blog

Suspicious Activity Report (SAR) – how financial institutions detect and report suspicious activity

Written by Partisia | 2025.09.13
 
Suspicious Activity Reports (SARs) are the backbone of anti-money laundering (AML) and counter-terrorist financing (CTF) supervision. They provide financial intelligence units (FIUs) with the data they need to identify potential criminal activity, detect patterns, and trace illicit funds.

In the EU, SAR obligations stem from AMLD6 and the EBA AML Guidelines, while globally they align with FATF Recommendations 20 and 23. Each institution must maintain systems to detect suspicious behavior, document the rationale, and submit reports to authorities in a timely and traceable manner.

Today, technology plays a decisive role in making SARs effective — automating detection, standardizing reporting formats, and protecting sensitive data.

Purpose and function of SARs

A Suspicious Activity Report is not an accusation of crime — it’s a disclosure of potential risk. SARs allow financial institutions to alert regulators to unusual or unexplained transactions that may indicate money laundering, fraud, or terrorist financing.

In practice, SARs serve three purposes:

  • Detection: flagging patterns inconsistent with a customer’s profile.
  • Prevention: halting suspicious transactions before funds are moved or withdrawn.
  • Investigation: supporting law enforcement with structured intelligence for follow-up actions.

Effective SAR processes connect directly to the wider financial crime detection ecosystem, complementing Customer Due Diligence (CDD) and Suspicious Activity Monitoring frameworks.

What financial institutions must report

Regulatory definitions of “suspicious activity” vary, but the core indicators remain consistent across FATF, EBA, and national FIUs. Institutions must report:

  • Unusual transaction patterns not aligned with customer risk profiles.
  • Large or rapid transfers to high-risk jurisdictions.
  • Structuring or layering activity designed to conceal transaction origins.
  • Sudden changes in transaction behavior following onboarding or due diligence updates.
  • Linked accounts or counterparties showing shared identifiers across entities.

According to the FATF Recommendations, institutions must file SARs “promptly” and ensure accuracy, traceability, and internal escalation before submission.

How technology improves SAR detection and reporting

Manual SAR reporting once relied on subjective judgment and static rule-based systems. Modern compliance technology has transformed this process through automation, analytics, and integration.

Key technological improvements include:

  • Automated anomaly detection – Machine learning models identify unusual activity across multiple data sources.
  • Integrated case management – Links customer data, transactions, and prior alerts for a full risk picture.
  • Natural language generation – Drafts SAR narratives consistently across cases.
  • Cross-border coordination tools – Enable secure collaboration with FIUs and peer institutions.
  • Audit and traceability systems – Provide full visibility into data lineage for regulators.

Related: Read [Financial Crime Detection] for how analytics strengthen real-time monitoring, and See [FATF Compliance Technology] to understand how automation enables regulatory performance.

Supervisory expectations under EBA and FATF

Regulators no longer accept SAR volume as a success metric — they assess quality, timeliness, and systemic insight.
Under EBA AML Guidelines, institutions must demonstrate that their SAR processes are:

  • Data-driven: using verifiable analytics rather than manual suspicion.
  • Risk-based: focused on higher-risk customers and activities.
  • Governed: supervised by senior compliance officers with documented decision-making processes.
  • Auditable: maintaining complete evidence trails for each report.

The FATF’s mutual evaluation process reviews not only whether SARs are filed, but whether they lead to meaningful law enforcement outcomes — the measure of true compliance effectiveness.

Common challenges in SAR operations

Despite digital tools, SAR filing remains one of the most resource-intensive compliance functions. Institutions face challenges such as:

  • Data fragmentation: incomplete visibility across systems and jurisdictions.
  • False positives: excess alerts from outdated rules-based detection.
  • Privacy constraints: limitations on cross-border data exchange under GDPR.
  • Inconsistent reporting standards: differing FIU formats and expectations across countries.

The EBA Financial Crime Risk Framework highlights SAR harmonization as a key priority for 2025–2026, aiming to standardize submission across EU jurisdictions.

“The effectiveness of a SAR program depends not on how many reports you file, but how relevant and usable those reports are. Regulators want intelligence, not paperwork.”
- William Morris, Lead Enterprise Account Executive - UK


This shift from procedural compliance to intelligence-led reporting defines the new standard for AML performance.

Partisia’s perspective

SARs require collaboration between banks, fintechs, and regulators — yet this cooperation often conflicts with data privacy and jurisdictional boundaries. Partisia’s privacy-preserving data collaboration platform allows institutions to analyze, correlate, and file SARs collaboratively without exposing sensitive customer information.

Using Partisia MPC-technology, financial institutions can:

  • Combine transaction intelligence across entities securely.
  • Produce consistent SARs across jurisdictions while maintaining GDPR compliance.
  • Support FIUs and regulators with encrypted, verifiable data insights.

Partisia enables a new generation of SAR compliance — intelligent, privacy-safe, and regulator-ready.
View full post