ANQA Compliance Training | FATF R.21 | 7 Pages | 30 Questions | 80% Pass Mark
Understand the absolute prohibition on disclosing STR filings, the safe harbour protections that shield good-faith reporters, and the practical protocols staff need to navigate customer inquiries without crossing the line.
The tipping-off prohibition is one of the most misunderstood rules in AML compliance. Get it wrong and you may inadvertently warn a money laundering suspect, allowing them to destroy evidence, move assets, or abscond before law enforcement can act. Get the safe harbour wrong and compliance officers or staff may hesitate to file legitimate STRs for fear of legal consequences — a chilling effect that undermines the entire reporting system.
This course provides a precise, practical understanding of FATF Recommendation 21: what is prohibited, who is protected, and how to handle the difficult conversations that arise when customers ask why their accounts have been restricted or transactions delayed.
Core coverage: The tipping-off prohibition (R.21(a)), the safe harbour for good faith reporters (R.21(b)), constructive tipping-off, group-level and legal professional exceptions, and practical response protocols for customer-facing staff.
The prohibition is absolute. There are no exceptions based on the amount involved, the seriousness of the crime, or the subject's apparent innocence. The rule covers:
The prohibition binds the institution itself and all its directors, officers and employees — regardless of seniority, role, or whether they were personally involved in the decision to file the STR. This includes:
Common mistake: Staff sometimes assume that because they are not in compliance, the tipping-off rules do not apply to them. Every employee who learns that an STR has been filed (however they learned it) is bound by the prohibition.
The prohibition applies at every stage of the STR lifecycle:
| Stage | Prohibition |
|---|---|
| Before filing | Cannot tell the customer you are about to file, or that their activity has been referred to compliance |
| During filing | Cannot disclose that an STR is in progress while the case is being reviewed and drafted |
| After filing | Cannot confirm or deny that an STR has been filed, even months or years later |
| Investigation stage | Cannot disclose that an investigation by law enforcement or the FIU is underway |
Why the prohibition lasts indefinitely: Law enforcement may be building a case over an extended period. Early disclosure — even after the STR is filed — can compromise an ongoing investigation.
Tipping off allows a subject of a suspicious activity report to take steps that undermine law enforcement action. Specifically, a tipped-off subject may:
The stakes are high: A single tipping-off incident can compromise not just one STR but an entire multi-party investigation that may have taken law enforcement months to build.
Without safe harbour protection, staff might be reluctant to file STRs. A customer could theoretically sue the bank for defamation (filing a false report), breach of contract (closing the account), or breach of data protection (disclosing personal information to the FIU). The safe harbour removes this risk for good faith reporters.
| Protection Type | What It Covers |
|---|---|
| Criminal immunity | Staff cannot be prosecuted for filing an STR, even if the information turns out to be incorrect and no crime is found |
| Civil immunity | The institution and individual staff are protected from civil lawsuits by the subject of the STR — including defamation, breach of contract, or privacy claims |
| Administrative immunity | Regulators and employers cannot sanction staff for filing a good faith STR — including disciplinary action or dismissal |
Critical point: The safe harbour applies even if the suspicion turns out to be wrong — even if no crime occurred. A reporter does not need to be certain of guilt to be protected. This is by design: suspicion, not certainty, is the filing threshold.
Safe harbour is not unconditional. It attaches only to reports made in good faith. What does this mean in practice?
Practical implication: Staff should document their genuine grounds for suspicion. This creates a record that the filing was made in good faith and not as a retaliatory or tactical measure.
The FATF explicitly provides that the reporter is protected even if they "did not know precisely what the underlying criminal activity was." A compliance officer does not need to identify whether activity relates to drug trafficking, corruption, fraud, or another predicate offence to be entitled to safe harbour protection. Suspicion that activity may relate to ML or TF is sufficient.
Scenario: A bank files an STR on a corporate customer for suspicious wire transfers. No prosecution follows. Three years later, the customer sues the bank for defamation, claiming the STR damaged its reputation with correspondent banks.
Analysis: If the bank can demonstrate it filed the STR in good faith — based on genuinely suspicious patterns and documented in accordance with its internal procedures — it is protected by safe harbour. The absence of a prosecution does not mean the STR was wrongly filed; it means the FIU or law enforcement assessed the case and decided not to pursue it, which is a separate decision from the bank's filing obligation.
The tipping-off prohibition is easy to state but operationally difficult to apply. Customer-facing staff face real pressure: customers who are angry, confused, or frightened by account restrictions will push hard for explanations. Without clear protocols and scripted responses, well-meaning staff may inadvertently cross the line.
| Staff Type | Training Focus |
|---|---|
| Relationship Managers | How to explain transaction delays or account restrictions without referencing AML review; when to escalate customer inquiries to compliance |
| Branch / Counter Staff | Scripted responses when customers enquire about declined transactions; immediate escalation triggers |
| Operations / Back-Office | Confidentiality of internal case records; prohibition on discussing STR status with colleagues without a need to know |
| Compliance Team | Managing internal STR case files; group-level information sharing rules; handling regulatory and police inquiries |
The goal is to be honest (never deny that the bank has internal processes) while not disclosing STR-specific information. Here are examples:
Customer asks: "Why was my wire transfer delayed?"
Appropriate response: "Transactions are subject to routine internal screening processes. I'm not able to discuss the details of our internal procedures. If you have concerns, please contact our customer service team."
Customer asks: "Did you file a report on me?"
Appropriate response: "I am not in a position to confirm or deny whether any internal reports have been generated on any account. I'm sorry I cannot be more specific."
Customer demands to know if their account is under investigation:
Appropriate response: "I can't discuss the details of internal monitoring processes. If you have received a formal communication from a regulatory authority or law enforcement, you should speak to your legal adviser."
Never say: "It's nothing to worry about — we just had to file a suspicious activity report." Even a reassurance can constitute tipping off if it confirms the existence of the STR.
The safest approach for all staff at all levels is to neither confirm nor deny any aspect of internal reporting or AML investigation. This applies even when:
Escalation rule: Any customer inquiry that pushes beyond a general denial should be escalated to the MLRO or compliance team immediately. The compliance team then assesses whether the inquiry relates to a legal process (such as a court order) that may trigger a permitted disclosure.
The tipping-off prohibition also governs what staff discuss with each other. An employee who learns an STR has been filed should not discuss this with colleagues who have no need to know. Need-to-know within the institution is determined by the MLRO — not by job grade or seniority.
The starting point remains: no disclosure of STR-related information to any party outside the institution without a legal basis. However, FATF and most national frameworks recognise a limited number of exceptions.
Disclosure is permitted — and often mandatory — in response to a legal process such as:
Key point: Disclosure pursuant to a legal order is not tipping off — it is compliance with a legal obligation. However, the existence of the order should not be disclosed to the subject of the STR (which could itself constitute tipping-off).
FATF permits sharing of STR-related information between entities within the same financial group where two conditions are met:
The rationale: a financial group cannot effectively manage ML/TF risk if each branch or subsidiary operates in complete information isolation. A customer who is the subject of an STR at the Nairobi branch may also be conducting suspicious activity through the group's London entity — and the group's MLRO may need to coordinate.
Restriction: Group-level sharing does not permit disclosure to non-group entities. A bank cannot share STR information with a correspondent bank, a third-party service provider, or an industry peer (except under a formal information-sharing framework authorised by national law).
Most group-level AML frameworks allow the group compliance officer (or group MLRO) to access STR information from subsidiaries and branches as part of their oversight function. This must be governed by:
In many jurisdictions, legal professionals (lawyers, notaries) who are required to file STRs as DNFBPs face a specific tension between the STR obligation and legal professional privilege. FATF and national frameworks typically resolve this by:
Where a legal professional files an STR, the same tipping-off prohibition and safe harbour provisions apply as to financial institutions.
National FIUs share financial intelligence with foreign counterpart FIUs through the EGMONT Group framework. This exchange is governed by bilateral or multilateral agreements and does not implicate the institution-level tipping-off prohibition — it operates at the inter-governmental level.
Practical note for compliance officers: Always obtain legal advice before sharing STR-related information with any external party. Document the legal basis relied upon and maintain records of the disclosure. If in doubt, do not share.
Tipping off does not require explicit words. A compliance failure can occur through actions that effectively communicate to the subject that an STR has been filed or that they are under investigation. This is known as constructive tipping-off.
Examples of constructive tipping-off:
The test for constructive tipping-off is whether a reasonable person in the subject's position would conclude from the institution's actions that an STR had been filed or that they were under investigation.
Account restrictions and exits are common operational responses to STR situations. Managing them correctly requires:
| Situation | Recommended Approach |
|---|---|
| Blocking a transaction | Apply the standard "regulatory screening" explanation; do not reference specific AML concerns; document internally |
| Exiting the relationship | Delay exit notification until operationally appropriate; use a commercial reason for the exit if genuine; coordinate timing with MLRO to avoid constructive tipping-off risk |
| Freezing an account | Pursuant to a law enforcement or court freeze order — the existence of the order may be disclosable under the terms of the order itself; take legal advice |
| Requesting additional documents | Frame as routine refresh of KYC records where possible; avoid unusual specificity that signals targeted investigation |
Banks must distinguish between legitimate de-risking (exiting categories of high-risk clients for commercial or regulatory reasons) and an individually targeted exit that follows an STR. Where an exit decision is not part of a general de-risking programme, timing and communication must be carefully managed.
Best practice: The MLRO should be consulted before any account exit decision for a customer who is the subject of an active or recent STR. The compliance team should assess whether the timing and manner of exit creates constructive tipping-off risk and advise accordingly.
Legal reminder: In most jurisdictions, a breach of the tipping-off prohibition is a criminal offence. The penalty varies by jurisdiction but typically includes fines and imprisonment. The prohibition is not a guideline — it is a statutory requirement implemented pursuant to FATF R.21.
30 questions — Multiple Choice, Scenario, and True/False. Score 80% (24/30) or above to pass and receive your certificate.