Regulatory compliance
May 15, 2023
3 min read

Complete Guide to Suspicious Activity Reports

Learn about the information required for Suspicious Activity Reports and different regulators across the world.

Oraz Kereibayev

Oraz Kereibayev

Content manager

A Suspicious Activity Report (SAR) is an integral part of any compliance procedure, yet the submission process can puzzle businesses at first due to differences across the world. Still, companies need to make their best efforts to send these reports in a timely manner. Otherwise, regulators can impose penalties and fines. For example, in 2022, the US Securities and Exchange Commission issued a fine of seven million dollars to Wells Fargo Advisors for failing to submit SARs between 2017 and 2021.

We at Sumsub have prepared a guide explaining how to submit SARs.

What is a Suspicious Activity Report (SAR)?

A SAR has to be submitted when a business suspects money laundering activities. As a rule, a SAR is never requested by a regulator—rather, the company itself is obliged to report suspicious behavior as soon as it gets noticed.

Suspicious Activity Reporting requirements

FATF Recommendation 20 requires financial institutions to report suspicious transactions if they suspect —or have reasonable grounds to suspect—that the funds are the proceeds of a criminal activity or related to terrorist financing.

There are also national AML laws, which provide reporting obligations for AML obliged entities. What exactly constitutes “suspicious” activity or transactions in a given jurisdiction is largely open-ended, and exact thresholds can vary country by country.

  • Reporting in the UK

    In the UK, the National Crime Agency (NCA) supervises the submission of SARs, which should be submitted as soon as a company has reasonable grounds for suspicion of money laundering activities. The NCA accepts reports in a physical format or through the SAR online system filed by an assigned officer.

  • Reporting in the USA

    Financial Crimes Enforcement Network (FinCEN) ensures that financial institutions raise awareness about suspected violations of AML regulations in accordance with the Bank Secrecy Act (BSA) In the US, SARs must be filled if a suspicious transaction involves over $5,000. A SAR must be filed within 30 days after initial detection of facts that may constitute a basis for filing a report. The BSA encourages nominated officers to submit reports online. The US also requires SARs to be kept for five years.

  • Reporting in Switzerland

    In Switzerland, financial institutions submit SARs to the Swiss Financial Intelligence Unit, otherwise known as the Money Laundering Reporting Office of Switzerland (MROS). Failure to comply results in severe monetary penalties of up to CHF 500,000 (approximately $552,000) or CHF 150,000 (approximately $166,00) in case of negligence.

  • Reporting in Germany

    In Germany, Suspicious Transaction Reports (STRs) are regulated under an AML act called the GwG. The Federal Financial Supervisory Authority (BaFin) sets the reporting rules, saying that there must be sufficient, clear indications for an SAR to be submitted. SARs should be sent to the Federal Criminal Police Office, the BKA, and kept for five years.

  • Reporting in the Czech Republic

    In the Czech Republic, obliged entities are required to report suspicious transactions to the Financial Analytical Unit (FAU).

  • Reporting in Latvia

    Latvian regulations require filing an Unusual or Suspicious Transaction Report (UTR or STR). The reports must be submitted to the Financial Intelligence Service .

  • Reporting in Cyprus

    In Cyprus, suspicious activity and suspicious transactions are reported to the Unit for Combating Money Laundering (MOKAS). Failing to meet this legal obligation is punishable by imprisonment for up to 2 years and/or a financial penalty of up to €5,000. The report can be filed through the goAML system.

  • Reporting in Singapore

    In Singapore, businesses report to the Suspicious Transaction Reporting Office (STRO). You can file a Cash Transaction Report (“CTR”) (Form NP 784) electronically or on paper. The maximum penalty for individuals is a fine of up to S$500,000 (approximately $375,000). For r companies, the maximum penalty is a fine of up to S$1,000,000 (approximately $750,000) or double the amount of goods acquired through illegal activity, whichever is higher.

  • Reporting in Hong Kong

    In Hong Kong, businesses must submit SARs to the Joint Financial Intelligence Unit (JFIU) of the Hong Kong Police. Failure to report suspicious transactions—where the company has requisite knowledge or suspicion of illegal activity—results in a criminal offense with a maximum penalty of three months imprisonment and a $50,000 fine.

  • Reporting in Australia

    Australian Suspicious Matter Reports (SMRs) are submitted to AUSTRAC online. Failing to submit an SMR on time can lead to 20,000 penalty units in the Federal Court of Australia or 100,000 penalty units for body corporations.

Examples of Suspicious Activity Reports

Usually, an SAR incorporates detailed information about the company or individual involved in the suspicious incident:

  • Full legal name, registered number, registered address, designation, trading name, tax number
  • Beneficial ownership information 
  • Company activity type
  • Compliance Officer contacts
  • Type of suspicious transaction (currency exchange, cash conversion, remittance, use of foreign bank accounts, purchase of goods, gaming activities, use of shell companies, and so on)
  • The volume and currency of the transaction
  • The alleged jurisdiction where the money came from
  • The suspected origin of the money (money laundering, terrorist financing, drug trafficking, fraud)
  • the security measures taken
  • An explanation of the grounds for suspicion 
  • Financial details of the suspected client (such as account numbers) 
  • Details of associates

Depending on the country, the exact Anti-Money Laundering (AML) laws governing report submission vary.

When is a Suspicious Activity Report required?

An SAR is a must for any financial institution, from banks and money processors to casinos and gems dealers. It’s required when: 

  • A company suspects and have reasonable grounds to believe that their employee or customer is engaged in criminal activity
  • There are signs of ML/TF

Some examples of suspicious transactions include:

  • Transactions with no apparent economic or lawful purpose
  • Transactions that do not match the characteristics of the account holder’s regular business or personal dealings
  • Unusually high-value transactions
  • Multiple small transactions conducted within a short time frame
  • Transactions involving high-risk jurisdictions or individuals
  • Transactions where the source of funds is unclear or unverifiable
  • Transactions involving cash deposits or withdrawals that are inconsistent with the customer’s profile or known business activities
  • Transactions going through intermediaries or third parties who have no apparent involvement with the underlying transaction
  • Transactions that appear to be structured to avoid reporting thresholds
  • Transactions that raise concerns relating to the customer’s due diligence measures or compliance with anti-money laundering regulations

If a company isn’t sure about suspicious activity they have to be proactive and submit valid information to the authorities before receiving punishment for failing to do so.

How to submit a Suspicious Activity Report

Any employee of a financial institution who spots suspicious activity may need to file an SAR. Usually, an appointed Money Laundering Reporting Officer (MLRO) or nominated officer decides whether a report is necessary depending on the specific situation. A company can submit a report manually or through an automated reporting system.

To file a SAR manually, businesses have to refer to the website of the regulator they are reporting to. Many of them have standard SAR forms to fill out online. 

SARs are an important instrument for supervising domestic and international financial markets. Businesses have to prioritize SAR submission, ensuring that they’re detailed and on-time, to ensure that criminal activity can be properly investigated and avoid severe compliance penalties.

FAQ

  • What is a Suspicious Activity Report?

    A SAR is a report that has to be submitted by a business when criminal activity is suspected.

  • When should an SAR be filed?

    Usually SAR reports must be filed within 30 days of the suspicious activity being identified.

  • What types of transactions are suspicious?

    Some examples of suspicious transactions are:

    • Transactions with no apparent economic or lawful purpose
    • Transactions that do not match the characteristics of the account holder’s regular business or personal dealings
    • Unusually high-value transactions
    • Multiple small transactions conducted within a short time frame
    • Transactions involving high-risk jurisdictions or individuals
    • Transactions where the source of funds is unclear or unverifiable
    • Transactions involving cash deposits or withdrawals that are inconsistent with the customer’s profile or known business activities
    • Transactions going through intermediaries or third parties who have no apparent involvement with the underlying transaction
    • Transactions that appear to be structured to avoid reporting thresholds
    • Transactions that raise concerns relating to the customer’s due diligence measures or compliance with anti-money laundering regulations

See Sumsub in action

AustraliaEUHong KongSingaporeUKUSA

Explore more

Sumsub Compliance Digest—August 2023
Sumsub Compliance Digest—August 2023
Arina Rumyanceva

Arina Rumyanceva

Legal Counsel at Sumsub

Sumsub Compliance Digest—September 2023
Sumsub Compliance Digest—September 2023
Arina Rumyanceva

Arina Rumyanceva

Legal Counsel at Sumsub

AML Cryptocurrency Regulations Around the World
AML Cryptocurrency Regulations Around the World
Alyssa Abrams

Alyssa Abrams

Content Manager