The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.
Federal Reserve Bank of Dallas l l★K July 12, 2000 DALLAS, TEXAS 75265-5906 Notice 2000-42 TO: The Chief Executive Officer of each financial institution and others concerned in the Eleventh Federal Reserve District SUBJECT Agencies Issue Revised Suspicious Activity Report Form DETAILS The Board of Governors of the Federal Reserve System, the Federal Deposit Insurance Corporation, the National Credit Union Administration, the Office of the Comptroller of the Currency and the Office of Thrift Supervision, together with the Financial Crimes Enforcement Network (FinCEN) have issued a revised Suspicious Activity Report (SAR) form. Beginning immediately, financial institutions and organizations currently required to report suspicious activity pursuant to existing regulations of the federal financial institutions supervisory agencies and FinCEN may use the new SAR form to make these reports. Financial institutions and organizations may continue using the existing SAR form while their procedures and systems are updated to make use of the new SAR form. However, only the new form will be accepted after December 31, 2000. The revisions to the SAR form reflect comments from filers and users on how to make the form easier to complete and how to provide more useful and timely information. In addition to modifying the layout of the SAR form, the agencies have: • Added a check box for “Computer Intrusion” to Part III, “Suspicious Activity Information,” in recognition of the need to obtain more specific information about computerrelated suspicious activity. Also, a specific definition of “Computer Intrusion” has been added to the “When to Make a Report” instructions at number 2; • Deleted the two sections requiring witness and preparer information and replaced them with Part IV, “Contact for Assistance”; • Removed the requirement to provide the name and address of any law enforcement authorities contacted regarding the suspicious activity being reported and replaced it with For additional copies, bankers and others are encouraged to use one of the following toll-free numbers in contacting the Federal Reserve Bank of Dallas: Dallas Office (800) 333-4460; El Paso Branch Intrastate (800) 592-1631, Interstate (800) 351-1012; Houston Branch Intrastate (800) 392-4162, Interstate (800) 221-0363; San Antonio Branch Intrastate (800) 292-5810. -2- Part III, “Suspicious Activity Information,” items 40 through 44, to include check boxes for the law enforcement agencies contacted and space to list the names and telephone numbers of law enforcement personnel contacted; and • Deleted the requirement to identify whether a SAR is an “Initial Report,” “Corrected Report,” or “Supplemental Report.” Instead, filers will only be required to identify when a SAR is being filed to correct a prior SAR. Specific instructions on filing a SAR to correct a prior report have been added in the “How to Make a Report” instructions at number 3. Along with the new SAR form, guidance and new software are available to assist with preparing and filing the report. The new SAR form and software will enable financial institutions and organizations to file a suspicious activity report by: • Using the new SAR software to complete the SAR form, saving it on a diskette, and mailing it to the Detroit Computing Center, as outlined in the SAR instructions; • Using the new SAR software to complete the form and then printing a paper version and mailing it to the Detroit Computing Center, as outlined in the SAR instructions; • Producing a magnetic tape of SAR forms (using revised specifications obtained from the Detroit Computing Center) and mailing it to the Detroit Computing Center; or • Completing (if none of the above options is available) the paper version of the SAR and mailing it to the Detroit Computing Center, as outlined in the SAR instructions. ATTACHMENTS The new SAR form and preparation guidelines are attached. Also, the form, the guidance, and the software are available on FinCEN’s web site at http://www.fincen.gov/reg_bsaforms.html. Please select the link for TD F 90-22.47 Suspicious Activity Report (SAR). Then, you may choose the SAR fill-in version, the preparation guidelines, or the software. MORE INFORMATION For more information about the new SAR form, please contact Zane Rogers, Banking Supervision Department, at (214) 922-6086. For additional copies of this Bank’s notice, contact the Public Affairs Department at (214) 922-5254 or access District Notices on our web site at http://www.dallasfed.org/banking/notices/index.html. 1 Suspicious Activity Report FRB: FDIC: OCC: OTS: NCUA: TREASURY: ALWAYS COMPLETE ENTIRE REPORT (see instructions) FR 2230 6710/06 8010-9,8010-1 1601 2362 TD F 90-22.47 OMB No. 7100-0212 OMB No. 3064-0077 OMB No. 1557-0180 OMB No. 1550-0003 OMB No. 3133-0094 OMB No. 1506-0001 Revised June 2000 (This revision supersedes all others) 1 Check box below only if correcting a prior report. Corrects Prior Report (see instruction #3 under How to Make a Report) Part I Reporting Financial Institution Information 2 Name of Financial Institution 3 EIN 4 Address of Financial Institution 5 Primary Federal Regulator a 9 8 Zip Code Address of Branch Office(s) where activity occurred 10 City b Part II NCUA 13 If institution closed, date closed ____ / ____ / _______ DD c d No YYYY Closed? Yes No Yes Suspect Information No Suspect Information Unavailable 15 Last Name or Name of Entity 16 First Name 17 Middle 18 Address 19 SSN, EIN or TIN 21 State 20 City 22 Zip Code 24 Phone Number - Residence (include area code) ( OTS MM Closed? Yes No Yes OCC e Multiple Branches (include information in narrative, Part V) 11 State 12 Zip Code 14 Account number(s) affected, if any a d FDIC c 7 State 6 City Federal Reserve b 23 Country 25 Phone Number - Work (include area code) ) ( ) 27 Date of Birth _______ / _______ / _________ 26 Occupation/Type of Business MM DD 28 Admission/Confession? a YYYY Yes b No 29 Forms of Identification for Suspect: a Drivers License/State ID b Passport c Alien Registration Number __________________________ d Other ______________ Issuing Authority ______________________ 30 Relationship to Financial Institution: a Accountant d Attorney g Customer j Officer b Agent e Borrower h Director k Shareholder c Appraiser f Broker i Employee l Other ________________________________ 31 Is the relationship an insider relationship? a If Yes specify: c d Yes b No Still employed at financial institution e Terminated Suspended Resigned f 32 Date of Suspension, Termination, Resignation _______ / _______ / __________ MM DD YYYY Part III 2 Suspicious Activity Information 34 Total dollar amount involved in known or suspicious activity 33 Date or date range of suspicious activity From ____ / _____ / _______ To ____ / _____ / _______ MM DD YYYY MM DD $ YYYY , 35 Summary characterization of suspicious activity: a Bank Secrecy Act/Structuring/ f Computer Intrusion Money Laundering g Consumer Loan Fraud b Bribery/Gratuity h Counterfeit Check c Check Fraud i Counterfeit Credit/Debit Card d Check Kiting j Counterfeit Instrument (other) e Commercial Loan Fraud k Credit Card Fraud s , l m n o p q r .00 , Debit Card Fraud Defalcation/Embezzlement False Statement Misuse of Position or Self Dealing Mortgage Loan Fraud Mysterious Disappearance Wire Transfer Fraud Other (type of activity) 36 Amount of loss prior to recovery (if applicable) $ , , 37 Dollar amount of recovery (if applicable) .00 $ , , 39 Has the institutions bonding company been notified? a Yes b No 40 Has any law enforcement agency a DEA d b FBI e c IRS f j 38 Has the suspicious activity had a material impact on, or otherwise affected, the financial soundness .00 of the institution? a Yes No already been advised by telephone, written communication, or otherwise? Postal Inspection g Other Federal Secret Service h State U.S. Customs i Local Agency Name (for g, h or i) 42 Phone Number (include area code) 41 Name of person(s) contacted at Law Enforcement Agency ( 43 Name of person(s) contacted at Law Enforcement Agency ) 44 Phone Number (include area code) ( Part IV ) Contact for Assistance 45 Last Name 48 Title/Occupation 51 b Agency (if not filed by financial institution) 47 Middle 46 First Name 49 Phone Number (include area code) ( ) 50 Date Prepared _______ / _______ /_________ MM DD YYYY Part V Suspicious Activity Information Explanation/Description Explanation/description of known or suspected violation of law or suspicious activity. This section of the report is critical. The care with which it is written may make the difference in whether or not the described conduct and its possible criminal nature are clearly understood. Provide below a chronological and complete account of the possible violation of law, including what is unusual, irregular or suspicious about the transaction, using the following checklist as you prepare your account. If necessary, continue the narrative on a duplicate of this page. a b c d e Describe supporting documentation and retain for 5 years. Explain who benefited, financially or otherwise, from the transaction, how much, and how. Retain any confession, admission, or explanation of the transaction provided by the suspect and indicate to whom and when it was given. Retain any confession, admission, or explanation of the transaction provided by any other person and indicate to whom and when it was given. Retain any evidence of cover-up or evidence of an attempt to deceive federal or state examiners or others. f g h i j k 3 Indicate where the possible violation took place (e.g., main office, branch, other). Indicate whether the possible violation is an isolated incident or relates to other transactions. Indicate whether there is any related litigation; if so, specify. Recommend any further investigation that might assist law enforcement authorities. Indicate whether any information has been excluded from this report; if so, why? If you are correcting a previously filed report, describe the changes that are being made. For Bank Secrecy Act/Structuring/Money Laundering reports, include the following additional information: l Indicate whether currency and/or monetary instruments were involved. If so, provide the amount and/or description of the instrument (for example, bank draft, letter of credit, domestic or international money order, stocks, bonds, travelers checks, wire transfers sent or received, cash, etc.). m Indicate any account number that may be involved or affected. Paperwork Reduction Act Notice: The purpose of this form is to provide an effective and consistent means for financial institutions to notify appropriate law enforcement agencies of known or suspected criminal conduct or suspicious activities that take place at or were perpetrated against financial institutions. This report is required by law, pursuant to authority contained in the following statutes. Board of Governors of the Federal Reserve System: 12 U.S.C. 324, 334, 611a, 1844(b) and (c), 3105(c) (2) and 3106(a). Federal Deposit Insurance Corporation: 12 U.S.C. 93a, 1818, 1881-84, 3401-22. Office of the Comptroller of the Currency: 12 U.S.C. 93a, 1818, 1881-84, 3401-22. Office of Thrift Supervision: 12 U.S.C. 1463 and 1464. National Credit Union Administration: 12 U.S.C. 1766(a), 1786(q). Financial Crimes Enforcement Network: 31 U.S.C. 5318(g). Information collected on this report is confidential (5 U.S.C. 552(b)(7) and 552a(k)(2), and 31 U.S.C. 5318(g)). The Federal financial institutions regulatory agencies and the U.S. Departments of Justice and Treasury may use and share the information. Public reporting and recordkeeping burden for this information collection is estimated to average 30 minutes per response, and includes time to gather and maintain data in the required report, review the instructions, and complete the information collection. Send comments regarding this burden estimate, including suggestions for reducing the burden, to the Office of Management and Budget, Paperwork Reduction Project, Washington, DC 20503 and, depending on your primary Federal regulatory agency, to Secretary, Board of Governors of the Federal Reserve System, Washington, DC 20551; or Assistant Executive Secretary, Federal Deposit Insurance Corporation, Washington, DC 20429; or Legislative and Regulatory Analysis Division, Office of the Comptroller of the Currency, Washington, DC 20219; or Office of Thrift Supervision, Enforcement Office, Washington, DC 20552; or National Credit Union Administration, 1775 Duke Street, Alexandria, VA 22314; or Office of the Director, Financial Crimes Enforcement Network, Department of the Treasury, 2070 Chain Bridge Road, Vienna, VA 22182. The agencies may not conduct or sponsor, and an organization (or a person) is not required to respond to, a collection of information unless it displays a currently valid OMB control number. Suspicious Activity Report Instructions Safe Harbor Federal law (31 U.S.C. 5318(g)(3)) provides complete protection from civil liability for all reports of suspected or known criminal violations and suspicious activities to appropriate authorities, including supporting documentation, regardless of whether such reports are filed pursuant to this reports instructions or are filed on a voluntary basis. Specifically, the law provides that a financial institution, and its directors, officers, employees and agents, that make a disclosure of any possible violation of law or regulation, including in connection with the preparation of suspicious activity reports, shall not be liable to any person under any law or regulation of the United States or any constitution, law, or regulation of any State or political subdivision thereof, for such disclosure or for any failure to notify the person involved in the transaction or any other person of such disclosure. Notification Prohibited Federal law (31 U.S.C. 5318(g)(2)) requires that a financial institution, and its directors, officers, employees and agents who, voluntarily or by means of a suspicious activity report, report suspected or known criminal violations or suspicious activities may not notify any person involved in the transaction that the transaction has been reported. In situations involving violations requiring immediate attention, such as when a reportable violation is ongoing, the financial institution shall immediately notify, by telephone, appropriate law enforcement and financial institution supervisory authorities in addition to filing a timely suspicious activity report. WHEN TO MAKE A REPORT: 1. All financial institutions operating in the United States, including insured banks, savings associations, savings association service corporations, credit unions, bank holding companies, nonbank subsidiaries of bank holding companies, Edge and Agreement corporations, and U.S. branches and agencies of foreign banks, are required to make this report following the discovery of: a. Insider abuse involving any amount. Whenever the financial institution detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the financial institution or involving a transaction or transactions conducted through the financial institution, where the financial institution believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the financial institution was used to facilitate a criminal transaction, and the financial institution has a substantial basis for identifying one of its directors, officers, employees, agents or other institution-affiliated parties as having committed or aided in the commission of a criminal act regardless of the amount involved in the violation. b. Violations aggregating $5,000 or more where a suspect can be identified. Whenever the financial institution detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the financial institution or involving a transaction or transactions conducted through the financial institution and involving or aggregating $5,000 or more in funds or other assets, where the financial institution believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the financial institution was used to facilitate a criminal transaction, and the financial institution has a substantial basis for identifying a possible suspect or group of suspects. If it is determined prior to filing this report that the identified suspect or group of suspects has used an alias, then information regarding the true identity of the suspect or group of suspects, as well as alias identifiers, such as drivers licenses or social security numbers, addresses and telephone numbers, must be reported. c. Violations aggregating $25,000 or more regardless of a potential suspect. Whenever the financial institution detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the financial institution or involving a transaction or transactions conducted through the financial institution and involving or aggregating $25,000 or more in funds or other assets, where the financial institution believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the financial institution was used to facilitate a criminal transaction, even though there is no substantial basis for identifying a possible suspect or group of suspects. d. Transactions aggregating $5,000 or more that involve potential money laundering or violations of the Bank Secrecy Act. Any transaction (which for purposes of this subsection means a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected) conducted or attempted by, at or through the financial institution and involving or aggregating $5,000 or more in funds or other assets, if the financial institution knows, suspects, or has reason to suspect that: i. The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any law or regulation or to avoid any transaction reporting requirement under Federal law; ii. The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or iii. The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction. The Bank Secrecy Act requires all financial institutions to file currency transaction reports (CTRs) in accordance with the Department of the Treasurys implementing regulations (31 CFR Part 103). These regulations require a financial institution to file a CTR whenever a currency transaction exceeds $10,000. If a currency transaction exceeds $10,000 and is suspicious, the institution must file both a CTR (reporting the currency transaction) and a suspicious activity report (reporting the suspicious or criminal aspects of the transaction). If a currency transaction equals or is below $10,000 and is suspicious, the institution should only file a suspicious activity report. 2. Computer Intrusion. For purposes of this report, computer intrusion is defined as gaining access to a computer system of a financial institution to: a. Remove, steal, procure or otherwise affect funds of the institution or the institutions customers; b. Remove, steal, procure or otherwise affect critical information of the institution including customer account information; or c. Damage, disable or otherwise affect critical systems of the institution. For purposes of this reporting requirement, computer intrusion does not mean attempted intrusions of websites or other non-critical information systems of the institution that provide no access to institution or customer financial or other critical information. 3. A financial institution is required to file a suspicious activity report no later than 30 calendar days after the date of initial detection of facts that may constitute a basis for filing a suspicious activity report. If no suspect was identified on the date of detection of the incident requiring the filing, a financial institution may delay filing a suspicious activity report for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction. 4. This suspicious activity report does not need to be filed for those robberies and burglaries that are reported to local authorities, or (except for savings associations and service corporations) for lost, missing, counterfeit or stolen securities that are reported pursuant to the requirements of 17 CFR 240.17f-1. HOW TO MAKE A REPORT: 1. Send each completed suspicious activity report to: Detroit Computing Center, P.O. Box 33980, Detroit, Ml 48232-0980 2. For items that do not apply or for which information is not available, leave blank. 3. If you are correcting a previously filed report, check the box at the top of the report (line 1). Complete the report in its entirety and include the corrected information in the applicable boxes. Then describe the changes that are being made in Part V (Description of Suspicious Activity), line k. 4. Do not include any supporting documentation with the suspicious activity report. Identify and retain a copy of the suspicious activity report and all original supporting documentation or business record equivalent for five (5) years from the date of the suspicious activity report. All supporting documentation must be made available to appropriate authorities upon request. 5. If more space is needed to report additional suspects, attach copies of page 1 to provide the additional information. If more space is needed to report additional branch addresses, include this information in the narrative, Part V. 6. Financial institutions are encouraged to provide copies of suspicious activity reports to state and local authorities, where appropriate. PREPARATION GUIDELINES FOR SUSPICIOUS ACTIVITY REPORT FORM (SAR) June 2000 This guidance is provided to assist financial institutions in preparing the revised Suspicious Activity Report (SAR), effective June 19, 2000 and supercedes guidance previously provided in February 1997. General Guidelines Dates - Whenever dates are requested, they should be entered using the format “mm/dd/yyyy,” where “mm” is the month, “dd” is the day, and “yyyy” is the year. Zero (0) should precede any single digit number. If the month or day is not available or unknown, enter zeros in the space for “mm” and “dd.” For example, 01/00/2000 indicates an unknown day in January 2000. Numbers - Wherever information about monetary amounts is requested, the amounts should be entered using the format “$0,000,000”. (Round to the nearest dollar.) All amounts should be reported in US Dollars (USD). No notation of cents should be made. Item 1 - Corrects Prior Report - If you are correcting a previously filed report, check the box at the top of the report (line 1). Complete the report in its entirety and include the corrected information in the applicable boxes. Then describe the changes that are being made in Part V, (Suspicious Activity Information Explanation/Description), line k. PART I -- REPORTING FINANCIAL INSTITUTION INFORMATION Item 2 - Name of Financial Institution - You should enter the full legal [Trade] name of the financial institution (FI). Item 3 - EIN - Enter the FI’s nine digit Employer Identification Number without any alpha characters or other substitutes. Item 4 - Address of Financial Institution - Enter the street address of the FI shown in Item 2. A Post Office (P.O.) Box number should be used only if there is no street address. Item 5 - Primary Federal Regulator - Box a, b, c, d or e must always be marked to reflect the reporting financial institution’s primary federal regulator. Item 6 - City - Enter the city where the FI is located. Item 7 - State - Use the U.S. Postal Service’s two letter state abbreviation. Item 8 - Zip Code - Enter the zip code that corresponds with the address shown in Items 6 and 7. The first five digits are mandatory beginning from the left. If the last four digits are known, please include. Item 9 - Address of Branch Office(s) where activity occurred - If the location of the suspicious activity is different from that provided in Item 4, enter the street address of the branch or office where the activity occurred. A P.O. Box number may be used only if there is no street address. Otherwise, leave Item 9 blank. If the suspicious activity occurred at more than one branch, check the box indicating multiple branches, and include this information in Part V, Suspicious Activity Information Explanation/Description. Item 10 - City - Enter the city where the branch shown in Item 9 is located. Item 11 - State - Use the U.S. Postal Service’s two letter state abbreviation. Item 12 - Zip Code - Enter the zip code that corresponds with the address shown in Item 9. The first five digits are mandatory beginning from the left. If the last four digits are known, please include. Item 13 - Date Closed - If the FI has closed, enter the date of closure by using the method for entering dates described at the beginning of these Guidelines. [mm/dd/yyyy] Item 14 - Account Number(s) affected - Enter the numbers of any account(s) that were affected by the suspicious activity. If more than four accounts are affected, provide the additional account numbers in Part V. If no account is affected, leave Item 14 blank. For each account listed indicate by checking the appropriate box whether the account is still open or has been closed. PART II -- SUSPECT INFORMATION If no information about the Suspect is available, check the box “Suspect Information Unavailable”. This will alert the law enforcement and regulatory users of the SAR database that this information has not been inadvertently omitted. Items 15, 16 and 17 - Name of Individual or Entity - If the suspicious activity involves an individual, enter his or her last name in Item 15, first name in Item 16 and middle name or initial in Item 17. If there is no middle name or initial, leave Item 17 blank. If an organization is involved in the suspicious activity, enter its name in Item 15 and leave Items 16 and 17 blank. If the FI has knowledge of a separate “doing business as” name, enter the individual or organization’s name in Item 15 followed by the phrase “DBA” and the name of the business. For example, John R. Smith DBA Smith Auto Sales or Johnson Enterprises DBA PJ’s Pizzeria. If additional space is needed to report the DBA, use Items 16 and 17. If more than one Part II is necessary, attach additional copies of page 1 to report the additional suspects. If both formal and alias names are established, enter the full legal name in Items 15, 16 and 17 and the alias name(s) in Part V. 2 Item 18 - Address - Enter the permanent street address to include any apartment or suite numbers of the person identified in Items 15, 16 and 17. A Post Office Box should only be used if there is no street address. If the individual or organization is from a foreign country, enter the foreign country address. Item 19 - SSN, EIN or TIN - If an individual is shown in Items 15-17, enter his or her Social Security Number (SSN) or Taxpayer Identification Number (TIN). If an organization is shown, enter its Employer Identification Number (EIN). Items 20, 21 and 22 - City, State, Zip Code - Enter the city in which the person shown in Items 15, 16 and 17 resides or in which the organization is located. Enter the state or territory in Item 21 and the Zip code in Item 22. The first five digits are mandatory beginning from the left. If the last four digits are known, please include. If the address is from a foreign country, provide the street address, city, province, or state and postal code (if known). Item 23 - Country – Write out the full name of the country (other than U.S.) that corresponds to the information in Items 20, 21 and 22. Item 24 - Telephone Number - Enter the home telephone number, including the area code for the individual entered in Items 15 - 17. Item 25 - Telephone Number - Enter the business telephone number, including area code of the individual or organization entered in Items 15 - 17. Item 26 - Occupation/Type of Business - Fully identify the occupation, profession or business of the person on whose behalf the transaction(s) was conducted. For example, secretary, shoe salesman, carpenter, attorney, housewife, restaurant owner, liquor store clerk, etc. Do not use non-specific terms such as merchant, self-employed, businessman, etc. Item 27 - Date of Birth - If an individual is named in Items 15 - 17, enter his or her date of birth by using the method for entering dates described at the beginning of these Guidelines. [mm/dd/yyyy] Item 28 - Admission/Confession - If the suspect made an admission or confession, check box a. If not, check box b. Item 29 - Forms of Identification for Suspect - Check appropriate box for the form of identification provided by the suspect and use the lines provided to give specific data such as driver’s license or passport number and issuing authority. For box d, “other,” provide a brief explanation in the space provided. If more space is required, enter the information in Part V. Item 30 - Relationship to Financial Institution - Check each box that identifies the suspect relationship with the FI. More than one box may be checked. If the “other” box is checked, 3 provide a brief explanation on the adjacent blank space. If more space is required, enter the information in Part V. Item 31 - Is the relationship an insider relationship? – If the suspect is an insider relationship, check box a., otherwise, check box b. If the relationship is an insider relationship indicate if the suspect is still employed, suspended, terminated or has resigned by checking box c, d, e or f. Item 32 – Date of Suspension, Termination, Resignation - Enter the date the suspect was suspended, terminated or resigned by using the method for entering dates described at the beginning of these Guidelines. [mm/dd/yyyy] PART III -- SUSPICIOUS ACTIVITY INFORMATION Item 33 - Date or date range of suspicious activity - Enter the first known date of suspicious activity and the last date of related suspicious activity. If only one date applies, include this date in the From field using the instructions at the beginning of these Guidelines. If multiple or related activity is conducted by the individual during the reporting period, the FI may report all activity on one SAR. Enter the date of the initial activity in the From field and the last occurrence date in the To field. (The first known date is a mandatory field.) [mm/dd/yyyy] Item 34 - Dollar amount involved - Enter the dollar amount involved in the suspicious activity. If less than a full dollar is involved, round it to the next highest dollar. An aggregated total of all transactions for multiple or related suspicious activities by the same individual or organization within the same reporting period may be shown in this field. The break- out of this total may then be listed in Part V. Item 35 - Summary characterization of suspicious activity - Check all box(es) which identify the suspicious activity. More than one box may be checked. If “other” is checked, enter a brief explanation in the space provided. Do not use this space in lieu of a full description of the activity in Part V, Suspicious Activity Information Explanation/Description. (This is a mandatory field.) Item 36 - Amount of loss prior to recovery - If the Financial Institution has lost funds or assets, enter the dollar value prior to any recovery. Item 37 - Dollar amount of recovery - If funds or assets are recovered by the FI, enter the dollar value of the recovery. Use whole dollars only, rounding up to the next dollar. Item 38 - Has the suspicious activity had a material impact on or otherwise affected the financial soundness of the institution? - Check box a or box b, as appropriate. Item 39 - Has the institution’s bonding company been notified? - Check box a. or b. as appropriate. 4 Items 40, 41, 42, 43, 44 – If the violation requires immediate attention contact appropriate law enforcement agencies. Check appropriate box(es) to indicate which law enforcement agencies have been advised by telephone, written communication or otherwise. List the name of the person(s) contacted, and telephone number(s) in Items 41-44. CONTACT WITH LAW ENFORCEMENT AGENCIES DOES NOT ELIMINATE THE REQUIREMENT TO FILE THE SAR. PART IV – CONTACT FOR ASSISTANCE Items 45, 46, and 47 - Contact Person’s Name - Enter the name of the person who can be contacted for additional information. It would be extremely helpful if the individual identified in this section has specific knowledge of the underlying facts. Item 48 - Title/Occupation - Enter the contact person’s title or occupation. Item 49 - Phone Number - Enter a phone number, including area code, where the contact person can be reached. Item 50 – Date Prepared - Enter the date the SAR was prepared in the format described at the beginning of this Guidance. [mm/dd/yyyy] Item 51 - Agency - If the SAR is not being filed by the financial institution, enter the name of the government agency or organization. PART V -- SUSPICIOUS ACTIVITY INFORMATION EXPLANATION/DESCRIPTION As stated in Part V of the SAR, this section of the report is critical. The care with which it is written may determine whether or not the described conduct and its possible criminal nature are clearly understood. Provide a complete chronological account of what is unusual, irregular or suspicious about the transaction. The narrative should include the material indicated in Part V but you should also include any other information that you believe is necessary to better enable investigators to understand the transaction you are reporting. If necessary, continue the narrative on a copy of this page of the SAR. Remember that any supporting documentation such as spreadsheets, photocopies of canceled checks or other documents, surveillance photos, etc., must be retained at the financial institution. Indicate in Part V what documentation is being retained. 5