How to compile a Suspicious Activity Report (SAR)

Suspicious Activity Reports (SAR) drafted by financial institutions contain some of the most valuable information available to law enforcement agencies in the fight against financial crime. Yet, the FinCEN Files scandal of 2020 has shown that major banks have consistently failed to write and submit proper reports over the years. More than 2.100 SARs leaked from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), exposing their weaknesses and insensitivities. Known as the FinCEN Files, the wrongdoing exposed by Buzzfeed News and the International Consortium of Investigative Journalists (ICIJ) demonstrated how an ineffective SAR regime pushed major global financial institutions to facilitate money laundering, drug trafficking, terrorism, and Ponzi schemes.

Law enforcement agencies and financial intelligence units (FIU) are flooded with poor quality reports, making it burdensome or near impossible to handle them with the attention they deserve. FinCEN Files have highlighted how SARs were often submitted too late, with incomplete information, and for the wrong reasons.

So, what makes a perfect SAR?


Before diving into the technical aspects of how to write a perfect Suspicious Activity Report, one must first understand what an SAR is and what it is not.

An SAR is a short document drafted by a financial institution to report a suspicious behaviour or transaction by part of a client. If a person is suspected of being implicated in a form of financial crime, the report should briefly explain the identity of the person and a short narrative describing the transaction or the behaviour that is deemed suspicious.

An SAR is not a defensive document used for backside covering, meaning they don’t exist to appease authorities, make your financial institution look good, or to avoid fines. Reporting a suspicious behaviour should be a proactive activity to stop the flow of dark money, not to shield a bank from past mistakes or negligence.


A Suspicious Transaction Report (STR) and an Unusual Transaction Report (UTR) are interchangeable terms used for an SAR. A Currency Transaction Report (CTR), on the other hand, is a form that must be filled by a bank representative when a currency transaction of more than $10.000 is executed by a client. They are mandatory in the United States but have also been adopted in various forms in other territories. A CTR must no be sent to the local FIU but can evolve into an SAR if the activity is thought as suspicious.


SARs are read by analysts in national FIUs who must try to understand who your client is and why the transaction he/she performed is suspicious. To avoid the mistake of writing a confusing or incomplete report that has little use, put yourself in the shoes of the reader.

To help you write a better narrative for your STRs, use the 5 W’s:


Now that you are aware of a good narrative for an STR, let’s shape your SAR for easy handling by authorities

Keep it simple: use an active tense when writing your report. Be sure to use simple words and concise concepts. Don’t go overboard with technical concepts and always write out any acronyms.

Quotes: if the client had a conversation with a staff member of the bank, you may quote him/her if you believe that it adds to the narrative or accentuates his/her suspicious behaviour. However, do not twist his/her words or add non-existent meaning to them. Use quotes sparsely and only if necessary.

Confidentiality: keep your reports confidential. Do not distribute them, talk about them with colleagues that don’t need to be aware of the document, refer to them when talking to a client, or menace a client with them. Only a handful of closely connected people such as the compliance or AML departments must know about the reports.

Connections: do state any connections that your client may have with another client performing shady business in the same financial institution. Be clear on how they are connected and try to find out if the connection is behaving in the same way. If you discover an ensemble of people executing the same dubious transactions, you can group them together into the same SAR.

Copies: after sending the report to your local FIU (or BBF in Germany), always keep a copy. This will make it easier to retrieve the information if the FIU asks you to follow-up with further material or data.

Keep it short: don’t write an excessively long and detailed report. You are not writing a scholarly article or a PhD dissertation. Keep the narrative to maximum one page, or one page and a half if strictly necessary.

Repetitions: do not repeat information. If a client’s identity information is stated somewhere in the report, there is no need to repeat it in the narrative, unless that material is indispensable for highlighting why you believe the activity is suspicious.

Bullet points: avoid bullet points unless you are listing something. Do not write the entire narrative in bullet points as you might make your story confusing and hard to put together. You can use them to list a selection of transactions but use them sparsely throughout your document.

Shopping lists: closely connected to the previous point is providing a long list of transactions in your report. Avoid writing out lengthy and heavy “shopping lists.” Instead, try to highlight the most important transactions and summarize the remaining ones. If interested, FIUs will ask you to provide the full list of transactions in their follow-up.

Deadlines: try to avoid sending an SAR to your FIU (or BBF in Germany) beyond its 30-day submission deadline (the date can differ based on your country.) Late STRs can hinder investigations and make it harder to stop the suspicious activity or track down the felonious client. The median reporting time for an SAR was +/- 166 days.


As mentioned earlier in the article, financial institutions have the tendency to draft SARs as defensive documents against earlier mishaps and disregards. This not only decreases the value and quality of the reports, but it also does not protect banks from legal action. The filing of an SAR does not exonerate a financial institution from responsibility and regulators may continue to act against them in court if deemed necessary.

This defensive mechanism is often associated with excessive reporting. Known as “crying wolf,” SARs are often drafted for any behaviour or transaction that is even slightly suspicious without an actual investigation from the part of the financial institution just to “protect” themselves from regulators and showcase that their AML/CTF regimes are optimal.


When writing an SAR, aim for quality, not quantity. Before embarking on the actual drafting of the report, make sure to investigate if the transaction is suspicious or not. This can be done by asking for documents related to the transaction or by asking the client’s account manager if the client’s behaviour can be regarded as normal or not. However, this should not be done to instil the fear of reporting.

Understanding what an STR is, perfecting narrative, and knowing the right keywords is useless if one does not focus their attention on quality over quantity, and those elements put together are the key to writing the perfect SAR.


These articles are for informational purposes only, their content may be based on employees’ independent research, and do not represent the position or opinion of Artefaktum. Furthermore, Artefaktum disclaims all warranties in the articles’ content, does not recommend/endorse any third-party products referenced therein, and any reliance and use of the articles is at the reader’s sole discretion and risk.