The Plain English Version

When a firm or its staff suspects that a customer or transaction is connected to criminal activity, they must report it. In the UK, SARs are filed with the National Crime Agency via the Suspicious Activity Reports regime. In the US, they go to FinCEN. The obligation to report arises from suspicion, not certainty. A firm does not need proof before filing.

Failure to file a SAR when suspicion exists is a criminal offence under POCA 2002 in the UK. The MLRO is personally liable for failures in the SAR process.

The SAR Process

  • Internal report - A staff member who suspects ML or TF submits an internal suspicion report to the MLRO.
  • MLRO review - The MLRO reviews the report and decides whether to file an external SAR. The decision and rationale must be documented regardless of the outcome.
  • External SAR filing - If the MLRO decides to file, the SAR is submitted to the NCA (UK) or relevant FIU. In the UK this is done via the SARs Online system.
  • Defence Against Money Laundering (DAML) - Where a transaction has not yet occurred and consent is needed to proceed, a DAML SAR is filed. The NCA has 7 days to respond, extendable to 31 days.
  • Record keeping - All internal reports, MLRO decisions, external filings, and DAML responses must be retained for at least 5 years.

Tipping-Off

Once a SAR has been filed or is being considered, it is a criminal offence to tell the subject of the report that a disclosure has been made or that an investigation is underway. This is the tipping-off prohibition under POCA s.333A. Staff must be trained to recognise and avoid tipping-off, including in seemingly innocent conversations with customers.

SAR Quality

Regulators and the NCA consistently highlight poor SAR quality as a weakness across the industry. A good SAR explains clearly why suspicion arose, what the funds or activity involved, the amounts and dates, and any relevant customer background. SARs that simply state "unusual transaction" without context are of limited intelligence value and may indicate a systemic training or process failure.

Want to Know More?

RateYourCyber's Financial Crime Compliance (FCC) module covers the full SAR process in the Suspicious Activity Reporting section of the Business-Wide Risk Assessment, including internal SAR process maturity, external filing quality, tipping-off controls, and SAR defence documentation.

Read: Financial Crime Compliance Is Now Live on RateYourCyber