Writing Effective SARs and STRs for Your FIU

Anqa Compliance — Free AML Training Series | FATF R.20 & R.21 | Certificate on Completion

Page 1 of 7

Course Overview

What You Will Learn

  • The five-element framework for writing a high-quality STR/SAR: Who, What, When, Where, Why
  • The tipping-off prohibition under FATF R.21 — what it covers and why it matters
  • The safe harbour for good-faith STR filers — protection from civil and criminal liability
  • The six-step internal escalation process from TM alert to MLRO decision
  • Why SAR quality matters more than SAR quantity — and what FATF says about defensive filing
  • Common SAR deficiencies identified in FATF mutual evaluation reports
  • African FIU landscape: FRC Kenya, NFIU Nigeria, FIC South Africa, and others

The SAR Is the Last Line of Defence

Transaction monitoring detects unusual patterns. CDD identifies who the customer is. The STR/SAR is what turns internal detection into actionable intelligence for law enforcement. A well-written, timely, specific SAR can be the difference between a prosecution and a closed investigation. A formulaic, generic, or delayed SAR is practically useless.

FATF's Position on SAR Quality

FATF explicitly discourages "defensive filing" — filing large numbers of low-quality SARs primarily to demonstrate compliance rather than to report genuine suspicion. Defensive filing overwhelms FIUs and degrades the intelligence system. Quality always beats quantity.

Course Structure

Module 1: The 5 Ws Framework

Who, What, When, Where, Why (and How) — the structure of a high-quality STR and what each element must contain

Not started

Module 2: Tipping-Off & Safe Harbour (R.21)

The absolute prohibition on disclosing STR filings, what tipping-off covers, and the safe harbour for good-faith reporters

Not started

Module 3: Internal Escalation Process

Six-step process from alert to MLRO decision, MLRO authority, documenting non-filing decisions

Not started

Module 4: SAR Quality vs Quantity

High-quality SAR characteristics, common deficiencies from FATF evaluations, defensive filing, and narrative writing

Not started

Module 5: African FIU Landscape

EGMONT Group, key African FIUs, FIU feedback mechanisms, and what happens to your STR after you file it

Not started
Page 1 of 7Course Overview

Module 1: The 5 Ws Framework for STR Writing

Why Structure Matters

An STR/SAR is a piece of intelligence. Like any intelligence report, it must be clear, complete, specific, and actionable. FIU analysts reviewing hundreds of reports need to immediately understand what happened, who was involved, and why the FI found it suspicious. Vague narratives waste FIU time and may result in the case being deprioritised.

The 5 Ws framework provides a structure for building a complete STR narrative. Every high-quality SAR answers all five questions.

The 5 Ws (Plus How)

WHO

Full identification of the subject(s): name, date of birth, address, account numbers, national ID, occupation. Relationships to other persons or entities involved. Any known aliases or alternative identifications.

WHAT

What suspicious activity was identified? Describe transactions specifically — amounts, currencies, instruments, transaction types. Use concrete facts, not conclusions. "Received USD 45,000 in three cash deposits" not "unusual cash activity."

WHEN

Dates and times of specific transactions. Duration of the suspicious pattern. When was it first observed? When did the pattern begin relative to account opening?

WHERE

Branch or channel where the activity occurred. Countries and payment systems involved. Counterparty locations — where did funds come from and where did they go?

WHY

The critical section. Why is this suspicious? Articulate the specific grounds — connect observed activity to known typologies or red flags. "Transaction inconsistent with stated occupation" is better than "appeared unusual." This is what makes the report actionable.

HOW

How was the activity carried out? The mechanics — payment rails used, accounts involved, intermediaries, any unusual routing. This supports the FIU analyst in tracing the flow of funds.

The "Why" Section: What Good Looks Like

The Why section separates useful STRs from useless ones. Compare these two approaches:

Weak "Why" — Do Not Use

"The transactions appeared unusual and did not match the customer's expected profile. The account activity raised concerns among the compliance team."

This provides no actionable intelligence. The FIU cannot tell from this what specifically was suspicious, why it might indicate ML/TF, or what they should investigate.

Strong "Why" — Model to Follow

"The subject, a retail shop owner with a declared annual turnover of approximately USD 120,000, received six international wire transfers totalling USD 890,000 over 45 days from three companies incorporated in BVI. The funds were transferred onwards within 24 hours to two accounts in Dubai, UAE. No invoice or commercial documentation was provided when requested. This pattern is inconsistent with the subject's declared business and is consistent with layering of criminal proceeds through a trade-finance facade."

Page 2 of 7Module 1

Module 2: Tipping-Off & Safe Harbour (FATF R.21)

The Tipping-Off Prohibition (R.21(a))

"Financial institutions, their directors, officers, and employees are prohibited by law from disclosing the fact that an STR or related information is being or has been filed with the FIU."

This prohibition is absolute. It applies:

  • Before the STR is filed (while the investigation is ongoing).
  • At the time of filing.
  • After filing — you cannot later tell the customer an STR was filed about them.
  • To the subject of the STR and to any third party connected to the subject.
  • To the report itself and to any related investigation or review.

Why Is Tipping-Off Dangerous?

If a subject knows an STR has been filed about them, they may:

  • Abscond before law enforcement can act.
  • Destroy evidence.
  • Move or dissipate assets before they can be frozen.
  • Alert co-conspirators.
  • Construct a false alibi or explanation.

Common Tipping-Off Scenarios to Avoid

  • A relationship manager tells a customer: "We had to flag your account for compliance review."
  • A teller mentions that a transaction "had to be reported."
  • A compliance officer emails the account manager noting "we've filed an STR on this one."
  • A staff member warns a friend or family member that their transactions have been reported.

All of the above are potential tipping-off offences — criminal in most jurisdictions.

The Safe Harbour Provision (R.21(b))

As a counterbalance to the mandatory reporting obligation, R.21 provides a critical protection for FIs and their staff who file STRs in good faith:

"Financial institutions, their directors, officers, and employees are protected by law from criminal and civil liability for any breach of any restriction on disclosure if they report their suspicions in good faith to the FIU."

What the Safe Harbour Covers

  • Protection from civil lawsuits by the subject of the STR (who might otherwise sue for defamation, breach of contract, or breach of data protection obligations).
  • Protection from criminal prosecution.
  • Protection from administrative sanctions.

The Good Faith Requirement

The safe harbour applies only to good faith reporting. Filing a malicious or fabricated STR to damage a competitor or cause harm to a customer would not attract safe harbour protection. The standard is that the filer genuinely believed there were reasonable grounds for suspicion.

Page 3 of 7Module 2

Module 3: The Internal Escalation Process

Six-Step Process: Alert to STR

Best practice internal escalation (aligned with FATF R.18 — internal controls) follows a six-step process:

  1. Detection. TM system alert, staff observation, counterparty notification, or third-party intelligence triggers a review. Alert recorded in the case management system.
  2. First-line review. Account manager or AML analyst conducts initial review. Reviews transaction history, customer profile, open-source information. Decision: close as false positive (with documentation) or escalate.
  3. Compliance team investigation. Alert escalated to the AML/compliance team for deeper investigation. Additional data gathered: linked accounts, payment counterparties, adverse media, sanctions screening results.
  4. Case file preparation. Compliance analyst prepares a complete case file with all relevant facts, transaction chronology, customer information, and preliminary assessment of typology match.
  5. MLRO review and decision. MLRO reviews the case file. Makes the definitive and final decision: file an STR or close with documented reasons.
  6. STR filing or documented closure. STR filed with the FIU promptly if grounds for suspicion exist. Or case closed with clear documentation of the reasoning. No tipping-off at any stage.

Documenting the Non-Filing Decision

If the MLRO decides NOT to file an STR, this decision must be documented as carefully as a filing decision. The documentation should include:

  • Summary of the suspicious indicators that triggered the review.
  • The MLRO's analysis of those indicators.
  • The specific reasons why suspicion was not confirmed (e.g., "customer provided invoice documentation consistent with stated business"; "transaction was consistent with historical behaviour pattern").
  • The MLRO's name and the date of the decision.

A well-documented non-filing decision protects the FI in a regulatory examination. An undocumented closure is a finding waiting to happen.

Private Sector Information Sharing

FATF's November 2017 guidance on Private Sector Information Sharing supports FIs sharing financial intelligence with each other for AML/CFT purposes where legally permitted. This allows banks to enrich STRs with intelligence from other institutions — improving report quality and supporting typology identification. Several jurisdictions in Africa have established or are establishing legal frameworks for inter-FI information sharing.

Page 4 of 7Module 3

Module 4: SAR Quality vs Quantity

FATF's Position on Defensive Filing

FATF has explicitly addressed the problem of "defensive filing" — where institutions file large numbers of SARs primarily to demonstrate compliance rather than to report genuine suspicion. FATF's position is clear: this approach is not recommended because:

  • It overwhelms FIUs with low-value reports, reducing the FIU's ability to identify and act on genuine intelligence.
  • It wastes FIU analyst resources on non-productive review.
  • It dilutes the investigative value of the reporting system for all participants.
  • It may indicate a compliance programme that prioritises volume metrics over genuine risk management.

Characteristics of a High-Quality STR

Clear, Specific Suspicion

Articulates specific grounds for suspicion — not generic language. Connects the observed activity to known typologies, red flags, or customer inconsistencies with concrete factual references.

Complete Subject Information

Full identification of the subject(s): name, DOB, address, national ID, account numbers, occupation, employer. Incomplete subject information significantly reduces the FIU's ability to investigate.

Clear Narrative

A coherent narrative that links the suspicious activity to ML/TF typologies or risk factors. Tells a story — beginning with the customer profile, moving through the observed activity, and ending with the grounds for suspicion.

Timely Filing

Filed promptly after the MLRO makes the decision to file — within the national regulatory timeframe. Delayed filing (weeks or months after suspicion arose) undermines the intelligence value and may itself be a regulatory breach.

Common SAR Deficiencies — FATF Mutual Evaluation Findings

FATF mutual evaluation reports consistently identify the following deficiencies in SAR/STR quality across African and Asian jurisdictions:

DeficiencyImpact
Generic narrative ("transaction appeared unusual") with no specific groundsReport provides no actionable intelligence — FIU cannot investigate
Incomplete identification informationFIU cannot identify the subject or trace connected persons
Delayed filing — weeks or months after suspicion aroseIntelligence is stale; assets may have been dissipated; investigation compromised
Self-imposed amount threshold (e.g., filing only above USD 10,000)Misapplication of the law — STRs have no minimum amount
No typology connection articulatedFIU cannot assess ML/TF risk category or prioritise appropriately
Duplicate or automatically generated reports without human reviewCreates false volume; indicates process failure rather than genuine detection
Page 5 of 7Module 4

Module 5: African FIU Landscape & What Happens to Your STR

The EGMONT Group

The EGMONT Group is the global network of Financial Intelligence Units. As at 2025, it has over 170 member FIUs. Most African and Asian jurisdictions with functioning AML frameworks have member FIUs — membership signifies a baseline of operational and legal standards.

EGMONT membership enables FIUs to share financial intelligence with counterpart FIUs in other countries through secure channels — critical for investigations involving cross-border fund flows.

Key African FIUs

CountryFIU NameKey Notes
KenyaFinancial Reporting Centre (FRC)EGMONT member. Receives STRs under the Proceeds of Crime and Anti-Money Laundering Act (POCAMLA).
NigeriaNigerian Financial Intelligence Unit (NFIU)EGMONT member. Gained operational independence from EFCC in 2018. Nigeria exited FATF grey list October 2025.
South AfricaFinancial Intelligence Centre (FIC)EGMONT member. One of Africa's most developed FIUs. SA exited FATF grey list October 2025.
TanzaniaFinancial Intelligence Unit (FIU Tanzania)Receives STRs under the Anti-Money Laundering Act.
EthiopiaFinancial Intelligence Centre (FIC Ethiopia)Established under the 2021 AML/CFT Proclamation.
GhanaFinancial Intelligence Centre (FIC Ghana)EGMONT member. Receives STRs under the AML Act.
UgandaFinancial Intelligence Authority (FIA Uganda)EGMONT member. Established under the AML Act 2013.

What Happens to Your STR After Filing

Understanding the STR's journey helps compliance officers appreciate why quality matters:

  1. Receipt and acknowledgement: The FIU acknowledges receipt of the STR (in most jurisdictions, automatically).
  2. Triage: FIU analysts review and prioritise incoming STRs based on risk indicators, links to existing investigations, and intelligence value.
  3. Analysis: The FIU enriches the STR with information from other FIs (where legally permitted), government databases, and EGMONT partner FIUs.
  4. Dissemination: If the analysis identifies potential criminal activity, the FIU disseminates a financial intelligence report to the relevant law enforcement agency.
  5. Investigation: Law enforcement uses the financial intelligence report as part of a broader criminal investigation.
  6. Feedback (best practice): FIUs that follow best practice provide feedback to reporting FIs on STR quality and, where permitted, on outcomes — prosecutions, asset recovery — that resulted from their reports.

FIU Feedback as a Quality Improvement Tool

Jurisdictions where FIUs provide regular, specific feedback to reporting entities consistently show improvements in STR quality over time. Compliance teams that receive feedback can calibrate their TM systems and SAR writing practices based on what the FIU finds useful. Where your FIU offers feedback mechanisms, actively engage with them.

Page 6 of 7Module 5

Final Assessment

30 questions — Multiple Choice, Scenario-Based, and True/False. Pass mark: 80% (24/30).

Section A: Multiple Choice (15 Questions)

Q1. In the 5 Ws framework for STR writing, the "Why" section is considered the most critical because it:

Q2. The tipping-off prohibition under FATF R.21 applies to:

Q3. The safe harbour under R.21 protects FIs from liability when they:

Q4. Which of the following is the MLRO's role in the internal STR escalation process?

Q5. FATF's position on "defensive filing" of SARs is that it:

Q6. Which African FIU achieved operational independence from the EFCC in 2018?

Q7. Which of the following is a common SAR deficiency identified in FATF mutual evaluation reports?

Q8. An STR is filed with the FIU. The FIU reviews it and disseminates a financial intelligence report. To whom does the FIU disseminate this report?

Q9. The EGMONT Group is best described as:

Q10. Which of the following represents a HIGH-QUALITY "Why" section in an STR?

Q11. Under R.21, the tipping-off prohibition covers which of the following?

Q12. Why is a non-filing decision by the MLRO important to document?

Q13. Which of the following statements about FATF's Private Sector Information Sharing Guidance (November 2017) is correct?

Q14. A compliance officer files an STR in good faith, believing the transaction to be suspicious. The customer later proves the transaction was entirely legitimate and sues the FI for defamation. Under R.21:

Q15. FIU feedback to reporting FIs is considered best practice because it:

Section B: Scenario-Based Questions (10 Questions)

S1. A branch manager tells a customer whose account has been flagged: "I can't discuss specific transactions, but you might want to move some funds around before end of month." What has occurred?

S2. A compliance analyst files an STR with the narrative: "The customer's account showed several large transactions during March and April 2026 that were inconsistent with the account's normal activity and raised concerns. The transactions are considered suspicious." Is this STR high quality?

S3. An MLRO reviews a case and decides not to file an STR. The business unit head later discovers the customer was arrested. The MLRO's non-filing decision was not documented. What is the compliance exposure?

S4. A bank's compliance team files 3,000 STRs in one year — a 200% increase from the previous year. The FIU provides feedback that 90% of reports are of low quality with generic narratives. What is the primary compliance problem?

S5. A compliance officer wants to share information about a customer's suspicious activity with another bank in the same financial group before filing an STR, to understand whether the other bank has seen similar patterns. Is this permissible?

S6. An analyst suspects a customer but closes the TM alert as a false positive after a cursory review, without documenting the reasoning. Three months later, a regulator asks to see the closed alert. What is the likely finding?

S7. The Kenya FRC contacts your bank for financial intelligence related to a fraud investigation, referencing an STR you filed 18 months ago. Your staff cannot locate the original STR documentation. What compliance gap does this expose?

S8. A business unit head instructs the MLRO not to file an STR for a major client because "we cannot afford to lose this relationship." What is the MLRO's obligation?

S9. The "Who" section of your STR identifies only the account holder's name and account number. The FIU responds that the report has insufficient subject information to investigate. What was missing?

S10. An FIU provides feedback to a reporting bank that 60% of their STRs lack a clear articulation of ML typology. The most effective response is to:

Section C: True or False (5 Questions)

TF1. The safe harbour under FATF R.21 protects FIs from civil and criminal liability for good-faith STR filings, even if the underlying activity turns out to have been innocent.

TF2. FATF mutual evaluation reports have found that filing large numbers of low-quality SARs (defensive filing) is a mark of a strong AML compliance programme.

TF3. A business unit head can legitimately instruct an MLRO not to file an STR if the subject is a major revenue-generating client.

TF4. Under FATF standards, MLRO decisions not to file an STR should be documented with the reasoning, just as filing decisions are.

TF5. The EGMONT Group enables member FIUs to share financial intelligence with counterpart FIUs in other countries, supporting cross-border ML/TF investigations.

Congratulations — you have passed!

Enter your name to generate your certificate of completion.

Certificate of Completion

Anqa Compliance

This certifies that

has successfully completed

Writing Effective SARs and STRs for Your FIU

anqacompliance.com | Free AML Training Series

Page 7 of 7Assessment
All Courses