Every major financial crime enforcement action of the past decade — from the Binance settlement to the TD Bank guilty plea — has involved, at its core, the filing or non-filing of Suspicious Activity Reports. The BSA requires financial institutions to file SARs when they detect transactions that may involve money laundering, terrorist financing, fraud, or other specified unlawful activities. TD Bank’s failure to file thousands of SARs was central to its $3.1 billion penalty. Binance’s failure to file over 100,000 was central to its $4.3 billion resolution.
Yet despite being the cornerstone of the entire anti-money laundering framework, the SAR process remains poorly understood outside of compliance departments. Here is how it actually works.
What a SAR contains
A SAR is a structured document filed by a financial institution with FinCEN (in the United States) or the equivalent Financial Intelligence Unit in other jurisdictions. It describes the suspicious activity, identifies the parties involved to the extent known, provides the dollar amounts and dates, and explains why the institution believes the activity is suspicious.
The narrative section is the most important part. This is where the compliance analyst explains, in plain language, what they observed and why it triggered concern. A good SAR narrative tells a story: the customer opened an account, deposited funds in a pattern consistent with structuring, transferred money to a high-risk jurisdiction, and withdrew the funds in cash at a branch in a different state — all within a week. The narrative connects the dots.
The quality of SAR narratives varies enormously. At well-resourced institutions, analysts receive training in investigative writing and are expected to produce narratives that could be understood by a law enforcement agent unfamiliar with the case. At under-resourced institutions, narratives can be formulaic, vague, or so laden with jargon that they provide little actionable intelligence.
Who reads it
SARs are filed with FinCEN, which maintains a database — the BSA database — containing every SAR filed by every institution in the United States. As of recent years, the database receives approximately 4 million SARs annually.
FinCEN does not investigate cases itself. It is an intelligence agency, not a law enforcement agency. Its role is to receive, store, and make available SAR data to authorised law enforcement and regulatory agencies. Over 12,000 authorised users across hundreds of federal, state, and local agencies have access to query the BSA database.
When an FBI agent, an IRS-CI investigator, or a state attorney general’s office opens a financial crime investigation, one of their first steps is typically a BSA database query. They search for SARs filed against the subject, the subject’s associates, or the financial accounts involved. The SARs provide leads — transaction records, account numbers, counterparties, and the filing institution’s own analysis of why the activity was suspicious.
This is where the quality of the narrative matters. A well-written SAR gives the investigator a roadmap. A poorly written one gives them a data point.
What happens next
Most SARs do not lead to investigations. The volume is simply too large for law enforcement to follow up on every filing. But SARs serve multiple functions beyond triggering individual investigations.
They establish a record. If a customer who was the subject of a SAR in 2020 is arrested for money laundering in 2024, the SAR becomes evidence that the financial institution detected the suspicious activity and reported it — fulfilling its legal obligation. If the institution did not file, the absence of a SAR becomes evidence of a compliance failure.
They enable pattern detection. FinCEN and law enforcement agencies use analytical tools to identify patterns across SARs filed by different institutions. A single SAR about an unusual wire transfer may not be actionable. But when twelve institutions file SARs about the same network of shell companies over a six-month period, the aggregate picture becomes investigable.
They inform policy. FinCEN uses SAR data to identify emerging typologies — new methods of money laundering, new terrorist financing channels, new fraud schemes. This analysis feeds back into the advisories and guidance that FinCEN issues to financial institutions, closing the loop.
Why this matters for crypto
The crypto industry’s relationship with SARs has been contentious. Many crypto exchanges — particularly those operating offshore — have historically filed few or no SARs, either because they were not registered as money services businesses or because they chose to ignore the requirement. The KuCoin plea explicitly noted that the exchange filed zero SARs in the United States despite processing over $5 billion in suspicious transactions.
The consequence of this gap is not abstract. It means that law enforcement agencies investigating crypto-enabled crime — ransomware, darknet markets, sanctions evasion, terrorist financing — are operating with significantly less intelligence than they have for traditional financial crime. The BSA database is rich with data from banks. It is sparse with data from crypto.
This is one of the practical costs of the AML compliance failures that have characterised much of the crypto industry. It is not just a regulatory violation. It is an intelligence gap that makes every financial crime investigation harder.