Suspicious Activity Reports (SAR) drafted by financial institutions contain some of the most valuable information available to law enforcement agencies in the fight against financial crime. Yet, the FinCEN Files scandal of 2020 has shown that major banks have consistently failed to write and submit proper reports over the years. What can we learn from their mistakes to be able to compose the perfect SAR?

In 2018, more than 2.100 SARs leaked from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), exposing their weaknesses and insensitivities. Known as the FinCEN Files, the wrongdoing exposed by Buzzfeed News and the International Consortium of Investigative Journalists (ICIJ) demonstrated how an ineffective SAR regime pushed major global financial institutions to facilitate money laundering, drug trafficking, terrorism, and Ponzi schemes.

The way SARs are handled are often riddled with basic errors. Elements such as narrative, keywords, objective, and timing of submission can make a real difference in the quality of the reports. FinCEN Files have highlighted how SARs were often submitted too late, with incomplete information, and for the wrong reasons.
SARs are submitted too late and with incomplete information

Law enforcement agencies and financial intelligence units (FIU) are flooded with poor quality reports, making it burdensome or near impossible to handle them with the attention they deserve. So, what makes a perfect SAR?




What is an SAR and what it is not

Before diving into the technical aspects of how to write a perfect Suspicious Activity Report, one must first understand what an SAR is and what it is not.

What is an SAR
An SAR is a short document drafted by a financial institution to report a suspicious behaviour or transaction by part of a client. If a person is suspected of being implicated in a form of financial crime, the report should briefly explain the identity of the person and a short narrative describing the transaction or the behaviour that is deemed suspicious.


An SAR is not a defensive document used for backside covering, meaning they don’t exist to appease authorities, make your financial institution look good, or to avoid fines. Reporting a suspicious behaviour should be a proactive activity to stop the flow of dark money, not to shield a bank from past mistakes or negligence.



How do you construct a narrative for an SAR?

SARs are read by analysts in national FIUs who must try to understand who your client is and why the transaction he/she performed is suspicious. To avoid the mistake of writing a confusing or incomplete report that has little use, put yourself in the shoes of the reader.

To help you write a better narrative for your STRs, use the 5 W’s:

  • 1

    Who: Incorporate the necessary information on the identity of the person/s that you are reporting on. This includes their name, address, job title, date of birth, and account number. If a pet store employee is dealing in transactions that are beyond their income, or a nineteen-year-old is handling millions of euros, this can help the FIU analyst to quickly pinpoint the suspicious behaviour. For companies, make sure to list the identities of the UBOs.

  • 2

    When: Add the precise date of when the suspicious behaviour occurred. If it happened over a span of time, write out the timeline of events. If the activity involved multiple withdrawals at an ATM, give the precise hours of each withdrawal. This will help the FIU analyst get a better sense of how the suspicious activity evolved.

  • 3

    Where: If applicable, be sure to include the location of where the suspicious action took place such as the address of the branch or of the ATM. A person who lives in one town but goes to another town to withdraw cash or goes to multiple branches to deposit cash can help FIU analysts spot the warning signs of an illegal activity.

  • 4

    What: Detail what happened that made you think that the activity was suspicious. List the various steps of the transaction/s and/or cash withdrawals/deposits. This is where the FIU analyst will truly understand what happened. Be concise but don’t leave out necessary details and make sure to add how the activity was flagged – monitoring tool, lookback, etc.

  • 5

    Why: Explain why you think the behaviour is suspicious. List the reasons: money laundering, tax evasion, funnel account, etc. This will help the FIU analyst in categorising your report. FIUs like FinCEN want you to use keywords to help flag the type of activity you are reporting on. Their list of keywords can be helpful to any financial institutions around the world.






Do's and don'ts of a Suspicious Activity Report

Now that you are aware of what constitutes a good narrative for an STR, let’s look at what makes a Suspicious Activity Report stand out and what doesn’t.

Do's

  • Keep it simple: use an active tense when writing your report. Be sure to use simple words and concise concepts. Don't go overboard with technical concepts and always write out any acronyms.

    Quotes: if the client had a conversation with a staff member of the bank, you may quote him/her if you believe that it adds to the narrative or accentuates his/her suspicious behaviour. However, do not twist his/her words or add non-existent meaning to them. Use quotes sparsely and only if necessary.

    Confidentiality: keep your reports confidential. Do not distribute them, talk about them with colleagues that don’t need to be aware of the document, refer to them when talking to a client, or menace a client with them. Only a handful of closely connected people such as the compliance or AML departments must know about the reports.

    Connections: do state any connections that your client may have with another client performing shady business in the same financial institution. Be clear on how they are connected and try to find out if the connection is behaving in the same way. If you discover an ensemble of people executing the same dubious transactions, you can group them together into the same SAR.

    Copies: after sending the report to your local FIU, always keep a copy. This will make it easier to retrieve the information if the FIU asks you to follow-up with further material or data.
Don'ts

  • Keep it short: don’t write an excessively long and detailed report. You are not writing a scholarly article or a PhD dissertation. Keep the narrative to maximum one page, or one page and a half if strictly necessary.

    Repetitions: do not repeat information. If a client’s identity information is stated somewhere in the report, there is no need to repeat it in the narrative, unless that material is indispensable for highlighting why you believe the activity is suspicious.

    Bullet points: avoid bullet points unless you are listing something. Do not write the entire narrative in bullet points as you might make your story confusing and hard to put together. You can use them to list a selection of transactions but use them sparsely throughout your document.

    Shopping lists: closely connected to the previous point is providing a long list of transactions in your report. Avoid writing out lengthy and heavy “shopping lists.” Instead, try to highlight the most important transactions and summarize the remaining ones. If interested, FIUs will ask you to provide the full list of transactions in their follow-up.

    Deadlines: try to avoid sending an SAR to your FIU beyond its 30-day submission deadline (the date can differ based on your country.) Late STRs can hinder investigations and make it harder to stop the suspicious activity or track down the felonious client. FinCEN Files showed that the median reporting time for an SAR was 166 days with Barclay’s median being 1.205 days.


Quality vs quantity

Financial Intelligence Units are swamped with STRs and are unable to sift through them in an efficient manner. Between 2011 and 2017, FinCEN received over 12 million SARs from financial institutions.


SARs are not defensive documents
As mentioned earlier in the article, financial institutions have the tendency to draft SARs as defensive documents against earlier mishaps and disregards. This not only decreases the value and quality of the reports, but it also does not protect banks from legal action. The filing of an SAR does not exonerate a financial institution from responsibility and regulators may continue to act against them in court if deemed necessary.


This defensive mechanism is often associated with excessive reporting. Known as “crying wolf,” SARs are often drafted for any behaviour or transaction that is even slightly suspicious without an actual investigation from the part of the financial institution just to “protect” themselves from regulators and showcase that their AML/CTF regimes are optimal. However, 90% of all STRs have no immediate value with only 10% leading to an investigation by FIUs.

When writing an SAR, aim for quality, not quantity. Before embarking on the actual drafting of the report, make sure to investigate if the transaction is suspicious or not. This can be done by asking for documents related to the transaction or by asking the client’s account manager if the client’s behaviour can be regarded as normal or not. However, this should not be done to instil the fear of reporting.
Quality of SARs


Understanding what an STR is, perfecting narrative, and knowing the right keywords is useless if one does not focus their attention on quality over quantity, and those elements put together are the key to writing the perfect SAR.


Knowing how to write a quality SAR can help your financial institution and AML department be at the forefront in the fight against financial crime. Contact us to learn how we can help you and your team write the perfect Suspicious Activity Report!
Stefano Siggia - Pideeco Network Partner
Stefano Siggia Senior Consultant
0 comments
Add your comment

Related articles

What is adverse media in AML? Learn what sources can be used to detect negative news and what the future is in store fo...

AML Sun 31 January 2021

How do you search for a company VAT number in Europe? Learn about the reasons for looking up a VAT number and all about...

Anti Money Laundering Mon 09 December 2019

How do criminals launder their dirty money? Discover how loot boxes, carding, and hacking is used to launder money in po...

AML Mon 09 March 2020

Why do most AML programs in banks fail? Learn how compliance culture, training of staff, transaction monitoring systems,...

Compliance Mon 15 March 2021
Experts in risk management and regulatory compliance

Pideeco is a consultancy firm providing legal services, business solutions, operational assistance and educational material for professionals in the financial industry.

We are based in Brussels and we specialize in regulatory risk compliance services covering the Eurozone.

Pideeco combines professional Regulatory knowledge and technical expertise to safeguard your business’ reputational and operational risk. Our unique customer-centric approach helps us build strategical and legitimate cost-efficient remedies.

Working with us means reaching out to complementary people, allowing for original thinking and innovative vision.

Our Network Learn more about us