Dictionary

Suspicious Activity Report (SAR)

Every year, financial institutions worldwide face staggering penalties for failing to prevent illicit financial activity. In 2024, authorities issued over $10 billion in fines for anti-money laundering (AML) and combating the financing of terrorism (CFT) violations, with major banks like Deutsche Bank and HSBC among the top offenders.

One of the most critical tools in the fight against financial crime is the Suspicious Activity Report (SAR) — a document that helps authorities track and investigate criminal activity.

What Is a Suspicious Activity Report (SAR)?

A SAR is a document that financial institutions and associated businesses must file when they detect money laundering, fraud or other suspicious financial activities. Law enforcement agencies use these reports to build cases against criminals and identify more extensive patterns of illegal activity.

When Is a SAR Required?

The specific definitions and workflows, including the nature of suspicion and money laundering, vary slightly between participating countries and are informed by particular mandates like the Bank Secrecy Act (BSA) in the United States and the Terrorism Act 2000 in the United Kingdom.

The filing requirements vary by jurisdiction, but in general, SARs must be submitted in the following circumstances:

  1. Employee misconduct: If there is suspicion that an employee is involved in fraud, insider trading or other unethical activities.
  2. Suspicious transactions: When customer transactions exhibit red flags associated with money laundering, fraud or violations of the BSA.
  3. Criminal activity: If there is evidence of activities such as computer hacking or cybersecurity breaches, identity theft or account takeovers (ATO) or customers operating an unlicensed money services business.

SAR filing deadlines also vary by country. In the US, reports must be filed within 30 days (or 60 days if no suspect is identified). The UK requires SARs to be submitted as soon as practicable, while the EU mandates reporting immediately or within 1-3 days, depending on the member state.

Finally, SAR filings must be kept five years from the filing date. Failure to comply with these regulations can result in civil and criminal penalties, including substantial fines, regulatory restrictions, loss of banking charter and even imprisonment.

What Does a SAR Look Like?

Here is an example of the information needed to collect and file a SAR. Bear in mind that the exact contents of a SAR will depend on the organization in which it is filed. But usually, it includes information such as:

  • The full name, address and passport number of the individuals
  • The nature of the suspicious activity
  • The date of the suspicious activity
  • Suspected category or categories
  • Financial services involved
  • Whether this SAR is linked to a previously filed SAR
Catch Money Launderers with SEON

Introduce SEON to your customer journey to know when you’re dealing with a good user and when with an AML rulebreaker to keep your organization safe and compliant.

How to Make Compliance Easier

What Is Considered Suspicious Activity?

In practical terms, suspicious activities are defined through situational parameters and currency thresholds. The Financial Crimes Enforcement Network (FinCEN) defines these thresholds to specific dollar values in the US.

Though FinCEN’s definitions do not apply universally — it is national US banks and international banks operating under the jurisdiction of the Office of the Comptroller of the Currency (OCC) that must comply — understanding this framework provides a good idea of the kinds of activity that qualify as suspicious in general terms.

According to the OCC, a SAR must be filed to FinCEN if any of these circumstances occur or are suspected:

  • Insider trading abuse of any kind, wherein criminal violations are committed or facilitated from within the bank itself, regardless of the amount involved.
  • Violations with an identifiable suspect involving $5,000 or more. A SAR must be filed if a bank detects money laundering patterns and the account has aggregated at least $5,000.
  • Violations involving $25,000 or more, regardless of the suspect. Even if the suspect customer cannot be identified or is not an individual, suspicious transactions of aggregated value over $25,000 trigger an SAR filing.
  • Transactions violating the BSA such as:
    • Transactions with funds known to be from illegal activity and transactions intended to conceal the origin of unlawful activity
    • Transactions intended to evade existing BSA or other AML regulations
    • Transactions that have no legal purpose or are unusual for an otherwise usual customer

In more general terms, reasonable suspicion is a reasonable possibility that the relevant evidence exists. A precedent-setting court case in the UK stated that a vague feeling of unease would not suffice.

Who Can File SARs?

All companies linked to financial activity, including banks, investment firms and real-estate agents, are expected to file SARs. In other words, every organization mandated by law to conduct transaction monitoring needs to file SARs whenever something suspicious surfaces.

In terms of individuals in the US, any employee suspected of money laundering is compelled to file an SAR. A notable variance in parallel UK legislation includes the designation of an MLRO (Money Laundering Reporting Officer) upon whom the responsibility of submitting SARs falls.

What Happens After a SAR Is Filed?

After a SAR is submitted, authorities investigate by cross-checking law enforcement databases before involving the appropriate agency. The filing bank must keep records and provide them upon request. Confidentiality is key: informing the customer under investigation that a SAR exists is illegal.

Companies must avoid alerting clients while preventing illegal funds from entering the financial system. In the UK, banks may receive a Defense Against Money Laundering (DAML), allowing certain transactions with suspected criminal funds without incriminating themselves or tipping off suspects.

Unify Fraud & AML for Better Risk Management

Talk to a SEON expert to see how our integrated fraud and AML solutions enhance compliance and support regulations.

Ask an Expert

How Can You Tell If Money Is Being Laundered?

Money laundering often leaves behind warning signs, even as criminals refine their methods. Common red flags include large unexplained cash deposits ($10,000+), multiple ownership layers (like shell companies and trusts) and abrupt increases in real-estate activity.

Financial institutions must monitor secretive clients and unusual transactions through Customer Due Diligence (CDD) and Know Your Customer (KYC) verification. These processes help detect suspicious behavior, such as concealed ownership structures, complex financial layering and rapid fund movements.

Advanced AML software strengthens AML efforts by identifying anomalies beyond onboarding. SEON uses machine learning to flag sudden shifts in transaction patterns, location changes or compromised accounts — key indicators of potential money laundering. Monitoring customers transitioning from legitimate transactions to irregular behavior is essential for early detection.

Sources:

Share
Share
Share

You Might Be Interested In

Take the First Step Toward Transformative Fraud Prevention

“SEON significantly enhanced our fraud prevention efficiency, freeing up time and resources for better policies, procedures and rules.”

Chief Compliance Officer, Soft2Bet

  • Automate 95% of fraud checks
  • Reduce fraudulent registrations by 90%
  • Accelerate manual reviews by 90%

Trusted by 5,000+ Global Organizations:

Revolut logo
Afterpay logo
Soft2bet logo
Wise logo

Book Time With Our Experts

This form may not be visible due to adblockers, or JavaScript not being enabled.