FinCEN FAQ’s on Suspicious Activity

FinCEN FAQ’s on Suspicious Activity

February 4, 2021

On January 25, 2021 the Financial Crimes Network (FinCEN) issued Interagency Guidance in the form of an FAQ relating to suspicious activity reporting (SAR) and bank obligations in certain situations which maybe encountered when filing a SAR.

The FAQ codifies existing policy and practices and does any new obligations to the regulated financial institutions.  Nonetheless, the FAQ’s provide clarification in several key areas.

The guidance can be found at: here


FAQ Discussion:

FAQ1: A financial institution can maintain an account or customer relationship for which it has received a written “keep open” request from law enforcement, even though the financial institution has identified suspicious or potentially illicit activity.

A bank is not required to keep open such an account, but it may do so at its own discretion.  Banks should consider certain controls around such activity and also be reminded that they are still responsible for account monitoring and SAR filing if warranted.

  1. Ensure you have written policies and procedures for such requests that define the criteria for maintaining such accounts, internal bank approvals, and oversight such as enhanced due diligence, ongoing monitoring and SAR Reporting.
  2. Coordinate all requests through one person within the bank to ensure the bank is aware of them and that proper oversight is in place.
  3. Ensure you are dealing with Law Enforcement properly, e.g. know who is making the request, ask for it in writing, ask for the expected duration, etc. Make them aware that you may close the account if it becomes too high risk and is outside of the bank’s risk tolerance.
  4. Maintain documentation of the request and ensure the accounts are well documented from an AML perspective. Be especially cognizant of documenting “no SAR” decisions.

FAQ2:  A financial institution need not file a SAR solely on the basis of receiving a grand jury subpoena or other law enforcement inquiry. Nor is a SAR filing required solely in the event of “negative news” on a given customer.

FinCEN has clarified that negative news, a subpoena or law enforcement inquiry does not, in and of itself, require the filing of a SAR. However, such accounts are still subject to “normal” monitoring and oversight, including EDD and SAR filing where appropriate.

  1. Such an inquiry or news event is a possible red flag and the bank should perform an account review to determine the presence of potential suspicious or illegal activity.  If such activity is detected, then a SAR should be filed.
  2. An account review should not only include the information from the subpoena, the negative news, or the law enforcement inquiry, but all other relevant information on hand about the customer or the account.
  3. When a SAR is filed in such circumstances, it should focus on the relevant facts and the basis for the potential suspicious activity.

FAQ3:  A bank is not required to terminate a customer relationship following the filing of a SAR or multiple SARs.

  1. There is no BSA regulatory requirement to terminate a customer relationship after the filing of a SAR or any number of SARs.
  2. The decision to maintain or close a customer relationship as a result of the identification of suspicious activity is a determination for a bank to make based on the information available to it, its assessment of money laundering or other illicit financial activity risks, and established policies, procedures, and processes.
  3. We suggest that banks have well documented account closing policies that enumerate the risk criteria, approval, and oversight of account closing practices.  Such procedures ensure consistency and control over account closing practices.

FAQ4:  A financial institution is not required to file a SAR based solely on negative news.

Negative news is a red flag and a risk indicator, but its presence does not, absence other factors and criteria, necessitate the filing of a SAR.

  1. Negative news should be reviewed in the context of the account relationship, the customer profile, and potential suspicious activity on the account.
  2. A SAR should be filed when the bank believes that there is a basis to file a SAR in accordance with its normal oversight and risk based reporting procedures.
  3. However, in some cases, if the “negative news” is sufficiently egregious or material, that a SAR filing is warranted due to new information becoming known to the bank as a result of the “negative news”.  
  4. Negative news should be monitored on applicable customers and accounts based on the bank’s risk appetite, EDD, and Customer Due Diligence practices.

FAQ5:  A financial institution is not expected to individually investigate multiple negative news alerts based on the same event.

A bank should consider whether multiple news alerts contain new or clarifying information and conduct a “negative news” review when new or additional information comes to light. A bank need not research the same story that may appear in multiple places.

  1. Banks should have a process in place to manage high volumes of news and be able to determine when new or relevant information is available.
  2. As noted above, “negative news” should be reviewed in context with the customer’s profile, account activity, and potential suspicious behavior.

FAQ6:  Financial institutions do not need to repeat information in the SAR narrative that has already been included in other SAR data fields.

Banks should make of the data fields and use the SAR narrative to provide context and qualitative information that helps clarify some of the data being presented in the SAR.

  1. Banks should have Quality Control practices in place to ensure that the SARs are complete and that the narratives provide appropriate context and support.
  2. Banks should note that in some instances, FinCEN may require specific detail in SAR Filed 2 due to specific advisories.

FAQ7:  Financial institutions should not file additional SARs on the same suspicious activity to accommodate narratives that are longer than the SAR narrative character limits.

Banks must provide a clear, complete and concise description of the suspicious activity that led to the decision to file the SAR.

  1. SAR write ups should endeavor to be clear, concise and informative.  Rather than file an additional SAR when there is a high volume of information, the bank should simply include additional data as an attachment.
  2. SAR filing is an art as well as a science and banks should develop a clear core competency in writing them and ensuring they meet both the regulation as well as the needs of law enforcement.  
  3. Banks should have appropriate quality control standards in place including a second level review and/or senior management sign-off.


Please note that the information in the post solely represents the opinion of the writer and does not constitute legal advice. The reader is admonished to note that these FAQ represent regulatory guidance. Readers should contact qualified legal counsel or their regulators, of FinCEN to address specific legal questions.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
risk maturity framework


Book an


discovery session

enterprise risk management for credit unions
Three ways to tap into the people, technology and insights of SRA Watchtower.
We're focused exclusively on the serving the financial & Insurance industries.


Discovery Session
Schedule a 30 minute discovery call with an SRA Watchtower risk expert to understand your challenges or opportunities ahead to see how Watchtower's holistic risk intelligence platform can support your goals.


watchtower demo
Look inside Watchtower, the holistic risk intelligence platform to learn how it helps executives navigate risk and drive growth.

Risk Intel

Risk Intel Podcast
Listen and learn from SRA Watchtower risk enthusiasts, customers, and experts across the financial industry through our weekly risk focused podcast.


No items found.

RMA RIsk Maturity Framework

Powered by SRA Watchtower

Take the self-assessment today to
measure your institutions risk maturity.
risk maturity framework