← All articles
·8 min read

SAR Filing Guide: When to File a Suspicious Activity Report and How to Do It Right

A practical guide to Suspicious Activity Reports (SARs): the $5,000 threshold, the 30-day filing deadline, FinCEN Form 111, common red flags, and how to write a defensible SAR narrative.

A Suspicious Activity Report — SAR — is the primary tool U.S. financial institutions use to alert FinCEN to transactions that appear to involve money laundering, terrorist financing, structuring, fraud, or other criminal activity. It is filed on FinCEN Form 111 and, unlike a Currency Transaction Report, it is not triggered by a fixed dollar amount but by suspicion supported by facts.

Banks, credit unions, money services businesses, casinos, broker-dealers, and (since 2024) certain investment advisers all have SAR obligations under the Bank Secrecy Act. The trigger is broad: any transaction involving at least $5,000 in aggregate that the institution knows, suspects, or has reason to suspect involves illegal activity, is designed to evade a BSA requirement, has no apparent lawful purpose, or facilitates criminal activity — regardless of whether the funds actually derive from illegal sources.

Timing is strict. A SAR must be filed within 30 calendar days of the initial detection of facts that may constitute a basis for filing. If no suspect has been identified on the detection date, the deadline extends by 30 days, for a total maximum of 60 days. Late filings are a top-five exam finding and can carry per-violation penalties plus reputational consequences.

Common red flags that drive SARs include structuring (multiple cash transactions just under $10,000), rapid movement of funds through multiple accounts with no apparent business purpose, transactions inconsistent with the customer's known profile, use of shell companies with opaque beneficial ownership, sudden high-value activity from a previously dormant account, and any hit or near-hit against OFAC, EU, UK or UN sanctions lists that isn't cleanly ruled out. Adverse media on a customer — especially involving fraud, corruption, or organized crime — is also a filing trigger under most institutional policies.

The narrative is where SARs succeed or fail. FinCEN and law enforcement rely on the free-text narrative to understand the 'who, what, when, where, why, and how' of the activity. A defensible narrative is chronological, specific about amounts and dates, names all parties and accounts involved, describes the suspected violation category, and explains why the activity is suspicious in the context of the customer's known profile. Avoid legal conclusions, boilerplate, and vague adjectives like 'unusual' without facts.

Confidentiality is absolute. Under 31 U.S.C. § 5318(g)(2), a financial institution and its employees are prohibited from disclosing to the subject that a SAR has been filed — including in response to subpoena or discovery in civil litigation, absent a court order or FinCEN authorization. Tipping-off is a federal crime. Internal SAR files must be segregated with restricted access, and the SAR itself is never referenced in customer-facing communications.

SARs and sanctions screening are tightly linked. Every SAR-worthy event should trigger a re-screen of the subject and all counterparties against OFAC SDN, OFAC Consolidated, EU, UK, and UN lists — hits change the filing calculus and may add a Blocked Transaction Report to Treasury alongside the SAR. Institutions increasingly attach screening results and audit PDFs to the SAR file to demonstrate the sanctions leg of their diligence.

The practical SAR workflow: detect via automated monitoring or referral, gather facts within 24–48 hours, run enhanced due diligence including sanctions and PEP screening, draft the narrative, get sign-off from the BSA Officer, file within 30 days, retain the SAR and supporting documentation for five years, and consider a continuing-activity SAR every 90 days if the behavior persists. Document every step — examiners review the file, not just the form.

SanctionsScreening supports the sanctions-screening leg of SAR workflows with unified OFAC, EU, UK and UN searches, PDF audit reports you can attach to the SAR package, and an API for automated screening triggered by your monitoring alerts. Run a free search from sanctionsscreening.io or see the pricing page for team and API tiers.

Try it free on SanctionsScreening.io

Run a free sanctions search against OFAC, EU, UK and UN lists — no signup required.