This is the accessible text file for GAO report number GAO-09-226 
entitled 'Bank Secrecy Act: Suspicious Activity Report Use Is 
Increasing, but FinCEN Needs to Further Develop and Document Its Form 
Revision Process' which was released on March 30, 2009. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Report to Congressional Requesters: 

United States Government Accountability Office: 
GAO: 

February 2009: 

Bank Secrecy Act: 

Suspicious Activity Report Use Is Increasing, but FinCEN Needs to 
Further Develop and Document Its Form Revision Process: 

GAO-09-226: 

GAO Highlights: 

Highlights of GAO-09-226, a report to congressional requesters. 

Why GAO Did This Study: 

To assist law enforcement agencies in their efforts to combat money 
laundering, terrorist financing, and other financial crimes, the Bank 
Secrecy Act (BSA) requires financial institutions to file suspicious 
activity reports (SAR) to inform the federal government of transactions 
related to possible violations of law or regulation. Depository 
institutions have been concerned about the resources required to file 
SARs and the extent to which SARs are used. GAO was asked to examine 
(1) factors affecting the number of SARs filed, (2) actions agencies 
have taken to improve the usefulness of SARs, (3) federal agencies’ use 
of SARs, and (4) the effectiveness of the process used to revise SAR 
forms. GAO reviewed laws and agency documents; analyzed SAR filings; 
and interviewed representatives from the Financial Crimes Enforcement 
Network (FinCEN), law enforcement agencies, bank regulators, and 
depository institutions. 

What GAO Found: 

In 2000 through 2007, SAR filings by depository institutions increased 
from about 163,000 to 649,000 per year; representatives from federal 
regulators, law enforcement, and depository institutions with whom GAO 
spoke attributed the increase mainly to two factors. First, automated 
monitoring systems can flag multiple indicators of suspicious 
activities and identify significantly more unusual activity than manual 
monitoring. Second, several public enforcement actions against a few 
depository institutions prompted other institutions to look more 
closely at client and account activities. Other factors include 
institutions’ greater awareness of and training on BSA requirements 
after September 11, and more regulator guidance for BSA examinations. 

FinCEN and law enforcement agencies have taken actions to improve the 
quality of SAR filings and educate filers about their usefulness. Since 
2000, FinCEN has issued written products with the purpose of making SAR 
filings more useful to law enforcement. FinCEN and federal law 
enforcement agency representatives regularly participate in outreach on 
BSA/anti-money laundering, including events focused on SARs. Law 
enforcement agency representatives said they also establish 
relationships with depository institutions to communicate with staff 
about crafting useful SAR narratives. 

FinCEN, law enforcement agencies, and financial regulators use SARs in 
investigations and financial institution examinations and have taken 
steps in recent years to make better use of them. FinCEN uses SARs to 
provide public and nonpublic analytical products to law enforcement 
agencies and depository institution regulators. Some federal law 
enforcement agencies have facilitated complex analyses by using SAR 
data with their own data sets. Federal, state, and local law 
enforcement agencies collaborate to review and start investigations 
based on SARs filed in their areas. Regulators use SARs in their 
examination process to assess compliance and take action against abuse 
by depository institution insiders. 

After revising a SAR form in 2006 that still cannot be used because of 
information technology limitations, in 2008, FinCEN developed a new 
process for revising BSA forms, including SARs, that may increase 
collaboration with some stakeholders, including some law enforcement 
groups concerned that certain of the 2006 revisions could be 
detrimental to investigations. However, the limited documentation on 
the process does not provide details to determine the degree to which 
the new process will incorporate GAO-identified best practices for 
enhancing and sustaining federal agency collaboration. For example, it 
does not specify roles and responsibilities for stakeholders or depict 
monitoring, evaluating, and reporting mechanisms. By incorporating some 
of these key collaboration practices and more fully developing and 
documenting its new process for form revisions, FinCEN could achieve 
some potential benefits that could come from closer adherence to the 
practices—such as greater consensus from all stakeholders on proposed 
SAR form revisions. 

What GAO Recommends: 

GAO recommends that the Secretary of the Treasury direct FinCEN to 
further develop a strategy that fully incorporates certain GAO-
identified practices to enhance and sustain collaboration among federal 
agencies into the forms-change process. The FinCEN Director generally 
agreed with the recommendation. 

To view the full product, including the scope and methodology, click on 
GAO-09-226. For more information, contact Jack Edwards at (202) 512-
8678 or edwardsj@gao.gov. 

[End of section] 

Contents: 

Letter: 

Results in Brief: 

Background: 

A Number of Factors Influenced the Large Increase in SARs Filed by 
Depository Institutions in 2000 through 2007: 

FinCEN and Law Enforcement Agencies Took Multiple Actions to Improve 
SAR Filings and Educate Filers about Their Usefulness in 
Investigations: 

Federal Agencies Use SARs in a Variety of Ways and Have Taken a Number 
of Actions in Recent Years to Make Better Use of Them: 

The Process FinCEN Used to Revise the SAR Did Not Result in a Usable 
Form and Its New Process Provides Few Details on How Past Problems Will 
Be Overcome: 

Conclusions: 

Recommendation for Executive Action: 

Agency Comments and Our Evaluation: 

Appendix I: Objectives, Scope, and Methodology: 

Appendix II: Comments from the Financial Crimes Enforcement Network: 

Appendix III: GAO Contact and Staff Acknowledgments: 

Tables: 

Table 1: Number of SARs Filed by Industry, Calendar Years 2000-2007: 

Table 2: Entities at Which Interviewees Provided Perspectives and 
Documentary Evidence for the Objectives: 

Figures: 

Figure 1: The Process for Filing and Accessing SARs: 

Figure 2: Change in Percentage of SARs Filed by Filing Type, Calendar 
Years 2004-2007: 

Figure 3: SARs Filed by Banks, Thrifts, and Credits Unions by Asset 
Size, Calendar Year 2007: 

Abbreviations: 

AML: anti-money laundering: 

BSA: Bank Secrecy Act: 

CBRS: Currency and Banking Retrieval System: 

CMP: civil money penalty: 

DEA: Drug Enforcement Administration: 

DOJ: Department of Justice: 

FBI: Federal Bureau of Investigation: 

FDIC: Federal Deposit Insurance Corporation: 

FinCEN: Financial Crimes Enforcement Network: 

HIFCA: High Intensity Financial Crime Area: 

IAP: institution-affiliated party: 

ICE: Immigration and Customs Enforcement: 

IRS: Internal Revenue Service: 

IRS-CI: Internal Revenue Service-Criminal Investigation: 

NCUA: National Credit Union Administration: 

OCC: Office of the Comptroller of the Currency: 

OTS: Office of Thrift Supervision: 

PRA: Paperwork Reduction Act: 

SAR: suspicious activity report: 

[End of section] 

United States Government Accountability Office:
Washington, DC 20548: 

February 27, 2009: 

The Honorable Barney Frank: 
Chairman: 
The Honorable Spencer Bachus: 
Ranking Member: 
Committee on Financial Services: 
House of Representatives: 

The Honorable Stephen F. Lynch: 
House of Representatives: 

In part, to assist law enforcement agencies in their efforts to combat 
money laundering, the financing of terrorist activities, and other 
financial crimes, the Bank Secrecy Act (BSA) requires financial 
institutions to inform the federal government of any suspicious 
transaction related to a possible violation of law or regulation. 
[Footnote 1] BSA--which the U.S. Department of the Treasury's 
(Treasury) Financial Crimes Enforcement Network (FinCEN) administers--
and its implementing regulations provide for the filing of suspicious 
activity reports (SAR) by depository institutions when they detect a 
known or suspected violation of any law or regulation. Under the 
regulations administered by FinCEN, a SAR is required when the 
suspicious activity involves a transaction of at least $5,000 conducted 
or attempted by, at, or through the institution; involves funds derived 
from illegal activities; is designed to evade any reporting requirement 
under federal law or other BSA requirement; has no business or apparent 
lawful purpose; or the transaction is not the sort in which the 
customer normally engages and there is no reasonable explanation known 
for the transaction. Suspicious activity reporting is one component of 
broader anti-money laundering (AML) programs that depository 
institutions (banks, thrifts, and credit unions) and other financial 
institutions implement to comply with BSA. A financial institution's 
decision to file a SAR may be subjective and is based on its knowledge 
of the customer and the customer's usual banking activity. 

Federal banking regulators--the Board of Governors of the Federal 
Reserve System (Federal Reserve), the Office of the Comptroller of the 
Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), the 
Office of Thrift Supervision (OTS), and the National Credit Union 
Administration (NCUA)--and state banking regulators examine depository 
institutions for compliance with BSA, generally as part of their 
regularly scheduled safety and soundness examinations.[Footnote 2] 
Depository institutions have been required to submit SARs since 1996, 
longer than any other type of financial institutions, and they file the 
majority of these reports. FinCEN issued regulations subsequent to 
passage of the USA PATRIOT Act of 2001 that added SAR filing 
requirements for securities and futures firms, money services 
businesses, casinos, and insurance companies, among others.[Footnote 3] 

Depository institutions have expressed concerns in congressional 
testimony about the resource challenges involved in complying with SAR- 
related requirements and the extent to which law enforcement agencies 
use SARs and other reports required under BSA. Federal law enforcement 
agency officials have testified they review and use SARs proactively-- 
separately and in multiagency teams, which often include state and 
local agencies--to identify potential money laundering cases and money 
laundering trends, in addition to using them in ongoing investigations 
of financing of terrorism and other financial crimes. They contend that 
SARs can be useful in investigations months or years after they have 
been filed, as the actions of subjects or co-conspirators are 
uncovered. Depository institution officials have commented they lack 
clear guidance on what law enforcement is looking for and finds useful 
in these reports. 

In this context, you requested that we examine a number of issues 
related to suspicious activity reporting, which is part of a larger 
body of work we are doing about FinCEN and its administration of BSA. 
Specifically, this report examines (1) the underlying factors that 
affected the number of SARs filed by depository institutions from 2000 
through 2007, (2) actions that federal agencies have taken to improve 
the usefulness of SARs for law enforcement, (3) ways in which federal 
agencies use SARs and actions they have taken to make better use of 
them, and (4) whether the process FinCEN uses to revise SAR forms is 
effective in assuring that information collected is appropriate for law 
enforcement needs. As agreed with your office, we focused our work on 
depository institutions. Related and ongoing GAO efforts will address 
other BSA-related issues. 

To address our objectives, we reviewed relevant laws, regulations, 
agency documents, and past GAO work. We interviewed representatives 
from FinCEN, the Federal Reserve, FDIC, OCC, OTS, and NCUA, as well as 
representatives from federal law enforcement agencies, including the 
Secret Service, the Internal Revenue Service-Criminal Investigation 
(IRS-CI), Immigration and Customs Enforcement (ICE), the Federal Bureau 
of Investigation (FBI), the Drug Enforcement Administration (DEA), and 
the Department of Justice (DOJ). We also obtained and analyzed data 
from FinCEN on depository institutions' SAR filings for calendar years 
from 2000 through 2007. We assessed the reliability of these data and 
found them sufficient for the purposes of this report. We interviewed 
representatives of the five largest depository institutions by number 
of SAR filings in 2007. We established 3 categories of depository 
institutions SAR filing numbers in 2007 and interviewed representatives 
from 15 depository institutions randomly selected from these categories 
about their experiences with SAR filing. We obtained data about SAR 
review teams (multiagency teams with federal, state, and local law 
enforcement representation) and interviewed staff from 13 teams 
randomly selected from these data. Similarly, we interviewed law 
enforcement representatives from High Intensity Financial Crime Areas 
(HIFCA) in Chicago, Illinois; Los Angeles, California; Miami, Florida; 
and New York, New York.[Footnote 4] We also obtained information from 
IRS (which stores and maintains BSA data for FinCEN) to determine the 
frequency with which federal and state law enforcement agencies access 
SAR data.[Footnote 5] 

We conducted this performance audit in from July 2007 through February 
2009 in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. Appendix I 
explains our scope and methodology in greater detail. 

Results in Brief: 

From 2000 through 2007, depository institutions filed an increasing 
number of SARs each year and representatives from federal regulators, 
law enforcement, and depository institutions with whom we spoke 
attributed the increase to a number of factors. According to FinCEN 
data, SAR filings by depository institutions increased from 
approximately 163,000 in 2000 to more than 649,000 in 2007. Our 
analysis of SAR and banking data from 2004 through 2007 indicates that 
the growth rates in SAR filings varied over time among depository 
institutions of different asset sizes. For example, the greatest 
increase in SARs filed during this period by the largest depository 
institutions occurred from 2004 to 2005, and SARs filed by small credit 
unions nearly doubled from 2005 to 2006. Representatives of federal 
banking regulators, law enforcement agencies, and depository 
institutions most frequently attributed the increase to two factors: 
technological advances in detecting suspicious activity and the effect 
of public enforcement actions on institutions. According to the 
representatives, automated transaction monitoring systems can flag 
multiple indicators of suspicious activity and identify much more 
unusual activity than could be identified manually. At the largest 
depository institutions, these systems conduct complex analyses 
incorporating customer profiles. The representatives also said that 
issuance of several public enforcement actions in 2004 and 2005 with 
civil money penalties (CMP) and forfeitures up to $40 million against a 
few depository institutions prompted many institutions to file more 
SARs after looking more closely at their clients and their account 
activities. FinCEN and the federal banking regulators took the actions 
because of systemic BSA program noncompliance, which sometimes included 
failures to meet SAR filing requirements. DOJ also has taken action 
against a limited number of depository institutions that involved fines 
and penalties of up to $40 million. Depository institution 
representatives with whom we spoke also cited a third factor that 
influenced the increase--concerns they would receive criticisms during 
examinations about decisions not to file SARs. To avoid such criticism, 
they said their institutions filed SARs even when they thought a SAR 
may have been unnecessary--a practice sometimes referred to as 
"defensive SAR filing." However, according to the federal regulators 
and some law enforcement officials with whom we spoke, there is no 
means of determining what, if any, portion of the increase in filings 
could be attributed to defensive filing. Additional factors 
representatives suggested as contributing to the increase include 
institutions' greater awareness of BSA requirements after September 
2001, more regulator guidance for BSA examinations, and increased BSA- 
related training at the institutions. 

FinCEN and law enforcement agencies have taken multiple actions to 
improve the quality of SAR filings and educate filers about their 
usefulness. Since 2000, FinCEN has issued written products with the 
purpose of making SAR filings more useful to law enforcement. These 
include (1) a regularly issued publication for all financial 
institutions that gives tips on topics such as the preparation of SARs 
and (2) SAR-related guidance for depository institutions and other SAR 
filers. For example, FinCEN issued guidance on addressing common errors 
in suspicious activity reporting in 2007 and filing SARs about the 
proceeds of foreign corruption in early 2008. FinCEN representatives 
also help educate filers by regularly participating in outreach events 
on BSA/AML issues, including events focused on SARs. FinCEN chairs the 
Bank Secrecy Act Advisory Group--a forum for federal agencies and 
financial industry representatives--to discuss BSA administration, 
including SAR-related issues. Federal law enforcement agency 
representatives said actions they have taken to improve SARs' 
usefulness include conducting outreach events and establishing 
relationships with depository institutions in their local areas to 
communicate with staff about crafting useful SAR narratives. 
Representatives from some multiagency law enforcement teams told us 
that they subsequently noticed improved SAR narratives from local 
depository institutions. 

FinCEN, law enforcement agencies, and banking regulators use SARs in 
investigations and depository institution examinations and have taken 
steps in recent years to make better use of them. FinCEN uses SARs to 
provide a number of public and nonpublic analytical products to law 
enforcement agencies and depository institution regulators. In 2004 and 
2005, several federal law enforcement agencies signed memorandums of 
understanding with FinCEN to receive bulk BSA data, including SARs. 
They combined these data with information from their law enforcement 
databases to facilitate more complex and comprehensive analyses. 
Different types of team structures have been established to better 
analyze SARs. For example, in 2000 and again in 2003, DOJ issued 
guidance that encouraged the formation of SAR review teams with 
federal, state, and local representation. These teams review SARs filed 
in their area on a monthly basis to determine which would merit 
additional investigation for a variety of suspected financial crimes. 
In 2006, DOJ and IRS-CI collaborated on a pilot to create task forces 
and add federal prosecutors to augment SAR review teams in selected 
districts. These task forces specifically investigate possible BSA 
violations that have the potential for seizures or forfeitures. The 
regulators use SARs in their depository institution examination scoping 
and also review SARs relating to known or suspected unlawful activities 
by current and former institution-affiliated parties, including 
officers, directors, and employees. Although law enforcement agency 
representatives generally were satisfied with their ability to access 
BSA data, various agencies and multiagency teams we interviewed said 
that formatting and other issues related to the data system slowed 
their downloads and reviews. FinCEN and IRS officials said that, when 
budgetary resources are available, these and other data management 
challenges will be addressed as part of FinCEN's technology 
modernization plan, developed in collaboration with IRS. 

FinCEN encountered a number of problems in its most recent revision of 
the SAR form; although FinCEN has developed a new process for form 
revisions, the information currently available on the process is 
limited and does not fully indicate how FinCEN will avoid or address 
some of the problems previously encountered. FinCEN and the federal 
banking regulators issued proposed substantive and formatting revisions 
to the SAR form in 2006. The revisions to the form were finalized but, 
because of technology limitations with IRS's data management system, 
the revised form has not been implemented. Law enforcement agency 
officials we interviewed had mixed views on the proposed revisions to 
the form. They generally supported most of the proposed revisions, but 
some felt they had been insufficiently consulted and also expressed 
concerns that some revisions could affect their work negatively. For 
example, one change would replace the name and title of a person with 
personal knowledge about the suspicious activity with a contact office, 
possibly increasing the time it would take law enforcement 
investigators to reach a person knowledgeable about the suspicious 
activity. However, banking regulators supported this change because of 
concerns that a SAR with a named contact listed could jeopardize the 
safety and privacy of that person if it were inappropriately disclosed. 
FinCEN has developed a new form revision process that it says it will 
use to revise BSA forms, including SARs. The documentation of the 
planned process suggests some greater stakeholder involvement at an 
early stage of the process, but the documentation for the new process 
that we received does not indicate FinCEN has fully incorporated 
certain GAO-identified practices that can enhance and sustain 
collaboration among federal agencies. In a previous report, we 
identified such practices--for example, that collaborating agencies 
define a common outcome; agree on their respective roles and 
responsibilities, including how the collaborative effort will be led; 
and create the means to collect information on, monitor, evaluate, and 
report their efforts to enable them to identify areas for 
improvement.[Footnote 6] If FinCEN more fully incorporated some of 
these key collaboration practices FinCEN might achieve some potential 
benefits from closer adherence to the practices--such as greater 
consensus from all stakeholders on proposed SAR form revisions. 

We are recommending that the Secretary of the Treasury direct the 
Director of FinCEN to further develop and document its strategy to 
fully incorporate certain GAO-identified practices to enhance and 
sustain collaboration among federal agencies into the form change 
process and distribute that documentation to all stakeholders. In 
written comments on this report, the FinCEN Director said he generally 
agreed with our recommendation and that FinCEN recognized the need to 
work with a diverse range of stakeholders to revise BSA forms. 

Background: 

This section provides general information on how federal agencies carry 
out BSA responsibilities, what their SAR reporting requirements are, 
the mechanisms they use to monitor suspicious activity, and law 
enforcement agencies that use SARs. 

FinCEN and Other Federal Agencies Carry Out BSA Responsibilities: 

The Secretary of the Treasury delegated overall authority for 
enforcement of, and compliance with, BSA and its implementing 
regulations to the Director of FinCEN. FinCEN's role is to oversee BSA 
administration. To fulfill this role, FinCEN develops policy and 
provides guidance to other agencies, analyzes BSA data for trends and 
patterns, and pursues enforcement actions when warranted. However, 
FinCEN also relies on other agencies in implementing the BSA framework. 
These activities include (1) ensuring compliance with BSA requirements 
to report suspicious activity and certain financial transactions and 
taking enforcement actions, when necessary; (2) collecting and storing 
the reported information; and (3) taking enforcement actions or 
conducting investigations of criminal financial activity. 

FinCEN relies on other agencies to conduct examinations to determine 
compliance with, BSA and its implementing regulations. The Secretary of 
the Treasury delegated BSA examination authority for depository 
institutions to five banking regulators--the Federal Reserve, OCC, OTS, 
FDIC, and NCUA.[Footnote 7] The federal regulators examine an 
institution's policies and procedures for monitoring and detecting 
suspicious activity as part of their examination programs.[Footnote 8] 
Periodic on-site safety and soundness and compliance examinations are 
conducted to assess an institution's financial condition, policies and 
procedures, adherence to BSA regulations (for example, filing of SARs 
and other BSA-related reports), and compliance with other laws and 
regulations. These examinations generally are conducted every 12 to 18 
months at small-to-midsized depository institutions (such as community 
banks, midsize banks, savings associations, and credit unions) on the 
basis of the regulator's rating of the institution's risk. At large 
complex banking organizations and large banks, federal regulators 
conduct examinations on a continuous basis in cycles of 12 to 18 
months. Banking regulators use SARs in their scoping for these 
examinations. 

Depository institutions file SARs and other BSA reports with FinCEN. 
Under a long-standing cooperative arrangement with FinCEN, IRS's 
Enterprise Computing Center-Detroit serves as the central point of 
collection and storage of these data. The center maintains the 
infrastructure needed to collect the reports, convert paper and 
magnetic tape submissions to electronic media, and correct errors in 
submitted forms through correspondence with filers.[Footnote 9] IRS 
investigators and other authorized officials access the data system 
directly through IRS's intranet site in what is known as the Web 
Currency and Banking Retrieval System (WebCBRS). FinCEN controls non- 
IRS law enforcement users' access to BSA data in WebCBRS through a 
portal called Secure Outreach.[Footnote 10] 

Federal regulators and FinCEN can bring formal enforcement actions, 
including CMPs, against institutions for violations of BSA. For 
instance, federal regulators and FinCEN may assess a CMP against 
depository institutions for significant BSA violations, including the 
failure to file SARs and establish and implement an AML program that 
conforms to federal regulations as required by BSA. Formal enforcement 
actions generally are used to address cases involving systemic, 
repeated noncompliance; failure to respond to supervisory warnings; and 
other violations. However, most cases of BSA noncompliance are 
corrected within the examination framework through supervisory actions 
or letters that document the institution's commitment to take 
correction action. 

Whereas FinCEN and the regulators can take a variety of civil actions 
against depository and other financial institutions, DOJ may bring 
criminal actions against individuals and corporations, including 
depository and other financial institutions, for money laundering 
offenses and certain BSA violations. The actions may result in criminal 
fines, imprisonment, and forfeiture actions. Institutions and 
individuals willfully violating BSA and its implementing regulations, 
and structuring transactions to evade BSA reporting requirements, are 
subject to criminal fines, prison, or both.[Footnote 11] DOJ generally 
identifies institutions violating BSA regulations through criminal 
investigations of the institutions' customers. Some corrective actions 
taken against depository institutions have resulted in guilty pleas and 
others resulted in deferred prosecution agreements, contingent on the 
depository institutions' cooperation and implementation of corrective 
actions. In each case, the depository institution paid a monetary 
penalty or was required to forfeit assets, or both. 

Law enforcement agencies in DOJ and the Department of Homeland Security 
use SARs in their investigations of money laundering, terrorist 
financing, and other financial crimes. Entities in DOJ that are 
involved in efforts to combat money laundering and terrorist financing 
include FBI; DEA; the Department's Criminal and National Security 
Divisions; the Bureau of Alcohol, Tobacco, Firearms, and Explosives; 
the Executive Office for U.S. Attorneys; and U.S. Attorneys' Offices. 
The Secret Service and ICE; (in the Department of Homeland Security) 
also investigate cases involving money laundering and terrorist 
activities. IRS-CI uses BSA information to investigate possible cases 
of money laundering and terrorist financing activities. Federal and 
multiagency law enforcement teams, which may include state and local 
law enforcement representatives, also use SAR data to provide 
additional information about subjects, such as previously unknown 
addresses; businesses and personal associations; and banking activity 
during ongoing investigations. 

BSA Requires Depository Institutions to Report Suspicious Activity and 
the Institutions Implement Policies and Procedures to Facilitate Such 
Reporting: 

Among its provisions, the Annunzio-Wylie Anti-Money Laundering Act 
(Annunzio-Wylie) amended BSA by authorizing Treasury to require 
financial institutions to report any suspicious transaction relevant to 
a possible violation of a law.[Footnote 12] As authorized by Annunzio- 
Wylie, FinCEN issued a regulation in 1996 requiring banks and other 
depository institutions to report, using a SAR form, certain suspicious 
transactions involving possible violations of law or regulation, 
including money laundering.[Footnote 13] During the same year, the 
federal banking regulators issued regulations requiring all depository 
institutions to report suspected money laundering, as well as other 
suspicious activities, using the SAR form. 

In general, depository institutions are required to file a SAR for 
suspected insider abuse by an employee; known or suspected violations 
of law for transactions aggregating $5,000 or more where a suspect can 
be identified; known or suspected violations of law for transactions 
aggregating to $25,000 or more regardless of a potential suspect; and 
potential money laundering or violations of BSA for transactions 
aggregating to $5,000 or more.[Footnote 14] The SAR rules require that 
a SAR be filed no later than 30 calendar days from the date of the 
initial detection of the suspicious activity, unless no suspect can be 
identified. If no suspect can be identified, the filing period is 
extended to 60 days. In addition, banks should report continuing 
suspicious activity by filing a report at least every 90 days. 
Depository institutions can file a SAR through the mail or 
electronically through FinCEN's BSA E-File program. 

Depository institutions implement policies, procedures, and systems to 
monitor for and identify suspicious activity.[Footnote 15] In addition 
to following regulations and guidance related to identifying suspicious 
activities, depository institutions develop monitoring procedures, 
which typically encompass identification or referrals by employees who 
conducted the transaction for the customer, manual systems, automated 
systems, or any combination thereof. Manual monitoring might consist of 
staff reviewing reports generated by the institution's management 
information systems. Large depository institutions that operate in many 
locations or have a relatively large number of high-risk customers 
generally use automated account-monitoring systems--computer programs 
that are developed in-house or purchased from vendors for the purpose 
of identifying individual transactions, patterns of unusual activity, 
or deviations from expected activity. In general, these systems capture 
a wide range of activity, such as deposits, withdrawals, funds 
transfers, automated clearing house transactions, and automated teller 
machine transactions directly from the institution's core data 
processing system. After identification of unusual activity, depository 
institution staff conduct additional research to determine whether to 
file a SAR. (The process is summarized in figure 1, which also depicts 
SAR data collection, storage, and access.) 

Figure 1: The Process for Filing and Accessing SARs: 

[Refer to PDF for image: illustration] 

Conductor: 
Depository institutions are required to file a SAR no later than 30 
days following the discovery of any known or suspected: 
* Violations aggregating to $5,000 or more where a suspect can be 
identified; 
* Violations of the BSA or potential money laundering aggregating 
$5,000 or more; 
* Insider abuse involving any amount. 

Bank staff and systems: 
Institution staff or automated monitoring systems identify unusual 
activity. Alerts of such activity are forwarded to the BSA compliance 
officer for review. 

Compliance officer: 
The compliance officer conducts research and decides to file, signs the 
SAR, and sends it electronically to FinCEN, or through the mail 
directly to IRS’s Enterprise Computer Center. 
* Monitors for continuing suspicious activity and files additional SARs 
every 90 days if activity continues. 
* Maintains a copy of all filed SARs and supporting documentation for 5 
years from the date of filing. 
Stop: Decides not to file and documents the reasons; 
Signed: Suspicious activity report. 

IRS/FinCEN: 

IRS WebCBRS SARs and other BSA reports database: 
Feeds IRS-CI; 
Feed FinCEN; 
Web Portal: Enables non-IRS users to access BSA data: 
Federal, state, and local law enforcement agencies; 
Federal, and state regulators; 
Access to SARs. 

Sources: GAO analysis; Art Explosion (images). 

[End of figure] 

The interagency examination manual that the regulators use says that 
depository institutions are encouraged to document SAR decisions. 
[Footnote 16] Additionally, banks must retain copies of SARs including 
supporting documentation for 5 years from the date of the report. 
[Footnote 17] In addition to filing a timely SAR, an institution must 
notify an appropriate law enforcement authority, such as IRS-CI or FBI, 
for situations involving violations that require immediate attention. 

A Number of Factors Influenced the Large Increase in SARs Filed by 
Depository Institutions in 2000 through 2007: 

For calendar years 2000 through 2007, SAR filings almost quadrupled. 
Although depository institutions accounted for the majority of SAR 
filings, other institutions increased the number of their filings also. 
Representatives of depository institutions, federal banking regulators, 
and law enforcement agencies identified a number of factors that, in 
their view, collectively contributed to the increase in SAR filings. 
The most frequently cited were technology (in the form of automated 
monitoring systems) and the effects of public enforcement actions. 
Representatives also cited an increased awareness of the risks of 
terrorist financing and other financial crimes after September 11 and 
improved knowledge of BSA requirements and issues resulting from 
regulator and institution guidance and training. 

Depository Institutions Filed the Majority of SARs from 2000 through 
2007, and Filings Varied across Asset Size Categories: 

FinCEN data show that for calendar years 2000 through 2007, SAR filings 
by depository institutions increased, from approximately 163,000 in 
2000 to more than 649,000 in 2007. In 2007, depository institutions 
filed approximately 52 percent of all SARs.[Footnote 18] Depository 
institutions have been subject to SAR-related requirements for a longer 
period of time than any other financial services industry and they have 
filed more SARs every year from 2000 through 2007 than other industries 
(see table 1).[Footnote 19] The number of SARs filed by depository 
institutions also increased faster in some years than in others. 

Table 1: Number of SARs Filed by Industry, Calendar Years 2000-2007: 

Industry: Depository institutions; 
2000: 162,720; 
2001: 203,528; 
2002: 273,823; 
2003: 288,343; 
2004: 381,671; 
2005: 522,655; 
2006: 567,080; 
2007: 649,176. 

Industry: Money services businesses: 
2000: [Empty]; 
2001: [Empty]; 
2002: 5,723; 
2003: 209,512; 
2004: 296,284; 
2005: 383,567; 
2006: 496,400; 
2007: 578,439. 

Industry: Casinos and card clubs; 
2000: 464; 
2001: 1,377; 
2002: 1,827; 
2003: 5,095; 
2004: 5,754; 
2005: 6,072; 
2006: 7,285; 
2007: 9,943. 

Industry: Securities and futures firms; 
2000: [Empty]; 
2001: [Empty]; 
2002: [Empty]; 
2003: 4,267; 
2004: 5,705; 
2005: 6,936; 
2006: 8,129; 
2007: 12,881. 

Industry: Total; 
2000: 163,184; 
2001: 204,905; 
2002: 281,373; 
2003: 507,217; 
2004: 689,414; 
2005: 919,230; 
2006: 1,078,894; 
2007: 1,250,439. 

Source: FinCEN. 

Note: The following are the number of SARs filed from January 1, 2008, 
through June 30, 2008: depository institutions, 343,974; money services 
businesses, 250,180; casinos and card clubs, 5,377; securities and 
futures firms, 7,058. 

[End of table] 

Our analysis of FinCEN and banking asset data indicated that in 2004 
through 2007, the number of SARs filed varied across depository 
institutions of different asset sizes (see figure 2) and the variations 
occurred at different points in time. The largest yearly increase in 
the number of SARs filed by very large banks and thrifts (those with 
total assets of $50 billion or more) occurred from 2004 to 2005, 
whereas the greatest increase in the number of SARs filed by small 
credit unions (those less than $10 million in total assets) occurred 
from 2005 to 2006. 

Figure 23: Change in Percentage of SARs Filed by Filing Type, Calendar 
Years 2004-2007: 

[Refer to PDF for image: vertical bar graph] 

Credit unions: Small (Less than $10 million); 
2004-2005: 79%; 
2005-2006: 85%; 
2006-2007: 25%. 

Credit unions: Medium (from $10 million to $100 million); 
2004-2005: 112%; 
2005-2006: 53%; 
2006-2007: 28%. 

Credit unions: Large (greater than $100 million); 
2004-2005: 109%; 
2005-2006: 62%; 
2006-2007: 21%. 

Banks and thrifts: Small (Less than $100 million); 
2004-2005: -19%; 
2005-2006: -1%; 
2006-2007: 0%. 

Banks and thrifts: Medium (from $100 million up to $1 billion); 
2004-2005: 37%; 
2005-2006: 18%; 
2006-2007: 1%. 

Banks and thrifts: Large (from $1 billion up to $50 billion); 
2004-2005: 37%; 
2005-2006: 9%; 
2006-2007: -3%. 

Banks and thrifts: Very large ($50 billion or greater); 
2004-2005: 42%; 
2005-2006: 2%; 
2006-2007: 5%. 

Source: GAO analysis of FinCEN, Federal Reserve, and NCUA data. 

[End of figure] 

In 2007, the 31 very large banks and thrifts accounted for almost half 
(about 44 percent) of SARs filed by depository institutions, although 
such institutions represented less than 0.5 percent of depository 
institutions (see figure 3). In addition, banks and thrifts with total 
assets from $1 billion up to $50 billion filed more than 30 percent of 
SARs during the same period. Credit unions of all asset sizes filed 
less than 10 percent of all SARs filed by depository institutions, 
despite constituting nearly 35 percent of all depository institutions. 

Figure 3: SARs Filed by Banks, Thrifts, and Credits Unions by Asset 
Size, Calendar Year 2007: 

[Refer to PDF for image: table] 

Banks and thrifts: 

Category of institutions assets: Very large ($50B or more); 
Percent of all SARs filed: 44.2%; 
Percent of all institutions that filed SARS: 0.3%; 
Institutions that filed SARS: 31. 

Category of institutions assets: Large ($1B - <$50B); 
Percent of all SARs filed: 32.5%; 
Percent of all institutions that filed SARS: 5.9%; 
Institutions that filed SARS: 550. 

Category of institutions assets: Mid-sized ($100M - <$1B); 
Percent of all SARs filed: 11.1%; 
Percent of all institutions that filed SARS: 39.6%; 
Institutions that filed SARS: 3,693. 

Category of institutions assets: Small (<$100M); 
Percent of all SARs filed: 2.5%; 
Percent of all institutions that filed SARS: 19.5%; 
Institutions that filed SARS: 1,823. 

Credit unions: 

Category of institutions assets: Large ($100M or more); 
Percent of all SARs filed: 7.7%; 
Percent of all institutions that filed SARS: 11.8%; 
Institutions that filed SARS: 1,105. 

Category of institutions assets: Mid-sized ($10M - <$100M); 
Percent of all SARs filed: 1.8%; 
Percent of all institutions that filed SARS: 18.5%; 
Institutions that filed SARS: 1,729. 

Category of institutions assets: Small (<$10M)
Percent of all SARs filed: 0.2%; 
Percent of all institutions that filed SARS: 4.3%; 
Institutions that filed SARS: 399. 

Total: 
Percent of all SARs filed: 100$; 
Percent of all institutions that filed SARS: 100%; 
Institutions that filed SARS: 9,330. 

Source: GAO analysis of FinCEN, Federal Reserve, and NCUA data. 

[End of figure] 

Multiple Factors Contributed to the Increases in Depository 
Institutions' SAR Filings from 2000 through 2007: 

Representatives from depository institutions, federal banking 
regulators, and law enforcement agencies identified a number of factors 
that, in their view, collectively contributed to the increases in SAR 
filings by depository institutions from 2000 through 2007. Because of 
the subjective nature of these factors, the relative influence of 
individual factors on SAR filing increases cannot be determined. One of 
the most frequently identified reasons for the increases was the 
implementation of automated monitoring systems at depository 
institutions. According to most users of such systems at depository 
institutions and federal regulator representatives, these systems are 
capable of identifying significantly more unusual transactions than 
could be identified manually by institution staff. For example, FinCEN 
representatives said most institutions have adopted systems that are 
capable of identifying possible structuring activity--currency 
transactions carried out in a manner that would avoid the $10,000 
threshold that would trigger mandatory currency transaction reporting 
by depository institutions.[Footnote 20] Representatives from OCC noted 
that more sophisticated systems at larger institutions also are capable 
of incorporating demographic information about the customers and their 
transaction histories into system alerts of potentially suspicious 
activity. Depository institution staff use the information in the 
alerts to assist in their investigations and decide whether to file a 
SAR. 

Representatives from various federal agencies and depository 
institutions we interviewed said that highly publicized enforcement 
actions taken by the federal banking regulators and FinCEN, and 
criminal fines by DOJ against systemic BSA noncompliance--some of which 
included significant SAR failures--also have contributed to the 
increases in SAR filings. Specifically, they noted that in 2004 FinCEN 
and OCC concurrently assessed $25 million in CMPs against Riggs Bank 
for significant and willful BSA violations. In 2005, DOJ announced that 
Riggs Bank pled guilty to criminal violations of BSA, involving 
repeated and systemic SAR-related failures. Similarly, representatives 
noted the 2004 $40 million forfeiture and deferred prosecution 
agreement into which DOJ entered with AmSouth Bank for SAR failures, 
and the concurrent assessment by FinCEN and the Federal Reserve of a 
$10 million CMP against AmSouth Bank to address significant BSA 
reporting failures and serious weaknesses in BSA compliance policies 
and procedures. Many of our depository institution interviewees said 
that the DOJ action against AmSouth Bank and other actions raised 
concerns in the banking industry that institutions would be targeted 
routinely for criminal investigation and prosecution for failure to 
properly implement BSA requirements, such as the failure to file a SAR. 
However, in past work, we noted that DOJ pursued investigations against 
a limited number of depository institutions.[Footnote 21] DOJ officials 
said that investigations of depository institutions for criminal 
violations of BSA generally have not involved negligence in reporting a 
limited number of suspicious transactions. Furthermore, DOJ officials 
said that depository institutions that have been cited for "one-off" 
BSA violations generally would not face law enforcement investigation 
or charges of criminal violation of BSA if they were otherwise had 
effective BSA compliance programs. 

Most representatives from depository institutions of varying asset 
sizes we interviewed said that SARs filed to avoid potential criticism 
during examinations were referred to as "defensive" filings and also 
contributed to the increases in SAR filings. Although representatives 
from most institutions said that filed relatively few SARs that they 
sometimes filed defensive SARs, representatives from some institutions 
that filed higher numbers of SARs said their institutions generally did 
not. We asked Federal Reserve, FDIC, and NCUA officials whether 
defensive filing was occurring, and they characterized the information 
as anecdotal. Additionally, officials at FinCEN and OCC said their 
agencies separately conducted analyses of the practice, and those 
analyses indicated little evidence of defensive filing. The SAR 
guidance in the interagency examination manual that regulators use 
states the decision to file a SAR is inherently subjective and directs 
examiners to focus on whether the institution has an effective SAR 
decisionmaking process, rather than on individual SAR filing decisions. 
According to the manual, in those instances where the institution has 
an established SAR decisionmaking process; has followed existing 
policies, procedures, and processes; and has decided not to file a SAR, 
examiners generally should not criticize the institution for not filing 
a SAR.[Footnote 22] The federal banking regulators and FinCEN 
characterized the issue as less frequently discussed within the banking 
industry now than earlier in the decade. 

Furthermore, officials from the federal banking regulators and FinCEN 
provided varying perspectives on what could be considered defensive SAR 
filing. According to Federal Reserve officials, SARs filed as a result 
of the bank's effort to comply with the 30-day requirement could be 
considered defensive if, to meet the deadline, depository institutions 
filed SARs before fully investigating anomalous transactions. According 
to FinCEN officials, even when the institution is not certain the 
observed activity is suspicious, an institution's decision to file 
fulfills the obligation to report the activity. FinCEN officials said 
they would not consider it to be defensive filing if an institution 
erred on the side of caution and filed a complete and accurate SAR, 
even when the institution was not certain that the observed activity 
was suspicious. Filing the SAR would fulfill the requirement to report. 

Federal regulators and depository institution representatives we 
interviewed generally indicated that the passage of the USA PATRIOT Act 
in 2001 and issuance of the interagency examination manual likely 
contributed to increases in SAR filings. According to Federal Reserve 
officials, the act generally increased awareness among depository 
institutions of SAR requirements. Representatives from several 
depository institutions also said that they used the interagency manual 
to train staff on SAR filing and supporting documentation requirements, 
and that the manual has helped improve their BSA compliance programs in 
general. Many depository institution representatives we interviewed 
said that their SAR filings increased because of their improved BSA 
compliance programs. 

FinCEN and Law Enforcement Agencies Took Multiple Actions to Improve 
SAR Filings and Educate Filers about Their Usefulness in 
Investigations: 

FinCEN and law enforcement agencies have taken several steps to improve 
SAR filings and educate filers about their usefulness in 
investigations. FinCEN has issued written products that report trends 
in SAR data, provide tips on filing SARs and present examples of SAR 
use in law enforcement investigations. It issued guidance to improve 
the quality of SARs filed. Additionally, FinCEN representatives 
regularly participated in conferences and outreach events for BSA/AML 
issues, including events focused on SARs. FinCEN also chairs a group of 
federal agency and financial industry representatives that discusses 
BSA administration, including SAR-related issues. Federal law 
enforcement representatives said they conduct outreach events and work 
with depository institutions to improve SAR narratives. 

FinCEN Has Issued Written Products and Worked with Other Agencies to 
Make Financial Institution SARs More Useful: 

Since 2000, FinCEN regularly has provided tips about SAR preparation in 
publications for all financial institutions, including depository 
institutions. In October 2000, FinCEN first published The SAR Activity 
Review: Trends, Tips and Issues, which addresses topics related to 
suspicious activity reporting, trends and analyses regarding BSA data, 
law enforcement cases assisted by BSA data, and other issues. FinCEN 
describes this typically semiannual publication as the product of 
continuing dialogue and close collaboration among the nation's 
financial institutions, law enforcement officials, and financial 
regulators. Its goal is to provide meaningful information about the 
preparation, use, and value of SARs and other BSA reports filed by 
financial institutions.[Footnote 23] Most recently, the publication 
addressed issues such as how to determine when the 30-day deadline to 
report suspicious activity begins. According to FinCEN's annual report 
for fiscal year 2007, 70 percent of financial institutions that 
participated in a survey conducted by an external contractor found The 
SAR Activity Review to be "highly useful." 

FinCEN also has posted on its Web site a variety of written guidance 
documents for depository institutions and other SAR filers to assist 
them in making the filings more useful to law enforcement agencies. For 
example, in April 2008, FinCEN posted guidance that addressed SAR 
filings about the proceeds of foreign corruption. In the guidance, 
FinCEN directed filers, when appropriate, to include the term "foreign 
corruption" in their narratives to ensure that law enforcement agencies 
identify these transactions as soon as possible. In 2007, FinCEN issued 
guidance regarding 10 of the most common SAR filing errors and ways 
filers could avoid them.[Footnote 24] Among other issues, the guidance 
addressed the importance of explaining why the reported transaction was 
suspicious, and said that not including an explanation would diminish 
the usefulness of the SAR to law enforcement and other users. More 
specifically, FinCEN asserted that most inadequate SAR narratives 
repeated information from other fields on the form and did not 
sufficiently describe why the transaction was suspicious in light of 
the nature and expected activity of the customer. 

In addition to providing guidance on SAR filing and usefulness, FinCEN 
representatives regularly participated in outreach events about BSA/AML 
issues. According to FinCEN, its representatives participated in more 
than 300 conferences and intergovernmental meetings during fiscal years 
2006 through 2008, a number of which focused on SAR-related issues. The 
Bank Secrecy Act Advisory Group, which FinCEN chairs, and its two SAR- 
focused subcommittees have served as a forum for industry, regulators, 
and law enforcement to communicate about how law enforcement uses SARs 
and other BSA data.[Footnote 25] The advisory group's subcommittees 
facilitate discussion about how record-keeping and reporting 
requirements can be improved to enhance use and minimize costs to 
filers. FinCEN officials said they began outreach in 2008 to the 
largest depository institutions in the country to learn more about how 
their AML programs function, which they said will enhance their ability 
to provide industry feedback and ensure that the administration of the 
BSA regulatory program is based on sound knowledge of industry 
practices and the challenges of implementing AML programs. FinCEN said 
it plans to expand this outreach to other industries in 2009. 

Law Enforcement Agencies Conduct Outreach Efforts and Build 
Relationships to Improve the Quality of SAR Narratives and 
Communication with Institutions: 

Representatives from federal law enforcement agencies we interviewed 
said that they conducted outreach events and developed relationships 
with local depository institutions to improve SAR narratives and alert 
the institutions to criminal activity the agencies are targeting in 
investigations. Although representatives of federal and state law 
enforcement agencies and multiagency teams generally described 
depository institutions' SAR narratives as adequate, many described 
efforts aimed at improving the quality of SAR narratives and 
establishing relationships with the institutions. For example, 
according to ICE representatives, more than 100 of their investigators 
serve as points of contact for financial institutions through ICE's 
Cornerstone program, which is intended to develop working partnerships 
and information-sharing strategies with private industry to target 
activities of criminal organizations in the financial system. They said 
that since 2004, ICE has carried out about 4,000 "contacts" or 
presentations made to the financial services industry through the 
program. FBI representatives said that in addition to national outreach 
efforts, field offices have sponsored conferences at their local banks. 
DEA representatives said that specific outreach efforts at several 
institutions--intended to assist institutions in assessing their 
detection and monitoring protocols and improving their SAR narratives-
-also allowed them to establish relationships with compliance staff and 
obtain a working knowledge of institutions' compliance programs. 

In addition, representatives from most multiagency law enforcement 
teams we interviewed said that their teams conducted some type of 
regional or local outreach that included instruction on drafting SAR 
narrative statements. Representatives from multiple teams noted that 
regional conferences in their respective areas sponsored by IRS and 
U.S. Attorneys Offices provided feedback on writing good narrative 
statements and discussed examples of well-and poorly written 
narratives. Representatives from one team said they noticed an 
improvement in the quality of SAR narratives immediately following the 
events. 

Federal Agencies Use SARs in a Variety of Ways and Have Taken a Number 
of Actions in Recent Years to Make Better Use of Them: 

FinCEN, law enforcement agencies, and financial regulators use SARs in 
investigations and financial institution examinations and have taken 
steps in recent years to make better use of them. FinCEN uses SARs to 
provide a number of public and nonpublic analytical products to law 
enforcement agencies and depository institution regulators. For 
example, in 2005, FinCEN agreed to provide several federal law 
enforcement agencies access to bulk BSA data, including SARs. They 
combined these data with information from their law enforcement 
databases to facilitate more complex and comprehensive analyses. In 
2000 and again 2003, DOJ issued guidance that encouraged the formation 
of SAR review teams with federal, state, and local representation. In 
2006, DOJ and IRS-CI collaborated on a pilot effort to create task 
forces and add federal prosecutors to augment SAR review teams in 
selected districts. The regulators use SARs in their depository 
institution examination scoping and also review SARs regarding known or 
suspected unlawful activities by current and former institution- 
affiliated parties (IAP), including officers, directors, and employees. 
Although law enforcement agency representatives generally were 
satisfied with WebCBRS, various agencies and multiagency teams we 
interviewed said that formatting and other issues related to the data 
system slowed their downloads and reviews. FinCEN and IRS officials 
said these and other data management challenges will be addressed as 
part of FinCEN's technology modernization plan, developed in 
collaboration with IRS. 

FinCEN Uses SARs to Provide a Variety of Analytical Products and 
Support to Federal and State Agencies: 

FinCEN uses SAR data to provide various types of nonpublic analytical 
products to federal and state agencies in addition to publicly 
available reports. Since 2002, FinCEN has combined BSA data with its 
own data sets to produce reports. In addition to BSA data, FinCEN 
analysts have access to criminal report information through the 
National Crime Information Center, law enforcement databases, or 
FinCEN's law enforcement agency liaisons. FinCEN also maintains a 
database of its own proactive casework and its support of other 
agencies' investigations. FinCEN analysts also have access to 
commercial databases that contain identifying information on 
individuals and businesses. FinCEN has conducted many nonpublic 
analyses using SAR data, in response to requests from law enforcement 
agencies. For example, in 2007, FinCEN provided a federal law 
enforcement agency with a complex, large-scale BSA data analysis about 
subjects of interest that were identified in SARs filed by depository 
institutions and other entities. In another example, FinCEN provided a 
similar analysis to another law enforcement agency on suspicious 
currency flows between the United States and foreign governments 
targeted by law enforcement. In 2007, FinCEN also began providing 
banking departments in the 50 states, the District of Columbia, Puerto 
Rico, and the U.S. Virgin Islands with nonpublic analyses of SAR data 
and other selected BSA reports in what are called BSA Data Profiles, 
which are based on SAR filings throughout the year in their respective 
state or territory. According to FinCEN's fiscal year 2008 annual 
report, it added new content to the 2008 data profiles and plans to 
continue to provide these to the states annually. 

FinCEN has issued public analyses using SAR data that identified trends 
and typologies in the reporting of suspicious activity in key 
businesses and professions. For example, in 2006 and 2008, FinCEN 
conducted a self-initiated assessment to identify trends or patterns 
among SARs about suspected mortgage loan fraud. The SARs on which the 
2006 assessment was based reported that suspected mortgage loan fraud 
in the United States continues to rise, and has risen 35 percent in the 
past year. The 2006 report stated that SARs included in this assessment 
reported suspicious activity related to mortgage fraud in all 50 
states, the District of Columbia, Puerto Rico, Guam, and American 
Samoa. Also, in 2008, FinCEN conducted a separate study of suspected 
money laundering in the residential real estate industry based on SARs. 

FinCEN provides other types of support to law enforcement agencies. For 
example, FinCEN provides a full-time analyst to most HIFCAs to help 
them more effectively analyze SAR data. Representatives from one HIFCA 
we interviewed said their FinCEN analyst has done analyses of SARs and 
other data related to their region. FinCEN also provides training and a 
database template to law enforcement agencies with access to BSA data 
to help them download and analyze SARs more effectively. In addition, 
several law enforcement officials we spoke with told us that they 
receive FinCEN alerts when more than one user has queried its WebCBRS 
about the same SAR to help them avoid duplicating investigations. 

Law Enforcement Agencies Have Taken a Variety of Actions to Increase 
Their Use of SARs in Their Investigations: 

Federal law enforcement agencies have taken actions to more effectively 
analyze SAR data including obtaining access to bulk downloads of BSA 
data, which they integrate with their own data sets. Different types of 
team structures have been established to better analyze SARs. According 
to DOJ, some districts began SAR review teams in the 1990s. In 2006, 
DOJ and IRS collaborated on a pilot effort to create task forces to 
pursue SAR-initiated investigations. Tracking of SAR use by law 
enforcement agencies varies. 

Some Federal Law Enforcement Agencies Have Facilitated Complex Analyses 
by Using SAR Data with Their Own Data Sets: 

Federal agencies, separately and in collaboration with other agencies, 
have taken actions to more effectively analyze SAR data, particularly 
by better integrating BSA data with other law enforcement data. 
Beginning in 2004, several federal law enforcement agencies (including 
FBI, the Secret Service, ICE, and the Organized Crime Drug Enforcement 
Task Force's Fusion Center) signed memorandums of understanding with 
FinCEN that allowed them to obtain access to bulk downloads of SARs and 
other BSA data.[Footnote 26] The agencies conduct sophisticated and 
wide-ranging analyses more readily with the bulk downloads than is 
possible by accessing the BSA database remotely and querying it for 
specific records. According to these officials, the analyses they 
conduct using SAR data and their own data sets further their 
investigations by enabling them to make links they could not make 
without access to bulk SAR data. For example: 

* FBI incorporates SARs into its Investigative Data Warehouse, a 
database that includes 50 different data sets, which facilitates 
complex analyses. FBI identifies financial patterns associated with 
money laundering, bank fraud, and other aberrant financial activities. 
FBI officials told GAO that FBI uses the results from SAR analyses in 
cross-program investigations of criminal, terrorist, and intelligence 
networks. In addition, FBI has developed a new tool that allows users 
in the field to quickly and easily categorize, prioritize, and analyze 
suspects named in SARs and other available intelligence. 

* Secret Service representatives said their agents use combined data 
from the bulk downloads and their own repositories with various 
analytical models to map and track trends in financial crimes. They 
said the information is being used to model present and future 
financial crime trends; identify, locate, and link suspects involved in 
complex criminal cases; and identify financial accounts for asset 
forfeiture proceedings. 

* ICE has combined BSA data, including SARs, with import and export 
data for selected countries to help identify and detect discrepancies 
or anomalies in international commerce that might indicate trade-based 
money laundering. 

* The Organized Crime Drug Enforcement Task Force's Fusion Center 
integrates information from bulk BSA and other law enforcement 
databases and conducts investigative analyses.[Footnote 27] Center 
staff can search the databases of several federal entities at one time 
rather then relying on individual searches. Users indicated they can 
easily produce comprehensive integrated intelligence products and 
charts without having to take independent information from various 
sources for manual compilation. 

* IRS integrates SARs and other BSA data that it maintains for FinCEN 
with other information to advance its own investigative efforts. For 
example, IRS-CI investigators said the agency's Reveal system 
integrates BSA, tax, and counterterrorism data and allows them to 
conduct remote queries to identify financial crimes, including 
individual and corporate tax frauds, and terrorist activity. Reveal 
also allows users to sort, group, and export data from multiple 
information repositories, including combinations of databases, as well 
as discover and graphically show relationships among entities and 
patterns in the data. IRS-CI can generate reports from the system that 
contain names, Social Security numbers, addresses, and other personal 
information of individuals suspected of financial crimes. 

* Multiagency law enforcement teams also incorporate SAR data into 
their analyses. IRS and DEA agents at one HIFCA combined resources and 
said they can now conduct investigative analyses of all SARs in the 
region within DEA's Narcotics and Dangerous Drugs Information System. 
Representatives from another HIFCA also said they analyze criminal 
activities and SAR filings in those areas known to be problematic, such 
as a known drug trafficking area. 

DOJ Encouraged the Development of Law Enforcement Teams to Review SARs 
and Initiate Investigations: 

In 2000 and 2003, DOJ issued guidance to encourage the use of SAR data 
by multiple federal and state law enforcement agencies in what are 
known as SAR review teams. As of February 2008, the over 80 SAR review 
teams located across the country vary in level of human capital and 
other resources. Typically, an IRS agent serving as the coordinator 
downloads the SARs and prioritizes them for review during a team's 
monthly meetings. Some SAR review teams screen SARs against criteria 
such as the dollar amount involved in the transaction, number of SARs 
filed on the same subject, pattern for structuring, criminal history of 
the subject, business the subject may be in, and agency interest. The 
number of SARs downloaded and reviewed varies across geographical 
areas. For example, some teams may download and review as many as a 
thousand SARs per month; and others, 50-100. Coordinators generally 
told us that although some SARs are not discussed at the meetings and 
some do not result in investigations, someone from the team reviews all 
SARs that were filed in their area. Although the downloaded SARs may 
come from several industries (such as money services businesses, or 
mortgage lenders), a number of the teams we interviewed said the great 
majority of the SARs they reviewed came from the depository 
institutions. 

Some of the SAR review team representatives we interviewed said they 
mostly review SARs proactively to generate investigative leads and 
reactively to support ongoing investigations. According to some DOJ 
officials, the proactive use of SARs by a team is aimed at initiating a 
variety of investigations and increasing synergies. Some review team 
participants also told us a SAR may have more value to law enforcement 
at a later stage, as more SARs are filed on the same individual. They 
also said these review groups generally invite representatives from 
federal law enforcement agencies, financial regulators, U.S. Attorneys' 
Offices, local prosecutors, and local police departments to discuss 
recently filed SARs pertinent to their geographic area. Participants 
also learn which agencies are interested in following up on information 
provided in the SARs. Some of the investigations that are the result of 
SAR review team efforts focused on money laundering, tax evasion, drug 
trafficking, and mortgage fraud. According to DOJ officials, other 
goals in developing SAR review teams included reducing duplication of 
investigative efforts across investigative agencies and increasing the 
efficient use of resources. 

DOJ and other agencies also participate in proactive reviews of SARs 
through the National SAR Review Team. DOJ's Asset Forfeiture and Money 
Laundering Section created the National SAR Review Team in May 2007. 
The national team, which this DOJ section leads, was created to pursue 
cases that fall outside the scope of a local SAR review team. 
Representatives from federal law enforcement agencies and FinCEN 
participate on the national team and meet monthly. According to DOJ, 
the team and all participants make recommendations on which cases to 
pursue. The national team reviews SARs that report on activities that 
are complex and/or multijurisdictional in nature, often involving 
foreign nationals. According to DOJ representatives, the national team 
asks FinCEN for assistance on a case-by-case basis, and FinCEN has 
referred multijurisdictional cases to the team. 

DOJ and IRS Collaborated on a Pilot Effort to Create Task Forces to 
Work on SAR-initiated Investigations: 

In 2006, DOJ and IRS collaborated on a pilot effort to create task 
forces of full-time investigators and added federal prosecutors to work 
on SAR-initiated investigations. The Attorney General's Advisory 
Council identified the districts in which the task forces were to 
operate. IRS and DOJ also wanted state and local enforcement agencies 
to be actively involved in this effort because they could present state 
and local crime perspectives.[Footnote 28] Some DOJ officials also 
noted that this multiagency initiative could translate to more 
synergies and coordination to avoid duplication of efforts. IRS staff 
in task force districts currently serve on both the task forces and SAR 
review teams. An IRS representative said that IRS expected that its 
staff would continue participating in both teams. Further, IRS 
representatives said the task forces and SAR review teams complemented 
each other, and maintaining the relationship with SAR review teams was 
integral to avoiding duplicative investigative efforts. 

However, the task forces and SAR review teams differ in key respects. 
IRS staff generally characterized the task forces as more focused than 
the SAR review teams. According to IRS staff, the task force model 
lends itself to investigations of BSA violations that have the 
potential for seizure or forfeiture under BSA, as well as prosecution. 
IRS staff further noted these types of investigations generally involve 
BSA violations for which IRS has investigative responsibility--currency 
and cash structuring, and certain money laundering offenses. According 
to an IRS-CI official, task forces are able to dedicate more staff and 
staff time to cases. For example, Treasury's Executive Office of Asset 
Forfeiture funds the operating costs for most task force members to 
work on the task force full time, thereby enabling them to work on more 
cases and on more complex problems. In contrast, the IRS representative 
said SAR review team members typically serve on a part-time basis and 
conduct SAR-related investigations in addition to other 
responsibilities. 

Some Federal and State Agencies and Law Enforcement Teams Track Varying 
Types of Information about SAR Use: 

FinCEN, IRS, and federal law enforcement agencies and teams track 
information about SAR data access and how SAR information has been used 
in investigations in varying degrees. Through its Gateway program, 
FinCEN tracks the numbers of WebCBRS users' queries and views of BSA 
data that are conducted as discrete downloads of individual BSA 
reports, including SARs.[Footnote 29] IRS-CI staff access WebCBRS 
directly through IRS's intranet. According to IRS staff, IRS provides 
its users the ability to capture additional details about SAR use 
through IRS-CI's case management system, which captures certain 
information related to investigations and tracks the use and value of 
BSA information in three ways. First, the system identifies all 
investigations where the source of the investigation is a SAR (or 
another BSA document). Second, for all nontax investigations, it may 
identify what types of BSA documents were of use or value to the 
investigation. Third, the system tracks all investigations developed 
with the SAR review teams and their general investigation case numbers. 
IRS-CI representatives said they also use a program that aids in the 
review and tracking of team decisions about SARs that were reviewed to 
avoid duplicative investigations. 

In general, IRS-CI staff serving on SAR review teams or HIFCAs track 
which SARs they download for the teams and which agencies are pursuing 
investigations based on the SARs the team reviewed. Although DOJ does 
not require SAR review teams to compile statistics about their SAR use, 
some SAR review team representatives we interviewed said they have 
plans to track their use of SARs in greater detail. For example, some 
teams track or have plans to track the number of seizures and 
indictments associated with the investigations initiated from SARs they 
have reviewed. 

Finally, representatives from some of the state and local enforcement 
agencies we interviewed said they track the number of SARs they 
reviewed while others said they did not. 

Federal Banking Regulators Use SARs in Their Supervision of Depository 
Institutions: 

According to the interagency BSA/AML examination manual the regulators 
are to assess depository institutions' SAR compliance during 
examinations. The regulators conduct periodic on-site examinations to 
assess an institution's financial condition, policies and procedures, 
and adherence to laws and regulations such as BSA. During examinations, 
examiners download and review SARs as part of their efforts to assess 
institutions' (1) suspicious activity monitoring and reporting systems, 
(2) the decisionmaking process for SAR filings, (3) SAR quality, and 
(4) assess a bank's internal controls. For example, examiners conduct 
transaction testing on samples of downloaded SARs to determine whether 
institutions' SAR-related policies, procedures, and processes are 
adequate and effectively implemented and whether the filed SARs were 
complete and accurate.[Footnote 30] 

In addition to examining depository institutions for compliance with 
SAR requirements, the regulators track and review SAR information as 
part of their enforcement actions against institution-affiliated 
parties (IAP)--that are known or suspected of being involved in 
unlawful activities and breaches of trust.[Footnote 31] The Federal 
Deposit Insurance Act generally allows the federal bank and thrift 
regulators to suspend, remove, or prohibit IAPs from participating in 
the affairs of depository institutions or working in the banking 
industry if the IAP is charged or convicted with certain crimes 
involving dishonesty, breach of trust, or money laundering. For 
example, according to federal banking regulator representatives, their 
agencies generally track and review information from SARs filed by the 
depository institutions they supervise that indicate suspected abuse by 
someone inside the institution. Depository institutions are required to 
file SARs to report insider abuse including all known or suspected 
criminal activity committed or attempted against the institution. 
Officials from the Federal Reserve, OCC, FDIC, and OTS said their 
respective agencies have programs in place to track and review SARs 
about IAPs. They described how information from these SARs is used as 
part of efforts to take action against IAPs involved in theft, fraud, 
and other unlawful activity at the depository institutions.[Footnote 
32] For example, OCC has a Fast Track Enforcement Program that 
implements streamlined enforcement procedures to be used in specific 
situations in which there is a conviction of, and admission by, or 
clear evidence that an IAP has committed a criminal act or other 
significant acts of wrong doing involving a national bank that are 
actionable under the OCC's enforcement authority. The Federal Credit 
Union Act provides the same enforcement authority to NCUA. NCUA reviews 
all SARs filed by credit unions on IAPs to determine whether it is 
appropriate to pursue administrative action to remove or prohibit the 
person from working in the banking industry or require restitution. 

BSA Database Issues Present Some Challenges for Law Enforcement and 
Banking Agencies when Downloading and Reviewing SARs: 

Federal, state, and local agencies have experienced some data 
management challenges when downloading and reviewing SARs and other BSA 
reports. Although law enforcement agency representatives noted they 
were generally satisfied with WebCBRS, representatives from various law 
enforcement agencies and multiagency law enforcement teams we 
interviewed expressed some specific concerns related to the formatting 
and the efficiency of downloading of SARs from the database. For 
example, representatives from some SAR review teams said the SAR data 
they download through WebCBRS appear in all capital letters and without 
other formatting, which makes reviewing SARs more difficult and time 
consuming. Other SAR review team representatives said that another 
formatting problem arises when filers organize information about 
transactions and dates within tables included in their SAR narratives; 
when downloaded from WebCBRS, the tables appear as lines of unformatted 
information without columns or headings. An IRS-CI official commented 
that these formatting issues are particularly challenging for law 
enforcement teams that review large numbers of SARs. Representatives 
from some SAR review teams and HIFCAs we interviewed said their teams 
download and review approximately 1,000 or more SARs each month. Data 
management staff at IRS and FinCEN identified limitations in the 
mainframe environment from which WebCBRS evolved as the cause of these 
formatting concerns and noted that SARs appear this way for all WebCBRS 
users. An IRS data management representative commented that depository 
institutions and commercial software companies often prepare formatted 
tables within SAR narratives as part of their AML software packages. 
The representative noted that WebCBRS is unable to retain such 
formatting. 

Representatives from the federal banking regulators and a state banking 
department we interviewed also described limits on the amount of BSA 
information that can be downloaded in the examination process. 
Specifically, they said that during examinations of institutions that 
file more than 20,000 reports within an examination cycle, examiners 
are unable to download all of the SARs or other BSA reports in a single 
download session. According to representatives from the federal banking 
regulators, examiners at each agency must divide their SAR downloads 
into multiple batches. Data management staff at FinCEN said the purpose 
of the 20,000 limit is to prevent users with large download requests 
from diminishing the speed of the system for other users. Although 
federal banking regulators have taken steps to deal with these 
challenges, representatives from these agencies still generally 
characterized the download process as inefficient because of the 
additional time needed to conduct separate queries. They also noted 
that download sessions for SARs and other BSA reports, such as currency 
transaction reports, sometimes expire before completing the data 
request. 

Representatives from FDIC, the Federal Reserve, OTS, and OCC expressed 
concerns about the quality of data obtained through WebCBRS. FDIC 
representatives said the inability to download all appropriate SARs in 
one attempt raises concerns about whether any of the downloads are 
complete, as well as concerns about the possibility of citing a bank 
for an apparent violation for failure to file a SAR because that record 
was not in the information downloaded from WebCBRS. Federal Reserve and 
OTS representatives cited concerns about the integrity of WebCBRS and 
whether all SAR and currency transaction report data are properly 
uploaded. OCC representatives also expressed concerns about the quality 
of BSA data in WebCBRS. They noted that because of these concerns and 
data management issues, in 2004, they requested and obtained bulk 
access to SAR data for the institutions OCC supervises. OCC 
representatives also said they then spent a significant amount of funds 
and resources to develop a customized data system to conduct analyses 
of SARs. 

FinCEN and IRS officials said these and other data management 
challenges will be addressed as part of FinCEN's information technology 
modernization plan, developed in collaboration with IRS. In response to 
a recommendation we made in 2006, FinCEN, in collaboration with IRS, is 
developing a long-term comprehensive plan for re-engineering BSA data 
management activities.[Footnote 33] In fiscal year 2007, FinCEN 
launched an initiative to maximize BSA data quality and value by more 
consistently identifying, documenting, prioritizing, and addressing BSA 
data requirements and quality issues. As part of the initiative, FinCEN 
established a Data Management Council to provide internal and external 
data users with a clear means of identifying and communicating data 
issues, requirements, and business priorities; validating resolution of 
data issues; and jointly establishing priorities for taking data 
management actions. The council consists of approximately 35 
representatives from FinCEN, financial regulators, law enforcement 
agencies, and IRS. FinCEN officials also said that FinCEN has an 
Integrated Product team, consisting of FinCEN staff, which developed a 
strategy for the information technology modernization plan. FinCEN 
officials expected implementation of the modernization plan to take 
from 3 to 5 years. According to FinCEN, the team also developed a list 
of approximately 300 capabilities that are desired in a new system. 
FinCEN officials also said that team spent 2007 and 2008 focusing on 
repairing identified problems with the current system, reformulating 
processes, and working to make the system as effective as possible. 
FinCEN officials were reluctant to commit to a timeline, as the work 
will depend on budget allocations and FinCEN's working relationship 
with IRS counterparts. 

The Process FinCEN Used to Revise the SAR Did Not Result in a Usable 
Form and Its New Process Provides Few Details on How Past Problems Will 
Be Overcome: 

FinCEN worked with other agencies in 2006 to create a new SAR form for 
depository institutions that was not implemented, and a recently 
developed document outlining a new form revision process appears to 
address some--but not all--of the collaboration-related problems 
encountered in 2006. FinCEN and the federal banking regulators issued 
proposed substantive and formatting revisions to the SAR form in 2006; 
however, because of technology limitations, the revised form was not 
implemented. Law enforcement agency officials we interviewed had mixed 
views on the proposed revisions to the form. They generally supported 
most of the proposed revisions, but some felt they had been 
insufficiently consulted and also expressed concerns to us that some 
revisions could affect their work negatively. We have identified 
practices that can help enhance agencies' collaborative efforts such as 
those needed to revise the SAR form.[Footnote 34] FinCEN has identified 
some steps it intends to use to improve collaboration; however, details 
on the process are limited. For example, the documentation for the new 
process that we received does not indicate that FinCEN has incorporated 
practices for agency collaboration, such as defining a common outcome; 
agreeing on agency or individual roles and responsibilities; and 
including a mechanism to monitor, evaluate, and report on how the 
process worked. Although not all of the practices we identified for 
collaboration are applicable to the forms revision process, if FinCEN 
implemented such collaboration practices for SAR form revisions, it may 
achieve greater consensus from all stakeholders. 

FinCEN Postponed Implementation of a Revised SAR for Depository 
Institutions Due to Technology Limitations: 

In 2006, FinCEN revised the form that depository institutions use to 
report suspicious activities, but the revised form still cannot be used 
because of continuing information technology limitations. In accordance 
with the Paperwork Reduction Act (PRA) of 1995, FinCEN and the federal 
banking regulators must periodically renew the SAR form used by 
depository institutions and seek public comment.[Footnote 35] Among 
other things, PRA requires the balancing of two potentially competing 
purposes: minimizing the paperwork burden on filers and maximizing the 
utility of the information collected in forms required by the 
government. To satisfy PRA requirements, FinCEN and other agencies 
assess the SAR forms approximately every 3 years to determine if 
revisions should be made. 

In February 2006, in advance of the form's expiration, FinCEN and the 
federal banking regulators issued proposed revisions to and 
reformatting of the SAR form.[Footnote 36] An important goal in 
revising the form was allowing affiliated institutions to jointly file 
a SAR. FinCEN and the federal banking regulators submitted the proposed 
revisions to the Office of Management and Budget for approval and 
published them in the Federal Register for public comment. In June 
2006, FinCEN and OCC, OTS, FDIC and NCUA advised the public that the 
agencies had submitted the proposed revisions to the Office of 
Management and Budget for approval, summarized the comments received 
and the disposition of issues raised by respondents, and requested 
additional comments on the proposed changes.[Footnote 37] The Federal 
Reserve issued notice of final approval by the Federal Reserve Board of 
Governors in a separate Federal Register notice on July 5, 
2006.[Footnote 38] In December 2006, FinCEN announced on its Web site 
that SAR-filing institutions would begin using the revised form on June 
30, 2007. However, in May 2007, FinCEN announced in a Federal Register 
notice it would postpone implementation of the revised form.[Footnote 
39] In the May 2007 notice, FinCEN identified the cause of the delay as 
"recently implemented data quality initiatives." 

When we discussed the delay with FinCEN officials, they indicated data 
management staff had identified problems in implementing a BSA data 
quality management program, which was part of a larger and recently 
initiated information technology modernization strategy with IRS. 
FinCEN and IRS agreed to focus on optimizing the current database 
environment before introducing any new products or procedures. 
According to a senior FinCEN official, FinCEN thus delayed 
implementation of the revised SAR to focus on the overall modernization 
effort. Rather than undertake another revision of the form in 2009 (3 
years from the prior revision), FinCEN plans to renew but make no 
changes to the form the Office of Management and Budget approved in 
2006, and direct filers to continue to use the 2003 form. 

Some Law Enforcement Agencies Had Mixed Views on the Proposed Revisions 
to the SAR Form: 

Law enforcement agency representatives we interviewed had mixed views 
on the proposed revisions to the SAR form. Although they generally 
supported a key proposed revision, some law enforcement agency 
representatives we interviewed believed certain proposed revisions 
could be detrimental to their investigations. Representatives from DOJ, 
FBI, Secret Service, ICE, the New York HIFCA, and some SAR review teams 
generally expressed support for the change allowing affiliated 
institutions to jointly file a SAR (that is, two entities belonging to 
the same financial organization could file a single SAR for a 
suspicious activity that affected both). However, representatives from 
IRS-CI and some HIFCAs and SAR review teams said other revisions could 
affect their work negatively. One revision causing concern involved 
replacing the name and title of a person with personal knowledge about 
the suspicious activity with a contact office. IRS-CI officials, some 
Assistant U.S. Attorneys, coordinators from other SAR review teams, and 
HIFCA representatives said the revision might make it more difficult 
for investigators to reach an individual with personal knowledge of the 
suspicious activity. However, the Federal Register notice indicated 
that this action was taken with the approval of the banking agencies 
and law enforcement as a measure to protect the filer if information 
from a SAR-Depository Institution was inadvertently disclosed. 

Similarly, representatives from some SAR review teams and HIFCAs we 
interviewed expressed concerns about removing the field that SAR filers 
currently use to indicate they have contacted a law enforcement agency 
and instead relying on filers to include this information in the SAR 
narrative. The Federal Register notice indicates this change was being 
made to simplify the form. Most SAR review team coordinators and HIFCA 
representatives we interviewed said they use this information to avoid 
duplicating or jeopardizing ongoing investigations related to the SAR. 

Furthermore, the process used to revise the form may have contributed 
to these unresolved differences of opinions about what should be 
changed on the SAR form and the potential effects of the revisions that 
were made. FinCEN officials said they developed draft revisions from a 
running list of recommendations and comments related to suspicious 
activity reporting from law enforcement investigators and other 
agencies. Representatives from agencies that have liaisons at FinCEN, 
including DEA, FBI, ICE, IRS-CI, and the Secret Service, noted they 
were not involved in identifying the issues or concerns that could be 
addressed through revisions to the SAR form.[Footnote 40] According to 
some law enforcement officials, they did not have an opportunity to 
provide input at all (for example, SAR review teams), other than 
providing public comments. When we subsequently asked FinCEN officials 
about these participation concerns, they indicated that federal law 
enforcement agency liaisons, whose agencies participate on SAR review 
teams, had not expressed similar concerns to them and then discussed 
the process they had used to develop the form and solicit feedback from 
law enforcement. FinCEN sought and obtained feedback through e-mail 
from law enforcement agency liaisons stationed at FinCEN. FinCEN 
officials characterized this feedback to us as not involving any 
significant objections to the proposed revisions and described it as 
editorial in nature. FinCEN officials noted they also did not know the 
extent to which law enforcement agency liaisons sought feedback from 
staff at the field office level within their respective agencies. 

FinCEN Has Developed a New Process for Revising Forms, but Details 
about the Process Are Limited and Do Not Include Some Important 
Collaborative Practices and Mechanisms: 

FinCEN has developed a new process it intends to use in the future when 
revising SAR and other forms; however, documentation on the process 
does not include some collaborative practices. In May 2008, FinCEN 
developed a new form change management process under the auspices of 
its Data Management Council. FinCEN indicated the goals of the process 
include improving implementation of revisions to BSA forms by FinCEN, 
other agencies, and parties, as well as communication among them. 
FinCEN provided us with a briefing and some documentation on its new 
process. 

FinCEN's briefing and documentation indicate that FinCEN has begun to 
address some of the previously identified collaboration-related 
problems. The information we received generally covered issues such as 
interactions among external and internal stakeholders, and general 
steps used to develop and propose form changes. For instance, the early 
stages of the new process include collaboration with IRS data 
management staff regarding system applications and other data-related 
issues. This early involvement could help avoid a repeat of the 
problems related to implementation of the 2006 revision. Similarly, 
FinCEN officials said they plan to include a representative for SAR 
review teams on the Data Management Council. 

However, neither the briefing nor the documentation provided much 
detail on some considerations and activities important to such a 
collaborative effort such as the timeline for completing the various 
stages in the process; the different roles and responsibilities of the 
stakeholders in the various stages of the process (for instance, FinCEN 
has not identified specific council members that would be involved in 
providing input on proposed changes); or a mechanism to monitor, 
evaluate, and report on the process. Nor did the documentation reflect 
collaboration with federal prosecutors. Although FinCEN officials said 
that they plan to include a representative for SAR review teams on the 
Data Management Council, the documentation did not indicate 
collaboration with these teams or other multiagency law enforcement 
teams, such as HIFCAs. Our prior report on practices that help enhance 
collaboration emphasizes the usefulness of these missing elements. 
[Footnote 41] For example, we noted that to work effectively across 
agency lines, agency staff ought to define and articulate the common 
federal outcome or purpose they are seeking to achieve, consistent with 
their respective agency goals and missions; define and agree on their 
respective roles and responsibilities, including how the collaborative 
effort will be led; and have processes to monitor, evaluate, and report 
on their efforts to enable them to identify areas for improvement. As 
noted above, FinCEN was unaware of some law enforcement 
representatives' concerns about some of the changes to the SAR form in 
2006 and bank regulators relied on FinCEN to get law enforcement's 
input. This situation indicates that stakeholders in the SAR revision 
process had not agreed the common outcome they wanted to achieve and 
that communication and collaboration among SAR form stakeholders might 
not have been adequate. 

If FinCEN continues to use the process as it is currently outlined, it 
may not achieve some potential benefits that could come from closer 
adherence to practices that can help enhance and sustain collaboration, 
such as greater consensus from all stakeholders on proposed SAR form 
revisions, and fuller documentation of the process. The lack of 
information developed for monitoring and evaluating the process could 
impede agency management as it seeks to make future improvements to the 
SAR form and respond to the concerns and needs of both SAR filers and 
users. The gathering of such information could provide empirical 
evidence about how well the process worked, what problems occurred, or 
what issues were identified. Furthermore, more detailed documentation 
about the process could advance collaborative efforts involving a wide 
variety of stakeholders by providing all stakeholders with a better 
understanding of how the process is designed to work, thereby building 
trust and facilitating communication. 

Conclusions: 

The issues associated with the most recent revisions to the SAR form 
for depository institutions present challenges for FinCEN. They 
highlight the difficulties of addressing potentially competing 
objectives stemming from PRA requirements--that new federal forms be 
designed not only to maximize their usefulness but also minimize burden 
on filers--and engaging a wide variety of stakeholders. SARs are a key 
information source for federal, state, and local law enforcement 
agencies, as well as the federal regulators. Because the information 
they contain is critical for investigations of money laundering, 
terrorist financing, and other financial crimes, it is important that 
the SAR form be designed to collect the information that is most useful 
for law enforcement. Similarly, federal regulators use them during 
examinations of depository institutions' compliance with BSA. Yet given 
the potential burden of SAR filings, especially for depository 
institutions--the most frequent filers--it is important the process 
used to revise the form be a collaborative effort that helps to ensure 
all stakeholders' concerns are considered and potential problems 
identified. 

While FinCEN and other agencies worked to create and finalize a new SAR 
form for depository institutions through the PRA, data management 
issues suspended the implementation of the 2006 revision. Although law 
enforcement representatives' views on the revised form were mixed, we 
found that the process FinCEN used may not have addressed some law 
enforcement concerns and introduced changes that some law enforcement 
representatives said could diminish the utility of the form for their 
investigative purposes. In addition, some law enforcement 
representatives expressed concerns that they were not involved in the 
process early. Bank regulators, on the other hand, were satisfied with 
the proposed changes. Many such problems in multiagency efforts could 
be mitigated with greater attention to the practices we have outlined 
for enhancing and sustaining collaboration among federal agencies. 
Implementation of such practices also may enable law enforcement and 
regulators to reach greater consensus on proposed changes. However, 
FinCEN's documentation for implementing the forms change management 
process does not necessarily include all law enforcement stakeholders, 
such as federal prosecutors and multiagency law enforcement teams. 

Although FinCEN may be able to address some of the issues it 
encountered in the 2006 revision, FinCEN does not appear to have fully 
developed a process detailed enough to help ensure such an outcome. It 
does not provide details on some important considerations (such as the 
articulation of a common outcome or agreed-upon roles and 
responsibilities of individuals and agencies at each stage of the 
process) and omits another critical practice entirely--a mechanism for 
monitoring, evaluating, and reporting. By better incorporating 
collaborative practices, such as detailing individual and agency roles 
and responsibilities and documenting the entire process, FinCEN can 
further develop a strategy that will improve the SAR form and balance 
the possibly competing needs of different stakeholders. And, by 
incorporating mechanisms to document, monitor, evaluate, and report on 
the process, key decisionmakers within agencies can obtain valuable 
information and assessments that could improve both policy and 
operational effectiveness. Finally, by more fully documenting its 
process, FinCEN likely will enhance its communications and 
collaboration with stakeholders. 

Recommendation for Executive Action: 

To better ensure that future revisions to the SAR form result in 
changes that can be implemented and balance the differing needs of all 
stakeholders, we recommend that the Secretary of the Treasury direct 
the Director of FinCEN to further develop and document its strategy to 
fully incorporate certain GAO-identified practices to help enhance and 
sustain collaboration among federal agencies into the form change 
process and distribute that documentation to all stakeholders. Such 
practices could include defining and articulating the common federal 
outcome or purpose they are seeking to achieve; defining and agreeing 
on their respective roles and responsibilities; and having processes to 
monitor, evaluate, and report on their efforts to enable them to 
identify areas for improvement. 

Agency Comments and Our Evaluation: 

We provided a draft of this report to the heads of the Departments of 
Homeland Security, Justice, and the Treasury; the Federal Reserve, 
FDIC, NCUA, OCC, OTS, and IRS. We received written comments from 
FinCEN, which are summarized below and reprinted in appendix II. DOJ, 
FinCEN, the Federal Reserve, FDIC, NCUA, OCC, OTS, and IRS provided 
technical comments, which we incorporated into this report, where 
appropriate. The Department of Homeland Security had no comments. 

Through discussions with FinCEN officials and FinCEN technical 
comments, FinCEN provided us with additional information showing that 
it had begun developing a strategy that incorporated certain GAO- 
identified practices to enhance and sustain collaboration, but that it 
was not yet complete. As a result, we modified the recommendation 
language in our draft report to reflect the work that FinCEN already 
had done. In written comments on this report the FinCEN director said 
he generally agreed with our recommendation and that FinCEN recognized 
the need to work with a diverse range of stakeholders to revise BSA 
forms, including regulatory, law enforcement, and intelligence 
agencies, as well as financial industries responsible for filing BSA 
reports. 

As agreed with your offices, unless you publicly announce the contents 
of this report earlier, we plan no further distribution of this report 
until 30 days from the report date. At that time we will send copies to 
interested congressional parties, Treasury, FinCEN, FDIC, the Federal 
Reserve, OCC, OTS, NCUA, IRS, DOJ, and the Department of Homeland 
Security. The report also will be available at no charge on the GAO Web 
site at [hyperlink, http://www.gao.gov]. 

If you or you staff have questions about this report, please contact me 
at (202) 512-8678 or edwardsj@gao.gov. GAO staff who made major 
contributions to this report are listed in appendix III. 

Signed by: 

Jack E. Edwards: 
Acting Director, Financial Markets and Community Investment: 

[End of section] 

Appendix I: Objectives, Scope, and Methodology: 

This report examines (1) the underlying factors that affected the 
number of suspicious activity reports (SAR) filed by depository 
institutions from 2000 through 2007, (2) actions that federal agencies 
have taken to improve the usefulness of SARs for law enforcement, (3) 
ways in which federal agencies use SARs and actions they have taken to 
make better use of them, and (4) whether the process the Financial 
Crimes Enforcement Network (FinCEN) uses to revise SAR forms is 
effective in assuring that the information collected is appropriate for 
law enforcement needs. 

As agreed with the requesters' offices, we focused our data gathering 
and analyses largely on depository institutions and the SARs they file. 
In some instances, we considered, analyzed, and reported on information 
from other types of financial institutions. Additionally, our 
quantitative analyses were limited to 2004 through 2007 to minimize the 
likelihood that the presented information would be out-of-date. 

To examine the increase in depository institutions' SAR filings, we 
reviewed published findings that FinCEN supplied, as well as obtained 
and reviewed statistics and related information from the banking 
regulators. FinCEN also provided us with SAR data for calendar years 
2000 through 2007 so we could conduct independent quantitative 
analyses.[Footnote 42] We then combined that information with another 
set of information (such as amount of assets) for specific institutions 
that we obtained from the Federal Reserve and the National Credit Union 
Administration. We took multiple steps to assess the reliability of the 
data. We asked bank regulators' information technology staff to answer 
a data reliability questionnaire (for example, about data cleaning and 
maintenance procedures). We found the data to be sufficiently reliable 
for the purposes of our report. 

To address the second part of the first objective, we interviewed many 
types of stakeholder and obtained agency documents from the 
interviewees to identify factors that may have contributed to the 
increase in the number of SARs filed from calendar year 2000 through 
2007. Because of the subjective nature of this type of information, we 
based our findings on the most frequently cited factors. The types of 
people interviewed are identified in table 2. Representatives from 
depository institutions constituted another type of interviewee. As 
part of the process to select the depository institutions, we grouped 
the depository institutions into four categories, depending on the 
number of SARs filed in calendar year 2007. We interviewed 
representatives from all 5 institutions that had the largest number of 
SAR filings in 2007 as well as representatives from 15 randomly 
selected institutions. The 15 institutions represented different 
categories of SAR filings: small (0-5 SARs filed in 2007), medium (6- 
17), and large (176 or more--excluding the 5 largest). 

Table 2: Entities at Which Interviewees Provided Perspectives and 
Documentary Evidence for the Objectives: 

Place of employment/assignment for interviewee and source of 
documentary evidence. 

Department of the Treasury: FinCEN; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Department of the Treasury: Internal Revenue Service: Criminal 
Investigation (a law enforcement unit): 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Department of the Treasury: Internal Revenue Service: Modernization and 
Information Technology Services; 
Objective 1: [Check]; 
Objective 2: [Empty]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Department of the Treasury: Internal Revenue Service: Small 
Business/Self-Employed Division; 
Objective 1: [Check]; 
Objective 2: [Empty]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Regulators: Federal banking regulators: The Board of Governors of the 
Federal Reserve System; 
Objective 1: [Check]; 
Objective 2: [Empty]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Regulators: Federal banking regulators: Federal Deposit Insurance 
Corporation; 
Objective 1: [Check]; 
Objective 2: [Empty]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Regulators: Federal banking regulators: Office of the Comptroller of 
the Currency; 
Objective 1: [Check]; 
Objective 2: [Empty]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Regulators: Federal banking regulators: Office of Thrift Supervision; 
Objective 1: [Check]; 
Objective 2: [Empty]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Regulators: Federal banking regulators: National Credit Union 
Administration; 
Objective 1: [Check]; 
Objective 2: [Empty]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Regulators: State banking agencies[A]; 
Objective 1: [Check]; 
Objective 2: [Empty]; 
Objective 3: [Check]; 
Objective 4: [Empty]. 

Law enforcement: Federal agencies: Department of Justice: Criminal 
Division-Asset Forfeiture and Money Laundering Section; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Law enforcement: Federal agencies: Department of Justice: Federal 
Bureau of Investigation; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Law enforcement: Federal agencies: Department of Justice: Executive 
Office of U.S. Attorneys; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Empty]. 

Law enforcement: Federal agencies: Department of Justice: Drug 
Enforcement Administration; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Law enforcement: Federal agencies: Department of Homeland Security: 
Immigration and Customs Enforcement; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Law enforcement: Federal agencies: Department of Homeland Security: 
U.S. Secret Service; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Multiagency teams (composed of federal, state, and local law 
enforcement): National SAR Review Team; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Multiagency teams (composed of federal, state, and local law 
enforcement): SAR review teams (random sample of 15 teams throughout 
the United States)[B]; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Multiagency teams (composed of federal, state, and local law 
enforcement): High Intensity Financial Crime Area (HIFCA)[C]; 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

State and local law enforcement officials[D]: 
Objective 1: [Check]; 
Objective 2: [Check]; 
Objective 3: [Check]; 
Objective 4: [Check]. 

Source: GAO. 

[A] The state banking agencies were located in Arizona, California, 
Florida, Illinois, Louisiana, Massachusetts, New York, and Texas. 

[B] SAR review teams located in Sacramento, California; Tampa, Florida; 
Atlanta, Georgia, New Orleans, Louisiana; Boston, Massachusetts; St. 
Paul, Minnesota; St. Louis, Missouri; Las Vegas, Nevada; Charlotte, 
North Carolina; Philadelphia and Pittsburgh, Pennsylvania; Dallas, 
Texas; Alexandria and Richmond, Virginia; and Milwaukee, Wisconsin. 

[C] The HIFCAs were located in Chicago, Illinois; Los Angeles, 
California; Miami, Florida, and New York, New York. 

[D] The state and local law enforcement officials (not attached to a 
multiagency team) were located in Connecticut, Florida, Louisiana, 
Oklahoma, Mississippi, North Carolina, New York, and Texas. 

[End of table] 

To identify the actions that federal agencies have taken to improve the 
usefulness of SARs for law enforcement, we interviewed officials from 
FinCEN, federal law enforcement agencies, and IRS and reviewed agency 
documents, as indicated for objective 2 in table 2. To examine the ways 
in which federal agencies use SARs and actions they have taken to make 
better use of them, we contacted representatives of the various law 
enforcement groups that are indicated for objective 3 in table 2. For 
example, federal prosecutors at U.S. Attorneys' Offices as well as 
federal law enforcement officials involved in the national SAR review 
team were some of the types of individuals who provided information. 
Among the issues that we discussed with the law enforcement agencies 
were how SAR review teams function and the results of their 
collaborative efforts. We obtained information from IRS about SAR 
review teams and interviewed representatives from 13 randomly selected 
teams. We reviewed reports from GAO, FinCEN, and other governmental 
agencies to glean additional actions. We obtained information from the 
IRS that indicated the frequency with which law enforcement agencies 
accessed SAR information and interviewed representatives from 8 
randomly selected state and local law enforcement agencies. All five 
federal regulators and some state banking agencies also provided 
information on how SARs are used in compliance examinations, and one 
regulator provided us with a demonstration of how the system is 
accessed and the display of the information in the system. 

To assess whether the process FinCEN uses is effective in assuring that 
SAR forms are appropriate for law enforcement needs, we conducted legal 
analysis related to the Paperwork Reduction Act of 1995 and reviewed 
relevant Federal Register Notices. We also reviewed comment letters 
about proposed revisions to the SAR form submitted during the public 
comment period. We interviewed FinCEN, federal law enforcement, and 
bank regulatory representatives about the process to revise the form. 
Finally, we discussed the new forms change management process with 
FinCEN representatives. 

We conducted this performance audit from July 2007 through February 
2009 in accordance with generally accepted government auditing 
standards. Those standards require that we plan and perform the audit 
to obtain sufficient, appropriate evidence to provide a reasonable 
basis for our findings and conclusions based on our audit objectives. 
We believe that the evidence obtained provides a reasonable basis for 
our findings and conclusions based on our audit objectives. 

[End of section] 

Appendix II: Comments from the Financial Crimes Enforcement Network: 

Department Of The Treasury: 
Director: 
Financial Crimes Enforcement Network: 
[hyperlink, http://www.fincen.gov] 

February 17, 2009: 

Mr. Jack Edwards: 
Acting Director, Financial Markets and Community Investment: 
U.S. Government Accountability Office: 
441 G Street N.W. 
Washington, D.C. 20515: 

Dear Mr. Edwards: 

Thank you for the opportunity to review and comment on the Government 
Accountability Office (GAO) draft report entitled, Bank Secrecy Act: 
Suspicious Activity Report Use Is Increasing but FinCEN Needs to 
Further Develop and Document Its Form Revision Process. One of 
Treasury's goals is to promote the nation's security through 
strengthened financial systems. Suspicious Activity Reports (SARs) 
filed by financial institutions under the Bank Secrecy Act (BSA) 
support this goal by increasing transparency of our financial system. 

As administrator of the BSA, the Financial Crimes Enforcement Network 
(FinCEN) is responsible for ensuring effective, efficient, and 
consistent application of the BSA, which includes the filing of BSA 
reports such as SARs. We appreciate GAO's recognition that federal 
agencies, both within and outside of the Treasury Department, and the 
regulated industry have taken actions to improve SAR filings and 
usefulness. The increasing requests for SAR access and analysis 
received from law enforcement and regulators in recent years firmly 
reinforce the draft report's findings of increasing use and awareness 
of SAR value across both of these communities. 

While revisions of BSA forms occur infrequently and the changes made 
are often only at the margins, careful thought and consideration goes 
into the decisions associated with every proposed BSA form revision. 
FinCEN recognizes the need to work with a diverse range of stakeholders 
to revise the various BSA forms, including regulatory, law enforcement, 
and intelligence agencies, as well as the financial industries 
responsible for filing the BSA reports. 

Ensuring that BSA reports yield useful information, while at the same 
time recognizing limitations of the current information technology 
infrastructure, often requires compromise among the diverse interests 
and needs of all stakeholders. The formal processes recently 
implemented by FinCEN for both BSA data and forms management, as 
acknowledged in GAO's report, will ensure better understanding among 
stakeholders of the challenges associated with increasing the 
usefulness of BSA reports. FinCEN generally agrees with the 
recommendation to further document and communicate the recently revised 
forms change process to strengthen collaboration among all 
stakeholders. 

We appreciate GAO's efforts in reviewing SAR usefulness. If you have 
any questions, please feel free to contact Diane Wade, Associate 
Director, Management Programs Division, 703-905-5061. 

Sincerely, 

Signed by: 

James H. Freis, Jr. 

[End of section] 

Appendix III: GAO Contact and Staff Acknowledgments: 

GAO Contact: 

Jack E. Edwards (202) 512-8678 or edwardsj@gao.gov: 

Staff Acknowledgments: 

In addition to the contact named above, Barbara I. Keller (Assistant 
Director); Toni Gillich; M'Baye Diagne; Natalie Maddox; John W. Mingus, 
Jr.; Marc Molino; Carl Ramirez; Linda Rego; and Barbara Roesmann made 
key contributions to this report. 

[End of section] 

Footnotes: 

[1] Pub. L. No. 91-508, titles I and II, 84 Stat. 1114 to 1124 (Oct. 
26, 1970), as amended, codified at 12 U.S.C. §§ 1829b, 1951-1959, and 
31 U.S.C. §§ 5311 et seq. Specifically, 31 U.S.C. § 5318(g) provides 
for the reporting of suspicious activities. FinCEN's SAR regulations 
may be found at 31 C.F.R. § § 103.15 to 103.21. 

[2] For the purposes of this report, GAO uses "federal banking 
regulators" to refer collectively to the regulators of depository 
institutions (banks, thrifts, and federally chartered credit unions). 

[3] The Uniting and Strengthening America by Providing Appropriate 
Tools Required to Intercept and Obstruct Terrorism Act of 2001, Pub. L. 
No. 107-56, 115 Stat. 272 (2001). The Securities and Exchange 
Commission, Commodity Futures Trading Commission, and the Internal 
Revenue Service carry out BSA responsibilities. Also, according to 
FinCEN, many state regulators have authority pursuant to state law to 
ensure that financial institutions comply with anti-money laundering 
laws and regulations. 

[4] HIFCAs were conceived in the Money Laundering and Financial Crimes 
Strategy Act of 1998 as a means of concentrating law enforcement 
efforts at the federal, state, and local levels in areas of high- 
intensity money laundering. HIFCAs were first announced in the 1999 
National Money Laundering Strategy. Pub. L. No. 105-310, 112 Stat. 2941 
(Oct. 30, 1998) codified at 31 U.S.C. §§ 5340-5342 and 5351-5355. There 
are seven areas designated as HIFCAs: Chicago, Illinois; Los Angeles, 
California; San Francisco, California; Miami, Florida; San Juan, Puerto 
Rico; the southwest border (Texas and Arizona); and New York and New 
Jersey. HIFCA designations were designed to allow law enforcement to 
concentrate resources in areas where money laundering or related 
financial crimes were occurring at a higher-than-average rate. 

[5] For the purposes of this report, we define "BSA data" as SARs and 
other forms that include currency transaction reports, reports of 
international transportation of currency or monetary instruments, and 
reports of foreign bank and financial accounts. The BSA database is 
accessible to law enforcement agencies. 

[6] GAO, Results-Oriented Government: Practices That Can Help Enhance 
and Sustain Collaboration among Federal Agencies, [hyperlink, 
http://www.gao.gov/products/GAO-06-15] (Washington, D.C.: Oct. 21, 
2005). 

[7] 31 C.F.R. § 103.56(b)(1)-(5). Each examination of an insured 
depository institution also must include a review of the institution's 
BSA compliance procedures by the appropriate federal regulator, which 
has independent examination authority. 12 U.S.C. § 1818(s) and 12 
U.S.C. §1786(q)(2). 

[8] The Federal Reserve, FDIC, OTS, and NCUA share safety and soundness 
examination responsibility with state banking departments for state- 
chartered institutions. 

[9] For more information on these data management roles and 
responsibilities, see GAO, Bank Secrecy Act: FinCEN and IRS Need to 
Improve and Better Coordinate Compliance and Data Management Efforts, 
[hyperlink, http://www.gao.gov/products/GAO-07-212] (Washington, D.C.: 
Dec. 15, 2006). In July 2008, FinCEN announced that current magnetic 
media filers of BSA reports had to transition to BSA Electronic Filing 
(E-Filing) no later than December 31, 2008, in an effort to make BSA 
filing requirements more secure, efficient, and effective. 

[10] Non-IRS users access BSA data through FinCEN's Secure Outreach, 
which functions as a portal through FinCEN's information technology 
infrastructure to BSA data, which are housed at IRS's Enterprise 
Computing Center-Detroit. Agencies without direct access may visit 
FinCEN's offices and access BSA data directly; these users are referred 
to as "platform users." 

[11] 31 U.S.C. §§ 5322 and 5324(d). 

[12] Pub. L. No. 102-550, title XV, § 1517(b), 106 Stat. 3672 (Oct. 28, 
1992). Before 1996, depository institutions reported suspicious 
activity using criminal referral forms that were filed with their 
respective primary federal financial regulator and with federal law 
enforcement agencies. See 60 Fed. Reg. 46556, 46557 (Sept. 7, 1995). In 
2001, the USA PATRIOT Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 
(Oct. 26, 2001), expanded SAR reporting requirements to include 
nondepository institutions such as money services businesses, the 
securities and futures industries, and insurance companies. FinCEN has 
developed additional SAR forms to be used solely by money services 
businesses--68 Fed. Reg. 6613, 6615 (Feb. 10, 2003) and 67 Fed. Reg. 
48704 (July 18, 2002)--and also forms for other types of financial 
institutions. FinCEN has not released a SAR form for insurance 
companies. During the interim, insurance companies use the form for the 
securities and futures industries. See FinCEN, Guidance (Frequently 
Asked Questions)-Anti-Money Laundering Program and Suspicious Activity 
Reporting Requirements for Insurance Companies (May 31, 2006), 
available at [hyperlink, 
http://www.fincen.gov/financial_institutions/insurance/guidance.html]. 
Recently revised forms to facilitate joint filing by depository 
institutions, casinos and card clubs, insurance companies, and the 
securities and futures industries have been postponed until a future 
date because of data quality initiatives. 72 Fed. Reg. 23891 (May 1, 
2007). We discuss this issue in more detail later in this report. 

[13] 61 Fed. Reg. 4326 (Feb. 5, 1996). 

[14] The federal banking regulators have SAR regulations in place for 
institutions they supervise. These rules were issued in coordination 
with FinCEN's SAR regulation for depository institutions and set forth 
similar requirements with regard to reportable activity and dollar 
thresholds. In addition, the banking regulator regulations provide that 
suspected criminal activity by an insider must be reported, regardless 
of the dollar amount involved. See § C.F.R. 21.11 (OCC); 12 C.F.R. §§ 
208.62, 211.5(k), 211.24(f) and 225.4(f) (Federal Reserve); 12 C.F.R. § 
353.3 (FDIC); 12 C.F.R. § 563.180 (OTS); and 12 C.F.R. § 748.1 (NCUA). 

[15] Under section 1359 of the Money Laundering Control Act of 1986, 
Pub. L. No. 99-570, title I, subtitle H, 100 Stat. 3207-18 (Oct. 27, 
1986), banking regulators must issue regulations that require insured 
depository institutions to develop and maintain procedures to ensure 
and monitor compliance with the reporting and recordkeeping 
requirements of BSA. 12 U.S.C. § 1818(s)(1). 

[16] The Federal Financial Institutions Examination Council issued its 
BSA/AML interagency examination manual in 2005. The council comprises 
the five federal banking regulators and the Chairperson of a State 
Liaison Committee, a committee of five representatives of state 
agencies that supervise financial institutions. It prescribes uniform 
principles, standards, and report forms for the federal examination of 
financial institutions and makes recommendations to promote uniformity 
in the supervision of financial institutions. The council issued 
revisions to the examination manual in 2006 and 2007 to provide updated 
guidance to examiners and the banking industry. The development of the 
examination manual was a collaborative effort of the federal banking 
regulators and FinCEN to ensure consistency in the application of BSA/ 
AML requirements. 

[17] 31 C.F.R. § 103.18(d). Supporting documentation refers to all 
documents or records that assisted a depository institution in making 
the determination that certain activity required a SAR filing. 

[18] Filings by nondepository institutions have increased since 2003, 
after implementation of the USA PATRIOT Act, which provides for money 
services businesses and firms in the securities and futures industries 
to adopt AML compliance programs and adhere to SAR requirements. 

[19] Depository institutions have been required to report known or 
suspected criminal violations since the late 1980s. In 1996, the SAR 
replaced different criminal referral forms as the standard form to 
report suspicious activity to FinCEN. 

[20] The definition of structuring, as set forth in 31 C.F.R. § 103.11 
(gg) states, "a person structures a transaction if that person, acting 
alone, or in conjunction with, or on behalf of other persons, conducts 
or attempts to conduct one or more transactions in currency in any 
amount, at one or more financial institutions, on one or more days, in 
any manner, for the purpose of evading the [currency transaction report 
filing requirements]. In any manner includes, but is not limited to, 
the breaking down of a single sum of currency exceeding $10,000 into 
smaller sums, including sums at or below $10,000, or the conduct of a 
transaction, or series of currency transactions, including transactions 
at or below $10,000. The transaction or transactions need not exceed 
the $10,000 reporting threshold at any single financial institution on 
any single day in order to constitute structuring within the meaning of 
this definition." 

[21] See GAO, Bank Secrecy Act: Opportunities Exist for FinCEN and the 
Banking Regulators to Further Strengthen the Framework for Consistent 
BSA Oversight, [hyperlink, http://www.gao.gov/products/GAO-06-386] 
(Washington: D.C.: Apr. 28, 2006). 

[22] The manual further indicates that the institution should not be 
criticized unless the failure is significant or accompanied by evidence 
of bad faith. 

[23] Since 2003, FinCEN also has published The SAR Activity Review: By 
the Numbers, a compilation of numerical data gathered from SARs filed 
by financial institutions. By the Numbers generally is published twice 
a year to cover two filing periods: January 1-June 30 and July 1- 
December 31, and serves as a companion piece to The SAR Activity 
Review: Trends, Tips and Issues. 

[24] According to FinCEN, FinCEN identified the common errors in SARs 
through analysis of SARs filed by money services business. However, 
FinCEN published the guidance to help inform the efforts of all SAR 
filers and produce more accurate and complete SARs. 

[25] Congress directed the Secretary of the Treasury in 1992 to 
establish the Bank Secrecy Act Advisory Group to actively solicit 
advice on the administration of BSA. The advisory group comprises high- 
level representatives from financial institutions, certain federal law 
enforcement agencies, regulatory authorities (for example, federal 
banking regulators), and the Department of the Treasury and other 
interested persons from the private sector. 31 U.S.C. § 5311 note 
(Advisory Group on Reporting Requirements). 

[26] Other reports required by the BSA include Currency Transaction 
Reports, Report of Cash Payments over $10,000 Received in a Trade or 
Business (IRS Form 8300), Report of International Transportation of 
Currency or Monetary Instruments, and Report of Foreign Bank and 
Financial Accounts. 

[27] DOJ established the Organized Crime Drug Enforcement Task Force 
program in 1982 to conduct comprehensive attacks on major drug 
trafficking and money laundering organizations. The program combines 
the resources and expertise of multiple agencies: FBI; DEA; Bureau of 
Alcohol, Tobacco, Firearms, and Explosives; IRS; Customs and Border 
Protection; U.S. Marshals Service; U.S. Attorneys' Offices; U.S. Postal 
Inspection Service; and U.S. Coast Guard. 

[28] According to IRS officials, from six to eight fully established 
task forces were operating as of October 2008, and from four to six 
were in the development stage. 

[29] According to FinCEN officials, Secure Outreach is a secure portal 
that provides access to WebCBRS. Secure Outreach users have the ability 
to use this portal to send each other secure e-mail (including 
attachments). Reports, current news, and other relevant information 
also are posted on the Secure Outreach Portal. The Gateway Program is 
an application that records law enforcement case/subject information 
and is used to match agencies that potentially are researching the same 
subjects. 

[30] The Federal Financial Institutions Examinations Council's BSA/AML 
examination manual generally directs examiners to make assessments 
within the context of a risk assessment, prior examination reports, and 
a review of institutions' audit findings. 

[31] 12 U.S.C. § 1813(u) provides that, the term "institution- 
affiliated party" means 

(1) any director, officer, employee, or controlling stockholder (other 
than a bank holding company) of, or agent for, an insured depository 
institution; (2) any other person who has filed or is required to file 
a change-in-control notice with the appropriate federal banking agency 
under section 1817(j) of [title 12 of the United States Code]; (3) any 
shareholder (other than a bank holding company), consultant, joint 
venture partner, and any other person as determined by the appropriate 
federal banking agency (by regulation or case-by-case) who participates 
in the conduct of the affairs of an insured depository institution; and 
(4) any independent contractor (including any attorney, appraiser, or 
accountant) who knowingly or recklessly participates in (A) any 
violation of any law or regulation; (B) any breach of fiduciary duty; 
or (C) any unsafe or unsound practice, which caused or is likely to 
cause more than a minimal financial loss to, or a significant adverse 
effect on, the insured depository institution. 

[32] OCC is the only regulator that has requested SAR bulk download 
access with FinCEN. Representatives from the other regulators said 
their agencies opted not to request such access, citing additional 
security protocols that would need to be implemented, among other 
issues. 

[33] [hyperlink, http://www.gao.gov/products/GAO-07-212]. 

[34] [hyperlink, http://www.gao.gov/products/GAO-06-15]. 

[35] Pub. L. No. 104-13, 109 Stat. 163, (May 22, 1995). FinCEN and 
regulators for other industries also were assessing other SAR forms for 
potential revisions at the same time as the revision of the SAR form 
for depository institutions was occurring. Some proposed revisions were 
aimed at standardizing the forms across industries to enable affiliated 
institutions to jointly file a SAR. Details of those revisions are not 
provided in this report because we limited our scope to depository 
institutions. 

[36] 71 Fed. Reg. 8640 (Feb. 17, 2006). 

[37] 71 Fed. Reg. 35325 (June 19, 2006). 

[38] 71 Fed. Reg. 38651 (July 5, 2006). 

[39] 72 Fed. Reg. 23891 (May 1, 2007). 

[40] Other agencies include the Air Force Office of Special 
Investigations; Army Criminal Investigation Command; U.S. Postal 
Inspection Services; Bureau of Alcohol, Tobacco, Firearms, and 
Explosives; Naval Criminal Investigative Service; U.S. Department of 
Agriculture Office of the Inspector General; U.S. Housing and Urban 
Development Office of Inspector General; and the Special Inspector 
General for Iraq Reconstruction. 

[41] [hyperlink, http://www.gao.gov/products/GAO-06-15]. 

[42] The data we requested and obtained from FinCEN were unrelated to 
SAR narratives. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: