New SAR guidance: Should you change your structuring practices?
On October 9, 2025, the Financial Crimes Enforcement Network (FinCEN), in partnership with the Federal Reserve, FDIC, NCUA and OCC, released Frequently Asked Questions Regarding Suspicious Activity Reporting Requirements, which provides updated answers regarding suspicious activity reporting (SAR) requirements.
SAR guidance FAQ
Here are highlights from some of these FAQs and what they may mean for you:
FAQ 1: SAR filings for potential structuring-related activity
The guidance does not introduce any significant changes for most institutions, as most will consider multiple factors beyond transaction values (e.g., timing, sources, uses, etc.) when evaluating possible structuring activity. However, for those who have adopted a defensive filing posture, the guidance presents an opportunity to revisit and potentially refine their SAR structuring practices.
FAQ 2: Continuing activity reviews and FAQ3: Continuing activity reviews — timeline
The guidance contains two FAQ regarding continuing SAR (CSAR) reviews that shape a possible shift in approach for financial institutions. As the regulators accurately depict and reiterate here, the 90-day review process was originally intended to be an option for financial institutions because the requirement at the time was to file on continuing activity every 30 days (or 60 days without an identified suspect).
In the quarter century since, that’s evolved into a de facto rule; the guidance realigns the CSAR process with its initial purpose of helping financial institutions relieve their burdens when it makes sense.
The key here is that, as an institution, you get to choose which workflow each SAR will go through. But whichever path you choose, you’ll need to follow the rules of the road.
FAQ 3 makes it clear — if the SAR isn’t subjected to a 90-day review, then it’s subject to the same deadline as an initial SAR: 30 days after SAR determination (60 without a suspect). And conversely, if the SAR is submitted to a 90-day review queue, then the deadline for the next SAR will be the same as it was before the guidance:120 days after the prior SAR.
Most institutions will likely maintain 90-day review processes for most SAR filing categories, as it’s generally a less burdensome option unless the reported activity is inherently unlikely to continue. However, for SARs where an institution can reasonably conclude the activity was a one-time event (e.g., certain types of first-party fraud), the guidance provides an opportunity to cut down on unnecessary reviews without fear of regulatory criticism.
FAQ 4: No SAR documentation
The guidance states, “There is no requirement or expectation under the BSA or its implementing regulations for a financial institution to document its decision not to file a SAR.” While the regulation undoubtedly contains no explicit obligation to document “no SAR” decisions, the assertion that no expectation exists is in sharp contrast to the numerous public enforcement actions that specifically required the penalized Institution to improve that aspect of their AML/CFT program as part of their remediation efforts.
Furthermore, the FFIEC BSA/AML Examination Manual’s description of suspicious activity reporting examination procedures instructs examiners to select a sample of management’s research decisions to determine whether management decisions to file or not file a SAR are supported and reasonable and to assess whether documentation is adequate.
The guidance also suggests that in most cases, a short, concise statement documenting a financial institution’s SAR decision will likely suffice, implying that recording the rationale for the decision is unnecessary. As noted above, this contrasts with the track record of federal banking regulators and the current testing procedures, which require examiners to sample potentially suspicious activity to determine whether management knows of a reasonable explanation for the transactions.
While this portion of the guidance provides financial institutions with an opportunity to gain efficiencies by crafting more concise documentation in support of their alert closures, HRC reviews and investigations, institutions should not take that as a green light to stop recording “no SAR” decisions or use vague commentary (e.g., “No SAR needed”) to substantiate those decisions.
Recognizing that the new guidance may generate further questions for financial institutions, here’s how you can gain additional insights to help you stay in compliance:
- Reach out to FinCEN for further clarification.
- Engage your institution’s regulators.
- Connect with industry peers to share perspectives.
How Wipfli can help
Navigating regulatory shifts like FinCEN’s updated SAR requirements can be challenging as it is essential for your financial institution. Wipfli’s team, including former industry professionals, is ready to apply their experience to help you adapt quickly, stay in compliance and identify opportunities for growth. Learn more about how Wipfli can help strengthen your regulatory compliance management
