The best practices for effective Suspicious Activity Reporting

Share this post

By Fred McDowell, senior manager in the financial crime team at fscom

Global money laundering transactions for 2020 have been estimated to account for a staggering $2.3 trillion, according to the United Nations. In response, national regulators continue to require banks to monitor and report suspicious activity in financial transactions.

These are known as suspicious activity reports (SARs) in the UK – or suspicious transaction reports (STRs) in Ireland. SARs matter because they capture activity that potentially relates to money laundering or terrorist financing, but which law enforcement would otherwise simply not see.

In my career, I have developed expertise in SARs both in senior roles in the banking sector and more recently while carrying out independent audits of firms for fscom. In a recent webinar, I shared my top tips for improving the way you identify and report suspicious activity. You can watch the webinar here, but this blog highlights some of the key takeaways.

The strict reporting obligations on financial institutions and their staff

The UK’s Proceeds of Crime Act and Terrorism Act require persons working in the regulated financial sector to submit a SAR about information that comes to them, if they know, suspect or have reasonable grounds to think a person is engaged in or attempting money laundering or terrorist financing. Ireland’s Criminal Justice Act has an almost identical requirement.

The legislation penalises firms and potentially staff, that do not comply. If a firm reports a SAR, it is an offence to tip off the subject of that report. It is also an offence to fail to report suspicious activity. In the UK and Ireland, the offences of Tipping Off and Failing to Report come with financial fines and / or imprisonment.

The UK’s Financial Intelligence Unit (FIU) received 460,000 SARs last year, 70% come from frontline staff (who directly engage with clients), 28% from the compliance function, and 2% from external or internal audits.

How can compliance officers identify suspicious activity?

A challenge is that “suspicion” is not defined in legislation. But in short, submitting a SAR does not require hard evidence – the role of a compliance officer is not to secure convictions but to pass suspicions to law enforcement who will decide the appropriate investigative steps.

Suspicious activity does not depend on the size of the transaction so compliance officers should be vigilant even for small transactions. Indicators of suspicious activity could include:

  • Transactions that appear to be unnecessarily complex.
  • Complex ownership structures that make it difficult to identify the beneficial owners, without a clear explanation of why that structure merits being so complex.
  • Transactional volumes that are inconsistent with the Know-Your-Customer checks carried out on the client.
  • Unexplained deposits of cash.
  • Loan repayments that do not match a customer’s reported income and ability to repay.

Best practices for identifying and reporting suspicious activity

Firms looking to meet their reporting obligations must put in place robust yet proportionate controls, undertake monitoring and have ongoing due diligence processes. These steps will help identify activity that merits investigation and might ultimately warrant SARs. In reality, 25% of SARs come from onboarding and periodic reviews, 40% arise from transaction monitoring alerts, and 35% stem from client engagement, such as loan or mortgage applications.

The ideal operating model for a financial institution seeking to improve their detection and reporting of suspicious activity should comprise:

  • Robust onboarding processes that are regularly reviewed to ensure they are fit for purpose.
  • Strong and proportionate risk rating systems, with Enhanced Due Diligence for higher risk rated clients.
  • Carefully considered transaction monitoring rule sets which are regularly reviewed – rather than manual monitoring of transaction monitoring alerts which often see arrears.
  • A compliance framework that evolves over time in line with the firm’s growth.

While this is a good ambition to work towards, there is usually a balance to be struck. Companies should also bear in mind that they can never remove the risk entirely in the financial services industry. Compliance is about trying to identify and understand what the risks are. The operating model should be proportionate to your business and the risks you face.

Failing to put in place an effective operating model increases the risk of money laundering and makes firms more open to criminals. For example, money launderers or terrorist financers will open accounts in different banks to try to find lax controls and will share that information with other criminals.

MLROs: the first line of defence for SARs

Money Laundering Reporting Officers (MLROs) have a critical role in helping a company to follow best practices around SARs and are usually responsible for submitting the SAR to the FIU. They should provide regular SAR awareness training to staff across the business. This must make clear that there is a requirement to report suspicious activity, the likely grounds for suspicion, and the practicalities of where to find and file a report.

MLROs should also consider the following when handling SARs and STRs:

  • Acknowledge a report whenever a colleague submits one and ensure confidentiality in the process.
  • Investigate the report as promptly as possible, requesting supporting documentation when required.
  • Explain why there are – or are not – grounds for suspicion to report. If the suspicion seems to be justified, submit the report to the relevant FIU as soon as possible.
  • Maintain a tracking log of all SARs to ensure oversight of the reporting process and keep it up to date.
  • Capture the number of SARs received and submitted to FIUs for ongoing AML management reporting to the senior management and Board.

To find out more about how you can meet your reporting obligations and deter criminals from trying to launder money or terrorist financing through your firm, you can watch the webinar in full here.

Article by FScom

More To Explore


Are you a member of The Payments Association?

Member benefits include free tickets, discounts to more tickets, elevated brand visibility and more. Sign in to book tickets and find out more.


Log in to access complimentary passes or discounts and access exclusive content as part of your membership. An auto-login link will be sent directly to your email.

Having trouble signing?

We use an auto-login link to ensure optimum security for your members hub. Simply enter your professional work e-mail address into the input area and you’ll receive a link to directly access your account.

First things first

Have you set up your Member account yet? If not, click here to do so.

Still not receiving your auto-login link?

Instead of using passwords, we e-mail you a link to log in to the site. This allows us to automatically verify you and apply member benefits based on your e-mail domain name.

Please click the button below which relates to the issue you’re having.

I didn't receive an e-mail

Tip: Check your spam

Sometimes our e-mails end up in spam. Make sure to check your spam folder for e-mails from The Payments Association

Tip: Check “other” tabs

Most modern e-mail clients now separate e-mails into different tabs. For example, Outlook has an “Other” tab, and Gmail has tabs for different types of e-mails, such as promotional.

Tip: Click the link within 60 minutes

For security reasons the link will expire after 60 minutes. Try submitting the login form again and wait a few seconds for the e-mail to arrive.

Tip: Only click once

The link will only work one time – once it’s been clicked, the link won’t log you in again. Instead, you’ll need to go back to the login screen and generate a new link.

Tip: Delete old login e-mails

Make sure you’re clicking the link on the most recent e-mail that’s been sent to you. We recommend deleting the e-mail once you’ve clicked the link.

Tip: Check your security policies

Some security systems will automatically click on links in e-mails to check for phishing, malware, viruses and other malicious threats. If these have been clicked, it won’t work when you try to click on the link.

Need to change your e-mail address?

For security reasons, e-mail address changes can only be complete by your Member Engagement Manager. Please contact the team directly for further help.

Still got a question?