- File when you know, suspect, or have reasonable grounds to suspect money laundering or terrorist financing
- The tipping-off prohibition means you cannot tell the client a SAR has been filed
- File promptly — delays are themselves a compliance failure
- An internal escalation process with a designated MLRO is mandatory
A Suspicious Activity Report (SAR) is the primary mechanism through which regulated entities report suspected money laundering or terrorist financing to financial intelligence units. In the EU this flows through national FIUs; in Norway through FIU Norway (hosted at Økokrim); in the UK through the NCA.
Related HubSecure buying path
Document Collection & Vault guidesecure document collectionSecure Vault moduleDropbox comparisondocument collection software guideGuide Librarybook a workflow demo
Related secure document collection resources
Continue with secure document collection, document collection checklist, secure client portal, Secure Vault module, security and trust center.
Related use case
This guide belongs to the Secure Document Collection Guides cluster. Continue with the product hub for secure document collection.
When must you file?
The threshold is suspicion — not proof. If you know or suspect, or have reasonable grounds to know or suspect, that a person is engaged in money laundering or terrorist financing, you must file. Common triggers include:
- Transactions inconsistent with the client's stated business profile
- Large cash deposits or payments just below reporting thresholds (structuring)
- Requests to layer funds through multiple entities without commercial rationale
- Clients evasive about beneficial ownership or transaction purpose
- Sanctions/PEP list matches that raise further concerns
- Third-party payment instructions with no commercial explanation
The internal SAR process
Step 1: Internal disclosure to the MLRO
Staff who identify suspicious activity report internally to the Money Laundering Reporting Officer (MLRO) using your internal suspicious activity report form. This must happen promptly. The MLRO then decides whether to file externally.
Step 2: MLRO assessment
The MLRO reviews the report and decides whether the suspicion meets the legal threshold. This decision must be documented regardless of outcome — including when the MLRO decides not to file externally.
Step 3: External SAR submission
If filing, submit to the national FIU via the designated portal. In Norway: FIU Norway reporting system. In the UK: NCA's SARs Online. EU member states each have their own equivalent systems.
Step 4: Consent request (where applicable)
If you need to proceed with a transaction that is itself the subject of the SAR, you may need FIU consent before proceeding. Proceeding without consent where required could constitute the criminal offence of money laundering.
Tipping-off prohibition: Once a SAR is filed — or even under consideration — you must not disclose this to the subject or anyone who might inform the subject. Tipping off is a criminal offence in most jurisdictions.
What makes a quality SAR
- Specific factual description — not vague language like “unusual transactions”
- Full identifiers: name, date of birth, address, account numbers, company registration numbers
- Transaction details: dates, amounts, currencies, counterparties
- Why it is suspicious: your reasoning, not just the facts
- What you have already done: EDD steps, documents collected, enquiries made
See also: AML Red Flags Guide — EDD Guide
Frequently Asked Questions
The FIU analyses the SAR and may share it with law enforcement. You will rarely hear back. You must continue treating the information as confidential. The relationship may continue unless consent is specifically refused.
No. Filing a SAR does not automatically require you to exit the relationship. Whether to continue depends on your risk assessment. Exiting a client must also be done carefully to avoid inadvertently tipping them off.
Failure to file when legally required is a criminal offence in most jurisdictions. Penalties include unlimited fines and, in serious cases, imprisonment. There is no de minimis threshold — suspicion alone is the trigger.
Yes. In many jurisdictions the obligation to report internally falls on individual staff as well as the firm. Failure to make an internal disclosure when you have suspicion can constitute a personal criminal offence.
At least five years from the date of filing, consistent with standard AML retention requirements. The underlying client files, transaction records and internal reports that informed the SAR must also be retained.
HubSecure captures all client interactions, EDD findings, screening results and transaction flags in structured case files. When a SAR is needed, analysts have a complete timestamped audit trail to work from, significantly reducing the time to compile a quality report.
See HubSecure in action
Join compliance teams across Europe replacing spreadsheets with a platform built for regulated work.
Reviewed for regulated teams
Prepared by the HubSecure editorial team for operators, compliance leaders and IT reviewers evaluating secure client operations software.