MCUL Main SIte » Michigan Credit Union League Home » Government Affairs » Regulatory Affairs » Additional Suspicious Activity Report (SAR) Form Revisions (July 6, 2006)

To: All Affiliated Credit Union CEOs

From: Matt Beard - Regulatory Specialist

Date: July 6, 2006

RE: Additional Suspicious Activity Report (SAR) Form Revisions


In February, the Financial Crimes Enforcement Network (FinCEN) as well as NCUA and the federal bank and thrift regulators solicited comments regarding the Suspicious Activity Report (SAR) [See CC-06-06 for a summary of the previously proposed changes]. Based on input received, the agencies now have issued a second notice advising the public that they have submitted the revised SAR form to the Office of Management and Budget (OMB) for final approval and in the meantime are inviting the public to submit additional comments.

The proposed effective date for the newly revised SAR form is January 1, 2007. Credit unions and other depository institutions would be able to use the current SAR form (dated July 2003) through June 30, 2007. According to the notice, those target effective dates will be adjusted as necessary to provide depository institutions with adequate planning lead-time.

Comments are due to NCUA by July 19, 2006. Please send your comments to MCUL by July 13, 2006. If you would like a copy of the draft SAR form, you may access it on the Internet at:


Two check boxes would be added at the top of the report to indicate whether the institution is filing an updated report (proposed data item 1a) and whether the SAR is being filed jointly with another financial institution (proposed data item 1b).

  • The agencies have decided to make box 1a clearer by amending the box to say “recurring” report instead of “updated” report. Further, the instructions now explain this box should be checked for a “recurring report filed on continuing activity”.

Part I – Subject Information

  • Part I--Subject Information would be moved from Part II to Part I and would collect information on the subject of the SAR. The section title would be changed from ”Suspect Information'' to ”Subject Information''.
  • Proposed data item 2a would be added to indicate whether multiple subjects are involved.
  • Proposed data item 6 “Also known as (AKA-individual) or doing business as (DBA-entity),'' would be added in order to standardize the ”Subject Information'' section among all SARs.
  • In response to comments, proposed data item 18 has been added so the filer can provide the subject’s e-mail address, if available.

Part II--Suspicious Activity Information would be moved from Part III to Part II and would describe activity being reported.

  • Current data item 34, ”Total dollar amount involved in known or suspicious activity,” would be increased to twelve digits from ten and would be renumbered as data item 22.
  • Current data item 38, which collects information about the financial soundness of the respondent institution, would be moved to Part V, ”Suspicious Activity Information-Narrative,” data item a.
  • Current data item 39, regarding bonding company notification, would be deleted.
  • Current data items 40-44, law enforcement contact information, would be moved to Part V, ”Suspicious Activity Information-Narrative,'' data item g.

Part III--Reporting Financial Institution Information would be moved from Part I to Part III and would collect information that identifies the respondent institution, the branch where the activity took place, the affected account number(s), if any, and whether such accounts have been closed as a result of the suspicious activity.

  • Proposed check box 26b would be added to indicate whether two or more financial institutions are jointly filing a single Suspicious Activity Report by completing data items 26 through 35.
  • Proposed data item 29 would collect the respondent institution's internal control or file number. Respondent institutions would be encouraged, but not required, to report an internal control or file number.
  • Three check boxes would be added to proposed data item 33, ”Primary Federal Regulator,'' to identify the Internal Revenue Service, the Security and Exchange Commission, and Commodity Futures Trading Commission as regulators for purposes of a Suspicious Activity Report joint filing.
  • Proposed data item 35, “Relationship of subject (Part I) to the above listed financial institution,'' would be moved from Part II, current data item 30, to Part III. Based on comments that the placement in Part III would pose a problem with reporting multiple subjects, the instructions have been revised accordingly.
  • Proposed data items 41-55 would provide space to collect information regarding other branch locations. If more than four branches are involved, the additional information would be provided in Part V ”Suspicious Activity Information-Narrative.''
  • Current data item 13, ”If institution closed, date closed,'' would be deleted.

Part IV--Contact for Assistance information is consolidated here.

  • The proposed data item 56, “Designated contact office,'' would replace current data items 45-48, “contact name and title information.'' Although the name of the financial institution contact would be eliminated, this revised information, coupled with an internal control or file number, would still provide law enforcement with adequate contact information while protecting the name of the contact person.

Part V--Suspicious Activity Information -Narrative requires the respondent institution to provide a chronological and complete narrative account of the activity, including what is unusual, irregular, or suspicious about the activity. The list of information that should be included in the narrative would be expanded to aid the institution in the completion of the Suspicious Activity Report:

  • Description of the conduct that raised suspicion, why it was suspicious and the date discovered. “Did the activity have a material impact or affect the financial institution’s soundness?” (Proposed item a)
  • Explanation of whether the transaction(s) was completed or only attempted. (Proposed item b)
  • The filer (and joint filer) must not only retain the supporting documentation for 5 years but also retain a copy of the SAR for 5 years. (Proposed item c)
  • The institution must indicate if foreign currency is involved. (Proposed item c)
  • Description of any funds transfers, including in or out identifier numbers. (Proposed item m)
  • If a foreign national is involved, the institution should provide information from any available passport, via, etc. (Proposed item n)
  • Description of the subject(s) position if employed by the credit union/institution. (Proposed item o)
  • The filer should indicate the type of institution, if it is not clear. (Proposed item o)
  • If a law enforcement agency has been contacted, the institution should list the agency and the name of the person contacted. (Proposed item q)
  • If correcting or amending a prior report, the institution should complete the form in its entirety and note the changes in the narrative section (part V).

The instructions for completing the SAR would be expanded to include specific data item instructions for each item on the reporting form. Items considered critical for law enforcement purposes have been marked with an asterisk. The new form would clarify that if the information for an item marked with an asterisk is not known or not applicable, the filer should enter special response “XX” to complete the item.

  • The General Instructions state that all depository institutions must file a SAR to report any suspicious transaction related to a possible violation of law or regulation as required by the SAR Instructions. A depository institution may also file a SAR to report a suspicious transaction it believes is relevant to the possible violation of any law or regulation, even if the reporting is not required by the SAR instructions.
  • The current SAR requires institutions for file a SAR in the event of a computer intrusion. The instructions indicate that “[f]or purposes of this reporting requirement, computer intrusion does not mean attempted intrusions of websites or non-critical information systems of the institution….” The draft SAR still contains the check box in the Summary of Characterization of Suspicious Activity section titled “Computer Intrusion”; however, it omits the explanation in the Instructions section.

The regulators initially indicated that the SAR form requires about one hour to complete. As a result of several commenters challenging that figure, in the notice to OMB the agencies have adjusted that figure to 2 hours in order to take into account the routine recordkeeping requirement pertaining to SARs.

  1. Do you agree with the proposed effective date of January 1, 2007? If no, why not? What effective date would be more reasonable?
  2. Does the change to proposed check box 1a to indicate “recurring” report instead of “updated” report and accompanying instructions explaining this box should be checked for a “recurring report filed on continuing activity” make sufficiently clear what the box is intended to encompass? If no, what additional clarification is needed?
  3. One important change in the new form is removing the name of the financial institution contact from the form. Do you agree with this change? If no, why not?
  4. Do you think box 42 (Relationship of the subject (Part 1) to the above listed financial institution) and corresponding instructions are sufficiently clear in the case of multiple subjects? If no, how could those instructions be further clarified?
  5. Do you agree with the addition in Part I of a box for the filer to indicate the subject’s e-mail address? Please explain.
  6. Are there other ways in which the SAR form could be simplified, shortened or clarified? If yes, what are your suggestions?

If you have any further questions, or to submit a response, please contact:

Mike DeFors
Michigan Credit Union League
112 East Allegan St., Suite 800
Lansing , MI 48933
Fax: (517) 482-3762  

We Appreciate Your Response.

InfoSight - For further information on SARs go to, click on Regulatory Compliance and InfoSight, enter your user name and password, click on the InfoSight Link in the center of the page, click on the Member Accounts Channel, and click on the Bank Secrecy Act/PATRIOT Act link. Or you may click on the following link: Bank Secrecy Act/PATRIOT Act.

Home Contact Us Site Map MCUL Home About Us Press Room For Consumers CUs In Michigan