FinCEN Streamlines SAR Guidance: New FAQs Focus on Risk-Based AML Compliance

On October 9, 2025, the U.S. Department of Treasury’s Financial Crimes Enforcement Network (FinCEN) jointly with the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC), released new frequently asked questions (FAQs) clarifying suspicious activity reporting (SAR) obligations and related anti-money laundering/countering the financing of terrorism (AML/CFT) requirements for financial institutions. The FAQs focus on SAR filing requirements for potential structuring-related activity, continuing suspicious activity reviews, and the required documentation for a financial institution’s no-SAR decisions.

The updated guidance is part of FinCEN’s broader initiative to modernize and streamline AML/CFT regulations, with the goal of enabling financial institutions to prioritize resources on activities that provide the greatest value to law enforcement and other government stakeholders. Recent statements by FinCEN Director Andrea M. Gacki before the House Subcommittee on National Security, Illicit Finance, and International Financial Institutions and Treasury Under Secretary for Terrorism and Financial Intelligence John K. Hurley at the Association of Certified Anti-Money Laundering Specialists Assembly Conference underscore the urgency of reforming the AML/CFT regime to be more risk-based and focused on national security priorities.

Potential Structuring-Related Activity Filing Requirements

The FAQs clarify that SARs are not required for transactions at or near the $10,000 currency transaction reporting (CTR) threshold unless there is knowledge, suspicion, or reason to suspect that the transactions are designed to evade CTR requirements (i.e., structuring). Under Secretary Hurley described the substantial time and expense spent on reporting structuring data on legitimate businesses as inefficient and unnecessary.

No Requirement for Independent Reviews to Identify Ongoing Activity

Further, the FAQs confirm that financial institutions are not required to conduct manual or auxiliary reviews of a customer or account following a SAR filing to determine whether the suspicious activity has continued. While prior FinCEN guidance suggested SAR filings every 90 days for ongoing activity, the FAQs clarify that this guidance was not indicative of a regulatory expectation that financial institutions conduct independent reviews to determine whether the suspicious activity was ongoing. Instead, institutions may rely on appropriately designed risk‑based internal policies and procedures to identify, monitor, and report suspicious activity as detected. The FAQs also note that the suggested timeline for filing SARs in continuing activity scenarios is not mandatory; financial institutions may instead file SARs “as appropriate in line with applicable timelines,” typically within 30 calendar days of initial detection.

No Documentation Requirement for No-SAR Decisions

The FAQs further clarify that financial institutions are not required to document decisions not to file a SAR under the Bank Secrecy Act or its implementing regulations. While prior FinCEN guidance encouraged documentation of no-SAR decisions for internal review and audit purposes, the FAQs emphasize that the level of documentation should be consistent with the institution’s risk-based policies and procedures. In most cases, “a short, concise statement” will suffice, though more complex investigations may warrant additional detail.

Future FinCEN Prioritization and Outcomes-Focused Reforms are Likely

Looking ahead, financial institutions should anticipate further changes to AML/CFT regulations and examination practices as FinCEN continues to pursue reforms that focus on national security priorities and high-risk areas. Under Secretary Hurley indicated that future regulatory examinations will emphasize objective measures of output, such as the effectiveness of reporting in meeting law enforcement needs and the identification of activity utilizing known typologies. Institutions are encouraged to innovate within their compliance programs, including the adoption of technologies such as AI, blockchain analysis, digital identity, and APIs, to build a more effective and outcomes-focused AML framework.

Financial institutions should review their SAR and AML/CFT policies in light of these clarifications and monitor ongoing regulatory developments for further guidance.