Galvanized by the Trump Administration’s aggressive regulatory roll-back initiatives, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN), jointly with the Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration and the Office of the Comptroller of the Currency, issued responses to four Bank Secrecy Act (BSA)-related frequently asked questions (FAQs) centered on:  

1. Structuring activity and suspicious activity report (SAR) filings
2. SAR timing
3. Ongoing suspicious activity monitoring
4. Suspicious activity record retention 

Explore the latter two discussion points as Doeren Mayhew’s compliance pros expand on them and provide considerations for framing and ingesting the responses into your financial institution’s BSA program framework. 

Continuing Activity Review 

FinCEN, and the agencies listed previously, jointly upended years long “examiner and industry expectations” when clarifying financial institutions are not required to conduct review of a customer/member account following the filing of an initial SAR to determine whether suspicious activity has continued. In the press release, FinCEN recounted in October 2020, it had advised banks and credit unions to file a SAR for repeated and ongoing suspicious activity at least every 90 days. This advice necessitated an internal review process that contemplated regular account reviews (prior to the 90-day marker) to determine whether an additional SAR for ongoing activity was necessary. According to FinCEN, “over time, this suggestion had become interpreted as a requirement or expectation.” 

FinCEN’s response synthesizes the administration’s broader efforts to reduce industry-wide compliance burdens and reform the BSA, generally. Notably, however, the guidance in no way alters or removes a credit union or bank’s obligations to report suspicious activity pursuant to 31 CFR 1020.320. 

Documentation of No-SAR Decisions 

FAQ four clarifies retention requirements related to data used to determine that no SAR filing was necessary in a particular circumstance. The question and answer is outlined here:  

Is a financial institution required to document the decision not to file a SAR? 

“No. There is no requirement or expectation under the BSA or its implementing regulations for a financial institution to document its decision not to file a SAR. FinCEN has previously encouraged, but not required, financial institutions to document the decision not to file a SAR. 

Should a financial institution choose to document its decision not to file a SAR, the level of appropriate documentation may vary based on the specifics of the activity being reviewed and need not exceed that which is necessary for the institution’s internal policies, procedures and controls, which should be risk-based and reasonably designed to identify and report suspicious activity. In most cases, a short, concise statement documenting a financial institution’s SAR decision will likely suffice, although a financial institution may consider more documentation to explain the factors that the institution considered in reaching a SAR filing determination in more complex investigation scenarios.” 

To square the apparent inconsistency between years long industry expectations and guidance, and the new responses, we look to the “spirit behind the change” to inform interpretation. On Jan. 31, 2025, the White House issued an executive order, Unleashing Prosperity Through Deregulation, which is one of several orders that became the impetus for our current environment.  

As outlined in Section 1, the order’s purpose is telling:  

"The ever-expanding morass of complicated Federal regulation imposes massive costs on the lives of millions of Americans, creates a substantial restraint on our economic growth and ability to build and innovate, and hampers our global competitiveness. Despite the magnitude of their impact, these measures are often difficult for the average person or business to understand, as they require synthesizing the collective meaning not just of formal regulations but also rules, memoranda, administrative orders, guidance documents, policy statements and interagency agreements that are not subject to the Administrative Procedure Act, further increasing compliance costs and the risk of costs of non-compliance. It is the policy of my Administration to significantly reduce the private expenditures required to comply with Federal regulations to secure America’s economic prosperity and national security and the highest possible quality of life for each citizen.  To that end, it is important that for each new regulation issued, at least 10 prior regulations be identified for elimination. This practice is to ensure that the cost of planned regulations is responsibly managed and controlled through a rigorous regulatory budgeting process.” 

In April 2025, the Trump Administration issued a memorandum, “directing the repeal of unlawful regulations.” The memo charged agency heads to swiftly identify and rescind rules inconsistent with 10 Supreme Court decisions. The top two decisions outlined in the memo were:  

• Loper Bright v. Raimondo (2024): This was the jurisprudence that overturned the 40-year-old Chevron Doctrine that required courts defer to an agencies’ reasonable interpretation of the statues they administer.
• West Virginia v. EPA (2022): This formalized the major questions doctrine: Agencies cannot claim unprecedented authority over issues of “vast economic and political significance” without Congress’ authorization.  

Suspicious Activity Monitoring - Potential Takeaways 

FinCEN’s response appears to provide a gateway for the industry itself to boldly reset suspicious activity monitoring expectations. However, such a change is only effectuated at the day-to-day level if examiners are on board. As a third-party provider of BSA testing services to banks and credit unions large and small across the country, a recurring theme seen in examination reports is the following: 

“… the omission of evidence of recurring monitoring once a SAR has been filed automatically, and without pause, equates to a potentially missed SAR. Consequently, the absence of direct evidence of ongoing 90-day monitoring equals a potentially missed SAR, which could constitute a violation of 31 CFR 1020.320 because the institution cannot prove that suspicious activity did not recur.”  

The change at the agency level is only transformative at the industry level if, and when, it’s applied by the institution’s examiners. In the presence of authority, that upsets long-standing expectations about suspicious activity monitoring, it is prudent, if possible, for the institution to address this FAQ head-on with the institution’s examiners, and seek feedback as to how the examiner’s approach has changed, if at all, as a result of this response. Understanding what, if any, changes your examiner is applying in the face of this FAQ can inform a change process, if desirable.   

Preemptively understanding which monitoring activities are “high value” is speculative, at best. Meaning, it is often difficult, perhaps impossible, to ascertain what monitoring is ultimately low value and unnecessary, without some type of monitoring on that particular activity. Legitimacy is extended to a platform of continued 90-day monitoring, even in the face of the new response when you consider the penalty. Failure to file a SAR when warranted can result in severe penalties including civil fines of up to $100,000 per violation, with willful neglect leading to more severe monetary penalties. Criminal penalties for individuals involved may include fines up to $250,000 and imprisonment for up to five years. 

Suspicious Activity Monitoring Approach 

Doeren Mayhew’s compliance pros suggest guidance may be used to support a change in process only when well-documented with clear rationale, and multifaceted review and approval. If the credit union or bank wants to make a change in monitoring based on a literal read of the FAQ response, the risk assessment, BSA policy and related procedures collectively need to be amended, and the Board of Directors needs to avail itself of a higher degree of risk digestion. The Board of Directors must be consulted.  

Misinterpretation 

A broad read is not advisable or even warranted. The FAQ response cannot, and should not, be used to support the absence of a defined monitoring program, or act as a signal to relax core controls. The requirement to file a SAR related to suspicious activity remains, with a vengeance. A monitoring program of some sort is required to execute that requirement. Anti-money laundering software was established with a regular and ongoing monitoring component in mind. Consequently, parameters may need to be altered, and monitoring, model-tuning and alert-handling procedures should be reassessed accordingly to capture a more relaxed approach if the institution opts to relax standards on the basis of the FAQ response.  

If 2025 and 2026 to-date have provided any indication, state regulators have poised themselves to “step-in” where they feel federal initiatives are lacking.  

Institutions should be reminded that in years to come, regulators, both at the state and federal levels, may be initiating lookbacks to this period, specifically to ensure even in the face of agency suggestions of relaxed monitoring, SARs were filed on any and all suspicious activity as required by law. 

No-File Decision Documentation - Potential Takeaways 

While the “Suspicious Activity Reporting – Overview” within the FinCEN BSA Examination Manual is now prefaced with a comment to “refer to recent interagency SAR FAQs issued on … Oct. 9, 2025,” it is notable the following original exam manual direction remains without alteration: “After thorough research and analysis, investigators should document conclusions including any recommendation regarding whether or not to file a SAR.”  

If a financial institution chooses to document no SAR decisions, the level of documentation may be informed by “the specifics of the activity being reviewed and need not exceed that which is necessary” under the institution’s internal, risk-based policies. Critically, the institution’s policies and procedures must align with the day-to-day practices applied.  

In the press release announcing the FAQs, FinCEN indicated it was, “ensuring financial institutions are not needlessly expending resources on efforts that do not provide law enforcement and national security agencies with the critical information they need to detect, combat, and deter criminal activity.” 

No-File Decision Documentation 

While SAR optimization is supported by the response, it is advisable to retain concise notes in all no-file decisions, whether manual or automated. Formal policies and procedures can be aligned with the response so no-SAR rationales are bulletproof for internal governance; retention of exhaustive fact patterns is now reasonably deemed overkill. 

Looking Ahead 

The FinCEN FAQs run congruent with the October 2025 introduction of the Streamline Act. Introduced by senators Tim Scott and John Kennedy, the act aims to modernize the BSA by increasing the SAR and currency transaction reporting (CTR) thresholds, among other initiatives to reduce the compliance burden and produce more productive leads. While the act signals that the Republican-led Senate is on board with fine-tuning requirements to produce more fruitful reporting, as of this writing, the bill remains in the early stages of the legislative process. Prior similar bills have failed. The $10,000 CTR threshold has not been adjusted since it was established in 1972. Past efforts have failed due to concerns from law enforcement that raising the thresholds would decrease data available to track money laundering and financial crime. In the absence of new law, the FAQ responses do not change the statutory filing triggers, timing requirements or the standard that institutions shall file on all activity they know, suspect or have reason to suspect a transaction involves illegal activity, violates the BSA or lacks a lawful purpose.