2019 SAR Insight: Suspicious Activity Report Annual Analysis

Dynamic Securities Analytics, Inc.  (‘DSA’) returns with our annual analysis of Suspicious Activity Reports (‘SARs’) filed in 2019 by financial institutions.

The Big Picture

2,301,163 SARs were filed in 2019 which is an increase of 6% from 2018 levels. Depository Institutions filed 48% of all SARs, MSBs accounted for 37% and Securities/Futures filed 9%.

Securities/Futures had the largest year over year gain with a 24.1% increase in SAR filings in 2019. Loan/Finance Companies, Housing GSEs and Depository Institutions all saw double-digit percentage increases in annual filings. Casinos and Money Services Business (‘MSBs’) both had small drops in SARs filed.

Housing GSEs saw the largest percentage increase in the number of suspicious acts/behaviors (for example- Structuring, Origination Fraud, False Documents, etc.) with 66% more suspicious activities reported in 2019 than in 2018. In 2018, Housing GSEs reported 1.57 suspicious acts per SAR while in 2019 they reported 2.15 suspicious acts per SAR. 

Top Suspicious Activity Categories in 2019

DSA analyzed the underlying suspicious activity categories for Depository Institutions, MSBs and Securities/Futures. All three had the same top category in 2019 as in 2018. In fact, MSBs had no change at all in the top 5 most reported activities. Although four of the top five MSB categories saw fewer filings in 2019 that in 2018.

The biggest change at Depository Institutions was the move up from #4 to #2 for Check Fraud with a 37% increase in filings over 2018. Securities/Futures also reported a large increase in Check Fraud with filings up 44%, however ACH Fraud SARs also increased by 42% and moved up to the #2 spot for the industry.

Highest Ranking SAR Categories

SAR Filings by Primary Regulator

The IRS was reported at the primary regulator in 40% of SARs with over 180,000 more SARs than the 2nd most reported regulator, the OCC.  While the SEC has highlighted its AML related enforcement actions, the agency is only the primary regulator for 1.4% of all SARs filed.

Primary Regulator for SARs

The IRS’s Small Business/Self-Employed (‘SB/SE’) Division has the responsibility to pursue BSA civil compliance, although it does not have the authority to assess civil penalties, this power rests with FinCEN.

In September 2018, the Treasury Inspector General for Tax Administration (‘TIGTA’) issued an audit report titled “The Internal Revenue Service’s Bank Secrecy Act Program has Minimal Impact on Compliance.” The audit reported “some [BSA examiners] expressed their frustration that the IRS compliance reviews lack enforcement to ensure that the entity complies with BSA regulations” and that “there are no real consequences to deter noncompliance.”

TIGTA reported that the IRS closed 24,212 compliance cases during Fiscal Years 2014 through 2016.  During the same period, 2,568,999 SARs were filed by Financial Institutions that reported the IRS was their primary regulator.

IRS-Criminal Investigations created a Data Analytics branch and is proactively data-mining SARs resulting in 12% of all 2019 investigations initiated based on BSA data.

MSBs account for 90% of the IRS SAR filings while casinos account for next largest group.

Cyber Events

The revised 2018 SAR form included three new Cyber related categories: (1) Against Financial Institution Customer(s), (2) Against Financial Institutions, (3) Other Cyber.

The target of the Cyber event varies widely by industry. MSBs reported that Customers were the intended target in 95% of all Cyber SARs while at the other end of the spectrum, Casinos reported Customers were the target for 4% of Cyber SARs.

By industry, Casinos reported that they themselves were the target in 64% of Cyber SARs, by comparison Banks reported that the financial institution was the target 20% of the time. The target of the cyber event even varied depending on the Depository Institution regulator with FDIC customer being targeted at the highest rate while FRB regulated banks were most likely to be the target among Depository Institutions.

Something New

The SAR form was updated in 2018 to include seventeen new options and one new category (Cyber Event).

Banks and MSBs both reported Transaction(s) Involving Foreign High Risk Jurisdictions as the new option with the most SARs filed. Funnel Account took the number two spot at banks and Advance Fee held the second spot for MSBs. Securities/Futures reported Cyber: Against Financial Institution Customer(s) as the top new option.

Human Trafficking

January is National Human Trafficking Awareness month and for the first time, we have data for a full year of Human Trafficking SARs. 3,384 Human Trafficking SARs were filed in 2019 with banks accounting for 70% of the filings. Banks reported US Currency as the instrument used in 45% of Human Trafficking SARs. Banks also reported Fund Transfers in 34% and checks 13% of SARs. DSA also analyzed Human Smuggling SARs in a prior post.

Ponzi Schemes

There were 660 Ponzi Scheme SARs filed in 2019. Banks filed 6 Ponzi Scheme SARs for every 1 filed by Securities/Futures firms. Santa Clara County, CA led all counties with 48 SARs filed, with 42 filed by MSBs, which highlights the growing importance of digital payments. Interestingly, US Currency was the 3rd most common instrument type reported by banks with 162 instances.

Other Interesting Things

Spikes in Certain MSB Categories

Drilling down into SAR filing detail often turns up interesting insights. For instance, MSBs filed around 1,500 SARs each year in 2016 and 2017 for Suspicious Use of Informal Value Transfer System. In 2019, that number shot up to 66,456 from 4,724 in 2018, a 1306% increase. This increase was geographically diverse (i.e. not centered on Silicon Valley).

MSBs also reported a surge in SAR filings for Suspicious Inquiry by Customer Regarding BSA Reporting of Recordkeeping Requirements starting in January 2019 that petered out in September 2019. The year over year increase for the category was 563%.

MSB Spikes

Closer Look at Securities/Futures

The highest ranked securities violation of Insider Trading was the 16th most reported SAR category for Securities/Futures firms. Market Manipulation was 17th and Other Securities/Futures/Options was 18th. Securities firms are much more likely to report financial crimes against customers such as Account Takeover or attempts to use the firm to launder funds (see Suspicion Concerning the Source of Funds) than to identify securities fraud. For every 1 securities fraud SAR, there are 11.4 SARs that are not explicitly related to securities. It’s possible that some of these are linked (for instance a Wire Fraud to extract the proceeds of an Insider Trading scheme).



  1. 2019 SAR data was last updated by FinCEN on 12/31/19, available at https://www.fincen.gov/reports/sar-stats
  2. Italics indicated options listed on SAR form (i.e. Suspicious Activity, Financial Instrument, etc.)
  3. See FinCEN FAQs for all the details on how SARs Stats are reported. For instance, filers may select multiple Suspicious Activitis and Instrument options.
  4. Cyber events Against Customer and Against Financial Institution may not equal 100% because “Other” is also an option on the SAR from.