NCUA 2362 (Old for Suspicious Activity Report

Suspicious Activity Report

SARformoldf9022-47_sar-di

Suspicious Activity Report

OMB: 3133-0094

Document [pdf]
Download: pdf | pdf
Suspicious
Activity Report

1
FRB:
FDIC:
OCC:
OTS:
NCUA:
TREASURY:

July 2003
Previous editions will not be accepted after December 31, 2003
ALWAYS COMPLETE ENTIRE REPORT
(see instructions)

FR 2230
6710/06
8010-9,8010-1
1601
2362
TD F 90-22.47

OMB No. 7100-0212
OMB No. 3064-0077
OMB No. 1557-0180
OMB No. 1550-0003
OMB No. 3133-0094
OMB No. 1506-0001

1 Check box below only if correcting a prior report.
Corrects Prior Report (see instruction #3 under “How to Make a Report”)

Part I

Reporting Financial Institution Information

2 Name of Financial Institution

3 EIN

4 Address of Financial Institution

5 Primary Federal Regulator

7 State

6 City
9

8 Zip Code

Address of Branch Office(s) where activity occurred

Federal Reserve

d

OCC

b

FDIC

e

OTS

c

NCUA

Multiple Branches (include information in narrative, Part V)

11 State

10 City

a

13 If institution closed, date closed

12 Zip Code

_____/ _____/ ______
MM

Closed?
Yes
No

14 Account number(s) affected, if any
a

Yes

b

Part II

c
d

No

Yes

Suspect Information

No

16 First Name

17 Middle

Address

19 SSN, EIN or TIN
21 State

20 City

22 Zip Code

23 Country (Enter 2 digit code)

25 Phone Number - Work (include area code)

24 Phone Number - Residence (include area code)

(

YYYY

Suspect Information Unavailable

15 Last Name or Name of Entity
18

DD

Closed?
Yes
No

(

)

)

27 Date of Birth

26 Occupation/Type of Business

28 Admission/Confession?
_____/ _____/ ______
MM

DD

a

YYYY

Yes

b

No

29 Forms of Identification for Suspect:
a

Driver’s License/State ID

b

Passport

c

Alien Registration

Number __________________________

d

Other ______________

Issuing Authority ______________________

30 Relationship to Financial Institution:
a

Accountant

d

Attorney

g

Customer

j

Officer

b

Agent

e

Borrower

h

Director

k

Shareholder

c

Appraiser

f

Broker

i

Employee

l

Other ________________________________

31 Is the relationship an insider relationship?

a

If Yes specify: c
d

Yes

b

No

Still employed at financial institution e

Terminated

Suspended

Resigned

f

IRS Cat. No. 22285L

32 Date of Suspension, Termination, Resignation
_____/ _____/ ______
MM

DD

YYYY

Part III

Suspicious Activity Information

33 Date or date range of suspicious activity
From: ____/ ___/ ______
To: ____/ ___/ ______
MM

DD

YYYY

MM

DD

2
34 Total dollar amount involved in known or suspicious activity

$

YYYY

35 Summary characterization of suspicious activity:
a
Bank Secrecy Act/Structuring/
f
Computer Intrusion
Money Laundering
g
Consumer Loan Fraud
b
Bribery/Gratuity
h
Counterfeit Check
c
Check Fraud
i
Counterfeit Credit/Debit Card
d
Check Kiting
j
Counterfeit Instrument (other)
e
Commercial Loan Fraud
k
Credit Card Fraud
s

Other
(type of activity)

36 Amount of loss prior to recovery
$

,

,

j

l
m
n
o
p
q
r
t
u

37 Dollar amount of recovery (if applicable)
.00

$

,

,

39 Has the institution’s bonding company been notified?
a
Yes
b
No
40 Has any law enforcement agency
a
DEA
d
b
FBI
e
c
IRS
f

,

,

.00

,

Debit Card Fraud
Defalcation/Embezzlement
False Statement
Misuse of Position or Self Dealing
Mortgage Loan Fraud
Mysterious Disappearance
Wire Transfer Fraud
Terrorist Financing
Identity Theft
38 Has the suspicious activity had a
material impact on, or otherwise
.00
affected, the financial soundness
of the institution?
a

Yes

b

No

already been advised by telephone, written communication, or otherwise?
Postal Inspection g
Other Federal
Secret Service
h
State
U.S. Customs
i
Local

Agency Name (for g, h or i)

41 Name of person(s) contacted at Law Enforcement Agency

42 Phone Number (include area code)

43 Name of person(s) contacted at Law Enforcement Agency

44 Phone Number (include area code)

(
(
Part IV

)
)

Contact for Assistance

45 Last Name

48 Title/Occupation

49 Phone Number (include area code)

(
51 Agency (if not filed by financial institution)

47 Middle

46 First Name

)

50 Date Prepared
_____/ _____/ ______
MM

DD

YYYY

Part V

Suspicious Activity Information Explanation/Description

Explanation/description of known or suspected violation
of law or suspicious activity.

f
g

This section of the report is critical. The care with which it is
written may make the difference in whether or not the described
conduct and its possible criminal nature are clearly understood.
Provide below a chronological and complete account of the
possible violation of law, including what is unusual, irregular or
suspicious about the transaction, using the following checklist as
you prepare your account. If necessary, continue the
narrative on a duplicate of this page.
a
b
c

d

e

Describe supporting documentation and retain for 5 years.
Explain who benefited, financially or otherwise, from the
transaction, how much, and how.
Retain any confession, admission, or explanation of the
transaction provided by the suspect and indicate to
whom and when it was given.
Retain any confession, admission, or explanation of the
transaction provided by any other person and indicate
to whom and when it was given.
Retain any evidence of cover-up or evidence of an attempt
to deceive federal or state examiners or others.

h
i
j
k

3

Indicate where the possible violation took place
(e.g., main office, branch, other).
Indicate whether the possible violation is an isolated
incident or relates to other transactions.
Indicate whether there is any related litigation; if so,
specify.
Recommend any further investigation that might assist law
enforcement authorities.
Indicate whether any information has been excluded from
this report; if so, why?
If you are correcting a previously filed report, describe the
changes that are being made.

For Bank Secrecy Act/Structuring/Money Laundering reports,
include the following additional information:
l
Indicate whether currency and/or monetary instruments
were involved. If so, provide the amount and/or description
of the instrument (for example, bank draft, letter of
credit, domestic or international money order, stocks,
bonds, traveler’s checks, wire transfers sent or received,
cash, etc.).
m Indicate any account number that may be involved
or affected.

Tips on SAR Form preparation and filing are available in the SAR Activity Review at www.fincen.gov/pub_reports.html

Paperwork Reduction Act Notice: The purpose of this form is to provide an effective and consistent means for financial institutions to notify appropriate law enforcement agencies of known
or suspected criminal conduct or suspicious activities that take place at or were perpetrated against financial institutions. This report is required by law, pursuant to authority contained in
the following statutes. Board of Governors of the Federal Reserve System: 12 U.S.C. 324, 334, 611a, 1844(b) and (c), 3105(c) (2) and 3106(a). Federal Deposit Insurance Corporation:
12 U.S.C. 93a, 1818, 1881-84, 3401-22. Office of the Comptroller of the Currency: 12 U.S.C. 93a, 1818, 1881-84, 3401-22. Office of Thrift Supervision: 12 U.S.C. 1463 and 1464.
National Credit Union Administration: 12 U.S.C. 1766(a), 1786(q). Financial Crimes Enforcement Network: 31 U.S.C. 5318(g). Information collected on this report is confidential (5
U.S.C. 552(b)(7) and 552a(k)(2), and 31 U.S.C. 5318(g)). The Federal financial institutions’ regulatory agencies and the U.S. Departments of Justice and Treasury may use and share the information.
Public reporting and recordkeeping burden for this information collection is estimated to average 30 minutes per response, and includes time to gather and maintain data in the required report, review
the instructions, and complete the information collection. Send comments regarding this burden estimate, including suggestions for reducing the burden, to the Office of Management and Budget,
Paperwork Reduction Project, Washington, DC 20503 and, depending on your primary Federal regulatory agency, to Secretary, Board of Governors of the Federal Reserve System, Washington, DC 20551;
or Assistant Executive Secretary, Federal Deposit Insurance Corporation, Washington, DC 20429; or Legislative and Regulatory Analysis Division, Office of the Comptroller of the Currency, Washington,
DC 20219; or Office of Thrift Supervision, Enforcement Office, Washington, DC 20552; or National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314; or Office of the Director, Financial
Crimes Enforcement Network, Department of the Treasury, P.O. Box 39, Vienna, VA 22183. The agencies may not conduct or sponsor, and an organization (or a person) is not required
to respond to, a collection of information unless it displays a currently valid OMB control number.

Suspicious Activity Report
Instructions
Safe Harbor Federal law (31 U.S.C. 5318(g)(3)) provides complete protection from civil liability for all reports of suspicious
transactions made to appropriate authorities, including supporting documentation, regardless of whether such reports are
filed pursuant to this report’s instructions or are filed on a voluntary basis. Specifically, the law provides that a financial
institution, and its directors, officers, employees and agents, that make a disclosure of any possible violation of law or
regulation, including in connection with the preparation of suspicious activity reports, “shall not be liable to any person
under any law or regulation of the United States, any constitution, law, or regulation of any State or political subdivision of
any State, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such
disclosure or for any failure to provide notice of such disclosure to the person who is the subject of such disclosure or any
other person identified in the disclosure”.
Notification Prohibited Federal law (31 U.S.C. 5318(g)(2)) requires that a financial institution, and its directors, officers,
employees and agents who, voluntarily or by means of a suspicious activity report, report suspected or known criminal
violations or suspicious activities may not notify any person involved in the transaction that the transaction has been reported.
In situations involving violations requiring immediate attention, such as when a reportable violation is ongoing, the
financial institution shall immediately notify, by telephone, appropriate law enforcement and financial institution
supervisory authorities in addition to filing a timely suspicious activity report.

WHEN TO MAKE A REPORT:
1. All financial institutions operating in the United States, including insured banks, savings associations, savings
association service corporations, credit unions, bank holding companies, nonbank subsidiaries of bank holding
companies, Edge and Agreement corporations, and U.S. branches and agencies of foreign banks, are required to make this report following the discovery of:
a. Insider abuse involving any amount. Whenever the financial institution detects any known or suspected
Federal criminal violation, or pattern of criminal violations, committed or attempted against the financial
institution or involving a transaction or transactions conducted through the financial institution, where the
financial institution believes that it was either an actual or potential victim of a criminal violation, or series of
criminal violations, or that the financial institution was used to facilitate a criminal transaction, and the
financial institution has a substantial basis for identifying one of its directors, officers, employees, agents or
other institution-affiliated parties as having committed or aided in the commission of a criminal act regardless
of the amount involved in the violation.
b. Violations aggregating $5,000 or more where a suspect can be identified. Whenever the financial
institution detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the financial institution or involving a transaction or transactions conducted
through the financial institution and involving or aggregating $5,000 or more in funds or other assets, where
the financial institution believes that it was either an actual or potential victim of a criminal violation, or series
of criminal violations, or that the financial institution was used to facilitate a criminal transaction, and the
financial institution has a substantial basis for identifying a possible suspect or group of suspects. If it is
determined prior to filing this report that the identified suspect or group of suspects has used an “alias,” then
information regarding the true identity of the suspect or group of suspects, as well as alias identifiers, such
as drivers’ licenses or social security numbers, addresses and telephone numbers, must be reported.
c. Violations aggregating $25,000 or more regardless of a potential suspect. Whenever the financial
institution detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the financial institution or involving a transaction or transactions conducted
through the financial institution and involving or aggregating $25,000 or more in funds or other assets, where
the financial institution believes that it was either an actual or potential victim of a criminal violation, or series
of criminal violations, or that the financial institution was used to facilitate a criminal transaction, even though
there is no substantial basis for identifying a possible suspect or group of suspects.
d. Transactions aggregating $5,000 or more that involve potential money laundering or violations of the
Bank Secrecy Act. Any transaction (which for purposes of this subsection means a deposit, withdrawal,
transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock,
bond, certificate of deposit, or other monetary instrument or investment security, or any other payment, transfer,
or delivery by, through, or to a financial institution, by whatever means effected) conducted or attempted by, at

or through the financial institution and involving or aggregating $5,000 or more in funds or other assets, if the financial
institution knows, suspects, or has reason to suspect that:
i. The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or
disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature,
source, location, or control of such funds or assets) as part of a plan to violate or evade any law or regulation or
to avoid any transaction reporting requirement under Federal law;
ii. The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or
iii. The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer
would normally be expected to engage, and the financial institution knows of no reasonable explanation for the
transaction after examining the available facts, including the background and possible purpose of the transaction.
The Bank Secrecy Act requires all financial institutions to file currency transaction reports (CTRs) in accordance with
the Department of the Treasury’s implementing regulations (31 CFR Part 103). These regulations require a financial
institution to file a CTR whenever a currency transaction exceeds $10,000. If a currency transaction exceeds $10,000
and is suspicious, the institution must file both a CTR (reporting the currency transaction) and a suspicious activity
report (reporting the suspicious or criminal aspects of the transaction). If a currency transaction equals or is below
$10,000 and is suspicious, the institution should only file a suspicious activity report.
2. Computer Intrusion. For purposes of this report, “computer intrusion” is defined as gaining access to a
computer system of a financial institution to:
a. Remove, steal, procure, or otherwise affect funds of the institution or the institution’s customers;
b. Remove, steal, procure or otherwise affect critical information of the institution including customer account
information; or
c. Damage, disable or otherwise affect critical systems of the institution.
For purposes of this reporting requirement, computer intrusion does not mean attempted intrusions of websites or
other non-critical information systems of the institution that provide no access to institution or customer financial or
other critical information.
3. A financial institution is required to file a suspicious activity report no later than 30 calendar days after the date of
initial detection of facts that may constitute a basis for filing a suspicious activity report. If no suspect was identified
on the date of detection of the incident requiring the filing, a financial institution may delay filing a suspicious activity
report for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60
calendar days after the date of initial detection of a reportable transaction.
4. This suspicious activity report does not need to be filed for those robberies and burglaries that are reported to local
authorities, or (except for savings associations and service corporations) for lost, missing, counterfeit, or stolen
securities that are reported pursuant to the requirements of 17 CFR 240.17f-1.
HOW TO MAKE A REPORT:
1. Send each completed suspicious activity report to:
Detroit Computing Center, P.O. Box 33980, Detroit, Ml 48232-0980
2. For items that do not apply or for which information is not available, leave blank.
3. If you are correcting a previously filed report, check the box at the top of the report (line 1). Complete the report in its
entirety and include the corrected information in the applicable boxes. Then describe the changes that are being made
in Part V (Description of Suspicious Activity), line k.
4. Do not include any supporting documentation with the suspicious activity report. Identify and retain a copy
of the suspicious activity report and all original supporting documentation or business record equivalent for five (5)
years from the date of the suspicious activity report. All supporting documentation must be made available to
appropriate authorities upon request.
5. If more space is needed to report additional suspects, attach copies of page 1 to provide the additional information. If
more space is needed to report additional branch addresses, include this information in the narrative, Part V.
6. Financial institutions are encouraged to provide copies of suspicious activity reports to state and local authorities,
where appropriate.


File Typeapplication/pdf
File TitleTD F 90-22.47 (7-2003)
Subjectfillable
AuthorORP
File Modified2009-06-22
File Created2003-02-12

© 2024 OMB.report | Privacy Policy