What Is a Suspicious Activity Report (SAR) and When Must You File One?
| Quick Answer | A Suspicious Activity Report (SAR) is a formal disclosure made by a regulated firm to the relevant financial intelligence unit when it knows or suspects that a customer or transaction is connected to money laundering, terrorist financing, or the proceeds of crime. In the UK, SARs are filed with the National Crime Agency (NCA) under the Proceeds of Crime Act 2002. In the US, they are filed with FinCEN under the Bank Secrecy Act. Filing a SAR when grounds for suspicion exist is a mandatory legal obligation — failure to file is a criminal offence. Disclosing to a customer that a SAR has been made is a separate criminal offence known as tipping off. |
The SAR regime is the mechanism through which the financial system communicates intelligence about suspected financial crime to law enforcement. Every year, UK firms file hundreds of thousands of SARs with the NCA, and US institutions file millions with FinCEN. These reports are a primary source of financial intelligence for law enforcement agencies pursuing money laundering investigations, terrorist financing networks, and organised crime.
For compliance professionals, the SAR process sits at the intersection of legal obligation, operational process, and professional judgement. Understanding precisely when the obligation arises, how it must be fulfilled, and what protections the law provides for those who file in good faith is essential knowledge for every MLRO, compliance officer, and senior manager at a regulated firm.
1. The Legal Basis for SAR Filing
United Kingdom — POCA 2002 and TA 2000
The obligation to file SARs in the UK is established under the Proceeds of Crime Act 2002 (POCA) and the Terrorism Act 2000 (TA). Under POCA Section 330, an employee in the regulated sector commits an offence if they know or suspect — or have reasonable grounds to know or suspect — that another person is engaged in money laundering, and they do not disclose this to a Nominated Officer (MLRO) or to the NCA as soon as practicable. The MLRO is then required under Section 331 to pass the disclosure to the NCA if they know or suspect that the information relates to money laundering.
The standard is not certainty — it is suspicion. Suspicion is a lower threshold than belief and considerably lower than proof. If a compliance professional is asking themselves whether they should file, that question itself is often a signal that the suspicion threshold has been reached.
United States — Bank Secrecy Act
In the US, the SAR obligation is established under the Bank Secrecy Act and FinCEN's implementing regulations. Covered financial institutions are required to file a SAR when they know, suspect, or have reason to suspect that a transaction involves funds derived from illegal activity, is designed to evade BSA reporting requirements, lacks a lawful purpose or is not the type of transaction the customer would normally conduct, or involves the use of the institution to facilitate criminal activity.
2. The SAR Process: From Detection to Filing
The SAR process begins with detection — typically through a transaction monitoring alert, a staff member's observation, or information received from a third party. From detection to filing, the process passes through several stages, each of which must be documented in a defensible audit trail.
| Stage | Action Required | Who Is Responsible |
|---|---|---|
| Detection | Transaction monitoring alert fires, or staff member identifies suspicious activity. Internal suspicious activity report raised. | Compliance analyst / front-line staff |
| Internal review | Analyst investigates the alert: reviews account history, KYC data, previous alerts, and seeks customer explanation where appropriate without tipping off. | Compliance analyst |
| MLRO referral | If suspicion is not resolved by the internal review, the case is escalated to the MLRO with a full case summary and supporting documentation. | Compliance analyst / MLRO |
| MLRO decision | MLRO determines whether to file a SAR. The decision — including the reasoning — must be documented regardless of whether a SAR is filed or not. | MLRO |
| SAR filing | SAR submitted to NCA (UK) or FinCEN (US) within the applicable deadline. In UK, a Defence Against Money Laundering (DAML) request may be filed where the firm needs consent to proceed with a transaction. | MLRO |
| Post-filing | Case file retained for minimum five years. Customer relationship management decisions made in light of SAR filing without tipping off the customer. | MLRO / compliance team |
3. The Tipping-Off Prohibition
| CRITICAL | The tipping-off prohibition — Section 333A of POCA 2002 in the UK, and equivalent provisions in the BSA framework in the US — makes it a criminal offence to disclose to a customer, or to anyone else likely to prejudice an investigation, that a SAR has been made, is being considered, or is under investigation. This applies to all staff who are aware that a SAR has been filed. The prohibition must be built into training, case management procedures, and customer communications — particularly when managing a customer relationship where a SAR has been filed and the customer continues to interact with the firm. |
Tipping off is not limited to explicitly telling a customer that a SAR has been filed. It can include actions that would lead a reasonable person to conclude that a SAR is under consideration — such as unusual requests for documentation, unexplained transaction delays, or abrupt changes in how account officers interact with the customer. Managing tipping-off risk requires careful coordination between the compliance function, relationship managers, and front-line staff.
4. Defence Against Money Laundering (DAML) — UK Specific
In the UK, a DAML request — also called a consent SAR — is filed when a firm has a suspicion that a proposed transaction involves criminal property but wishes to proceed with the transaction. By filing a DAML and receiving consent from the NCA (or being deemed to have consent through the NCA's failure to refuse within the statutory period), the firm obtains a legal defence against the principal money laundering offences under POCA.
The NCA has seven working days from receipt of a DAML to either grant or refuse consent. If it neither grants nor refuses within this period, consent is deemed granted. If the NCA refuses consent, the moratorium period gives law enforcement a further 31 calendar days to investigate and take action. During this period, the firm cannot proceed with the transaction without committing a criminal offence.
The DAML process has operational implications that must be managed carefully — particularly for investment managers and wealth managers handling large transactions where a 31-day moratorium could have significant client relationship and contractual consequences.
5. What Makes a Good SAR
SAR quality matters. The NCA and FinCEN rely on SARs to generate financial intelligence leads for law enforcement. A SAR that contains insufficient detail — or that describes suspicious activity so vaguely that it cannot be acted upon — provides limited intelligence value even if it technically satisfies the filing obligation. Regulators have increasingly emphasised the quality of SAR filings, not just their quantity.
A well-constructed SAR should include:
- Complete customer identification — full name, date of birth, address, account numbers, and any other identifiers available.
- A clear description of the suspicious activity — what happened, when, in what amounts, and across which accounts or channels.
- The reason for suspicion — why this activity is considered suspicious, referenced against the customer's known profile, transaction history, and the relevant typology.
- Third-party information — details of any counterparties, beneficiaries, or other connected parties identified during the investigation.
- Actions taken — whether a DAML was requested, whether the transaction was blocked, and any other steps taken by the firm.
6. The Role of Transaction Monitoring and the Compliance Portal
Effective SAR filing depends on effective detection — and effective detection depends on a well-calibrated transaction monitoring programme that surfaces genuine suspicious activity without burying it in false positive alerts. A compliance team drowning in thousands of low-quality alerts will inevitably miss the genuine cases that warrant SAR filing.
The case management workflow that takes an alert from initial detection through investigation to MLRO decision and SAR filing must be systematic, documented, and auditable. One Constellation's compliance portal provides a structured case management environment where alerts are investigated, evidence is assembled, MLRO decisions are recorded, and SAR filings are managed — all within a single auditable workflow that satisfies FCA, NCA, and FinCEN record-keeping requirements.
Streamline Your SAR Workflow
One Constellation connects transaction monitoring alerts directly to a structured SAR investigation and filing workflow — with full audit trail, MLRO decision documentation, and regulatory reporting built in.