Following the Money: How US Investigators Get Bank Records, SARs and FinCEN Data
Financial records win fraud cases. A guide for US investigators on the tools that move money evidence: grand jury subpoenas and the RFPA, Suspicious Activity Reports and the no-tipping-off rule, FinCEN's 314(a) and 314(b) programs, the Financial Fraud Kill Chain, and FinCEN's Rapid Response Program for funds wired abroad.
In financial-crime work, the records are the case. Knowing which instrument compels which record, and which channel freezes money before it vanishes, is the difference between a recovery and a write-off. Here are the core US tools for getting financial evidence and stopping the funds.
- Bank records: the grand jury subpoena is the workhorse, and it is exempt from the Right to Financial Privacy Act's notice requirements.
- SARs: Suspicious Activity Reports go to FinCEN, are confidential, and it is illegal for an institution to tip off the subject.
- FinCEN 314(a) lets law enforcement query banks nationwide for a named subject; 314(b) lets banks share with each other.
- Move fast on wires: the FBI's Recovery Asset Team and FinCEN's Rapid Response Program can freeze fraudulent transfers, best within 72 hours.
Getting bank records
The primary federal tool is the grand jury subpoena. The Right to Financial Privacy Act (RFPA), 12 U.S.C. 3401 and following, governs federal access to a customer's financial records and normally requires customer notice or a delayed-notice order. The key point for investigators: grand jury subpoenas are exempt from RFPA's procedural requirements. That exemption is exactly why the grand jury subpoena is the standard route for bank records. RFPA's notice rules bite on administrative and non-grand-jury requests, not on the grand jury.
Suspicious Activity Reports and the no-tipping rule
Banks file Suspicious Activity Reports (SARs) with FinCEN under the Bank Secrecy Act, 31 U.S.C. 5318(g). SARs are a rich intelligence source, available to law enforcement, but they come with a hard rule: it is illegal to disclose that a SAR exists. A financial institution may not tell the subject, and an investigator must protect SAR confidentiality. Unauthorised disclosure carries civil and criminal penalties. Use SAR information to direct your investigation, but obtain the underlying records through your own legal process so the case does not rest on disclosing the SAR.
FinCEN 314(a) and 314(b)
| Program | What it does |
|---|---|
| 314(a) (law enforcement) | On certification that a subject is reasonably suspected of money laundering or terrorism, FinCEN pushes the name to financial institutions nationwide, which search their records and report matches, typically within 14 days. A fast way to find where a subject banks. |
| 314(b) (institution sharing) | A voluntary safe harbour that lets registered financial institutions share information with each other about suspected money laundering or terrorism, helping piece together a network. |
Freezing fraudulent wires fast
When money has just moved, speed is everything. Two channels matter:
- FBI IC3 Recovery Asset Team (domestic). For fraudulent wires to US accounts, the RAT contacts the receiving institution to freeze funds. File at ic3.gov immediately; the team works the domestic side of the Financial Fraud Kill Chain.
- International Financial Fraud Kill Chain. For wires abroad, the international process has firm criteria: the transfer is $50,000 or more, it is international, a SWIFT recall has been initiated, and it occurred within the last 72 hours. Those thresholds apply to the international track, not the domestic freeze.
FinCEN's Rapid Response Program
For funds wired overseas, FinCEN's Rapid Response Program (RRP) partners with the FBI, Secret Service, and foreign financial intelligence units through the Egmont Group to interdict and repatriate transfers. It has helped interdict close to $2 billion in cyber-enabled fraud proceeds. FinCEN advises that reporting international wire fraud within 72 hours gives the best chance of recovery. Recovery is never guaranteed, which is why fast reporting matters so much.
When the money is crypto
If funds moved into cryptocurrency, the financial trail continues on-chain. See our guides on tracing a cryptocurrency transaction and freezing and seizing crypto, and use the right cross-border channel when an exchange sits abroad.
Frequently asked questions
Does the RFPA stop me getting bank records by grand jury subpoena? No. Grand jury subpoenas are exempt from the RFPA's notice requirements. RFPA applies to administrative and non-grand-jury requests.
Can I tell a bank to confirm a SAR was filed? No. It is illegal for an institution to disclose a SAR's existence. Protect SAR confidentiality and build the case on independently obtained records.
What are the thresholds for the international kill chain? $50,000 or more, international, a SWIFT recall initiated, and within the last 72 hours. The domestic RAT freeze has no published dollar threshold.
How fast must a victim report a wire abroad? As fast as possible. FinCEN advises within 72 hours for the best chance of interdiction.