Suspicious Transaction Report (Ireland) / Suspicious Activity Report (UK)

What is and who must make a Suspicious Transaction Report (STR)?  What are the dual reporting obligations?

Under  section 42 of the CJA 2010 (as amended ), a “designated person” who knows, or suspects, or has reasonable grounds to suspect that another person has been or is engaged in an offence of money laundering or terrorist financing, is obliged to report that knowledge or suspicion or those reasonable grounds. This is the obligation to make a suspicious transaction report  or STR.

The obligation to make STRs is a dual one  to both An Garda Síochána (the Irish police), and the Irish Revenue Commissioners. The Financial Intelligence Unit, (FIU Ireland) a division of an Garda Síochána is responsible for receiving (through GoAML) and analysing suspicious transaction reports and other information relevant to money laundering or terrorist financing.  

“designated persons” includes an auditor, external accountant or tax adviser and a trust or company service provider. The definition of tax adviser has been widened under the CJA 2021.

Who must and how do you register for GoAML?

The GoAML application is the UNODC Software Products for Member States' response to money laundering and terrorist financing, and is available to Financial Intelligence Units of Member States to support their work.  It is used by an Garda Síochána since June 2017 for “designated persons” to submit money laundering suspicion reports to the FIU Ireland. Previously accepted paper reporting is no longer possible.

Prior to being able to submit an STR for the first time to the FIU the designated person must be registered for go AML. FIU Ireland has published guidance as to how to register which should be consulted. This includes  the  Reporting Entity registration guide  and the go AML Quick reference reporting guide. There is also a useful FAQ document  available. Entities registered on goAML, will, in addition to receipt of acknowledgment of an STR, receive alerts and dissemination of  trends and typologies from the FIU and it is  recommended that the message board is checked regularly.

Additional Mandatory reporting of STRs to the Irish Revenue Commissioners

STRs must also be reported to the Irish Revenue Commissioners. Since September 2020 reporting to revenue must be online, see  Revenue reporting guidelines . The designated person must be registered for Revenue Online Service (ROS) to submit an STR to Revenue. ROS login in details and a valid ROS digital certificate is required. More Detailed information is available as to how to register and complete STR reporting to the Revenue Commissioners. The Revenue Commissioners also have a ‘Quick Guide to Submitting STRs Online’ available on the Revenue website.

Other guidance on registering for GoAML and with the Revenue

The FIU and Revenue have  jointly produced a guide to generating XML reports which readers may find useful.

Please click here to view a useful webinar on go AML and revenue reporting of suspicious transactions.

What are the statistics for STRs?

In 2019, an Garda Síochána received a total of 24,521 suspicious transaction reports (STRs). While the quality of the content of STRs submitted since 2017 has improved following the acquisition of GoAML, An Garda Síochána view the level of reporting from some sectors as low, especially the Designated Non-Financial Businesses and Professions. Recent statistics show that less than 1% of all STRs reported were raised by accountancy service providers. As of end 2020, there are 2,133 reporting entities registered on GoAML and 194 are accountants and auditors. An Garda Síochána would like to see enhanced levels of registration on GoAML and members are encouraged to get set up and registered on the system. See elsewhere on this page for guidance as to how you can do this.

UK Reporting Obligations-Suspicious Activity Reports (SARs)

In the UK persons in the regulated sector with knowledge or suspicion of money laundering must make a suspicious activity report (SAR).

 Part 7 of the Proceeds of Crime Act ,2002 (POCA) applies throughout the UK and in Northern Ireland. The SAR must be made to the National Crime Agency (NCA), preferably using the NCA SAR Online System. The UK National Crime Agency has issued the  UK FIU Guidance note on good quality SARS which should be consulted in connection with making a SAR. See more by following the Anti-money laundering link here.

Suspicious activity/transaction  reporting and data protection obligations

While the making of a suspicious activity/transaction  report is mandatory, those sharing information must also consider obligations under the data protection regime and must take steps to comply with their data protection obligations.

In Ireland and the UK, those obligations are  primarily found in the EU General Data Protection Regulation (“GDPR”), and the Data Protection Acts enacted in both jurisdictions in 2018.

At EU level the GDPR requires that personal data shall be processed lawfully, fairly and in a transparent manner in relation to individuals. For designated persons, this lawful basis for processing data (for example by making an STR) is found in Article 6(1) (c) of GDPR which provides that processing is lawful where it is necessary for compliance with a legal obligation to which the controller is subject.

Part 5 of the Irish and Part 3 of the UK Data Protection Act 2018 make provision for  the processing of personal data by competent authorities for law enforcement purposes and implements the Law Enforcement Directive.