Reporting SARs immediately

‍Why it matters

SARs don’t just tick a regulatory box. They help law enforcement act on real threats. Failing to report suspicion—internally or externally—can result in criminal liability for individuals and enforcement action against the firm. Supervisory authorities expect SARs to be submitted in a timely, well-documented, and compliant manner. That means having the right people, processes, and records in place.

How to report suspicious activity

1. Train your team to recognise red flags

Relevant employees must be trained to recognise potential signs of money laundering or terrorist financing. This includes understanding legal obligations, spotting suspicious behaviours, documenting concerns, and knowing how to escalate to your Nominated Officer (often called the MLRO).

2. Escalate internally first

Suspicion must first be reported internally to your Nominated Officer. If the Nominated Officer suspects money laundering or terrorist financing, they must submit a SAR to the NCA. If they’re the one with suspicion, they must report directly to the NCA.

3. Submit a high-quality SAR

Use the NCA’s SAR portal to submit your report. The SAR should clearly summarise the suspicion, include relevant identification information, and use the appropriate glossary codes. If you believe the firm needs to seek consent before completing a transaction, this should be flagged as a DAML request.

4. Know what happens next

After submission, the NCA may triage or pass the SAR to law enforcement. They won’t confirm the outcome, but they may contact you for more details. If a DAML is requested and the NCA refuses consent within 7 working days, a 31-day moratorium begins. If no further notice is given, the transaction may proceed after that period.

5. Protect confidentiality

Tipping off is a criminal offence. It includes disclosing that a SAR has been submitted or that an investigation may be underway. All discussions and records must be limited to relevant staff, securely stored, and encrypted where appropriate.

6. Keep strong records

Records of internal reports, submitted SARs, and the decision-making process must be securely stored for at least five years after the client relationship ends—or five years from the event giving rise to suspicion if no relationship is formed. You must be able to show how suspicion was raised, evaluated, and acted upon.

7. Review your AML policies and procedures

Your documented AML controls must clearly explain your internal SAR reporting process, consent requests (DAMLs), and the responsibilities of staff. Supervisory authorities may request SARs or evidence of your internal processes at any time.

Summary

Timely, clear, and well-documented SARs are essential for protecting your firm and meeting your AML obligations. Train your staff to recognise red flags, document suspicion thoroughly, escalate through the correct channels, and secure all records. Get familiar with the NCA portal, and ensure your firm’s policies reflect the need for professional judgement, confidentiality, and a consistent reporting process.

This article was summarised by the Firmcheck content team. The original content was written by an independent AML expert and is available on our blog.

‍

‍

‍