEN DOEP Batch Filer,” etc.) in the “Remaining Roles” box that need to be added for the general user.

2. Move those selected roles to the “Current Roles” box and select “Continue.”

After all these steps are completed, the general user will now have access to the selected new roles and can access the new FinCEN reports.

4. Where can I find the instructions for completing the new FinCEN SAR?

Electronic filing instructions can be found in Attachment C of the “FinCEN SAR Electronic Filing Requirements” document. This document can be found under “User Quick Links” of the BSA E-Filing System homepage (http://bsaefiling.fincen.treas.gov/main.html ) or on the “Forms” page of the FinCEN Web site (https://www.fincen.gov/forms/bsa_forms/).

Additionally, instructions are embedded within the discrete filing version of the FinCEN CTR and are revealed when scrolling over the relevant fields with your computer “mouse.”

5. What do I enter for “Filing Name”? (SAR)

The filing name can be any name the financial institution chooses to use to identify the specific filing (e.g., Bank SAR 4-4-2013). The process for assigning filing names is for the financial institution to decide, and can assist the financial institution in tracking its BSA filings. We recommend using a naming convention that will be easy to understand and track for recordkeeping and audit/examination purposes. FinCEN strongly recommends, however, that FinCEN SAR file names not include the names of subjects as this may lead to the inappropriate disclosure of the SAR, which is prohibited by law and regulation.

6. How do I file a corrected/amended FinCEN SAR via the BSA E-Filing System?

Filers attempting to submit a corrected/amended SAR via the BSA E-Filing System should check “Correct/amend prior report” and enter the previous Document Control Number (DCN)/BSA Identifier (ID) in the appropriate field. The filer should complete the FinCEN SAR in its entirety, including the corrected/amended information and noting those corrections at the beginning of the narrative, save (and print, if desired) a copy of the filing, and submit the filing. The corrected/amended FinCEN SAR will be assigned a new BSA ID.

To find your DCN/BSA ID for the previous filing, you will need the acknowledgement received by the general user after successfully submitting the report into the BSA E-Filing System. All general users assigned access to the new FinCEN reports automatically receive these acknowledgements. Filers can choose to receive these acknowledgements in an “ASCII” or “XML” format. Please also note that supervisory users cannot view the contents of the acknowledgements received by the general users.

7. How do I correct/amend a prior SAR filing via the BSA E-Filing System if I do not have the prior DCN/BSA ID?

If the previous DCN/BSA ID is not known, filers should enter all “zeros” (14 in total) for the previous DCN/BSA ID. This information was published in a Notice on October 31, 2011. This notice is applicable to corrections/amendments for any previous filing. The filer should complete the FinCEN SAR in its entirety, including the corrected/amended information and noting those corrections at the beginning of the narrative, save (and print, if desired) a copy of the filing, and submit the filing. The corrected/amended FinCEN SAR will be assigned a new BSA ID that will be sent to the filer in the FinCEN SAR acknowledgement. The new BSA ID will begin with the number “31.”

8. Can we obtain a copy of a FinCEN SAR that we filed using the BSA E-Filing System?

The BSA E-Filing System is not a record keeping program; consequently, filers are not able to access or view previously filed reports. The BSA E-Filing System does provide tracking information on past report submissions and acknowledgements for accepted BSA reports. Users of the BSA E-Filing System must save and can print a copy of the FinCEN SAR prior to submitting it. FinCEN does not provide copies of filed reports to filers.

9. When should I save the copy of the FinCEN SAR that is being filed using the BSA E-Filing System?

A BSA filing may be saved at any stage of completion and then reopened at a later time to complete and submit into the BSA E-Filing System. You must electronically save your filing before it can be submitted into the BSA E-Filing System. NOTE: The BSA E-Filing System is not a record keeping program. When saving a BSA filing, users must save the filing to their computer, network, or other appropriate storage device. For additional information about recordkeeping requirements under the BSA, please refer to 31 CFR § 1010.430 and FAQ #11.

Please note that the BSA E-Filing System will log filers off the system after a certain time period if there is no action within the account, even if the filer is working within the FinCEN SAR. For that reason, FinCEN strongly recommends that filers download the FinCEN SAR template, log out of BSA E-Filing, complete the FinCEN SAR off-line, and then log back into BSA E-Filing to upload and submit the report.

10. Where can I save a report being filed electronically??

A filer can electronically save the filing to his/her computer hard drive, a network drive, or other appropriate storage device. By clicking on the “Save” button a standard dialog box will appear to allow you to choose the location for your saved report. Once the report is saved, the “Submit” button will become available. A filer may also want to print a paper copy for your financial institution’s records.

A filer should NOT save a copy of the report on a public computer or a computer that is not regularly accessed by the filer. This will ensure that the file remains appropriately secured.

11. What are my recordkeeping requirements when I submit a file electronically? (SAR)

After submitting a report via the BSA E-Filing System, filers are required to save a printed or electronic copy of the report in accordance with applicable record retention policies and procedures. Filers are reminded that they are generally required to keep copies of their filings for five years. See 31 CFR § 1010.306(a)(2), 31 CFR § 1010.330(e)(3), 31 CFR § 1010.340(d), 31 CFR § 1020.320(d), 31 CFR § 1021.320(d), 31 CFR § 1022.320(c), 31 CFR § 1023.320(d), 31 CFR § 1024.320(c), 31 CFR § 1025.320(d), 31 CFR § 1026.320(d), 31 CFR § 1029.320(d), and 31 CFR § 1022.380(b)(1)(iii).

12. What are the steps for properly submitting a single (discrete) FinCEN SAR filing through the BSA E-Filing System

Please ensure all of the following steps are followed when completing a single FinCEN SAR:

1. Complete the report in its entirety with all requested or required data known to the filer.

2. Click “Validate” to ensure proper formatting and that all required fields are completed.

3. Click “Sign with PIN” – Enter the personal identification number (PIN) the BSA E-Filing System has assigned to your user ID. If you do not know your PIN, please click on the “Manage PIN” link in the left navigation menu for your PIN to be displayed.

4. Click “Save” – Filers may also “Print” a paper copy for their records. The “Save” button will allow you to select the location to save your filing.

5. Click “Submit” – After clicking “Submit,” the submission process will begin.

13. How can I validate that my discrete filing submission was accepted properly by the BSA E-Filing System?

After clicking “Submit,” the submission process begins. Once your filing is accepted into the BSA E-Filing System, a “Confirmation Page” pop-up will appear with the following information:

  • Tracking ID (A unique tracking ID assigned to the filing by BSA E-Filing)
  • Date and time of the submission
  • Submission Type
  • Owner (submitter) Name
  • Owner (submitter) email address
  • Filing Name

An email will also be sent to the email address associated with your BSA E-Filing account indicating your submission has been “Accepted” for submission into the BSA E-Filing System. .

If the Confirmation Page pop-up is not displayed, your filing was not accepted for submission by the BSA E-Filing System. If you are returned to the BSA E-Filing System login page, your connection has timed out and you must login to the BSA E-Filing System and resubmit your report. It is recommended that you first close out of your browser and then re-open it before attempting to log into the BSA E-Filing System again.

Once your report is accepted and a confirmation page pop-up is displayed, the status of your report can be viewed by clicking on the “Track Status” link on the left navigation menu. The status will appear as “Accepted.”

Within 48 hours, your report will be formally acknowledged as having been successfully processed for inclusion in FinCEN’s data base. The status will change to “Acknowledged” in the “Track Status” view. In addition, a secure message containing the official BSA ID assigned to your report will be sent to your “Secure Mailbox.”

FAQs associated with Part I of the FinCEN SAR

14. Why are the numbers on the fields in the FinCEN SAR out of order

When initially published for public comment, the FinCEN SAR was structured and numbered consistent with the overall format for all the new FinCEN Reports, to include multiple Parts and beginning with the information about the persons involved in the transactions. As a result, the FinCEN SAR starts the numbering of line items on the initial “submission” page as with all the other reports, and continues the numbering in the order of Parts I, II, III, IV, and V, with some minor exceptions.

To accommodate better the dynamic nature of the report, FinCEN determined that it would be more helpful for the filing institution information in Part IV and Part III to be completed before moving to the description of the suspect and the suspicious activity. In doing so, this shifted the order of the Office of Management and Budget (OMB)-approved fields and their associated numbers within the FinCEN SAR.

 

While the ordering may initially be confusing, there is a significant benefit to the filer in completing Parts IV and III first. By identifying the filer’s institution type (depository institution, broker-dealer, MSB, insurance, etc.), name of the institution, the filer’s financial institution identification number (e.g., Research, Statistics, Supervision, and Discount or RSSD)/Employer Identification Number (EIN), and its address, the report enables or ‘‘auto populates’’ certain data elements elsewhere in the report. The institution can then complete the specific information on the subject(s) and nature of the suspicious activity using the data elements that have been enabled as most appropriate to its type of financial institution. In the case of a report filed jointly by two or more financial institutions, all data elements will be available for selection. Should a single filer require access to additional elements not typical for the filer’s type of financial institution, the filer can enable those other data elements for selection.

15. How do I determine whether or not to indicate a North American Industry Classification System (NAICS) Code?

FinCEN previously issued guidance in March 2012 that addressed the selection of the NAICS Code on the FinCEN SAR and FinCEN CTR. FinCEN emphasized that financial institutions will continue to be expected to provide only that information for which they have direct knowledge. As noted in that guidance, the issuance of the FinCEN SAR does not create any new obligation or otherwise change existing statutory and regulatory requirements for the filing institution. In addition, use of a NAICS code is not mandatory, and a financial institution may still provide a text response with respect to this information within the “Occupation” field.

Please note that batch filers must use only the 3-4 digit NAICS codes on our approved list of codes. Discrete filers can select from the available drop-down list embedded within the SAR.

Please refer to FIN-2012-G002 for further information.

FAQs associated with Part II of the FinCEN SAR

16. What is the filing timeframe for submitting a continuing activity report?

FinCEN provided clarifying guidance on this question in Section 4 (Page 53) of SAR Activity Review Trends, Tips, & Issues #21. The guidance states “Financial institutions with SAR requirements may file SARs for continuing activity after a 90-day review with the filing deadline being 120 days after the date of the previously related SAR filing. Financial institutions may also file SARs on continuing activity earlier than the 120-day deadline if the institution believes the activity warrants earlier review by law enforcement.”

So, for filings where a subject has been identified, the timeline is as follows:

  • Identification of suspicious activity and subject: Day 0.
  • Deadline for initial SAR filing: Day 30.
  • End of 90 day review: Day 120.
  • Deadline for continuing activity SAR with subject information: Day 150 (120 days from the date of the initial filing on Day 30).
  • If the activity continues, this timeframe will result in three SARs filed over a 12-month period.
17. The FinCEN SAR does not include the suspicious activity characterization of “computer intrusion” that was provided in the legacy SAR-DI. Is that definition still valid?

How does it differ from “account takeover” and how should I apply previous FinCEN guidance on this topic within the FinCEN SAR?

For purposes of the FinCEN SAR, the term “computer intrusion” has been replaced by the term “unauthorized electronic intrusion”; but that new term continues to be defined as gaining access to a computer system of a financial institution to:

a. Remove, steal, procure, or otherwise affect funds of the institution or the institution’s customers.

b. Remove, steal, procure or otherwise affect critical information of the institution including customer account information.

c. Damage, disable or otherwise affect critical systems of the institution.

For purposes of this reporting requirement, unauthorized electronic intrusion does not mean attempted intrusions of websites or other non-critical information systems of the institution that provide no access to institution or customer financial or other critical information. Please note: the term “unauthorized electronic intrusion” does not include incidents that temporarily interrupt or suspend online services, which are commonly referred to as “Distributed Denial of Service (DDoS)” attacks. FinCEN intends to issue further guidance on the reporting of DDoS attacks.

When completing the FinCEN SAR on activity that previously would have been identified as “computer intrusion,” financial institutions now should check 35q “Unauthorized electronic intrusion.” Since more than one type of suspicious activity may apply, the financial institutions should check all boxes that apply when completing Items 29 through 38. In addition, financial institutions should provide a detailed description of the activity in the narrative section of the SAR.

“Account takeover” activity differs from other forms of computer intrusion, as the customer, rather than the financial institution maintaining the account, is the primary target. In an account takeover, at least one of the targets is a customer holding an account at the financial institution and the ultimate goal is to remove, steal, procure or otherwise affect funds of the targeted customer.

The following explains how to apply the guidance provided in FinCEN advisory FIN-2011-A016 when using the FinCEN SAR:

  • Financial institutions should select box 35a (Account takeover) to report that type of suspicious activity. If the account takeover involved computer intrusion/unauthorized electronic intrusion, institutions also should check box 35q (Unauthorized electronic intrusion).
  • If the account takeover involved other delivery channels such as telephone banking or fraudulent activities such as social engineering, financial institutions can check box 35a (Account takeover) and other appropriate suspicious activity characterizations; for example, the involvement of mass marketing fraud could be identified by checking box 31h.
  • If the account takeover involved a wire transfer, then in addition to selecting box 35a (Account takeover), box 31j for "Wire fraud" should be checked.
  • If the account takeover involved an ACH transfer, financial institutions should select box 35a (Account takeover) and box 31a for “ACH fraud.”
  • Account takeovers often involve unauthorized access to PINs, account numbers, and other identifying information. Financial institutions may need to check box 35g for "Identity theft," in addition to selecting box 35a (Account takeover).
  • In addition to the above guidance, financial institutions should select any other characterization boxes appropriate to the identified suspicious activities (e.g., box 30a or 30z for "Terrorist financing"). If there is other related activity for which there is not a clear characterization selection, check box 31z (Other) if the activity is related to fraud or box 35z (Other) if it is related to other suspicious activity. Include a short description of the additional information in the space provided with those selections.

FAQs associated with Part III of the FinCEN SAR

18. How do we complete Item 56/68 on the new FinCEN SAR which asks for the financial institution or branch’s “role in transaction,” and provides options for “Selling location,” “Paying Location,” or “Both”?

The new FinCEN SAR is a “universal” SAR as it combines elements from the various legacy SAR forms that FinCEN previously issued. While Items 56 and 68 were elements of the legacy “SAR-MSB,” they may be applicable to other types of financial institutions, providing useful information to law enforcement. Items 56 and 68 are non-critical fields, however, and only need to be completed if they are applicable to the activity being reported. As an example, if the activity being reported on the FinCEN SAR involved only the structuring of cash deposits, then a financial institution would not complete Items 56 or 68, as the institution was neither a “paying” nor “selling” location in the activity being reported. As another example, if the activity being reported on the FinCEN SAR involved unauthorized pooling of funds, then a financial institution would not complete Items 56 or 68, as the institution was neither a “paying” nor a “selling” location in the activity being reported.
On the other hand, if the activity being reported on the FinCEN SAR involved the suspicious purchasing of cashier’s checks by a customer, then a financial institution would check Item 46a “Bank/Cashier’s check,” and use Item 56 to indicate that the filing institution was the “Selling location.” If the sale of cashier’s checks included activity occurring at branch locations, then in completing the section for “Branch where activity occurred,” the financial institution would use Item 68 to identify the additional branches as “Selling location(s)” for the customer cashier’s checks. To add additional branches to the FinCEN SAR, click on the “+” icon to bring up additional sections in which to include the information related to those branches.
The “Webinar on the FinCEN SAR” located on the “Financial Institutions” homepage of www.fincen.gov provides additional examples of the appropriate use of these fields.

19. I represent a depository institution and I would like to know my financial institution identification type on the SAR. Do I include the branch level or financial institution level information?

A depository institution would select the Research, Statistics, Supervision, and Discount (RSSD) number. You can find your institution’s RSSD number at http://www.ffiec.gov/nicpubweb/nicweb/nichome.aspx or http://www.ffiec.gov/find/callreportsub.htm.

You would include the RSSD number associated with the “Filing Institution” in Item 81 (Part IV) and that of the “Financial Institution Where Activity Occurred” in Item 57, which could be a branch location. When the activity being reported occurs at additional branch locations, you should include the RSSD number associated with the additional branch(s) in Item 70.

If the branch location at which the activity occurred does not have an RSSD number, however, leave that Item blank. This may occur if an RSSD number has not yet been issued for a new branch, but we expect few depository institutions to not have an RSSD for each branch. If the branch has the same RSSD number as the financial institution as a whole, you should use the overall financial institution RSSD number. This will occur with credit unions.

Please note that it is important to have the information within the filing regarding the branch or other location at which the activity occurred as complete and accurate as possible. This greatly assists law enforcement in understanding where the activity occurred.

FAQs associated with Part IV of the FinCEN SAR
 

20. What information should be provided in Items 78 – 90 in Part IV of the FinCEN SAR

Part IV records information about the lead financial institution, holding company, agency, or other entity that is filing the FinCEN SAR. Below are examples of how Part IV would be completed in various scenarios.

a. A Bank Holding Company (BHC) has implemented an enterprise-wide approach to their compliance program. As a result, the BHC will file all required reports with FinCEN. In this scenario, Part IV would be completed with the information of the BHC, and then a Part III would be completed with the information of the financial institution where the activity occurred. If the activity occurred at additional branch locations, then that information would be entered in Items 64 – 70, and would be repeated as many times as necessary. In Part IV, the filing institution should enter the name of the office that should be contacted to obtain additional information about the report.

b. A single depository institution with multiple branches files their SARs out of the home office of the depository institution. In this scenario, Part IV would be completed with the information of the home office of the depository institution, and then a Part III would be completed for the depository institution location where the activity occurred. If the activity occurred at additional branch locations of the depository institution, then that information would be entered in Items 64 – 70, and would be repeated as many times as necessary. In Part IV, the filing institution should enter the name of the contact office that should be contacted to obtain additional information about the report.

c. A depository institution and a money services business (MSB) decide to file a joint SAR together, agreeing that the depository institution would file the SAR. Part IV would be completed with the information of the depository institution that is filing the SAR. A Part III would be completed for the depository institution’s locations where the activity occurred. If the activity occurred at additional branch locations of the depository institution, then that information would be entered in Items 64 – 70, and would be repeated as many times as necessary.

In addition, a Part III would be completed for the MSB’s location where the activity occurred. If the activity occurred at additional branch locations of the MSB, then that information would be entered in Items 64 – 70, and would be repeated as many times as necessary.

The filing institution listed in Part IV “Filing Institution Contact Information” must identify in Part V “Suspicious Activity Information – Narrative” which of the Part III “Financial Institution Where Activity Occurred” institutions are the joint filers. The filing institution must include joint filer contact information in Part V, along with a description of the information provided by each joint filer. In Part IV, the filing institution should enter the name of the office that should be contacted to obtain additional information about the report. If a joint SAR is being prepared, please refer to General Instruction 5 “Joint Report ” for additional instructions.

Please note that a branch is a location (such as an office or ATM) owned by the financial institution but located separately from the financial institution’s headquarters. If a reporting financial institution has agents where the suspicious activity occurred, a separate Part III must be prepared on each agent. An agent is an independent financial institution (such as a supermarket that sells money orders or an independent insurance agent) that has a contractual relationship with the reporting financial institution to conduct financial transactions. Do not place agent information in branch fields.

21. Item 96 now asks for a contact office and not a contact person. What information should be provided in this field?

The filing institution should enter the name of the office that should be contacted to obtain additional information about the report. It is the filing institution’s choice as to which office this should be. Examples may include “Compliance Office,” “Security Office,” “BSA Office,” or “Risk Management Office.” The office may or may not be located at the location identified in the same Part IV.

22. Item 97 asks for the filing institution’s contact phone number. Should this be the number associated with the contact office noted in Item 96?

Yes, the filing institution’s contact phone number should be the phone number of the contact office noted in Item 96.

Additional questions or comments regarding these FAQs should be addressed to the FinCEN Regulatory Helpline at 800-949-2732. Financial institutions wanting to report suspicious transactions that may relate to terrorist activity should call the Financial Institutions Toll-Free Hotline at (866) 556-3974 (7 days a week, 24 hours a day). The purpose of the hotline is to expedite the delivery of this information to law enforcement. Financial institutions should immediately report any imminent threat to local-area law enforcement officials.

23. How must I complete FinCEN SAR Item 29 “Amount involved in this report” when I have no amount or I have multiple amounts involving different transaction types?

Item 29 records the total amount involved in the suspicious activity for the time period of the SAR. Multiple amounts will be aggregated and the total recorded in Item 29. This requirement applies even when the amounts involve different transaction types, such as when some are deposits and some are withdrawals. All amounts are aggregated and recorded as the total amount. If some amounts are known and some are unknown, the known amounts are aggregated and the total is recorded in Item 29. Unknown amounts are explained in the narrative. If the amount or all amounts involved in the suspicious activity are unknown, box 29a “Amount unknown” is checked and the Item 29 amount field is left blank. Explain in the narrative why the amount or amounts are unknown. Check box 29b “No amount involved” and leave the amount field blank if the suspicious activity did not involve any monetary amounts. Never enter “0” in the Item 29 amount field under any circumstance. Never enter a small amount such as $1 or $5 to complete the amount field when that entry is not the actual amount involved. If the FinCEN SAR is a continuing activity SAR, enter in Item 29 only the total of amounts that are involved during the time period of the FinCEN SAR. Do not include amounts from prior FinCEN SARs in Item 29. Prior FinCEN SAR amounts and the current FinCEN SAR total amount are aggregated in Item 31 “Cumulative amount only if box 1c (continuing activity report) is checked.”