CTR vs SAR: the two mandatory AML filings
| Filing | Trigger | Threshold | Form / Authority |
|---|---|---|---|
| Currency Transaction Report (CTR) | Single-day cash transaction (deposit OR withdrawal OR exchange) | Over $10,000 in a single business day, per customer -- no judgment call required | FinCEN Form 112, filed within 15 days |
| Suspicious Activity Report (SAR) | Pattern that appears to evade reporting OR has no apparent legitimate purpose OR involves funds from suspected illegal activity | No dollar minimum -- judgment-based; broker-dealers required to file when transactions aggregate $5,000+ AND have a known or suspected violation; banks $5,000+ for insider abuse or BSA violations | FinCEN Form 111 / SAR-SF, filed within 30 days of detection |
| OFAC sanctions block | Customer or transaction matches Specially Designated Nationals (SDN) list or sanctioned-country list | Any match -- not a filing, a blocking action; report blocked transactions to OFAC within 10 days | OFAC, US Treasury |
| Customer Identification Program (CIP) | Every new account | All customers, no threshold | USA PATRIOT Act Section 326, implemented by your firm's CIP |
The AML red flags the system watches for
The top AML red flags the system watches for -- and why a firm may ask you about them. (1) Structuring -- multiple cash deposits just under $10K, especially across consecutive days or branches. (2) Unexplained source of funds -- money wired in without any explanation of where it came from (this is why a firm asks; answering plainly is the fast path through). (3) Third-party transfers -- money arriving from or departing to accounts in names different from the account holder, with no documented reason. (4) High-risk geographies -- funds routed through jurisdictions on the FATF grey list, or to/from sanctioned countries. (5) PEPs (Politically Exposed Persons) -- foreign government officials, their immediate families, and close associates; not illegal but require enhanced due diligence. (6) Inconsistency between the KYC profile and activity -- a retiree with stated low income suddenly trading $100K daily. (7) Reluctance to provide documentation -- balking at routine account-opening paperwork or refusing to explain a transaction. None of these alone is proof of a crime; each is a flag that triggers a closer look. Knowing the list explains why providing clean documentation up front makes your own onboarding faster, and why a firm that waves these checks through casually is one to be wary of.
The 'no tipping off' rule explained
The 'no tipping off' rule explains a frustrating experience you may one day have. Once a firm decides a SAR is being filed, it is legally barred from telling the customer -- no hint, no signal, no change in the normal pattern of communication that could read as a tell. Tipping off is itself a federal crime under 31 U.S.C. 5318(g) and exposes the firm and its staff to criminal liability. So if you ever ask why a transaction is delayed and get the bland answer 'our compliance team is reviewing this as part of standard procedures,' that may be the truth-without-the-tell the rule requires -- it is not necessarily evasiveness or incompetence. Knowing the rule exists keeps you from over-reading a vague compliance answer as a sign something is wrong with the firm; the opacity is sometimes the law working exactly as designed.
Read a FINRA AML enforcement action
Which filings a large cash deposit triggers
Why a CTR is mechanical and a SAR judgment
The CTR is mechanical -- it triggers on the $10K threshold and is filed regardless of how legitimate the cash is. Good documentation does NOT exempt the filing; it just means the CTR is uneventful. A SAR, by contrast, is judgment-based -- a pattern that appears suspicious. A well-documented vehicle sale matching a known small-business cash-flow profile is the OPPOSITE of suspicious; it is the kind of transaction the AML system is calibrated to wave through. Filing a SAR here would be a false positive that wastes investigator resources and signals to regulators that the firm cannot distinguish legitimate from suspicious activity. The 'both' answer treats every CTR as a SAR trigger, which would drown the system. The 'neither' answer skips the mechanical CTR, which is the easier compliance failure to catch in an audit and is the most common cause of small AML fines. The 'SAR only' answer over-weights the cash-intensive-business red flag in a context where the KYC already explained it.
The two defenses behind AML: mechanical and judgment
Opening an account for a politically exposed person
The AML failures that get firms fined
Going deeper (optional). Up next: the AML failure modes that get firms fined, and why they matter to you as a customer of a firm — an advanced aside you can skip on first pass and come back to anytime. Continue when you're curious.
Going Deeper -- the AML failure modes that get firms fined, and why they matter to you as a customer of a firm. (1) The escalation gap: front-line staff saw the red flag, raised it informally, and the AML officer never got the formal report -- a sign of a firm whose internal controls do not actually connect. (2) The stale-training problem: AML training is annual, but the typology of laundering evolves faster (crypto on-ramps, NFT wash trading, third-party processors), so programs that do not refresh fall behind. (3) The volume problem: large firms generate so many alerts that the queue becomes the bottleneck and legitimate SARs sit unfiled past the 30-day deadline. (4) The relationship-protection instinct: a long-tenured adviser reluctant to flag a client they have known for 15 years -- which is exactly why good-faith filings are statutorily protected. The pattern across all four is that a firm's AML hygiene is a proxy for its overall operational discipline -- worth checking via FINRA enforcement history before you choose where to custody your assets. An AI prompt to understand any transaction the system might flag: 'For this transaction, name three plausible legitimate explanations and three plausible suspicious explanations. Which set is better supported by the documentation, and what additional documentation would change the assessment?' The next module turns from the regulatory backdrop to the document that turns a profile into a real portfolio plan -- the Investment Policy Statement.
Sit with the ideas.
A customer deposits cash into a brokerage account on three consecutive business days: $9,500, $9,200, and $9,800. The total is $28,500 -- above the $10,000 single-day threshold for a Currency Transaction Report (CTR), but each individual deposit is below it. The customer mentions casually that they 'split it up to avoid the paperwork.' Understanding the Bank Secrecy Act and FINRA Rule 3310, what is the firm required to do?