FinCEN and banking agencies release updated SAR guidance
FinCEN and the federal banking agencies released new FAQs intended to streamline suspicious activity reporting obligations for financial institutions. Together with other recent actions, the administration has signaled a broader intention to rework the U.S. anti-money laundering regime.
In response to longtime industry requests, the Financial Crimes Enforcement Network (FinCEN) and federal banking regulators released new guidance intended to reduce suspicious activity report (SAR) filing burdens for financial institutions. On October 9, 2025, FinCEN, together with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, and the Office of the Comptroller of the Currency released responses to four Frequently Asked Questions (FAQs) that address regulatory expectations relating to continuing activity reviews, structuring SARs, and documentation requirements for SAR decision-making.[1] Under Secretary for Terrorism and Financial Intelligence John K. Hurley previewed these changes in a speech last month that outlined the Administration’s agenda for Bank Secrecy Act (BSA) reforms.[2]
The FAQs reflect the Administration’s broader efforts to reform the U.S. anti-money laundering and countering the financing of terrorism (AML/CFT) regime and reduce private sector compliance burdens. For example, FinCEN issued a request for information in September that sought information on the compliance costs incurred by non-bank financial institutions,[3] and Treasury has recently delayed the effective date of major rulemakings (as discussed in our recent client update). Under Secretary Hurley underscored this in the press release accompanying the FAQs, which reiterated FinCEN’s goal to ensure “financial institutions are not needlessly expending resources on efforts that do not provide law enforcement and national security agencies” with useful information.[4] In a recent statement, Secretary of the Treasury Scott Bessent also articulated Treasury’s intention to depart from “the past” approach to BSA/AML regulation “with its zero-tolerance focus on process and documentation and wide latitude for supervisory expectations and judgments that are not always consistent with the law or our national security priorities.”[5]
Ultimately, whether the FAQs reduce compliance burdens will depend on how examiners choose to apply them in practice. Importantly, the FAQs state that they “do not alter existing BSA legal or regulatory requirements or establish new supervisory expectations.” The new FAQs will also necessitate updates to supervisory manuals and materials, including the Federal Financial Institutions Examination Council’s (FFIEC) BSA/AML Examination Manual (which currently includes conflicting information).
We provide below a summary of the FAQs and their implications.
FAQ 1: SARs for Structuring Activity
The FAQs reiterate the legal standard for SARs relating to structuring – i.e., transactions structured to evade reporting requirements under the BSA, including the $10,000 Currency Transaction Report (CTR) threshold.[6] Under the BSA, a bank is required to file a SAR for transactions conducted by, at, or through the institution aggregating $5,000 or more if (among other things) the institution “knows, suspects, or has reason to suspect” that the transaction is designed to evade BSA reporting requirements, including CTRs.[7]
FAQ 1 notes that the “mere presence of a transaction or series of transactions by or on behalf of the same person at or near the $10,000 CTR threshold is not information sufficient to require the filing of a SAR.” Rather, SAR filing requirements only apply if the institution “knows, suspects, or has reason to suspect” that the transactions or series of transactions “are designed to evade CTR reporting requirements.”
The FAQ does not establish new standards or expectations (and merely recites the legal standard for filing a SAR). However, it reflects Treasury’s stated ambition to re-focus SAR filings on high-value information for law enforcement, rather than “overwhelming the system with noise.”[8] Under Secretary Hurley indicated the rationale for the FAQ last month, stating that “banks spending significant amounts of time and money flooding the system with structuring data on businesses they know are legitimate is a foolish waste of time.”[9]
FAQ 2: Continuing Activity Reviews
The FAQs attempt to reset regulatory expectations for continuing activity reviews of customer activity after SARs have been filed. Specifically, FAQ 2 notes that a “financial institution is not required to conduct a separate review—manual or otherwise—of a customer or account following the filing of a SAR to determine whether suspicious activity has continued.”
In prior guidance, FinCEN suggested that institutions file a SAR for ongoing suspicious activity at least every 90 days; this was originally intended to reduce the burden of repeated SAR filings on the same customers and accounts for ongoing suspicious activity.[10] As the FAQs note, however, this guidance transformed over time into an expectation among examiners that financial institutions re-review customers and accounts after filing a SAR to determine if suspicious activity has continued. The FFIEC BSA/AML Manual, for example, notes that “banks should report continuing suspicious activity by filing a report at least every 90 calendar days” and “should continue to review the suspicious activity to determine whether other actions may be appropriate.”[11]
Many financial institutions have observed that continuing activity reviews consume significant time and resources and are not always warranted by the underlying facts and risk considerations. Under Secretary Hurley acknowledged this industry feedback last month, noting that a manual review of customer accounts post-SAR filings is “time consuming, onerous, and does not lead to valuable reporting.”[12] To that end, FAQ 2 states that financial institutions are not presumptively required to “review a customer or account following the filing of a SAR to determine whether suspicious activity has continued.” Instead, financial institutions “may rely on risk-based internal policies, procedures, and controls to monitor and report suspicious activity as appropriate.”
Importantly, the FAQ does not eliminate the requirement that financial institutions conduct ongoing, risk-based review of customer accounts and activity. Financial institutions will still be expected to monitor and review accounts and activity on a risk basis and monitor for suspicious activity. The FAQs suggest, however, that separate, post-SAR reviews will not be a default expectation. It remains to be seen how examiners will apply this guidance in practice. In any case, the FFIEC BSA/AML Manual (and other guidance materials) will need to be revised to reflect the updated guidance.
FAQ 3: Timeline for continuing activity SARs
Previous FinCEN guidance advised financial institutions to file continuing activity SARs after a 90-day period, with the filing deadline being 120 calendar days after the date of the previously related SAR filing.[13] The FAQs clarify that financial institutions are not required to file continuing review SARs every 90 days after an initial SAR has been filed. Per FAQ 3, financial institutions “may instead file SARs as appropriate in line with applicable timelines.” However, the FAQs provide an additional 30 days for financial institutions that choose to file a continuing activity SAR. In particular, FAQ 3 extends the continuing activity SAR timeline to 150 days after detection, with an extra 30 days added following the standard 90-day review period.
While FAQ 3 states that financial institutions are not required to file continuing activity SARs every 90 days, it does not provide a clear alternative standard. FAQ 3 notes that financial institutions “may instead file SARs as appropriate in line with applicable timelines,”[14] however, the FAQs do not specify if and when ongoing suspicious activity may provide a basis for filing a new SAR. Presumably, financial institutions would be expected to follow reasonable, risk-based practices in this regard, although examiners and financial institutions may reach differing positions as to whether reporting of ongoing suspicious activity was warranted in a given case. Likewise, as above, existing supervisory materials (including the FFIEC BSA/AML Examination Manual) will need to be updated to reflect the new guidance.
FAQ 4: Documentation of “no SAR” decisions
FAQ 4 clarifies regulatory expectations around the documentation of decisions not to file a SAR. FinCEN has previously encouraged financial institutions to document and maintain records of SAR decision-making, including decisions not to file.[15] The FFIEC BSA/AML Examination Manual also states that banks “should document SAR decisions, including the specific reason for filing or not filing a SAR.”[16] This has been enshrined as a best practice and regulatory expectation, such that many financial institutions expend significant time and resources documenting no-file decisions. Under Secretary Hurley recently questioned the value of this practice, stating that “[e]very hour spent documenting a non-SAR is an hour not spent protecting Americans, and that trade-off is unacceptable.”[17]
FAQ 4 clarifies that there “is no requirement under the BSA or its implementing regulations for a financial institution to document its decision not to file a SAR.” However, if a financial institution chooses to document no-file decisions, the level of documentation can be guided by “the specifics of the activity being reviewed and need not exceed that which is necessary” under the institution’s internal, risk-based policies. The FAQ notes that “in most cases, a short, concise statement documenting a financial institution’s SAR decision will likely suffice,” although further documentation may be warranted in more complex cases.
As above, financial institutions should continue to take a risk-based approach to documenting SAR decision-making and maintain records as appropriate based on the underlying facts. Even in the absence of an explicit regulatory requirement, documentation of SAR decision-making may be needed for quality assurance and quality control purposes or to explain the rationale for a decision if the need arises (e.g., to a regulator).
Looking Forward
The FAQs may provide greater flexibility to financial institutions regarding SAR policies and practices, although their net effect will depend on their application by examiners. As a general matter, though, they offer a clear indication (if more were needed) that the Administration is acting on its BSA/AML reform agenda. The implications of this agenda will stretch well beyond SAR filing. On October 9, for example, Treasury Secretary Bessent signaled a broader reworking of the BSA/AML supervision and enforcement framework (and reallocation of responsibilities) that “will position FinCEN as a gatekeeper for AML/CFT enforcement.”[18] We expect further developments over the coming months.
[1] FinCEN, Frequently Asked Questions Regarding Suspicious Activity Reporting Requirements (October 9, 2025), https://www.fincen.gov/system/files/2025-10/SAR-FAQs-October-2025.pdf.
[2] U. S. Department of the Treasury, Remarks by Under Secretary for Terrorism and Financial Intelligence John K. Hurley at the Association of Certified Anti-Money Laundering Specialists Assembly Conference (September 17, 2025), https://home.treasury.gov/news/press-releases/sb0251 (John Hurley ACAMS Remarks).
[3] FinCEN, Agency Information Collection Activities: Proposed New Information Collection; Survey of the Costs of AML/CFT Compliance; Comment Request, 90 Fed Reg. 47132 (September 30, 2025), https://www.federalregister.gov/documents/2025/09/30/2025-18918/agency-information-collection-activities-proposed-new-information-collection-survey-of-the-costs-of.
[4] FinCEN, Press Release, FinCEN Issues Frequently Asked Questions to Clarify Suspicious Activity Reporting Requirements (October 9, 2025), https://www.fincen.gov/news/news-releases/fincen-issues-frequently-asked-questions-clarify-suspicious-activity-reporting (FinCEN Press Release).
[5] U.S. Department of the Treasury, Remarks by Secretary of the Treasury Scott Bessent Before the Fed Community Bank Conference (October 9, 2025), https://home.treasury.gov/news/press-releases/sb0276.
[6] Structuring transactions occurs when a person, acting alone or in conjunction with, or on behalf of, other persons, conducts or attempts to conduct one or more transactions in currency, in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading the CTR requirements. 31 C.F.R. § 1010.100(xx)
[7] See, e.g., 31 C.F.R. 1020.320(a)(2)(ii); 31 C.F.R. §§ 1010.310-315.
[8] FinCEN Press Release.
[9] John Hurley ACAMS Remarks.
[10] FinCEN, The SAR Activity Review: Trends, Tips & Issues, Volume 1, at p. 27 (Oct. 2000).
[11] FFIEC, BS/AML Examination Manual, Suspicious Activity Reporting—Overview, available at: https://bsaaml.ffiec.gov/manual/AssessingComplianceWithBSARegulatoryRequirements/04.
[12] John Hurley ACAMS Remarks.
[13] FinCEN, The SAR Activity Review: Trends, Tips & Issues, Issue 21, at p. 53 (May 2012).
[14] For example, SARs must be filed no later than 30 calendar days after the date of the institution’s initial detection of facts that may constitute a basis for filing a SAR where a suspect is identified, and an additional 30 days is permitted where a suspect has not been identified. See, e.g., 31 C.F.R. § 1020.320(b)(3).
[15] FinCEN, The SAR Activity Review: Trends, Tips & Issues, Issue 10, at p. 35 (May 2006).
[16] FFIEC, BS/AML Examination Manual, Suspicious Activity Reporting—Overview.
[17] John Hurley ACAMS Remarks.
[18] U.S. Department of the Treasury, Remarks by Secretary of the Treasury Scott Bessent Before the Fed Community Bank Conference.