Date of?Initial Detection? and the 30-Day SAR Clock

Date of ?Initial Detection? and the 30-Day SAR Clock By FinCEN Office of Outreach Resources

This section of The SAR Activity Review discusses current issues raised with regard to the preparation and filing of SARs. This section is intended to identify suspicious activity reporting-related issues and provide meaningful guidance to filers. In addition, it reflects the collective positions of the government agencies that require organizations to file SARs.

Bank Secrecy Act suspicious activity reporting rules require that a SAR be filed no later than 30 calendar days from the date of the initial detection of facts that may constitute a basis for filing a SAR .6 Upon identification of unusual activity, additional research is typically conducted and institutions may need to review customer transaction or account activity to determine whether to file a SAR. The need to review a customer?s account activity, including transactions, does not necessarily indicate the need to file a SAR, even if a reasonable review of the activity or transaction might take an extended period of time. The time period for filing a SAR starts when the institution, in the course of its review or as a result of other factors, reaches the conclusion that it knows, or has reason to suspect, that the activity or transactions under review meets one or more definitions of suspicious activity.

Guidance on the timing of when a SAR must be filed was first set forth in the October 2000 SAR Activity Review: Tips, Trends & Issues (Issue 1).7 In May of 2006, FinCEN issued additional guidance in The SAR Activity Review: Tips, Trends & Issues (Issue 10)8 to clarify any ambiguity in the interpretation of the original guidance. Institutions continue to seek clarification about the phrase ?initial detection?, and so FinCEN is issuing additional guidance with examples that illustrate appropriate timing for filing a SAR.

As clarified in the May 2006 SAR Activity Review: Tips, Trends & Issues (Issue 10), the phrase ?initial detection? should not be interpreted as meaning the moment a transaction is highlighted for review. There are a variety of legitimate transactions that could raise a red flag simply because they are inconsistent with an accountholder?s normal account activity. A real estate investment (purchase or sale), or the receipt of an inheritance or gift, for example, may cause an account to have a significant credit or debit that would be inconsistent with typical account activity. An institution?s automated account monitoring system or initial discovery of activity, such as system-generated reports, may flag the transaction for review; however, this should not be considered initial detection of potential suspicious activity. The 30-day (or 60-day) period does not begin until an appropriate review is conducted and a determination is made that the transaction under review is ?suspicious? within the meaning of the SAR regulations

Institutions may have implemented multi-layer review procedures and/or systems in order to better detect and report suspicious activity. FinCEN recognizes that these multi-layer review processes may involve such steps as a red flag notice from an account monitoring system, a brief review by an analyst, and an investigation by an investigator. For example, an institution may have implemented an automated red flag system that detects unusual patterns in transactions. It may then utilize an analyst as a first step in determining whether the red flag notice is an obvious ?false positive? or whether the activity should be forwarded to an investigator. In this example, the analyst makes no formal determination as to whether the activity may be suspicious based on the unusual transaction pattern and instead refers the matter to an investigator. After a period of appropriate review, the investigator determines whether the activity is suspicious. Thus, the date of initial detection is the date when the investigator has appropriately reviewed the activity and makes a determination that it is suspicious, not when the analyst refers the matter to the investigator.

The following examples illustrate that the date of initial detection does not necessarily occur on the date of the transaction(s), the date when an automated system generates a notice or red flag alert, or the date when an employee initially reviews the transaction(s). The following examples assume that the monetary thresholds have been met per the SAR regulation applicable to the specific type of institution. Note: Institutions are reminded that reviews of suspicious activity should be completed in a reasonable period of time.9

Examples: Example 1: A customer makes two deposits of $9,900 over the course of two business days. On the third day, an alert teller notifies the BSA analyst that the customer has made deposits of just below $10,000 two days in a row. The analyst makes a determination that the two deposits of $9,900 are most likely indicative of structuring and therefore, the transactions are suspicious. That same day, the analyst refers the matter to the investigator and notes that the transactions are suspicious and likely involve intent to structure transactions to avoid CTR reporting requirements. The date of initial detection in this example is the date when the analyst was able to make a determination that the activity is suspicious. The institution has 30 days to file a SAR from the date of the analyst?s determination.

Example 2: An import/export business customer suddenly begins sending and receiving large wire transfers from high risk jurisdictions. The institution?s automated account monitoring system generates a red flag notification to the BSA officer, who conducts an initial review of the transactions. Given the complexity of the customer?s business, the BSA officer is not in a position to determine whether the transactions may be suspicious. The officer refers the information to the institution?s SAR investigator, who spends several days reviewing the customer?s transactions and researching the nature of the customer?s import/export business. After ten days of research, the investigator is able to make a determination that the activity does not appear to have a business or lawful purpose, and, therefore, the activity is suspicious. The day on which the investigator makes such a determination should be considered the date of the initial detection, and the institution has 30 days from that date to file a SAR.

Example 3: An individual purchases money orders at several agent locations of an institution within the same city on the same business day. The next day, the institution?s software system alerts the BSA assistant to the pattern of transactions. The assistant reviews the transactions and determines that transactions should be reviewed by the institution?s BSA officer. The officer commences a review and a few days later the officer identifies another series of transactions conducted by the individual but still does not have enough information to determine if the activity is suspicious. A week later, the individual initiates a wire transfer to a high risk jurisdiction and provides the agent?s employee with alarming information during a conversation. The employee informs the BSA officer of the updated information, and the officer makes a determination that the activity is suspicious, that a SAR should be filed, and that law enforcement should be contacted immediately. From that date, the institution has 30 days to file a SAR.



6 If no suspect can be identified, the time frame for filing a SAR is extended to 60 days.

7 SAR Activity Review: Trends, Tips, & Issues: Issue 1:

http://www.fincen.gov/news_room/rp/files/sar_tti_01.pdf text

8 SAR Activity Review: Trends, Tips, & Issues: Issue 10:: http://www.fincen.gov/news_room/rp/files/sar_tti_10.pdf

9 According to the section ?Timing of a SAR Filing? from the FFIEC Bank Secrecy Act/Anti-Money Laundering Manual (2007), ?What constitutes a reasonable period of time will vary according to the facts and circumstances of the particular matter being reviewed and the effectiveness of the SAR monitoring, reporting, and decision-making process of each bank. The key factor is that a bank has established adequate procedures for reviewing and assessing facts and circumstances identified as potentially suspicious, and that those procedures are documented and followed.? http://www.ffiec.gov/bsa_aml_infobase/default.htm

Excerpted from SAR Activity Review Issue 14, page 39