Uncovering Valuable Intel in FinCEN Suspicious Activity Data


As Paul Manafort’s recent troubles demonstrate, records of suspicious financial activity can be instrumental to an investigation. Prior to his indictment, the FBI was reportedly looking into 13 suspicious wire transfers that were submitted to the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN). While use of such data by the FBI is commonplace for investigation into a number of crimes such as money laundering, tax fraud, and even terrorism, it is largely underutilized among the private sector. This data, in aggregate, is incredibly useful to the very financial institutions that are required to submit it to FinCEN.

The Bank Secrecy Act of 1970 — requiring financial institutions (FIs) to file a Suspicious Activity Report (SAR) on any transaction that meets a number of criteria or red flags — created an opportunity for FIs to use their data for a greater good to help law enforcement develop leads and identify nefarious actors in financial crime.

This act also created an opportunity for FIs to benefit from one another’s investigative work (and resulting data).

Now is the time for FIs to analyze and act on that data.

With great volume comes great potential

In an effort to create more transparency, FinCEN has made the past six years worth of records publicly available via its website. This data makes it possible for financial institutions to gain a better view of the industry as whole — to find reassurance in the important work they are already doing and insight into particular areas they should be monitoring.

The challenge for FIs is no longer accessing this key data, rather it’s carving out time to analyze all of it in a meaningful manner. Despite the volume of available SAR data, a cursory search of the data on the FinCEN site isn't likely to yield immediate actionable insight. It does, however, yield great potential.

This trove of information can provide valuable intel to FIs if analyzed the right way.

In the past, FinCEN published quarterly reports that provided an analysis of SAR trends and highlighted particular types of suspicious activity. The reports drew insights from changes in the number of filings of “pre-coded” suspicious activities in FinCEN’s filing submission form and from the analysis of raw SAR narratives (which are not publicly available).

However, FinCEN stopped publishing the quarterly reports after implementing its interactive SAR stats tool.  While the interactive tool does allow users to generate slightly more granular data, the summary statistics FinCEN now publishes annually don’t include the insights that were especially valuable to financial institutions.

Fortunately, with access to the data, there is still much intel to be uncovered.

Enter Enigma, the expert in bridging data divides.

Introducing Enigma SAR reports

Viewing the FinCEN data holistically enables financial institutions to put their own SAR filings into the context of the industry as a whole, educate teams, and inform strategy at the highest level based on key trends.

In an effort to make that type of valuable analysis available to FIs and the public, Enigma will  produce a series of reports highlighting trends and insights gleaned from FinCEN’s publicly available data on SARs. While we won’t replicate FinCEN’s previous reports exactly, as they are the only ones with access to the narrative information, we will investigate trends in locations, categories, and institutions as the data comes in each quarter.

In our first post, Trendwatching Across FinCEN’s Suspicious Activity Data, we dig into the number of filings by institution type as well as the most common types of suspicious activity for each.

Digging into the data

FinCEN has made available key fields such as type of suspicious activity, product, instrument, and financial institution, as well as geography (state + county / metro). By understanding the other kinds of institutions that are filing activity that is categorized in the same way, FIs, at a minimum, can understand how many (and which types of) FIs are seeing similar activity.

Additionally, if FIs track this activity over time, they can view spikes or surges that may be indicative of a larger problem. This insight helps guide decision-making around if (and when) FIs should reach out to law enforcement, whether certain monitoring rules are working, whether a special targeted rule may need to be run, and ultimately, inform the optimization process of transaction monitoring.

This is precisely the type of insight we aim to generate through our upcoming analysis.

The future of financial intelligence: ‘The stakes are so high.’

When Jennifer Shasky Calvery, the former director of FinCEN, addressed the ACAMS AML and Financial Crimes Conference last year, she offered both encouragement and warning to the gathered members — “I am grateful to see so many of our partners across the financial industry who are helping to safeguard the U.S. financial system from abuse. It is a daunting responsibility. Especially when the stakes are so high.”

When the stakes are that high, access to the data and relevant financial intelligence makes a difference. If the federal government and the financial industry are to be partners as Calvery hoped, the continued sharing of insights between private and public institutions — beyond just summary statistics — should be another.

Enigma is working to make that a reality.


As we launch more regular reports, we’d love to get your feedback. Interested in a certain type of analysis? Let us know. We’re keen to gain a deeper understanding of how FIs are thinking about the SAR categories and different types of activity based on priorities.

Be sure to check out our first trend post, available on the blog now.