How to Write a SAR Narrative That Satisfies FinCEN Examiners in 2026

Most compliance teams know they need to file Suspicious Activity Reports (SARs), but only a few understand how to draft one that passes an examiner’s scrutiny or is even used by law enforcement.

In October 2025, the FAQs by the FinCEN changed the discourse. The regulator now focuses on the quality of information rather than the quantity. It stated that reporting should help institutions provide law enforcement with important and actionable information. The point is straightforward: a technically legal SAR, which narrates no actual story, is a dropped duty.

Why Most SAR Narratives Fail the Examiner Test

Examiners reviewing Suspicious Activity Reports (SARs) consider them within a broader context rather than in isolation. Instead, they compare these filings against the organization’s policies, assessment outcomes, and the records of the case investigations.

The FFIEC BSA/AML Examination Manual is direct on this: SAR narratives must be complete and clearly describe the extent and nature of the activities that seem suspicious. Incomplete or disorganized narratives make further analysis difficult, if not impossible. That standard carries the actual weight in an exam.

Common mistakes include starting with unrelated background information, using cautious language that doesn’t clearly explain why the activity seems suspicious, or describing what happened without saying why it matters. Each of these weakens the filing and, under 2026 examiner expectations, will draw questions.

The Suspicious Activity Report Template That Works: The 5W+H Structure

They are not the headings to be used in the document. They are the six questions that the story has to answer before it can be said to be complete.

How to Write a SAR: Narrative Structuring in Three Parts

A defendable SAR story has the format of an introduction, along with the body, and a conclusion. The issue at hand is not solely about individual preferences, but that which makes a filing comprehensible to a person who has read hundreds of SARs.

• Introduction paragraph: Initiate the report introduction with a concise, objective overview: who the subject is, what kind of activity is being reported, and the overall amount of dollars involved. This paragraph exists to orient the reader immediately. FinCEN reviewers process large volumes of filings; the opening sentence should hint at what they are about to read.
• Body: This is where most narratives fail. The body must describe how it was carried out: how the transactions were arranged, the sequence of operations, the means of operation (wire transfers, cash deposits, negotiable instruments), and the relationship between the accounts, the entities, or the third parties. Including the individual transaction dates and amounts if the activity spans multiple time periods. Subject context belongs here, too. Occupation, nature of business, length of the banking relationship, and any discrepancy between stated activity and actual transaction behavior should all appear in the body, as the narrative must explain why those discrepancies matter.
• Conclusion: Close with the institution’s response: whether accounts were closed or restricted, whether law enforcement was contacted separately, and where supporting documentation is retained. If the filing references a FinCEN advisory key term, for example, “FIN-2024-DEEPFAKEFRAUD” for deepfake-related fraud, include it here and in SAR field 2.

SAR Narrative Best Practices For Language, Red Flag Articulation, and Precision

Write factually, not speculatively

Phrases like “activity may indicate” or “could be consistent with” do not convey suspicion; they document uncertainty. If the institution has crossed the threshold of reasonable suspicion, this should be reflected directly: “The transaction pattern is inconsistent with the customer’s stated business profile and prior account history.”

Examiners are looking for a clear, documented basis for the institution’s belief that the activity is suspicious. The foundation should be clearly stated in the narrative, rather than being merely hinted at.

Articulate the red flags explicitly

Red flags should be named, not described around. If a customer made structured cash deposits in amounts just below $10,000 over eight consecutive days, say that. If wire transfers to high-risk jurisdictions occurred immediately after large cash deposits with no apparent business rationale, say that. The narrative has to make the connection between observed activity and the financial crime typology it resembles, whether that’s layering, structuring, trade-based laundering, or any other pattern.

A FinCEN October 2025 FAQs practical note: a transaction of or close to the amount required to file a Currency Transaction Report of $10,000 does not necessarily result in a SAR obligation. The SAR is only justified if the institution is aware, or suspects of knowing, or has reason to know, that the transaction is made to avoid reporting. It is not enough to record the amount of suspicion, but rather to make it articulate in the narrative.

Don’t repeat what the form already captures

SAR form fields capture institution identity, account numbers, subject names, and the transaction amounts. It is not required by the narrative to restate these. Examiners need the narrative to include analytical value, context, pattern, and an explanation of why this activity is not consistent with legitimate financial behavior.

FinCEN SAR Requirements 2026: What Has Changed

The October 2025 FAQs clarified several points that are directly affecting how institutions approach SAR narrative writing and program management:

Continuing activity timelines are now flexible:

The expectation of filing a continuing SAR within 120 days of the last filing is no longer mandatory. Institutions can also use their risk-based internal monitoring controls to identify and report ongoing suspicious activity as it occurs. What this means practically: a continuing SAR narrative should document that the institution’s standard monitoring controls identified new activity, not frame the filing as a calendar-driven review.

No-SAR documentation is optional:

FinCEN has confirmed that there is no obligation to record decisions regarding not submitting filings. If the institution chooses to document those decisions, advisable in complex cases, a short statement aligned with the policies internally is sufficient.

How Monitoring Quality Shapes SAR Quality

A SAR narrative is only as strong as the investigation behind it. This is where the relationship between transaction monitoring and SAR filing quality becomes concrete. Monitoring systems that generate structured, documented alert rationale give analysts a clear starting point for narrative construction. When case management captures the full investigation trail, the alert, the review, the supporting documentation, the narrative is constructed from evidence rather than memory.

AML Watcher tracks transactions by matching behavior patterns to over 150 pre-built AML categories and more than 10,000 customizable detection rules. These tools help identify specific kinds of activities that may need a SAR filing. For compliance teams looking to improve their reports to meet 2026 exam standards, the main focus should be on monitoring that provides clear and ready-to-investigate information.

A Pre-Submission Checklist for How to Write a SAR That Passes Review

Before filing, check the narrative against these questions:

• Does the introductory paragraph specify the topic, the type of activity, and the overall sum?
• Does the body clarify the method of operation with definite dates, amounts, and transaction types?
• Is the basis for suspicion stated directly, not hedged or implied?
• Are the red flags named explicitly and linked to a recognizable financial crime pattern?
• Does narrative add analytical context that is beyond what the form fields already capture?
• If applicable, are FinCEN advisory key terms included in field 2 and the narrative?
• Is the institution’s response and documentation location noted in the conclusion?

A narrative that answers all seven passes the examiner test. One that doesn’t will generate findings.

Common SAR Narrative Mistakes That Draw Examiner Attention

Knowing what failure looks like makes the standard easier to apply. These are the patterns examiners flag most often:

How AML Watcher Strengthens SAR Quality Through Smarter Detection and Investigation Readiness

Financial institutions face rising pressure to produce SARs with clear reasoning and actionable insights, yet weak detection often results in narratives that fail examiner review.

AML Watcher strengthens SAR creation from the detection stage, using 150+ AML typologies and configurable rules to identify suspicious activity, reduce false alerts, and support structured investigations.

Standardized workflows ensure consistent evidence collection and transaction analysis, enabling clearer narratives, stronger fund flow insights, and compliance with FinCEN and FFIEC expectations.