SAR Quality Over Quantity: Enhancing Value for Institutions and Law Enforcement

Picture it: the Federal Law Enforcement Training Center, circa 2005: I, a newly minted Special Agent with the Internal Revenue Service, Criminal Investigation (IRS-CI), had just successfully completed a months-long training case bringing down Fred Fraudster for money laundering. It all started with a timely submitted and well-documented Suspicious Activity Report (SAR).

It was a different reality in the field. Despite bankers’ good-faith efforts to fulfill their compliance obligations—often expending significant time and resources drafting and filing SARs—many reports were based largely on cash activity, threshold-driven transactions, or conduct that was unusual but otherwise lawful, often without the benefit of full contextual analysis tying the activity to suspected criminal conduct. As a result, filings frequently omitted critical information useful to law enforcement, and in some instances, the reported activity did not rise to a level of risk necessitating a SAR at all.

Now, as an attorney at Adams & Reese, I asked: what better way to help our clients enhance efficiency in Bank Secrecy Act compliance than to hear directly from IRS-CI? Adams & Reese Partner and Financial Services Regulatory & Compliance Team Leader, Amy Keeney, sat down with Assistant Special Agent in Charge of the Atlanta Field Office, Maisha Horton, M.Tx., CFE, CAMS. Drawing on 23 years of service, ASAC Horton discussed the practical application of FinCEN’s recent Frequently Asked Questions Regarding Suspicious Activity Reporting Requirements, emphasizing a clear theme: quality over quantity.

The Narrative Is the Signal

According to ASAC Horton, the single most important element of a high-value SAR is the narrative. “The SARs that tell a story are the most impactful,” she explained. A technically complete form with a sparse or conclusory narrative—e.g., “suspected money laundering”—does little to assist investigators.

Cash deposits alone are not illegal. Structuring below reporting thresholds may or may not be suspicious depending on context. What matters is why the institution believes the activity warrants attention. Timelines, customer interactions, deviations from expected business profiles, and connections to other accounts all help law enforcement quickly assess investigative merit.

Clear articulation of the institution’s reasoning is what ultimately narrows investigative scope. A well-drafted narrative demonstrates that a risk-based analysis occurred internally, that alternative explanations were considered, and that the activity rose to a level warranting reporting. In high-volume jurisdictions, that clarity may be the difference between a SAR that is surfaced and one that is effectively lost in the noise. Because SARs are confidential under federal law, institutions can—and should—use the narrative strategically: including relevant account numbers, related entities, and industry descriptors where appropriate to enhance searchability and help investigators efficiently connect related activity across institutions.

Volume Creates Its Own Risk

Each month, IRS-CI downloads thousands of SARs in large districts. Investigative teams must triage quickly. “If everything is important, then nothing is important,” ASAC Horton noted.

Defensive filing—driven primarily by fear of examiner criticism—can unintentionally create reputational and supervisory risk. A sudden surge of low-value SARs following an enforcement action may suggest internal control weaknesses rather than remediation. Over-volume also strains investigative capacity, potentially delaying review of time-sensitive evidence.

FinCEN has cautioned institutions against flooding the system with low-value filings, reinforcing that the Bank Secrecy Act is intended to be risk-based, not purely threshold-driven. Quality reporting strengthens examiner confidence and enhances law enforcement outcomes; indiscriminate reporting does neither.

Practical Enhancements Institutions Can Implement

ASAC Horton offered several concrete recommendations for compliance teams:

• Establish timelines. Suspicious activity typically reflects patterns, not isolated transactions. Demonstrating duration and repetition adds investigative value.
• Align activity with stated business purpose. If transactions deviate materially from the customer’s profile, explain how.
• Include relevant account numbers and identifiers in the narrative. Investigators often search by narrative text; repeating key data points enhances searchability.
• Document internal review steps. Briefly noting what was considered—and why the activity was deemed suspicious—provides clarity.
• Preserve ephemeral evidence. If video or other time-sensitive records exist, identify and retain them early.

Importantly, IRS-CI does not expect institutions to conduct full investigations. Rather, law enforcement asks institutions to identify where to begin.

A Collaborative Model

IRS-CI has launched outreach initiatives, including the “CI-FIRST” program, to partner directly with financial institutions and improve SAR effectiveness. These efforts reflect a shared goal: enhancing investigative signal while maintaining regulatory clarity.

The message from IRS-CI is clear: meaningful SAR narratives—not defensive volume—drive investigative value. For financial institutions, a risk-based approach centered on contextual, well-reasoned narratives strengthens internal controls, protects institutional credibility, and ensures significant activity receives appropriate attention. Quality over quantity is not only sound compliance practice, it is smart risk management.

FOOTNOTES

1. Financial Crimes Enforcement Network (FinCEN), Frequently Asked Questions Regarding Suspicious Activity Reporting Requirements (Oct. 9, 2025), https://www.fincen.gov/system/files/2025-10/SAR-FAQs-October-2025.pdf