SARs, CTRs, and Recordkeeping

The B-S-A's power comes from reports flowing to FinCEN, and the exam tests the two big ones precisely. The Currency Transaction Report, the C-T-R, captures large cash movements. The Suspicious Activity Report, the S-A-R, captures activity that looks like financial crime regardless of amount.

Alongside them sit recordkeeping rules, like the funds-transfer travel rule and records on the sale of monetary instruments. Get the thresholds and timing right, because these are favorite exam questions: they have clean numeric answers. Let's take each in turn, starting with the C-T-R, which is mechanical, then the S-A-R, which requires judgment.

A bank must file a Currency Transaction Report when it handles cash transactions exceeding ten thousand dollars by or on behalf of one person in a single business day. The key word is aggregate: if a customer makes several cash deposits in a day that together exceed ten thousand dollars, the bank aggregates them and files. The C-T-R is generally filed within fifteen days of the transaction.

There are exemptions, certain established business customers can be designated exempt to reduce noise. The C-T-R is mechanical: it's about the amount of cash, not whether anything looks wrong. On the exam, watch for aggregation across multiple same-day transactions; that's the common trap.

Two further details matter. First, the C-T-R captures cash transactions by or on behalf of one person, so a customer making deposits into several different accounts they control still aggregates to that person. Second, the C-T-R requires identifying the person conducting the transaction and the person on whose behalf it's conducted, which catches the situation where one person deposits cash for another.

The report itself is purely about the amount of currency, no suspicion is required, but accurate identification of the parties is what makes the report useful to law enforcement.

Closely tied to the C-T-R is structuring. Structuring is when someone deliberately breaks a large cash amount into smaller transactions, each under ten thousand dollars, to avoid triggering a Currency Transaction Report. Structuring is itself a federal crime, even if the underlying money is legitimate, and it's a classic red flag for a Suspicious Activity Report.

Importantly, a bank may not tell the customer that it's filing a S-A-R or even that the conduct looks like structuring, this is the no-tipping-off rule. The exam loves structuring fact patterns: someone makes nine-thousand-dollar deposits at several branches. Recognize the pattern, file the C-T-Rs where required, and consider a S-A-R.

The Suspicious Activity Report is the judgment-based report. A bank files a S-A-R when it knows, suspects, or has reason to suspect that a transaction involves funds from illegal activity, is designed to evade B-S-A requirements, has no apparent lawful purpose, or involves use of the bank to facilitate criminal activity. There are dollar thresholds, generally five thousand dollars or more when a suspect can be identified, with timing of thirty days from detection, extendable to sixty days if no suspect is identified.

S-A-Rs are strictly confidential, and the law grants a safe harbor protecting banks from liability for filing in good faith. The exam tests the thirty-day timing and the confidentiality and safe-harbor rules.

Detecting suspicious activity means knowing the red flags: unusual or unexplained cash activity, funds moving in and quickly out, customers reluctant to provide information, or transactions that simply don't fit the customer's known profile. The C-D-D risk profile we built earlier is what lets you notice when something's off. The B-S-A also imposes recordkeeping: logs for cash sales of monetary instruments between three thousand and ten thousand dollars, and the funds-transfer travel rule requiring certain information to travel with wire transfers.

Records are generally retained for five years. The exam may test a record-retention period or a red-flag scenario, so connect the dots from monitoring to reporting to recordkeeping. Step back and see the whole flow: customer due diligence builds a profile of normal activity; ongoing monitoring compares actual activity against that profile and against red-flag typologies; suspicious activity triggers a S-A-R; large cash triggers a C-T-R; and recordkeeping preserves the trail for five years so investigators can reconstruct it.

Each piece feeds the next. When a B-S-A question feels overwhelming, locate where in this chain the scenario sits, detection, reporting, or recordkeeping, and the relevant rule and deadline will come into focus.

Recap of B-S-A reporting. The Currency Transaction Report covers cash over ten thousand dollars in a day, aggregated, filed within fifteen days. Structuring, breaking cash to dodge that report, is a crime and a S-A-R red flag, and you can't tip off the customer.

The Suspicious Activity Report covers activity suggesting financial crime, with thresholds around five thousand dollars and timing of thirty days, sixty if no suspect, filed confidentially under a safe harbor. Recordkeeping rounds it out. Go test yourself, then we move to OFAC and sanctions.