Suspicious Transaction Report (Ireland) / Suspicious Activity Report (UK)

What is and who must make a Suspicious Transaction Report (STR)?  What are the dual reporting obligations?

Under  section 42 of the CJA 2010 (as amended ), a “designated person” who knows, or suspects, or has reasonable grounds to suspect that another person has been or is engaged in an offence of money laundering or terrorist financing, is obliged to report that knowledge or suspicion or those reasonable grounds. This is the statutory obligation to make a suspicious transaction report  or STR.

The obligation to make STRs is a dual one to both FIU Ireland and the Irish Revenue Commissioners. The Financial Intelligence Unit, (FIU Ireland) is a division of an Garda Síochána and is responsible for receiving (through goAML) and analysing, suspicious transaction reports and other information relevant to money laundering or terrorist financing.  

“designated persons” includes an auditor, external accountant or tax adviser and a trust or company service provider. The definition of tax adviser has been widened under the CJA 2021.

Further information on when to report is available within the CCAB-I Anti Money Laundering Guidance for members TR01/2019 (updated March 2022).

Who must and how do you register for goAML?

goAML is an online reporting mechanism and  is available to Financial Intelligence Units of Member States to support their work.  It is used by the FIU Unit of an Garda Síochána since June 2017 for “designated persons” to submit money laundering suspicion reports to the FIU Ireland. Previously accepted paper reporting is no longer possible.

Prior to being able to submit an STR for the first time to the FIU, the designated person must be registered for goAML. FIU Ireland has published guidance as to how to register which should be consulted. This includes the Reporting Entity registration guide and the go AML Quick reference reporting guide. There is also a useful FAQ document  available and  a document on how to revert and amend reports submitted, which have been rejected by FIU Ireland. Entities registered on goAML, will, in addition to receipt of acknowledgment of an STR, receive alerts and dissemination of  trends and typologies from the FIU and it is  recommended that the message board is checked regularly.

Additional Mandatory reporting of STRs to the Irish Revenue Commissioners

STRs must also be reported to the Irish Revenue Commissioners. Since September 2020, reporting to revenue must be online, see  Revenue reporting guidelines . The designated person must be registered for Revenue Online Service (ROS) to submit an STR to Revenue. ROS login details and a valid ROS digital certificate is required. More detailed information is available as to how to register and complete STR reporting to the Revenue Commissioners. The Revenue Commissioners also have a ‘Quick Guide to Submitting STRs Online’ available on the Revenue website.

Also, see the Report on the Accounts of the Public Services 2020 which is available from the Office of the Comptroller and Auditor General (OCAG). Chapter 13 deals with Suspicious Transaction Reports. In chapter 13 the OCAG writes “Suspicious transaction reports (STRs) are received by the Office of the Revenue Commissioners. STRs can assist in identifying tax evasion, tax fraud, and provide new ways to assess risk and to target tax audits.  Our report examines the processes in place in Revenue on receipt of an STR and Revenue’s effectiveness in managing the STR process”.

The Office of the Comptroller and Auditor General has also produced a short video which is available on their YouTube channel here. In it  the OCAG says STRs are a useful source of information and provide new ways to assess risk and target tax audits. STRs are risk rated and matched to tax payers where possible. It also notes that Revenue has set up a review group that is working on introducing a new risk rating system in 2022.

Other guidance on registering for GoAML and with the Revenue

The FIU and Revenue have  jointly produced a guide to generating XML reports which readers may find useful.

Please click here to view a useful webinar on go AML and revenue reporting of suspicious transactions.

What are the statistics for STRs?

See recently published figures on the FIU Ireland website for some interesting information on this.

In 2021, FIU Ireland  received a total of 38,712 suspicious transaction reports (STRs). While the quality of the content of STRs submitted since 2017 has improved following the acquisition of goAML, FIU Ireland  view the level of reporting from some sectors as low, especially the Designated Non-Financial Businesses and Professions. The 2019  National Risk Assessment - Money laundering and Terrorist Financing states (para 6.89) that  STR reporting is low relative to the scale of the accountancy services sector, the nature of the services provided, the scale of transactions involved and the diversity of the sector’s client base. Recent statistics show that less than 1% of all STRs reported were raised by accountancy service providers. There are 3,238 reporting entities registered on goAML and out of that 429 accountants and  49 auditors are registered. FIU Ireland  would like to see enhanced levels of registration on goAML and members are encouraged to get set up and registered on the goAML and ROS systems. See above for guidance as to how you can do this.

UK Reporting Obligations-Suspicious Activity Reports (SARs)

In the UK, persons in the regulated sector with knowledge or suspicion of money laundering must make a suspicious activity report (SAR).

Part 7 of the Proceeds of Crime Act 2002 (POCA) applies throughout the UK. The SAR must be made to the National Crime Agency (NCA), preferably using the NCA SAR Online System. The UK National Crime Agency has provided detailed guidance on how to make a SAR, available here. It has also issued the  UK FIU Guidance note on good quality SARS which should be consulted in connection with making a SAR. See more by clicking here for information on SARs on the Professional Standards pages.

A new SAR Glossary Code was launched in March 2022 relating to suspicious activity consistent with money laundering and linked to entities sanctioned by the UK, US, EU and other overseas jurisdictions. Details and the code (XXSNEXX) can be found in the recent  note available on the National Crime Agency website.

Please also refer to the CCAB Anti-Money Laundering and Counter-Terrorist Financing Guidance for the Accountancy Sector 2022 (UK) (which replaces the draft guidance issued in September 2020 ) .Section 6 provides further detailed information in this area.

Suspicious activity/transaction reporting and data protection obligations

While the making of a suspicious activity/transaction  report is mandatory, those sharing information must also consider obligations under the data protection regime and must comply with their data protection obligations.

In Ireland and the UK, those obligations are  primarily found in the EU General Data Protection Regulation (“GDPR”), and the Data Protection Acts enacted in both jurisdictions in 2018.

At EU level the GDPR requires that personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals. For designated persons, this lawful basis for processing data (for example by making an STR) is found in Article 6(1)(c) of GDPR, which provides that processing is lawful where it is necessary for compliance, with a legal obligation to which the controller is subject.

Part 5 of the Irish and Part 3 of the UK Data Protection Act 2018 make provision for  the processing of personal data by competent authorities for law enforcement purposes and implements the Law Enforcement Directive.

These pages are provided as resources and information only and nothing in these pages purports to provide professional advice or definitive legal interpretation(s) or opinion(s) on the applicable legislation or legal or other matters referred to in the pages. If the reader is in doubt on any matter in this complex area further legal or other advice must be obtained. While every reasonable care has been taken by the Institute in the preparation of these pages, we do not guarantee the accuracy or veracity of any resource, guidance, information or opinion, or the appropriateness, suitability or applicability of any practice or procedure contained therein. The Institute is not responsible for any errors or omissions or for the results obtained from the use of the resources or information contained in these pages.