SAR Narrative Template

What is the SAR Narrative?

The narrative section is the most consequential part of any SAR. FinCEN's 2003 guidance on SAR narratives makes this explicit: a deficient narrative can result in a filing being returned, an examination finding, or a failed prosecution because investigators couldn't reconstruct the suspicious activity from the filing alone.

This template is a pre-structured Word document that gives AML analysts a repeatable framework for writing legally sufficient narratives. It covers every element examiners expect: the subject's identity and relationship to the institution, the nature of the suspicious activity, a chronological account of relevant transactions, the red flags observed, and the analyst's documented rationale for the filing decision.

The underlying obligation comes from FATF Recommendation 20, which requires financial institutions to report to their FIU when they suspect funds are the proceeds of criminal activity or will finance terrorism. National implementations add format-specific requirements (30 days from detection under US BSA rules, 30 days under UK POCA 2002, similar timelines in Canada and Australia) but the substantive narrative elements are consistent across jurisdictions.

Good transaction monitoring surfaces the alert. The narrative is what turns that alert into a usable intelligence product. Teams that systematically improve SAR narrative quality see fewer "insufficient information" responses from their FIU and better outcomes when law enforcement acts on a filing.

Examiners reviewing your SAR program evaluate narrative quality directly. A pattern of thin or vague narratives is a common program-level finding, and it signals a control weakness regardless of how many SARs you file.

Who needs the SAR Narrative?

The primary users are AML analysts who draft SARs day to day. But the template is relevant to everyone in the review and sign-off chain.

BSA/AML Analysts reach for it when an alert clears disposition and a filing decision is made. A consistent structure means narratives across the team read coherently, even when multiple analysts are working through a backlog simultaneously.

MLROs and BSA Officers use it during quality review, checking that the narrative tells a complete story before they authorize the filing. MLROs working to clear a SAR filing backlog also benefit from the efficiency: a pre-structured template reduces review time because analysts aren't making different structural choices on every case.

Fraud Investigators crossing into AML territory (structuring schemes, proceeds of fraud, account takeover with onward money movement) often know the underlying activity cold but miss the specific elements a SAR narrative requires. This template bridges that gap.

Compliance Analysts at smaller institutions (community banks, credit unions, money services businesses, crypto exchanges) file SARs infrequently enough that institutional memory can't carry the load. A structured template prevents gaps.

Trigger moments: a transaction monitoring alert escalates to a filing decision; a customer due diligence review surfaces activity that warrants a report; a pre-examination period prompts a quality audit of recent SARs.

What's inside the SAR Narrative?

The template is organized around the structure FinCEN describes in its SAR narrative guidance: a complete filing answers six questions about the suspicious activity. Here's what each section contains.

Section 1: Subject and Account Information

• Legal name, known aliases, date of birth, government-issued ID number
• Account number(s), account type (checking, savings, wire-only, etc.), date opened
• Relationship to institution (customer, employee, agent, third party, unknown)
• CIP status and any enhanced due diligence flags on record

Section 2: Activity Description

• Activity type (structuring, layering, shell company activity, trade-based money laundering, cyber-enabled fraud proceeds, etc.)
• Total dollar amount covered by the filing
• Transaction date range
• Instruments involved (cash, domestic wire, international wire, ACH, check, cryptocurrency)

Section 3: Chronological Transaction Table

• A date-ordered table with columns for: transaction date, type, amount, originating account, beneficiary or counterparty, and the specific red flag triggered
• This is what investigators read first. Make it scannable.

Section 4: Suspicious Indicators

• The specific red flags observed, referenced to your institution's typology library or the FinCEN indicator codes
• Any sanctions screening or adverse media findings associated with the subject or counterparties
• Prior KYC or EDD results relevant to the pattern

Section 5: Analyst Reasoning

• Why the activity is suspicious, not just what happened
• Prior SAR history on this subject or related accounts, with reference numbers
• What the institution knows and what it doesn't

Section 6: Law Enforcement Action Request (optional)

• Whether the institution requests contact, follow-up investigation, or expedited review

Section 7: Supporting Documentation Reference

• A numbered list of exhibits attached: account statements, wire confirmations, identification documents, surveillance logs, compliance system screenshots

FATF Recommendation 11 requires institutions to retain the underlying records for at least five years. Listing those records explicitly in Section 7 ensures an examiner can trace from the SAR filing back to the evidence without requesting additional material.

How to use the SAR Narrative?

1. Open the template at the filing decision point. When a case moves from "open" to "file SAR," the analyst saves a new copy of the template using the case ID and subject name. Don't work in a shared master file. Every case gets its own document.

2. Complete Section 1 before writing any prose. Subject identification gaps are among the most common SAR examination findings. Date of birth, address, and identification number belong in the form even when the subject is only partially identified. Partial identification should be stated explicitly ("name and address confirmed; date of birth not on file; government ID unverified").

3. Build the transaction table in Section 3 first. The table forces you to verify dates and amounts against source records before writing narrative prose. It also makes Sections 4 and 5 easier to draft because you're describing a sequence you can see laid out in front of you.

4. Write Section 4 as indicators plus specific explanation. Don't just code the FinCEN typology category. For each indicator, add one or two sentences explaining how it appeared in this specific case. "Multiple cash deposits just below $10,000" is a code. "The account holder made 14 cash deposits ranging from $9,200 to $9,850 over 31 days at branches in four different ZIP codes, with no business explanation on file" is a narrative.

5. Complete Section 5 last. This is where you state the filing rationale: what the institution believes happened, why it's suspicious, and what the institution doesn't know. Reference your SAR policy explicitly. Note any prior filings on this subject with their reference numbers.

6. Route for sign-off before filing. The template includes a review sign-off line. For institutions working toward continuous exam readiness, a documented review chain is part of the evidence package, not an administrative courtesy.

7. File within your jurisdiction's deadline and retain the completed document. In the US, 30 days from the date of initial detection (60 days if no subject is identified). The FFIEC BSA/AML Examination Manual lists narrative completeness and timeliness as direct examination objectives. Keep the signed narrative in your case file as the primary record of the filing rationale.

Common mistakes to avoid

1. Copying the alert description verbatim. Transaction monitoring alerts and SAR narratives serve different purposes. The alert triggered the review. The narrative explains the conclusion. Pasting alert text into the narrative produces circular reasoning ("this SAR is being filed because the system flagged suspicious activity") and tells the FIU nothing useful. Rewrite from the conclusion back.

2. Omitting specific amounts and dates. "Several transactions over an extended period" fails the basic FinCEN standard. If 14 transactions occurred over 31 days totaling $132,400, write that. Investigators need to reconstruct the activity from your filing; vague language makes that impossible.

3. Skipping the analyst reasoning section. Describing what happened isn't enough. The narrative must explain why the activity is suspicious given what the institution knows about this customer's profile, account history, and stated business purpose. Without that reasoning, the FIU can't assess the intelligence value of the filing.

4. Filing with undocumented subject gaps. If the subject is partially identified, document it explicitly. "Name and address confirmed; date of birth not on file; government ID unverified" is an acceptable and honest narrative statement. An empty field with no explanation is a finding.

5. Passive voice throughout. "Funds were transferred" and "deposits were made" obscure who did what. Active voice is clearer and more useful to investigators: "The account holder deposited $9,800 in cash on March 3, immediately followed by a $9,500 outbound wire to a correspondent account in the UAE."

6. No reference to prior SARs. If your institution has filed on this subject before, include the prior SAR reference number and a one-line continuity summary. Pattern recognition across filings matters to both FIUs and examiners assessing your program's effectiveness over time.

How FluxForce automates this

FluxForce's AI agents handle the monitoring and screening work that feeds into a SAR narrative: real-time transaction monitoring, automated sanctions and PEP screening, and continuous adverse media checks across every account and counterparty. When an alert escalates to a filing decision, the system assembles the chronological transaction data, subject profile, and red-flag evidence into a pre-populated draft narrative. Analysts review and finalize rather than build from scratch. Teams using this workflow reduce AML compliance cost without adding headcount, and every decision comes with a full, audit-ready evidence trail. If you want to see how that works in practice, book a demo.