MCUL Main SIte » Michigan Credit Union League Home » Government Affairs » Regulatory Affairs » Suspicious Activity Report (SAR) Form Revisions

To: All Affiliated Credit Union CEOs

From: Matt Beard - Regulatory Specialist

Date: March 28, 2006

RE: Suspicious Activity Report (SAR) Form Revisions

Operations Subject


The Financial Crimes Enforcement Network (FinCEN) as well as NCUA and the federal bank and thrift regulators are soliciting comments regarding the Suspicious Activity Report (SAR), which is being revised and formatted to standardize that report with SARs being filed by other financial institutions. The report is also being revised to support joint filing by providing necessary data blocks and instructions for completing a jointly filed SAR. The instructions limit joint filing to those suspicious activities that do not involve insider abuse.

Comments are due to NCUA by April 18, 2006. Please send your comments to MCUL by April 11, 2006. If you would like a copy of the draft SAR form, you may access it on the Internet at:

The proposed changes to the SAR form are identified below based on the current form arrangement:

Part I – Subject Information

  • Part I--Subject Information would be moved from Part II to Part I and would collect information on the subject of the SAR. The section title would be changed from ”Suspect Information'' to ”Subject Information''.
  • Proposed data item 2a would be added to indicate whether multiple subjects are involved.
  • Proposed data item 6 “Also known as (AKA-individual) or doing business as (DBA-entity), "would be added in order to standardize the ”Subject Information" section among all SARs.

Part II - Suspicious Activity Information would be moved from Part III to Part II and would describe activity being reported.

  • Current data item 34, ”Total dollar amount involved in known or suspicious activity,” would be increased to twelve digits from ten and would be renumbered as data item 22.
  • Current data item 38, which collects information about the financial soundness of the respondent institution, would be moved to Part V, ”Suspicious Activity Information-Narrative,” data item a.
  • Current data item 39, regarding bonding company notification, would be deleted.
  • Current data items 40-44, law enforcement contact information, would be moved to Part V, ”Suspicious Activity Information-Narrative,'' data item g.

Part III -Reporting Financial Institution Information would be moved from Part I to Part III and would collect information that identifies the respondent institution, the branch where the activity took place, the affected account number(s), if any, and whether such accounts have been closed as a result of the suspicious activity.

  • Proposed check box 26b would be added to indicate whether two or more financial institutions are jointly filing a single Suspicious Activity Report by completing data items 26 through 35.
  • Proposed data item 29 would collect the respondent institution's internal control or file number. Respondent institutions would be encouraged, but not required, to report an internal control or file number.
  • Three check boxes would be added to proposed data item 33, ”Primary Federal Regulator,'' to identify the Internal Revenue Service, the Security and Exchange Commission, and Commodity Futures Trading Commission as regulators for purposes of a Suspicious Activity Report joint filing.
  • Proposed data item 35, “Relationship of subject (Part I) to the above listed financial institution,'' would be moved from Part II, current data item 30, to Part III.
  • Proposed data items 41-55 would provide space to collect information regarding other branch locations. If more than four branches are involved, the additional information would be provided in Part V ”Suspicious Activity Information-Narrative.''
  • Current data item 13, ”If institution closed, date closed,'' would be deleted.

Part IV -Contact for Assistance information is consolidated here.

  • The proposed data item 56, “Designated contact office,'' would replace current data items 45-48, “contact name and title information.'' This revised information, coupled with an internal control or file number, would still provide law enforcement with adequate contact information while protecting the name of the contact person.

Part V -Suspicious Activity Information - Narrative requires the respondent institution to provide a chronological and complete narrative account of the activity, including what is unusual, irregular, or suspicious about the activity. The list of information that should be included in the narrative would be expanded to aid the institution in the completion of the Suspicious Activity Report:

  • Description of the conduct that raised suspicion, why it was suspicious and the date discovered. “Did the activity have a material impact or affect the financial institution’s soundness?” (Proposed item a)
  • Explanation of whether the transaction(s) was completed or only attempted. (Proposed item b)
  • The filer (and joint filer) must not only retain the supporting documentation for 5 years but also retain a copy of the SAR for 5 years. (Proposed item c)
  • The institution must indicate if foreign currency is involved. (Proposed item c)
  • Description of any funds transfers, including in or out identifier numbers. (Proposed item m)
  • If a foreign national is involved, the institution should provide information from any available passport, via, etc. (Proposed item n)
  • Description of the subject(s) position if employed by the credit union/institution. (Proposed item o)
  • The filer should indicate the type of institution, if it is not clear. (Proposed item o)
  • If a law enforcement agency has been contacted, the institution should list the agency and the name of the person contacted. (Proposed item q)
  • If correcting or amending a prior report, the institution should complete the form in its entirety and note the changes in the narrative section (part V).

The instructions for completing the SAR would be expanded to include specific data item instructions for each item on the reporting form. Items considered critical for law enforcement purposes have been marked with an asterisk.

  • The General Instructions state that all depository institutions must file a SAR to report any suspicious transaction related to a possible violation of law or regulation as required by the SAR Instructions. A depository institution may also file a SAR to report a suspicious transaction it believes is relevant to the possible violation of any law or regulation, even if the reporting is not required by the SAR instructions.
  • The current SAR requires institutions for file a SAR in the event of a computer intrusion. The instructions indicate that “[f]or purposes of this reporting requirement, computer intrusion does not mean attempted intrusions of websites or non-critical information systems of the institution….” The draft SAR still contains the check box in the Summary of Characterization of Suspicious Activity section titled “Computer Intrusion”; however, it omits the explanation in the Instructions section.

Potential Impact to Credit Unions. ( Note: Below is a list of issues the MCUL identified as potentially impacting credit union policies, procedures, or operations. Keep in mind that as each credit union is unique, this list may not be exhaustive.)

  • The most significant impact to credit unions would be new staff education as to the new filing requirements for SARS. This would include familiarizing them with the reorganization of the form, and new changes and information they will need for SAR completion.


  1. Has your credit union ever filed a joint SAR with another financial institution? Does the draft form clarify the procedure for filing a joint SAR? If not, how could the joint filing instructions/procedures be further clarified?
  2. The regulators and law enforcement community consider the Narrative Section (Part V, or items 8-16 above) to be the most important section on the form. The draft form contains more items to include in that section in order to assist institutions in filling out the form with as much helpful detail to the regulators and law enforcement as possible. Are there other/additional items that should be included in the list? If yes, what are the other items?
  3. Is the process to follow for correcting or amending a prior SAR clear from the Narrative section? If not, how could that process be made clearer?
  4. In the Instructions section, is the asterisk next to the items critical for law enforcement purposes helpful? If not, what would be more helpful?
  5. Does the elimination of the explanation/definition of computer intrusion make it confusing as to when a computer-related “security event” should be reported? Please explain.
  6. Are there other ways in which the SAR form could be simplified, shortened or clarified? I f yes, what are your suggestions?

If you have any further questions, or to submit a response, please contact:

 Matt Beard
Michigan Credit Union League
112 East Allegan St., Suite 800
Lansing , MI 48933
Fax: (517) 482-3762

We Appreciate Your Response.

InfoSight - For further information on SARs go to, click on Regulatory Compliance and InfoSight, enter your user name and password, click on the InfoSight Link in the center of the page, click on the Member Accounts Channel, and click on the Bank Secrecy Act/PATRIOT Act link. Or you may click on the following link: Bank Secrecy Act/PATRIOT Act.

Home Contact Us Site Map MCUL Home About Us Press Room For Consumers CUs In Michigan