Suspicious Transaction Report (STR): What It Is, When to File, and How the Process Works

In 2024, TD Bank agreed to pay approximately $3 billion in penalties after US regulators found systemic failures in its transaction monitoring and suspicious activity reporting programs. The case made international headlines, but the underlying compliance failure was not exotic. TD Bank did not adequately detect, investigate, and report suspicious transactions flowing through its accounts. That obligation sits at the center of every AML compliance program, and the mechanism for fulfilling it is the suspicious transaction report.

Filing suspicious transaction reports is one of the most operationally demanding responsibilities regulated institutions face. It involves recognizing patterns that deviate from expected behavior, investigating whether those patterns indicate potential criminal activity, documenting findings to a standard that satisfies regulators, and submitting the report within strict timelines. Getting any of those steps wrong exposes the institution to enforcement action, financial penalties, and reputational damage.

This guide covers the suspicious transaction report meaning and process from end to end: what triggers one, who must file, how the investigation works, what the regulatory frameworks require across jurisdictions, and how automated monitoring is changing the way institutions detect and report suspicious activity.

What Is a Suspicious Transaction Report?

A suspicious transaction report (STR) is a formal filing that a regulated institution submits to its national Financial Intelligence Unit (FIU) when it identifies a transaction, or a pattern of transactions, that appears connected to money laundering, terrorist financing, fraud, or other financial crime. The report documents the nature of the suspicious activity, the parties involved, the financial instruments used, and the basis for the institution's suspicion.

The suspicious transaction report meaning extends beyond a simple alert. An STR represents the institution's assessment that a transaction cannot be explained by the customer's known profile, stated business purpose, or expected behavior, and that the anomaly is significant enough to warrant regulatory attention. It is the primary channel through which the private sector feeds financial intelligence to law enforcement and regulatory agencies.

STRs are not accusations of criminal conduct. They are risk signals. The filing institution is not required to prove that a crime has occurred. It is required to report activity that, based on the information available, raises reasonable grounds for suspicion. The FIU then determines whether the report warrants further investigation, referral to law enforcement, or integration into broader intelligence efforts.

Every major AML regulatory framework in the world requires some form of suspicious transaction reporting. The specifics vary by jurisdiction, but the core obligation is consistent: if a regulated entity identifies activity that meets the threshold for suspicion, it must file a report within defined timelines. Failure to do so is itself a regulatory violation, regardless of whether the underlying activity turns out to be criminal.

STR vs. SAR: What’s the Difference?

The terms “suspicious transaction report” and “suspicious activity report” (SAR) are frequently used interchangeably, but the distinction matters depending on the jurisdiction.

In the United States, the standard term is suspicious activity report (SAR). US financial institutions file SARs through FinCEN’s Bank Secrecy Act (BSA) e-filing system. The SAR covers not only individual transactions but also broader patterns of suspicious behavior, attempted transactions, and activity that may not involve a completed financial transaction at all.

Most other jurisdictions use suspicious transaction report (STR). Canada’s FINTRAC, Singapore’s Suspicious Transaction Reporting Office (STRO), and the majority of FATF member countries use STR as the standard designation. In some cases, the terminology reflects a narrower focus on completed transactions rather than the broader “activity” framing used in the US.

In practice, the functional purpose is identical. Both SARs and STRs serve as the mechanism through which regulated entities report potentially criminal financial activity to their national FIU. The information collected is substantially similar: details about the subjects involved, the nature of the suspicious activity, the financial instruments and amounts, and the institution’s rationale for filing.

For institutions operating across multiple jurisdictions, the key consideration is not the label but the specific filing requirements, thresholds, and timelines that apply in each country. A transaction that triggers a filing obligation under US SAR rules may require a different approach under EU member state STR requirements or FINTRAC’s reporting framework.

Who Is Required to File Suspicious Transaction Reports?

The obligation to file suspicious transaction reports extends well beyond traditional banks. While banks and credit unions were the original focus of AML reporting requirements, the scope of obligated entities has expanded significantly over the past two decades.

Under US BSA regulations, the following entities must file SARs: banks and credit unions, money services businesses (MSBs), broker-dealers in securities, mutual funds, insurance companies, futures commission merchants, and introducing brokers in commodities. FinCEN has also extended reporting obligations to certain non-financial businesses, including casinos and card clubs.

The FATF Recommendations cast an even wider net. FATF Recommendation 20 requires all financial institutions to file STRs. Recommendation 23 extends the obligation to designated non-financial businesses and professions (DNFBPs), including real estate agents, dealers in precious metals and stones, lawyers, notaries, accountants, and trust and company service providers.

The EU Anti-Money Laundering Directives mirror this broad scope, requiring reporting by credit institutions, financial institutions, auditors, tax advisors, notaries, legal professionals, estate agents, and providers of gambling services, among others.

For fintech companies, payment service providers, and crypto asset service providers, the reporting obligation is particularly relevant. These businesses often process high volumes of transactions with limited face-to-face interaction, making transaction monitoring and STR filing a central component of their compliance programs.

The common thread: if an entity is regulated under AML frameworks and handles financial transactions or provides services that could be exploited for money laundering or terrorist financing, it is almost certainly required to file suspicious transaction reports.

What Triggers a Suspicious Transaction Report?

There is no single dollar amount that automatically triggers a suspicious transaction report. Unlike currency transaction reports (CTRs), which are filed automatically when cash transactions exceed $10,000 in a single day, STRs are based on suspicion rather than thresholds.

A transaction becomes reportable when, in the judgment of the institution, it cannot be reasonably explained by the customer's known profile, business activities, or transaction history, and there are grounds to suspect it may be related to criminal activity. That said, regulators and industry bodies have identified categories of red flags that commonly trigger STR filings.

Structuring and threshold avoidance. Transactions deliberately broken into smaller amounts to avoid reporting thresholds. For example, a customer making multiple cash deposits of $9,500 across different branches on the same day. This practice is illegal in most jurisdictions, regardless of whether the underlying funds are legitimate.

Unusual transaction patterns. Activity that deviates sharply from a customer's established profile. A salaried employee whose account suddenly receives multiple large wire transfers from foreign jurisdictions, or a small retail business processing transaction volumes far exceeding what its revenue would support.

Rapid movement of funds. Funds deposited and immediately transferred to unrelated third parties or foreign accounts with no apparent business purpose. Round-trip transactions where money moves through multiple accounts and returns to the originator are also a common indicator.

Inconsistencies with customer profile. Transactions that don't align with the customer's stated occupation, income level, or business type. A customer who declared annual income of $40,000 but regularly processes six-figure wire transfers warrants closer examination.

Geographic risk indicators. Transactions involving jurisdictions with known weaknesses in AML controls, those subject to sanctions, or those identified as high-risk by FATF. This includes both the origin and destination of funds.

Third-party and nominee concerns. Accounts that appear to be controlled by someone other than the named holder, or transactions conducted on behalf of undisclosed third parties. Shell companies with no apparent commercial purpose receiving and distributing large sums are a classic indicator.

Reluctance to provide information. Customers who resist standard due diligence procedures, provide inconsistent or false documentation, or attempt to discourage the institution from filing required reports.

These indicators rarely appear in isolation. Effective transaction monitoring looks for combinations of red flags rather than single triggers, and the assessment always considers the context of the specific customer relationship.

Suspicious Transaction Report Examples

Understanding what triggers a filing in theory is one thing. Seeing how it plays out in practice clarifies the judgment calls compliance teams face daily.

Retail banking: structuring. A customer opens accounts at three branches of the same bank and makes cash deposits of $9,000 to $9,900 at each location on the same day. The deposits total over $28,000 but individually fall below the $10,000 CTR threshold. The pattern repeats weekly. The compliance team files an STR based on structuring indicators.

Trade finance: invoice manipulation. A company submits trade finance documents for the import of consumer electronics from a high-risk jurisdiction. The invoiced amounts are 40% higher than market value for the same goods. When the bank requests supporting documentation, the company provides inconsistent shipping records. The bank files an STR citing potential trade-based money laundering.

Fintech: rapid fund movement. A newly onboarded customer on a payment platform receives a $50,000 inbound transfer, immediately splits it into five outbound payments to different recipients in three countries, and deactivates the account within 48 hours. The platform files an STR due to the combination of new account activity, rapid fund movement, and voluntary account closure.

Real estate: unexplained source of funds. A buyer purchases a property in cash for $1.2 million. The buyer’s declared income and employment history do not support this level of liquid assets. The real estate agent’s compliance officer files an STR citing an inability to verify the source of funds.

Crypto: layering through multiple wallets. A customer deposits fiat currency, converts it to cryptocurrency, transfers it through a chain of wallets, reconverts a portion to fiat, and withdraws to a bank account in a different jurisdiction. The exchange files an STR based on layering indicators and the lack of a clear economic purpose for the circular transaction path.

In each case, the filing is not a determination that a crime occurred. It is a documented assessment that the activity could not be satisfactorily explained and that the indicators met the threshold for regulatory reporting.

How to File a Suspicious Transaction Report

The filing process follows a structured sequence, though the specific forms, systems, and timelines vary by jurisdiction.

Step 1: Detection. The process begins when a transaction or pattern of activity is flagged, either through automated monitoring systems, manual review, or a tip from front-line staff. The initial flag does not need to be conclusive; it needs to be sufficient to warrant further review.

Step 2: Investigation. Once flagged, the compliance team investigates the alert. This involves reviewing the customer’s profile and transaction history, assessing the activity against known red flag indicators, gathering supporting documentation, and determining whether a reasonable explanation exists. The investigation should be documented thoroughly, regardless of whether it results in a filing.

Step 3: Decision. Based on the investigation, the compliance officer or designated reporting authority determines whether the activity meets the threshold for filing. If the answer is yes, the report is prepared. If the answer is no, the rationale for not filing should be documented as well.

Step 4: Preparation. The report itself must include specific information. In the US, the SAR form requires the identity of the subject(s) involved, a description of the suspicious activity, the dates and amounts of the transactions, how the activity was detected, and a narrative explaining why the institution considers the activity suspicious. The narrative section is particularly important because it provides context that structured data fields cannot capture.

Step 5: Filing. In the United States, SARs are filed electronically through FinCEN’s BSA e-filing system. Most other jurisdictions have their own electronic submission platforms (FINTRAC’s F2R system in Canada, the FIU’s designated portals in EU member states, and so on). The filing must be completed within the prescribed timeline.

Step 6: Record retention. Institutions are required to retain copies of all filed STRs and supporting documentation for a minimum period, typically five years. This documentation must be available for examination by regulators and auditors.

Timing requirements are strict. In the US, a SAR must be filed within 30 calendar days of the initial detection of the suspicious activity. If no suspect has been identified at the time of detection, the institution has an additional 30 days (60 days total) to identify a suspect before filing. In no case may reporting be delayed beyond 60 days from the date of initial detection.

Other jurisdictions impose different timelines. FINTRAC requires STRs to be filed “as soon as practicable” after the grounds for suspicion are established. EU member states generally require prompt reporting, with specific timelines defined by national legislation.

Confidentiality. One of the most critical rules in STR filing is the prohibition on “tipping off.” Institutions must not inform the subject of the report, or any third party, that an STR has been filed or is being considered. Violating this prohibition is a criminal offense in most jurisdictions. The rationale is straightforward: alerting the subject could compromise law enforcement investigations, allow the destruction of evidence, or enable the flight of suspects.

The STR Investigation Process

The gap between detecting an anomaly and filing a report is where most of the compliance work happens. A well-structured investigation process is what separates a defensible STR program from one that crumbles under regulatory scrutiny.

Alert triage. Not every automated alert requires a full investigation. The first step is triage: categorizing alerts by severity, assigning them to analysts, and filtering out clear false positives. Effective triage prevents low-risk alerts from consuming analyst capacity that should be directed at genuinely suspicious activity.

Customer and transaction review. The analyst reviews the flagged activity in the context of the customer’s full profile. This includes the customer’s KYC information, historical transaction patterns, source of wealth and source of funds documentation, any prior alerts or STR filings associated with the account, and adverse media or PEP screening results. The goal is to determine whether the flagged activity has a legitimate explanation or whether the anomaly persists after accounting for known information.

Evidence gathering. If the initial review raises further concern, the analyst collects supporting evidence. This may include bank statements, wire transfer records, correspondence with the customer (where appropriate), third-party data, and publicly available information about the entities involved. All evidence should be organized and preserved in a case management system that maintains a clear audit trail.

Escalation and review. Most compliance programs require a secondary review before a filing decision is made. The analyst’s findings and recommendation are escalated to a senior compliance officer or a dedicated STR review committee. This layer of review ensures consistency in filing decisions and provides an additional check against both over-reporting and under-reporting.

Filing decision and documentation. Whether the outcome is to file or not file, the decision must be documented with supporting rationale. Regulators expect to see evidence that a structured process was followed, that relevant information was considered, and that the decision was made by qualified personnel. A “no-file” decision with thorough documentation is far more defensible than an incomplete investigation.

Regulatory Framework: FATF, FinCEN, EU, and FINTRAC

STR obligations exist within every major AML regulatory framework, though the specific requirements reflect differences in legal tradition, institutional structure, and enforcement priorities.

FATF Recommendation 20 establishes the international standard. It requires financial institutions to report to the FIU when they suspect or have reasonable grounds to suspect that funds are the proceeds of criminal activity or are related to terrorist financing. FATF does not prescribe a specific form or threshold; it sets the principle and leaves implementation to national authorities.

United States (FinCEN/BSA). US financial institutions file SARs under the Bank Secrecy Act. The filing threshold is activity involving $5,000 or more (for banks) or $2,000 or more (for money services businesses) where the institution knows, suspects, or has reason to suspect that the transaction involves funds from illegal activity, is designed to evade BSA requirements, or lacks a lawful purpose. The $5,000/$2,000 thresholds are guidelines for when a SAR is mandatory; institutions may file at any amount if suspicion exists.

European Union (AMLD). The EU’s Anti-Money Laundering Directives require obligated entities to report suspicious transactions to their national FIU. The 6th AMLD (and the forthcoming AML Regulation effective 2027) harmonizes the reporting obligation across member states, though specific procedures and forms remain national. The EU framework does not set monetary thresholds for suspicion-based reporting.

Canada (FINTRAC). Canadian reporting entities must submit STRs to FINTRAC when they have reasonable grounds to suspect that a transaction is related to a money laundering or terrorist financing offense. FINTRAC provides detailed guidance on indicators of suspicious transactions and has imposed significant penalties for non-compliance, including the C$1 million fine against British Columbia Lottery Corporation for reporting failures.

Penalties for non-compliance are substantial across all jurisdictions. In the US, BSA violations can result in civil penalties up to $1 million per violation and criminal penalties including imprisonment. The TD Bank case in 2024, with approximately $3 billion in total penalties, demonstrates the scale of enforcement when systemic failures are identified. EU member states impose fines that can reach into the tens of millions of euros for institutional failures. FINTRAC penalties in Canada can reach C$500,000 per violation for entities and C$100,000 for individuals.

How Technology Is Changing STR Filing and Detection

Manual transaction monitoring was the standard for decades: compliance analysts reviewed reports, flagged anomalies by hand, and compiled STR filings in document form. That approach cannot keep pace with modern transaction volumes or the sophistication of financial crime.

Automated transaction monitoring systems now form the backbone of STR detection at most regulated institutions. These systems apply rule-based algorithms to identify transactions that match predefined risk scenarios (large cash deposits, rapid fund movement, transactions with high-risk jurisdictions) and generate alerts for analyst review.

The challenge with rule-based systems is false positive volume. Industry estimates suggest that 90% or more of automated alerts turn out to be benign after investigation. Each false positive still requires analyst time to review and document, creating a significant operational burden that reduces the capacity available for investigating genuinely suspicious activity.

AI and machine learning are increasingly applied to reduce this friction. Rather than relying solely on static rules, ML models analyze transaction patterns across the full customer base, learn what “normal” looks like for different customer segments, and flag deviations with greater precision. The result is fewer false positives, faster triage, and more analyst time directed at high-risk alerts.

Beyond detection, technology is changing the filing process itself. Automated case management platforms structure the investigation workflow, ensure that required evidence is collected and documented, and generate draft STR narratives based on the investigation findings. API integrations allow filing directly with FIU platforms, reducing manual data entry and the errors that come with it.

Real-time monitoring is also becoming the expectation rather than the exception. Batch-processed transaction reviews that run overnight create a delay between the suspicious activity and its detection. Real-time systems flag anomalies as they occur, reducing the window in which suspicious funds can move through the system before an alert is generated.

The operational benefit is not just efficiency. Automated, well-documented investigation and filing processes produce stronger audit trails, more consistent filing decisions, and faster response times when regulators examine how specific cases were handled.

Frequently Asked Questions