GFN Visual Series
How a SAR/STR Works — From Alert to FIU Submission
A structured breakdown of the end-to-end SAR/STR process — from detection and investigation to drafting, filing, and regulatory feedback.
Click the image to view it in full resolution.
How a SAR/STR Works — From Alert to FIU Submission
A Suspicious Activity Report (SAR) — also called a Suspicious Transaction Report (STR) in many jurisdictions — is the primary mechanism that transforms internal detection into actionable financial intelligence for authorities.
A SAR/STR is not merely a regulatory formality.
It is the formal output of an institution’s AML framework — the document that converts suspicion into structured intelligence submitted to a Financial Intelligence Unit (FIU) or other competent authority.
This visual outlines the practical SAR/STR workflow used by most financial institutions — from the initial detection signal to the final submission and post-filing feedback.
Step 1 — Detection Signal (Alert, Screening Hit, or Referral)
Objective:
Identify activity that may be unusual, inconsistent, or indicative of illicit behavior.
Common Inputs
- Transaction Monitoring alerts (rules and models)
- Sanctions, PEP, or adverse media screening hits
- Fraud detection signals
- Internal referrals (front office, operations, compliance)
- External triggers (law enforcement requests, regulator inquiries)
Why it matters:
The SAR/STR process depends on effective upstream detection and escalation mechanisms.
Step 2 — Triage & Initial Risk Assessment
Objective:
Determine whether the signal is credible and requires formal investigation.
Core Actions
- Validate transaction and customer data
- Eliminate clear false positives
- Assess severity and potential exposure
- Decide whether to close, monitor, or escalate
Why it matters:
Efficient triage protects investigative capacity and prevents operational backlog.
Step 3 — Investigation & Evidence Building
Objective:
Assess whether there is reasonable suspicion supported by facts and context.
Investigation Components
- Reconstruction of transaction timelines
- Review of customer profile and expected activity
- Analysis of transaction flows and counterparties
- Pattern and behavioral deviation analysis
- Review of contextual information (where permitted by law and policy)
Why it matters:
Detection identifies signals.
Investigation determines whether those signals rise to reportable suspicion.
Step 4 — Suspicion Determination & Case Outcome
Objective:
Reach a defensible conclusion and determine appropriate next steps.
Typical Outcomes
- Close as false positive
- Continue monitoring with enhanced triggers
- Escalate customer risk rating
- Apply restrictions or exit the relationship
- Proceed to SAR/STR drafting and filing
Why it matters:
Consistent decisioning strengthens auditability and regulatory defensibility.
Step 5 — SAR/STR Drafting
Objective:
Produce a clear, factual, and analytically sound report.
While formats vary across jurisdictions, SARs/STRs typically contain the following components:
1) Subject Information
- Customer or entity identification details
- Beneficial ownership information (where applicable)
- Account identifiers and associated parties
2) Activity Summary
- Description of suspicious behavior
- Dates and duration of activity
- Products, services, and jurisdictions involved
3) Transaction Details
- Amounts, currencies, and instruments
- Counterparties and destination/origin details
- Relevant account numbers and timestamps
4) Narrative Explanation
- Background of the customer relationship
- Description of expected vs. observed behavior
- Clear explanation of why the activity is suspicious
- Analytical reasoning supported by facts
Why it matters:
A SAR/STR must allow authorities to understand who was involved, what occurred, when it occurred, and why it is considered suspicious.
Step 6 — Internal Review & Quality Control
Objective:
Ensure the report meets internal policy and regulatory standards before submission.
Common Controls
- Quality assurance review
- MLRO or compliance officer approval
- Verification of identifiers and transaction data
- Documentation of supporting evidence
Why it matters:
Poorly structured or unclear reports reduce intelligence value and may trigger regulatory scrutiny.
Step 7 — Filing with the FIU or Competent Authority
Objective:
Submit the SAR/STR through the appropriate reporting channel within required timeframes.
Key Considerations
- Filing portals and formats vary by jurisdiction
- Reporting deadlines are jurisdiction-specific
- Confidentiality and anti-tipping-off rules typically apply
- Submission must be complete and timely
Why it matters:
Filing converts internal suspicion into regulatory intelligence and fulfills statutory reporting obligations.
Step 8 — Post-Filing Actions & Continuous Improvement
Objective:
Use outcomes and insights to improve controls and monitoring systems.
Follow-Through Measures
- Ongoing customer monitoring
- Risk reclassification where appropriate
- Scenario and threshold tuning
- Lessons learned integration into training and typologies
Why it matters:
An effective SAR/STR process strengthens over time through feedback and refinement.
Putting It All Together — SAR/STR as the Output of an AML System
A high-functioning SAR/STR workflow is not linear — it is systemic:
- Detection generates signals
- Triage protects capacity
- Investigation builds factual context
- Decisioning ensures consistency
- Drafting converts facts into structured intelligence
- Filing delivers intelligence to authorities
- Feedback strengthens the entire framework
The effectiveness of a SAR/STR program is not measured by the volume of reports filed —
but by the clarity, defensibility, and intelligence value of each submission.
Note on AI-Assisted Visual Creation
Our infographics use AI in the creation process, and we continuously refine our visuals.
If you notice anything that can be improved or clarified, please let us know — your feedback helps strengthen the FinCrime community.