Articles & E-Books


Suspicious Activity Reports: What to Report and to Whom

Jun 24, 2019

The Federal Financial Institutions Examination Council (FFIEC) offers guidance for reporting Suspicious Activity Reports (SARs) to the board of directors. When a financial institution files a SAR, management is obligated by regulation to notify the board of directors or a committee of the board. The regulation does not, however, mandate any particular method or format for the reporting.

What should you report? The FFIEC states that institutions may, but are not required to, provide copies of SARs to the board of directors or designated board committee. So, should you provide specific details of the SARs filed? Some institutions report only the number of SARs filed, others include a short summary of the activity, and still others provide actual copies of SARs. There are things to consider when determining the best reporting approach for your institution.

Who should you report to? Many institutions report SAR activity directly to the board, but the board may determine that SAR reporting will be made to a board committee. Depending on your structure, you may also want to consider sharing SARs with head offices and/or controlling companies, as appropriate. As a best practice, consider reporting activity monthly, even if no SARs were filed in a given month.  

One important consideration is that institutions are prohibited from disclosing the existence of a SAR to the person who is the subject of the SAR. This is one reason many institutions do not disclose specific details. 

Consider a scenario where management routinely reports SAR details to the board, but when a director or family member becomes the subject of a SAR, management reports only the number of SARs. While that can be uncomfortable, there are further implications. Has management by omission disclosed that a director was the subject of a SAR? That could be one view taken by regulators.  

All in all, the decision regarding what to report and to whom should be carefully considered. Yet, regardless of the reporting path or method selected, you should ensure the process for reporting is documented within your BSA program. Examiners will look to the program and test against what it states.

For assistance with assessing or strengthening your Bank Secrecy Act program, contact Michael Moreau, Manager, at or 207.523.3314.


Michael P. Moreau, CIA, CFE, CFSA
View Profile
Video: Benefits of Co-Sourcing Your Internal Audit Plan
You don’t have to stress about making sure your internal audit plan is completed on time. Together, we work with you to identify risks, update processes and finalize your plan. Reinforce your team with the support you need to complete your annual internal audit plan with confidence.