The Effectiveness of Suspicious Activity Reports

Jenna Danko
Product Marketing

Blog By: Julien Mansourian, Strategy and Transformation Executive.

The purpose of an Anti-Money Laundering application is primarily to enable the reporting entities (finance-related industries) to detect and disclose any suspicious transactions above a predefined threshold (depending on jurisdictions) by compiling and submitting a SAR (Suspicious Activity Report) to FIUs (Financial Intelligence Units). The report includes information about known or suspected violations of law or suspicious activity observed by financial institutions. The number of SAR filings made to FIUs is considered a key performance indicator of the overall AML regime and its efficiency by the regulators.

As per the statistics issued by FinCEN, the reporting entities have filed more than 3 million SARs in 2017, against only 150,000 in 1996. In Europe, 1.5 million SARs were filed in 2017 across the 28 EU Member States, almost double the number received in 2006. UK, The Netherlands, Italy, Latvia and Poland are the top 5 SAR issuers in Europe. Today, we really talk about an explosion of SAR submissions and many financial organisations are currently questioning the reliability/objectivity of SAR filing.

The explosion of the SAR filings reflects a combination of increased regulatory requirements, a broader range of institutions subject to BSA/AML regulations, stronger compliance programs at financial institutions or possibly a weak detection system generating too many alerts (false negatives and false positives) analysed and promoted to cases and disclosed to the regulators.
Although, SARs have been instrumental in enabling law enforcement to initiate or supplement major money laundering or terrorist financing investigations and other criminal cases, it still represents a significant burden on budgets and earnings for financial institutions. Filing too many SARs does not mean there is a stronger detection process in place and it considerably increases the workload of compliance functions as they must deal with a combination of too many alerts, cases and consequently SARs.

In fact, many financial institutions are still missing out the real criminal activity if we look at the number of fines over the last 7 years. According to Boston Consulting Group, banks globally have paid $321 billion in fines from 2009 to 2016 for an abundance of regulatory failings from money laundering to market manipulation and terrorist financing. Although the bank penalties have decreased from 2015 onwards, the volume of SARs have considerably increased (3 million in 2017 against 1.9 million in 2015).

FinCEN and other FIUs worldwide have never disclosed what percentage of SARs result in successful prosecution. It looks like the SAR filing is a black box and nobody wants to talk about the accuracy and consistency of the filed SARs. In some organisations, filing a manual SAR takes more than 2 hours and this is a real burden for compliance functions and must immediately be automated through digitisation of the template and generalisation of E-Filing via governmental portals.

Moreover, with the growing number of cyber-attacks, regulators are considering the introduction of a new set of requirements when it comes to filing SARs, and there will be a Cyber SAR increasing the current workload of the compliance office.

In 2016, FinCEN issued some advisory notes to request reporting entities to include Cyber-Related information in their SAR templates. Additional events should be included in the form:

  1. Description and magnitude of the event
  2. Known or suspected time, location, and characteristics or signatures of the event
  3. Indicators of compromise
  4. Relevant IP addresses and their timestamps
  5. Device identifiers
  6. Methodologies used
  7. Other information the institution believes is relevant

For more information about the note, please click here.

Europol has recently published a paper outlining some key findings over the effectiveness of the FIUs in Europe:

  1. The structure of Financial Intelligence Units (FIUs), their activities, working practices, and methods of recording and analysing information vary considerably across the EU. There is limited harmonisation among EU Member States (MS) beyond the obligation to establish an FIU. This makes any comparison of the implementation and effectiveness of the EU anti-money laundering directives and the effectiveness of suspicious transaction reporting difficult, if not impossible.
  2. Just 10% of suspicious transaction reports (STRs) are further investigated after collection, a figure that is unchanged since 2006.
  3. Over 65% of reports are received by just two Member States - the UK and the Netherlands.
  4. SAR volumes are likely only to increase, in particular as virtual currency providers come into regulatory scope and services using distributed ledger technology (DLT) enter the mainstream.
  5. Between 0.7-1.28% of annual EU GDP is detected as being involved in suspect financial activity.
  6. Together banks and MSBs are the source of the majority of STRs sent to the FIUs. Certain sectors are noted for their low levels of reporting, in particular high value goods dealers and bureaux de change.
  7. Reporting on terrorist financing accounted for less than 1% of reports received by FIUs in 2013-14.
  8. The use of cash is the primary reason triggering reporting entities to report suspicion, however in Luxembourg, where cash issuance is almost double its GDP, the use of cash is not a common reason for reporting.
  9. The ‘symmetrical’ exchange of information between FIUs may prevent crucial information contained in STRs reaching authorities tasked with criminal investigations.
  10. New technology presents challenges to the current anti-money laundering framework. The increasing digitalisation of financial services results in growing volumes of transactions and extremely large data sets requiring computational analysis to reveal patterns, trends, and associations. The use of analytics is therefore becoming essential for both reporting entities and FIUs to cope with information and fully exploit its potential.
  11. The growing demand for online services and related internet payment systems poses considerable challenges to the EU policies concerning money laundering and terrorist financing. The development of borderless virtual environments call for reflection on how to adapt policies which are meant to be supervised only at national level, while the underlying business is already transnational and globalised in its own nature: there is an urgent need for a supranational overview.
  12. The integration of the FIU.net project at Europol presents an opportunity for greater operational cooperation between FIUs and law enforcement.


Financial organisations have put in place the required processes, work force and systems to prevent, detect and report suspicious activities. They indeed have increased the number of SAR filings over the last decade pushing their overall cost of compliance to the roof. In parallel, regulators have ramped up enforcement efforts concomitant with the rise in SAR filings and have fined many reporting entities.

Banks have a general sentiment of being trapped in an ocean of heavy and frequent regulations coupled with an increasing cost of compliance and impressively high cost of ownership caused by complex system implementations.

The continuing rise in SARs is an indication of the current workload in AML compliance. The majority of the SARs are produced within banking. However, there are emerging trends rising in financial institutions across the industry in particular credit institutions.

Over-reporting to mitigate regulation risk is undermining the SAR Regime and is resource-intensive for firms.

Compliance Officers should focus on improving the SAR reporting quality and its automation to eliminate the existing ocean of unproductive SARs.

To support the reporting entities in their SAR optimization journey, FIUs should redesign a global SAR template covering all jurisdictions including the same set of data requirements.

Join the discussion

Comments ( 1 )
Please enter your name.Please provide a valid email address.Please enter a comment.CAPTCHA challenge response provided was incorrect. Please try again.