Suspicious Transaction Report (STR): Definition and Use in Compliance

What is Suspicious Transaction Report (STR)?

A Suspicious Transaction Report (STR) is a formal notification that a financial institution or other regulated entity files with its national financial intelligence unit (FIU) when a transaction or pattern of transactions raises a suspicion of money laundering, terrorist financing, or related financial crime. The report is not a criminal charge. It's an intelligence input that FIUs use to build cases, share signals across borders, and direct law enforcement resources.

The term STR is the internationally standard terminology, established by the Financial Action Task Force (FATF) in its 40 Recommendations, specifically Recommendation 20. In the United States, the filing goes by a different name: the Suspicious Activity Report (SAR), submitted to FinCEN. In the UK, SARs go to the National Crime Agency. The Australian Transaction Reports and Analysis Centre (AUSTRAC) uses STR. Despite the naming variation, the underlying obligation is identical across jurisdictions: report suspicion to the FIU without needing evidence sufficient for a criminal conviction.

The threshold is suspicion, not certainty. A bank teller who notices that a customer is structuring cash deposits just below the reporting threshold is required to file an STR even without knowing where the money originates. Certainty of crime is the prosecutor's job.

Reportable activity covers more than cash. Wire transfers with unusual routing, rapid cycling through accounts, transactions inconsistent with a customer's known business, and payments to sanctioned jurisdictions all qualify. The obligation sits on the reporting entity: bank, credit union, money service business, casino, or DNFBP depending on jurisdiction.

One element is fixed everywhere: the no tipping-off rule. Once an STR is filed, the reporting institution cannot inform the customer. Disclosure is a criminal offense in most FATF-member countries.

How is Suspicious Transaction Report (STR) used in practice?

The STR workflow starts before the report is ever drafted. A transaction monitoring system flags an alert, based on rule thresholds or a behavioral model. An analyst reviews the alert, pulls the customer's history, checks the Customer Due Diligence (CDD) file, and maps the flagged activity against known typologies from FATF, FinCEN advisories, or Egmont Group guidance.

Not every alert becomes a report. At most large institutions, alert-to-STR conversion rates run between 3% and 8%. The bulk of analyst time goes into dismissing noise: a customer moving money for a house purchase, a charity receiving an unusual donation, a seasonal business with irregular cash patterns. The investigation documents this reasoning, which is itself a compliance record regulators can request.

When suspicion persists after investigation, the analyst escalates to the MLRO or BSA officer for a SAR consultation. This person reviews the case, makes the final filing decision, and approves the narrative. The narrative is the most scrutinized part of the report. It must be specific enough to be useful to law enforcement without being speculative.

After filing, the case is closed in the system with the FIU reference number, filing date, and a note on any follow-up expected. If suspicious activity continues, most jurisdictions require a continuing STR every 90 to 180 days. Some banks track customers under ongoing monitoring after an initial STR, applying Enhanced Due Diligence (EDD) protocols.

Backlog management is a real operational problem. At institutions with high transaction volumes, STR queues can swell to thousands of pending cases. Teams that cut alert noise upstream, through better AML transaction monitoring rules tuning, keep their queues workable. We've seen banks cut active alert queues from over 6,000 open cases to under 400 within six months by tightening risk segmentation and adjusting rule thresholds.

Suspicious Transaction Report (STR) in regulatory context

FATF Recommendation 20 is the foundation. It requires countries to mandate STR filing by financial institutions when there is suspicion or reasonable grounds to suspect that funds are related to money laundering or terrorist financing. The 2012 revision of the FATF Recommendations extended this obligation to cover all predicate offenses to money laundering, going beyond the original focus on drug trafficking.

In the United States, SAR requirements flow from the Bank Secrecy Act (BSA), specifically 31 U.S.C. § 5318(g). FinCEN's implementing regulations set the $5,000 threshold for SAR filings at banks and a $2,000 threshold for money services businesses. The USA PATRIOT Act of 2001 expanded the list of required filers to include securities broker-dealers, futures commission merchants, and insurance companies.

In the European Union, the 6th Anti-Money Laundering Directive (6AMLD) harmonizes the predicate offenses list across member states and extends STR obligations to crypto-asset service providers under the Markets in Crypto-Assets Regulation (MiCA) framework.

In the UK, the Proceeds of Crime Act 2002 and the Terrorism Act 2000 create dual STR regimes: one for money laundering suspicion and one for terrorist financing. The NCA's Financial Intelligence Unit received over 901,000 SARs in 2023, according to the NCA's SARs Annual Reports.

Regulators use STR volumes and quality as examination data points. Examiners at the OCC or FDIC look for whether a bank's filing rates are anomalously low relative to peer institutions, which can signal under-reporting rather than a genuinely clean customer base. For teams preparing for an exam, the BSA/AML exam preparation guide covers what examiners look at specifically during STR reviews.

Common challenges and how to address them

Most institutions focus STR training on when to file. The harder operational challenge is dismissal velocity: ruling out non-suspicious alerts fast enough to keep pace with transaction volumes. Most large institutions manage alert queues in the tens of thousands. An institution processing 50 million transactions a month with a 0.05% alert rate generates 25,000 alerts per month. If each takes 45 minutes to investigate and dismiss, that's 18,750 analyst hours for cases that go nowhere.

The standard response has been to add staff. The better approach is reducing noise at the alert generation stage. Segmenting customers by risk profile, tightening rule thresholds for lower-risk Simplified Due Diligence (SDD) segments, and applying behavioral clustering all reduce queue size without affecting filing quality. Reducing false positives in transaction monitoring is a documented operational goal for most compliance technology programs, and the methods are well established.

Narrative quality is the second challenge. Regulators consistently cite poor SAR narratives as an examination finding. A useful narrative names the specific transactions, dates, amounts, counterparties where known, and the investigator's reasoning. A narrative that reads "customer conducted transactions inconsistent with expected behavior" tells law enforcement nothing actionable. FinCEN's SAR Activity Review publications include examples of narratives that led to successful prosecutions, and they're worth reading as a quality benchmark.

The no tipping-off rule creates its own management challenge. Relationship managers who know a customer personally may inadvertently disclose suspicion. Training must be specific and refreshed annually.

Cross-border coordination is the final structural problem. A transaction that looks clean in isolation may be part of a larger pattern visible only when data from multiple jurisdictions is combined. The Egmont Group's secure FIU-to-FIU network exists for this reason, but processing time is slow relative to real-time transaction speeds.

Related terms and concepts

STR sits within a broader set of regulatory reporting and due diligence obligations. Understanding how they connect makes the compliance picture clearer.

The Currency Transaction Report (CTR) is the rule-based complement to the STR. CTRs are filed automatically when a cash transaction exceeds $10,000, regardless of suspicion. STRs require an analyst to assess whether the transaction pattern suggests criminal intent. The two filings serve different purposes. CTRs are surveillance data. STRs are intelligence.

Know Your Customer (KYC) is what makes STRs meaningful. Without a solid customer risk profile, an analyst has no baseline against which to judge whether a transaction is unusual. A $50,000 wire from a corporate treasury account is routine. The same wire from a retail customer with no declared business income is not. The KYC file provides the context that turns a data point into a judgment.

For corporate customers, Know Your Business (KYB) and Ultimate Beneficial Owner (UBO) disclosure extend that context to who ultimately controls the funds. Shell companies are a common vehicle for structuring suspicious transactions precisely because the beneficial owner is obscured.

Enhanced Due Diligence (EDD) is the protocol applied to higher-risk customers: politically exposed persons, customers in high-risk jurisdictions, and those with prior STR filings. EDD generates more granular transaction data, which improves STR quality when filing is required.

For teams looking to operationalize these connections, treating KYC, EDD, and transaction monitoring as a single data model rather than separate systems is the practical goal. An STR filed with rich contextual data is far more useful to an FIU than one that records the transaction in isolation. AI-powered fraud detection platforms that unify these signals make the difference between a 3-page investigator narrative and a three-line summary.