What is the difference between a SAR and an STR?
Quick answer
SAR (Suspicious Activity Report) is the US FinCEN term under the Bank Secrecy Act. STR (Suspicious Transaction Report) is the FATF equivalent used by Canada, Singapore, and most EU states. US SARs cover attempted transactions and non-transactional suspicious behavior; most STR regimes focus on completed transactions. ---
The full answer
SAR and STR aren't competing standards. They're the same regulatory obligation, named differently by different regulators, with meaningful scope differences that matter operationally.
SAR (Suspicious Activity Report) is the US term. Banks file with FinCEN under 31 U.S.C. § 5318(g) of the Bank Secrecy Act. The threshold is $5,000 for banks and $2,000 for money services businesses. What matters more than the threshold is scope. The US SAR covers attempted transactions, abandoned transactions (a customer who walks away mid-process after being asked for documentation), and non-transactional suspicious behavior. A customer who asks staff how to break up cash deposits to avoid Currency Transaction Report filing has triggered SAR consideration before a single dollar moves. How does FinCEN define suspicious activity? goes deeper into where FinCEN draws that line.
Filing deadline: 30 calendar days from detection. If no suspect can be identified, 60 days. How long do banks have to file a SAR? covers what counts as the detection date and how to document the clock.
STR (Suspicious Transaction Report) is the term in FATF Recommendation 20, which most FATF member countries have implemented into domestic law. Canada files STRs with FINTRAC within 30 business days of forming reasonable grounds. Singapore files with the Suspicious Transaction Reporting Office (STRO) under the Corruption, Drug Trafficking and Other Serious Crimes Act. India files with FIU-IND under the Prevention of Money Laundering Act. The UK sits awkwardly in both camps: it uses "SAR" and files with the National Crime Agency under the Proceeds of Crime Act 2002, but conceptually its regime maps to FATF's STR framework.
The scope question is where compliance teams need to be careful. FATF's Recommendation 20 commentary permits STR filings for attempted transactions, but many countries implement STR rules that focus primarily on completed transactions in practice. The US SAR obligation is explicit and unambiguously broader.
Why this matters
A bank with US, UK, Canadian, and Singapore operations is subject to four separate reporting regimes simultaneously. Each has a different FIU, a different filing deadline, a different threshold, and a different definition of what triggers the obligation.
If a compliance team trains analysts against a single "universal" SAR/STR standard, those analysts will miss jurisdiction-specific edge cases. The suspicious inquiry that doesn't involve a completed transaction may be a clear US SAR obligation but fall outside the local STR rules in another country.
Who files a SAR: the MLRO or the compliance officer? is a related point of confusion for banks expanding into the UK. The nominated officer structure under POCA 2002 differs meaningfully from the US model, and conflating the two creates accountability gaps.
Alert volume compounds the problem. Banks generating thousands of transaction monitoring alerts daily, most of them irrelevant, can't file a report for every hit. What percentage of AML alerts are false positives? examines how bad the signal-to-noise problem is. Can AI be used for AML transaction monitoring? looks at how automation is changing the SAR/STR decision process.
The tipping-off rules add another constraint. Once a SAR or STR is filed, you can't alert the subject. In the UK, a tipping-off offense under POCA 2002 s.333A can carry criminal liability for the individual, not just the institution. FinCEN's safe harbor protects filers from civil suits but doesn't remove the confidentiality obligation. Who can see a filed SAR? covers how SAR data is shared across law enforcement.
The cost of getting SAR obligations wrong is well-documented. FinCEN's enforcement actions for SAR-related BSA failures have resulted in consent orders and civil money penalties in the tens to hundreds of millions of dollars, with the most severe cases resulting in independent monitorship. What happens when a bank fails an AML exam? covers the enforcement spectrum.
Related questions
- How long do banks have to file a SAR?
- Who files a SAR: the MLRO or the compliance officer?
- How does FinCEN define suspicious activity?
- Who can see a filed SAR?
- What percentage of AML alerts are false positives?
Related concepts and regulations
- What is the difference between AML and CFT?
- What is the FATF Grey List?
- What is the difference between CDD and EDD?
- Can AI be used for AML transaction monitoring?