On February 15, 2017, FinCEN publishes a notice in the Federal Register requesting comments on a proposed update and revision to the collection of information filed by banks in a SAR.  Most of these changes would be in Part II (Suspicious Activity Information).
The good news is the proposal states there are no new regulatory requirements or triggering requirements related to SARs.  However, because new data fields will be added to the SAR form this likely will necessitate new training for applicable bank personnel and likely changes to internal reports and forms.  Most of the proposed changes would alter the “checklist” of violations in Part II of the SAR, including the addition of several fields related to cyber events.
Comments are due by April 3, 2017.
For those Compliance Masters Group (CMG) members some of this may be old news.  During a previous bi-weekly update, we discussed FinCEN’s October 25, 2016 publication (FIN2016-A005) entitled “Advisory to Financial Institutions on Cyber Events and Cyber Enabled Crime”.  While the new proposal is inclusive of the cyber event guidance it has broader implications.  For example, it adds new suspicious activity fields for foreclosure fraud and questionable identification among others.
There is a total of 15 updates to the SAR form, and we have listed below the ones we consider material to your training, internal forms and reporting processes:

  • There will be a “Filing Institution Note to FinCEN” field followed by a 100-character limit text field which will allow your bank to identify reports filed in response to geographical targeting orders and BSA advisories;
  • Part II, Item 37 adds the following type of suspicious activity: “Provided questionable or false identification”;
  • Part II, Item 41 adds three new types of Mortgage Suspicious Fraudulent Activity including: application, foreclosure/shortsale and origination fraud;
  • Part II, Item 42, adds a new category “Cyber-event,” which the event be against the bank or a customer;
  • Part II, Item 48 and 49 will cover Cyber Events and fields have been developed for: IP Address, URL Domain, Malware, Email address, etc.

The link to the Federal Register is:
We have also provided the link to the FinCEN Cyber Event, October, 2016 publication: