Quality vs quantity in SAR filing: what NCA reviewers look for

Quality vs quantity in SAR filing: what NCA reviewers look for

The UK Financial Intelligence Unit received approximately 901,000 Suspicious Activity Reports in the 2022–23 reporting year. The volume of SARs filed by regulated firms has increased substantially over the past decade. The quality of SARs has not kept pace with the quantity.

The NCA is explicit about this in its annual SARs regime reports. A large proportion of the SARs received each year contain insufficient intelligence to support any law enforcement action. They satisfy the reporter’s legal obligation — the filing of a SAR provides a statutory defence against money laundering charges — but they provide no actionable intelligence to the UKFIU. They are, in the language the compliance profession uses internally, defensive SARs.

An MLRO whose team files large volumes of low-quality SARs has not built an effective financial crime reporting framework. They have built a volume-processing operation that generates compliance cover but limited intelligence value. This matters for two reasons. First, it means the firm’s financial crime controls are not actually contributing to the detection and disruption of money laundering and terrorist financing. Second, it creates risk — poor quality SARs are less likely to be acted on quickly, which matters considerably if the firm later needs to file a DAML and expects a timely consent decision.

What the UKFIU actually does with a SAR

The UKFIU’s primary function is to receive, analyse and disseminate financial intelligence. A SAR that contains actionable intelligence — specific individuals, account details, amounts, dates, and a clear articulation of why the reporter suspects criminal activity — can be disseminated to law enforcement agencies, police forces, HMRC, the NCA’s own operational units, and international partners. This dissemination is what makes SARs useful to the law enforcement system.

A SAR that says a customer “made unusual transactions inconsistent with their profile” without specifying the amounts, the transactions, the suspicion or the predicate offence cannot be disseminated. It goes into the UKFIU’s database as a data point. It may be useful if it can be matched with intelligence from other sources, but it generates no proactive action.

NCA reviewers are looking for intelligence that helps them join dots — connecting a subject to known criminal networks, corroborating intelligence they already hold, or identifying new threats. The SAR that achieves this is qualitatively different from the SAR that merely records that the reporter noticed something and felt they should report it.

The four elements of an intelligence-grade SAR

Who

The SAR should identify the subject as precisely as possible. Full name, date of birth, address, account numbers, national insurance number if held, company names and registration numbers for corporate customers, and any known aliases or associated individuals. The more precisely the UKFIU can identify who the SAR relates to, the more effectively it can be matched with existing intelligence and disseminated to the right recipient.

A SAR about a customer named “John Smith” with no further identifying information has limited intelligence value. A SAR about John Smith of a specific address, with a specific account number, who uses a business account for a company with a specific Companies House number, is a SAR that can be acted on.

What

The specific transaction or activity that gave rise to the suspicion should be described precisely. Amounts, currencies, transaction references, dates, and the counterparties involved — both the parties identifiable through the firm’s own records and any third-party information available. Where the SAR relates to a pattern of transactions rather than a single event, the pattern should be described with sufficient specificity to be reproducible — dates, amounts, counterparty account details where available.

Vague characterisations — “large cash deposits”, “frequent transfers to high-risk jurisdictions”, “transactions inconsistent with stated business activity” — are not sufficient on their own. They describe the type of activity but not the specific activity. The NCA needs the specific details to investigate.

When

Precise dates matter. The period over which the suspicious activity occurred, the date of the most recent transaction, and the date on which the MLRO formed the suspicion should all be included. The UKFIU uses date information to correlate SARs from different reporters and to establish timelines of criminal activity. A SAR that describes activity “over the past year” without specific dates is significantly less useful than one that identifies the activity with transaction-level dates.

Why

The articulation of why the reporter suspects criminal activity is the element most commonly done poorly. The “why” should identify: the specific observations that gave rise to suspicion, the predicate offence that the reporter believes may underlie the activity, any information about the customer’s stated business or circumstances that makes the activity inconsistent with expectations, and any additional intelligence the reporter holds that supports the suspicion.

The predicate offence — what crime the reporter suspects the funds derive from or will be used for — is particularly important. Fraud, tax evasion, drug trafficking, bribery and corruption, sanctions evasion, and cybercrime each attract different law enforcement responses and different dissemination routes. A SAR that identifies a specific predicate offence can be routed to the relevant specialist team. A SAR that says the activity is “suspicious” without any indication of the underlying offence leaves the UKFIU to guess.

Common quality failures

The most prevalent quality failure is the defensive SAR — filed to satisfy the reporting obligation without genuine intent to provide intelligence. These SARs typically have vague language (“unusual activity inconsistent with customer profile”), minimal transaction detail, and no identification of a predicate offence. They are recognisable to experienced UKFIU reviewers and they generate no action.

The second common failure is filing on the basis of a customer complaint or dispute rather than genuine suspicion of money laundering or terrorist financing. A customer who disputes a charge, refuses to cooperate with a process, or behaves erratically is not necessarily involved in criminal activity. Filing a SAR in these circumstances without genuine suspicion is not only unhelpful to the UKFIU — it also misuses the SAR regime in a way the NCA has specifically criticised.

Third is the failure to identify and include linked accounts and associated parties. Where the MLRO suspects money laundering, the activity typically involves multiple accounts, multiple parties or multiple transactions. A SAR that relates only to the primary account without referencing the related accounts or the ultimate beneficiary of the funds is a SAR that captures part of the picture. The UKFIU may already hold intelligence on the related parties — but it needs the connection to be made in the SAR to recognise it.

Fourth is inadequate description of the timeline. SARs that describe suspicious activity in general terms without dates are difficult to act on. The NCA processes SARs against live investigations and time-sensitive intelligence requirements. A SAR about activity that occurred in a specific three-week window in a specific month is far more useful than one that describes “activity over recent months.”

The relationship between SAR quality and the DAML regime

The quality of a firm’s SAR filing has a direct relationship with the responsiveness of the NCA’s DAML consent decisions. A firm that is known to the UKFIU as a high-quality reporter — whose SARs contain reliable, precise intelligence — is a firm whose DAML requests are treated with the seriousness they deserve. A firm whose SARs are consistently vague and uninformative is a firm whose DAML requests are processed in a queue with no particular urgency.

The practical implication is that an MLRO who prioritises SAR quality over SAR quantity is not just contributing to better law enforcement outcomes — they are also building the intelligence relationship with the UKFIU that makes the consent regime work effectively for the firm when it needs it.

The MLRO’s role in quality assurance

SAR quality starts with training the first line of defence — the relationship managers, onboarding teams and operations staff who generate the initial internal reports. Staff who do not understand what makes a useful report will not provide the information the MLRO needs to construct a quality SAR. But SAR quality is ultimately the MLRO’s responsibility. Before filing, the MLRO should satisfy themselves that the SAR contains sufficient who, what, when and why to be actionable — and should return incomplete internal reports to the first line for additional information rather than filing with what is available.

FD Capital places MLROs with the experience to build financial crime reporting frameworks that produce intelligence-grade SARs, not merely volume. Where the firm is an advisory business like Interpath, a regulated investment manager, or a payments institution dealing with high volumes of potentially suspicious transactions, the quality of the MLRO’s SAR programme is one of the key metrics by which the FCA and the NCA assess the adequacy of the firm’s AML controls.

Related Services

• MLRO Recruitment
• AMLRO Recruitment
• Financial Crime Recruitment
• Compliance Recruitment
• SMCR Compliance Recruitment

Related Guides

• SMF17 — MLRO Function Guide
• DAML Requests: How the Consent Regime Works
• Source of Funds vs Source of Wealth
• PEP Screening: False Positives at Scale
• KYC: A Complete Guide for UK Regulated Firms