When preparing a SAR narrative, if the business account relationship contains multiples accounts (at least 8) and the suspicious activity was only detected on two, are we permitted place emphasis on those affected accounts and establish that none of the remaining accounts had flags or suspicious activity detected?
The bank received a phone call from a non-customer who stated that their business email had been compromised as a staff member of theirs received what appeared to be a wire request from the CEO, however, it was discovered that the CEO did not send the request. The request listed our customer and account number as the beneficiary of the wire. Would this be considered an attempt by an unknown subject or because we did not specifically get the wire or the wire request, just a call from a non-customer and an email forwarded from them, would this not be considered reportable?
My question is in regards to a returned item and the date that should be reported on the SAR. We were recently advised that the suspicious date for the returned item should be the date of the original deposit and not the date it was returned. But isn't the item being returned the suspicious nature of the transaction so shouldn't we use the returned date instead?
Are there any rules that would prevent us from reissuing a cashier's check every few months for a customer? She comes in and wants a fresh check but never cashes it out. Is that a reportable suspicious activity? Are we breaking rules by doing this?
What are the guidelines for retaining SAR documentation?
If suspicious activity does NOT meet the SAR reporting thresholds (e.g. under $5,000) is it necessary to still document the decision why no-SAR was completed?
When an account takeover is involved, does the bank file a Suspicious Activity Report only on the amount successfully obtained by the fraudster or does the bank report on the full account balance available at the time of the account takeover?
John has $5,000 in his account. John is a victim of an account takeover and has $2,500 removed from his account before the account is closed. What is the suspicious total involved?
When doing a SAR renewal if new activity is discovered along with continued activity of previous filed SAR can the new information be included in the renewed SAR or must a new SAR be completed with the renewed SAR only containing the continued activity?
Where can I find an updated definition guide for the suspicious activity categories of a SAR?
Is there a better way to ensure we are opening accounts that will not be a future liability?