Suspicious Activity Reports (SARs): A Guide for Banking and AML Compliance

A Suspicious Activity Report (SAR) is an integral part of any compliance procedure, yet the submission process can puzzle businesses at first due to differences across the world. Still, companies need to make their best efforts to send these reports in a timely manner. Otherwise, regulators can impose penalties and fines. For example, in January 2025, de Volksbank was fined €2.5 million and, separately, €20 million (Dutch Central Bank) for failing to submit timely SAR filings and for inadequate AML risk assessments.

What is a Suspicious Activity Report (SAR)?

A Suspicious Activity Report (SAR) is a formal document that financial institutions must file to report potentially suspicious transactions to authorities. These reports are a core part of AML compliance and are used by law enforcement to detect and investigate financial crimes, including money laundering and/or terrorism financing (ML/TF).

SARs don’t necessarily prove wrongdoing—but they flag unusual behavior that may indicate illicit activity.

SARs (and related reports) are submitted to a country’s Financial Intelligence Unit (FIU), a national agency responsible for collecting and analyzing financial data related to suspicious activity.

While SARs are the most commonly known type of FIU report, they are part of a broader ecosystem of reports that financial institutions may be required to submit, depending on the type and nature of a transaction. Here’s a breakdown of the other types of reports:

• Suspicious Transaction Report (STR). Similar to SARs, STRs focus specifically on suspicious transactions, and they are often used as the international term outside the US.
• Cash Transaction Report (CTR). Required when cash transactions exceed a set threshold, even if there’s no suspicion of wrongdoing.
• Threshold Transaction Report (TTR). A regulatory report filed for transactions that exceed a specific monetary threshold, which can vary by jurisdiction.
• Unusual Transaction Report (UTR). Used when a transaction doesn’t fit an expected customer behavior or business pattern. It may later be escalated into an STR.
• International Funds Transfer Report (IFT). Filed when funds are moved between countries, assisting in monitoring cross-border financial activity.
• Cross-Border Report. Documents any transaction moving money into or out of a country, often overlapping with IFTs depending on local law.
• Terrorism Financing Report (TFR). Filed when a transaction is suspected to be linked to terrorist organizations or activities.
• Additional Information File (AIF). Supplementary documentation submitted to an FIU when additional context or detail is requested by authorities.

Who must file Suspicious Activity Reports?

The obligation to file SARs extends to a wide range of businesses that deal with financial transactions. These include:

• Banks and credit unions
• Fintech companies offering payments, lending, or wallets
• Money services businesses, such as remittance and currency exchange services
• Cryptocurrency platforms, including exchanges, custodians, and DeFi services (where applicable)
• Casinos and gambling operators

These entities are subject to regulations like the BSA in the US, which requires the filing of SARs when specific thresholds or red flags are met. Globally, FATF guidelines encourage member countries to make SAR filing in their local AML frameworks obligatory.

While only regulated entities subject to AML obligations are legally required to file Suspicious Activity Reports (SARs), unregulated or non-AML-obligated entities may still choose to report suspicious behavior voluntarily.

For instance, in Germany and Italy, cases of money laundering through fake car rental schemes were uncovered thanks to voluntary SARs. In these cases, criminals posed as rental services to move illicit funds under the radar. Although the mobility industry is typically not AML-obligated, the SARs submitted played a key role in triggering investigations and preventing further criminal activity.

What triggers a Suspicious Activity Report?

SARs must be filed when a transaction—or attempted transaction—raises red flags that could indicate criminal activity. Triggers include:

• Unusual or unexplained large transfers, especially across borders
• Structuring (as well as “smurfing”, which is a similar activity)—breaking large transactions into smaller ones to avoid detection
• Rapid movement of funds between unrelated accounts
• Large cash deposits or withdrawals inconsistent with the customer’s profile
• Mismatches between a customer’s identity and their transaction patterns
• Transactions involving high-risk jurisdictions or sanctioned entities

While some triggers are based on objective thresholds (such as $5,000 in suspected criminal activity in the US), many rely on subjective judgment, which means that strong internal controls and staff training are crucial.

Suggested read: The Three Stages of Money Laundering and How Money Laundering Impacts Business

What is an example of a suspicious transaction?

Here are a few realistic examples of what might prompt a SAR:

Structuring deposits

A customer makes multiple cash deposits of $9,900 over several days, just under the $10,000 reporting threshold. This can indicate an attempt to avoid mandatory reporting, a red flag for potential money laundering.

Crypto-to-cash loop

Someone transfers large amounts of cryptocurrency to an exchange, immediately converts it to fiat, and withdraws it, repeating the pattern with different accounts. This could mean this person is layering the money in a money-laundering scheme.

Identity red flags

A new account is opened using documents that appear legit, but transactions begin flowing to high-risk jurisdictions inconsistent with the customer’s stated business purpose. SAR can also be triggered if the identity documents seem fraudulent.

Suggested read: The 10 Most Common AML Red Flags to Watch Out for in 2025

What is SAR filing and how does it work?

Filing a SAR involves a structured process that must be followed carefully to ensure compliance. Otherwise, you’re risking hefty fines. In November 2024, the SEC fined certain broker‑dealers for filing deficient SARs that lacked required narrative detail. Here’s a simplified overview:

1. Detection

A potentially suspicious transaction is flagged, either by automated transaction monitoring systems or by compliance staff.

2. Investigation

The case is reviewed internally, with analysts gathering additional data, contextual information, and transaction history.

3. Decision

The compliance team determines whether the activity meets the SAR filing criteria based on regulatory thresholds and internal risk rules.

4. Filing

If required, a SAR is filed electronically via FinCEN’s BSA E-Filing System (or the relevant local authority). It must include specific details: parties involved, nature of the activity, amounts, dates, and justification.

5. Recordkeeping

Institutions must retain a copy of the SAR and any supporting documentation for a minimum period (typically five years).

6. Confidentiality

SARs are strictly confidential. Disclosing to the subject that a SAR has been filed (“tipping off”) is prohibited and can result in penalties.

What is the SAR filing threshold?

In the US, a SAR must be filed for the following cases:

• Cash transactions exceeding $10,000 (daily aggregate amount), and
• Suspicious activity that might signal criminal activity (e.g., money laundering, tax evasion)

FATF Recommendation 20 requires financial institutions to report suspicious transactions if they suspect —or have reasonable grounds to suspect—that the funds are the proceeds of criminal activity or related to terrorist financing.

There are also national AML laws, which provide reporting obligations for AML obliged entities. What exactly constitutes “suspicious” activity or transactions in a given jurisdiction is largely open-ended, and exact thresholds can vary country by country.

You can find the thresholds, triggers, and filing conditions of different countries in our downloadable infographic:

Download the SAR filing infographic here

In each jurisdiction, institutions are required to submit SARs (or equivalent STR filings) once there are reasonable grounds for suspicion, regardless of transaction size.

Many filing systems use electronic platforms, such as goAML (Cyprus), BSA E-Filing (US), AUSTRAC online (Australia), STRO (Singapore), JFIU portal (Hong Kong), and others. Consequences for non‑compliance range from fines (like CHF, €, S$, AUD penalty units) to imprisonment in some cases.

What happens after a SAR is filed?

Once a SAR is filed, it is submitted to the appropriate Financial Intelligence Unit, like FinCEN or MROS. These agencies analyze the report along with others to spot patterns, investigate potential criminal activity, or build larger cases against individuals or organizations.

It’s important to note that institutions usually don’t get any feedback once they file a SAR. The report goes into a secure database and might trigger a law enforcement action, but the original filer doesn’t find out what happens next. Additionally, all SARs must remain strictly confidential—disclosing the existence of a SAR to the person involved, known as ‘tipping off,’ is illegal and can lead to serious legal consequences.

What’s the difference between a SAR and STR?

While both SAR and STR refer to reports of suspected financial crime, they differ slightly in usage depending on the region:

Feature	SAR	STR
Used in	United States	International (UK, EU, Asia, etc.)
Focus	Broader and may include attempted or planned transactions	Typically refers to actual transactions
Legal basis	For example, the Bank Secrecy Act (BSA) in the US	Varies by jurisdiction; FATF-aligned laws
Common term in	US compliance regulations	Global AML standards

How to improve Suspicious Activity Report (SAR) compliance and detection in AML programs

Improving SAR processes is crucial for quicker detection of suspicious activities and for creating more accurate and defensible reports. Here are three proven strategies to achieve that:

1. Use AI for transaction monitoring  

Modern AML tools that incorporate AI and machine learning can help identify unusual patterns, such as structuring or layering, and adapt to new fraud tactics. This approach is far more effective than relying solely on manual rules. Solutions with AI-powered transaction monitoring can help minimize risks and meet compliance regulations.

2. Adopt AI-assisted investigation tools  

AI can make the investigation process significantly more efficient. These tools can automatically gather relevant transaction histories, identify connections between entities, and even draft narratives for SARs. This not only saves time but also improves the consistency of reports.

3. Integrate regulatory reporting  

Having compliance systems that directly connect to local FIU reporting portals, like FinCEN or goAML, can minimize the risk of missing deadlines or making formatting errors. Additionally, integrating with case management systems helps maintain a complete audit trail of activities.

By implementing these strategies, organizations can lessen their operational burdens, spot suspicious activity more effectively and, as a result, avoid regulatory penalties and reputation risks.

FAQ

• What is a SAR in banking?

  A Suspicious Activity Report (SAR) is a document that banks must file to report potentially suspicious financial transactions to authorities.

• What are examples of suspicious activity in money laundering?

  Examples of suspicious activity in ML include structuring cash deposits to avoid thresholds, rapid movement of funds between accounts, frequent transactions to high-risk jurisdictions, and using third parties to obscure ownership or source of funds.

• Who do you report suspicious financial activity to?

  Suspicious activity is reported to national Financial Intelligence Units, depending on the jurisdiction (such as FinCEN in the US, NCA in the UK, AUSTRAC in Australia, and so on).

• What is the SAR threshold for reporting?

  There is no minimum dollar threshold when an employee suspects that a transaction involves ML signs; however, some countries require filing transactions above a certain threshold (usually $10k$) even if there are no direct ML signs. In the US, for example, the threshold is $10,000. Other countries may not have a fixed amount but require reporting based solely on suspicion, regardless of the amount.

• Can a customer find out if a SAR was filed?

  No—SARs are strictly confidential, and disclosing their existence to the subject (or ‘tipping off’) is illegal.