FinCEN’s SAR FAQ Update: Clarity, Common Sense, and Compliance Reform

By Timothy Stokes, CRCM, Managing Director

Recently, FinCEN published another piece of guidance for the industry outlining substantial updates to its Frequently Asked Questions (FAQs) regarding requirements for Suspicious Activity Reports (SARs). This, along with all the other recent guidance regarding BSA modernization, is generating further discussion about how, or whether, financial institutions should adjust their BSA/AML Compliance Programs.

The recent October 9, 2025 FAQs from FinCEN clarified requirements associated with submitting SARs. Specifically, the FAQs:

  • Provide clarity on filing structuring-related SARs;
  • State that institutions need not conduct subsequent reviews of customer activity simply because a SAR was filed;
  • Indicate that continuing activity SARs should be filed in accordance with risk-based policies and procedures rather than at fixed, predetermined intervals; and
  • Provide additional context around documenting rationale for non-filing determinations.

It is important to note that these FAQs do not change statutory BSA-related obligations or requirements. That said, regulators and examiners will occasionally incorporate guidance like FAQs into their exams despite its statutory authority.

Taken together, these FAQs reframe SAR filing expectations to emphasize judgment, risk-based decisions, and efficiency over purely procedural compliance. In turn, this may affect compliance workflows, necessitate programmatic changes, and require communication and training.

What FinCEN Actually Said

FAQ Number One states that, specific to structuring related activity, transactions at or near the $10,000 threshold triggering a Currency Transaction Report (CTR) filing are not inherently indicative of suspicious activity unless there is evidence that the transaction(s) were designed to evade BSA reporting requirements (i.e., structuring). FinCEN has emphasized that account monitoring parameters should be risk-based and aligned with the results of a financial institution’s risk assessment regarding risks for money laundering or terrorist financing based on its customer base, products and services offered, and geographic location.

FAQ Number Two clarifies that financial institutions are not required to conduct subsequent customer or account reviews simply because an initial SAR was filed. Essentially, the filing of a SAR does not automatically trigger subsequent review requirements. FinCEN also emphasized that continuing activity reviews were never a regulatory requirement or expectation and that financial institutions should rely on their internal risk-based policies and procedures regarding ongoing customer and account activity monitoring.

FAQ Number Three addresses continuing activity SAR filing timelines.  The timeline for filing continuing activity SARs has been a source of confusion for financial institutions and regulators alike because of different interpretations. Prior to these new FAQs, FinCEN’s guidance essentially set up a 120-day cycle prompting institutions to develop procedures for reviewing the reported activity every 90 days and then filing a continuing activity SAR within 30 days of that review. While this seems straightforward in principle, in practice it often created confusion causing institutions to write overly complicated procedures for continuing activity reviews and SAR filings. The new FAQs essentially change that 30-day turnaround to a 60-day window allowing institutions to analyze the activity and file the report with a revised timeline from 120- to 150-days. While this is not a substantial change it is significant because it recognizes the reality that ongoing cases can be time consuming. Like much of the other recent guidance we have seen come from FinCEN, it signals a shift in regulatory expectations towards a more practical approach regarding SAR filings.

FAQ Number Four clarifies documentation requirements for investigations resulting in determinations to not file a SAR. Regulators have long expected that financial institutions document their rationale for not filing a SAR when customer or account activity triggered the need for an investigation. In 2006, FinCEN issued guidance that encouraged, but did not require, financial institutions to document non-filing rationale. The updated FAQs clearly state that such documentation is not a regulatory requirement; however, institutions should comply with their internal policies and procedures regarding appropriate levels of documentation for non-filing determinations. Notably, the FAQs specifically state that a “short, concise statement” would likely suffice.

Relevance for Financial Institutions

FinCEN’s clarification appears to address that the previous approach to SAR filings in the above scenarios produced  more volume than value and diluted meaningful intelligence for investigators.

Filing continuing activity SARs has required institutions to create complex, resource-dependent systems with workflows primarily designed to fulfill reporting requirements at 90- or 120-day intervals. Due to the large volume of data, this method failed to deliver meaningful results and tended to create excessive work and unnecessary analysis for the end users of the data (i.e., law enforcement).

This guidance enables compliance teams to shift their focus from following a time-based reporting system toward detecting genuine suspicious activity that may or may not differ from previous reports. This can create both new areas of uncertainty and possible security threats for financial institutions who will need to evaluate their criteria for ongoing monitoring effectiveness, continuing activity SAR filings, and investigation closure while facing the challenge of defending (or no longer defending) their decisions.

Key Considerations for Financial Institutions

While these updated FAQs do not impose any new or changing requirements on a financial institution’s BSA/AML/CFT Program, they may present an opportunity to gain efficiencies or otherwise streamline processes. Financial institutions wishing to explore these possibilities should carefully consider implications on policies, procedures, and systems; documentation standards; and examiner expectations.

Policies, Procedures, and Systems

Institutions should evaluate the practices they have built around filing SARs based on cash deposits and ensure that large cash deposits do not automatically trigger a SAR filing, but that specific risk factors like attempting to evade BSA reporting requirements are considered. Procedures and systems should also be reviewed regarding placement of customers or accounts on watchlists simply because a SAR was filed. Institutions should consider the totality of events, specifics of the suspicious activity, and other pertinent facts when determining whether continued monitoring is warranted. Institutions should review parameters and legacy system settings, as they may have previously been “hard-coded” or default to comply with a 90-day expectation for filing continuing activity SARs. Lastly, existing policies or procedures may mandate extensive documentation for rationale when the institution determines that a SAR is not warranted. FinCEN has specifically clarified in the FAQs that this is neither a regulatory requirement nor expectation.

Ultimately, institutions should review their BSA/AML policies and system parameters to ensure that ongoing monitoring will be risk-based and event-driven rather than based solely on timelines. Procedures should define triggers for re-filing based on patterns, escalations, or changes in customer behavior – not just the number of days that have passed between filings.

Documentation Standards

While the updated FAQs state that institutions are not required to document every non-filing decision, they do not explicitly state that institutions should abandon the practice altogether. Additionally, effective governance includes keeping a clear audit trail. A complete lack of documentation regarding a decision not to file a SAR could be interpreted as a gap. Examiners will also still expect to see that alerts were reviewed, decisions were reasonable, and monitoring remains active.

Examiner Expectations

While FinCEN implements the BSA, examination is delegated to the prudential regulators. These updated FAQs were issued jointly; however, institutions should be mindful that not all agencies or examiners may make immediate adjustments to their examination procedures (or interpretation thereof). It will likely be incumbent on institutions to explain their updated approach and reference the specific FAQ language if necessary. Solid governance around policy or procedural changes may help facilitate communicating changes with regulators and could reduce friction during examinations.

When contemplating changes to their BSA/AML/CFT Compliance Program, institutions must keep top of mind that all components should be based on their specific risk profile and that results of the BSA/AML/CFT risk assessment should be incorporated into decision-making processes. Additionally, changes should be made in accordance with the institution’s established Change Management processes, all applicable stakeholders being involved, and that the Board of Directors is duly informed.

Next Steps

To the extent institutions are considering updates to the BSA/AML/CFT Programs to align with the updated FAQs, here are some next steps institutions could be thinking about:

  1. Review and update policies and procedures to remove fixed continuing-SAR timelines and clarify risk-based triggers. Consider what constitutes “material changes,” and review monitoring parameters.
  2. Ensure staff are adequately trained on new expectations and documentation standards.
  3. Communicate changes to appropriate stakeholders (the Board of Directors, internal and external auditors, and key staff).
  4. Review and enhance monitoring systems to detect meaningful new developments that would justify a new SAR.

The Bottom Line

Regulatory requirements associated with the BSA have historically been insulated from sweeping changes. However, the new FAQs published by FinCEN show that BSA reform is no longer considered “off limits.” It is important to realize that FinCEN’s clarification does not relax the obligation to report continuing suspicious activity but rather shifts the emphasis from frequency to relevance.

For institutions to be successful under this new paradigm, they will need to balance flexibility with prudence. Institutions should remember the true meaning of SAR reporting, which is that it is a tool for intelligence and not simply a regulatory requirement. Decisions need to be thoughtful and appropriately documented, and sound judgment to focus on what truly matters should prevail.

ABOUT THE AUTHOR

Tim Stokes is a Managing Director at Asurity Advisors with nearly 25 years of experience in the financial services industry. He has extensive knowledge and expertise in both anti-money laundering and consumer protection financial laws and regulations. He has served in roles as Bank Secrecy Act (BSA) Officer at institutions of varying sizes and was a Senior Outreach Specialist and Regulatory Liaison with the Financial Crimes Enforcement Network (FinCEN). Tim works with clients on all facets of their BSA/AML/CFT programs, including risk assessments, program builds and optimization, KYC/CDD/EDD programs, and training. Tim holds a B.S. in Organizational Psychology and is a Certified Regulatory Compliance Manager.

If you would like more information please, provide your email address

Related Insights

Innovation with Intention: Including Emerging Technologies in BSA/AML Policies
By: Timothy Stokes, CRCM, Managing Director Financial institutions are operating in an environment where technological development is occurring at an […]
Read more
Summer of Servicemembers: Recapping DOJ’s SCRA Activity
By Ryan Labriola, Senior Manager Over the course of this past summer, the United States Department of Justice (DOJ) pursued […]
Read more
Debanking: A Compliance Tightrope
By Lynn Woosley, Managing Director, Asurity Advisors On August 7, 2025, President Trump issued Executive Order 14331, “Guaranteeing Fair Banking […]
Read more