FinCEN's New SAR FAQs: Easing the Compliance Burden

On October 9, 2025, FinCEN released four new frequently asked questions on suspicious activity reporting, clarifying obligations under the Bank Secrecy Act for financial institutions, including fintechs in payments and lending. These FAQs deviate from past guidance by correcting misinterpretations of earlier suggestions as mandatory requirements, emphasizing flexibility in risk-based approaches to reduce unnecessary burdens.

Key deviations include: For potential structuring (FAQ 1), transactions near the $10,000 CTR threshold alone do not trigger a SAR without evidence of evasion intent, shifting from common over-reporting practices. On continuing activity reviews (FAQ 2), there's no required separate post-SAR review of customers or accounts, countering the evolved interpretation of FinCEN's 2000 suggestion for 90-day filings as an expectation. Timelines for ongoing activity SARs (FAQ 3) are optional, not mandatory as per prior 90/120-day guidance from 2000 and 2012. Finally, documenting decisions not to file a SAR (FAQ 4) is not required under BSA regulations, despite FinCEN's previous encouragement in 2006 for such records.

For fintech service providers and neobanks partnering with sponsor banks, this cuts down on paperwork in high-transaction environments where false positives strain resources. Marketplace lenders and BNPL platforms should align AML programs with these clarifications, potentially lowering costs by emphasizing quality filings. The OCC echoed this in Bulletin 2025-31 on October 8, 2025, signaling coordinated enforcement. Firms need to review SAR thresholds and staff training to dodge exam issues. FDIC and OCC have reinforced these in recent updates, pointing to a more efficient regime. As compliance tools advance, incorporating this guidance helps spot risks early—skipping it risks penalties, so update frameworks promptly.