Clarifying Expectations: How October’s SAR FAQs Shift AML Priorities

Summary: On October 9, 2025, FinCEN and federal regulators released new FAQs clarifying Suspicious Activity Reporting (SAR) requirements. These updates help financial institutions focus on risk-based compliance, reducing unnecessary reporting and streamlining AML efforts for greater impact.

Background

The anti-money laundering (AML) landscape in the United States is shaped by the Bank Secrecy Act (BSA) and its implementing regulations, which require financial institutions to monitor, detect, and report suspicious activity. Suspicious Activity Reports (SARs) are a cornerstone of this regime, enabling law enforcement to identify and investigate potential money laundering, terrorist financing, and other financial crimes.

However, the practical realities of SAR compliance have often led to confusion and operational burdens. Financial institutions and technology firms, particularly those in Fintech, have struggled to interpret ambiguous regulatory expectations — sometimes erring on the side of over-reporting to avoid scrutiny. This has resulted in significant resource allocation to SAR-related activities, often at the expense of more targeted risk management.

Recognizing these challenges, the Financial Crimes Enforcement Network (FinCEN), along with the Federal Reserve, FDIC, NCUA, and OCC, issued FAQs in October 2025 to clarify SAR filing requirements. These FAQs do not change existing laws or regulations but provide additional guidance to help institutions prioritize activities that deliver the greatest value to law enforcement and regulatory agencies.

The FAQs emphasize that these are not new regulations, but clarifications to current guidance. This distinction is important for compliance teams, as it allows for greater flexibility and a more risk-based approach to AML efforts.

Structuring Related Activity

Structuring is one of the most cited offenses in U.S. money laundering enforcement actions. Structuring is defined as a person, acting alone or on behalf of another person, conducting or attempting to conduct one or more transactions in currency, at any amount, at one or more financial institutions, on one or more days, and in any manner for the purposes of avoiding reporting requirements.

In short, it refers to the deliberate breaking up of transactions to evade reporting requirements, particularly the Currency Transaction Report (CTR) threshold of $10,000. The new FAQs clarify that transactions at or near the $10,000 CTR threshold alone do not require a SAR. Instead, a SAR is only necessary if there is reason to suspect the activity is designed to evade CTR requirements.

Below are several common scenarios that may indicate potentially suspicious activity and warrant the filing of a SAR:

• Scenario 1: A bank customer depositing amounts slightly under the $10K CTR threshold (e.g., $9,800 or $9,900) in cash several times a week across multiple branches.
• Scenario 2: An individual making two or more separate deposits into two or more different accounts on the same day that all add up to over $10,000 (e.g., $5,000 in first account, $4,000 in second account, $3,000 in third account, and all on the same day).
• Scenario 3: Several individuals each depositing amounts slightly under the $10K CTR threshold (e.g., $9,000 or $9,500) into the same business account on the same day or within a few days.  
• Scenario 4: An individual repeatedly withdraws amounts slighting under the $10K CTR threshold in cash instead of taking a larger sum at once. Structuring and CTR requirements also apply to withdrawals.

This clarification places the emphasis on intent and pattern recognition rather than pure transaction value. However, without knowledge, suspicion, or reason to suspect evasion, a financial institution is not required to file a SAR.

AML programs should be designed to detect and report structuring, but the FAQs encourage institutions to focus on meaningful risks, not mechanical triggers. This approach helps compliance teams allocate resources more effectively and avoid unnecessary reporting.

Continuing Activity Reviews

Historically, there has been a perceived expectation that financial institutions must conduct a separate review of a customer account 90 days after filing a SAR. This practice has contributed to compliance fatigue and diverted resources from higher-priority activities. The October 2025 FAQs clarify that financial institutions are not required to conduct a review of a customer account following the filing of a SAR. The perceived expectation for a 90-day review is clarified as non-mandatory.

Instead, institutions should continue to use risk-based policies and procedures to monitor and report suspicious activity as appropriate. By focusing on risk-based monitoring, institutions can better serve their clients and regulatory obligations, while also helping law enforcement prioritize investigations that yield the greatest impact.

Continuing Activity Review – Timeline

Previous FinCEN guidance suggested that financial institutions monitor customers for 90 days after a SAR filing, with the filing deadline for continuing activity reports set at 120 calendar days after the date of the previously related SAR filing. The new FAQ states that financial institutions are not required to maintain this 120-day timeline. However, financial institutions may continue to file Continuing Activity Reports when appropriate for the activity under review. 

Instead, institutions can file SARs as appropriate with the regular SAR timeline of 30 days after a transaction has been deemed suspicious. This change allows institutions to respond more flexibly to ongoing suspicious activity, filing new SARs as needed rather than adhering to a rigid schedule.

This shift also reflects a broader move toward risk-based compliance, enabling institutions to allocate resources more effectively and reduce unnecessary reporting burdens.

SAR Documentation

Another area of confusion has been the documentation of decisions not to file a SAR. The FAQs clarify that there is no requirement or expectation under the BSA for a financial institution to document its decision not to file a SAR. While concise documentation is encouraged for complex investigations, it is not obligatory.

For institutions that choose to document their decision, a short, concise statement should suffice. However, for more complex investigations, more detailed documentation may be warranted to explain the factors contributing to the ultimate decision.

This clarification helps reduce unnecessary paperwork and allows compliance teams to focus on substantive risk management rather than process for process’s sake.

Final Thoughts

The October 2025 SAR FAQs represent a significant step toward a more risk-based, intelligence-driven approach to AML compliance. By clarifying expectations around structuring, continuing activity reviews, timelines, and documentation, regulators are helping organizations allocate resources more effectively and reduce unnecessary reporting burdens.

For financial institutions and Fintech firms, these clarifications offer an opportunity to revisit outdated monitoring logic, streamline compliance processes, and focus on activities that deliver the greatest value to law enforcement and regulatory agencies.

When you are looking for guidance to help assess your BSA/AML program, experience matters. Aprio’s Forensic Services team members have the knowledge, skill, experience, training, and education to support financial institutions and Fintech companies in developing a strong AML program and its corresponding procedures, including SAR filing procedures and narrative report writing. We help firms provide efficient reporting to regulatory agencies and law enforcement. Don’t hesitate to schedule a consultation with our team.