News/Resources/AML Screening/AML Reporting Explained: How SARs and STRs Work

AML Reporting Explained: How SARs and STRs Work

AML Reporting Explained: How SARs and STRs Work

AML reporting sits at the core of financial crime prevention, turning raw transaction data into actionable intelligence. Customer verification and transaction monitoring only deliver value when organisations can identify suspicious activity and investigate it properly. They must also escalate genuine concerns through formal channels such as a suspicious activity report AML process or suspicious transaction report.

Reporting terminology varies across jurisdictions, which often creates confusion for compliance teams. Some countries require SAR reporting, while others mandate STR reporting. Australia uses suspicious matter reports. Although these terms may seem interchangeable, AML reporting requirements, thresholds, and filing procedures are defined by local regulations and influence how each aml report is handled.

This guide explains how AML reporting works in practice. It covers everything from detecting suspicious transactions to filing a SAR or STR with the relevant authority. According to the United Nations Office on Drugs and Crime, up to 5 percent of global GDP is linked to money laundering each year.

Binderr Compliance Platform End-to-End AML Reporting Solution

  • Automated KYC, KYB, and AML screening in one platform
  • Real-time transaction monitoring and alert generation
  • Dynamic risk scoring for faster SAR/STR decisions
  • Centralised case management for investigations and escalation
  • Integrated audit trails and compliance reporting tools
  • Ongoing AML monitoring with instant risk alerts
  • UBO identification and ownership mapping for deeper investigations

What Is AML Reporting?

AML reporting is the process by which regulated organisations identify, assess, and report suspicious financial activity linked to money laundering, terrorist financing, or other financial crimes. It is a key part of AML compliance, ensuring risks are properly escalated and shared with authorities when needed under AML reporting requirements.

It turns data like transaction patterns and customer behaviour into useful intelligence for Financial Intelligence Units (FIUs) and law enforcement to detect and prevent financial crime through structured aml report submissions.

Try FREE AI powered AML screening with Binderr

Internal AML Reporting

Internal AML reporting is the first stage of the reporting lifecycle. It starts when staff, systems, or compliance teams identify unusual or potentially suspicious activity and raise an internal alert or internal suspicious activity report AML record.

This stage helps organisations review and assess activity before deciding if it meets the threshold for external reporting.

Examples include:

  • Transaction monitoring alerts for unusual patterns
  • Sanctions or PEP screening matches
  • Unusual customer behaviour
  • Inconsistent source-of-funds information
  • Adverse media links to financial crime
  • Concerns raised by frontline staff

Internal reporting involves documenting the alert, reviewing customer data, and assessing risk. This is usually handled through AML case management systems that track alerts and investigations in line with AML reporting requirements.

External Regulatory Reporting

External regulatory reporting occurs when the MLRO or authorised compliance officer determines that activity meets the required suspicion threshold.

The organisation then submits a formal aml report, such as a SAR, STR, or SMR, to the relevant Financial Intelligence Unit (FIU) or authority. These reports outline key details about the customer, transactions, and reasons for suspicion, helping authorities identify patterns and investigate potential financial crime.

Not every internal alert leads to a report. Each case must be reviewed carefully, and a report should only be filed when a reasonable suspicion is established under AML reporting requirements.

What Is a Suspicious Activity Report?

A Suspicious Activity Report (SAR) is a formal aml report used by regulated businesses to notify authorities of suspected financial crime. It may relate to unusual transactions, customer behaviour, or ownership concerns. Filing a suspicious activity report AML does not prove a crime. It simply reports a reasonable suspicion for further review by authorities.

What Is a Suspicious Transaction Report?

A Suspicious Transaction Report (STR) is an aml report filed when a transaction or series of transactions appears linked to money laundering or other financial crime. It is commonly used in jurisdictions like Canada, where entities must report to FINTRAC once they have reasonable grounds to suspect illicit activity. STRs have no minimum amount and can include attempted transactions under AML reporting requirements.

STRs focus on transaction patterns such as structuring, rapid fund movement, or activity inconsistent with a customer’s profile. Requirements vary by jurisdiction, so teams must follow local AML rules.

SAR vs STR: What Is the Difference?

Unpacking the nuances between SAR and STR in AML reporting can help compliance teams make faster, more accurate decisions.

Explore how suspicious activity reports and suspicious transaction reports differ across jurisdictions, thresholds, and regulatory expectations tied to AML reporting requirements.

Area

SAR

STR

Full term

Suspicious Activity Report

Suspicious Transaction Report

Typical focus

Wider suspicious conduct or activity

Completed or attempted transactions

Commonly used in

United States and United Kingdom

Canada and numerous other jurisdictions

May cover transaction patterns

Yes

Yes

May cover attempted transactions

Depending on local rules

Commonly yes

Submitted to

Relevant FIU or authorised agency

Relevant FIU or authorised agency

Proof of criminal activity required

No

No

Local rules must be checked

Yes

Yes

SAR and STR should not be presented as universally different legal instruments. In many contexts, the terms perform similar functions under different national reporting regimes.

Why Are SARs and STRs Important?

Uncovering hidden financial risks starts with understanding the power of SARs and STRs in AML reporting.

These reports play a critical role in detecting suspicious activity, strengthening compliance, and supporting global financial crime prevention efforts.

They Alert Authorities to Potential Financial Crime - Suspicious activity reports play a critical role in AML reporting by alerting authorities to potential financial crime that may otherwise go undetected. SARs and STRs provide valuable intelligence from the private sector, helping law enforcement and Financial Intelligence Units identify suspicious transactions, uncover hidden relationships, and support both new and ongoing investigations through each aml report.

They Identify Wider Criminal Networks - A single SAR or STR can reveal connections between multiple accounts, entities, beneficial owners, or jurisdictions, helping authorities map out broader criminal networks. By linking seemingly unrelated suspicious activity, AML reporting enables investigators to detect organised money laundering schemes, fraud rings, and cross-border financial crime operations.

They Support Pattern and Typology Analysis - Financial Intelligence Units use SAR and STR data to identify patterns and emerging money laundering typologies. By analysing trends across aml report submissions, authorities can detect methods involving money mules, shell companies, trade-based money laundering, digital assets, sanctions evasion, and terrorist financing.

They Demonstrate Regulatory Compliance - Effective AML reporting procedures demonstrate that an organisation is meeting its regulatory obligations. By documenting suspicious activity, conducting investigations, and filing SARs or STRs when required, businesses show they can manage financial crime risk, maintain audit trails, and comply with AML reporting requirements.

They Protect the Financial System - Timely submission of SARs and STRs helps protect the integrity of the financial system by enabling authorities to trace, freeze, or recover illicit funds where legally permitted. Strong AML reporting supports efforts to disrupt money laundering, prevent terrorist financing, and reduce the impact of financial crime.

Screen users for FREE in seconds with Binderr

Who Is Required to File SARs or STRs?

From banks to fintechs, a wide range of regulated entities play a critical role in AML reporting and financial crime prevention. Understanding SAR and STR filing obligations helps compliance teams meet AML reporting requirements and strengthen suspicious activity report AML frameworks.

In most jurisdictions, any business classified as a “reporting entity” or “obliged entity” must file an aml report when they detect activity that meets the legal threshold for suspicion.

Financial Institutions

Traditional financial institutions are key reporters of suspicious activity, including:

  • Commercial banks and credit unions
  • Investment firms and broker-dealers
  • Asset managers and hedge funds
  • Insurance companies and pension providers

They handle large transaction volumes and must maintain strong AML systems to detect and report suspicious activity promptly.

Fintech and Payment Providers

Modern providers such as PSPs, EMIs, digital wallets, and BNPL platforms are also subject to AML rules. As they scale globally, regulators expect automated monitoring and real-time detection of suspicious activity. They must also implement robust customer verification and transaction screening processes.

Money Services Businesses (MSBs)

MSBs, including remittance firms, currency exchanges, and check cashers, are high-risk due to fund transfers. They must monitor for unusual patterns and report suspicious activity. Strong recordkeeping and customer due diligence are essential for compliance.

Crypto and Virtual Asset Service Providers (VASPs)

Crypto businesses like exchanges and wallet providers must monitor blockchain activity and report potential money laundering or sanctions risks. They are also expected to comply with travel rule requirements and enhanced monitoring controls.

Designated Non-Financial Businesses and Professions (DNFBPs)

Non-financial sectors such as lawyers, accountants, real estate agents, casinos, and high-value goods dealers must also report suspicious activity due to their exposure to financial crime risks. These sectors must apply risk-based controls tailored to their specific services and client interactions.

Internal Responsibility and Governance

The MLRO or compliance officer typically decides whether to file a SAR or STR. Employees escalate concerns internally, but the regulated entity remains responsible for reporting. Clear internal policies and training help ensure consistent escalation and decision-making.

Understanding these roles helps ensure effective AML compliance and timely reporting.

How Does the SAR and STR Reporting Process Work?

From first alert to final submission, every step in the AML reporting process plays a critical role in uncovering financial crime.

Understanding the SAR and STR workflow helps compliance teams manage suspicious activity reporting, investigation, escalation, and regulatory filing with confidence.

Step 1: Detect Unusual Activity

Detecting unusual activity is the first and most critical stage in the AML reporting process. Compliance teams rely on a combination of automated transaction monitoring systems and manual oversight to identify behaviours that deviate from a customer’s expected profile. 

These systems analyse patterns such as transaction size, frequency, geography, and counterparties to flag potential money laundering or terrorist financing risks. Early detection strengthens AML compliance by enabling faster escalation and reducing exposure to financial crime.

Suspicious activity may be identified through:

  • Transaction monitoring
  • Customer or business screening
  • Sanctions and PEP checks
  • Adverse media monitoring
  • Employee observations
  • Customer complaints
  • Law enforcement enquiries
  • Periodic customer reviews
  • Changes in ownership or control

Screening is often the starting point for identifying customer-related financial crime risk. Binderr enables compliance teams to screen individuals and organisations using names, aliases, dates of birth, countries, and existing entity records. These additional identifiers can help improve match accuracy and reduce unnecessary false positives during AML investigations.

Uploaded image

Step 2: Create and Prioritise an Alert

Once unusual activity is detected, an internal alert must be created and prioritised based on risk. Effective AML compliance programmes use case management systems to ensure alerts are documented consistently and escalated appropriately. Prioritisation helps compliance teams focus on high-risk cases that may require immediate investigation or regulatory reporting, improving the efficiency of suspicious activity reporting workflows.

The alert should record:

  • Why the activity was flagged
  • Relevant customer details
  • Transactions involved
  • Risk indicators
  • Date and time of detection
  • Alert priority
  • Connected parties or accounts

Step 3: Investigate the Activity

The investigation stage involves a structured review of all relevant customer and transaction data to determine whether the activity is suspicious under AML reporting requirements. Investigators assess whether the behaviour aligns with the customer’s known profile, business activities, and risk rating, while also considering potential red flags such as unusual transaction flows or unexplained sources of funds. A thorough AML investigation ensures that decisions to escalate or file a suspicious activity report are based on clear, documented evidence.

The investigator should review:

  • KYC and KYB records
  • Customer risk rating
  • Transaction history
  • Expected account activity
  • Source of funds and source of wealth
  • Beneficial ownership
  • Screening results
  • Previous alerts or reports
  • Related accounts and counterparties
  • Customer explanations where appropriate

During an AML investigation, analysts need enough context to distinguish genuine risk from a false positive. Binderr brings the relevant hit type, classification, source, risk level, political exposure, and related jurisdiction into one review screen. Each result can then be classified as true, false, or potential, creating a documented outcome that can support further due diligence, internal escalation, or an MLRO review. 

Uploaded image

Step 4: Escalate the Case Internally

When AML reporting concerns remain unresolved after investigation, the case should be formally escalated to the MLRO, nominated officer, or another authorised decision-maker within the compliance function. This escalation is a critical part of the AML escalation process, ensuring that potential suspicious activity is reviewed at the appropriate level before any SAR reporting or STR reporting decision is made.

The escalation package should be structured, evidence-based, and easy to review. It should include a factual case summary, relevant transaction data, supporting documents, screening results, investigator findings, key risk indicators, recommended next steps, and any immediate transaction concerns. A well-prepared escalation supports faster decision-making and strengthens the overall AML reporting procedure.

Step 5: Decide Whether the Reporting Threshold Is Met

At this stage, the MLRO or authorised compliance officer must assess whether the facts meet the jurisdiction-specific AML reporting requirements and threshold for filing a suspicious activity report or suspicious transaction report. This decision is based on reasonable grounds to suspect, not proof of financial crime.

The MLRO should determine whether the activity is unusual but explainable, whether additional due diligence is required, whether the customer risk rating should be increased, and whether a reportable suspicion exists. They must also consider if urgent action is needed, whether separate sanctions or fraud reporting applies, and whether the business relationship should continue, be restricted, or be exited. Every decision, whether to file or not, must be clearly documented with a defensible rationale for audit and regulatory review.

Step 6: Prepare the SAR or STR

Once the reporting threshold is met, the next step in the AML reporting workflow is to prepare a complete and accurate SAR or STR. This involves compiling all relevant information in a structured format that aligns with FIU reporting expectations and supports effective financial intelligence analysis.

Key details should include the subject, connected persons and entities, transactions, accounts or wallets, dates and amounts, relevant locations, and a clear reason for suspicion. Supporting evidence and references to previous related reports should also be included. High-quality SAR reporting or STR reporting ensures that authorities can understand the context, identify patterns, and take appropriate action.

Step 7: Submit the Report Through the Official Channel

The final step is to submit the suspicious activity report or suspicious transaction report through the appropriate official FIU reporting system. Each jurisdiction has its own authorised platform, and compliance teams must follow local AML reporting requirements when filing.

Examples include FinCEN’s BSA E-Filing System in the United States, the NCA SAR Portal in the United Kingdom, FINTRAC’s electronic reporting systems in Canada, and AUSTRAC Online in Australia. Timely and accurate submission is essential to meet regulatory deadlines and support effective financial crime reporting.

Step 8: Continue Monitoring and Maintain Records

After filing, AML reporting obligations do not end. Organisations must continue monitoring the customer for ongoing suspicious activity and update the customer risk profile where necessary. Enhanced due diligence may be required, particularly for high-risk customers or complex cases.

Compliance teams should also preserve all supporting documentation, restrict internal access to the report to prevent tipping off, respond to lawful information requests, and reassess the business relationship. Ongoing monitoring and proper recordkeeping are essential components of a robust AML reporting framework and help ensure continued compliance with regulatory expectations.

Streamline AML Reporting Process

  • Automates alert detection and prioritisation
  • Centralises investigations with case management tools
  • Integrates KYC, KYB, and AML data in one workflow
  • Enables faster MLRO decision-making with risk scoring
  • Maintains full audit trails for compliance
  • Supports continuous monitoring post-reporting

What Information Should a SAR or STR Include?

Every detail matters when turning suspicion into actionable financial intelligence.
Understanding the key elements of SAR and STR reporting ensures clarity, compliance, and stronger AML investigations.

Question

Information to Include

Who?

Customer, beneficial owner, counterparty, connected entity, director, signatory, or wallet owner

What?

Transaction, attempted transaction, activity, product, account, asset, or behaviour

When?

Transaction dates, detection date, review period, and relevant timeline

Where?

Branch, platform, jurisdiction, account, IP location, wallet, or payment route

Why?

Facts and indicators that created the suspicion

How?

Method used to move, conceal, structure, convert, or access the funds

What Happens After a SAR or STR Is Filed?

After a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR) is submitted, it becomes part of the Financial Intelligence Unit’s (FIU) broader analysis process. Filing a report does not usually trigger an immediate response, as the FIU reviews it alongside many others to identify patterns and potential risks.

Possible next steps include:

  • The report is stored in a central database for analysis
  • It may be linked to other reports or investigations
  • The FIU could request additional information
  • Relevant intelligence may be shared with authorised agencies
  • Law enforcement may use it to support investigations
  • The organisation continues monitoring the customer
  • Further reports may be filed if activity continues
  • The customer relationship may be reassessed

Filing a SAR or STR is not the end of the process. Ongoing monitoring, documentation, and risk assessment remain essential.

Businesses should also not assume that filing a report allows them to proceed with or block transactions. Any such actions must follow local AML laws and regulations.

Binderr End-to-End Compliance Platform

  • KYC identity verification with biometric checks
  • KYB business verification with global registry access
  • UBO identification and ownership mapping
  • AML screening and continuous monitoring
  • Dynamic risk assessment and scoring
  • Full audit trails and compliance reporting

Bottom Line

Effective AML reporting requires more than identifying unusual transactions. Organisations need a structured process covering detection, investigation, escalation, and accurate reporting, supported by clear audit trails and strong controls. Maintaining confidentiality and proper recordkeeping is essential for compliance and supporting investigations.

Reporting requirements vary by jurisdiction, so teams must understand local rules on thresholds, deadlines, and FIU submissions. Aligning internal processes with these requirements helps ensure consistent and compliant reporting.

Binderr Compliance brings customer verification, AML screening, risk scoring, UBO checks, ongoing monitoring, and audit-ready compliance workflows into one platform.

Get Smarter compliance. Verify & monitor clients fast.

FAQs - AML Reporting: SARs and STRs

Who decides whether to file a SAR?

Does a suspicious transaction need to exceed a minimum amount?

Can an attempted transaction require an STR?

How quickly must a SAR be filed?

What information should a SAR narrative contain?

Can a customer be told that a SAR was filed?

Should a business close an account after filing a SAR?

Can multiple SARs be filed for the same customer?

How long should SAR records be retained?

Can AML software file SARs automatically?

Mohammad Humaid

Article written byMohammad Humaid

Mo leads marketing and growth at Binderr, where he’s building a global marketplace that connects businesses with trusted partners and corporate service providers. Previously, Mo contributed to the growth of leading brands such as Wise (formerly TransferWise), Revolut and Binance, driving their expansion across Europe and APAC region. With a background spanning Fintech, Blockchain, Web3 and SaaS, Mo focuses on building brands that scale globally with compliance, trust and transparency.