How to write the perfect “Suspicious Activity Reports” (SAR)?

Suspicious Activity Reports (SAR) drafted by financial institutions contain some of the most valuable information available to law enforcement agencies in the fight against financial crime. Yet, the FinCEN Files scandal of 2020 has shown that major banks have consistently failed to write and submit proper reports over the years. What can we learn from their mistakes to be able to compose the perfect SAR?

In 2018, more than 2.100 SARs leaked from the U.S. Treasury’s Financial Crimes Enforcement Network (FinCEN), exposing their weaknesses and insensitivities.  Known as the FinCEN Files, the wrongdoing exposed by Buzzfeed News and the International Consortium of Investigative Journalists (ICIJ) demonstrated how an ineffective SAR regime pushed major global financial institutions to facilitate money laundering, drug trafficking, terrorism, and Ponzi schemes.
The way SARs are handled are often riddled with basic errors. Elements such as narrative, keywords, objective, and timing of submission can make a real difference in the quality of the reports. FinCEN Files have highlighted how SARs were often submitted too late, with incomplete information, and for the wrong reasons.

Law enforcement agencies and financial intelligence units (FIU) are flooded with poor quality reports, making it burdensome or near impossible to handle them with the attention they deserve. So, what makes a perfect SAR?



What is an SAR and what it is not

Before diving into the technical aspects of how to write a perfect Suspicious Activity Report, one must first understand what an SAR is and what it is not.

An SAR is a short document drafted by a financial institution to report a suspicious behaviour or transaction by part of a client. If a person is suspected of being implicated in a form of financial crime, the report should briefly explain the identity of the person and a short narrative describing the transaction or the behaviour that is deemed suspicious.

An SAR is not a defensive document used for backside covering, meaning they don’t exist to appease authorities, make your financial institution look good, or to avoid fines. Reporting a suspicious behaviour should be a proactive activity to stop the flow of dark money, not to shield a bank from past mistakes or negligence.



Suspicious Transaction Report (STR) and an Unusual Transaction Report (UTR) are interchangeable terms used for an SAR. A Currency Transaction Report (CTR), on the other hand, is a form that must be filled by a bank representative when a currency transaction of more than $10.000 is executed by a client. They are mandatory in the United States but have also been adopted in various forms in other territories. A CTR must no be sent to the local FIU but can evolve into an SAR if the activity is thought as suspicious.


How do you construct a narrative for an SAR?

SARs are read by analysts in national FIUs who must try to understand who your client is and why the transaction he/she performed is suspicious. To avoid the mistake of writing a confusing or incomplete report that has little use, put yourself in the shoes of the reader.

To help you write a better narrative for your STRs, use the 5 W’s:

  1. Who: Incorporate the necessary information on the identity of the person/s that you are reporting on. This includes their name, address, job title, date of birth, and account number. If a pet store employee is dealing in transactions that are beyond their income, or a nineteen-year-old is handling millions of euros, this can help the FIU analyst to quickly pinpoint thesuspicious behaviour. For companies, make sure to list the identities of the UBOs.
  2. When: Add the precise date of when the suspicious behaviour occurred. If it happened over a span of time, write out the timeline of events. If the activity involved multiple withdrawals at an ATM, give the precise hours of each withdrawal. This will help the FIU analyst get a better sense of how the suspicious activity evolved.
  3. Where: If applicable, be sure to include the location of where the suspicious action took place such as the address of the branch or of the ATM. A person who lives in one town but goes to another town to withdraw cash or goes to multiple branches to deposit cash can help FIU analysts spot the warning signs of an illegal activity.
  4. What: Detail what happened that made you think that the activity was suspicious. List the various steps of the transaction/s and/or cash withdrawals/deposits. This is where the FIU analyst will truly understand what happened. Be concise but don’t leave out necessary details and make sure to add how the activity was flagged – monitoring tool,lookback, etc.
  5. Why: Explain why you think the behaviour is suspicious. List the reasons: money laundering, tax evasion, funnel account, etc. This will help the FIU analyst in categorising your report. FIUs like FinCEN want you to use keywords to help flag the type of activity you are reporting on.Their list of keywords can be helpful to any financial institutions around the world.


Do’s and don’ts of a Suspicious Activity Report

Now that you are aware of what constitutes a good narrative for an STR, let’s look at what makes a Suspicious Activity Report stand out and what doesn’t.



  • Keep it simple:use an active tense when writing your report. Be sure to use simple words and concise concepts. Don’t go overboard with technical concepts and always write out any acronyms.
  • Quotes:if the client had a conversation with a staff member of the bank, you may quote him/her if you believe that it adds to the narrative or accentuates his/her suspicious behaviour. However, do not twist his/her words or add non-existent meaning to them. Use quotes sparsely and only if necessary.
  • Confidentiality:keep your reports confidential. Do not distribute them, talk about them with colleagues that don’t need to be aware of the document, refer to them when talking to a client, or menace a client with them. Only a handful of closely connected people such as the compliance or AML departments must know about the reports.
  • Connections:do state any connections that your client may have with another client performing shady business in the same financial institution. Be clear on how they are connected and try to find out if the connection is behaving in the same way. If you discover an ensemble of people executing the same dubious transactions, you can group them together into the same SAR.
  • Copies:after sending the report to your local FIU, always keep a copy. This will make it easier to retrieve the information if the FIU asks you to follow-up with further material or data.



  • Keep it short:don’t write an excessively long and detailed report. You are not writing a scholarly article or a PhD dissertation. Keep the narrative to maximum one page, or one page and a half if strictly necessary.
  • Repetitions:do not repeat information. If a client’s identity information is stated somewhere in the report, there is no need to repeat it in the narrative, unless that material is indispensable for highlighting why you believe the activity is suspicious.
  • Bullet points:avoid bullet points unless you are listing something. Do not write the entire narrative in bullet points as you might make your story confusing and hard to put together. You can use them to list a selection of transactions but use them sparsely throughout your document.
  • Shopping lists:closely connected to the previous point is providing a long list of transactions in your report. Avoid writing out lengthy and heavy “shopping lists.” Instead, try to highlight the most important transactions and summarize the remaining ones. If interested, FIUs will ask you to provide the full list of transactions in their follow-up.
  • Deadlines:try to avoid sending an SAR to your FIU beyond its 30-day submission deadline (the date can differ based on your country.) Late STRs can hinder investigations and make it harder to stop the suspicious activity or track down the felonious client. FinCEN Files showed that the median reporting time for an SAR was 166 days with Barclay’s median being 1.205 days.


Quality vs quantity

Financial Intelligence Units are swamped with STRs and are unable to sift through them in an efficient manner. Between 2011 and 2017, FinCEN received over 12 million SARs from financial institutions.

As mentioned earlier in the article, financial institutions have the tendency to draft SARs as defensive documents against earlier mishaps and disregards. This not only decreases the value and quality of the reports, but it also does not protect banks from legal action. The filing of an SAR does not exonerate a financial institution from responsibility and regulators may continue to act against them in court if deemed necessary.

This defensive mechanism is often associated with excessive reporting. Known as “crying wolf,” SARs are often drafted for any behaviour or transaction that is even slightly suspicious without an actual investigation from the part of the financial institution just to “protect” themselves from regulators and showcase that their AML/CTF regimes are optimal. However, 90% of all STRs have no immediate value with only 10% leading to an investigation by FIUs.
When writing an SAR, aim for quality, not quantity. Before embarking on the actual drafting of the report, make sure to investigate if the transaction is suspicious or not. This can be done by asking for documents related to the transaction or by asking the client’s account manager if the client’s behaviour can be regarded as normal or not. However, this should not be done to instil the fear of reporting.

Understanding what an STR is, perfecting narrative, and knowing the right keywords is useless if one does not focus their attention on quality over quantity, and those elements put together are the key to writing the perfect SAR.


By Stefano Siggia, July 26, 2021, Published on Pideeco

Recent Posts