National banks play a crucial role in helping the government investigate financial crimes by reporting “suspicious activities” to the Financial Crimes Enforcement Network (FinCen), a bureau of the U.S. Department of the Treasury. But what are “suspicious activities” and when are banks required to file a report?

A suspicious activity is a transaction that raises suspicion of violation of federal law like money laundering or fraud. It can also be insider abuse from a bank’s own employees involving customer accounts.  Once a transaction is detected for suspicious activity involving or totaling at least $5,000 in funds, a national bank may be required by law to file a Suspicious Activity Report (“SAR”) to FinCen under 12 CFR § 208.62(c). The SAR gives detailed information about suspicious activity so law enforcement can properly investigate and act.

If national banks are required to file SARs, can a party in litigation request to see these reports and understand exactly what the bank detected? Since SARs made to FinCen are subject to strict confidentiality, the answer is no. This “SAR Privilege” even extends to the mere disclosure that a SAR has been filed at all, as this preserves the integrity of investigations and encourages honest internal reporting within banking institutions without fear of customer retaliation or reputational harm arising from unverified suspicions.

Any bank subpoenaed in a lawsuit or otherwise requested to disclose a SAR or the information contained in a SAR leading to its existence would similarly be protected by this SARs privilege. Courts have also shown their intent to protect against discovery of any information that would reveal whether a SAR was filed or not. Whitney Nat’l Bank v. Karam, 306 F. Supp. 2d 678 (S.D. Tex. 2004).

However, while the SAR privilege protects the SAR itself and all information that would reveal whether a SAR was filed, the underlying factual documents a bank relied on that gave rise to its investigation can be subject to discovery. 12 C.F.R. § 21(k)(1)(ii)(A)(2). For example, a bank’s policies and procedures implicating its fraud detection processes, or internal documents used in a banks evaluation process related to suspicious activity, are not protected by the SAR privilege. Trott v. Deutsche Bank, AG 2024 LX 176273 (S.D.N.Y. May 6, 2024). This is because both examples do not reveal the SAR itself or whether a SAR was evet filed.  

If you are looking for more information on SARs, discovery, or help with fraudulent banking claims, please contact Porter Thomas Grabell & Baumwoll P.C. for a consultation.