What FinCEN’s Guidance Means for your AML/BSA Program

By Jen Williams

January 12, 2026

In October 2025, the Financial Crimes Enforcement Network (FinCEN), in coordination with federal banking agencies, including the Board of Governors of the Federal Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), and the Office of the Comptroller of the Currency (OCC), released updated guidance clarifying expectations around suspicious activity report (SAR) filings under the Bank Secrecy Act (BSA).  The FAQ is intended to implement Executive Order 14219, which intends to make adjustments to various regulations and guidance.  Additionally, the updates reflect FinCEN’s marked effort to reduce low-value filings and improve the usefulness of SARs for law enforcement and national security purposes.  For financial institutions, understanding this guidance is imperative to maintaining a strong AML/BSA program and understanding how examiners and auditors might adjust coming exams and audits.

 

Areas of suggested consideration are discussed at a high level below.  Should a financial institution wish for more detailed guidance or have further discussion on the topic, please reach out to our offices.  Of a significant degree of interest because of findings and observations from past examinations and audits, the FAQ states that decisions not to file SARs are not required to be documented.  In the past, auditors and examiners with varying degrees of findings, have documented financial institutions for a failure to document reasons that a SAR was not filed.  If a financial institution continues to document, they should include a concise statement, which should be sufficient.  Certain financial institutions already have a SAR Committee that makes decisions whether or not to file SARs, which is not required by regulation but may be considered good practice depending upon size and complexity of the institution.  If possible, concise documentation of non-SAR decisions along with periodic assurance reviews (and training, if necessary) should ensure that there is appropriate oversight without creating unnecessary delays in alert or case resolution upholds regulatory requirements and expectations.  It is recommended that financial institutions continue to rely on risk-based protocols to identify, report, and document suspicious activity.

 

The FAQ also provides further information on continuing activity and the SAR filing timeline.  Accounts where SARs were filed previously were required to be reviewed for continuing activity following 90 days, however, the FAQ removes this review requirement, however, the FAQ allows financial institutions to rely on risk-based internal policies, procedures, and controls to monitor and report suspicious activity as appropriate, provided those internal policies, procedures, and controls are reasonably designed to identify and report such activity.  The FAQ goes on to provide an updated timeline for continuing activity reviews as follows: Day 0: detection of facts that may constitute a basis for filing a SAR; Day 30: filing of initial SAR; Day 120: end of 90-day period; Day 150: filing of a SAR for continued suspicious activity.  It is recommended that AML/BSA programs are reviewed for continuing activity and SAR filing timelines are clearly documented and followed as this has been another hot button topic with examiners and auditors.

 

Additionally, the FAQ confirms that financial institutions are not required to file SARs solely due to transaction amounts near the $10,000 currency transaction reporting (CTR) threshold unless there is clear indication of reporting evasion.  Structuring can create a very large number of potential SARs.  FinCEN regulations, 31 C.F.R. § 1010.100(xx), defines structuring as follows: “[a] person structures a transaction if that person … conducts or attempts to conduct one or more transactions in currency, in any amount, at one or more financial institutions, on one or more days, in any manner, for the purpose of evading the [Bank Secrecy Act] reporting requirements.”  The FAQ requires filing if the institution knows, suspects, or has reason to suspect that the transaction or series of transactions are designed to evade CTR reporting requirements.  Realistically and logistically, financial institutions talk to their customers rarely and AML/BSA monitoring systems are designed to create alerts when structuring is suspected, so while it appears that this could decrease SAR reporting, in actuality, it is anticipated to do nothing.

 

FinCEN infrequently provides FAQs, so it is important to review this FAQ.  It is suggested that along with the review of the FAQ that AML/BSA departments continue to develop and deploy appropriate risk governance to enable identification, measurement, monitoring, and control for the risks associated with automated processes. Furthermore, conducting appropriate oversight of automated processes to ensure that the automated processes are continually functioning in a safe and sound manner is essential to the continued improvement of a strong AML/BSA program.

About the Author

Jen Williams

Jen Williams, Of Counsel at SW&M, has an extensive legal background spanning over 20 years. She brings a wealth of expertise in the fields of general credit union law, mergers and acquisitions, field of membership (FOM) expansions and issues, foundation […]

Learn More
Subscribe for Updates

Want the latest news and insights from the world of financial institutions delivered directly to your inbox? Enter your information below to be notified by email whenever SWM Lessons is updated.

  • This field is for validation purposes and should be left unchanged.
Search the Blog
Post Authors
Filter by Author
Search by Year
Filter by Year
Post Categories
Filter by Category
Want to Learn more?

Reach out today to discover how we can help.

Contact Us