- Promptly notify boards of SAR filings
- Directors should appropriately evaluate SAR information
- Properly record the evaluation of SAR information in board minutes
- Consult with counsel about proper board SAR disclosure and documentation
Background. There remains significant confusion in the banking industry, and even among some bank examiners, regarding the manner in which banks should properly report Suspicious Activity Reports (SARs) to their boards of directors, what directors should do with that information, and how such reporting should be documented in board minutes.
Generally. Banks generally are required to file SARs within 30 days from the initial detection of certain specified activity, typically involving criminal violations and other suspicious conduct. Once filed, SARs must promptly be reported to the institution’s board or an appropriate board committee. This typically occurs at each board meeting, unless more prompt notification is warranted based on more exigent circumstances. This is a tricky and sensitive area, and if any doubt exists you should consult counsel.
Reporting Formats. The FFIEC BSA/AML Examination Manual gives banks flexibility regarding the manner in which they structure the format of SAR notification to their boards, either through SARs themselves, summaries, or other forms of notification.
Confidentiality. The prohibition on sharing SARs outside of the bank, except through proper channels, is the likely source of the mistaken belief that SARs themselves cannot be disclosed to boards. To help maintain confidentiality, SAR information can be appropriately redacted or anonymized if sensitive information is not necessary for the directors’ needs.
Fiduciary Duties. Regardless of how a bank notifies its directors about filed SARs, its management should provide sufficient information about SARs to the board so that directors can fulfill their fiduciary duties. Knowing how much information directors must constantly evaluate, management should calibrate the appropriate level of detail needed to allow directors to make decisions about SAR information in an efficient manner.
Board Discussion. The board’s level of discussion for SARs should be risk-based in nature. Simply discussing how many SARs were filed in the previous month, without relevant context, is generally insufficient to allow directors to comport with their fiduciary duties. Like customer complaint information, SAR information can be the proverbial “canary in the coal mine” to help directors identify and address emerging risks, such as issues with new products and services, specific branches, or particular employees, before more damage occurs.
Minutes. There is no rule regarding what constitutes the appropriate level of detail in board minutes, and when in doubt consult counsel. They generally should describe information and reports that directors used for their meetings, and should be detailed enough to capture the board’s exercise of its due diligence and its “duty of care” obligation. Because minutes could be seen by many individuals, they should thoughtfully and carefully reflect the (hopefully meaningful) discussion regarding SARs, without containing sensitive information unless necessary and relevant.
Insider SARs. We have encountered situations in which bank directors and senior officers are themselves the subject of SARs. Because banks are prohibited from notifying SAR targets that a SAR has been filed about them, normal internal and board reporting is not possible. In such situations, banks should establish well documented policies and procedures to ensure that uninvolved management and directors are appropriately advised of the SAR, such as by utilizing special committees.
We Can Help You
Banks frequently ask us to prepare SAR narratives, evaluate board packages, and review board minutes. We also provide training to directors, senior executives, and compliance officers about the issues described in this Client Alert.
We recommend reviewing the following pandemic-related business and legal considerations we have been discussing with our clients: