SAR/STR Filing

The SAR (Suspicious Activity Report) / STR (Suspicious Transaction Report) module provides a structured workflow for creating, managing, and tracking suspicious activity reports directly within BlockchainAnalysis.io. It integrates with your screening results, fund traces, and transaction monitoring alerts — assembling the evidence package that compliance officers need to prepare and file reports with their jurisdiction's Financial Intelligence Unit (FIU).

What Are SARs and STRs?

Suspicious Activity Reports (SARs) and Suspicious Transaction Reports (STRs) are mandatory filings that regulated entities must submit to their national FIU when they detect or suspect that a transaction or customer activity may involve money laundering, terrorist financing, or other financial crime.

The terminology varies by jurisdiction:

| Term | Jurisdictions | |---|---| | SAR (Suspicious Activity Report) | United States (FinCEN), United Kingdom (NCA), Australia (AUSTRAC) | | STR (Suspicious Transaction Report) | EU member states, Singapore (MAS), Hong Kong (JFIU), Canada (FINTRAC) | | UTR (Unusual Transaction Report) | Netherlands (FIU-Netherlands) | | STROR (Suspicious Transaction Report on Online Transactions) | Specific to certain APAC jurisdictions |

Regardless of the terminology, the obligation is the same: report suspicious activity to the relevant authority within the required timeframe.

Failure to file a SAR/STR is a criminal offense in most jurisdictions. Penalties can include substantial fines, personal liability for compliance officers, and in some cases imprisonment. If you suspect suspicious activity, err on the side of filing.

When to File a SAR

The decision to file a SAR should be based on whether there are reasonable grounds to suspect that a transaction or pattern of activity is related to financial crime. Common triggers in the crypto context include:

Direct Triggers

  • Sanctions match — A wallet screening or name screening returns a direct match against any sanctions list
  • KYT BLOCK verdict — A pre-transaction check identifies critical risk factors (sanctions exposure, stolen funds, darknet activity)
  • Fund trace reveals illicit origin — A fund trace shows significant exposure to mixers, darknet markets, or sanctioned entities
  • Transaction monitoring alert — Behavioral patterns consistent with money laundering (structuring, rapid movement, layering)

Contextual Triggers

  • Customer provides false or inconsistent information — Identity documents don't match, stated source of wealth is implausible
  • Unusual transaction patterns — Activity inconsistent with the customer's stated purpose or profile
  • Reluctance to provide information — Customer refuses to explain the source of funds or provide requested documentation
  • Third-party information — Law enforcement inquiry, media report, or tip from another institution
  • Rapid conversion — Large crypto deposits immediately converted to fiat and withdrawn

You do not need certainty to file a SAR. The threshold is reasonable suspicion, not proof. If a reasonable compliance professional would consider the activity suspicious based on the available information, a SAR should be filed.

Creating a SAR Case

Via Dashboard

Open the SAR Module

Navigate to Dashboard > SAR Filing > New Case.

Select Case Type

Choose the type of suspicious activity:

  • Money Laundering — Suspected ML activity including layering, structuring, and integration
  • Terrorist Financing — Suspected TF activity including donations to designated entities
  • Sanctions Violation — Transaction involving a sanctioned individual, entity, or jurisdiction
  • Fraud — Scam, phishing, rug pull, or other fraudulent activity
  • Market Manipulation — Wash trading, pump-and-dump, or spoofing
  • Other — Activity that does not fit the above categories

Identify the Subject

Link the SAR to one or more customer records and/or blockchain addresses:

  • Select existing customer from the database, or enter details manually
  • Add relevant blockchain addresses
  • The platform will automatically pull in associated screening results, fund traces, and monitoring alerts

Describe the Suspicious Activity

Write a narrative description of the suspicious activity. The narrative should answer:

  • What — What activity was observed?
  • When — When did it occur (dates, timeframe)?
  • Where — Which blockchain(s), addresses, or platforms were involved?
  • Who — Who are the subjects (customers, counterparties)?
  • Why — Why is this activity suspicious?
  • How — How was the activity conducted (method, pattern)?

Attach Evidence

The platform automatically links relevant evidence from your screening and monitoring activity:

  • Wallet screening reports (PDF and JSON)
  • Fund trace visualizations and reports
  • Transaction monitoring alerts
  • KYT check results
  • Name & entity screening results
  • Customer KYC documents

You can also upload additional evidence files (screenshots, communications, external reports).

Set Priority and Deadline

Assign a priority level and filing deadline based on your jurisdiction's requirements:

| Priority | Typical Deadline | Context | |---|---|---| | Critical | 24 hours | Sanctions match, active terrorism financing | | High | 3-5 business days | Clear ML indicators, large-value suspicious transactions | | Medium | 15-30 business days | Suspicious patterns requiring further analysis | | Low | 30-45 business days | Borderline cases, accumulative pattern analysis |

Review and Submit

Review the complete case, then either save as draft for further editing or submit for internal approval.

Required Fields and Documentation

Different jurisdictions require different fields in SAR filings. The platform provides a comprehensive form that covers the superset of requirements across major jurisdictions.

Subject Information

| Field | Description | Required By | |---|---|---| | Full Name | Subject's legal name (individual or entity) | All jurisdictions | | Date of Birth | For individuals | All jurisdictions | | Address | Residential or business address | All jurisdictions | | ID Document | Passport, national ID, or other government-issued ID | All jurisdictions | | Nationality | Country of nationality | EU, UK, APAC | | Tax ID | SSN (US), TIN (EU), or equivalent | US, EU | | Phone / Email | Contact information on file | All jurisdictions | | Customer Since | Date the relationship was established | EU, UK | | Occupation / Industry | For individuals / businesses | EU, UK |

Transaction Information

| Field | Description | Required By | |---|---|---| | Transaction Date(s) | Date or date range of suspicious activity | All jurisdictions | | Transaction Amount(s) | Value in both crypto and fiat equivalent | All jurisdictions | | Blockchain Address(es) | Source and destination addresses | All jurisdictions | | Blockchain / Network | Which blockchain the transactions occurred on | All jurisdictions | | Transaction Hash(es) | On-chain transaction identifiers | All jurisdictions | | Direction | Inbound (deposit) or outbound (withdrawal) | All jurisdictions | | Counterparty | Known or suspected counterparty information | All jurisdictions |

Narrative

The narrative is the most important component of a SAR. It should be:

  • Clear — Written in plain language, avoiding jargon
  • Comprehensive — Covering all relevant facts and observations
  • Objective — Stating facts without drawing legal conclusions
  • Structured — Following the What/When/Where/Who/Why/How framework
  • Evidence-linked — Referencing specific screening results, transaction IDs, and risk factors

Do not inform the customer that a SAR has been filed or is being considered. Tipping off is a criminal offense in most jurisdictions. The SAR module is access-controlled — only users with the AML_OFFICER role can view SAR cases. See Team Management for role configuration.

Case Lifecycle

Every SAR case moves through a defined lifecycle:

Status Flow

DRAFT → SUBMITTED → IN_REVIEW → APPROVED → FILED → ACKNOWLEDGED
                       ↓
                    RETURNED (needs revision)
                       ↓
                     DRAFT

Status Definitions

| Status | Description | Who | |---|---|---| | DRAFT | Case is being prepared, evidence being gathered | Analyst or AML Officer | | SUBMITTED | Case submitted for internal review | Analyst | | IN_REVIEW | AML Officer or MLRO reviewing the case | AML Officer | | APPROVED | Case approved for filing with the FIU | AML Officer / MLRO | | RETURNED | Case returned to the analyst with comments for revision | AML Officer | | FILED | Report submitted to the FIU (manually or via integration) | AML Officer | | ACKNOWLEDGED | FIU has confirmed receipt of the filing | System (via FIU feedback) |

Internal Approval Workflow

The SAR module enforces a four-eyes principle by default:

  1. An Analyst creates the case, gathers evidence, and writes the narrative
  2. The AML Officer (or MLRO) reviews the case, adds comments, and either approves or returns it
  3. Once approved, the AML Officer marks the case as filed after submitting to the FIU

The four-eyes principle is a regulatory best practice that ensures no single individual can both create and approve a SAR filing. This separation of duties is required by MiCA, 6AMLD, and most national AML frameworks.

Linking Screening Results

One of the most powerful features of the SAR module is its ability to automatically link and compile evidence from across the BlockchainAnalysis.io platform.

Automatic Linking

When you associate a blockchain address or customer record with a SAR case, the platform automatically identifies and links:

  • Wallet screening reports — All historical screening reports for the address
  • KYT check results — All KYT verdicts for transactions involving the address
  • Fund traces — Any fund trace investigations run on the address
  • Transaction monitoring alerts — All triggered alerts for the address or customer
  • Name & entity screening results — Customer screening history
  • Adverse media results — Any adverse media findings for the customer

Evidence Compilation

When the SAR case is approved, the platform generates a consolidated evidence package:

  • SAR narrative (PDF)
  • Transaction summary table (CSV and PDF)
  • Fund trace visualizations (PDF snapshots)
  • Wallet screening reports (PDF)
  • Timeline of events (PDF) — Chronological view of all relevant activity
  • Supporting documents — All uploaded files

This evidence package can be downloaded as a ZIP archive or individual files, ready for submission to the FIU alongside the formal SAR filing.

Statistics and Reporting Dashboard

The SAR module includes a reporting dashboard for compliance management and board reporting:

Key Metrics

| Metric | Description | |---|---| | Open Cases | Number of SAR cases currently in DRAFT, SUBMITTED, or IN_REVIEW status | | Filed This Month | Number of SARs filed in the current calendar month | | Filed This Quarter | Quarterly filing count for trend analysis | | Average Time to File | Mean time from case creation to filing (target: < 15 business days) | | Cases by Type | Breakdown by suspicious activity type (ML, TF, sanctions, fraud, etc.) | | Cases by Status | Pipeline view showing cases at each lifecycle stage | | Return Rate | Percentage of cases returned for revision (quality indicator) | | Auto-Linked Evidence | Percentage of evidence automatically linked vs. manually attached |

Trend Analysis

The dashboard provides trend charts showing:

  • Monthly and quarterly filing volumes over time
  • Filing type distribution trends
  • Average time to file over time
  • Correlation between transaction monitoring alert volume and SAR filing volume

Board Reporting

Generate pre-formatted reports for board-level compliance reporting:

  • Quarterly SAR Summary — High-level overview of filing activity, trends, and key cases
  • Annual SAR Report — Year-over-year comparison with regulatory obligation status
  • Audit-Ready Export — Complete SAR register export for external auditor review

Regulatory Requirements by Jurisdiction

United States (FinCEN)

  • Filing deadline: 30 calendar days from detection (60 days if no suspect identified)
  • Filing method: BSA E-Filing System
  • Threshold: $5,000 in aggregate (for MSBs) or $2,000 (for casinos)
  • Retention: 5 years from filing date

European Union (per national FIU)

  • Filing deadline: Varies by member state (typically "without delay" or within 24-48 hours for urgent cases)
  • Filing method: Through national FIU portal (goAML in many jurisdictions)
  • Threshold: No monetary threshold — file whenever there is suspicion
  • Retention: 5 years (10 years in some member states)

United Kingdom (NCA)

  • Filing deadline: "As soon as practicable" after suspicion is formed
  • Filing method: SAR Online portal
  • Threshold: No monetary threshold
  • Retention: 5 years from filing date
  • Special: Must obtain "consent" (defense against money laundering) before proceeding with a suspicious transaction

Singapore (MAS)

  • Filing deadline: "As soon as reasonably practicable" (15 business days recommended)
  • Filing method: STRO online portal
  • Threshold: S$20,000 for cash transactions; no threshold for suspicious activity
  • Retention: 5 years

Australia (AUSTRAC)

  • Filing deadline: 24 hours for transactions of A$10,000+; 3 business days for suspicious matters
  • Filing method: AUSTRAC Online
  • Threshold: A$10,000 for threshold transactions; no threshold for suspicious matters
  • Retention: 7 years

The platform does not submit SARs directly to FIUs (filing methods and formats vary widely by jurisdiction). Instead, it prepares the complete case file and evidence package, which your compliance team submits through the appropriate national filing channel. We are actively developing direct integrations with goAML and BSA E-Filing — contact your account manager for status updates.

Access Control

SAR cases contain sensitive information and are subject to strict access controls:

| Role | Permissions | |---|---| | AML_OFFICER | Full access: create, view, edit, approve, file, delete | | ANALYST | Create, view, edit, submit for review | | ADMIN | View-only access to SAR statistics (not case details) | | CLIENT | No access | | TECH | No access | | BILLING | No access |

SAR case details are never visible to customers (CLIENT role), technical staff (TECH role), or billing administrators (BILLING role). This is enforced at the database level, not just the UI. Unauthorized access to SAR information may constitute tipping off, which is a criminal offense.

See Team Management for details on role-based access control.

Best Practices

  1. File promptly — Delays in filing can attract regulatory criticism. Set internal deadlines that are shorter than the regulatory maximum to build in a buffer.

  2. Write clear narratives — The SAR narrative is the most important part of the filing. Invest time in a clear, structured description of the suspicious activity. Avoid compliance jargon that FIU analysts may not understand.

  3. Link all available evidence — The platform makes evidence linking easy. Use it. A well-evidenced SAR is more useful to law enforcement and demonstrates the quality of your compliance program.

  4. Maintain the four-eyes principle — Never allow the same person to create and approve a SAR. This is both a regulatory requirement and a quality control measure.

  5. Track your metrics — Use the statistics dashboard to monitor filing volumes, turnaround times, and return rates. Declining metrics may indicate process issues that need attention.

  6. Never tip off — Do not inform the customer, their associates, or anyone outside the compliance team that a SAR has been or is being filed. Restrict SAR module access to authorized personnel only.

  7. Retain records — Even after a SAR is filed and acknowledged, retain all case files, evidence, and communications for the retention period required by your jurisdiction.

  8. Review and update procedures — SAR filing procedures should be reviewed at least annually and updated to reflect regulatory changes, new typologies, and lessons learned.

BlockchainAnalysis.io — Digital Asset Compliance Platform