January 19, 2021
The Financial Crimes Enforcement Network (FinCEN), jointly with the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC) (collectively, the Federal banking agencies), and in consultation with the staff of certain other federal functional regulators, is issuing answers to frequently asked questions (FAQs) regarding suspicious activity reports (SARs) and other anti-money laundering (AML) considerations for financial institutions covered by SAR rules.1 The answers to these FAQs clarify the regulatory requirements related to SARs to assist such financial institutions with their compliance obligations, while enabling financial institutions to focus resources on activities that produce the greatest value to law enforcement agencies and other government users of Bank Secrecy Act (BSA) reporting. The answers to these FAQs neither alter existing BSA/AML legal or regulatory requirements, nor establish new supervisory expectations; they were developed in response to recent Bank Secrecy Act Advisory Group (BSAAG) recommendations, as described in more detail in FinCEN’s Advance Notice of Proposed Rulemaking (ANPRM) on Anti-Money Laundering Program Effectiveness, published in September 2020.2
Question 1: Requests by Law Enforcement for Financial Institutions to Maintain Accounts
Can a financial institution maintain an account or customer relationship for which it has received a written “keep open” request from law enforcement, even though the financial institution has identified suspicious or potentially illicit activity?3
Yes. Law enforcement may have an interest in ensuring that certain accounts and customer relationships remain open notwithstanding suspicious or potential criminal activity in connection with the account. A financial institution may decide to maintain an account based on a written “keep open” request from a law enforcement agency, however, it is not obligated to do so. The written request should be specific and indicate both that the law enforcement agency has requested that the financial institution maintain the account, as well as the purpose and duration of the request.4 Keeping such an account open as requested may be highly useful to law enforcement and may further efforts to identify and combat money laundering, terrorist financing, and other illicit financial activities.
A financial institution should not be criticized solely for its decision to maintain an account relationship at the request of law enforcement or for its decision to close the account. Ultimately, the decision to maintain or close an account should be made by a financial institution in accordance with its own policies, procedures, and processes. It may be useful for financial institutions to maintain documentation of “keep open” requests, including after a request has expired. If financial institutions keep such an account open as requested by law enforcement, they are still required to comply with all applicable BSA requirements, including requirements to conduct ongoing risk-based monitoring, and, as appropriate, file SARs,5 including continuing activity SARs consistent with FinCEN guidance.6
Question 2: Receipt of Grand Jury Subpoenas/Law Enforcement Inquiries and SAR Filing
Should a financial institution file a SAR solely on the basis of receiving a grand jury subpoena or other law enforcement inquiries?
No. The receipt of a law enforcement inquiry, such as a grand jury subpoena, does not by itself indicate that the criteria requiring the filing of a SAR have been met. However, receipt of a grand jury subpoena or other law enforcement inquiry is pertinent information relevant to a financial institution’s overall assessment of risk and the risk profile for the relevant customer(s) and account(s). Generally, a financial institution will assess and review all relevant information it has about a customer that is the subject of a grand jury subpoena or other law enforcement inquiries, in accordance with its risk-based AML program. For example, the receipt of a grand jury subpoena should cause a financial institution to review relevant account activity and transactions.7
The financial institution should determine whether SAR filing is necessary based on its assessment of all information available and applicable regulatory requirements. If a financial institution files a SAR on a customer or transaction following the receipt of a grand jury subpoena or other law enforcement inquiry, the SAR should focus on the facts and circumstances that support a finding of suspicious activity rather than the subpoena or inquiry itself.8
Question 3: Maintaining a Customer Relationship Following the Filing of a SAR or Multiple SARs
Is a financial institution required to terminate a customer relationship following the filing of a SAR or multiple SARs?
No. There is no BSA regulatory requirement to terminate a customer relationship after the filing of a SAR or any number of SARs. The decision to maintain or close a customer relationship as a result of the identification of suspicious activity is a determination for a financial institution to make based on the information available to it, its assessment of money laundering or other illicit financial activity risks, and established policies, procedures, and processes.
Financial institutions have the flexibility to develop risk-based procedures and monitoring processes for the purpose of updating the customer risk profile and determining when to maintain or close accounts. Generally, financial institutions have policies, procedures, and processes in place that establish an escalation process for decisions to maintain or terminate customer relationships based on relevant factors, including SAR filing(s). These processes establish criteria, including when review by senior management and legal staff is warranted, for the decision to maintain or terminate the customer relationship in light of elevated risk factors. As indicated above, there is no specific number of SAR filings that a financial institution must consider to trigger any particular escalation step. Rather, the number of SAR filings and other factors that trigger escalation steps may vary based upon, among other things, the risk profile of the customer, including the geographical locations involved, the volume and type of transactions conducted by customers, the type of account, and the types of SARs filed by the financial institution in relation to the customer.9
Question 4: SAR Filing on Negative News Identified in Media Searches
Is a financial institution required to file a SAR based solely on negative news?
No. The existence of negative news related to a customer or other activity at a financial institution does not by itself indicate that the criteria requiring the filing of a SAR have been met, and does not automatically require the filing of a SAR by a financial institution. A financial institution may review media reports, news articles and/or other references to assist in its performance of customer due diligence, as well as its evaluation of any transactions or activity it considers unusual or potentially suspicious. For example, negative news may cause a financial institution to review customer activity as well as other related information, such as that of third parties with transactions involving the customer’s account. As with other identified unusual or potentially suspicious activity, financial institutions should comply with applicable regulatory requirements and follow their established policies, procedures, and processes to determine the extent to which it investigates and evaluates negative news, in conjunction with its review of transactions occurring by, at, or through the institution, to determine if a SAR filing is required.
Question 5: SAR Monitoring on Multiple Negative Media Alerts
If there are multiple negative news alerts based on the same event, is a financial institution expected to independently investigate each of those alerts?
No. In circumstances where there are multiple negative news alerts (as identified through monitoring for unusual or suspicious activity) based on the same underlying events, a financial institution does not need to independently investigate each alert, but rather may consider whether the alert contains new or different information that warrants further investigation or whether the negative news otherwise assists or informs the evaluation of the activity at issue. Many financial institutions maintain a process for managing a high volume of alerts generated by news. This type of process will allow the financial institution to identify and evaluate new information and assess whether to update customer information and risk profile, investigate transactions which may result in the filing of a SAR, or escalate or terminate a customer relationship, as appropriate consistent with its policies, procedures, and processes. Financial institutions have flexibility in developing risk-based procedures and monitoring processes for the purpose of complying with customer due diligence requirements and, where appropriate, consideration of negative news.10
Question 6: Information in Data Fields and Narrative
Do financial institutions need to repeat information in the SAR narrative that has already been included in other SAR data fields?
No. As stated in the SAR instructions, information provided in other sections of a SAR does not need to be repeated in the narrative unless necessary to provide a clear and complete description of the suspicious activity.11 Consistent with FinCEN’s SAR instructions, financial institutions should focus the SAR narrative on the information necessary to enable the reader to understand the activity reported, including what was unusual or irregular about the activity that caused suspicion. For example, granular detail (such as subject identification data) that is reported in the appropriate SAR data fields does not need to be repeated in the SAR narrative, unless such information is necessary to clearly describe the activity reported. Additionally, the SAR narrative may benefit from information about the suspicious activity that may not be readily evident from SAR data fields alone, such as an explanation about why the filer selected different characterizations of suspicious activity in the SAR data fields. Note, however, that FinCEN Advisories may include requests for financial institutions to incorporate certain terms in SAR field 2 (Financial Institution Note to FinCEN) and in the narrative to indicate a connection between the suspicious activity being reported and the subject of an advisory.12
Question 7: SAR Character Limits
Should financial institutions file additional SARs on the same suspicious activity to accommodate narratives that are longer than the SAR narrative character limits?
No. Filers must provide a clear, complete, and concise description of the suspicious activity that led to the decision to file the SAR.13 A financial institution that reaches the SAR narrative character limit should not file an additional SAR to continue a narrative in order to avoid duplicate filings on the same activity in the database.14 Instead, filers should focus the relevant information in the narrative as much as possible, and may include additional, relevant information as an attachment to the SAR, or note that it is available as supporting documentation.
To keep narratives within the character limit and enable efficient review of information (such as transaction records) that is displayed most clearly in tabular format, filers can include a single comma-separated values (CSV) file with no more than one megabyte of data as an attachment to a SAR. If a filer wishes to include information in a tabular format in a SAR, the CSV attachment should be used; filers should not include tabular information within the SAR narrative.
Filers must retain all supporting documentation or a business record equivalent for five years from the date of the report.15 All supporting documentation (such as copies of instruments; receipts; sale, transaction or clearing records; photographs; and surveillance audio or video recordings) must be made available to appropriate authorities upon request.16
1 Financial institutions subject to SAR requirements include: Banks (31 CFR § 1020.320), Casinos and Card Clubs (31 CFR § 1021.320), Money Services Businesses (31 CFR § 1022.320), Brokers or Dealers in Securities (31 CFR § 1023.320), Mutual Funds (31 CFR § 1024.320), Insurance Companies (31 CFR § 1025.320), Futures Commission Merchants and Introducing Brokers in Commodities (31 CFR § 1026.320), Loan or Finance Companies (31 CFR § 1029.320), and Housing Government Sponsored Enterprises (31 CFR § 1030.320).
3 The response provided to this question clarifies current regulatory requirements. Under the recently-enacted Anti-Money Laundering Act of 2020, the Secretary of the Treasury is required to issue guidance on the required elements of a keep open request, which is forthcoming. See § 6306 of the Anti-Money Laundering Act of 2020, Pub. L. No. 116-283, §§ 6001 – 6511 (enacted as Division F of the National Defense Authorization Act for Fiscal Year 2021).
4 A written request from a federal law enforcement agency should be issued by a supervisory agent or by an attorney within a United States Attorney’s Office or another office of the Department of Justice. If a state or local law enforcement agency requests that an account be maintained, then the financial institution should obtain a written request from a supervisor of the state or local law enforcement agency or from an attorney within a state or local prosecutor’s office. For additional guidance about the content of “keep open” requests, see “Requests by Law Enforcement for Financial Institutions to Maintain Accounts,” available at (opens new window).
5 See 12 CFR 208.62, 211.5(k), 211.24(f), and 225.4(f) (Federal Reserve); 12 CFR 353 (FDIC); 12 CFR 748.1(c) (NCUA); 12 CFR 21.11 and 12 CFR 163.180 (OCC); and 31 CFR Chapter X (FinCEN).
8 Financial institutions are reminded that grand jury proceedings and certain law enforcement inquiries may be subject to specific confidentiality provisions. For example, National Security Letters are subject to certain disclosure prohibitions. See, e.g., (opens new window) at p. 36.
9 As referenced in Question 1, there may be instances where law enforcement requests a financial institution to maintain an account relationship, notwithstanding potential suspicious activity, and the financial institution should continue filing SARs, or continuing activity SARs, as applicable.
10 Customer Due Diligence (CDD) regulations (31 CFR §§ 1020.210, 1021.210, 1022.210, 1023.210, 1024.210, 1025.210, 1026.210, 1027.210, 1028.210, 1029.210, and 1030.210) do not categorically require the performance of media searches or particular screenings. However, in certain circumstances, a financial institution might assess, on the basis of risk, that a customer presents a higher risk profile and, accordingly, collect more information (such as media searches) to better understand the customer relationship. Such information also assists a financial institution in determining when transactions are potentially suspicious. See, e.g., “Frequently Asked Questions Regarding Customer Due Diligence Requirements for Covered Financial Institutions,” August 3, 2020, (opens new window).
14 A SAR narrative can have a maximum of 20,000 characters. For more information, see FinCEN Suspicious Activity Report Electronic Filing Requirements, last updated July 2020, available at: (opens new window) at p. 105.
15 31 CFR § 1010.430; 31 CFR § 1010.320; subpart C of the relevant financial institution part of 31 CFR Chapter X.
16 31 CFR § 1010.320; subpart C of the relevant financial institution part of 31 CFR Chapter X.