What is a suspicious activity report (SAR)?

A suspicious activity report (SAR) is a document filed by a financial institution (FI) or other obligated entity to report illegal or suspicious activities to regulatory authorities. This is done to aid the global effort to detect and prevent financial crimes such as money laundering, terrorist financing, and fraud.

Filing SARs – known in some jurisdictions as suspicious transaction reports (STRs) or similar terms – is a legal obligation for many FIs. The specific filing obligations, such as what triggers a SAR, how quickly it must be submitted, and the consequences for non-compliance, vary by country. Depending on local regulations, firms sometimes have to file other reports besides SARs, such as currency transaction reports (CTRs), which document cash transactions over a certain monetary threshold.

SARs are a common feature of day-to-day compliance and a key tool in the fight against financial crime. In the UK, the National Crime Agency (NCA) estimates it receives around 460,000 SARs a year, while according to its 2023 SAR report, reports specifically relating to money laundering led to £272.2 million being denied to suspected criminals. 

What is the purpose of a SAR?

The purpose of a SAR is to alert regulatory authorities when FIs have reason to believe that a customer’s financial activity may be linked to criminal activity. Once a SAR has been submitted, it is reviewed by a financial intelligence unit (FIU), such as the US Financial Crimes Enforcement Network (FinCEN) or the UK’s UKFIU, which is part of the National Crime Agency (NCA). If further investigation is warranted, the FIU may pass information to law enforcement agencies.

SARs also play a strategic role beyond individual investigations. When aggregated, SARs provide authorities with a bird’s-eye view of criminal activity, enabling governments to identify emerging trends in financial crime. This intelligence supports the development of new policies, enforcement priorities, and anti-money laundering (AML) regulations.

Key SAR trends

Trends relating to SAR filing offer a window into emerging financial crime typologies and FIs’ ability to detect them. One 2023 report, based on data from FinCEN, noted a consistent year-on-year rise in SAR numbers and an overall 46 percent increase since 2020. Other key findings on financial crime typologies included: 

• Check fraud accounting for 20 percent of all SARs filed, with a near-50 percent rise in reports year-on-year. 
• A 122 percent increase in SARs related to elder financial exploitation since 2021. 
• A 72 percent rise in account takeover fraud SARs in the same period. 
• A 153 percent increase in reports linked to human trafficking. 
• Credit unions, who traditionally have filed fewer SARs than other FIs, increasing submissions by 22 percent. 

In the UK, the NCA’s 2023 SAR analysis did not include a similar breakdown of reports by crime typology. It did, however, contain data indicating some patterns in SAR filing, such as: 

• A 54 percent increase in politically exposed person (PEP)-related SARs from 2022. 
• A 22 percent increase in reports filed by estate agents, which tracks with a global trend of heightened scrutiny in this area: In August 2024, FinCEN tightened reporting obligations for US real estate firms. 

FinCEN also issues regular advisories and alerts to firms, containing information on new or newly prominent typologies they should look out for and instructions on filing SARs relating to them. Examples from 2024 and 2023 covered topics such as these, which firms can expect to remain issues in 2025: 

• Iran-backed terror organizations.
• The illegal fentanyl trade.
• Deepfake-related fraud.
• “Pig butchering” scams using cryptocurrencies. 

Regulations around SARs

As part of their 40 Recommendations, the Financial Action Task Force (FATF) advises countries to include a requirement for firms to file SARs in their domestic AML/CFT legislative programs. The 40 Recommendations are the foundation of most AML/CFT regulations worldwide, including when it comes to SARs. Specific local requirements around reporting include: 

• US: Under the terms of the Bank Secrecy Act (BSA), firms must file SARs with FinCEN using the BSA e-Filing system. Reports must be filed within 30 days of detecting the suspicious activity in question, with an additional 30-day period if firms need more time to identify a suspect. FinCEN periodically issues advisories on specific financial crime typologies, often including a reference firms must cite when filing SARs relating to them. 
• UK: Firms must submit SARs to the NCA using the SAR Portal “as soon as practicable,” with no official deadline in place. The UK has various glossary codes SARs should include when they relate to particular offenses. If an FI knows or suspects that processing a transaction will implicate it in a money laundering offense, it must request a Defence Against Money Laundering (DAML) from the NCA when submitting a SAR. 
• Singapore: FIs submit STRs to the Suspicious Transaction Reporting Office (STRO), via the STRO Online Notices and Reporting Platform (SONAR). The STRO has released detailed guidance for firms on how to complete a STR. 
• Australia: SARs are known as suspicious matter reports (SMRs) in Australia, and must be filed with the Australian Transaction Reports and Analysis Center (AUSTRAC) within three business days, or 24 hours if they relate to terrorist financing offenses. AUSTRAC specifies that firms should submit SMRs if they suspect one of their customers is the victim of a crime, as well as if they are the perpetrator. FIs should use their AUSTRAC online accounts to file an SMR. 

When filing SARs, firms should consult their local regulators for full technical guidance. However, in general, SARs should include: 

• Names and other identifying information, such as addresses, dates of birth, identity document numbers, and business registration numbers, of all parties involved. 
• The date of the activity being reported. 
• A description of the activity and the reasons for reporting it, explained as clearly and specifically as possible. 
• Specified codes for types of suspicious activity. 

When do firms have to file a SAR?

Firms must submit a SAR whenever they know or suspect one of their customers or employees is involved in money laundering or another financial crime. They do not have to have hard evidence that a crime has been committed. Red flags which might trigger a SAR include:

• Transactions over a certain value. 
• International money transfers over a certain value. 
• Multiple transactions just below mandatory reporting thresholds (known as ‘structuring’). 
• Unusual transaction patterns or account activity. 
• The involvement of high-risk entities: for example, transactions to a sanctioned entity. 

There is no defined threshold at which transactions should be considered suspicious. Instead, transactions should be considered suspicious if they deviate from a customer’s risk profile and typical financial behavior. For example, consider a customer who deposits the same amount of money in their account every month. If that customer suddenly started depositing and withdrawing larger amounts weekly, that behavior would merit suspicion and trigger a SAR.

A Guide to the Essentials of AML

Our expert guide explains how firms of all sizes can create effective AML programs, build trust with regulators, and turn compliance into a business advantage.

Download your copy

Who has to file SARs?

Any firm with AML regulatory obligations is required to file SARs. This includes FIs – such as banks, credit unions, money services businesses, or insurance companies – as well as other businesses like real estate agents, lawyers, and accountants. Failure to submit a SAR when required to can result in regulatory and legal action, including significant fines and imprisonment. 

In many cases, suspicious activity is detected by an institution’s automated transaction monitoring system. However, it falls to human compliance experts to verify and report any suspicious activity. FIs are generally obliged by local regulations to appoint a dedicated AML officer, responsible for fulfilling reporting obligations as well as overseeing the implementation of a firm’s compliance program. 

The exact title of this position varies: in the UK, an AML officer is often known as a Money Laundering Reporting Officer (MLRO), whereas in the US they are frequently called a BSA Officer. 

Are SARs confidential?

SARs necessarily involve clients’ confidential personal information and are often of significant legal significance. All SARs are therefore strictly confidential, and disclosing to a customer that they are the subject of one – often referred to as “tipping off” – is an offense. Discussing a SAR with a third party, such as a media organization, is also legally forbidden. To ensure the integrity and confidentiality of SAR filing, those who report suspicious activity in good faith are typically protected from civil liability.  

Transaction monitoring software with automatic SAR filing

Smart transaction monitoring software is essential for effective SAR filing, allowing firms to detect suspicious customer behavior promptly and accurately. It does this by comparing transactions with historical data and established profiles to establish any anomalies and identity patterns of behavior, then generating alerts for compliance analysts when unexplained or suspicious behavior is detected. 

ComplyAdvantage’s AI-powered transaction monitoring software helps firms streamline their compliance and reporting procedures, harnessing cutting-edge technology to support: 

• A comprehensive rules library of recognized financial crime typologies, maximizing firms’ ability to detect any suspicious behavior. Rulesets are fully configurable and can be adapted to match a business’ risk profile and appetite, with a no-code, self-serve rules builder allowing firms to create their own. 
• Machine learning (ML) capabilities to fill in any gaps in rulesets. This deepens visibility into the threats firms face and allows them to pick up on any suspicious behavior that a more traditional rules-based system could miss, particularly when this involves complex or emerging criminal methods. 
• Automated alert prioritization that allows compliance analysts to focus on the highest-risk cases first. This ensures adherence to a risk-based approach, improves productivity and reduces valuable time spent dealing with false positives and low-risk cases. 

An additional feature in Transaction Monitoring enables automatic SAR filing with FinCEN for US firms, with the ability to: 

• Automatically pre-fill certain details on the form, saving time. 
• Allow analysts to view and track the status of SARs on the same interface, without having to visit FinCEN’s portal. 
• Give analysts the option to create a continued activity report after 90 days.