1st Review of the Suspicious Activity Reporting System (SARS)

First Review of the Suspicious Activity Reporting System

April 1998

Statement from the Acting Director, FinCEN

The Suspicious Activity Reporting System (SARS), created by the five federal financial supervisory agencies and the Financial Crimes Enforcement Network (FinCEN), is two years old. SARS has processed approximately 150,000 reports of suspicious activity submitted by depository institutions. Those reports are available electronically, in their entirety, to the system’s builders, to five federal law enforcement agencies (with two additional agencies about to be added to the list), 52 state and territorial law enforcement agencies, and 25 state bank regulators.

The development and operation of SARS is a special responsibility and a special challenge. SARS was designed to be the centerpiece of a new approach to using the Bank Secrecy Act (BSA) to fight financial crime, and involved an unparalleled attempt to build an explicit and continuous data flow about potentially serious activity among:

depository institutions detecting that activity;

the five federal financial supervisory agencies (the Federal Reserve Board, Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Office of Thrift Supervision, and National Credit Union Administration), and the Treasury Department’s FinCEN; and

law enforcement officials throughout the United States.

Under the system, FinCEN is designated as the single filing point for suspicious activity reports and is responsible for distributing the information within the government. FinCEN is also responsible for analyzing this information and providing the resulting intelligence to investigators, regulators, and the banking industry.

None of these goals can be accomplished unless everyone involved understands how SARS is organized, how it is working (or failing to work), and what steps can be taken to expand its sophistication and effectiveness and correct its shortcomings. This "1st Review of the Suspicious Activity Reporting System" covers each of these areas.

Therefore, this document is (as any first review must be) an "interim" statement that focuses on the challenges ahead. I think that readers of this review will gain a clear sense of what has been done; perhaps, and equally important, it is hoped that readers will also gain an understanding as to what remains to be done to continue to move SARS closer to its objectives, especially in the fight against money laundering.

Without the banking community’s efforts and continuing support, SARS would not be a reality today. The first 18 months of data indicate that banks have adapted quickly and effectively to the system’s requirements; it is also clear that banks are working diligently to improve the quality and effectiveness of suspicious activity reporting.

As part of our ongoing review, we hope that this document generates reactions from the nation’s bankers that will improve SARS. We encourage readers to forward their comments to FinCEN about the system as well as their thoughts about this review of SARS’ first 18 months of operation.

Signature of William F Baity (Acting Director)

William F. Baity
Acting Director

Table of Contents


Chapter One Background and Purpose of SARS
Chapter Two SARS — The First 18 Months
Chapter Three Bank Secrecy Act and Money Laundering Violations
Chapter Four The Future


Appendix A A complete text of 31 U.S.C. 5318(g); a complete text of 31 C.F.R. 103.21
Appendix B Suspicious Activity Report
Appendix C A list of state and territorial law enforcement agencies with access to SARS
Appendix D A list of state supervisory agencies with access to SARS
Appendix E FinCEN Advisory Issue 9 "Colombian Black Market Peso Exchange"


The Suspicious Activity Reporting System (SARS) is two years old. This first review of the system is intended to provide a "snapshot" of SARS during the first 18 months of operation (April 1, 1996 through September 30, 1997); this review also provides a summary of the results of SARS’ development and operation up to that date. It describes:

how SARS is set up;

the data reported under SARS;

how SARS data is processed;

who uses the data;

what the data indicates so far;

how value can be added to the data; and

open issues about SARS and next steps in its development.

FinCEN manages the system for all agencies involved. However, to support its own mission, FinCEN’s primary interest is in the reporting and use of information relating to potential money laundering; therefore, this review emphasizes data relating to that subject.

No system for the reporting of suspicious transactions can be effective unless information flows from as well as to the government. This review is one of the methods by which FinCEN and the Department of the Treasury are seeking to increase an understanding of the way SARS is working and the kinds of information banks are reporting. As indicated in the Acting Director’s Statement, FinCEN encourages comments not only on the substance of this review but also upon the way this document presents information to its readers.

Chapter one
Background and Purpose of SARS

Depository institutions are required to file suspicious activity reports by the authority of the Secretary of the Treasury under the BSA to:

require any financial institution, and any director, officer, employee, or agent of any financial institution to report any suspicious transaction relevant to a possible violation of law or regulation,1

and the general supervisory authority of the five federal financial supervisory agencies (that is, the Federal Reserve Board (FRB), Office of the Comptroller of the Currency (OCC), Federal Deposit Insurance Corporation (FDIC), Office of Thrift Supervision (OTS), and National Credit Union Administration (NCUA)). Each supervisory agency issued rules under its own authority that makes SAR filings mandatory.

Two prior reporting systems were replaced by the SAR rules. The first of those earlier systems required depository institutions to report transactions that indicated the existence of "known or suspected violations of federal law" by filing multiple copies of criminal referral forms; these forms were filed with their respective primary federal financial regulator and with federal law enforcement agencies (including, in most cases, the Federal Bureau of Investigation, the United States Secret Service, and the Criminal Investigation Division of the Internal Revenue Service). At the same time, depository institutions were encouraged to indicate on the Currency Transaction Report (CTR) where particular currency transactions appeared to be "suspicious." This was indicated by marking a box specifically included on the CTR for that purpose. (The box on the CTR could also be used to report suspicious currency transactions in amounts less than $10,000.)2 

1 31 U.S.C. 5318(g). A complete text of 31 U.S.C. 5318(g) and of 31 CFR 103.21, appears in Appendix A.

2 Approximately 150,000 CTRs filed in 1995, the last full year the previous system was in place, were marked as suspicious. There is no accurate count of the number of criminal referral forms (CRFs) filed in that year; estimates range from between 40,000 and 60,000 forms. A significant number of transactions were reported on both forms (that is, by filing a CRF and a CTR marked "suspicious"). The absence of centralized electronic files makes it impossible to compute the precise degree of double filing.

The implementation of SARS achieved several important objectives:

to create one form, adopted by all agencies involved, that can be forwarded to a single collection point to satisfy all applicable filing requirements;

to use a single centralized database system so that information can be simultaneously made available to the federal financial supervisory agencies;

to provide federal and state law enforcement officials with access to this same database, making the information available quickly;

to provide information about the types of financial crimes affecting depository institutions nationwide and the manner in which government agencies respond to these reports; and

to provide an ability to understand patterns of suspicious activity--or at least activity thought by bank officials to be suspicious--so that government can alert banks to emerging patterns of white collar crime.

On a more fundamental level, SARS reflects the philosophy that suspicious transaction reporting is central to counter-money laundering policy, both in the United States and

abroad. Officials at financial institutions are more likely than government officials to have a sense as to what transactions appear to lack commercial justification or otherwise cannot be explained as falling within the usual methods of legitimate commerce. Under those circumstances, simply relying on currency transaction reporting is neither adequate nor cost effective for either the institutions involved or the government. The change in emphasis moves the enforcement focus from reporting all routine currency transactions above a certain amount to reporting information most likely to be of use to law enforcement officials and financial regulators. SARS, then, is a key component of the flexible and cost-efficient compliance program under the BSA required to prevent the use of the nation’s financial system for illegal purposes.

Chapter two
SARS -- The First 18 Months

SARS Requirements

The relevant rules call for the reporting of five general types of activity:

1. insider abuse of a financial institution, involving any amount, detected by the institution;

2. federal crimes against, or involving transactions conducted through, a financial institution that the financial institution detects and that involve at least $5,000 if a suspect can be identified, or at least $25,000 regardless of whether a suspect can be identified;

3. transactions of at least $5,000 that the institution knows, suspects, or has reason to suspect involve funds from illegal activities or are attempts to hide those funds;

4. transactions of at least $5,000 that the institution knows, suspects or has reason to suspect are designed to evade any regulations promulgated under the BSA; and

5. transactions of at least $5,000 that the institution knows, suspects, or has reason to suspect have no business or apparent lawful purpose or are not the sort in which the particular customer would normally be expected to engage and for which the institution knows of no reasonable explanation after due investigation.

The standard reporting form used for SARS appears at Appendix B.

What has been reported?

The start-up for SARS was swift. A total of 109,8873 SAR filings were submitted during the first 18 months. Figure 1 shows SAR filings by month during this period. A relatively stable level of filings—an average of 6,000 reports each month—was reached after only a few months in operation. A review of the total number of SAR filings reveals that: as many as 92.7% were initial reports of suspicious

3 Approximately 500 filings in the database were submitted by financial institutions other than depository institutions. Many of these institutions (broker-dealers and money services businesses) are likely affiliated with depository institutions or bank or thrift holding companies; the remainder have submitted SAR filings voluntarily; about 100 voluntary filings are being segregated into a separate database.

activity;4 6.51% provided supplemental information relating to prior reports; and .73% corrected previous SAR filings.

Figure 1

(Accessibility Version)

SAR Filings by Month April first 1996 thru September 30 1997

4 86,883 (79.0%) filings were marked as "initial" reports of suspicious activity; an additional 15,036

filings (13.7%) did not complete the field that identifies the form as an "initial,""supplemental," or "corrected" filing; most, if not all, of those forms appeared to be initial filings.

Figure 2 shows the total number of SAR filings by state and territory. The breakdown by state or territory may, in some cases, reflect the location of a central office that filed the SAR form rather than the branch or office where the reported activity occurred. A complete breakout by state and territory during the 18-month period has been provided to the American Bankers Association.

Figure 2

(Accessibility Version) 

States and Territories ranked by number of Filings

* state designation on 533 SAR forms was not identified

The 109,887 SAR filings identified a total of 117,532 possible violations of law. Approximately 9% of the reports cited more than one possible violation using the categories in item 37 (Summary of Characterization of the Suspicious Activity) of the SAR form. As Figure 3 indicates, 39.8% (46,738) of the total number of reported violations were for BSA/money laundering violations; 29%—various frauds; 6%—various acts of theft; 5.5%— various acts of counterfeiting; and 5% check kiting offenses.

The majority of the filings listed amounts equal to $50,000 or less: 16% fell below the $5,000 range (which is below the minimum reporting threshold), 28.5% fell in the $5,000-$10,000 range, and 37.9% fell in the $10,000-$50,000 range. Approximately 17.6% of the reports involved reported amounts greater than $50,000. The reports of dollar values for the potential crimes are problematic, especially at the upper end of the scale, where analysts have identified either obvious data entry errors or situations in which banks have properly entered the face amount of attempted frauds (like a poorly counterfeited security) that the bank quickly rejected.

Figure 3

Reported Violations for April 1996 thru September 1997 - Total 117532 of violations Reported

Who Reports?

The reporting obligations extend generally to each national or state-chartered bank or thrift institution, and to federally-chartered credit unions. The rules of the federal financial supervisory agencies also require reporting by bank holding companies and by other non-depository institutions subsidiaries of those holding companies. Currently, there are approximately 19,000 financial institutions subject to the reporting obligations.

The SAR rules require the reporting institution to identify its primary regulatory agency when filing a report. During the first 18 months of the system, banks identified their primary regulatory agencies on the form as follows:

Regulator Number of SAR Filings*
Office of the Comptroller of the Currency 60,313
Federal Deposit Insurance Corporation 21,596
Office of Thrift Supervision 13,476
Federal Reserve Board 13,330
National Credit Union Administration 3,802

*Reporting institutions sometimes designated several agencies as a "primary regulator" (because of the overlapping nature of bank regulation). Therefore, the total number of SAR filings broken out by regulator exceeds the number of filings by submitting institutions.

How are Forms Processed ?

The forms are filed either in paper form or on magnetic media (tapes or diskettes). They are sent to the Enterprise Computing Center-Detroit (DCC) of the Internal Revenue Service (IRS) for input into SARS. (DCC is a centralized IRS information processing facility, but it is also responsible for processing most data reported under the BSA.)

Forms filed in paper format (approximately 70% of the total for the first 18 months of SARS’ operation) are key punched; forms filed on magnetic media (approximately 30% of the total) are transferred directly to SARS.

The average input posting time (that is, the time between the date a report is received and the time it becomes available to those who have direct dial-in access to SARS) is approximately 3.4 workdays for magnetic input and 9.7 workdays for paper input.

The DCC has made available the technical specifications for the magnetic filing of SAR forms. This information can be found on the Internet at FinCEN’s website which is located at http://www.treas.gov/fincen. Depository institutions can also contact DCC at (313) 234-1422. A personal computer software application for DOS and Windows® is also available free of charge. This program allows banks to mail a floppy disk of completed SAR forms to DCC. Banks should check with their primary regulator for available software applications.

The reports, other system data, and associated software are located on an Hitachi 8424 mainframe with associated Direct Access Storage Devices (DASD) at DCC. The operating system on the Hitachi is JES/ESA version 5.1. The system supports a C2 level of information security certification. Direct access to the system is accomplished through dial-in access to DCC.

Who Uses the Reported Information?

One of the basic principles of SARS is that information being reported must be made available to financial regulators and to law enforcement personnel quickly and as reported (that is, without being delayed for additional reviewing and sorting). There are several reasons for this approach. First, the nature of crimes covered by the reporting requirements makes it counter-productive to segregate reports geographically. A filing concerning a transaction involving an Illinois resident by a bank in Indiana may be of equal interest to federal or state agents in either state (or perhaps in a third state to which the conduct can be linked). Second, the data has multiple uses and its value can only be maximized by permitting as many agencies as possible to evaluate the information and its relevance to their ongoing responsibilities. Third, widespread distribution of SARS information replicates the process of distributing information under the old criminal referral system—information is simultaneously available to various regulatory and law enforcement agencies.

Finally, it should be understood that a significant number of SAR filings are being submitted to confirm potential violations about which law enforcement agencies have already been directly notified by the institution involved. Approximately 22% (29,646) of the filings during the first 18 months of the system indicate that a direct contact with law enforcement officials occured prior to the date the report had been filed.

The following example illustrates the usefulness of SARS to investigators.

Last October, Loomis Fargo & Co. in Charlotte,North Carolina reported a theft of $17 million from its vault. An armored-car employee, David Scott Ghantt,was reported missing the following day and became the primary suspect.

Two days after the theft, associates of Ghantt’s began making large cash deposits in several banks. A teller at one of the banks filed a SAR report after one of the associates asked how much money could be deposited before a bank was required to file a form with the federal government. The associate went on to state that "the bank did not have to worry because the money was not from drugs."

When the same associate went to another bank with $200,000 in cash, the bank refused her request for a bank check and also filed a SAR form. Meanwhile, an informant told FBI investigators that several associates of Ghantt were making extravagant and suspicious purchases with large amounts of currency.

As the FBI in Charlotte began looking into Ghantt’s associates, the SAR filings by the Charlotte-area banks provided a crucial paper trail for investigators to follow. Jim Walsh, Supervisory Special Agent of the FBI’s white-collar crime squad for North Carolina, states that his agents check SARS daily for new reports of suspicious activity.

In this case, SAR filings helped investigators follow the money, ultimately leading to the arrest of seven accomplices who were charged with sharing in $13.7 million stolen by Ghantt. In addition, investigators used SARS, along with traditional investigative techniques, to piece together the clues which led them to discover Ghantt was in Mexico. He was taken into custody on March 1. Ghantt and his associates who were charged with helping him escape, now face up to 10 years in prison and a $250,000 fine.

Law Enforcement Agencies

Currently, five federal law enforcement agencies have full access to the information in SARS. Three of the five agencies—the Federal Bureau of Investigation (FBI), the U.S. Secret Service (USSS), and the U. S. Customs Service (USCS)—have chosen to obtain SARS information by downloading data in bulk onto their internal computer systems rather than obtaining access to the system itself. (Full access to SARS has recently been approved for both the Drug Enforcement Administration and the United States Postal Inspection Service. It is anticipated that both agencies will dial directly into DCC in order to obtain access to the information.)

1. IRS-Criminal Investigation Division

The Criminal Investigation Division of the Internal Revenue Service (IRS-CID) accesses SARS data through the Currency and Banking Retrieval System (CBRS). A designated IRS-CID coordinator reviews the reports each month (or more frequently, in some cases) for referral to particular districts and further development. Review criteria includes the existence of multiple SAR filings, the nature of the suspected activity, the existence of any background information, and anticipated success in prosecuting the criminal activity.

IRS indicates that reviewing SAR filings has resulted in significant benefits. Although specific tracking has not yet been conducted on cases emanating strictly from SARS, IRS estimates that 954 cases have been opened over the past three years from BSA reporting programs and Form 8300 reporting (Reports of Cash Payments Over $10,000 Received in a Trade or Business). IRS states that using the SAR filings has already contributed significantly to counter-narcotics investigations. In New Jersey, for example, 16 seizures—producing almost $2 million in forfeitures—are attributed to information from SARS. In addition, referrals for tax crime evasion investigations are a collateral benefit produced by IRS’ regular review of SAR filings for BSA violations.

2. U.S. Customs Service (USCS)

The SAR forms are downloaded from the IRS Enterprise Computing Center-Detroit (DCC) to the Treasury Enforcement Communications System (TECS) maintained at Newington, Virginia; they are accessible through TECS to all USCS field offices. Field offices also receive a printout of the reports applicable to their particular area for further review. USCS has indicated that a wide variety of suspected money laundering investigations have either been initiated or bolstered by SARS information. USCS is exploring ways to set up a tracking system for cases resulting from SARS information.

3. U.S. Secret Service (USSS)

The USSS downloads the forms from DCC to its Headquarters in Washington, D.C. The SAR forms are then immediately loaded onto the Secret Service’s Intranet, where the information can be searched and compared against other USSS reports and databases by all of the USSS’s field offices. A followup official message is also sent to the respective field offices which serves as both a review and summary of the most recent SAR filings in the region.

4. Federal Bureau of Investigation (FBI)

The FBI downloads systems data from DCC into a subset of the FBI’s Automated Case Management System. Each field office then has direct access to SAR reports relating to its particular jurisdiction or geographical area.

5. U.S. Department of Justice

Each U.S. Attorneys Office can access SARS directly by dialing via modem to DCC. Designated coordinators within each office review the SAR reports.

6. Financial Crimes Enforcement Network (FinCEN)

FinCEN’s analysts have complete access to SARS. The system is routinely queried as part of FinCEN’s case research; analysts also use the information for general analytical projects and analyses of the system data as described below.

7. Local Task Forces

Federal law enforcement officials in various jurisdictions have formed working groups to evaluate SAR filings relating to their localities. An especially promising effort is underway in New Jersey under the auspices of the U. S. Attorneys Office; other efforts are underway in San Diego, California and South Florida. As discussed in chapter four, FinCEN plans to increase its efforts to support these task forces.

State Law Enforcement Agencies

Fifty-two state and territorial law enforcement agencies participate in FinCEN’s Gateway Program. This program enables state and local law enforcement agencies to have direct, on-line access to records filed by banks and others under the BSA. Using software designed by FinCEN, Gateway saves investigative time and money. User agencies can conduct their own research directly. Gateway users can also retrieve SAR filings submitted by institutions within their state. (A list of these law enforcement agencies with direct access to SARS appears in Appendix C.)

Supervisory Agencies Federal Financial

The Federal Reserve Board and the 12 Federal Reserve Banks, the Office of the Comptroller of the Currency, and Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the National Credit Union Administration each have access to SARS at offices throughout the U.S.

Supervisory Agencies

SARS is available to each state’s financial supervisory agency with respect to reports filed by institutions subject to that agency’s jurisdiction. (A list of state supervisory agencies with access to SARS appears in Appendix D.)

Chapter three
Bank Secrecy Act 
and Money Laundering Violations

Figure 4

Figure 4 displays the geographic distribution of BSA/money laundering filings reported under SARS.

United States Map : BSA Violations by State - Total violations 46738

The first 18 months of SAR filings identifying suspected money laundering and violations of the Bank Secrecy Act (BSA) are valuable in several respects. First, the filings can be used by law enforcement agencies to open or support investigations. Second, the filings have identified the types of transactions on which banks are focusing their anti-money laundering efforts. Finally, FinCEN analysts are reviewing the data and developing ideas for changes that must be made to maximize the utilization of the information being reported.

Nature of Transactions Being Reported

As indicated previously, 46,738 reports citing possible violations of the BSA, possible money laundering or both were filed during SARS’ first 18 months. This was the largest single category of reports filed. FinCEN analysts have reviewed a majority of those reports as well as the other reports filed during the same period. The results of this review are described below.

The majority of filings citing BSA or money laundering violations relate to the deposits or withdrawals (or attempted deposits or withdrawals) of currency. It is not surprising that a primary emphasis of banks during SARS’ first 18 months was on more detailed reporting of such transactions—transactions that were previously noted as "suspicious" simply by a check in the appropriate box on the Currency Transaction Report or transactions that might not have been reported at all if a customer simply withdrew from or reduced the amount of cash involved in the transaction. The additional information now being provided on the SAR forms provides the ability to draw some conclusions about this category of transactions.

Thus, approximately 39,000 reports have been identified through the use of the system which include the terms "currency," "cash," or "deposit" in their narrative sections; approximately 21,000 filings (many but not all of which involved currency) dealt with situations in which customers sought to change the amounts of cash or monetary instruments involved once they were informed that the transactions required special recordkeeping or reporting. The narrative sections of these particular SAR forms indicate that most of the transactions involved teller-customer contact.

Based on the review of SAR filings in this category, FinCEN believes that approximately 50% of the 46,738 reported BSA/money laundering violations represent, for the most part, simple and unrepeated attempts to avoid the BSA reporting requirements, which are probably not linked to serious ongoing enterprise criminality. This number includes about 19,000 "deposit-withdrawal" cases.

This conclusion does not mean that the switch to SARS is without benefit, even in such cases. First, the number of transactions reported is far lower in this category than the number of times a bank checked the suspicious activity box on the CTR. Bankers are paying closer attention to the facts when determining whether or not activity is suspicious. Moreover, the addition of a detailed narrative makes the data more valuable than it was when banks could only check a box on the CTR. This value is illustrated by the fact that it is now possible to summarize the sorts of conduct involved in the reports. In addition, SAR filings in this group can become extremely valuable for certain investigations. This fact has been confirmed in a number of situations involving tax evasion.

The other 50% of the 46,738 reported BSA/money laundering violations fall into three groups.

1. There are a large number of cases that have been detected and explained by the filing institutions which might be called "sloppy money laundering" — repeated attempts and relatively unsophisticated schemes to structure deposits or to use several persons to move currency into the same account.

2. Analysts have identified approximately 4,200 reports that involve the ongoing movement of funds in an organized way through particular accounts. For example, a number of reports appear to be linked to subjects under investigation in connection with the use of Black Market Peso Exchange transactions (for more information on this money laundering scheme, refer to Appendix E: FinCEN Advisory Issue 9 Colombian Black Market Peso Exchange).

3. Approximately 4,000 reports focus on bank activity other than currency deposits and withdrawals—most importantly, suspicious funds transfer (wire transfer) transactions. In fact, a significant number of reports marked as "wire fraud" probably involve money laundering. FinCEN analysts believe that this last group of reports is likely to provide the most promising area for case development. As indicated in Chapter Four, FinCEN plans to focus resources on further analyzing this information.

Correlation to other Reported Matters

FinCEN analysts correlated the SAR filings in the following ways:

SAR filings and Other BSA Forms

There is a significant degree of overlap between the reported BSA/money laundering violations and other BSA filings, such as currency transaction reports.Approximately 14,285 persons named as suspects on SAR filings (32% of the total number of persons named as suspects) were also identified on other BSA filings, involving approximately 30,000 separate bank accounts. While some overlap is expected (a SAR report and a CTR must be filed on suspicious currency transactions in excess of $10,000), FinCEN analysts believe that at least 50% of these instances involve CTR filings for transactions other than those to which the SAR filing relates. Such overlap can provide a significant source of additional information for particular investigations and create opportunities for further proactive analysis.

SAR Filings and FinCEN’s Investigative Support

As part of its support to law enforcement investigations, FinCEN analysts use a variety of data sources, including BSA filings, to link together various elements of a crime, essentially helping investigators find the missing pieces of the criminal puzzle. The BSA data, for instance, can link people together when it is shown they are using the same bank accounts. FinCEN assists about 150 law enforcement and regulatory agencies in this way, supporting about 6,800 cases each year. Once FinCEN provides information to law enforcement, the suspects’ names and other information are recorded in the FinCEN database, a repository of information is itself usefulfor future research and analysis.

Suspicious activity reports can add significantly to FinCEN’s investigative support resources. In preparing this review, FinCEN analysts searched FinCEN’s case support records and found that SAR filings related to 391 FinCEN cases. In half the cases, the case file had been opened before the SAR form was submitted (that is, a suspect named in a SAR filing was already the subject of an enforcement or regulatory inquiry); the remaining cases were probably results of SAR filings which led investigators to request additional information from FinCEN.

The range of cases in which SAR filings matched other FinCEN case files was broad. The cases included:

168 money laundering investigations;

101 fraud investigations;

26 investigations involving financial institutions or their insiders;

23 embezzlement or theft investigations; and

19 narcotics trafficking investigations.

In slightly more than half the cases, FinCEN received a request to provide a more in-depth analysis of the person(s) named in the report following the filing of the initial suspicious activity report—a fact that illustrates that law enforcement sees the potential for information exchange between FinCEN’s other data sources and SARS.

Examples of Reported Transactions

Examples of transactions or sequences of transactions reported during the first 18 months of SARS are described below. The examples are, of course, only illustrative. A report is only an indication of potential wrongdoing, and there are times when even the most convoluted transactions have nothing to do with money laundering. Still, it is useful for law enforcement officials, regulators, and bankers to have a sense of the types of transactions that bankers perceive as possibly involving money laundering or BSA violations:


Ninety-four currency deposits, mostly in amounts slightly under the currency transaction reporting threshold ($10,000) and totaling $637,000 were made over a two-year period by a customer who identified herself as a "housewife."

A deposit was made in $100 bills (just under the reporting threshold) by a customer whom the teller noted was filling out another de-posit slip for an account at the same bank; later the same day, when told of the CTR requirement, the customer canceled a transaction involving a deposit of the same amount, again in $100 bills, at a second branch of the same bank.

A deposit of less than $10,000 in currency matched a second deposit of currency of less than $10,000 by the same person, made at an ATM machine or night depository of the same bank after the close of business on the same banking day.

Deposits totaling more than $10,000 in currency were made in less than one hour at different branches of the same bank, by three individuals, none of whom was the account holder.

Transactions Involving Monetary Instruments

A deposit of $500,000 was made in sequentially numbered traveler’s checks.

A deposit of approximately $300,000 in traveler’s checks containing illegible payees and endorsers’ signatures was received from a foreign bank.

A deposit of four blank $500 postal money orders in consecutive numbers and $1,780 (in $10 dollar bills) was made into an account from which the customer immediately used the total deposited to buy a bank check.

A purchase of two cashiers’ checks for $9,000 was made using currency. The transactions were conducted by a husband and wife on consecutive days. The checks were made payable to the same payee.

A purchase of bank checks for amounts between $4,000 and $9,000 was made by a customer on three consecutive days using currency.

Unusual Account Activity

Large amounts of currency were deposited into an account, followed soon after by the presentment to the account for payment of several checks whose payeees were foreign nationals and businesses. The account holder had no known business relationship with other countries.

Large sums of currency were made at different branches. These deposits were followed by funds transfers to a single payee in a country or countries - either in the same region or through out the world - to which the customer had no known connection.5

Transactions Involving Food Stamps 6

A customer deposited "boxes of food stamps" in amounts inconsis-tent with the size of his discount grocery business.

Fifty deposits of food stamps were made by a bank customer; the amount of each deposit was just under $10,000. Recurrent deposits valued between $1,000 and $4,000 in foods stamps (some sequentially numbered) were made by a customer with no prior history as a food stamp redeemer.

Approximately $3,500 in $1 food stamps was deposited into a grocery store account by an unknown individual.

A large volume of food stamps was deposited by a convenience store owner after the business closed for renovation. The store’s account history shows food stamp deposits—close to $2 million in an 18-month period—to be unusually high.

Transactions Involving Funds Transfers

Multiple transfers of funds were made to a bank from several accounts at other banks. These transfers were followed by an order to wire the balance of the funds into an offshore account.

During a two-week period, three transactions involved the deposits

5 The checks were payable to companies located in Panama, El Salvador, Mexico, Germany, Singapore and India.

6 Over 200,000 stores are authorized to redeem food stamps. Typical fraudulent food stamp transactions involve exchanging food stamp coupons for cash or contraband such as illegal narcotics or weapons. The coupons are usually sold for 50% to 70% of face value and may be sold to intermediaries or corrupt food merchants. Food merchants are authorized only to take the stamps in exchange for purchases of food. The Inspector General, Department of Agriculture has reported that "it is not uncommon for food stamp traffickers to be part of other criminal enterprises, such as theft, or fencing rings, or drug trafficking operations."

of just under $10,000 in currency into an account; these deposits were followed by an order to transfer the account balance to the same transferee.

During a four-month period, large wire transfers (arriving at a rate that occasionally reached more than one inbound transfer a day) were received for the account of a customer who structured cash withdrawals as soon as the funds were received.

Deposits of currency into a customer’s account were followed immediately by a combination of funds transfers, purchases of cashier’s checks, and structured cash withdrawals by the customer.

Multiple structured cash deposits were made through several branches of the same bank. These deposits were followed by weekly funds transfers of the account balances out of the U.S. Regular deposits between $1,000 and $9,500 in currency were made into accounts from which the balances were immediately withdrawn. The withdrawals were accomplished by funds transfers or by payment of large checks. These transactions were presented by a customer who had the same address as three other customers reported for suspicious activity by the same bank.

Transactions Involving Loan Repayments

An accelerated payment of four car loans was made with currency primarily consisting of $20 bills.

A payment of an outstanding loan balance was made with $20,000 in currency.

Chapter four
The Future

FinCEN’s Plans

The effectiveness of SARS depends upon continuing improvements and taking the steps necessary to maximize its usefulness. Towards this goal, FinCEN’s plans include the following:

Improved Analysis

The foundation of SARS has been the distribution of raw data to all agencies with a potential interest to maximize the usefulness of the reported information. However, given the volume and variety of reports involving potential BSA violations, instances of possible money laundering, or both, additional steps must be taken to ensure that relevant information is identified and used.

Therefore, FinCEN is dedicating an analytical team (reporting di-rectly to senior management) to work with SARS information. The team will have three primary functions. It will:

Track the number and characteristics of SAR filings as they are

submitted, to supplement the work done by the primary users of SARS.

Match all incoming SAR filings with other FinCEN information to produce background materials relating to specific filings that can be forwarded to appropriate law enforcement officials and regulatory agencies.

Analyze SAR filings which may be of special interest even when the necessary information is not immediately available from other FinCEN data sources. Doing so will ensure that significant trends or transactions will not go unnoticed simply because they are new. It is anticipated that FinCEN will work closely with and enter into "joint ventures" with law enforcement task forces throughout the U.S.--for example, the SAR task force in New Jersey. This type of activity should provide sources of field information to bring important SAR filings into focus and to assure an interested audience for the resulting analyses.

The results of the work performed by this special analytical group should be reflected in next year’s review of the progress of SARS.

Improved Case Tracking

There is a natural hesitancy for organizations to track the relationship between the volume of reported information and the opening of particular cases. Indeed, any effort to measure the effectiveness of SARS based solely on that correlation would be misguided; the information developed from reporting suspicious activities can provide a context for particular prosecutions or investigations without becoming directly a part of the evidence chain in those investigations.

At the same time, institutions which focus effort and incur the cost of filing reports must be provided with feedback that their work is generating a meaningful government response—that the information they provide is important and is being used. FinCEN will work with the law enforcement agencies that use SARS to meet this need. In addition, FinCEN has asked law enforcement users to suggest how the system can capture information provided by user agencies about cases being developed based on SAR filings.

Improved Reporting

One reason that expanded analysis is critical is the pattern of the transactions now being reported. There is every reason to believe that the majority of U.S. banks are now paying careful attention to anomalies at the teller’s window (or perhaps the ATM machine) and reporting them in detail. However, it is necessary to develop and apply the principles of suspicious activity reporting to other parts of banking operations.

An initial emphasis on the reporting of the familiar is to be expected, and indeed is one of the reasons that the placement of large sums of currency through the nation’s banks has declined so significantly. However, the money laundering process is extremely complex and is by no means limited to currency transactions or initial entry of funds into the financial system.

A crucial task of expanded and intensified analysis of particular the shift in focus -- or rather the expanded focus -- that suspicious activity reporting ultimately must attain. Although the language of the reporting rules themselves provide the ultimate limit of a bank’s reporting obligation, banks can reasonably be expected to ask for guidance about the manner in which they should direct their own compliance resources to ensure a reasonable ratio of benefit to cost. FinCEN must focus efforts on providing guidance to assist in the development of the reporting regime, both by informing the banking community of specific schemes about which government is concerned and by illustrating the application of the general rules for reporting to particular parts of a bank’s overall operations.


SARS has made a strong and effective beginning. A nationwide system is now in place for the filing and distribution of suspicious activity reports. Equally, if not more importantly, the banking community has made strong efforts to support SARS.

The process of building the system, however, is far from over. The system’s effectiveness depends upon continued attention to the steps necessary to bring it to maturity. Improving analysis of information, tracking resulting cases, refining expectations about the scope of reporting, and providing feedback to financial institutions are all part of the growth process. These steps can only occur if all the government agencies and private institutions involved work together to identify and solve problems in the system’s operation.

We hope that the first review of SARS will contribute to, and stimulate its growth and improvement. As we have indicated in the opening statement, we welcome comments on SARS and its future direction.


Appendix A

A complete text of 31 U.S.C. 5318(g);
A complete text of 31 C.F.R. 103.21


A complete text of 31 U.S.C. 5318(g);

(g) Reporting of Suspicious Transactions.

(1) In general. - The Secretary may require any financial institution, and any director, officer, employee, or agent of any financial institution, to report any suspicious transaction relevant to a possible violation of law or regulation.

(2) Notification prohibited. - A financial institution, and a director, officer, employee, or agent of any financial institution, who voluntarily reports a suspicious transaction, or that reports a suspicious transaction pursuant to this section or any other authority, may not notify any person involved in the transaction that the transaction has been reported.

(3) Liability for disclosures. - Any financial institution that makes a disclosure of any possible violation of law or regulation or a disclosure pursuant to this subsection or any other authority, and any director, officer, employee, or agent of such institution, shall not be liable to any person under any law or regulation of the United States or any constitution, law, or regulation of any State or political subdivision thereof, for such disclosure or for any failure to notify the person involved in the transaction or any other person of such disclosure.

(4) Single designee for reporting suspicious transactions

(A) In general. - In requiring reports under paragraph (1) of suspicious transactions, the Secretary of the Treasury shall designate, to the extent practicable and appropriate, a single officer or agency of the United States to whom such reports shall be made.

(B) Duty of designee. - The officer or agency of the United States designated by the Secretary of the Treasury pursuant to subparagraph (A) shall refer any report of a suspicious transaction to any appropriate law enforcement or supervisory agency.

(C) Coordination with other reporting requirements. - Subparagraph (A) shall not be construed as precluding any supervisory agency for any financial institution from requiring the financial institution to submit any information or report to the agency or another agency pursuant to any other applicable provision of law.


A complete text of 31 C.F.R. 103.21

Sec. 103.21 Reports by banks of suspicious transactions.

(a) General. (1) Every bank shall file with the Treasury Department, to the extent and in the manner required by this section, a report of any suspicious transaction relevant to a possible violation of law or regulation. A bank may also file with the Treasury Department by using the Suspicious Activity Report specified in paragraph (b)(1) of this section or otherwise, a report of any suspicious transaction that it believes is relevant to the possible violation of any law or regulation but whose reporting is not required by this section.

(2) A transaction requires reporting under the terms of this section if it is conducted or attempted by, at, or through the bank, it involves or aggregates at least $5,000 in funds or other assets, and the bank knows, suspects, or has reason to suspect that:

(i) The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;

(ii) The transaction is designed to evade any requirements of this part or of any other regulations promulgated under the Bank Secrecy Act, Pub. L. 91-508, as amended, codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-5330; or

(iii) The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.

(b) Filing procedures--(1) What to file. A suspicious transaction shall be reported by completing a Suspicious Activity Report (``SAR''), and collecting and maintaining supporting documentation as required by paragraph (d) of this section.

(2) Where to file. The SAR shall be filed with FinCEN in a central location, to be determined by FinCEN, as indicated in the instructions to the SAR.

(3) When to file. A bank is required to file a SAR no later than 30 calendar days after the date of initial detection by the bank of facts that may constitute a basis for filing a SAR. If no suspect was identified on the date of the detection of the incident requiring the filing, a bank may delay filing a SAR for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction. In situations involving violations that require immediate attention, such as, for example, ongoing money laundering schemes, the bank shall immediately notify, by telephone, an appropriate law enforcement authority in addition to filing timely a SAR.

(c) Exceptions. A bank is not required to file a SAR for a robbery or burglary committed or attempted that is reported to appropriate law enforcement authorities, or for lost, missing, counterfeit, or stolen securities with respect to which the bank files a report pursuant to the reporting requirements of 17 CFR 240.17f-1.

(d) Retention of records. A bank shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of filing the SAR. Supporting documentation shall be identified, and maintained by the bank as such, and shall be deemed to have been filed with the SAR. A bank shall make all supporting documentation available to FinCEN and any appropriate law enforcement agencies or bank supervisory agencies upon request.

(e) Confidentiality of reports; limitation of liability. No bank or other financial institution, and no director, officer, employee, or agent of any bank or other financial institution, who reports a suspicious transaction under this part, may notify any person involved in the transaction that the transaction has been reported. Thus, any person subpoenaed or otherwise requested to disclose a SAR or the information contained in a SAR, except where such disclosure is requested by FinCEN or an appropriate law enforcement or bank supervisory agency, shall decline to produce the SAR or to provide any information that would disclose that a SAR has been prepared or filed, citing this paragraph (e) and 31 U.S.C. 5318(g)(2), and shall notify FinCEN of any such request and its response thereto. A bank, and any director, officer, employee, or agent of such bank, that makes a report pursuant to this section (whether such report is required by this section or is made voluntarily) shall be protected from liability for any disclosure contained in, or for failure to disclose the fact of such report, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(f) Compliance. Compliance with this section shall be audited by the Department of the Treasury, through FinCEN or its delegees under the terms of the Bank Secrecy Act. Failure to satisfy the requirements of this section may be a violation of the reporting rules of the Bank Secrecy Act and of this part. Such failure may also violate provisions of Title 12 of the Code of Federal Regulations.[61 FR 4331, Feb. 5, 1996, as amended at 61 FR 14249, Apr. 1, 1996; 61 FR 18250, Apr. 25, 1996]

Appendix B

Suspicious Activity Report

Appendix C

A list of state and territorial law
enforcement agencies with access to SARS

State & Territorial Law Enforcement Agencies with Access to SARS

Alabama Department of Public Safety
Alaska State Troopers
Arizona Department of Public Safety
Arkansas State Police
California Department of Justice
Colorado Bureau of Investigation
Connecticut Chief State Attorney’s Office
Delaware State Police
District of Columbia Metro Police
Florida Department of Law Enforcement
Georgia Bureau of Investigation
Hawaii Department of Attorney General
Idaho Department of Law Enforcement
Illinois State Police
Indiana State Police
Iowa Department of Public Safety
Kansas Bureau of Investigation
Kentucky State Police
Louisiana State Police
Maine State Police
Maryland State Police
Massachusetts State Police
Michigan State Police
Minnesota Bureau of Criminal Apprehension
Mississippi Bureau of Narcotics
Missouri State Highway Patrol
Montana Department of Justice
Nebraska State Patrol
Nevada Division of Investigation
New Hampshire State Police
New Jersey Division of Criminal Justice
New Mexico Department of Public Safety
New York State Department of Law/New York State Police
North Carolina State Bureau of Investigation
North Dakota Attorney General’s Office - BCI
Ohio Attorney General’s Office
Oklahoma State Bureau of Investigation
Oregon State Police
Pennsylvania Attorney General’s Office
Department of Justice of Puerto Rico
Rhode Island State Police
South Carolina Law Enforcement Division
South Dakota Division of Criminal Investigation
Tennessee Bureau of Investigation
Texas Office of the Attorney General
Utah Department of Public Safety
Vermont State Police
Virginia State Police
Washington State Patrol
West Virginia State Police
Wisconsin Department of Justice
Wyoming Division of Criminal Investigation

Appendix D
A list of state supervisory agencies with
access to SARS

State Supervisory Agencies

Alabama State Banking Department
Arkansas State Banking Department
Colorado Division of Banking
Connecticut Department of Banking
(Bank Exam Division)
Delaware State Banking Department
(Office of the State Bank Commissioner)
Florida Division of Banking
Georgia Department of Banking and Finance
Hawaii Department of Financial Institutions
(Licensing Branch)
Illinois Commissioner of Bank & Trust Companies
(Office of Banks & Real Estate)
Indiana Department of Financial Institutions
State of Iowa Division of Banking
Kansas Department of Finance
(Office of the State Bank Commissioner)
Louisiana State Banking Department
Maine Bureau of Banking
Massachusetts Division of Banks
Minnesota Department of Commerce
Missouri Division of Finance
Montana Division of Banking & Financial Institutions
New Jersey Department of Banking
New York State Banking Department
State of North Carolina Banking Commission
(Office of Commissioner of Banks)
South Dakota Division of Banking
Tennessee Department of Financial Institutions
Texas Department of Banking
(Bank & Trust Examination Division)
West Virginia Division of Banking

Appendix E

FinCEN Advisory Issue 9 :"Colombian Black Market Peso Exchange&