Circumstances under which a SAR must be filed

There are four circumstances that trigger the SAR filing requirement. All four of these appear in the versions of the regulations produced by the financial institution regulatory agencies. (They appear in the NCUA version indirectly; the NCUA regulation refers to the description of these circumstances appearing on the instructions to the SAR form.) If you are not subject to these agencies’ rules and are, instead, subject only to the Treasury Department version, you should know that only the fourth circumstance applies to you. See the beginning of this SAR section of the chapter for information on which agency regulates which institutions.

We describe a fifth circumstance below—when an institution’s customer is the victim of “identity theft.” The FDIC “encourages” institutions to file a SAR in such a case.

Insider abuse

(This circumstance appears in the financial institution regulatory agencies’ versions of the rules but not in the Treasury Department version.)

You must file a Suspicious Activity Report when your institution:
…detects any known or suspected federal criminal violation, or pattern of criminal violations, committed or attempted against the [institution] or involving a transaction or transactions conducted through the [institution], where the [institution] believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the [institution] was used to facilitate a criminal transaction, and the [institution] has a substantial basis for identifying one of its directors, officers, employees, agents, or other institution-affiliated parties as having committed or aided in the commission of a criminal act, regardless of the amount involved in the violation. [12 CFR 21.11(c)(1)]

This provision has two basic components: a criminal violation against or through the institution and the involvement of an “insider.” Insider means a director, officer, employee, agent, or other “institution-affiliated party.” An institution-affiliated party is defined in 12 USC 1813(u) and includes entities such as controlling shareholders, shareholders who participate in the affairs of the institution, etc.

Violations of $5,000 or more; identifiable suspect

(This circumstance appears in the financial institution regulatory agencies’ versions of the rules but not in the Treasury Department version.)

You must also file a Suspicious Activity Report when your institution:
…detects any known or suspected federal criminal violation, or pattern of criminal violations, committed or attempted against the [institution] or involving a transaction or transactions conducted through the [institution] and involving or aggregating $5,000 or more in funds or other assets where the [institution] believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that it was used to facilitate a criminal transaction, and the [institution] has a substantial basis for identifying a possible suspect or group of suspects. If it is determined prior to filing this report that the identified suspect or group of suspects has used an alias, then information regarding the true identity of the suspect or group of suspects, as well as alias identifiers, such as drivers’ license or social security numbers, addresses, and telephone numbers, must be reported. [12 CFR 21.11(c)(2)]

The key components are: (1) a criminal violation, (2) against or through the institution, (3) involving $5,000 or more, and (4) where the institution can identify suspects.

Violations of $25,000 or more, regardless of suspects

(This circumstance appears in the financial institution regulatory agencies’ versions of the rules but not in the Treasury Department version.)

You must also file a Suspicious Activity Report when your institution:
…detects any known or suspected federal criminal violation, or pattern of criminal violations, committed or attempted against the [institution] or involving a transaction or transactions conducted through the [institution] and involving or aggregating $25,000 or more in funds or other assets where the [institution] believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the [institution] was used to facilitate a criminal transaction, even though there is no substantial basis for identifying a possible suspect or group of suspects. [12 CFR 21.11(c)(3)]

This is very similar to the previous circumstance but differs in threshold amount and whether there are identifiable suspects. The key components are: (1) a criminal violation, (2) against or through the institution, and (3) involving $25,000 or more.

Potential money laundering, violations of the BSA, involving $5,000 or more

(This circumstance, which appears in the financial institution regulatory agencies’ versions of the rules, is the only one that appears in the Treasury Department version of the rules as well as the agencies’ regulations.)

You must also file a Suspicious Activity Report when your institution is involved in:

Any transaction…conducted or attempted by, at or through the [institution] and involving or aggregating $5,000 or more in funds or other assets, if the [institution] knows, suspects, or has reason to suspect that:

(i) The transaction involved funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets), as part of a plan to violate or evade any law or regulation, or to avoid any transaction reporting requirement under federal law;
(ii) The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or
(iii) The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.

[12 CFR 21.11(c)(4)]

This section also includes a very broad definition of “transaction” for purposes of this fourth reporting circumstance. The definition includes most typical financial institution transactions. [12 CFR 21.11(c)(4)]

When an institution’s customer is the victim of “identity theft”

In October of 1999, the FDIC issued a Financial Institution Letter [FIL-100-99] dealing with the issue of “identity theft,” which the Letter defined as “the misappropriation of another person’s identity (i.e., identifying information such as name, date of birth, or social security number) for criminal purposes.” The Letter says that institutions are “encouraged” to file a SAR when the institution suspects a customer is the victim of identity theft. The Letter also recommends that the institution contact its primary federal banking regulator, the Federal Trade Commission (FTC), and appropriate state agencies. If the situation requires immediate attention, according to the Letter, the institution should contact appropriate law enforcement agencies.

The Letter also encourages institutions to refer victims to the FTC, which is prepared to help by informing the victims of steps they can take to minimize the harm from identity theft, such as contacting credit reporting agencies, credit issuers, law enforcement authorities, and other agencies. The FTC Consumer Response Center (1-877-FTC-HELP) and the FTC web site (www.consumer.gov/idtheft) can also help victims decide what to do.