What is the difference between a SAR and an STR?

The full answer

SAR (Suspicious Activity Report) and STR (Suspicious Transaction Report) are different names for the same fundamental filing requirement. The institution has spotted something suspicious and must notify the financial intelligence unit (FIU). The name depends on where you are.

The United States, under the Bank Secrecy Act, uses SAR. Financial institutions file with FinCEN using FinCEN Form 111. The threshold is $5,000 for most depository institutions; lower thresholds apply to money services businesses and broker-dealers. FinCEN's SAR Stats database tracks filing volumes by institution type, activity category, and geography.

Most other countries follow FATF Recommendation 20, which requires member countries to impose an STR obligation on financial institutions when they suspect funds are proceeds of crime or linked to terrorist financing. FATF sets no universal monetary threshold; national implementations vary widely.

The UK uses "SAR" as the domestic term, but the legal basis is the Proceeds of Crime Act 2002 and the Terrorism Act 2000, and filings go to the National Crime Agency's UKFIU, not FinCEN. The NCA received approximately 901,000 SARs in the year ending September 2023. Australia uses a third variant: the "Suspicious Matter Report" (SMR), filed with AUSTRAC. Canada uses STR, filed with FINTRAC.

Activity vs. transaction: why it matters operationally

A SAR covers suspicious activity. The transaction doesn't need to be completed. A customer who attempts a large cash deposit, hesitates when asked for identification, and then leaves without completing it can still trigger a SAR. So can a pattern of behavior across multiple transactions, an implausible business explanation, or a non-transactional event observed at the branch. FinCEN's filing instructions are explicit on this.

An STR is anchored to a transaction that occurred. The filing narrative must identify the specific transaction and explain why it appeared suspicious. Context matters in the narrative, but the legal trigger is the transaction itself.

This distinction shapes how AI-assisted transaction monitoring systems should be configured for different markets. A system built on US SAR logic generates activity-based alerts that don't map cleanly to STR thresholds, and vice versa. Global programs need alert rules and escalation workflows calibrated to the applicable standard in each jurisdiction, not a single global ruleset that blends the two.

How FinCEN defines suspicious activity is covered in more detail separately. The definition is broader than most internal training materials reflect.

Tipping-off and safe harbor

Both regimes carry a tipping-off prohibition. The institution cannot tell the subject of the filing that a report exists or is being considered. In the US, this is 31 U.S.C. § 5318(g)(2). EU and UK legislation contains equivalent provisions. Who can actually see a filed SAR is a more complex question than most compliance officers expect: access is restricted, but it isn't zero.

Both also provide safe harbor from civil and criminal liability for good-faith filings. Without that protection, institutions would face routine litigation from customers appearing in reports. The system wouldn't function.

Filing timelines

US rules require a SAR to be filed within 30 calendar days of initial detection, extendable to 90 days when the institution needs additional time to investigate. How long banks have to file a SAR covers the exceptions and the clock-start questions in detail.

STR timelines vary by jurisdiction. Some countries require filing within 24 hours of detection. Others allow up to 30 days. Operating in multiple markets means maintaining a per-jurisdiction matrix of timelines, not a single global standard.

Who authorizes the filing

In the US, the BSA Officer or a designated compliance officer is responsible. The decision can be delegated internally as long as accountability sits with the BSA Officer. Who files a SAR: the MLRO or the compliance officer explains the US and UK distinctions in full.

In the UK, the Money Laundering Reporting Officer must personally authorize every SAR before it goes to the NCA. That isn't a procedural nicety: it's a legal requirement under POCA 2002. Firms with a US-designed escalation process sometimes get this wrong when they expand into the UK, treating the MLRO as a reviewer rather than the authorizing decision-maker.

Exam quality scrutiny of filings often traces back to escalation failures. What triggers a regulatory exam and the role that filing quality plays is worth understanding before an exam cycle begins. Examiners look at whether the institution has a clear process connecting CDD and EDD outputs to SAR or STR decisions. Gaps in that chain are common findings.

Why this matters

A global institution that treats "SAR" and "STR" as interchangeable terminology in a single compliance policy is setting up a future exam finding. The legal triggers, escalation paths, FIU recipients, and filing timelines all differ. Regional compliance staff need policies that reference the correct standard for their jurisdiction, not a US-centric document applied globally.

Alert volume is the other issue. False positive rates in AML transaction monitoring run as high as 95% at some institutions. Most alerts never become filings. Getting the conversion rate right requires internal decision criteria that match the actual legal standard, SAR or STR, for the market in question.

What happens when a bank fails an AML exam frequently comes back to SAR or STR deficiencies: late filings, incomplete narratives, no documentation of decisions not to file, or escalation processes that bypass the MLRO in a UK context. These aren't abstract risks. They're the basis for consent orders, fines, and in serious cases, monitorships.

Related questions

• Who files a SAR: the MLRO or the compliance officer?
• How long do banks have to file a SAR?
• How does FinCEN define suspicious activity?
• Who can see a filed SAR?
• What percentage of AML alerts are false positives?

Related concepts and regulations

• What is the difference between AML and CFT?
• What is the difference between CDD and EDD?
• What triggers a regulatory exam?
• What happens when a bank fails an AML exam?
• Can AI be used for AML transaction monitoring?