Skip to main content
OCC Flag

An official website of the United States government

OCC Bulletin 2003-27 | June 24, 2003

Suspicious Activity Report: Revised Form


Chief Executive Officers and Compliance Officers of All National Banks, Department and Division Heads, and All Examining Personnel

Pursuant to 12 CFR 21.11, all national banks, as well as all federal branches and agencies of foreign banks licensed by the Office of the Comptroller of the Currency (OCC), are required to file a Suspicious Activity Report (SAR) when they detect a known or suspected violation of federal law or a suspicious transaction related to a money-laundering activity or a violation of the Bank Secrecy Act. Beginning July 1, 2003, national banks and federal branches and agencies may begin using the revised SAR form attached to this bulletin. Banks and federal branches and agencies may continue using the existing SAR form while their procedures and systems are updated, but must start using the revised form by January 1, 2004. The revised SAR form is available on the Financial Crimes Enforcement Network (FinCEN) website.

The revised form contains three changes from the previous version:

  • Part III - The addition of two boxes to check for terrorist financing and identity theft;
  • Part V - The addition of a statement indicating that tips on preparing and filing the SAR form are available on the FinCEN Website; and
  • SAR Instructions - The Safe Harbor provisions have been updated to incorporate USA PATRIOT Act changes.

Preparers should refrain from using the "Other" box if it would be more appropriate to use either the "Terrorist Financing" or "Identity Theft" box. Examples of when use of these boxes would be appropriate are included in the "SAR Activity Review – Tips, Trends and Issues" (February 2003), and additional information concerning terrorist or other criminal financial activity is included in FinCEN's "SAR Bulletin No. 4" (January 2002). Both of these documents are available on the FinCEN Website.

If a bank has a match with a Specially Designated Global Terrorist (SDGT) or Foreign Terrorist Organization on the Specially Designated Nationals list published by the Office of Foreign Assets Control (OFAC), the bank should review the account and any related activity. If the bank discovers anything suspicious, the bank should file a SAR in accordance with the regulation and the instructions on the form.

Terrorist Financing

FinCEN's SAR Bulletin No. 4 provides various indicators and patterns of activity that could be associated with funds collection related to terrorist financing and the movement of funds related to terrorist financing.1 Some of the indicators and patterns of activity noted in the bulletin include the following:

  • Use of a business account to collect and then funnel funds to a smaller number of foreign beneficiaries, both individual and business, in a country associated with terrorism;
  • Use of a business account that would not normally generate the volume of wire transfer activity, into and out of the account, as reported;
  • Use of multiple individuals to structure transactions under the reporting threshold to circumvent reporting requirements and then funnel funds to a foreign beneficiary;
  • Large currency withdrawals from a business account not normally associated with cash transactions;
  • Same-day transactions at the same depository institutions using different tellers;
  • Shared addresses, which are also business locations, by persons involved in currency transactions;
  • Apparent intent to circumvent wire remittance company's internal requirements for presentation of identification through purchase of money orders in small amounts; or
  • Movement of funds through a Financial Action Task Force (FATF) designated non-cooperative country or territory.

Identity Theft

FinCEN's SAR Activity Review notes that it would be appropriate to select the "Identity Theft" box in instances in which a person is suspected of having:

  • Used someone else's social security number and personal data in order to obtain a loan in that person's name; or
  • Established fraudulent bank accounts using the identities of numerous persons.

In addition, occurrences of identity theft or suspected identity theft may increasingly be the result of bank insider or employee misconduct. Examples of when it would be appropriate to select the "Identity Theft" box include situations where a bank employee or insider has:

  • Been assigned to work on one type of account and then accessed unrelated, different types of accounts or account information with no valid or permissible business purpose;
  • Copied or transferred customers' personal information to a third party who is not employed by the bank, and not otherwise authorized by the bank or customers to review or possess the information;
  • Altered or changed more than one account record to reflect addresses or phone numbers that are unknown to the true customers;
  • Processed or ordered more than one replacement credit card or other product, when the credit cards or other products are sent to addresses unknown to the true customers;
  • Linked more than two accounts for unrelated customers who are unknown to each other, and who have not authorized such account linkages; or
  • Been arrested, or charged with a crime, when customer personal information, customer account documentation, or customer identification was found in the possession of the bank employee or insider at a location outside of the bank.

Questions about the revised SAR form may be directed to your OCC supervisory office or OCC Compliance Division (202) 649-5470.

David G. Hammaker
Deputy Comptroller for Compliance

Related Links

1The bulletin points out that taken individually, the indicators do not necessarily equate to terrorist or other criminal financial activity. Combinations of indicators should raise the level of concern about potential terrorist financing or other criminal context.