Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Looking for TPG Software? You are in the right place!

TPG Software is now part of Abrigo. You can continue to count on the world-class Investment Accounting software and services you’ve come to expect, plus all that Abrigo has to offer.

Make yourself at home – we hope you enjoy being part of our community.

AML/CFT AML Training BSA Rules and Regulation Financial Crime SAR Fraud Prevention ACH Fraud

Understanding the new SAR FAQs: What financial institutions should do now

Terri Luttrell, CAMS-Audit, CFCS
November 24, 2025
Read Time: 0 min

Understanding the new SAR FAQs

On October 9, 2025, the Financial Crimes Enforcement Network (FinCEN) issued a set of new Suspicious Activity Report (SAR) FAQs designed to reduce confusion surrounding reporting.  As financial crime threats evolve and examiners sharpen their focus, institutions must stay current with guidance that shapes SAR compliance expectations.  

SAR reporting has long been a contentious undertaking for financial institutions, primarily driven by high regulatory expectations. For banks and credit unions seeking to maintain efficient, risk-based programs, the FAQs serve as a welcome resource that can help teams avoid unnecessary filings and enhance SAR quality.

Why new SAR FAQs

The new SAR FAQs reflect FinCEN's intent to prioritize quality over quantity in SARs, ensuring that institutions allocate their resources to efforts that provide law enforcement and national security agencies with critical information. Due to past regulatory expectations, many institutions have taken an overly cautious approach to SAR filing, which can stretch compliance resources and mask truly high-risk activity.

Learn more about Nacha's 2026 fraud monitoring rules

Read the whitepaper

Key clarifications

The FAQs provide helpful insight into several SAR-related topics. Here are some key takeaways:

  • Structuring determination is not based solely on dollar amounts

Financial institutions are not required to file a SAR solely because a transaction or series of transactions is conducted at or near the $10,000 currency transaction report (CTR) threshold. A SAR is only required when the institution knows or suspects that the activity is intended to structure transactions or otherwise evade BSA reporting requirements. The obligation to detect and report structuring should be guided by a risk-based AML/CFT program tailored to the institution's products, services, and risk exposure, rather than solely by transaction size.

  • Continuing SARs don't always require a review

Financial institutions are not required to conduct a separate review of a customer or account solely to determine whether suspicious activity has continued after a SAR has been filed. Instead, institutions may rely on their risk-based policies and procedures to monitor for continuing suspicious activity. This clarification helps reduce unnecessary workload and supports more efficient use of AML resources.

  • Timeline for continuing activity SARs

Financial institutions may choose to follow the previously suggested timeline of 120 days after prior SAR filing to report continuing suspicious activity, although doing so is not mandatory. Financial institutions may file continuing SARs based on their risk-based policies and applicable timelines, provided they are reasonable and support accurate reporting.

  • No SAR decision documentation

Financial institutions are not required to document the decision not to file a SAR; it is not mandated under the Bank Secrecy Act or its implementing regulations. Institutions that choose to document their decision may tailor the level of detail to the nature and complexity of the activity being reviewed. In most cases, a brief, concise note is sufficient and should align with the institution's risk-based policies and procedures. For more complex investigations, additional context may be appropriate to support the decision.

Reassessing alert thresholds

Not every alert or internal review warrants a SAR. Financial institutions should review their current alert thresholds and rules within transaction monitoring systems. If thresholds are set too low, investigators may spend time reviewing activities that do not present a real risk, ultimately weakening the effectiveness of the compliance program.

By using above-the-line/below-the-line testing and tuning thresholds based on institution-specific risk profiles, compliance teams can focus their time and resources on truly suspicious activity. This adjustment also supports examiners' expectations around having a risk-based, rather than volume-based, AML/CFT program.

 

Improving SAR quality

FinCEN has consistently emphasized that the SAR narrative is the most critical part of a SAR, encouraging institutions to present facts in a clear, chronological, and objective manner. Narratives that are too vague, overly technical, or speculative can impede law enforcement's ability to act effectively.

Institutions should ensure that their SAR drafting process includes peer review, standardized templates, and clear documentation of the facts that support the basis for suspicion. Narrative training and periodic quality control reviews can also raise the overall standard, helping to ensure that SARs tell the whole story and withstand examiner scrutiny.

Enhancing employee training

Frontline staff and internal stakeholders play a crucial role in identifying and escalating suspicious activity, serving as the foundation of an effective AML/CFT program.

Regular training should go beyond compliance checklists to include scenario-based learning that reinforces what constitutes suspicious behavior, how to escalate concerns appropriately, and what documentation is required. Training should also clarify the distinction between activities that warrant a SAR and those that require internal documentation or enhanced due diligence.

AML/CFT Officers should also consider conducting targeted refresher training for staff in high-risk departments, such as those involved in wire transfers, new account openings, or customer service.

Evaluating technology

Effective suspicious activity monitoring depends not only on human judgment but also on the quality of the tools supporting compliance teams. Financial institutions should ask whether their current systems support accurate risk detection, clear case documentation, and flexible reporting. Systems should enable investigators to attach supporting evidence, track disposition decisions, and generate audit-ready documentation.

Questions to assess your institution's readiness

As your team adapts to the new SAR FAQs, these questions can help identify whether your SAR processes are aligned with FinCEN's clarified expectations, and where adjustments may be needed:

Are we filing SARs where no true suspicion exists?

  • Over-filing can be a red flag to regulators and a drain on resources. Institutions should reassess whether their current policies encourage the filing of defensive SARs, rather than relying on a documented, reasonable basis for suspicion. Reviewing recent filings for trends in non-critical SARs can help recalibrate internal thresholds and staff judgment.

Are our narratives consistent, factual, and examiner-ready?

  • A SAR may meet the technical filing requirement but fall short in its usefulness if the narrative is unclear, disorganized, or overly speculative. Ask whether your team has a standard narrative format and whether SARs are consistently reviewed for accuracy, grammar, and logical flow before submission.

Are we clear on the difference between due diligence and suspicious activity?

  • FinCEN's FAQs emphasize that not all investigations result in a SAR. A clear internal distinction between routine enhanced due diligence and activity that truly crosses the suspicion threshold can prevent unnecessary filings while still documenting institutional oversight.

Are we using compliance resources wisely?

  • False positives create alert fatigue and limit your team's ability to focus on higher-risk cases. Consider whether your current rules and thresholds are aligned with your institution's risk appetite, and whether automation or advisory support could help sharpen your focus.

Modernizing AML programs

With staffing resources stretched thin, many institutions are exploring how automation and intelligent alerts can improve SAR program performance. Tools like Abrigo Fraud Detection and BAM+ are designed to reduce false positives and provide better visibility into transaction behavior, enabling institutions to focus on higher-risk activity.

These solutions utilize behavior-based modeling, cross-channel analysis, and configurable thresholds to identify suspicious trends with greater precision. Built-in case management tools support detailed, audit-friendly SAR documentation, while flexible workflows empower investigators to confidently escalate or close alerts.

Reset your SAR program

FinCEN's new SAR FAQs aren't just technical clarifications; they are an opportunity to reset your institution's approach to SAR reporting. By aligning your internal policies, training, and systems with this updated guidance, your institution can reduce regulatory risk, preserve valuable staff time, and ensure that SAR filings deliver the intelligence they're meant to.

 

Get a free AI readiness checklist and other resources on Abrigo's AI Hub.

AI resources for bankers
Blog

Understanding the new SAR FAQs: What financial institutions should do now

Read More
Blog

Unlocking the power of banking software: Practical tips for busy admins

Read More
Blog

Nacha operating rules and guidelines: What credit unions need to know for 2026

Read More
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.