Filing a SAR correctly and on time is a legal obligation for most fintechs. Here is a practical step-by-step guide to the full SAR process — from detection through submission.
How to File a Suspicious Activity Report (SAR): A Step-by-Step Guide
For most fintechs that move money, filing a Suspicious Activity Report is not optional — it is a legal obligation under the Bank Secrecy Act. And unlike many compliance requirements that can be addressed at a measured pace, SAR filing is deadline-driven. Miss the 30-day window and you have a BSA violation regardless of how good the rest of your compliance program is.
This guide walks through the complete SAR filing process from the moment suspicious activity is detected through the moment the report is submitted to FinCEN — including what goes in the narrative, how to document your investigation, and how to avoid the most common filing mistakes.
Who Is Required to File SARs?
SAR filing requirements apply to financial institutions covered by the BSA. For fintechs, this includes money transmitters and other Money Services Businesses registered with FinCEN, fintech companies operating under a sponsor bank arrangement where the filing obligation may rest with the fintech, the bank, or both — your program agreement should specify which — and any other business classified as a financial institution under BSA regulations.
If you are uncertain whether your specific business has SAR filing obligations, resolve that question with qualified compliance counsel before you process your first transaction.
The Filing Threshold
For most fintechs and MSBs, a SAR must be filed for transactions involving $2,000 or more — individually or in aggregate over 30 days involving the same person — that meet the suspicious activity criteria. For banks and broker-dealers the threshold is $5,000.
The threshold applies to the amount involved in the suspicious activity — not the total transaction value of the account.
Step 1 — Detection
Suspicious activity is identified through one of two channels.
Automated detection occurs when your transaction monitoring system generates an alert based on a rule or threshold being met — a transaction just below the reporting threshold, a sudden spike in account activity, a pattern inconsistent with the customer's profile, or a geographic flag.
Manual observation occurs when a compliance analyst, customer service representative, or operations team member notices something unusual that the automated system did not flag. Any employee can and should report suspicious observations internally.
Document the date and method of detection. The 30-day SAR filing clock starts from the date suspicious activity was initially detected — not from the date your investigation is complete.
Step 2 — Investigation
Before filing, your compliance team must conduct and document a thorough investigation. This investigation must be completed promptly — the 30-day clock is already running.
The investigation should cover reviewing the transaction in full account context, examining the customer's complete transaction history on your platform, checking the customer's KYC file including identity verification records and stated account purpose, reviewing any prior alerts or compliance notes on the account, checking whether the customer or related parties appear on any watchlists, and attempting to identify any legitimate business explanation for the activity.
Document everything. Your investigation notes are the supporting documentation that justifies your filing decision. In a FinCEN examination or law enforcement inquiry, these notes are what you produce to explain why a SAR was or was not filed.
Step 3 — The Filing Decision
Based on the investigation, your designated compliance officer or BSA Officer makes the final SAR filing decision.
A SAR must be filed when your business knows, suspects, or has reason to suspect that a transaction involves funds from illegal activity, is designed to evade BSA reporting requirements, has no apparent lawful purpose and cannot be reasonably explained after investigation, or involves use of your platform to facilitate criminal activity.
The standard is suspicion — not certainty. If after a thorough investigation the activity cannot be explained by any reasonable legitimate purpose, file the SAR. Document the basis for your decision regardless of which way it goes.
If you decide not to file, document specifically why the activity was determined not to be suspicious. This documentation protects you if the same customer is later the subject of an investigation.
Step 4 — Preparing the SAR
SARs are filed through FinCEN's BSA E-Filing System. Before you can file, your organization must be enrolled in the system — enrollment must be completed before you need to file, not after suspicious activity is detected.
The SAR form requires information in several categories. Subject information covers the name, address, date of birth, identification number, and account information for the person or entity whose activity is being reported. Transaction information covers the amount, dates, transaction types, and financial institution information. Suspicious activity type covers the category of suspicious activity — structuring, money laundering, fraud, etc. And the narrative covers the written description of what happened.
Step 5 — Writing the SAR Narrative
The narrative is the most important and most commonly inadequate part of a SAR filing. It is a written description of the suspicious activity that must be clear, factual, chronological, and complete enough for a law enforcement agent who has never seen the account to understand exactly what happened and why it is suspicious.
A strong SAR narrative answers five questions: who is involved, what happened, when it happened, where the activity occurred or was directed, and why the activity is suspicious.
A weak SAR narrative says something like — customer conducted unusual transactions that appeared suspicious. This tells law enforcement almost nothing useful and reflects poorly on your compliance program.
A strong SAR narrative says something like — on the dates listed, the subject account received 14 ACH transfers from 8 different originators totaling $18,400 over a 12-day period. Each transfer was under $2,000. Within 24 hours of each deposit the funds were transferred to a single external account at [institution]. The customer's account was opened as a personal account with expected monthly activity of one to two transactions under $500. The activity is inconsistent with the account profile and no legitimate explanation was identified after review of the account history and customer records.
Step 6 — Filing and the Deadline
File the completed SAR through FinCEN's BSA E-Filing System within 30 calendar days of the date suspicious activity was initially detected. If additional time is needed specifically to identify a subject, the maximum extension is 60 days — but this extension applies to identifying the subject, not to completing your investigation generally.
There is no extension process. Missing the 30-day deadline is a BSA violation regardless of the reason.
Print or save a copy of the filed SAR. Note the date and method of filing in your records.
Step 7 — Recordkeeping and Confidentiality
Retain a copy of every SAR filed, along with all investigation documentation, for a minimum of five years from the filing date. This includes transaction records, account history, monitoring alerts, investigation notes, and any communications related to the filing decision.
The SAR confidentiality rule is mandatory and absolute. It is a federal crime to disclose to the subject of a SAR, or to any other outside party, that a SAR has been filed or is being considered. This prohibition applies to every person in your organization — compliance staff, customer service, operations, and leadership alike. Train your entire team on this rule, particularly customer-facing staff who may be asked directly about account restrictions.
Continuing Activity SARs
If suspicious activity continues after a SAR is filed, you are required to file a continuing activity SAR no later than 90 days from the date of the initial SAR. Document the continuing nature of the activity and reference the prior SAR filing.
Frequently Asked Questions
Can a fintech be penalized for filing a SAR in good faith even if no crime occurred?
No. The BSA provides safe harbor protections for good-faith SAR filers. A financial institution that files a SAR in good faith cannot be held civilly liable for the filing even if the underlying activity turns out not to involve criminal conduct. The risk runs entirely in the direction of not filing when you should have.
What happens if we discover we should have filed a SAR but missed the deadline?
File the SAR as soon as you determine it is required even if the deadline has passed. A late filing is a BSA violation but is treated more favorably than no filing. Document the reason for the delay. Consistent patterns of late SAR filings are a serious examination finding — an isolated late filing with a documented explanation is less severe.
Should the customer be told a SAR is being filed?
Absolutely not. The SAR confidentiality rule makes it a federal offense to tip off the subject of a SAR or any related party. If a customer asks why their account is restricted, your team should not confirm or deny that a SAR is involved.
How ComplyOne Helps
ComplyOne helps fintechs build SAR investigation workflows, train compliance teams on the full SAR process, and establish the documentation practices that protect you in a FinCEN examination — through advisory services, compliance technology, or both.
Talk to the ComplyOne team to get started.
The information in this article is for general educational purposes and does not constitute legal or regulatory advice. Consult a qualified compliance professional for guidance specific to your situation.