Is it a requirement to file a SAR against an unknown suspect on debit card fraud under $25,000 if fraud took place within the same state at various locations? In reading the statue, and discussing with other FI's it is not a requirement unless the BSA officer deems it necessary and wants to file a voluntary SAR.

The information you received is correct. Without a suspect, reporting is not mandatory unless/until the aggregate activity reaches at least $25,000.

It is also correct that you have the option to file a SAR voluntarily for lesser amounts. I suggest doing so only if you believe, based on the information that you have, that such a filing would be valuable to law enforcement.

I absolutely agree with JacFSB. Voluntary filing on unidentifiable suspect(s) for amount aggregating to below the $25K threshold is solely up to the FI's discretion; however, it is NOT required per FinCEN.

Also, is the $25,000 fraud threshold required on one particular card/incident or does it have to be reported for a card compromise with multiple cards (such as Home Depot breach and the total loss for the bank against an unknown suspect)?

If the activity across multiple cards is demonstrably related, consider it as a single event.

I wouldn't suggest that just because multiple cards appeared on the same compromise list that whatever fraud you're seeing is automatically related. Also keep in mind that many of the cards have appeared on multiple compromise lists.

You'll want to consider patterns of fraud activity. If multiple cards are being counterfeited and used in the same geographic area, then you can quite easily connect those transactions as a single event.