dilisense

What is a Suspicious Activity Report (SAR)

Understand the essential requirements, processes, and best practices for submitting effective Suspicious Activity Reports.

Published February 7, 2025


TL;DR

Suspicious Activity Reports (SARs) are essential tools for detecting financial crime, helping authorities track suspicious transactions and strengthen risk assessments. The volume of SARs is increasing, but a shift towards quality over quantity is needed to enhance their effectiveness.

Defensive SAR filings remain a challenge, often overwhelming regulators with low-value reports instead of actionable intelligence.

Innovations such as AI-driven monitoring, behavioral analytics, and improved data-sharing frameworks are shaping the future of SAR reporting, ensuring that reports provide real investigative value.

As global AML regulations evolve, the focus will be on intelligence-led SARs, cross-border collaboration, and better regulatory alignment to combat financial crime more efficiently.

Introduction

Suspicious Activity Reports (SARs) are vital in crime detection, helping locate offenders, trace suspects, and track human trafficking activities. Some lead to immediate arrests, while others support long-term investigations and strengthen the strategic threat assessment. Information from SARs, including contact details, aliases, and financial transactions, can initiate new cases or enhance ongoing operations. Multiple SARs on the same entity help identify threats, leading to law enforcement actions like asset seizures and restraining orders. SARs also detect shifts in organised crime, enabling authorities to warn businesses and refine crime prevention strategies. They provide insight into criminal tactics, help map sector vulnerabilities, and assist in analyzing suspicious activity linked to major incidents according to the National Crime Agency1.

Over recent years, the number of filed SARs is constantly increasing. FinCEN recorded for 2022, that financial institutions submitted approximately 3.6 million SAR forms, amounting to nearly 10,0002 reports per day to combat financial crime.

This article explores what SARs are, why they are important, and how they contribute to the integrity of the financial system.

What is a SAR?

A Suspicious Activity Report (SAR) is a formal document used by banks and other financial institutions to report activities that deviate from normal transactional patterns. In general a SAR should contain the following information3.

  • Detailed narrative4: The heart of a SAR is the narrative section, where the institution provides a comprehensive account of the suspicious behavior. This narrative explains the context and circumstances that led to the suspicion. It may detail factors such as irregular transaction volumes, patterns that are inconsistent with the customer's usual behavior, or complex transactions that appear structured to avoid detection.
  • Identification details: A SAR also includes precise information about the parties involved. This can consist of names, addresses, account numbers, and other identifying data. Accurate identification is vital for law enforcement agencies to quickly pinpoint and verify the individuals or entities under scrutiny.
  • Transaction specifics: Another key element is the detailed description of the transactions in question. This includes dates, amounts, types of accounts, and descriptions of the financial instruments involved. By documenting these specifics, the SAR provides a clear and factual basis for the suspicion, enabling authorities to track the flow of funds and identify any patterns that might indicate money laundering, fraud, or other illicit activities.
  • Confidentiality and timeliness: It is important to note that SARs are subject to strict confidentiality rules. Financial institutions are prohibited from disclosing the fact that a SAR has been filed, which helps prevent tipping off potential criminals. Additionally, timely filing of SARs is critical, as delays can hamper investigations and allow illegal activities to continue undetected.
  • Regulatory and legal context: SARs are mandated by various financial regulations, such as the Bank Secrecy Act (BSA) in the United States. These regulations require institutions to monitor, detect, and report activities that do not have a clear or legitimate business purpose. The legal framework ensures that SARs are not just routine paperwork but are an essential part of a broader strategy to combat financial crime.

Neglecting the obligation to file a SAR may lead to criminal prosecution for both the employee and employer, as well as potential regulatory action. Failure to disclose offences are covered under sections 330-331 of POCA and sections 19 and 21A of TACT, carrying penalties of up to five years’ imprisonment, a fine, or both upon conviction on indictment5.

Why are SARs filed?

SARs are primarily filed to ensure that any unusual or potentially suspicious financial behavior is flagged for further investigation. When banks or other financial institutions notice transactions that deviate from normal patterns, they file a SAR to alert regulators and law enforcement. This not only helps to uncover potential money laundering, fraud, or terrorist financing but also keeps the financial system secure by preventing it from being used for illicit purposes. Essentially, SARs are a critical tool for both compliance with legal requirements and for the broader effort to protect the integrity of financial networks.

For example, FinCEN6 report that a bank filed a Suspicious Activity Report (SAR) on an elected official who structured transactions worth hundreds of thousands of dollars, triggering an investigation that uncovered bankruptcy fraud and illegal cash structuring. Prosecutors found that the official concealed assets, private business accounts, and significant cash deposits while falsely claiming bankruptcy. Over 18 months, he deposited more than $500,000 across multiple locations, often in amounts under $10,000 to evade detection. Additional SARs from a money services business and further banking reports highlighted frequent suspicious transactions, leading to a federal indictment with 32 charges. Ultimately, a jury convicted the official, forcing his resignation and exposing an extensive check-kiting scheme that incurred over $90,000 in fees.

What is defensive SAR filing?

Financial institutions file defensive SARs7 to mitigate regulatory risk rather than report genuine suspicion, leading to inefficiencies in law enforcement investigations. Regulators, such as FinCEN and the FCA, aim to reduce their volume since excessive defensive filings create unnecessary workloads, distort risk assessments, and misallocate compliance resources. However, institutions often resort to defensive filings due to uncertainty about evolving financial crime typologies, fear of regulatory penalties, and inconsistent AML standards across jurisdictions.

Balancing regulatory expectations and compliance obligations requires improving AML frameworks, increasing feedback loops between regulators and financial institutions, and fostering better internal communication. Strategies such as risk-based transaction monitoring, enhanced SAR quality assessments, and reducing deadline pressures for analysts can help financial institutions file more effective and meaningful SARs. By promoting transparency and collaboration, both regulators and institutions can work toward a more efficient and intelligence-driven AML reporting system.

How to file a SAR?

In recent years governments invested into the digitization of AML processes, for example with the Criminal Finances Bill8 in the UK.

The major tool for filing SARs is goAML9, an anti-money laundering software developed by the United Nations Office on Drugs and Crime (UNODC) to assist Financial Intelligence Units (FIUs) in collecting, analyzing, and sharing financial crime data. Launched in 2006, it helps banks, fintechs, virtual asset service providers (VASPs), and other regulated entities submit mandatory reports in compliance with AML/CFT laws.

The system offers three core functionalities:

  • Collection: Standardizes and automates the submission of Suspicious Activity Reports (SARs), Cash Transaction Reports (CTRs), and Electronic Funds Transfers (EFTs).
  • Analysis: Helps FIUs detect money laundering patterns through rule-based analysis, risk scoring, and profiling.
  • Data Exchange: Facilitates secure information sharing between FIUs, law enforcement, and international agencies.

Currently, over 60 countries across Europe, Africa, Asia, and the Americas use goAML, making it a key tool in the global fight against financial crime.

Legal and regulatory framework

In the United States, SARs are mandated by the Bank Secrecy Act (BSA). Financial institutions must file SARs when they detect transactions that lack a clear, legitimate purpose. Confidentiality is paramount; institutions must not notify customers about a SAR filing to ensure that potential criminals are not tipped off and that ongoing investigations remain uncompromised. These reports are submitted to the Financial Crimes Enforcement Network (FinCEN), which plays a crucial role in coordinating the nation's efforts to detect and prevent financial crimes.

In the United Kingdom, the framework is governed by regulations such as the Proceeds of Crime Act (POCA) and the Money Laundering Regulations. Financial institutions are required to report any suspicious activities to the National Crime Agency (NCA) and sometimes to the Financial Conduct Authority (FCA) as part of their oversight functions. Just like in the US, strict confidentiality rules apply to prevent any disclosure that might alert those involved in illicit activities.

Germany takes a similar approach under its Money Laundering Act (Geldwäschegesetz). Financial institutions are obligated to file reports when they encounter transactions or behaviors that seem unusual or lack a legitimate explanation. These reports are directed to the Financial Intelligence Unit (FIU) in Germany, which operates under the auspices of the Federal Criminal Police Office (Bundeskriminalamt or BKA). The emphasis on confidentiality in Germany is equally stringent, ensuring that the integrity of investigations is maintained without tipping off potential wrongdoers.

Future trends in SAR reporting

The Institute of International Finance (IIF) and Deloitte10 emphasize the need to shift SAR reporting from compliance-driven filings to intelligence-based, technology-enabled solutions.

1. The Role of technology in SARs
Regulators are pushing for AI-driven monitoring and behavioral analytics to reduce false positives and improve investigative value. Initiatives include:

  • The US AML Act (AMLA) prioritizing AI for financial crime detection.
  • Regulatory sandboxes, such as the FCA's Tech Sprints, testing AML innovations.
  • European information-sharing consortiums like TMNL and Nordic KYC utilities to enhance risk detection.

2. Moving from quantity to quality
Filing fewer, more meaningful SARs is now a key priority. SAR effectiveness should be measured by:

  • Usefulness to law enforcement, not volume.
  • Alignment with national AML priorities and crime detection success.

3. Balancing data sharing with privacy

  • Privacy-enhancing technologies (PETs) allow institutions to share intelligence while complying with GDPR and global privacy laws.
  • Cross-border collaboration frameworks are needed to enhance SAR impact without regulatory fragmentation.

4. Regulator-industry cooperation

  • Clear guidelines on AI-driven SARs must be established.
  • Real-time intelligence-sharing frameworks will improve law enforcement effectiveness.

Conclusion

Suspicious Activity Reports are a cornerstone of modern financial regulation. They provide a structured method for reporting unusual activities and play a key role in safeguarding our financial systems against criminal exploitation. As technology evolves, the effectiveness of SARs in combating financial crime is set to increase, ensuring a safer financial landscape for everyone.


Financial Crime Prevention

Learn more about Adverse Media in SARs

Adverse media data enhances SAR reporting by providing crucial context to suspicious activities, helping financial institutions identify high-risk individuals and entities before transactions raise red flags. Instead of relying solely on transactional anomalies, SARs enriched with adverse media insights offer stronger evidence, linking subjects to financial crimes such as fraud, corruption, or sanctions violations. This reduces defensive SAR filings, improves risk-based decision-making, and ensures that reports provide meaningful intelligence for law enforcement, ultimately making financial crime investigations more effective.
Learn more

References

1  Crime Threats: Money Laundering and Illicit Finance, 2023. National Crime Agency (NCA). https://www.nationalcrimeagency.gov.uk/what-we-do/crime-threats/money-laundering-and-illicit-finance/suspicious-activity-reports. Accessed February 6, 2025.

2  Suspicious Activity Reports 2023, 2023. Thomson Reuters. https://www.thomsonreuters.com/en-us/posts/wp-content/uploads/sites/20/2023/06/Suspicious-Activity-Reports-2023.pdf. Accessed February 4, 2025.

3  Guidance on Submitting Better Quality Suspicious Activity Reports (SARs), 2023. National Crime Agency (NCA). https://www.nationalcrimeagency.gov.uk/who-we-are/publications/650-guidance-on-submitting-better-quality-suspicious-activity-reports-sars-v9-0/file. Accessed February 6, 2025.

4  SAR Narrative Guidance, 2003. Financial Crimes Enforcement Network (FinCEN). https://www.fincen.gov/sites/default/files/shared/sarnarrcompletguidfinal_112003.pdf. Accessed February 6, 2025.

5  Frequently Asked Questions About SARs, 2020. National Crime Agency (NCA). https://www.nationalcrimeagency.gov.uk/who-we-are/publications/462-sars-faq-july-2020/file. Accessed February 6, 2025.

6  Suspicious Activity Report Leads to the Investigation and Conviction of Elected Official. Financial Crimes Enforcement Network. https://www.fincen.gov/resources/law-enforcement/case-examples/suspicious-activity-report-leads-investigation-and. Accessed February 6, 2025.

7  Defensive SAR Filing: An Unnecessary Burden, 2020. ACAMS. https://www.acams.org/sites/default/files/2020-08/Defensive%20SAR%20Filing-%20An%20Unnecessarily%20Heavy%20Burden%20on%20the%20AML%20Field.pdf. Accessed February 6, 2025.

8  Criminal Finances Bill, 2016. Home Office. https://www.gov.uk/government/collections/criminal-finances-bill. Accessed February 4, 2025.

9  Global Adoption of goAML, 2023. AMLyze. https://amlyze.com/goaml. Accessed February 6, 2025.

10  The Effectiveness of Financial Crime Reporting, 2023. Deloitte. https://www2.deloitte.com/content/dam/Deloitte/global/Documents/Financial-Services/gx-iif-the-effectiveness-of-financial-crime.pdf. Accessed February 6, 2025.

Reading time

8 minutes left