Sorry to bring up an old topic, but I would like some up-to-date clarification:

For SAR reports to the Board of Directors, what exactly is the type of information you are reporting to them? What is best practice?

Do you disclose the name(s) of the customers?
A brief description of the type of filing?
Amount involved? Loss and/or recovery?

Your help is very much appreciated.

We do not disclose the name of the customer. I give the board a running y-t-d list of SAR filings, with date of filing, description of the type of filing [e.g., structuring] and amount involved. We haven't (thankfully) had a loss, but would report that as well.

Back when this was my job (up until a year ago), I submitted a SAR report that had these fields:

Date activity discovered
Date report filed
Filing type (i.e. structuring, mortgage fraud, etc.)
Brief description
Exposure
Actual loss

I did NOT identify customers/suspects by name. I was told a long time ago not to do that, because you don't want to give away too much information. Especially if you're a community bank and directors know the customers personally, etc.

I would only divulge more info if I got a request from my boss (the CEO) or the chairman of the audit committee, who I also reported to. That was extremely rare that they wanted more information and only happened when we were looking at a pretty substantial loss. Very rare.

Ditto Aggs ^^^

Plus we include our internal reference number on the report. It doesn't really do the BOD any good, but an auditor or examiner can tie that number back to the actual SAR to verify that we are reporting things accurately.

I give them everything I write in the narrative and I remove names.

I also use a numbering system and just write a brief synopsis, but never any names because Board Minutes (including your report)can be subpoenaed and even if they are not looking for SAR info, there it could be for someone to read that shouldn't.

I use numbers instead of names on the written materials but I do inform the BOD of the names verbally. I disgree with the notion that the names of SAR suspects be kept from the board.

I don't see how your Board members can be informed if they don't know the names of the suspects. Just keep the names out of the board minutes. The discussion of names should be off the record for reasons of confidentiality. I think it's important that the Board know who they are dealing with in case there is a loan request or other transcation requested by a SAR suspect.

I also collect any information that I hand out to the Board regarding SAR suspects prior to my departure form the board room. This may help alleviate any inadvertant release of information by a board member if they take the information packet home or leave it in their car.

In a comment letter on EGRPRA the American Bankers Association suggested that the requirement to report SARs to the board be discontinued entirely. A couple of key phrases from the letter are to the effect that the requirement, "...is inconsistent with rational risk management responsibilities... and "...it adds further risk to information security issues without concomitant benefit to the bank."

I agree with the ABA; reporting every SAR to the board is a dumb idea to begin with. It's required by the federal functional regulatory agencies, not FinCEN.

I cannot make any argument that the board needs specific SAR information unless the filing relates to a fact situation that rises to the level of the board's fiduciary responsibility; e.g. embezzlement, a major loan loss due to fraud, etc. There, the board should be told not because a SAR was filed, but because they should simply be told.