FinCEN recently announced that they will be revising the Suspicious Activity Report. The new version of the SAR will be available in June of 2018 and will include several changes. FinCEN is currently in the process of developing and testing the updated SAR and has released some mock-ups of the proposed SAR, though they say that the final SAR may be slightly different.
This is the first round of updates to the SAR form since releasing the new electronic version of the form a few years back. While we saw changes to the CTR form during 2017, it appears that 2018 is finally bringing us changes to the SAR form. Three of the five sections of the current SAR are going to have changes, though most are not substantial to financial institutions - with the exception on SARs filed for a cyber-event.
The following is an overview of the upcoming SAR changes, based on previously issued FinCEN SAR guidance. In reviewing these changes, it is important to understand that the numbering of the form will change as several new items are being added.
The first two changes on the SAR form will appear in the filing information section of the SAR, which prints out as the page before the actual SAR and lists the filing name and the acknowledgement signature of the employee filing the SAR.
The changes to the filing information section include the following:
Removing the reference to the “document control number” in the “Type of filing” section (currently titled “Prior Report Document Control Number/BSA Identifier”, which is item 1 of this page.
Adding an item 2 titled “Filing Institution Note to FinCEN. This new text field allows the SAR filer to alert FinCEN that the SAR is being filed in response to a current specific geographic targeting order (GTO), advisory, or other activity. Based on the original proposal posted in the Federal Register, this field will allow for 100 characters.
Part I of the SAR form, which contains information on the subject, will experience only one minor change:
The section “Relationship of the subject to an institution listed in Part III or IV” is removing the “no relationship to institution” option, which is currently option “j” Also, this section will no longer be section 21, but will now be section 24.
Part II of the SAR form is the part that provides information on the suspected suspicious activity included in the report. This part will experience several changes as follows:
The section specific to structuring will experience a few changes. Specifically, the phrase “or cancels” will be added to options “a” and “b.” For example, item “b” currently states that the subject “alters transaction to avoid CTR requirement.” With the change, the item will most likely read “alters or cancels transaction to avoid CTR requirement.” Secondly, item “c” will be removed, which states that the “customer cancels transaction to avoid BSA reporting…” Basically, it seems that FinCEN is just, consolidating item “c” with items “a” and “b.”
The section on fraud types will also have a few changes. Item “b” will add the statement “Advanced Fee” and remove the term “Business loan.” Item “i” will replace “mass marketing” with “Ponzi Scheme” and item “l” will add “Securities Fraud.
The section for casinos will see changes as the section title will be changed from “Casinos” to “Gaming Activities.” In addition, item “a” will replace the current item with “Chip walking,” item “b” will replace the current item with “Minimal gaming with large transactions” and item “d” will add “Unknown source of chips.”
The section on other suspicious activity will add “Human Trafficking/Smuggling” as an option as well as an option for “transaction(s) involving foreign high risk jurisdiction.” Two current options in this section will be removed.
Item “b” of the “Securities/Futures/Options” section will remove “wash trading” and add this as its own new entry, item “e”.
The Mortgage Fraud section will add a new item “a” of “Application Fraud,” item “c” will add “Foreclosure/Short sale fraud” and item “d” will replace “reverse mortgage fraud” with “origination fraud.”
A new category of “Cyber-event” will be added to the selection. Item “a” will be a new item of “Against the Financial Institution(s)” while item “b” will be “Against the Financial Institutions customer(s).” Item “z” will be added to include an “Other” option with the associated text field. This will be item 42.
Item “n” of current section 39 will remove the term “Penny Stocks.” This will now be item 43 instead of item 39.
Item 48 will now be a new field to collect an “IP Address” and have an associated item 48a to include the “Date field” in a (yyyy/mm/dd) format and an item 48b of “Time” to include the (hh:mm:ss) format.
A new item 49 will be added to record the Cyber Event Suspicious Activity Type and Associated Subtypes.”. This new category of fields will record up to 99 cyber events associated with the suspicious activity. The following cyber event indicators are going to be added along with the event value (and date and timestamp, if applicable): Command & Control IP address; Command & Control URL/Domain; Malware MD5, Malware SHA-1, or Malware SHA-256; Media Access Control (MAC) Address; Port; Suspicious e-mail address; Suspicious filename; Suspicious IP Address; Suspicious URL/Domain; Targeted system; and Other.
Part III will not experience any changes.
Part IV will experience one minor change as follows:
The field length for Item 96 -Filing institution contact office - will be increased to 50 characters and will be referenced as item 93 (Designated contact office).
There will be no changes to the narrative section of the SAR.
Application to Financial Institutions
From an initial review of the upcoming SAR changes, it appears that the most significant change will be in relationship to SARs filed due to cyber-crimes and cyber-events. While FinCEN has previously released guidance as to filing SARs on cyber-crimes and cyber-events, the SAR form now has many fields that can be completed in relationship to such events. It is likely that the BSA Officer will not be able to file applicable SARs without the assistance of the IT department.
As they did with the CTR changes, FinCEN will likely release applicable instructions for completing the new SAR form on the BSA e-filing system.
Thanks for reading this article. If you haven't done so already, make sure you check out our Compliance Clips - free 3-5 minute training videos on all topics of regulatory compliance.
The FinCEN announcement can be found here: https://bsaefiling.fincen.treas.gov/docs/SARXMLAnnouncement_Jan2018.pdf
The original proposal can be found here: https://www.federalregister.gov/documents/2017/02/02/2017-02235/proposed-collection-comment-request-update-and-revision-of-the-fincen-suspicious-activity-reports