I'm sure many of you experienced (and to continue to experience) the wave of check fraud over the last 3 years. The amount of SARs our institution filed has steadily grown - including continuing SARs.

Recently, we were challenged on our logic for filing continuing SARs. Here's an example:

ABC Small Biz Inc, a customer, has a check intercepted in the mail. Suddenly, a dozen counterfeit checks payable to individuals from across the nation try to clear the account. Checks range from $950 to $4,950. ABC Small Biz confirms the items are fraud, and our bank returns the checks. We consider this as one case with multiple suspects and aggregate the amount, which is over $5,000 but less than $25,000.

After we file the SAR, a few more counterfeit checks drawn off ABC Small Biz's account (now closed) trickle in the first 30 days of our 90-day review period. We know this is common and monitor for more checks the full 90 days. The counterfeit checks are payable to new people. We decide to file a Continuing SAR, aggregate the amount involved, and report a cumulative total.

What would you have done?
1) File a continuing SAR (like above)
2) File a new SAR on the new activity and aggregate
3) Neither - you shouldn't have aggregated in the first place even if it is one common victim. You don't know if the payees are suspects or scam victims and each suspect's activity was less than $5,000.
4) File a SAR for each individual identified even if it is less than $5,000.

I've pored through FinCEN Schema, SAR filing instructions, and FFIEC BSA manual, but cannot pinpoint a solution. Can someone cite guidance for me? At the end of the day, we're just trying to report financial crime.

If the initial filing listed every payee on the fraudulent checks drafted off your business customer's account then I would think it would make sense for a continuous filing to incorporate all new payees as it ties all suspects into one overall report.

I agree with your decision to file a single continuing SAR noting the new subjects and activity.

The same unknown check counterfeiter is continuing to counterfeit checks on this account. It's a continuing activity SAR.

jumping on the continuing sar bandwagon

Appreciate your responses. Also open to other opinions and sources.

Once the account was closed, BSA department would not be involved--deposit ops would return any more items 'account closed.'

What does the fact that the account is closed have anything to do with your SAR reporting responsibility for fraudulent activity?

An attempt to defraud a federally insured financial institution continues. The requirement to file a SAR does not end just because the account is closed.

I am going to second what Randy and Brian have stated here and join the SAR continuation chorus.

Hi StormFront, even though the account is closed, we determined that the presentment of fraudulent checks is a continuation of financial crime activity. Also, if a fraudulent check is being presented in a closed account, I would consider returning the item as altered/fictitious or counterfeit as a courtesy to alarm the other institution.

I am not sure that I would do that. That leaves the BOFD with options to dispute the claim. If you return as a closed account, you cut that off at the pass and the BOFD has no recourse. It sounds nice, but from a risk standpoint, it does not make a lot of sense.

i would return as account closed, and if you felt strongly enough about alerting the BOFD, then place a call to them to alert them of the fraud.

Oh good point! Good thing I'm not in charge of returning the checks. I should have verified with them before pushing my opinion.