Suspicious Activity Reporting: How to Handle the New FinCEN Guidance

  • Financial services
  • 10/13/2025
In union there is strength

The new FAQs serve as a prompt to verify your SAR programs are not only compliant, but also strategically focused on actual risks.

There’s new guidance on Suspicious Activity Report (SAR) requirements to help reduce unnecessary filings and focus on high-value suspicious activity reporting.

The Financial Crimes Enforcement Network (FinCEN), along with other regulators, last week issued four frequently asked questions (FAQs) to clarify SAR requirements. The guidance provides SAR filers (financial institutions, non-bank financial institutions, strategic partners – a.k.a. Fintechs) help with reviewing their current programs.

These FAQs don’t introduce new obligations nor do they relieve any existing requirements. Instead, the primary intent is to encourage a pause and reassessment of your programs so they’re appropriately risk-based and to determine whether resources — time, energy, and money — are being allocated effectively.

FAQ 1: SAR filings for potential structuring

  • Key point — A transaction or series of transactions near the $10,000 CTR threshold does not automatically require a SAR.
  • Requirement — File a SAR only if you knows, suspects, or have reason to suspect the activity is designed to evade CTR reporting.
  • Example — A business account has deposits that don’t exceed the CTR threshold. Upon further discussion with the client, you discover they have insurance limitations prohibiting employees carrying cash over $8,000.

FAQ 2: Continuing activity reviews

  • Clarification — You’re not required to conduct separate reviews of customers or accounts after filing a SAR and you’re not required to continually file SAR.
  • Focus — Rely on risk-based internal monitoring systems or automated systems to alert you to new concerns. Do not defensive file just because you are uncomfortable with the activity previously filed on; SARs should have intent and provide value to law enforcement.
  • Example — You automatically add all prior SAR filings to your high-risk list because you’ve filed on them previously. Instead, spend your time, energy, and money relying upon your controls for alerting you to concerning activity and conduct ongoing reviews on other elevated risk customers. An example of a less than valuable SAR filing: “We are filing this SAR because the customer refused to take off their hat when we asked them to and that is our policy when you enter our branches.”

FAQ 3: Continued activity reviews timeline

  • Guidance — When determining to filing for continued activity, it warrants a decision.
  • Notables — “May instead file SARs as appropriate in line with applicable timelines,” referencing footnote 11: 31 C.F.R. § 1020.320(b)(3) “suspicious activity has continued,” referencing footnote 12 which outlines the timing requirements for known and unknown subjects.
  • Focus — Don’t just refile to refile but also don’t stop refiling when the activity continues or new activity is presented. If new activity is presented in the time since the previous filing, it could actually trigger the need for a SAR to be filed sooner than the outlined timeframes.

FAQ 4: Documenting the decision not to file a SAR

  • Guidance — If you decide not to file a SAR, document the rationale appropriately with specifics of the activity being reviewed in a “short, concise statement.”
  • What changes — Not much. There has not ever been a requirement or expectation under the rules to document the decision to not file a SAR. However, being able to identify why you did what you did in that one instance three years ago by documenting your thoughts is a good risk-based decision.
  • Next steps — Assess your internal policies, procedures, and controls to determine if the risk-based approach is appropriate. If you have a manual program, the documentation will likely be different than if you have an automated program.

Key points about the FinCEN suspicious activity reporting

  • No new or alleviated obligations — The FAQs clarify they don’t create additional requirements or lessen any prior obligations. Their purpose is strictly advisory, aimed at promoting thoughtful reassessment.
  • Encouragement to pause and reassess — Take a step back from your routines to evaluate whether your programs truly address current risks of your customer base, products and geography, rather than simply following established habits.
  • Focus on risk-based approaches — The guidance stresses the importance of verifying all activities and controls are justified by actual risks faced by the organization, rather than legacy practices. Evaluate whether current spending and resource allocation match areas of highest risk.
  • Review "Because we've always done it that way" practices — Special attention should be paid to any processes or controls existing solely due to tradition. Do your practices remain relevant and effective? Adjust your program as needed to better reflect a risk-based approach, focusing resources where they have the greatest impact.

How CLA can help financial institutions with FinCEN suspicious activity reporting requirements

The new FAQs serve as a prompt to step back from routine and verify your programs are not only compliant, but also strategically focused on actual risks. This reassessment is especially important for activities undertaken simply because "that's how it's always been done."

By following this guidance, organizations can direct their efforts and resources where they are most needed. CLA’s experienced financial services regulations team can help to assess your program’s effectiveness.

This blog contains general information and does not constitute the rendering of legal, accounting, investment, tax, or other professional services. Consult with your advisors regarding the applicability of this content to your specific circumstances.

Experience the CLA Promise


Subscribe