A Suspicious Activity Report (SAR) must be filed with FinCEN within 30 calendar days of the date you initially detect facts that may constitute a basis for filing. If no suspect is identified on the detection date, you may delay filing for an additional 30 days to identify one, but in no case more than 60 days after initial detection. Banks must file a SAR for suspicious transactions of $5,000 or more when a suspect is identifiable, and $25,000 or more regardless of whether a suspect can be identified, along with other defined triggers.
Key Takeaways:
- The SAR filing deadline is 30 calendar days from initial detection of a reportable transaction
- You may take up to 60 days total only if you are still identifying a suspect; the clock is not optional beyond that
- Bank SAR dollar thresholds: $5,000+ with an identifiable suspect, $25,000+ with or without a suspect, and any amount for insider abuse
- SARs are strictly confidential; disclosing that a SAR was filed is itself a violation
- The filing obligation and timeframes are set by 31 CFR § 1020.320 and parallel rules for other institution types
When a SAR Is Required
A bank must file a SAR when it knows, suspects, or has reason to suspect that a transaction or pattern of transactions involves one of the following, at or above the applicable dollar threshold:
- Funds derived from illegal activity, or a transaction conducted to hide or disguise such funds
- Evasion of BSA requirements, including structuring transactions to avoid reporting or recordkeeping
- No apparent lawful purpose or a transaction not the sort the customer would normally engage in, with no reasonable explanation after examination
- Use of the bank to facilitate criminal activity
The dollar thresholds for banks are specific:
| Situation | Threshold |
|---|---|
| Suspicious activity with an identifiable suspect | $5,000 or more |
| Suspicious activity with no identifiable suspect | $25,000 or more |
| Insider abuse | Any amount |
These thresholds apply to banks under 31 CFR § 1020.320. Money services businesses, broker-dealers, and other institution types have their own parallel SAR rules with different thresholds, so confirm the rule that applies to your charter or registration. The broader program context is covered in our BSA/AML compliance checklist for community banks.
The 30-Day Filing Deadline
The deadline is the part examiners test most directly because it is a bright line.
The rule: File within 30 calendar days after the date of initial detection of facts that may constitute a basis for filing.
The detection date is when your institution, through any means, becomes aware of facts that may indicate reportable suspicious activity. It is not necessarily the date the transaction occurred. It is the date your monitoring, an employee, or a review surfaced the concern.
The 60-day extension applies only in one circumstance: if no suspect was identified on the date of detection, you may delay filing for up to an additional 30 days to identify a suspect, but never more than 60 days after initial detection. This is not a general extension; it exists solely to allow suspect identification.
Continuing activity: When suspicious activity continues, FinCEN guidance directs institutions to file SARs on continuing activity at least every 90 days, summarizing the prior reporting and the additional activity. This keeps law enforcement informed of ongoing patterns.
Missing the 30-day deadline is a documented BSA violation independent of whether the underlying activity was truly suspicious. This is why detection-to-filing timing belongs in your monitoring workflow, a theme we cover in our BSA/AML exam prep checklist.
SAR Confidentiality: The Rule You Cannot Break
SAR confidentiality is absolute and frequently misunderstood. A SAR, and any information that would reveal the existence of a SAR, is confidential. You may not disclose to anyone involved in the transaction that a SAR was filed, is being filed, or is being considered.
Specifically:
- Do not tell the customer a SAR was filed or contemplated. This is "tipping off" and is prohibited.
- Do not produce a SAR in response to a subpoena or other request, except to FinCEN or an appropriate law enforcement or supervisory agency. Notify FinCEN of any such request.
- Do share internally as needed for the institution's own compliance purposes, and within a corporate family under FinCEN guidance, but control access tightly.
Unauthorized disclosure of a SAR carries civil and criminal penalties. The confidentiality rule is in 31 CFR § 1020.320(e) and the underlying statute. Treat the existence of a SAR as need-to-know information.
What Examiners Check on SARs
A BSA/AML examination reviews SAR practices closely. Examiners typically test:
- Timeliness: Were SARs filed within 30 days of detection? They sample alerts and trace them to filing dates.
- Decision documentation: For alerts that did not result in a SAR, is there a documented, reasonable rationale? "No-file" decisions need support as much as filings do.
- Completeness and quality: Does the SAR narrative clearly describe the who, what, when, where, and why? Vague narratives reduce the report's value to law enforcement.
- Continuing activity reviews: Are ongoing patterns being re-evaluated and re-reported on schedule?
- Confidentiality controls: Is SAR information access-restricted, and are staff trained on the tipping-off prohibition?
The FFIEC BSA/AML Examination Manual sets out these procedures. The common thread is documentation: examiners want to see not just the SARs you filed, but the decision trail behind every alert, including the ones you closed without filing.
SAR compliance is a 30-day clock plus a documented decision trail on every alert. See how Canarie tracks alert-to-filing timelines and preserves SAR decision evidence →
Building a Defensible SAR Process
A SAR process that holds up under examination has a few characteristics:
Detection starts the clock automatically. When an alert is generated or a concern is raised, the 30-day deadline is set from that date, not from when someone gets around to the review.
Every alert has a documented disposition. Filed or not filed, each alert carries a rationale. The not-filed decisions are where examiners often find gaps.
Narratives are complete. The SAR tells a clear story that a law enforcement reader can act on, covering the five Ws.
Continuing activity is scheduled. Ongoing patterns trigger a review at least every 90 days for potential additional filings.
Access is controlled. SAR information is restricted, logged, and protected, with staff trained never to tip off a subject.
The administrative discipline, timely filing, complete narratives, and documented decisions, is what separates a clean BSA exam from a finding. For how this fits the wider program, see BSA/AML requirements for community banks.
Frequently Asked Questions
What is the deadline to file a SAR?
A SAR must be filed within 30 calendar days of the date you initially detect facts that may constitute a basis for filing. If no suspect was identified on the detection date, you may take up to an additional 30 days to identify one, but never more than 60 days after initial detection.
What is the dollar threshold for filing a SAR?
For banks, a SAR is required for suspicious activity of $5,000 or more when a suspect can be identified, and $25,000 or more regardless of whether a suspect is identified. Insider abuse must be reported at any dollar amount. Other institution types have their own thresholds.
Can you tell a customer that a SAR was filed?
No. SAR confidentiality prohibits disclosing to anyone involved in the transaction that a SAR was filed, is being filed, or is being considered. This "tipping off" is a violation carrying civil and criminal penalties. SAR existence is strictly need-to-know.
Do you have to file a SAR every time activity continues?
When suspicious activity continues, FinCEN guidance directs institutions to review and, where appropriate, file a SAR on the continuing activity at least every 90 days, summarizing prior reports and the additional activity. This keeps law enforcement informed of ongoing patterns.
What happens if you file a SAR late?
A late SAR is a BSA violation independent of whether the underlying activity was genuinely suspicious. Examiners sample alerts and trace them to filing dates, so missed 30-day deadlines surface directly. Repeated timeliness failures can lead to formal findings and enforcement.
Put the SAR Clock on Autopilot
The two things that produce SAR findings are missed 30-day deadlines and thin documentation on why an alert was or wasn't filed. Both are workflow problems: the deadline needs to start automatically at detection, and every alert needs a recorded disposition.
Canarie ties each alert to its detection date and 30-day deadline, captures the file/no-file rationale, and preserves the SAR decision trail examiners ask to see.