Suspicious Activity Reporting

Don’t Forget Your Follow-Up (and Board Reporting)!

The Bank Secrecy Act was enacted in 1970. Since that time, the regulation has had many changes throughout the years to strengthen the security of financial transactions. In 1986, the Money Laundering Control Act was enacted to help combat drug trafficking. Suspicious activity reporting (SAR) was required beginning in 1992 as law enforcement needed more information to support financial investigations. The terrorist attacks of 2001 resulted in the USA PATRIOT Act enactment.

The focus of this piece is the SAR follow-up and Board reporting requirements. One of the common audit findings we come across when conducting a Bank Secrecy Act (BSA)/Office of Foreign Assets Control (OFAC)/Anti-Money Laundering (AML)/USA PATRIOT Act audit is related to the 90-day review of SARs filed and reporting requirements to the Board. According to Financial Crimes Enforcement Network (FinCEN) SAR Electronic Filing Requirements, “A continuing report may be filed on suspicious activity that continues after an initial FinCEN SAR is filed. Continuing reports should be filed on successive 90-day review periods until the suspicious activity ceases but may be filed more frequently if circumstances warrant that. Filers have up to 30 days following the end of a review period to file the continuing report for a total of 120 days of review and filing deadline.”

How can you ensure this 90-day review is complete? Implement a tracking mechanism to ensure the reviews are performed within the required time frame or set reminders for established dates based on the SAR filing and subsequent review periods. Determine if an automated model or manual tracking is the best option for your institution. Keep in mind that follow-up can be conducted sooner than 90 days as well. Keep documentation. Whatever method you choose to use, make certain you are documenting your decision. If a recurring SAR is necessary, ensure it is filed within 30 days after the 90-day review is complete. If it is determined that a recurring SAR is not necessary, management should document the support for their decision. It is imperative that documentation supporting any decisions made is retained, and it should be readily available if requested (by audit or examiners). Because this is an ongoing process, ensure reminders and tracking allow for additional reviews after the initial 90-day review. Also keep in mind that there should not be gaps when reviewing ongoing activity. Ensure you are reviewing activity not just over the previous 90-day period, but also from the period at which the prior review (SAR filing) stopped.

For more information, please view the SAR Frequently Asked Questions found here: Frequently Asked Questions Regarding the FinCEN Suspicious Activity Report (SAR) | FinCEN.gov. (Question 16 specifically addresses continuing activity reporting timelines.)

SARs are also required to be reported to the Board of Directors or appropriate Board committee when filed. The reporting should occur at the first meeting after the SAR is filed and should be documented in the meeting minutes. While banks do have flexibility in the format of the Board reporting, sufficient information should be provided while maintaining the confidential nature of the SAR.

Share:

Facebook
Twitter
Pinterest
LinkedIn
Get The Latest Updates

Subscribe To Our Newsletter

Name

Most Popular

Related Posts

audit & assurance Snodgrass Podcast

Audit & Assurance: A Conversation with Brendan Whalen | S.R. Snodgrass Podcast Episode 11

In this latest podcast from S.R. Snodgrass, HR Director, Lenore Seifer and Brendan Whalen, Principal in the Audit & Assurance Group, discuss how the firm’s focus on team development and client relationships drives success. Watch and listen as they reveal how Snodgrass maintains a positive culture, adapts to industry changes, and supports ongoing growth and collaboration.