In January of 2018, FinCEN provided an announcement that a new version of the Suspicious Activity Report (SAR) will be modified and available for use in June of 2018. It is our understanding that, on Friday, July 28, 2018 FinCen finally released the new SAR Form (2018).
This revision marks the first update to the SAR form since releasing the electronic-only version (v1.1) of the form a few years back. These SAR changes appear to be substantially similar to the 2017 revisions that were made to the Currency Transaction Report (CTR) as most changes are minor in nature and will not be substantial for most financial institutions. That said, three of the five sections of the original version of the electronic SAR are reported o have been modified, though, again, most changes are not substantial to financial institutions - with the exception on SARs filed for a cyber-event.
Communication of the New SAR Form (2018)
At the time of publication of this article, FinCEN has not provided any public guidance regarding the new SAR form. That said, we have heard reports that the new SAR form is now available for use.
In addition, it appears that on July 10, 2018, FinCEN provided an “important reminder to FinCEN SAR & CTR E-Filers” which provided a few updates regarding both SAR and CTR filings. It is our understanding that FinCEN explained in this communication that the new discrete SAR filing form (v1.2) would be released on July 27, 2018 and will replace the existing form (v1.1) on the BSA E-Filing System. It is also our understanding that FinCEN stated that they will continue to accept v1.0 and 1.1 until January 1, 2019. At that time, only the new SAR form (v1.2) will be accepted.
In addition to this, FinCEN apparently stated that a new SAR batch entry form (v1.2) will also be released on July 27, 2018, which will be designed to accept a FinCEN SAR batch file in XML format and will be available on the BSA E-Filing System.
FinCEN Guidance on the New SAR Form (2018)
FinCEN previously provided public guidance to financial institutions, which clearly outline the planned changes to the new SAR form (2018). Those changes are outlined as follows:
The first two changes on the SAR form will appear in the filing information section of the SAR, which prints out as the page before the actual SAR and lists the filing name and the acknowledgement signature of the employee filing the SAR.
The changes to the filing information section include the following:
Removing the reference to the “document control number” in the “Type of filing” section (currently titled “Prior Report Document Control Number/BSA Identifier”, which is item 1 of this page.
Adding an item 2 titled “Filing Institution Note to FinCEN. This new text field allows the SAR filer to alert FinCEN that the SAR is being filed in response to a current specific geographic targeting order (GTO), advisory, or other activity. Based on the original proposal posted in the Federal Register, this field will allow for 100 characters.
Part I of the SAR form, which contains information on the subject, will experience only one minor change:
The section “Relationship of the subject to an institution listed in Part III or IV” is removing the “no relationship to institution” option, which is currently option “j” Also, this section will no longer be section 21, but will now be section 24.
Part II of the SAR form is the part that provides information on the suspected suspicious activity included in the report. This part will experience several changes as follows:
The section specific to structuring will experience a few changes. Specifically, the phrase “or cancels” will be added to options “a” and “b.” For example, item “b” currently states that the subject “alters transaction to avoid CTR requirement.” With the change, the item will most likely read “alters or cancels transaction to avoid CTR requirement.” Secondly, item “c” will be removed, which states that the “customer cancels transaction to avoid BSA reporting…” Basically, it seems that FinCEN is just, consolidating item “c” with items “a” and “b.”
The section on fraud types will also have a few changes. Item “b” will add the statement “Advanced Fee” and remove the term “Business loan.” Item “i” will replace “mass marketing” with “Ponzi Scheme” and item “l” will add “Securities Fraud.
The section for casinos will see changes as the section title will be changed from “Casinos” to “Gaming Activities.” In addition, item “a” will replace the current item with “Chip walking,” item “b” will replace the current item with “Minimal gaming with large transactions” and item “d” will add “Unknown source of chips.”
The section on other suspicious activity will add “Human Trafficking/Smuggling” as an option as well as an option for “transaction(s) involving foreign high risk jurisdiction.” Two current options in this section will be removed.
Item “b” of the “Securities/Futures/Options” section will remove “wash trading” and add this as its own new entry, item “e”.
The Mortgage Fraud section will add a new item “a” of “Application Fraud,” item “c” will add “Foreclosure/Short sale fraud” and item “d” will replace “reverse mortgage fraud” with “origination fraud.”
A new category of “Cyber-event” will be added to the selection. Item “a” will be a new item of “Against the Financial Institution(s)” while item “b” will be “Against the Financial Institutions customer(s).” Item “z” will be added to include an “Other” option with the associated text field. This will be item 42.
Item “n” of current section 39 will remove the term “Penny Stocks.” This will now be item 43 instead of item 39.
Item 48 will now be a new field to collect an “IP Address” and have an associated item 48a to include the “Date field” in a (yyyy/mm/dd) format and an item 48b of “Time” to include the (hh:mm:ss) format.
A new item 49 will be added to record the Cyber Event Suspicious Activity Type and Associated Subtypes.”. This new category of fields will record up to 99 cyber events associated with the suspicious activity. The following cyber event indicators are going to be added along with the event value (and date and timestamp, if applicable): Command & Control IP address; Command & Control URL/Domain; Malware MD5, Malware SHA-1, or Malware SHA-256; Media Access Control (MAC) Address; Port; Suspicious e-mail address; Suspicious filename; Suspicious IP Address; Suspicious URL/Domain; Targeted system; and Other.
Part III will not experience any changes.
Part IV will experience one minor change as follows:
The field length for Item 96 -Filing institution contact office - will be increased to 50 characters and will be referenced as item 93 (Designated contact office).
There will be no changes to the narrative section of the SAR.
Additional Guidance for Financial Institutions
At this time, FinCEN has not made a copy of the new SAR Form (2018) available to the public. SAR filers must log-in to the e-filing system to access the new SAR form and applicable instructions. Again, it is our understanding that the new SAR form will be mandatory beginning on January 1, 2019.
The FinCEN announcement can be found here.
The original proposal can be found here.