SAR Reporting Support: Find Financial Crime Specialists Who Have Run the Function Before

The Suspicious Activity Report (SAR) is the single most important output of the UK anti-money laundering regime. When a regulated firm forms a suspicion that funds or activity may involve money laundering or terrorist financing, the firm is required by statute to report that suspicion to the National Crime Agency (NCA). The SAR regime is what turns private-sector intelligence into state-level action on financial crime — and the effectiveness of the regime depends entirely on the quality of the reports that firms produce and on the systems they use to manage the reporting function.

The legal obligation to report sits in the Proceeds of Crime Act 2002 (POCA) for money laundering matters and the Terrorism Act 2000 for terrorist financing matters. Failure to report a suspicion that should have been reported is a criminal offence — one that applies to the individual in the regulated sector who formed or should have formed the suspicion, and to the nominated officer (typically the MLRO) who decides on external reporting. Filing an unfounded SAR carries its own risks: incorrect SARs waste NCA resource, and “defensive” SAR culture can distort the intelligence picture that underpins UK financial crime enforcement.

Alongside the obligation to report, UK firms must manage the parallel obligations around tipping off and prejudicing an investigation, the consent regime (Defence Against Money Laundering), the confidentiality of SARs within the firm, and the interface with law enforcement during and after the reporting process. Getting SAR operation right is technically demanding, legally exposed, and central to the MLRO’s role.

This guide sets out the UK SARs regime in substantive detail — the legal framework, the threshold for suspicion, the mechanics of filing, the DAML consent mechanism, the tipping off offences, SAR quality expectations, common failings, and how FD Capital places the MLROs, Deputy MLROs and specialist financial crime staff who run the SAR function at UK regulated firms. It sits alongside our MLRO guide and Customer Due Diligence guide — the SAR function is where CDD outputs and MLRO accountability converge.

The Legal Framework — Where SAR Obligations Come From

UK SAR obligations sit in specific statutes that define what must be reported, who must report it, when it must be reported, and the consequences of getting it wrong.

The Proceeds of Crime Act 2002

POCA is the primary source. The relevant provisions for regulated-sector reporting are:

Section 330: The offence of failing to disclose in the regulated sector. A person commits an offence if they know or suspect, or have reasonable grounds for knowing or suspecting, that another person is engaged in money laundering; the information came to them in the course of regulated activity; and they do not make the required disclosure as soon as practicable.
Section 331: The equivalent offence applying to nominated officers in the regulated sector — the offence of failing to disclose externally where an internal disclosure has been made to them.
Section 332: The offence of failing to disclose outside the regulated sector — a narrower obligation but important for certain professional contexts.
Sections 333A–333D: The tipping off offences, which prohibit disclosing that a SAR has been made or that an investigation is ongoing.
Sections 335–336: The consent regime — the mechanism by which firms can protect themselves from money laundering offences by obtaining consent from the NCA before proceeding with a prohibited transaction.
Sections 327–329: The substantive money laundering offences — concealing, arranging and acquisition, use and possession — that SARs exist to report.

The Terrorism Act 2000

Terrorist financing is covered by parallel provisions in the Terrorism Act 2000, particularly sections 19 (disclosure of information: duty) and 21ZA (arrangements with prior consent). The reporting mechanism is the same — SARs flagged with specific terrorist financing indicators go to the NCA via the same channels — but the underlying legal framework is distinct from POCA.

The Money Laundering Regulations 2017

The MLRs 2017 sit alongside POCA and the Terrorism Act. The MLRs require regulated firms to have appropriate systems and controls to identify suspicious activity, including:

Appointing a nominated officer to receive internal SARs (typically the MLRO — see our MLRO guide)
Establishing procedures for internal SAR submission
Training staff to recognise and report suspicious activity
Keeping records of SARs and related investigations

The MLRs therefore complement POCA: POCA creates the criminal offences and the reporting obligation; the MLRs create the supervised obligation to have the systems and controls necessary for firms to discharge their POCA obligations effectively.

FCA supervision

For FCA-regulated firms, the FCA supervises compliance with the MLR systems-and-controls obligations and with broader financial crime expectations under the Financial Crime Guide. SAR function adequacy — governance, resourcing, quality of output, interface with the wider AML framework — is a frequent supervisory focus area. FCA findings on SAR function shortcomings are often the trigger for wider AML remediation programmes.

The Threshold for Suspicion — When a Report Is Required

A SAR is required when a person in the regulated sector has knowledge, suspicion, or reasonable grounds for suspicion of money laundering or terrorist financing. Each of these three tests has a specific legal meaning, and getting the threshold question right is central to the integrity of the SAR function.

Knowledge

Actual knowledge that money laundering is occurring. The highest threshold. Rarely the basis for SARs in practice because direct knowledge of money laundering is uncommon without specific disclosure.

Suspicion

Subjective suspicion held by the person. The leading case law has interpreted “suspicion” as more than mere speculation, but less than a firm belief supported by evidence. It is a state of mind somewhere between the possibility that something might be the case and the conviction that it is. The threshold is not high — a reasonable suspicion does not require evidence that would satisfy a court, and does not require the reporter to identify the specific crime or criminal.

Reasonable grounds for knowing or suspecting

An objective test. Even if the person did not actually know or suspect, they commit an offence if they had reasonable grounds to know or suspect and did not report. This is particularly significant for staff in the regulated sector: training and systems must be adequate to ensure that facts that should give rise to suspicion actually do give rise to suspicion. A person cannot defend themselves by saying they did not spot the red flags if the red flags were there to be spotted.

Applying the test

In practice, the threshold question is often the hardest judgment in the SAR process. Over-reporting (filing SARs on unfounded grounds) creates problems: wasted NCA resource, reputational risk if the underlying customer is later cleared, and dilution of the intelligence value of SARs. Under-reporting (failing to file where the threshold was met) creates criminal liability and undermines the regime. The MLRO’s judgment in individual cases, and the firm’s culture around escalation, determine where the firm sits on this spectrum.

FCA guidance and NCA commentary have consistently encouraged firms to report on the basis of suspicion where suspicion is genuinely held, and to avoid both defensive over-reporting (“when in doubt, SAR”) and cultural under-reporting (where commercial sensitivity to customer relationships discourages escalation).

Internal SAR Process

SAR generation begins with internal reporting. Any member of staff in the regulated sector who forms a relevant suspicion must report it internally — to the nominated officer, who is typically the MLRO.

Internal SAR submission

Firms typically operate structured internal SAR submission processes:

Triggers: Staff training defines the specific situations and red flags that should prompt an internal SAR. Triggers include unusual transaction patterns, customer behaviour inconsistent with their risk profile, specific typology indicators, adverse media, regulatory screening alerts and information received from external sources.
Submission mechanism: Internal SARs are typically submitted via a specific system or form that captures the relevant information — customer details, transaction details, nature of the concern, evidence available.
Immediate escalation: Where the suspicion relates to matters that need urgent action (e.g. where funds are about to leave the firm), immediate escalation procedures apply — usually to the MLRO or a deputy, with specific contact protocols.
Confidentiality: Internal SARs are confidential within the firm; access is restricted to the MLRO, deputy MLROs, financial crime investigators handling the case, and specifically authorised senior management.

MLRO review and decision

On receipt of an internal SAR, the MLRO (or the financial crime team acting under their direction) must:

Evaluate the internal SAR against the legal threshold for suspicion
Assess the evidence — is the suspicion substantiated, and at what level
Conduct further investigation where appropriate (without breaching tipping off rules)
Decide whether an external SAR must be filed with the NCA
Document the decision and the reasoning
Where no external SAR is filed, document clearly why the threshold was not met

The decision to file or not file is the MLRO’s personal responsibility under POCA. Where the MLRO concludes the threshold is met, a SAR must be filed; where they conclude it is not met, they must be able to defend that judgment if challenged. Both over- and under-reporting create legal exposure.

Volume and resourcing

Internal SAR volumes vary enormously across firms. A large retail bank may handle tens of thousands of internal SARs per year, with structured triage teams reviewing each one. A smaller firm may handle a few dozen. Whatever the volume, the MLRO retains personal responsibility for the decisions, supported by financial crime investigators and team leads for operational throughput.

External SAR Filing — the NCA Process

Once the MLRO concludes that an external SAR is required, the filing is made to the NCA via the SAR Online portal — the NCA’s secure submission system.

SAR Online

SAR Online is the NCA’s dedicated reporting platform. Regulated firms register for access (typically granted to nominated individuals, not firm-wide), and submit SARs through structured forms. The platform handles:

Submission of the SAR itself
Optional request for consent (DAML) where applicable
Confirmation of receipt
Communications related to the SAR (follow-up requests, responses, etc.)

The NCA has periodically updated SAR Online and is in the process of introducing further modernisation to handle the substantial SAR volume UK firms generate annually.

SAR content

A SAR submitted via SAR Online contains structured fields covering:

Identification of the reporter (the firm and the nominated officer)
Identification of the subject(s) — the customer(s) the suspicion relates to
Transaction and activity details that form the basis of the suspicion
The narrative explaining the basis for suspicion
Relevant glossary codes classifying the suspicion type
Any request for consent and specific grounds
Supporting attachments where relevant

SAR glossary codes

Glossary codes are structured classifications used to categorise SARs. The NCA publishes the current code list and updates it periodically. Glossary codes enable the NCA to triage and analyse SARs by category — trade-based money laundering, property, cash-intensive businesses, cryptoassets, specific typologies, and many others. Correct application of glossary codes is one of the quality markers of good SAR output. SARs with incorrect or missing codes are harder for the NCA to triage and may be returned for correction.

SAR narrative quality

The narrative is the most important part of any SAR. The NCA and FCA have consistently emphasised that poor-quality SAR narratives limit the intelligence value of the reporting regime. A good SAR narrative:

Clearly articulates what has happened and why it is suspicious
Presents facts in chronological order where useful
Identifies the specific red flags or typologies that prompted the suspicion
Provides context about the customer and the relationship
Includes specific amounts, dates, parties and accounts where these are central to the suspicion
Distinguishes fact from opinion or speculation
Uses plain English, avoids unnecessary jargon, and is structured for rapid reading by the NCA

Poor SAR narratives typically fail one or more of these criteria — narratives that do not explain the basis for suspicion clearly, narratives that are too short to convey the picture, narratives full of internal jargon, narratives that mix fact with speculation, or narratives that effectively expect the reader to piece the story together from raw facts.

The DAML Regime — Defence Against Money Laundering

POCA creates a mechanism by which firms can protect themselves from money laundering offences by obtaining the NCA’s consent before proceeding with a prohibited transaction. This is the Defence Against Money Laundering (DAML) regime, colloquially called “consent” — though the NCA now more often uses DAML terminology.

When DAML is needed

If a firm has a suspicion that funds are criminal property, continuing to transact with those funds risks committing a substantive money laundering offence under POCA sections 327–329. DAML provides the firm with a defence: if the firm seeks consent from the NCA before acting and the NCA either grants consent or does not respond within the statutory period, the firm is protected from prosecution for the specific act.

DAML applies in specific situations:

Where the firm wants to act with or on funds that may be criminal property (e.g. process a payment, release funds to a customer, close an account and return funds)
Where the firm has formed the suspicion that triggers the potential offence
Where proceeding without consent would expose the firm to money laundering liability

Not every SAR involves a DAML request. A SAR filed for intelligence purposes — where the firm does not need to act on the funds and is not at risk of committing an offence — is filed without a consent request. A SAR filed where the firm needs to continue or complete a transaction includes a DAML request.

The DAML process and timings

The statutory framework specifies:

Notice period (7 working days): When a DAML request is submitted, the NCA has 7 working days from the day after the request to respond. If the NCA does nothing, consent is deemed to have been granted — the firm can proceed.
Refusal and moratorium period: If the NCA refuses consent within the notice period, a moratorium period of 31 calendar days begins from the date of refusal. During the moratorium, the firm must not proceed. This gives law enforcement time to investigate further or take action (e.g. obtain a restraint order).
Moratorium extensions: Under provisions introduced by the Criminal Finances Act 2017, the NCA can apply to court for moratorium extensions of up to 31 days at a time, up to a maximum cumulative extension of 186 days beyond the initial moratorium.

Managing DAML operationally

DAML requests require active operational management at the firm. The MLRO and financial crime team must:

Track consent request timelines accurately — moving from 7-day notice to 31-day moratorium requires specific date management
Suspend the relevant transaction or activity during the moratorium and any extensions
Manage customer communications carefully to avoid tipping off (see below)
Coordinate with law enforcement where investigations progress during the moratorium
Be ready to act once the period expires and consent is effectively given (or where positive consent is issued earlier)

DAML volumes are significant at firms with larger AML risk exposure. Major banks file thousands of DAML requests per year; specialist private banks, wealth managers and payment firms may file dozens or hundreds. Each one requires disciplined operational handling.

Tipping Off and Prejudicing an Investigation — Getting Confidentiality Right

Alongside the obligation to report, POCA creates specific offences for disclosing information that could compromise SAR activity or law enforcement investigations. Getting this right is central to the integrity of the regime and to the legal protection of staff involved in SAR matters.

The tipping off offences

POCA sections 333A and 342 create the tipping off offences. The core prohibitions:

Tipping off the subject: Disclosing to the subject of a SAR that a SAR has been made, that a money laundering investigation has been commenced, or is being contemplated.
Prejudicing an investigation: Making a disclosure that is likely to prejudice an investigation being conducted under POCA.
Disclosure of information within the firm: Disclosure between businesses that are not operating jointly as defined, or that do not fall within the permitted disclosure gateways.

What tipping off looks like in practice

Tipping off risks arise in many common scenarios:

A relationship manager telling the customer why their transaction is delayed
A front-office staff member asking the customer follow-up questions in a way that reveals the suspicion
Internal communications to staff without appropriate clearance, where those staff interact with the customer
Media or third-party communications that could alert the customer or accomplices
Even facial expression or tone of voice during a customer interaction can potentially constitute tipping off if it signals the existence of the suspicion

Permitted disclosures

POCA provides specific gateways for legitimate disclosure:

Disclosure within a firm or group to the MLRO or equivalent
Disclosure between connected firms operating jointly, subject to specific conditions
Disclosure to regulators and law enforcement in appropriate circumstances
Disclosure for the purpose of the detection, investigation or prosecution of a criminal offence

Navigating these gateways requires specific understanding. Inadvertent tipping off is as serious as intentional tipping off; ignorance of the rules is not a defence.

Managing tipping off risk operationally

Mature SAR functions operate specific controls to prevent tipping off:

SAR status is restricted information, accessible only to authorised staff
Customer-facing staff are trained on what they can and cannot say when transactions are delayed or declined
Customer communications during DAML periods use pre-approved wording that does not reveal the underlying reason
Internal case management systems have access controls and audit trails
Where customer questions cannot be answered without tipping off risk, the response is escalated to specialist staff with appropriate training

SAR Quality and the NCA’s Intelligence Value

SAR quality has been a sustained area of regulatory and law enforcement focus. The NCA has repeatedly emphasised that low-quality SARs reduce the intelligence value of the regime, and that firms with large SAR volumes but low-quality output are not necessarily fulfilling their obligations better than firms with smaller but higher-quality output.

Markers of high-quality SARs

Clear narrative that articulates the basis for suspicion
Specific facts, amounts, dates and parties presented accurately
Relevant glossary codes applied correctly
Supporting material attached where it adds value
Timely submission — filed as soon as practicable after suspicion arose
Appropriate use of DAML where consent is genuinely needed, and no request where not
Internal investigation evidenced — the firm has looked at the matter properly before reporting

Indicators of poor-quality SARs

Generic narratives that do not explain the specific basis for suspicion
Incomplete or inaccurate customer and transaction data
Missing or incorrect glossary codes
Late submission with no explanation for the delay
DAML requests where no genuine transaction need exists (consent sought “defensively”)
Evidence that the firm has not investigated the matter internally before reporting
Formulaic narratives that look copy-and-paste across multiple SARs

The defensive reporting problem

Regulatory and law enforcement commentary has repeatedly identified “defensive reporting” as a sector-wide issue. Defensive reporting refers to the pattern where firms file SARs on unfounded or thin grounds, primarily to protect themselves from under-reporting risk rather than because a genuine suspicion exists. The effects are problematic:

NCA intelligence resource is diluted by low-value SARs
Genuine suspicions are harder to identify within the noise
Customers are subjected to account closures and transaction freezes on thin grounds
The integrity of the regime is undermined

FCA and NCA commentary has consistently encouraged firms to calibrate their SAR output to genuine suspicion, to invest in SAR quality rather than quantity, and to train staff on the substantive legal threshold rather than a “when in doubt, SAR” default position.

SAR Deadlines and Timeliness

POCA requires disclosure “as soon as is practicable” after the information giving rise to the knowledge or suspicion comes to the person. There is no fixed calendar deadline — “as soon as practicable” is a judgment based on the facts.

What “as soon as practicable” means

Practicable means:

Allowing reasonable time for internal review and confirmation of the suspicion
Conducting necessary internal investigation (subject to tipping off constraints) to confirm the basis
Drafting a complete and accurate SAR narrative
Filing via SAR Online

In practice, SARs typically move from internal report to external filing within days to weeks at well-run firms. Excessive delays — multiple months between internal report and external filing — are difficult to defend and are a specific supervisory concern.

Urgent SAR scenarios

Where the suspicion relates to imminent activity — for example, funds about to leave the firm or a customer about to take an irreversible action — urgency compresses the timeline. In these situations:

The firm must act quickly to assess whether an immediate SAR is required
DAML requests may need to be filed within hours, not days
The firm may need to take immediate protective action (e.g. freezing the account or suspending the transaction) while the SAR is prepared, subject to tipping off constraints

Late SAR filings

Where a SAR is filed later than ideal, firms should document why. Legitimate reasons include complexity of the case, need for internal investigation, and coordination with other workstreams. Unacceptable reasons include administrative delay, under-resourcing of the SAR function, and deprioritisation relative to commercial work.

SAR Reporting Management Information

Mature AML functions produce substantive management information on SAR activity, which feeds into the annual MLRO report to the board. SAR MI is itself a supervisory focus area — firms that cannot articulate their SAR activity clearly typically have weaker oversight of the underlying process.

Typical SAR MI content

Internal SAR volumes by month, by business area, by trigger type
Conversion rate from internal SAR to external SAR
External SAR volumes by glossary code and typology
DAML request volumes and outcomes (consent granted, refused, deemed granted by expiry)
Average time from internal report to external filing
Quality metrics on SAR output where available
Trends over time and against benchmarks
Specific enforcement interactions arising from SAR activity

Connecting SAR MI to action

Good SAR MI is not just a reporting exercise. It drives:

Adjustments to monitoring systems where internal SAR triggers are producing low-quality alerts
Training adjustments where specific staff groups are under- or over-reporting relative to their risk exposure
Resourcing decisions where volumes justify additional investment
Enhanced oversight where specific customer cohorts or product lines show concerning patterns
Discussions with the NCA where the firm’s reporting is generating particular intelligence value (or concern)

Common SAR Function Failings

From supervisory reviews, enforcement cases and the firms we work with, certain SAR function failings recur.

Inadequate internal SAR triggers

Staff training that does not enable genuine recognition of suspicious activity. Systems that do not flag the behaviour patterns most associated with money laundering. A culture where staff are reluctant to raise concerns because they fear creating work for themselves or damaging customer relationships.

Over- or under-calibrated MLRO decision-making

MLROs (or delegates) applying the legal threshold for suspicion inconsistently — sometimes filing on thin grounds, sometimes refusing to file where the threshold is clearly met. Inconsistency between cases raises regulatory concern and undermines the defensibility of individual decisions.

Poor SAR narrative quality

Narratives that do not explain the basis for suspicion, that are full of jargon, that lack specific detail, or that are formulaic. Poor narratives reduce the NCA’s ability to act on the intelligence.

DAML process errors

DAML timelines miscalculated. Moratorium expiry dates missed. Transactions released too early or held too long. Customer communications during DAML that inadvertently reveal the SAR. Failure to apply for moratorium extensions where appropriate.

Tipping off incidents

Staff disclosures — intentional or inadvertent — that compromise the SAR or investigation. Front-office staff under commercial pressure to explain transaction delays, giving explanations that inadvertently signal the underlying reason.

Defensive reporting culture

High SAR volumes but low-quality output. “When in doubt, SAR” operational defaults that produce excessive reporting. Management pressure to increase SAR numbers as a proxy for AML effectiveness.

Inadequate SAR record-keeping

Records of internal SARs not linked to the external SAR filed (or to the decision not to file). Supporting evidence not retained. Decision rationales not documented. When supervisory reviews or enforcement enquiries arrive, firms with poor records cannot defend their decisions.

Disconnected from the wider AML framework

SAR function operating in isolation from customer due diligence, transaction monitoring, screening and the broader financial crime framework. Where SAR outputs do not feed back into CDD (customer risk rating updates, enhanced due diligence, or exit decisions), the intelligence is wasted and the framework as a whole is weaker. See our Customer Due Diligence guide for more on the CDD-SAR interface.

The Specialist Roles in SAR Function Operation

The SAR function relies on specific senior and specialist roles. The recruitment market for these roles is one of the tightest in UK financial crime.

Money Laundering Reporting Officer (MLRO)

The statutory role — SMF17 at FCA-regulated firms — with personal accountability under POCA and the MLRs for the firm’s SAR function. See our full MLRO guide for detail on the role.

Deputy MLRO

Covers the MLRO role during absence and, at larger firms, carries substantial day-to-day operational responsibility for SAR decisions under MLRO delegation.

Head of Financial Crime Investigations

Senior role leading the financial crime investigation team that handles internal SAR review, evidence gathering, and case management. Typically reports to the MLRO or Head of Financial Crime.

Financial crime investigators and SAR analysts

Operational roles handling the flow of internal SARs, conducting investigation, drafting SAR narratives, managing DAML processes and handling follow-up with the NCA. Typically qualified AML professionals with investigation backgrounds — some from law enforcement, some from specialist training through the International Compliance Association or ACAMS.

Transaction monitoring specialists

Responsible for the monitoring system configuration and alert calibration that generate many internal SAR triggers. Technical specialism bridging compliance and data analytics.

Sanctions specialists

Handling sanctions-related SARs specifically, given the specific overlap between sanctions concerns and broader money laundering suspicion.

Head of SAR Operations

At larger firms, a dedicated senior operational role focused specifically on SAR function throughput, quality and governance. Increasingly common as firms professionalise the SAR function at scale.

How FD Capital Places SAR Function and Financial Crime Specialists

FD Capital operates a specialist FCA-regulated firms recruitment practice. SAR function leadership and specialist financial crime investigation roles are core placement areas. The specialist talent pool is tight — the combination of regulatory knowledge, investigation skill and UK-specific experience is specific to each search.

Candidate pool

Our SAR and financial crime candidate pool includes:

MLROs and Deputy MLROs at banks, investment firms, asset managers, insurers, consumer credit, payments, e-money and cryptoasset firms
Heads of Financial Crime Investigations with proven SAR function leadership experience
Senior financial crime investigators and SAR analysts, including former NCA and regional financial crime unit officers
Transaction monitoring specialists with experience calibrating systems to produce actionable SAR triggers
Sanctions specialists with UK OFSI and international sanctions regime expertise

Engagement models

Permanent placements for firms building out or replacing SAR function leadership
Interim and fractional placements for specific situations — remediation following supervisory review, backlog clearance, cover during MLRO transition, specific project support
Team build-outs where firms need to scale SAR capacity rapidly, often alongside broader AML remediation

Sector coverage

UK FCA-regulated sectors have materially different SAR profiles. Retail and commercial banks operate at the highest volumes with structured triage teams. Cryptoasset firms face specific typologies around blockchain tracing and source of funds. Payment services firms handle high-velocity transaction-based reporting. Wealth and private banks handle lower-volume but higher-complexity cases involving PEP structures and complex sources of wealth. We match candidates to the specific firm sector and SAR profile.

SARs Are the Output the Regime Is Built to Produce — Staff the Function Properly

The firms that handle SAR operation well recognise it as the most legally exposed part of the AML framework — and resource it accordingly. Well-resourced investigation teams, disciplined MLRO decision-making, robust DAML management, strong tipping off controls, consistent SAR narrative quality, and integrated management information. Firms that under-resource the SAR function produce low-quality output, miss deadlines, make tipping off errors and generate the supervisory concerns that eventually translate into remediation exercises or enforcement action.

FD Capital can help you find the right MLRO, Deputy MLRO, Head of Financial Crime, SAR function specialist or broader financial crime specialist — permanent, interim or fractional — matched to the specific needs of your firm.

A Note from Our Founder — Adrian Lawrence FCA

The conversations I have about SAR function recruitment are usually driven by one of three specific situations. The first is firms scaling up — volume has grown, the existing team cannot keep pace, and quality is suffering as throughput pressure increases. The second is firms responding to supervisory feedback — the FCA has reviewed the SAR function and found specific issues that need addressing. The third is firms where the MLRO has left or is leaving, exposing a succession gap that needs urgent attention given the personal accountability the role carries.

In all three contexts, the same principle applies: the candidates who succeed in SAR function leadership are those who combine technical legal knowledge (POCA, the MLRs, tipping off, DAML mechanics) with operational discipline (managing throughput, quality and governance) and the judgment to know when to escalate and when to resolve internally. These are genuinely specialist skills, and the UK market for them is tight. Firms that approach SAR function recruitment as generic compliance hiring typically struggle; firms that engage properly with the specialist market tend to attract the stronger candidates.

At FD Capital we place MLROs, Deputy MLROs, Heads of Financial Crime and specialist SAR and investigation staff at UK FCA-regulated firms across all major sectors. If you are recruiting in this area, handling a specific SAR function issue, or planning for an MLRO transition, I am happy to have a direct conversation. Every mandate I take on is handled personally.

Hire an MLRO, Head of Financial Crime or SAR Function Specialist

MLRO and Deputy MLRO appointments, Heads of Financial Crime Investigations, senior SAR and DAML specialists, and the wider financial crime team — all with the regulatory depth and operational discipline UK firms require. FD Capital places SAR function and financial crime specialists at UK FCA-regulated firms, as fractional, interim or permanent appointments.

Call: 020 3287 9501
Email: recruitment@fdcapital.co.uk

Hire an MLRO ›
Call 020 3287 9501

Suspicious Activity Reports (SARs): The Complete UK Guide