July 2019 OBA Legal Briefs

  • How to Write Suspicious Activity Reports (SARs)
  • EGRRCPA Status Update (Part 1)

How to Write Suspicious Activity Reports (SARs)

By Roy L. Adams

Introduction. Hello, readers! I am a second-year law student at Oklahoma City University School of Law, and a legal intern working for your OBA’s Legal and Compliance Team. Just based on that sparse information, you are probably asking, “Why should I trust what you have to say?” Let me give you some of my background to alleviate trust issues.

Before embarking on the daunting but worthwhile experience of law school, I worked for Cabela’s Club Visa as an Anti-Money Laundering and Bank Secrecy Act Analyst.  As impressive as that title sounds, I really need to tell you how I got that position in the first place.

It all began when I worked as a linguist with the Marines in Iraq. I learned how terrorists move money, where they get their money, and what types of systems they used to send money domestically and overseas. This experience provided me practical knowledge of how money can be moved around undetected. That knowledge allowed me to land a job where I could put what I learned to good use benefitting my employer.

In 2001, Cabela’s chartered a national bank to provide support for their co-branded Visa credit card. At Cabela’s, there were only three employees and our manager, and we ran the anti-money laundering parameters for the bank, which had assets over four billion dollars. Through brain and bronze, the four of us were able to handle this difficult job. Even after I obtained my master’s degree, I stayed with Cabela’s bank for several years. When Capital One purchased Cabela’s bank, I transitioned to Capital One and a new title: Anti-Money Laundering Investigator. Capital One flew our team to its headquarters to meet with their investigators and exchange information on how we perfected ways to monitor accounts and to write SAR narratives.

Having established my credentials, you can read this article assured the information about SAR writing did not just come out of some mystical void.


Let’s start with some basics. Businesses monitor unusual activities based on the services they offer, and as a result, a SAR will vary depending on the company. What I am about to share with you are general guidelines on what should be included in your SAR narrative. SARs are challenging to write because federal regulators tell us neither what they are looking for nor what we should be monitoring to satisfy the federal requirements. Despite this, institutions should use their best efforts to monitor for unusual activities.

What to include

In writing a SAR, the drafter should tell a story. Dry and choppy paragraphs make the reader lose interest in the content and merely skim it rather than digesting the value of the SAR’s information. In order to tell an effective story that a reader would benefit from, you need to answer the 6Ws: Who, What, When, Where, Why, and How.

The Who. It is a simple question to answer. The “Who” references the account holder, entity, known or unknown fraudsters, etc., that triggered the SAR. It is here that you will tell the federal investigators the actual name of the person or business you are filing a SAR on. For example, a customer made an excessive number of cash advances. The SAR should refer to the customer by name. Once you identified the customer’s name then you can refer to him/her as the subject if he/she was the subject of the investigation. Why should you do this? It is because you save federal investigators time wasted to scroll through the SAR form to find out the actual name of the person.

The What. The answer to this question is: What was the unusual activity that occurred? Let’s say they have been withdrawing cash or suddenly start depositing a lot of cash. Another example would be a customer engaging in transactions in areas known for illegal activities.

The Where. Where did the unusual activity take place? You should state in the SAR: “In the city of Oklahoma City, Oklahoma, John Smith, (“the subject”), made 30 ATM transactions totaling $15,000 between 01/01/2019 and 04/01/2019, behavior consistent with cash structuring.” The point of being so specific is to supply every detail the federal investigators need to know in a concise manner. They should have no additional questions regarding where the transactions took place, the number of transactions, the dollar amount involved, the type of unusual behavior, and the review time period. This helps the federal investigators aggregate the information with SARs submitted by other institutions. This is a nice sweet sentence that tells a story without confusing the reader.

The Why. Why are you filing a SAR on this account or on this business? Why was the activity unusual? Or why did it trigger an alert on the system? It is here you would mention, for instance, the type of account such as: “Cash advances are made from the subject’s saving account.” This is inconsistent behavior for an account of this type. Another example could be “The subject makes a purchase for more than $5,000 at a fast food restaurant or a nail salon.” This behavior of spending pattern is inconsistent for this type of merchant and the subject, but this activity is consistent with human trafficking.

The How. How did the activity occur? For example, “The subject has a personal account and has a total of eight or ten authorized users on it at any one time, with only $1,000 spent during the lifetime of the account. At 4 to 6-week intervals, the subject calls in and removes five authorized users and replaces them with new authorized users.” The spending pattern on the account does not support a commercial account, all the authorized users are unrelated to each other and do not share a common address or anything else. This pattern of activity is consistent with synthetic identification creation. The How should explain to the reader the method the subject used that made his/her activity unusual.

Organization of SAR narrative

Now that you have an idea about what you should include in your SAR, I will address how you should organize the SAR. Drawing from experience, federal auditors/investigators go straight to the narrative. The first thing they read is the introductory paragraph. This paragraph should tell federal investigators why they should keep reading. Therefore, the first paragraph should include the subject’s name, type of unusual activity, type of account, total amount in question, date range, and why the behavior is unusual.

The next paragraph is where you describe the steps you took to investigate/analyze the account. It is here that you would mention what occurred, where it occurred, and any KYC, CDD, or EDD performed on the account, and the findings prior to the filing. Also, if you are filing a continuing SAR on the same person or business, then you should include in your SAR narrative the prior SAR ID and a brief summary of what the prior SAR concerned. This lets federal investigators know right away that the person has multiple SARs filed on them.

The final paragraph of the narrative is the conclusion. In this paragraph the bank should mention any number of items including: the account balance, credit limit at the opening date and whether that has increased or decreased since that time, date the account was opened, and its current status, i.e., whether it is open or has been closed. If the account has been terminated, add the closure date. You will also include how the application was submitted—in person, by mail, by phone, or internet. If it was done online, then include the IP address if available. If the application was submitted in person, by mail, or over the phone, then include the city and state where the application was received. If applicable, state the amount of the institution’s loss. I realize that all this information can be found in various fields on the SAR form but placing it in the conclusion makes it accessible to federal investigators without having to scroll up and down between pages. Think about how much “joy” you get from scrolling up and down in Reg Z to interrelate the information, and you will understand why I recommend consolidating it in one location.

General good practices

Writing the SAR should not be complicated. Just remember you are telling a story. Do it the same way as you would tell a story to your friend, your child, or a stranger at a bar. The story must be logical for it to make sense to the other person. If your story is choppy or does not make sense, then the person is going to walk away. Similarly, if your SAR does not make sense, the federal investigators are going to walk away from it and move on to the next narrative.

When I was writing a SAR, I would literally highlight each sentence and read it. It helped me understand what I wrote frame by frame rather than looking at the entire narrative. If necessary, the bank may have a “dedicated review team” to read over the narrative to make sure it flows smoothly and to eliminate grammatical and mathematical errors.

If you do not have an expensive software program to run the math, then develop an Excel spread sheet. There are a lot of helpful videos on YouTube to teach you how to write formulas in Excel. Never do math manually. It will suck up all your time and make your eyes cross. I did that originally, and it was not efficient.

This is where the employer can play a role. There is an Excel certification program through Microsoft. Employers can incentivize their employees to enroll in it. I think this is a practical certification for employees to obtain, especially when the institution does not have the funds to purchase software to run the SAR calculations.

Do not criminalize account holders for using services your institution offers. What do I mean by that statement? For example, your bank offers overseas wire transfers, and people use this service. As a result, people who trigger the system for overseas wire transfers get slammed with a SAR because the activity is inherently unusual. A service offered should not result in a penalty unless this is out of the ordinary course of activity/business for the subject. Not every person who conducts an overseas wire transfer is worthy of a SAR. Some institutions would say “Let’s just file a SAR on that person or that entity; what is the worst thing that could happen?” This is a lazy way of conducting business because you are increasing your institution’s workload as well as that of the federal investigators. As bank officials, we should not be taking the easy way out when we cannot reach a decision on whether a SAR should be filed. Do more research and analysis on the account until you reach a decision.

Some institutions do not set a SAR filing limit. This means an institution files numerous SARs on the same person or entity for the same activity. This results in unnecessary work for the bank. It would be a good idea to institute policy and procedure regarding a set number of SARs and establish a cut off number. For example, the subject keeps alerting the system for structuring for more than a year and requiring multiple continuation SARs. If the bank’s policy sets the maximum number of SARs for the same person or activity at some reasonable number, and when that number is reached, the account will be considered for closure due to noncompliance with terms and conditions of an account, SAR workload can be decreased. It is imperative that you document the steps and the reasons why the bank decided to close the account.

When writing numbers in the SAR narrative such as dates, it is important to use the full date. Follow the standard practice of using MM/DD/YYYY. Why should you do it this way? The reason is: Federal investigators aggregate the dates, and it is easier for the system to recognize and pick up those dates in this format.

Things not to say

In the narrative, do not refer to a cardholder or accountholder as the “suspect.” I read many SARs that refer to the cardholder as the suspect; this is simply incorrect.  In order to designate a suspect, you must do a lot of investigation. I do not mean just digital investigation, but actual physical investigation, which we are simply not equipped to do. We are not law enforcement personnel, and only law enforcement can designate who is a suspect. Refer to the cardholder as a subject. If the cardholder is not the subject of the investigation, then just refer to them as cardholder or accountholder. You would state in the SAR “John Smith, (‘the subject’), is a credit cardholder.” Thereafter, you can refer to John simply as the subject.

Another thing to avoid is the use of your bank’s internal terminologies. For instance, your bank has a money market deposit account denominated as a “Super Saver Account” or refers to certain real estate loans held in portfolio as “IB mortgages.” Do not incorporate your company’s internal terminology into the SAR narrative. This is important. While these terms make sense to you, the reader who is unfamiliar with your company’s internal lingo is left scratching his/her head. Keep the SAR in plain English using terms that everyone understands. For example, do not say “John Smith triggered the golden standard.” This terminology will make sense to you, but to an outsider, it means nothing. If the golden standard is the cash advance report, then just say, “John Smith triggered the cash advance report.”

Finally, refrain from using the term “suspicious activity.” This phrase implies that the cardholder is doing something illegal. It’s better to say, “unusual activity.” If a cardholder triggers the system once or twice, does that make his/her activity “suspicious?” The answer is no. It means that the cardholder conducted a transaction that was unusual when compared to his/her spending pattern. “Suspicious” is a strong word that we should not use lightly. We are not law enforcement agents who are qualified to deem activity “suspicious”; instead, our job is to aid and assist law enforcement in doing theirs.


If you follow the approach that I highlighted in answering the Who, What, When, Where, Why, and How questions, the SAR narrative will look noticeably different. Remember you are telling a story to a stranger who has no information other than what you are providing them. Tell a story that any layperson can follow and understand; keep it simple. If you would like to brainstorm ideas with me about how to create a SAR template for your institution, I would be happy to help. Just reach out to the OBA Legal and Compliance Team and get connected.

EGRRCPA Status Update (Part 1)

By Andy Zavoina

On May 24, 2018, the president signed the Economic Growth, Regulatory Relief, and Consumer Protection Act (EGRRCPA), also sometimes referred to as S.2155. EGRRCPA is intended to relieve pressure on community banks, appropriately assigning risk where there is more chance of loss. Larger banks have more cost efficiencies and can also absorb more loss without any disruption to their bottom lines. For example, the CFPB estimated in its HMDA rulemaking that the additional costs on banks with minimal complexity (those providing relatively few mortgages) would be roughly $23 per application for closed-end mortgages. It would be just $.10 to $.20 cents for banks producing greater volumes of loans. Estimates of EGRRCPA‘s effects were that 85% of banks would have received a HMDA exemption, but the vast majority of mortgage loans would still be reported. The result is that the fair lending uses for HMDA data will be preserved because the high-volume reporters are the main sources of those data.

This update will serve as a reference for those sections that have been implemented or are well on the way. There is a good deal of progress.

EGRRCPA is broken into six titles, each dedicated to a separate topic:

  1. mortgage credit,
  2. regulatory relief for community banks and increased access to credit for customers,
  3. the credit reporting industry and access to credit especially by servicemembers, veterans, students
  4. holding companies,
  5. capital, and
  6. student borrowers.

Here are the updates so that you can ensure compliance, lending, finance and operations are all working from the same recipe.

Section 103Synopsis – In response to a lack of qualified appraisers, this section amends FIRREA to exempt general requirements for independent home appraisals in rural areas where the bank has contacted three state-licensed or state-certified appraisers who could not complete an appraisal in a reasonable amount of time. Loans less than $400,000 would not require an appraisal, but if there is no appraisal the ability to sell a loan would be restricted.

Effective Date: Not stated, .but regulatory changes are needed for implementation

Update: A notice of Proposed Rulemaking was published in the Federal Register on December 7, 2018, raising the threshold for residential real estate transactions requiring an appraisal to $400,000 from the current $250,000 threshold. This proposal requires that residential real estate transactions exempted by the threshold include an evaluation consistent with safe and sound banking practices. Evaluations provide an estimate of the market value of real estate, but appraisal regulations do not require evaluations to be prepared by state licensed or certified appraisers.

The proposal would also require institutions to review appraisals for compliance with the USPAP, as mandated by the Dodd-Frank Act.

Certain High-Priced Mortgage Loans would still require appraisals and not be exempted by this rule and not eligible for the appraisal exception. Other exceptions also apply:

  1. The property must be located in a rural area;
  2. The financial institution must retain the loan in portfolio, subject to exceptions; and
  3. Not later than three days after the Closing Disclosure is given to the consumer, the financial institution or its agent must have contacted not fewer than three state certified or state licensed appraisers, as applicable, and documented that no such appraiser was available within five business days beyond customary and reasonable fee and timeliness standards for comparable appraisal assignments.


Section 104: Synopsis – HMDA was amended so that banks that originated fewer than 500 closed-end mortgages and fewer than 500 open-end mortgages in each of the last two years and have a Satisfactory or better CRA rating will essentially enjoy a roll back of some rules to pre-2018. This allows the banks reporting fewer loans to avoid in-depth reporting requirements.

Update: On October 10, 2018, the FDIC published FIL-58-2018 addressing the Interpretive and Procedural Rule on Partial Exemptions from HMDA Requirements from the CFPB. This applies to banks with total assets less than $1 billion.

The Bureau’s rule provides clarifications related to the following matters:

  • Data Points Covered by the Partial Exemptions: The rule identifies 26 data points covered by the partial exemptions and 22 other data points that all HMDA reporters must collect, record, and report.
  • Loans Counted Toward the Partial Exemptions’ Thresholds. The Bureau interprets the terms “closed-end mortgage loan” and “open-end line of credit” in the Economic Growth Act to include only those closed-end mortgage loans and open-end lines of credit that otherwise are reportable under Regulation C.
  • Exception Based on Community Reinvestment Act Examination Reports. The Bureau interprets the Act to provide that the determination of which CRA examinations are the two most recent is made as of December 31 of the preceding calendar year.
  • Non-Universal Loan Identifier. If an IDI eligible for a partial exemption chooses not to report a universal loan identifier, the IDI must report a non-Universal Loan Identifier unique within the IDI.
  • Permissible Optional Reporting of Exempt Data Points. An eligible IDI may voluntarily report data points that are covered by the Act’s partial exemptions. However, if the IDI reports any data field for such a data point, it must report all data fields associated with that data point. For example, if an IDI voluntarily reports street address for a transaction, it must also report zip code, city, and state for that transaction.

On May 2, 2019, the Bureau proposed HMDA threshold and other changes in a Notice of Proposed Rulemaking (NRPM) and an Advanced Notice of Proposed Rulemaking (ANPR).

For closed-end mortgage loans, the NPRM proposes two alternatives that would permanently increase the coverage threshold from 25 to either 50 or 100 closed-end mortgage loans. For open-end lines of credit, it would extend for another two years the current temporary coverage threshold of 500 open-end lines of credit. Once that temporary extension expires, the NPRM would set the open-end threshold permanently at 200 open-end lines of credit.

The ANPR solicits comments about the costs and benefits of collecting and reporting the data points the 2015 HMDA Rule added to Regulation C and certain preexisting data points that the 2015 HMDA Rule revised. The ANPR also seeks comments about the costs and benefits of requiring that institutions report certain commercial-purpose loans made to a non-natural person and secured by a multifamily dwelling.

The NPRM is available at: https://files.consumerfinance.gov/f/documents/cfpb_nprm-hmda-regulation-c.pdf

The ANPR is available at: https://files.consumerfinance.gov/f/documents/cfpb_anpr_home-mortgage-disclosure-regulation-c-data-points-and-coverage.pdf

The comment periods on both the NPRM and ANPR have been extended to October 15, 2019.

Section 203: Synopsis – The Bank Holding Company Act was amended to exempt certain banks from the “Volcker Rule” when they have less than $10 billion in assets, and trading assets and liabilities comprising not more than 5% of total assets (the Volcker Rule prohibits banking agencies from engaging in proprietary trading or entering into certain relationships with hedge funds and private-equity funds); and

Section 204: Synopsis –  Volcker Rule restrictions on entity name sharing are eased in specified circumstances.

Effective Dates 203 & 204: Effective upon enactment but requires regulatory amendments.

Update: December 18, 2018 – The FDIC, FRB, OCC, SEC, and the U.S. Commodity Futures Trading Commission issued a notice of proposed rulemaking to amend regulations implementing the Volcker Rule consistent with the statutory amendments made by Sections 203 and 204. These statutory amendments modified the Volcker Rule to exclude certain community banks from the Volcker Rule and to permit banking entities subject to the Volcker Rule to share a name with a hedge fund or private equity fund that it organizes and offers under certain circumstances. The FDIC issued FIL-86-2018 regarding the proposal.

The changed made by EGRCCPA provide that the Volcker Rule does not apply to an institution that does not have (A) more than $10 billion in assets and (B) trading assets of more than 5%. This is a two-pronged test. Yahoo Finance provided an analysis of the statute and the proposal and argues that failing either criterion A or B would appear to be enough to qualify for the exemption, because (A and B) is not true if either A or B is false. However, under the regulation, both A and B must be false in order to qualify for the exemption. This could provide grounds for an institution that has more than $10 billion in assets, but trading assets of less than 5% of their assets, to challenge the statutory authority for applying the Volcker Rule to them. That did not appear to be the intent of the law and a court may have to decide that if a case was presented to it.

Based on September 30, 2018, call report data, this change to the Volcker Rule would exempt approximately 97.5% of the 5,486 U.S. depository institutions. Only 0.15% of depository institutions had trading assets equal to at least 5% of their total assets.

Section 201: Synopsis – The banking agencies must develop Community Bank Leverage Ratios (the ratio of a bank’s equity capital to its consolidated assets) and set a threshold of between 8 and 10% for well capitalized banks with assets of less than $10 billion. (This is currently 5%.)  Banks that exceed this ratio shall be deemed to be in compliance with all other capital and leverage requirements. The agencies may consider a company’s risk profile when evaluating whether it qualifies as a community bank for purposes of the ratio requirement.

Effective Date: The effective date is not stated, but regulatory changes are needed.

Update:  A Notice of Proposed Rulemaking was issued by the OCC, FRB and the FDIC, on November 28, 2018, and published February 8, 2019. This request for comment would simplify regulatory capital requirements for qualifying community banking organizations. The comment period ended in April 2019.

Community banks would be eligible to elect the community bank leverage ratio framework if it has less than $10 billion in total consolidated assets, limited amounts of certain assets and off-balance sheet exposures, and a community bank leverage ratio greater than 9 percent. A qualifying community banking organization that has chosen the proposed framework would not be required to calculate the existing risk-based and leverage capital requirements. Such a community banking organization would be considered to have met the capital ratio requirements to be well capitalized for the agencies’ prompt corrective action rules provided it has a community bank leverage ratio greater than 9 percent.

Section 202: Synopsis – The Federal Deposit Insurance Act will be amended to exclude reciprocal deposits of an insured depository institution from certain limitations on prohibited broker deposits if the total reciprocal deposits of the institution do not exceed the lesser of $5 billion or 20% of its total liabilities. The bank must have a composite condition of outstanding or good and be well capitalized. These deposits are also subject to limitations on interest rates paid. This will allow smaller banks previously hampered by FDIC premiums to compete with larger banks for larger deposit accounts.

Effective Date: Upon enactment, but regulatory changes are required.

Update: The FDIC published a proposed rule on September 12, 2018. As proposed, a well-capitalized and well-rated bank would not be required to treat reciprocal deposits as brokered deposits up to the lesser of 20 percent of its total liabilities or $5 billion. A bank that is not both well-capitalized and well-rated may also be able to exclude reciprocal deposits as brokered deposits under certain circumstances.

On December 18, 2018, the FDIC authorized publication of (1) the final rule on the treatment of reciprocal deposits, and (2) the advance notice of proposed rulemaking inviting comment on all aspects of the FDIC’s brokered deposit and interest rate regulations. https://www.fdic.gov/news/news/financial/2018/fil18087.html

On March 8, 2019, the FDIC made technical amendments to the preamble of a final rule published in the Federal Register on February 4, 2019. The final rule relates to a limited exception for a capped amount of reciprocal deposits from treatment as brokered deposits. As published, several industry participants raised concerns about the meaning of a sentence in the preamble of the final rule. To avoid potential confusion, the FDIC amended the language effective when these clarifications were published.

The FDIC recognizes that the statute only limits the amount of reciprocal deposits an institution may ‘‘receive’’ in order to be considered an agent institution.

Watch for Part 2 next month.

We’ll wrap up our EGRRCPA status update in our August 2019 Legal Briefs.