Before You File: Key Components to a Well-Prepared Suspicious Activity Report (SAR)

What is the purpose of a Suspicious Activity Report (SAR) and what are the essential components that make up a high quality SAR?

Published on October 14, 2022
Last Updated on October 18, 2022

Financial institutions need a sharp eye to spot suspicious behavior and prevent financial crimes. However, detecting fraudulent activities can be tricky, as transactions that initially appear suspicious, for example, may end up being perfectly legal or normal, and vice versa. To determine if the transaction is fraudulent or not, financial institutions must be fully equipped, experienced, and exact to flag and investigate it. 

What is a Suspicious Activity Report (SAR)?

Financial crime continues to be rampant as criminals devise more and more creative ways to circumvent safety and security measures. To constantly combat this, governments around the world require financial institutions to take measures toward flagging suspicious transactions.

In the event that a transaction is suspected of money laundering or fraud, financial institutions submit a Suspicious Activity Report (SAR) to the Financial Crimes Enforcement Network (FinCEN). It is a specialized report that triggers the monitoring and investigating suspicious activities.1

Severe penalties can be pressed against a financial institution when they fail to file an SAR. SARs help law enforcement detect patterns and trends in organized and personal financial crimes, which is key to anticipating criminal behavior before it escalates.

Components of a Good Suspicious Activity Report (SAR)

A suspicious activity reporting system can only be as good as the content it receives. To help FinCEN investigate an incident thoroughly, it’s paramount to ensure the quality of the SAR before submission. Essentially speaking, a SAR must answer the following questions:

  • Who is orchestrating the suspicious activity?
  • What tools or mechanisms were used in the incident?
  • When did the incident take place?
  • Where was the incident spotted?
  • Why does the filer think the transaction is suspicious of illicit activities?

An effective SAR has five vital components2:

1. Introduction

The introduction to a SAR should begin with the reason for the filing, including the type of activity being reported. It contains an overview of the SAR’s purpose, a general description of the known or suspected violation, the date of any SARs previously filed on the subject, the purpose of the SARs and any internal investigative numbers used by the filing institution to maintain records of the SAR.

2. Account Information

After the introduction, relevant facts about the participants should be included. Provide the basic account information and the type of account being suspected. Adequately describe all information related to the suspicious activity including the employer and occupation information, relationship between the suspect and the filing institution, and the length of the financial relationship.

Account holders and respective entities should be listed. For example, demographic information of the individual will depend on the type of SAR being written and an investigation conducted for elderly exploitation or human trafficking may include date of birth. Below are the specific details that should be included in the account information:

  • Suspect’s’ Complete Name
  • Account Number
  • Open and Closed Date (if applicable)
  • Social Security Number (SSN)/Taxpayer Identification Number (TIN)
    • DBA (Doing Business As) Name
3. Due Diligence/Investigation

The SAR should include details of the transactions and other information that provide cause for the suspicions of the reporting financial institution. These may include cash deposits and/or withdrawals, checks and other monetary instruments, wire or other electronic transfers, cash letters, pouch activity or other correspondent account activity, stocks, bonds, notes, casino chips or markers, and foreign currency.

Summary of all relevant information to be provided under due diligence/investigation include:

  • Negative news search
  • Employment/Business filings
  • Any other source that reveal relevant information
  • Previous SAR filings
  • Statement to tellers/staff
  • Behavior in branch/out of ordinary (ODD) indicators
  • Identification of unusual activity
  • Currency activity
  • Fund transfers
  • Monetary instrument sales
  • Significant balance change
  • ATM transactions
  • Non-sufficient funds
4. Dates and Activity

This part of the report must show a brief overview of the suspicious activities being monitored. Transaction activities and amounts must be completely and accurately presented in a CSV file or Excel spreadsheet.  This part of the SAR should include:

  • The date especially if the occurrence only happened once. 
  • A timeline of when the activity first began and a description of the activity over the course of the duration (if the occurrence happened over a span of time) 
  • The date when the suspicious activity was first detected
  • The branch/department location or locations within the institution where the activity occurred (name of branch, office or department, and the street address for each)
  • All account numbers and types of accounts affected by the transactions/activity
  • If suspect transactions involve other domestic or international banks and identify the banks, their locations, and account numbers
5. Closing Statement and Conclusion

To conclude a SAR, include a brief overview of the incident, including the amount filed on and contact information for the filing institution. The closing statement and conclusion should also provide the following information:

  • Any planned or completed follow-up actions by the filing institution
  • Names and contact details of persons with additional information about the reported activity
  • Safekeeping location within the institution where of all SAR-related records3

Depending on the specific activity and any regulatory requirements, a SAR may include other specific information. The investigating authority may also request for additional information or clarification. Either way, submitting a high quality SAR that provides all the necessary information for law enforcement to assess will help determine the best course of action.

The Importance of a High Quality Suspicious Activity Report (SAR)

The introduction of SAR regulations have resulted in successful prosecution of various criminal enterprises. Year after year, the volume of SARs being submitted have been increasing. Bribery and corruption are currently the top concerns most firms experience.4 But as other typologies emerge, regulators call on financial institutions to focus on filing best practices such as providing high quality SARs.

For financial institutions, it’s important to note that as financial crimes continue to increase, regulators will consequently double their efforts to monitor financial companies. In 2021, the anti-money laundering statutes were significantly adjusted, causing several corporations to be charged with penalties for violating Anti-Money Laundering laws.5 Governments do not take financial regulations lightly and persuade companies to do the same.

Financial institutions are duty-bound to report known or suspected criminal activities and must learn to go above and beyond standard security measures to prevent extensive damages. Finding the right service provider in fighting illicit financial activities is one way to protect a business and its clients. Such a partner must have the proven capability not just to provide excellent results, but to keep up with the ever-changing financial climate.

  • 1^Suspicious Activity Report (SAR) Definition
  • 2^Suspicious Activity Report Writing Basics
  • 3^Keys to a Well Prepared Suspicious Activity Report
  • 4^What can SAR filing trends tell us about the state of financial crime in 2022? - ComplyAdvantage
  • 5^AML Enforcement Continues to Trend in 2021
Looking for a partner in financial crime prevention?


Opeyemi Olu-Ayeni
Director of Financial Crime & Compliance
Ope is a financial crimes leader with 11+ years of experience supporting financial institutions. She specializes in AML/BSA, KYC remediations, onboarding, BEC related schemes, P2P payments investigations, lookbacks and SAR writing for North America and EMEA clients. She is CAMS certified.