Suspicious Activity Report (SAR) for Crypto Regulatory Compliance


What is a SAR?

A SAR (Suspicious Activity Report) is a filing to a financial intelligence unit of suspected illicit activity.

What triggers a SAR?

Suspicious Activity Reports are triggered by suspected illicit activity being picked up by a financial institution, money services business, crypto exchange or other obliged entity. Examples include monetary thresholds, insider abuse of any kind, suspected money laundering, suspected terrorism financing, computer hacks or suspected fraud and more.

What monetary amounts trigger a SAR?

SAR thresholds are triggered according to the relevant regulatory authority, commonly being a financial intelligence unit (FIU). For example, in the United States, the FIU FinCEN has the reporting requirement of if the daily aggregate exceeds $2,000 for a Money Services Business (MSB) – a category most crypto asset businesses in the U.S. fall under – in line with the Bank Secrecy Act. 

What are the FATF Red Flag Indicators?

The Financial Action Task Force (FATF), as the global anti-money laundering watchdog, has created a report titled the Virtual Assets Red Flag Indicators of Money Laundering and Terrorist Financing, which outlines the red flags associated with transactions, transaction patterns, anonymity, senders recipients, source of funds or wealth and the geographical risks. 

It should be noted that the SAR requirements for crypto asset businesses or financial institutions facilitating trade in crypto assets are different from the traditional system due to the nature of crypto assets themselves. This includes assets built to obfuscate the source and destination of funds such as so-called privacy coins, mixers and tumblers, etc.

Deciding to file a SAR

Deciding when to file a SAR should be weighed against the red flags that the client is demonstrating. Below is a (very) brief diagram of the analysis that a compliance officer must undertake when considering filing a report.


Who can submit a Suspicious Activity Report?

Actually, anyone. 

In Hong Kong, for instance, everyone has a duty to report suspicious financial activity and failure to submit a SAR to the territory’s FIU can land a person with a 3-month prison sentence and a 50,000 HKD fine. 

Usually, SARs are submitted by organizations in the financial industry dealing with large volumes of funds. 

What are suspicious transactions?

Suspicious transactions are registered by a financial institution or crypto asset business when a customer’s behaviour demonstrates unusual activity such as transactions that are being passed through multiple accounts to obfuscate their original source and end destination (i.e. money laundering), a client whose account is typically dealing with small sums that suddenly appears to be dealing with large ones and a whole host of other events that signal a change in behaviour. 

For example, Marian is a client at XYZ bank. She has maintained her account for almost six years and has an established account history with predictable behaviour. Each month, she deposits $3,000 into the account and purchases a major equity index. One day, she begins to receive weekly transfers of $6,000 to her account. Nearly as soon as the funds hit the account, it is sent out. This change in behaviour is unusual for Marian’s account and historic activity. The bank could consider this change to be suspicious activity and subsequently file a SAR.

What information goes into a Suspicious Activity Report?

Each FIU SAR filing system needs subtly different pieces of information, however, many follow very similar outlines of information. FinCEN’s BSA E-Filing System requires 5 distinct fields of information:

  1. Personal info: Name, Address, Social Security No., DoB, etc. 
  2. The event’s date, and code of incident category
  3. Info about the obliged entity of where the event took place
  4. Contact details of the obliged entity
  5. A written description is created to give context to the event

What happens after a Suspicious Activity Report is filed to an FIU?

The information in the SAR is reviewed again by agents of the FIU that decide if the intelligence is valuable and/or actionable with a completed report of all findings and results (i.e. relation to potential ongoing cases) taken from the SAR. If it is determined that the intelligence is actionable, law enforcement or a regulatory agency can take up the case.

What happens if I fail to submit a SAR?

Failure to submit SARs to the relevant FIU will land a business’ stakeholders with a fine, and in some cases, prison. If the non-compliance with laws such as the Bank Secrecy Act in the U.S. is deemed to be systemic, penalties are harsher. 

In addition, disclosure to the customer that a SAR has been filed on their account will also lead to serious penalties.

Where and how are SARs filed?

Filing of SARs is with the Financial Investigative Unit (FIU) of a respected nation state. Whilst different FIUs have different reporting requirements, most follow a similar line and many – especially those of member states of the Financial Action Task Force (FATF) – take their cue from the FATF Red Flag reports for virtual assets.

Different financial intelligence units have different reporting information and portals, such as the U.S.’s FinCEN BSA E-Filing System, Hong Kong’s JFIU STREAMS and Switzerland’s MROS goAML.

The best blockchain analytics tools for creating SARs

There are many red flags associated with crypto asset SAR reporting requirements and this operational risk must be managed with comprehensive systems that are able to follow global guidelines laid out such as the FATF’s Recommendation 16 – i.e. the Travel Rule, transnational guidelines such as the EU’s AMLD5 and national guidelines such as the U.S.’ Bank Secrecy Act. 

In addition to the varied FIUs for each jurisdiction, the crypto asset industry involves stakeholders conducting financial activities that are not found in the traditional markets (or are reserved for privileged actors). This includes decentralized exchanges (DEXes) operators, non-fungible tokens (NFTs) markets operators, liquidity providers, miners, node operators, etc.

And false flags – where a change in behaviour turns out to be a non-event – are another serious issue in compliance departments of obliged entities such as crypto exchanges and financial institutions, owing to high-resource intensity. 

With solutions such as Coinfirm’s AML Platform, however, these issues are negated as transactions and activity with high-risk thresholds that trigger a SAR reporting requirement are automatically brought to a compliance professional’s attention with a comprehensive Risk Report providing all the needed information to file a SAR and gain a deeper understanding of a client or counterparty’s exposure to risk.