A practical UK guide to writing and filing a suspicious activity report: the legal duty, the SAR Portal, DAML consent, tipping off and a good SAR.

A suspicious activity report, or SAR, is how a regulated firm passes knowledge or suspicion of money laundering or terrorist financing to the UK Financial Intelligence Unit (UKFIU), which sits within the National Crime Agency (NCA). It is not a discretionary courtesy. For anyone working in the regulated sector, submitting a report when the legal threshold is met is a statutory obligation under the Proceeds of Crime Act 2002 and the Terrorism Act 2000, and failing to do so can be a criminal offence in its own right.
The volume of reporting is substantial. In the year from April 2024 to March 2025 the UKFIU received 866,616 SARs, and the reports that carry a request for consent to proceed, known as Defence Against Money Laundering (DAML) requests, led to a record 382.6 million pounds being denied to suspected criminals in a single year, according to the NCA SARs Annual Report. Behind those numbers sits a simple truth: intelligence is only as useful as the quality of the report that carries it.
This guide walks through the legal duty that triggers a report, how to structure and write a good SAR, how to file it through the SAR Portal, how DAML consent and the moratorium period work, and how to avoid the tipping off trap. It is written for nominated officers, money laundering reporting officers (MLROs), and the front line staff who feed them internal disclosures.
The obligation to report is anchored in Part 7 of the Proceeds of Crime Act 2002. Section 330 creates the failure to disclose offence for the regulated sector: a person commits an offence if they know or suspect, or have reasonable grounds for knowing or suspecting, that another person is engaged in money laundering, the information came to them in the course of regulated sector business, and they do not make the required disclosure to a nominated officer or to the NCA as soon as is practicable. The threshold is deliberately low. It is not knowledge; reasonable grounds to suspect is enough.
The Financial Conduct Authority reinforces the same duty in its Financial Crime Guide. FCG 3.2.10 states that firms must have a nominated officer, and that the nominated officer has a legal obligation to report any knowledge or suspicions of money laundering to the NCA through a SAR. Staff report their concerns to the nominated officer, who must then consider whether a report to the NCA is necessary based on all the information at their disposal. That two stage structure, internal disclosure then a considered external decision, is central to how the regime is meant to work.
Terrorist financing follows a parallel path under the Terrorism Act 2000, and firms should submit a distinct terrorist financing SAR where that suspicion arises. Whichever instrument applies, the reporting decision belongs to the nominated officer or MLRO, who owns both the judgement and the documented rationale behind it.
Understanding the environment your report enters helps explain why quality matters so much. The UKFIU is one of the busiest financial intelligence units in the world, and the annual figures published by the NCA show reporting settling at a high plateau after several years of growth.
The chart below draws on the NCA SARs Annual Reports. Reporting rose sharply through the early 2020s before stabilising, with 866,616 SARs received in 2024 to 2025. Of those, 848,036 (97.86 per cent) were submitted through the modern SAR Portal and 18,580 (2.14 per cent) through the legacy SAR Online system during the transition between the two.
At this scale, a report that is vague, misfiled across the wrong fields, or missing key identifiers is unlikely to surface in the searches that matter. Volume is not the same as value, and the UKFIU has been explicit that missing, inaccurate or complex information limits analysis and reduces a SAR's usefulness to law enforcement.
Annual volume of suspicious activity reports received, per NCA SARs Annual Reports. 2022-23 is omitted as a comparable total was not verified from a primary source.
2020-21
742317%
2021-22
901255%
2023-24
872048%
2024-25
866616%
A good SAR tells a clear story that a reader with no prior knowledge of the customer can follow. The UKFIU's best practice guidance and the FCA's own examples of good practice point in the same direction: set out a clear narrative of events, use plain English, and include the identifying detail that law enforcement can act on, such as names, addresses, dates of birth, passport numbers, phone numbers and email addresses.
Two structural points do a lot of the heavy lifting. First, complete every relevant field in the SAR Portal rather than dumping information into the free text reason for suspicion box; the UKFIU warns that details written only in the narrative may not appear in relevant searches. Second, populate the reason for suspicion with the information most relevant to explaining why you suspect money laundering or terrorist financing. You do not need to prove an offence; if law enforcement decides to investigate, it can request further information through the proper channels.
The table below contrasts the hallmarks of a strong SAR with the failings the UKFIU and FCA see most often, including defensive reporting where a nominated officer forwards every internal report to the NCA without considering whether it is genuinely suspicious. Such defensive reports, the FCA notes, are likely to be of little value.
| What a good SAR includes | Common failings to avoid |
|---|---|
| A clear, plain English narrative that a reader can follow without prior context | Vague or jargon heavy text that leaves the suspicion unexplained |
| Full identifying detail in the correct structured fields (names, addresses, dates of birth, account and reference numbers) | Key details written only in the free text box, so they never surface in searches |
| A focused reason for suspicion that explains why the activity is suspicious | A description of the activity with no articulated reason for suspicion |
| Relevant glossary codes selected to flag the report to the right teams | Missing or irrelevant glossary codes that slow triage |
| Cross references to related earlier SARs, with brief context | A bare cross reference, or omitting the connection entirely |
| A considered nominated officer decision with the rationale documented | Defensive reporting: forwarding every internal report without judgement |
SARs should be submitted through the SAR Portal, which the NCA describes as the most secure and efficient route and which is available 24 hours a day. Your organisation registers once; any registered user can then invite colleagues, and you receive an acknowledgement and a unique reference number after each submission. Keep that reference, because it is how the report is identified thereafter.
Before you write, gather the facts internally so the nominated officer is deciding on complete information. A tight internal process, effective front line escalation feeding a documented decision, is exactly what the FCA's self assessment questions probe. If your firm needs to build or tighten that internal reporting and decision workflow, the tooling in Nasara Connect's control suite is designed to capture escalations, evidence the rationale, and produce an audit trail.
The steps below summarise the end to end flow from suspicion to filing. Note that attachments cannot be uploaded to a SAR for security reasons, so all information relevant to the main subject and your suspicion must sit within the report itself; if further documents exist, state that in the SAR and explain how they can be requested.
Sometimes you know or suspect that property is criminal but you also need to carry out an act that would otherwise be a principal money laundering offence, such as completing a transaction or returning funds. In that situation you can seek consent through a Defence Against Money Laundering (DAML) request, which relies on the authorised disclosure defence in section 338 of the Proceeds of Crime Act 2002. Making an authorised disclosure before proceeding, and then acting only with consent, protects the reporter from liability for the act disclosed.
The mechanics are time bound. Once a DAML is submitted you must not proceed with the prohibited act unless and until you receive a granted decision from the UKFIU, or the seven working day notice period lapses without a response. If consent is refused within that window, a 31 calendar day moratorium period begins, during which you must not proceed and law enforcement can act to restrain the funds. These consent requests are a powerful asset denial tool: DAML requests led to 382.6 million pounds being denied to suspected criminals in 2024 to 2025, up from 240.1 million pounds the previous year, according to the NCA.
It is worth knowing that not every low value situation needs a DAML. Changes to the threshold amount under section 339A of the Proceeds of Crime Act 2002, which was raised from 250 pounds to 1,000 pounds for deposit taking bodies and certain firms, allow some routine account activity below the threshold to proceed without a consent request. Where payment operations and financial crime controls intersect, the workflows in Nasara Connect's payments module help firms manage these consent and threshold decisions consistently.
Filing a SAR carries a strict confidentiality obligation. Under section 333A of the Proceeds of Crime Act 2002, a person in the regulated sector commits the tipping off offence if they disclose that a SAR has been made, or that a money laundering investigation is being contemplated or carried out, where that disclosure is likely to prejudice any investigation. The information must have come to them in the course of regulated sector business. On conviction the offence can carry a custodial sentence.
In practice this means the subject of a report, and anyone connected to them, should not learn that a SAR exists. Handle SARs on a strict need to know basis, resist customer pressure to explain why a transaction is delayed, and be cautious even when a customer or the Financial Ombudsman Service asks questions; there are proper channels for sharing that a SAR has been submitted, and you should never hand over a copy of the SAR itself. Limited exceptions exist for permitted disclosures within a group or between institutions, but the default posture is silence.
The balancing act, meeting the legal duty to report while never tipping off the subject, is one of the harder judgements in day to day compliance. Clear internal procedures, restricted access, and documented handling all reduce the risk of an inadvertent breach.
Writing and filing a suspicious activity report is a legal act with real consequences on both sides: failing to report when the threshold is met is a criminal offence, and so is tipping off the subject once you have. Between those two duties sits the craft of the report itself. A good SAR is complete, correctly filed across the SAR Portal's structured fields, and built around a plain English reason for suspicion that a stranger to the case can follow and act upon.
For nominated officers and MLROs, the enduring lesson from the NCA and FCA is that judgement matters more than volume. Defensive over reporting clogs the system and adds little, while under reporting exposes both the firm and the individual to liability. Get the internal escalation, the threshold decision, and the documented rationale right, and the report that follows will do its job. To see how Nasara Connect supports that end to end control workflow, explore our plans or book a demo.
Front line staff must escalate suspicions internally, but the nominated officer or MLRO carries the legal obligation to consider those internal reports and decide whether to submit a SAR to the National Crime Agency. FCG 3.2.10 and section 330 of the Proceeds of Crime Act 2002 both frame the duty this way. The nominated officer owns both the decision and the documented rationale behind it.
For the regulated sector the threshold is knowledge or suspicion, or reasonable grounds for knowing or suspecting, that another person is engaged in money laundering or terrorist financing. That is a lower bar than proof or even firm belief. If reasonable grounds to suspect exist and the information arose through regulated sector work, a report is required as soon as is practicable.
Submit through the SAR Portal, the NCA's secure online system, which is available 24 hours a day. Your organisation registers once and any registered user can invite colleagues. After submitting you receive an acknowledgement and a unique reference number, which you should retain. Attachments cannot be uploaded, so all relevant information must sit within the report itself.
A Defence Against Money Laundering (DAML) request seeks consent to carry out an act, such as a transaction, that would otherwise be a money laundering offence because you suspect the property is criminal. It relies on the authorised disclosure defence in section 338 of the Proceeds of Crime Act 2002. You must not proceed until consent is granted or the seven working day notice period lapses without a response.
If consent to a DAML is refused within the seven working day notice period, a 31 calendar day moratorium period begins. During that time you must not carry out the disclosed act, and law enforcement can use the window to restrain or seize the funds. The period can be extended by court order in some circumstances.
Tipping off, under section 333A of the Proceeds of Crime Act 2002, is disclosing that a SAR has been made or that an investigation is contemplated or under way, where doing so is likely to prejudice it. Avoid it by handling SARs strictly on a need to know basis, never telling the subject a report exists, and never providing a copy of the SAR to a customer.
Nasara Control helps UK firms send and control payments with lower fees, better rates and full visibility.
Practical guides and updates for UK firms, straight to your inbox.