The Bank Secrecy Act (BSA) and Suspicious Activity Monitoring: Considerations for Your Next Examination

By Elaine Yancey

According to the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual (the manual), suspicious activity reporting “forms the cornerstone of the BSA reporting system.” In fact, the primary purpose of the act is to identify and report transactions where financial institutions are possibly being used to facilitate money laundering, terrorist financing or other illicit financial activities. Noncompliance can have serious consequences, which is one reason examiners spend significant time reviewing this area.

Guidance contained in the manual is another reason for the emphasis on suspicious activity. By statute, the BSA/AML review is part of every full-scope safety and soundness examination. The change in economic conditions led the Board of Governors, in 2008, to issue guidance to examiners reminding them of the risk-based approach to the BSA/AML examination set forth in the manual. While allowing examiners to limit the assignment in most instances based on the specific risk profile of the bank, minimum procedures were nonetheless required, and they include a review of suspicious activity. Further, from a review of 2011 examination findings of state member banks in the Fifth District, suspicious activity issues were among the top three BSA findings cited.

Examiners performing the BSA/AML assignment will evaluate the method used to identify, monitor and report suspicious activity. As part of this undertaking, examiners will conduct a technical review of the Suspicious Activity Reports (SARs) filed by your institution to determine whether “the right boxes were checked” and a narrative was created that is both accurate and understandable to the end user. SAR narratives should answer the questions: who, what, where, when, why and how. The idea behind this review is that the quality of SAR content is sometimes reflective of the effectiveness of your suspicious activity program; if you’re hurrying through your SAR preparation by making technical errors or providing vague or overblown narratives, the examiner may conclude that you might not understand the larger purpose of the BSA. Practices that you might consider to ensure an effective SAR filing process include:

  • Develop an explicit protocol for processing potential SARs, whether it be manual or automated, perhaps a SAR referral form and an organized methodology for insuring all SARs end up in the right hands. A standard process may help protect the confidentiality of the information as well as ensure timely and accurate filing.
  • Implement a second review process for SARs.
  • File SARs electronically. The automated fields and drop-down options may reduce the likelihood of technical errors.
  • Train your staff. Consider including the SAR filing instructions in the training as well as a sample SAR for your personnel to emulate.
  • Centralize the process. If you file a significant volume of SARs, for consistency reasons, you might benefit from having one or only a few well-trained staff members actually write the SARs. Know that sometimes those who investigate suspicious activity have a more impartial perspective than those who report it.

In addition to the technical review of the SARs, examiners will study the employee identification component of your suspicious activity monitoring program, any tools used to monitor customer transactions and, of course, your SAR decision-making process. For unusual activity identified by employees, examiners will want to know whether that information is communicated to the BSA/AML officer and how it was documented and resolved, meaning whether a SAR was filed and why or why not. The same goes for responding to alerts generated by your automated account monitoring system or those you have flagged from your core processor reports. Examiners will evaluate your response to these hints of possible suspicious activity and will need to understand how and who makes the decision to file or to not file a SAR. Practices to consider in the SAR decision-making process include:

  • Document and follow your institution’s processes for identifying suspicious activity and for SAR decision-making, taking the reader from alert or the possible suspicious activity to the point at which a SAR was or was not filed. Consider detailing your chosen method of identifying suspicious activity (employee identification, manual, automated or a combination), monitoring the suspicious customer, discussing the investigation phase and, finally, the SAR disposition.
  • Maintain a negative SAR file. Examiners will want to get a comfort level that your decisions to not file a SAR are sound. That said, examiners should be focusing on your SAR decision-making process as a whole and not individual SAR decisions.
  • For SARs filed on continuing activity, be prepared to explain whether you followed your account-closing policy and considered contacting law enforcement and your regulator about the activity.
  • If you use a manual method to monitor suspicious activity and don’t have a built-in case management tool to record or track customer transaction monitoring, contemplate automating monitoring through the use of a spreadsheet like Excel. It’s often more efficient and may more readily assist you in identifying trends or patterns.
  • Be clear on who the final SAR decision-maker is, whether it is an individual or a committee. Make sure the individual or group has the requisite authority to make the final call, and develop a process to resolve differences of opinion should the committee approach be used.

When evaluating your transaction monitoring method, be prepared to explain any software programs or core processor reports you use. For the core processor method, examiners will want to know which reports you review (currency activity reports, large item reports, currency fluctuation reports, past-due loan reports, kiting reports, etc.) and why and how often they are reviewed. If you use a software program or automated system to monitor customer activity, examiners will want to know what parameters or settings are in place and what rules have been selected or created that alert you to unusual activity. Examiners will need to understand how the program has been customized based on your specific product or service offerings, customer mix and geographic footprint to notify you of suspicious transactions. Also considered by examiners are data integrity, the reasonableness of monitoring thresholds and rules (do you have rules monitoring credit card activity when you don’t offer credit cards?); change control procedures for items that need updating (like high-risk country lists or other lists that may routinely change); and data mapping or verifying, for example, that all cash feeds, whether they are from the teller stations, the drive-through or the ATMs, are being appropriately channeled for cash aggregation purposes. Practices you might consider to ensure you are appropriately monitoring for suspicious activity include:

  • Make sure all high-risk areas and business lines are covered. Sometimes certain areas are excluded from the suspicious activity monitoring protocol for one reason or the other. Take wires, for example. You are likely checking them against OFAC, but you may not have incorporated them into your suspicious activity review process.
  • Manage alerts generated by your automated system. Examiners will want to see that you have sufficient staff to process and investigate alerts. Examiners will also evaluate the alerts as to whether they are indeed indicative of unusual activity. If there are many “false” alerts, this puts into question the parameters, thresholds, types of activity and data used to generate the alert.
  • Incorporate subpoena activity into suspicious activity monitoring. Examiners will want to ensure that the BSA/AML staff is privy to subpoena requests, as they might necessitate SAR filings. Subpoenas are also sometimes indicative of alleged criminal activity of bank customers of which the BSA/AML staff is unaware.
  • Include insider SARs. Make sure you have implemented a process for filing SARs on employees and directors. The SAR rules require filing on insider abuse.
  • Develop a relationship with the lending staff. Unfortunately, some perceive the BSA as only pertaining to deposit accounts. The BSA is broader than that and suspicious activity can absolutely occur in the lending area of your institutions. Examiners will be checking to see that loan staff has the training it needs to identify suspicious activity, that there are open communications among the BSA/AML and the loan staff, and that loan personnel and products are in some way incorporated into your suspicious activity monitoring protocol.

Finally, the manual guides examiners to determine whether the “programming of the methodology” used for suspicious activity monitoring has been independently validated. This means that examiners will be looking at your independent review results to help gauge the integrity and accuracy of management information systems used to effectuate BSA compliance, such as any automated or manual systems used for suspicious activity monitoring and summary or analytical reports used to keep management informed of AML issues. The failure to include an assessment of the MIS used in BSA/AML compliance is a common examination finding. The examiner will perform transaction testing to verify the effectiveness of whatever methodology you use.

Although priorities brought about by the markets have changed examiners’ focus on the BSA, suspicious activity remains an important part of each full-scope examination. It is an internal control that is critical to an effective BSA/AML compliance program, and, while the considerations offered above are not requirements, they are practices that may help protect your institution from criminal activity and unwanted enforcement actions.

Elaine Yancey is a supervisory examiner with the Federal Reserve Bank of Richmond. She can be reached at

The analyses and conclusions set forth in this publication are those of the authors and do not necessarily indicate concurrence by the Board of Governors, the Federal Reserve Banks, or the members of their staffs. Although we strive to make the information in this publication as accurate as possible, it is made available for educational and informational purposes only. Accordingly, for purposes of determining compliance with any legal requirement, the statements and views expressed in this publication do not constitute an interpretation of any laws, rule or regulation by the Board or by the officials or employees of the Federal Reserve System.

Contact Us


Supervision, Regulation & Credit
(804) 697-8000