Frequently Asked Questions Regarding Suspicious Activity Reporting Requirements

Frequently Asked Questions Regarding Suspicious Activity Reporting Requirements

Financial Crimes Enforcement Network
NASCUS Legislative and Regulatory Affairs

October 9, 2025

The Financial Crimes Enforcement Network (FinCEN), together with the other federal banking agencies, has issued an FAQ regarding Suspicious Activity Reporting Requirements.  The FAQ consists of four questions with a stated goal of “ensuring financial institutions are not needlessly expending resources on efforts that do not provide law enforcement and national security agencies with the critical information they need to detect, combat, and deter criminal activity.”

The questions address:

  • Whether a SAR is required when there may be structuring to avoid the $10,000 CTR reporting threshold, stating: “The mere presence of a transaction or series of transactions, at or near the $10,000 CTR threshold is not information sufficient to require the filing of a SAR.” Rather, a SAR is only required “if the institution knows, suspects, or has reason to suspect” a series of transactions are “designed to evade” CTR filings. It further explains where the lines may be drawn when determining whether to file.
  • As it relates to continuing activity reviews: FinCEN recognizes these are a “burden” and states that a separate review of a customer or account following the filing of a SAR to determine whether suspicious activity continued is not required. Financial institutions instead “may rely on risk-based internal policies, procedures, and controls to monitor and report suspicious activity as appropriate, provided those internal policies, procedures, and controls are reasonably designed to identify and report such activity.”
  • Question three of the FAQ provides a timeframe for filing any continuing SARs.
  • The fourth question clarifies if a financial institution decides to not file a SAR, there is not a requirement to document this.  It is important to note, financial institutions may continue to document when they decide not to file a SAR.

CFPB Final Rule re Small Business Lending under the Equal Credit Opportunity Act; Extension of Compliance Dates

12 CFR Part 1002

The Consumer Financial Protection Bureau (CFPB) finalized its June 18, 2025 interim final rule amending Regulation B to extend the compliance dates set forth in its 2023 small business lending rule, as amended by a 2024 interim final rule and to make other date-related conforming adjustments.  

The final rule becomes effect on December 1, 2025.  The final rule can be found here.

Summary

Section 1071 of Dodd Frank amended the Equal Credit Opportunity Act (ECOA) to require that financial institutions collect and report to the CFPB certain data regarding applications for credit for women-owned, minority-owned, and small businesses.  Section 1071’s statutory purposes are to (i) facilitate enforcement of fair lending laws, and (ii) enable communities, governmental entities, and creditors to identify business and community development needs and opportunities of women-owned, minority-owned, and small businesses.

Section 1071 directs the CFPB to prescribe such rules and issue such guidance as may be necessary to carry out, enforce and compile data pursuant to Section 1071.  In March 2023, the Bureau issued a final rule to implement Section 1071.  In early June 2024, the Bureau issued an interim final rule to extend the rule’s compliance dates.  The Bureau then issued a second interim final rule on June 18, 2025, the CFPB extended the compliance dates set forth in the 2023 final rule by approximately one year. 

In this final rule, the Bureau finalizes the compliance dates specified in the 2025 interim final rule. The new compliance dates are July 1, 2026 (Tier 1 institutions); January 1, 2027 (Tier 2 institutions) and October 1, 2027 (Tier 3 institutions). 

12 CFR Part 1091

The Consumer Financial Protection Bureau (CFPB) issued a final rule that rescinds the amendments it adopted in April 2022, November 2022 and April 2024 to the Procedures for Supervisory Designation Proceedings, with the exception of some limited process adjustments.

The final rule becomes effective as of October 27, 2025The final rule can be found here.

Summary

Section 1024 of the Consumer Financial Protection Act authorizes the Bureau to supervise a nonbank covered person that the Bureau “has reasonable cause to determine, by order, after notice to the covered person and a reasonable opportunity for such covered person to respond…is engaging, or has engaged, in conduct that poses risks to consumers with regard to the offering or provision of consumer financial products/services.”

In 2013, the Bureau issued procedures to govern these supervisory designation proceedings.  Under the 2013 rule, information regarding the proceedings was treated as confidential supervisory information and not publicly disclosed.

The Bureau then issued a series of rules (in 2022 and 2024) that amended the 2013 rule. The new rules enabled the Director to publicly release the Director’s final decisions and orders designating respondents for supervision.  The Bureau also removed the role of the Associate Director of SELF from the process and instead specified that the Director would preside over the proceeding without receiving a recommended determination. 

In May 2025, the Bureau issued a notice of proposed rulemaking that requested public comment on rescinding the 2022-2024 rules and restoring the 2013 rule.  After considering the comments, the Bureau has decided to rescind the 2022-2024 rules, except that the Bureau is retaining some limited process adjustments that were contained in the 2024 rule.

NASCUS Legislative and Regulatory Affairs Committee
September 2025

Consistent with Executive Order (EO) 14281, Restoring Equality of Opportunity and Meritocracy,” the NCUA has issued LTCU 25-CU-04 removing references to disparate impact liability from its “Fair Lending Guide.” The NCUA is also removing references in other issuances and has directed examiners to no longer request, review, or conclude on or follow up on:

  • Matters related to a credit union’s disparate impact risk,
  • Internal disparate-impact risk analysis, or
  • Disparate-impact risk assessment processes or procedures.

Supervisory processes will continue to include fair lending risk assessments and the analysis of HMDA data for potential evidence of disparate treatment.

NASCUS Legislative and Regulatory Affairs Committee
September 2025

In response to Executive Order (EO) 14331, Guaranteeing Fair Banking for All Americans, the NCUA has issued Letter to Credit Unions (LTCU) 25-CU-05. The LTCU notifies federally insured credit unions (FICUs) that, effective September 25, 2025, the Agency will no longer be utilizing reputation risk and equivalent concepts in the examination and supervisory process, nor will they refer to or engage in discussions about reputation risk as part of examinations and supervision contacts of a credit union or CUSO.

The NCUA will continue to include key review areas historically classified under reputation risk, like financial liability associated with litigation and insider abuse, as part of an examination as necessary.

The agency is reviewing and updating its regulations, manuals, guidance, and training materials to remove references to reputation risk. The LTCU notes that until these resources are updated, this LTCU supersedes any previous information related to reputation risk.

Justification Summary

NASCUS Legislative and Regulatory Affairs Department
September 30, 2025

The National Credit Union Administration (NCUA) has published its proposed budget[1] for fiscal years 2026 and 2027, marking a significant shift toward streamlined operations and fiscal prudence. This year no public briefing has been set to offer comments; however, interested parties may provide comments on the budget, as published in the Federal Register[2], until October 24, 2025.  While NASCUS refrains from commenting on a peer regulatory budget, concerns continue regarding the development and implementation of the Overhead Transfer Rate (OTR), which will be addressed in its own review process.

The overall budget, which includes the Operating Budget, Capital Budget, and Share Insurance Fund Administrative Expenses Budget, reflects a concerted effort to align with federal efficiency mandates.  At the office level, most NCUA departments face budget and staffing reductions, with the Office of the Executive Director and Office of External Affairs and Communication seeing the largest proportional cuts. Despite these reductions, the agency prioritizes crosscutting investments in IT and modernization to support its mission.

In 2026, the total proposed budget stands at $313.8 million, a notable 20.6% decrease from the previous year. This reduction is largely attributed to a 23% cut in staffing, a 34% decline in contracted services, and a 13% decline in travel expenses. These changes stem from the agency’s reorganization under the President’s Department of Government Efficiency initiative, which included a Voluntary Separation Program that saw 262 employees depart. The 2026 budget supports 967 positions, with flexibility to rehire up to 23 roles as needed.

The 2027 budget is projected at $344.7 million, representing a 9.8% increase over 2026 but still 12.8% below 2025 levels. This growth accounts for inflation and a reduction of surplus funds from prior years.  The proposed 2027 budget is $1.9 million higher than the proposed 2026 level largely because of the $1.7 million in proceeds from the sale of the Austin, TX building that offsets the 2026 budget. When excluding this one-time revenue, the 2027 budget increases $150,000, or 3 percent, compared to the 2026 level.

The Operating Budget for 2026 is set at $292.4 million, with 82% allocated to employee compensation and benefits. Contracted services are budgeted at $24 million, supplemented by $44.8 million in prior-year surpluses. Travel, rent, and administrative costs are all trimmed to reflect the agency’s leaner structure.

Capital investment projections total $18.1 million in 2026, targeting key upgrades including a $3.2 million enterprise computer refresh, $2.9 million in enhancements to the MERIT examination platform, and $1 million for a new customer relationship management system. Additional funds support IT infrastructure and minor headquarters maintenance.

The Share Insurance Fund Administrative Expenses Budget is reduced to $3.3 million, aided by proceeds from the sale of the Austin, TX office. These funds support stress testing, examiner training, and insurance-related operations.

To finance its operations, the NCUA relies on a combination of the Overhead Transfer Rate[3] (OTR) and operating fees. Based on the Board-approved methodology and the proposed budget, the OTR for 2026 is estimated to be 61.8 percent, which is an increase of one basis point from 2025. Thus, 61.8 percent of the total 2026 Operating Budget is estimated to be paid out of the Share Insurance Fund. The remaining 38.2 percent of the Operating Budget is estimated to be paid for by operating fees collected from federal credit unions. The operating fee rate[4] is reduced by 23.6%, thanks to surplus funds and asset growth. 

NASCUS continues to believe that while improvements in the methodology to apply expenses to the NCUSIF through the OTR have been instituted, there remain legitimate talking points regarding further improvements to ensure the appropriateness of the allocation of expenses between the two programs.  At this time, the NCUA Board has not scheduled an open hearing to receive verbal input on the proposed budget.  NASCUS will notify membership once a public hearing date has been announced.

NASCUS will be providing comments to NCUA regarding the proposed budget.  NASCUS members should provide suggested comments to SVP John Kolhoff by October 15, 2025.

[1] www.ncua.gov/files/publications/budget/budget-justification-proposed-2026-2027.pdf

[2] 90 FR 46640

[3] On November 16, 2017, the NCUA Board adopted a new methodology for calculating the OTR starting with the 2018 OTR. 82 FR 55644, November 22, 2017.  

[4] See https://www.federalregister.gov/documents/2023/12/26/2023-28303/national-credit-union-administration-operating-fee-schedulemethodology    

DateTitleSummary
April, 2021Legal Opinion: 21-3500 Proposed Capital Markets Funding Program for Credit UnionsAvailable
June, 2020Automated Loan Underwriting System – Segregation of Duties for Loan Officers Available 
June, 2020Reasonable Proximity AnalysisAvailable 

NASCUS Legislative and Regulatory Affairs
September 2025

On August 28, 2025, in conjunction with an advisory, FinCEN issued a Financial Trend Analysis on Chinese Money Laundering Networks (CMLN). FinCEN analyzed 137,153 BSA reports, totaling $312 billion in suspicious activity. The analysis was conducted on reports filed between January 1, 2020, and December 31, 2024.  FinCEN’s analysis identified specific trends in CLMN activity. The trends included the role of U.S. and foreign-based Chinese passport holders. The analysis also provides insight on how CMLNs launder illicit proceeds from criminal activities, including drug trafficking, and how CMLNs launder money on a global scale.

The following are key highlights identified in the analysis.

  • Banks Filed the Majority of Potentially CMLN-Related BSA Reports in the Dataset: Depositories filed 85% of reports reviewed, which predominantly identified subjects engaged in money laundering activity. MSBs filed the second-highest number of reports, accounting for 9%.
  • CLMNs Rely on U.S.-Based Chinese Nationals to Deposit Cash – Often Unknown Sources of Funds – into the U.S. Financial System: CMLNs facilitate money laundering for criminal organizations by using U.S.-based accounts, including both personal and business accounts. These are often initiated through large cash deposits, inconsistent with the customer’s profile. Foreign-based accounts are also used to move and launder illicit funds through the U.S. financial system.
  • CMLNs’ Access to USD Potentially Facilitates Trade-Based Money Laundering Schemes: CLMN’s service Chinese nationals seeking U.S. dollars (USD), facilitate trade-based money laundering (TBML), and enable other types of money laundering schemes. The analysis identified that financial institutions filed 512 reports within the review period that referenced the term TBML, totaling $9.7 billion in reported suspicious activity.
  • CMLNs Potentially Work with U.S. Based “Daigou” Buyers to Launder Illicit Proceeds: The analysis found that CMLNs recruit individuals known as “daigou” buyers (“buying on behalf of”) to purchase high-value electronics and luxury goods for export to the People’s Republic of China.  “Diagou” was reporting in a small number of BSA reports in the review period and was associated with $9.6 million in suspicious activity.
  • Potential Human Trafficking and Smuggling Related Activity Involving U.S.-Based Chinese Passport Holders: Financial institutions filed 1,675 BSA related reports during the review period, indicating suspicious activity potentially involving human trafficking or human smuggling.
  • CMLNs are Potentially Using Adult Daycare Centers Located in New York to Further Laundering Activities. CMLNs are also Linked to Healthcare Fraud, Elder Abuse, and Illicit Gaming Activity: The analysis found that financial institutions filed 43 BSA reports during the review period, involving $766 million in suspicious activity, on 83 adult and senior day care centers, all of which listed addresses in New York. An additional 108 BSA reports in the dataset involved deposited funds associated with healthcare fraud, elder abuse, and suspicious gaming activity.
  • CMLNs Potentially Facilitating Real Estate Purchases Funded by Illicit Proceeds from a Variety of Financial Crimes: Financial institutions filed 17,389 BSA reports during the review period associated with more than $53.7 billion in suspicious activity involving the real estate sector. CMLNs potentially play a key role in laundering illicit funds through U.S. real estate by using complex, layered transactions; involving third parties; and ultimately, integrating illicit proceeds into the real estate sector. They also potentially target high-value markets and leverage Chinese investors who have strong interest in U.S. real estate.
  • CLMNs May Use Chinese Students to Engage in a Variety of Suspicious Activities and Schemes: FinCEN found that financial institutions filed 20,282 BSA reports during the review period involving $13.8 billion in suspicious activity and referenced individuals purporting to be Chinese students. These students may be vulnerable to recruitment and exploitation by U.S.-based CMLNs, which need access to, and control of, many bank accounts to place illicit funds into the U.S. financial system.

NASCUS Webinar Series

Access our library of past webinar recordings, featuring expert-led discussions on key issues facing credit unions—from risk management and compliance to emerging industry trends. Watch on demand and stay up to date at your convenience.

Watch Past Webinars

Stay Informed with Past Committee Webinars

Catch up on past special Legislative & Regulatory Committee and AML Roundtable webinars, where industry experts and regulators explored emerging policies, compliance challenges, and legislative developments impacting the state credit union system. Access the recordings anytime to stay current on the issues that matter most.

Watch Past Webinars

NASCUS/CUbroadcast Interviews

Wondering what you’re missing? CUbroadcast’s Mike Lawson offers sneak peeks of the speakers & sessions during NASCUS and industry events.

Watch Here

A Collaboration Portal for Regulators

Updated SSA monthly call schedule
Please note these calendar invites have already been updated!

2025 New Commissioner Orientation

Click here to open the presentation [PDF].

This interactive 90-minute online event is designed to support newly appointed state agency leaders and senior staff by providing a comprehensive introduction to NASCUS and its resources tailored to assist your agency’s mission.

2024 NASCUS Examiner 101 Training

Video transcript

Reports

NASCUS Profile Survey Reports

NASCUS Quarterly Public Information Reports

NASCUS/United States Department of the Treasury Virtual Cybersecurity Tabletop Exercise (TTX) IV

Hamilton Exercise Program After-Action Report/Improvement Plan December 18, 2023 

Please note: The information, observations, or findings in the above-mentioned PDF/link should not be shared outside your regulatory agency. 

CISA Vulnerability Snapshot – Financial Services Sector

Please note: The information, observations, or findings in the above-mentioned PDF/link should not be shared outside your regulatory agency. 

By monitoring legislation across federal and state arenas, NASCUS ensures members stay informed on developments that shape the state credit union system—supporting smarter decisions and a stronger, more agile state system. This resource is continuously being updated.

2025 Federal Legislation Reports

2025 State Legislation Reports

NASCUS Legislative and Regulatory Affairs Department
September 2, 2025

Summary

On August 18, 2025, the Department of the Treasury (“Treasury”)  issued a request for comment on the use of innovative or novel methods, techniques, or strategies to detect and mitigate illicit finance risks involving digital assets. The notice was issued as a requirement of the Guiding and Establishing National Innovation for U.S. Stablecoins Act (GENIUS Act) and supports the Administration’s policy of supporting the responsible growth and use of digital assets outlined in Executive Order 14178.  This request also aligns with the July 30, 2025 report from the Working Group on Digital Assets advocating enhanced AML/CFT measures through public-private collaboration.

Comments must be received on or before October 17, 2025.

Request for Comment

With this request for comment Treasury seeks to identify innovative methods that financial institutions currently use or could use to detect illicit activities, such as money laundering, involving digital assets. The GENIUS Act lists four specific technologies in which Treasury is seeking comment, which include:

  • Application Program Interfaces (APIs): APIsserve as system access points or library functions that allow different software applications to communicate and interact, including those used for AML/CFT and sanctions compliance. APIs can be used to share data automatically and facilitate access to transaction information. Once deployed, they can also be used to help enforce strict access controls, monitor transactions, and enhance security for institutions handling digital assets.
  • Artificial Intelligence (AI) Systems: AI, for purposes of this request, means a “machine-based system that can, for a given set of human-defined objectives, make predictions, recommendations, or decisions influencing real or virtual environments.” AI is used in financial institutions to help analyze significant amounts of data and more effectively identify illicit patterns, risks, trends, and typologies in money laundering.
  • Digital identity verification mechanism: Digital identity verification, also known as “identity proofing,” involves confirming a person’s identity in a digital setting. Treasury is interested in portable digital credentials that can simplify compliance, protect user privacy, and reduce the burden on financial institutions.
  • Blockchain monitoring tools: Blockchain technology and monitoring leverage the public ledgers of many digital assets, allowing observation and analysis of pseudonymous transactions that are on the blockchain’s public ledger. The U.S. government and financial institutions use blockchain analytics to trace illicit activity, evaluate risks, analyze cross-chain transactions, and detect patterns signaling potential illegal activities.

Treasury encourages commenters to help identify innovative or novel methods that regulated financial institutions can use to detect and mitigate illicit finance risks involving digital assets. For each method discussed when providing feedback, Treasury seeks comments on the following factors:

  • Improvements in the ability of financial institutions to detect illicit activity involving digital assets;
  • Costs to regulated financial institutions;
  • The amount and sensitivity of information that is collected or reviewed;
  • Privacy risk associated with the information that is collected or reviewed;
  • Operational challenges and efficiency considerations;
  • Cybersecurity risks; and
  • Effectiveness of the methods, techniques, or strategies at mitigating illicit finance.

Questions for commenters include:

  1. What are the most significant illicit finance risks and vulnerabilities in the digital asset ecosystem, and what trends have financial institutions observed?
  2. What innovative API-related strategies are financial institutions using to detect illicit activity, and what are the associated risks, benefits, and challenges?
  3. How is AI being used to analyze transactional data and identify complex illicit financial networks? What are the key lessons learned, and what are the risks and benefits of using AI?
  4. What are financial institutions using for digital identity verification, including portable digital credentials, and what are the related risks, benefits, and challenges?
  5. How are financial institutions using blockchain monitoring tools to integrate on-chain and off-chain data? What are the challenges, such as obfuscation tools, that complicate tracing and attribution?

What other innovative technologies, such as cryptographic protocols, cloud-based solutions, oracles, or smart contract tools, are being used to combat illicit finance? What are their risks and benefits