So, we've just discovered that a customer who opened her account in 1998 used someone else's SSN.

That being the case, it seems like we should report all activity for the last 12 years in the amount field. However,
we don't have history dating back that far and for the data we do have, it's going to be a nightmare to compile it.

Any thoughts on how far back we really need to go on this?

Thanks!

You can go back as far as your record retention will allow you to go.

I am not sure if this is acceptable but personally I would just do a review of the past 90 days or 6-months of activity and just report that aggregate amount. In my narrative I would state the the account was opened in 1998 and all the activity since then should be considered. My thought process is if you are contacted and asked to esculate then you would address the aggregate activity at that time. In the interim I don't think adding up all the activity is going make too much of a difference. You are still reporting the main purpose of the SAR and adding up all that activity isn't beneficial or time/cost efficient at this stage.

That being said, if you deem the account activity suspicious in your 90-day or 6-month review then you may want to consider going farther back. If it is normal activity but the customer just used someone elses SSN then I would just do a snapshot.