Suspicious Activity Report (SAR)

What Is a Suspicious Activity Report (SAR)?

A Suspicious Activity Report, or SAR, is a document that must be submitted to regulating authorities when a financial institution knows or suspects money laundering-related activity to be occurring.

The submission of SARs is a crucial part of international anti-money laundering protocols in banking, fintech, iGaming and other sectors.

The specific definitions and workflows, including the nature of suspicion and money laundering, vary slightly between participating countries and are informed by specific mandates like the Bank Secrecy Act in the US and the Terrorism Act 2000 in the UK.

Though monitoring for money laundering, as well as the submission of the SAR, is a mandatory requirement for financial bodies and certain other sectors, it is a process that is only successful with the willing participation of those bodies.

This not only safeguards the institution from reputational and financial harm that harboring money launderers brings but also from the heavy fines that are imposed on AML violators by the authorities. 

What Does a SAR Look Like?

Here is downloadable a sample SAR, which will inform you of the kind of data you need to collect and file.

The exact contents of a SAR will depend on the organization it is filed with. But normally, it includes information such as:

  • the full name, address and passport number of the individual(s) – who is often a low-rank criminal called a money mule
  • the nature of the suspicious activity
  • the date of the suspicious activity
  • suspected category or categories
  • financial services involved
  • whether this SAR is linked to a previously filed SAR
  • etc.
Catch Money Launderers with SEON

Introduce SEON to your customer journey to know when you’re dealing with a good user and when with an AML rulebreaker, to keep your organization safe and compliant.

Read More

When Should You File an SAR?

A Suspicious Activity Report (SAR) should be filed whenever a financial institution knows or suspects – or can establish reasonable grounds for suspicion – that a customer is engaged in money laundering activity or is otherwise in breach of the Bank Secrecy Act. This is normally identified through transaction monitoring, which is also an AML requirement.

As money laundering is often an international concern, participating countries all share this basic DNA in their respective legislation. However, they naturally have slight variances to suit their financial infrastructures.

graphic representing a Suspicious Activity Report (SAR)

What Is Considered Suspicious Activity?

In practical terms, suspicious activities are defined through situational parameters and thresholds of currency. In the United States, the Financial Crimes Enforcement Network (FinCEN) defines these thresholds to specific dollar values.

Though the FinCEN’s definitions do not apply universally – it is national US banks and international banks operating under the jurisdiction of the Office of the Comptroller of the Currency (OCC) that must comply – understanding this framework provides a good idea of the kinds of activity that qualify as suspicious in general terms.

According to the OCC, an SAR must be filed to FinCEN if any of these circumstances occur or are suspected:

  • Insider trading abuse of any kind, wherein criminal violations are committed or facilitated from within the bank itself, regardless of the amount involved.
  • Violations with an identifiable suspect involving $5,000 or more. If a bank detects money laundering-like patterns and the account in question has aggregated at least $5,000, an SAR must be filed.
  • Violations involving $25,000 or more, regardless of the suspect. Even if the suspect customer cannot be identified or is not an individual, suspicious transactions of aggregated value over $25k trigger an SAR filing.
  • Transactions that are otherwise in violation of the BSA. This includes:
    • transactions with funds known to be from illegal activity and transactions intended to obfuscate the origin of illegal activity
    • transactions intended to evade existing BSA or other AML regulations
    • transactions that have no legal purpose or are otherwise unusual for an otherwise usual customer

In more general terms, reasonable suspicion can be thought of as a reasonable possibility – not a fanciful one – that the relevant evidence exists. In the UK, a precedent-setting court case stated that “a vague feeling of unease would not suffice”.

Who Can File SARs?

All companies linked to financial activity are expected to file SARs – including banks, investment firms, real estate agents, etc. In other words, every organization mandated by law to conduct transaction monitoring needs to file SARs whenever something suspicious surfaces.

In terms of individuals, in the US, any employee who has a suspicion – not just a vague feeling of unease – that money laundering is occurring should be compelled to file a Suspicious Activity Report. 

A notable variance in the parallel UK legislation includes the designation of an MLRO (Money Laundering Reporting Officer) upon whom the responsibility of submitting the SAR falls.

SARs are largely filed digitally over the web – FinCEN fielded over 2 million in 2019. However, in the event of terrorism-related money laundering, a hotline is encouraged, for swifter triage and actioning where necessary.

What Happens After an SAR Is Filed?

After receiving a submitted SAR, the governing body will conduct an investigation by cross-checking existing law enforcement databases before deciding whether to turn over the SAR to the competent law enforcement agency.

During this time the filing bank is required to keep records and provide them to the investigative agency whenever called upon to do so.

Notably, part of the efficacy of an SAR investigation is based around confidentiality. After filing an SAR, it is expressly illegal to inform the customer or account being investigated that an SAR has been filed or, indeed, even exists. Violations of this clause are often referred to as “tipping off” offenses – easy language for quickly understanding the concept.

This can become a tricky set of maneuvers for companies as they are set the task of both not “tipping off” with their actions the client that they are under investigation, and also not breaking AML laws by allowing funds that might have been illegally acquired to enter the financial system.

In the UK, part of the immediately occurring process includes determining whether or not to grant the financial institution a DAML, short for Defense Against Money Laundering. If granted, the institution is allowed to carry out specific business transactions that would otherwise violate AML laws.

Thus, the bank can carry out transactions using funds it knows to be the product of criminal enterprise while neither incriminating itself nor tipping off the suspect.

Keep Your Business Fine-Free

Partner with SEON to minimize your risk exposure during customer onboarding and steer clear of compliance issues by harnessing the power of data enrichment, whitebox machine learning, and advanced APIs.

Ask an Expert

How Can You Tell If Money Is Being Laundered?

Laundered money often has telltale warning signs that financial institutions should be keenly aware of. This is despite the fact that techniques, tools and strategies used by money mules to layer and launder money in drop accounts are very well diversified.

Recommended methods for spotting the scars of laundered money include keeping an eye on particularly secretive clients and unusual transactions. Measuring things like secretiveness is usually done through Customer Due Diligence (CDD) and Know Your Customer (KYC) verification checks.

Software solutions like SEON keep companies CDD compliant, both assisting in user authentication and using machine learning to determine which clients are suspicious and anomalous in their behavior. 

Beyond the onboarding phase, fraud prevention software can be leveraged throughout the customer experience to detect customers who go from making good transactions to anomalous ones – another potential sign of money laundering. This way, if an account is compromised or its location changes in an alarming way, security teams or MRLOs can stay informed – as well as when their transaction patterns shift suddenly.

Other behavior that could lead to reasonable suspicion includes:

  • unusual sources of funds like sudden influxes of cash or unusual sums from private accounts – cash deposits of $10,000 or more are mandatory to report
  • unnecessary layers of ownership, shell companies, trusts, and other attempts to obfuscate the beneficial owner of an account
  • sudden changes in transaction velocity related to real estate and, particularly, “super-prime” properties

Overall, true and proactive compliance with AML legislation that includes filing SARs is ideally enforced with a stack of fraud prevention and AML tools both proactive and reactive, working in tandem to keep banks and fintechs safe from fines and from criminals.

Related Terms

Related Articles


Speak with one of our fraud experts

Feel free to reach out with any fraud-related questions or comments - we’ll get back to you as soon as possible.