Inferensys

Glossary

Suspicious Activity Report (SAR)

A confidential document filed by a financial institution to alert regulatory authorities of a transaction that may involve money laundering, fraud, or other illicit activity.
Security analyst reviewing fraud detection AI on multiple screens, alert dashboards visible, dark mode monitoring setup.
REGULATORY FILING

What is a Suspicious Activity Report (SAR)?

A Suspicious Activity Report (SAR) is a confidential document filed by a financial institution to alert regulatory authorities of a transaction that may involve money laundering, fraud, or other illicit activity.

A Suspicious Activity Report (SAR) is a mandatory, confidential filing submitted by a financial institution to its national Financial Intelligence Unit (FIU) when a transaction or pattern of behavior suggests potential money laundering, fraud, terrorist financing, or other criminal conduct. It is the primary mechanism for alerting law enforcement to activity that has no apparent lawful purpose, serving as the critical output of an institution's anti-money laundering (AML) monitoring program.

The filing is triggered not by proof of a crime but by a 'reason to suspect,' often identified through transaction monitoring systems, behavioral profiling, or manual reviews. A SAR contains detailed narrative descriptions of the suspicious activity, involved parties, and transactional data, and must be filed within a strict regulatory timeframe—typically 30 days from detection. Strict confidentiality laws prohibit the institution from disclosing the existence of the report to the subject.

REGULATORY FILING ANATOMY

Core Characteristics of a SAR

A Suspicious Activity Report (SAR) is a confidential document filed by a financial institution to alert regulatory authorities of a transaction that may involve money laundering, fraud, or other illicit activity. The following cards break down its essential structural and procedural characteristics.

01

Confidentiality and Safe Harbor

The cornerstone of the SAR regime is strict confidentiality. Financial institutions and their employees are prohibited from notifying any person involved in the transaction that a SAR has been filed. This is paired with a safe harbor provision under the Annunzio-Wylie Anti-Money Laundering Act, which provides complete civil liability protection to institutions and employees who report suspicious activity, shielding them from lawsuits by the reported subjects.

  • Prohibition: Tipping off a subject is a federal criminal offense.
  • Protection: Absolute immunity from civil suits for reporting known or suspected criminal violations.
  • Scope: Covers the filing institution, its directors, officers, and employees.
02

Five Essential Components

A complete SAR filing is structured around five critical narrative and data components that allow law enforcement to assess and act upon the intelligence:

  • Subject Information: Full legal name, aliases, addresses, tax identification numbers, and government-issued ID details.
  • Suspicious Activity Characterization: A classification of the suspected crime from over 80 standardized categories (e.g., structuring, money laundering, terrorist financing, identity theft).
  • Financial Instrument Details: Specific accounts, wire transfers, monetary instruments, and virtual currency wallet addresses involved.
  • Transaction Narrative: A chronological, factual, and concise description of why the activity is suspicious, answering the who, what, when, where, and why.
  • Filing Institution Data: The filer's contact information, charter number, and primary federal regulator.
03

Mandatory Filing Timelines

The Bank Secrecy Act (BSA) imposes strict, non-negotiable deadlines for SAR submission, triggered by the date of detection of the suspicious activity:

  • 30-Day Rule: A SAR must be filed no later than 30 calendar days from the date the financial institution initially detects facts that may constitute a basis for filing.
  • 60-Day Extension: If no suspect can be identified on the date of detection, the institution may defer filing for an additional 30 calendar days (totaling 60 days) to positively identify a subject.
  • Immediate Threat: In cases involving potential terrorist financing or ongoing major crimes, immediate notification via a SAR and direct contact with law enforcement is required, bypassing standard timelines.
04

The Narrative: The Critical Element

The written narrative is the most scrutinized section of a SAR. It must transform raw transaction data into a coherent, actionable intelligence product. Effective narratives are:

  • Factual and Objective: Avoid speculation, conclusory statements, or unsubstantiated adjectives. Describe what happened, not what you suspect.
  • Chronological: Present events in the order they occurred to establish a logical flow of activity.
  • Complete: Explain why the activity is unusual for that specific customer or business type, referencing expected vs. actual behavior.
  • Clear: Use plain language accessible to agents and prosecutors who may lack specialized financial expertise. Define all acronyms on first use.
05

Continuing Activity SARs

When suspicious conduct persists after an initial filing, a continuing activity SAR is required. This is not a simple update but a comprehensive review of the ongoing scheme.

  • Filing Cadence: Must be filed at least every 120 calendar days from the date of the previous SAR on the same subject.
  • Cumulative Narrative: The narrative should summarize the initial suspicious activity and detail all new activity that occurred during the 120-day review period.
  • Threshold: A continuing SAR is only required if the aggregate suspicious activity during the review period meets or exceeds the mandatory filing threshold (if any) or continues to warrant law enforcement attention.
06

Supporting Documentation

While the SAR form itself is the primary filing, the institution must maintain a supporting documentation file for five years from the date of filing. This file is not submitted with the SAR but must be made available to regulators and law enforcement upon request.

  • Contents: Copies of transaction records, account statements, customer identification documents, internal investigation notes, and any other business records used to support the filing.
  • Identification: The file must be clearly identified as the supporting documentation for a specific SAR and be retrievable by the SAR's unique Document Control Number (DCN).
  • Prohibition: The supporting file must not contain any document that would reveal the existence of the SAR to the subject, such as a copy of the SAR narrative itself.
REGULATORY COMPLIANCE

Frequently Asked Questions

Clear, technically precise answers to the most common questions about the mechanics, requirements, and machine learning implications of filing a Suspicious Activity Report.

A Suspicious Activity Report (SAR) is a confidential, standardized document filed by a financial institution to alert a jurisdiction's Financial Intelligence Unit (FIU)—such as FinCEN in the United States—of a transaction or pattern of behavior that may involve money laundering, fraud, terrorist financing, or other illicit activity. The SAR process is a cornerstone of the risk-based approach to anti-money laundering (AML). It works by ingesting alerts generated from transaction monitoring systems and behavioral profiling engines. Once an alert is triaged and deemed a true positive by an investigator, a narrative is constructed detailing the money laundering typology observed, such as structuring or layering. The report is filed electronically, providing law enforcement with a critical lead for investigations. Crucially, a SAR is not an accusation of guilt but a disclosure of suspicion, and the filing institution is prohibited from notifying the subject, a provision known as the 'no-tipping-off' rule.

Prasad Kumkar

About the author

Prasad Kumkar

CEO & MD, Inference Systems

Prasad Kumkar is the CEO & MD of Inference Systems and writes about AI systems architecture, LLM infrastructure, model serving, evaluation, and production deployment. Over 5+ years, he has worked across computer vision models, L5 autonomous vehicle systems, and LLM research, with a focus on taking complex AI ideas into real-world engineering systems.

His work and writing cover AI systems, large language models, AI agents, multimodal systems, autonomous systems, inference optimization, RAG, evaluation, and production AI engineering.