Trends in Fund Companies’ AML Programs and SAR Filings

Anti-money laundering compliance officers (AMLCOs) often observe situations where their clients or partners may struggle with deciding whether to report suspicious activity in accounts where no suspect can be identified. Based on recent regulatory filings, there appears to be an increase in suspicious activity detection and reporting by financial institutions (FIs), even in instances where the suspicious activity detected falls short of reporting requirements. Such voluntary reporting provides law enforcement, regulators and the industry more robust information that may be leveraged to enhance anti-money laundering (AML) and financial crime prevention. This article will explore the reporting requirements imposed on investment companies and discuss what conclusions can be reached about trends in reporting suspicious activity.


In May 2006, the Financial Crimes Enforcement Network (FinCEN) published in the Federal Register1 its final rule requiring mutual funds to file reports that identify and describe transactions that suggest suspicious or illegal activity in the securities and futures industries on FinCEN Form 101 (SAR-SF). Mutual funds are required to report the following to FinCEN:

  • Any transaction conducted or attempted by, at or through a mutual fund that, alone or in the aggregate, involves at least $5,000 in funds or other assets, if the mutual fund knows, suspects or has reason to suspect that the transaction involves funds derived from illegal activity or is intended or conducted to hide or disguise funds or assets derived from illegal activity
  • Any transaction that is designed, whether through structuring or other means, to evade BSA requirements
  • Any transaction that has no business (including investment) or other apparent lawful purpose or is not the sort of transaction in which the particular customer would be expected to engage, and for which the mutual fund knows of no reasonable explanation after examining the available facts, including the background and possible purpose of the transaction
  • Any transaction that involves the use of the mutual fund to facilitate criminal activity, including those transactions in which legally derived funds are used for criminal activity2

Mutual funds typically conduct operations through separate entities, which may or may not be an affiliated person of the mutual fund, such as investment advisers, principal underwriters, administrators, custodians and transfer agents (service providers). According to FinCEN,

“A mutual fund may contract with an affiliated or unaffiliated service provider to perform the reporting obligations as the fund’s agent. However, the mutual fund remains responsible for assuring compliance with the regulation and must monitor performance by the service provider. The mutual fund should take steps to assure itself that the service provider has implemented effective compliance policies and procedures administered by competent personnel, and also maintain an active working relationship with the service provider’s compliance personnel.”3

On January 7, 2020, the Securities and Exchange Commission’s Office of Compliance Inspections and Examinations (OCIE) announced its 2020 examination priorities. The OCIE will continue to review for compliance with applicable AML requirements, including whether entities are appropriately adapting their AML programs to address their regulatory obligations.4

For the purposes of this discussion, several service providers and other representatives in the financial industry were interviewed, specifically 10 AML compliance officers of transfer agents (TA AMLCOs), to determine whether they observed an increase in suspicious activity from May 2018 to April 2020. For those TA AMLCOs who had perceived an increase in suspicious activity, the scope of the analysis was narrowed to SAR filings in securities and futures industries (SAR-SF) and the following questions were presented:

  • How was the suspicious activity detected (e.g., automated reports)?
  • What type of suspicious activity was detected (e.g., identity theft)?
  • What was the methodology utilized to notify the AMLCO of the mutual fund (fund AMLCO)?
  • Did the TA AMLCO file the SAR-SF or did the fund AMLCO file the SAR-SF?
  • What was the verification process of the suspect’s identity? Was the suspect known or unknown?

Increase in Suspicious Activity Reporting

All TA AMLCOs interviewed detected an increase in suspicious activity over the past two years, as further evidenced by FinCEN SAR data. SAR Stats (formerly The SAR Activity Review by the Numbers), which is a compilation of numerical data gathered from FinCEN SARs, is publicly available. According to this data, suspicious activity has increased by 39% in just two years (refer to Exhibit 1 below).

Detection of Suspicious Activity

In most cases, suspicious activity was detected by monitoring daily reports generated by advanced analytics, monitoring software and artificial intelligence. The activity flagged in these reports included pattern activity, accounts opened online, deficiencies identified during the new account process, insufficient funds, use of unauthorized funds, internal red flags process and shareholder concerns. The average TA AMLCO monitors approximately 10 automated reports daily.

Types of Suspicious Activity Detected

FinCEN SAR data, as supported by the TA AMLCOs interviewed, indicated that the top activities reported on SAR-SFs were wire fraud, identity theft, and anomalies in automated clearing house (ACH) payments (refer to Exhibit 2 below).

Notification to Fund AMLCO

Typically, once a TA AMLCO detects unusual activity and determines it is reportable activity, a narrative is emailed to the fund AMLCO for record retention purposes. If a determination is made by either party that filing a SAR-SF is required or appropriate, the TA AMLCO would prepare and file the SAR-SF in most instances. It should be noted here that there may be circumstances where one FI that has detected the suspicious activity may have an independent obligation to report suspicious transactions, despite a fund AMLCO’s determination not to file. For example, the transfer agent may have detected patterns of transactions―such as a new client opening an account online and using false identification―and may have more information at its disposal to identify the need to file a SAR-SF or to explain why a SAR-SF is not required.

As required by FinCEN, “mutual funds are encouraged to report voluntarily transactions that appear relevant to violation of law or regulation, even in cases in which the rule does not explicitly require filing of a Suspicious Activity Report—such as transactions that, alone or in the aggregate, fall below the $5,000 threshold.” Furthermore, mutual funds are required to report suspicious activity if the transaction meets the “knows, suspects, or has a reason to suspect (or patterns of transactions)” standard.

The SAR-SF Filing Process

Since April 1, 2013, FIs must use the BSA E-Filing System7 in order to submit a SAR-SF under FinCEN Report Form 111. The SAR-SF is divided into five sections: subject information, suspicious activity information, information about the FI where the activity occurred, filing institution contact information and a narrative that enables the reader (investigators, regulators, etc.) to identify trends of fraudulent activity within the industry. Emphasis on the “who, what, where, when, why and how” will provide a thorough description of the activity and the basis for filing the SAR-SF. After the SAR-SF is submitted, the system will generate a confirmation for record retention purposes and the TA AMLCO will provide a copy of the confirmation to the fund AMLCO.

The background section indicates that one of the minimum requirements is violations aggregating $5,000 or more where a suspect can be identified. In recent years, it has become a best practice to file a SAR-SF when the identification of the suspect has not been verified, primarily because the details relating to suspicious activity may be useful to law enforcement. Not only is this used in following up on specific criminal investigations, it is also used by others in law enforcement, such as SAR review task forces, in identifying trends, patterns and typologies of fraudulent activity. For example, detected suspicious activity may be related to a particular IP address configuration, which may be helpful in determining the location where the suspicious activity originated, even though an individual could not be identified. This particular information could help a specific investigation or be part of a pattern that could be useful in future investigations.


As evidenced by the information obtained from service providers and other representatives in the financial industry—specifically the TA AMLCOs interviewed—and substantiated by FinCEN’s SAR Stats, there does appear to be an upward trend in suspicious activity detection and reporting. Although the information may not meet the minimum requirements for filing a SAR-SF, all the information provided on a SAR, especially a comprehensive narrative, is useful. Only law enforcement prosecutes, but regulators, including the SEC, and the industry have duties to help detect and prevent money laundering as well as other financial crimes. Therefore, fund AMLCOs should be proactive in reporting suspicious activity to FinCEN and allow law enforcement to determine if there is just cause for reporting the suspicious activity.

Nancy J. Tyminski, director, Foreside Financial Group, Berwyn, PA, USA,

  1. “Financial Crimes Enforcement Network; Amendment of the Bank Secrecy Act Regulations-Requirement That Mutual Funds Report Suspicious Transactions,” Federal Register, May 4, 2006,
  2. “Frequently Asked Questions Suspicious Activity Reporting Requirements for Mutual Funds,” Financial Crimes Enforcement Network, October 4, 2006,
  3. “Financial Crimes Enforcement Network; Amendment of the Bank Secrecy Act Regulations-Requirement That Mutual Funds Report Suspicious Transactions,” Federal Register, May 4, 2006,
  4. “SEC Office of Compliance Inspections and Examinations Announces 2020 Examination Priorities,” U.S. Securities and Exchange Commission, January 7, 2020,
  5. Statistics generated for this report were based on the BSA Identification Number (BSA ID) of each record within the SAR-SF system. The BSA ID is a unique number assigned to each SAR-SF submitted. Numeric discrepancies between the total number of filings and the combined number of filings of states and/or territories are a result of multiple locations listed on one or more SAR-SFs.
  6. Some SAR-SF filings may list multiple suspicious activities. The date range includes January 1, 2014, through December 31, 2019.
  7. BSA-E Filing System,

Leave a Reply