Guide to identifying and reporting suspicious activities

In the context of anti‑money laundering (AML) and counter‑terrorism financing (CTF), suspicious activity refers to any transaction or behaviour lacking economic or lawful purpose, which deviates from a customer’s usual profile or appears designed to conceal or structure funds. Common red flags include:

• Large, unexplained cash deposits or withdrawals

• Unusual spikes in transaction volumes or behavioural changes

• Repeated transactions just below reporting thresholds (structuring)

• Inconsistencies with customer background or expected activity

• Use of shell companies or offshore entities

‍

SARs must be submitted when red‑flag indicators suggest potential financial crime, even when no wrongdoing has been proven. Triggers often include:

• Use of forged or fraudulent documents

• Cross‑border transfers of large sums that exceed known account activity

• Complex ownership structures or shell companies

• Abrupt deviations from typical customer behaviour

The legal obligation is to report suspicion once there are reasonable grounds to suspect and not necessarily to prove guilt. Many firms use internal thresholds, escalation matrices or simple flowcharts to determine when a SAR should be filed.

‍

A strong SAR fulfils regulatory expectations by being concise, factual and transparent. It generally should contain:

• Summary of activity – a concise overview

• Reasons for suspicion – identified red‑flags and rationale

• Timeline of events – dates, transaction references, sequence

• Supporting evidence – documentation, communications, transactions

‍

Tips for tone and style:

• Keep language neutral and factual

• Include precise details: amounts, dates, counterparties, behavioural context

• Avoid vague or ambiguous statements

• Use a checklist or template to ensure completeness

‍

“On 12 May 2025, Customer A (Account no. 123456) received a wire transfer of £200,000 from Entity X in Jurisdiction Y. This amount is well outside Customer A’s usual monthly inflow (average < £8,000 over the past year). Shortly afterwards, funds were forwarded to ShellCo Z, an offshore entity with no documented business ties to Customer A. No supporting documentation was provided. We suspect structuring and layering.”

Why this works:

• Specific dates and transaction identifiers provided

• Behaviour deviates from historical pattern

• Red flags clearly explained (structuring, offshore entity)

• Tone remains objective and evidence‑based

‍

Monitoring transactions manually at scale is impractical. Financial crime evolves rapidly, and legacy AML systems struggle to keep pace. Transaction monitoring solutions with automation and AI embedded offer considerable advantages:

• Real‑time alerts from evolving typologies

• Detection of patterns across account networks

• Significant reduction in false positives

• Full audit trail to support high‑quality SAR submissions

‍

The Napier AI Transaction Monitoring solution is built with compliance at its core to meet the demands of modern AML/CTF frameworks:

• 100+ built-in typologies and a secure sandbox environment for safe testing and tuning

• A no‑code rule builder, designed for use by non‑technical compliance users

• AI‑enhanced insights to explain anomalies in plain language, reducing both false positives and false negatives

• Real‑time and batch monitoring, fully scalable to manage hundreds of millions of transactions

• Integrated case management and workflow automation to support audit-ready SAR creation and encrypted form‑building for secure reporting

Strong SAR processes and proactive monitoring are vital in today’s regulatory climate. Firms relying solely on manual methods risk enforcement action, inefficiency and missed risk detection.  

‍

‍

Photo by Pawel Czerwinski on Unsplash