STR/SAR Filing on goAML Portal: Common lapses and best practices
STR/SAR Filing on goAML Portal: Common lapses and best practices
The UAE AML regulations mandate the reporting entities to identify the suspicion related to money laundering, terrorism financing or proliferation financing and report such suspicion by filing a Suspicious Activity Report (SAR) or Suspicious Transaction Report (STR). When you suspect a transaction or activity, the same warrants prompt STR/SAR filing on the goAML Portal, but beware of the common errors the regulated entities generally commit in the course of STR/SAR filing.
In this article, we have covered some of these lapses in submitting SAR/STR on the goAML Portal and the best practices to manage the same. Before that, let us understand what the UAE AML laws provide for STR/SAR filing.
What are STRs and SARs?
How will you safeguard the business against financial crime?
What actions will you undertake to prevent crimes like money laundering or terrorism financing from occurring?
The answer here is by timely detecting the transaction or activity attempted to carry out money laundering/terrorism financing or suspected to involve proceeds of crime. The laws in UAE need you to monitor your business relationship and transactions continuously, as the risk indicators can be observed at any stage – while onboarding the customer, while executing the transaction or after a transaction is completed. Whenever you detect any suspicious behaviour or unusual pattern, you must investigate further to assess the involvement of money laundering or terrorism financing activities.
After identifying such suspicious activities or transactions, it is important to bring these suspicions to the notice of regulatory authorities to take necessary actions to address these crimes. This is possible by submitting adequate details to the authorities and furnishing reports in the prescribed formats.
In UAE, when any regulated entity identifies a transaction or activity as suspicious, it must file a Suspicious Transaction Report (STR) or Suspicious Activity Report (SAR).
A suspicious transaction is one where the transfer, deposit, withdrawal, or flow of funds is doubtful. It occurs when you transact or form a business relationship with a customer to provide goods or services. For example, a customer making multiple purchases of gold using cash in a small denomination or payment for a transaction is being made from a high-risk country. In such cases, you must submit STR with the UAE’s Financial Intelligence Unit (FIU) via the goAML Portal.
Suspicious activity relates to any attempted or unexecuted transaction where the customer acts unusually, or the customer’s behavioural traits suggest any connection with money laundering or terrorism financing. For example, a customer refuses to submit identity documents or does not cooperate in the satisfactory completion of the Customer Due Diligence processes. The other example could be where the customer insists on involving many intermediaries to perform a transaction without any business logic. In such cases, you must report such suspicious activity by filing SAR on the goAML portal.
The main constituents of a STR or SAR are the following:
- Parties involved in the transaction
- The location of the occurrence of the transaction
- Time and date of occurrence of suspicious transaction or activity
- The red flags or warning signs detected
- Action taken by the regulated entity
A critical question here is how you know a transaction is suspicious.
To ensure that your team understands the ML/FT/PF risk indicators and is alert to spot the same, it is important to have adequate knowledge and understanding of the general and industry-specific warning signs indicating connection with money laundering, terrorism financing or proliferation financing. You must maintain a comprehensive list of such red flags and implement necessary systems and tools, depending on the nature and size of the operations, to detect suspicious activities and transactions.
Let’s look into the common lapses by entities in STR/SAR filing on the goAML portal. We also explore the best practices for managing these gaps and errors for an accurate goAML reporting.
Make your reporting on goAML accurate, easier, and effective,
With our AML professionals’ expert guidance and handholding.
Common lapses in STR/SAR Filing on the goAML Portal
While submitting SARs and STRs on the goAML portal, please avoid these common lapses:
Failing to register on the goAML portal
You cannot submit SARs and STRs with the FIU without registering on the goAML Portal. You must complete the 2-stage goAML registration process to access the Portal to furnish any AML-related report to the FIU or other regulatory authority.
In the first stage, you must register with the SACM (Service Access Control Manager) system. Upon submitting the details, along with the relevant documents – a copy of the trade license, an authorisation letter for the appointment of the AML Compliance Officer, and identity proof of the Compliance Officer, you get a username and secret code. Now, you must install the Google Authenticator App and create an account. After this, you can access the goAML Portal and complete the register as an “Organization”.
Once approved by the supervisory authority, your goAML registration is successful, and you can complete the necessary reporting.
Forgetting to follow the regulatory policies and laws
Submitting accurate and on-time STRs and SARs is a regulatory obligation in the UAE. UAE has also specific guidelines of:
- Details to fill in STR and SAR
- Documents to submit
- Step-by-step procedure
You must keep track of regulatory laws to stay up-to-date on all these points and adhere to requirements on time. If you fail to do so, it will make you non-compliant and hence vulnerable to ML/TF risks.
Providing inaccurate and incomplete information in STRs and SARs
Your SARs and STRs do not serve their purpose if filled out inaccurately. So, you must ensure that these reports are complete and accurate.
In STRs, fill out accurate details on the parties involved in the transaction, date, location, amount, and other relevant information. In SARs, mention the parties, observed risk indicators, and other relevant data points like the action you took to identify such a red flag. While providing these details, double-check the names of parties and other details populated. Also, mention the transaction or customer activity aspect you found suspicious.
Ensure that you attach the relevant documents – identification proof and transaction records. These serve as evidence to support your suspicion of the transaction or activity. Only comprehensive and precise details in SARs and STRs can make these reports useful to the authorities in combating financial crime, as investigation would be possible only when they have all the necessary details.
Also, be cautious while writing down the values in the report. Use simple and straightforward language in your reports. Don’t use jargon and ambiguous terms that confuse authorities using those reports. Be clear. Provide comprehensive information on your suspicion. And report all accurate details collected on the incident.
Delaying the submission of reports
The purpose of these reports – SARs and STRs – is to enable timely action by relevant authorities to prevent financial crime or reduce its impact on the national economy. If you do not submit these reports on time, this action will be delayed. So, you must ensure the prompt submission of these reports.
If you delay, the investigations are held up. Acting at that time would not generate the expected outcomes. Thus, the effectiveness of AML and CFT efforts suffers.
Lack of collaboration with regulatory authorities on STRs and SARs
Your work does not end there after you submit the STRs and SARs. The regulatory authorities might need more information on the reports. They might need more proof to support the reported activity. So, you must stay alert to such messages from authorities. Also, respond quickly to their queries to enable a better investigation. Ensure that no feedback or instructions received from the authorities remain unattended for longer.
Not being accountable and precise in your suspicion
Just a tiny suspicion does not mean you submit the report on goAML. You must conduct your independent and thorough investigation of the related records and seek more information (without tipping off) to determine the existence of a suspicion with reasonable belief. Not all suspicious transactions or activities turn out to be true. But that does not mean you can include any or all suspicions in the STR/SAR.
Conduct sufficient investigation into your suspicions. Assess the transaction, origin and destination, parties involved, medium, and value. Analysing all these factors gives you a better understanding of its doubts. Have experts look into the transaction or activity to decide whether it is suspicious.
Absence of relevant training for staff
Do you have the human expertise to detect suspicious transactions and report them? If not, you are at a loss. You need employees who have the skills to detect suspicious transactions or activities.
These employees must know the general and industry-specific red alerts documented in the entity’s AML/CFT program. Knowledge of these warning signs is essential to detect suspicious transactions. Also, employees must know how to report these suspicions, including the knowledge of the internal STR/SAR forms designed and implemented for the purpose. They must know the data points to mention and the relevant documents to attach.
Employees can have skills in all these aspects only with proper training. You must conduct regular training programs on identifying and reporting suspicions. The identification must be correct, and reporting must be precise in the required format for effective action.
Neglecting data confidentiality and privacy concerns
The data added on suspicious transactions and activities in these reports is confidential. You must not share it with people other than your internal team members working on it.
You must keep the data in STRs and SARs confidential and private, ensuring adherence to the no “tipping off” requirements prescribed under the UAE AML laws.
Not sharing the reports with the senior management
For implementing AML measures, effective communication within the entity is essential. In particular, you must share all the reported suspicions and actions taken with senior management periodically (possibly in the semi-annual AML/CFT report prepared by the AML Compliance Officer).
Sharing information facilitates collaboration and coordination in AML efforts. It helps you combat money laundering and terrorism financing more effectively.
Missing the review of the reporting process
You have a well-defined reporting process on the goAML portal. You have been able to submit the STRs and SARs through this procedure.
But it does not remain the same always. You must conduct frequent reviews of the process, including the formats used for internal STR/SAR reporting, to check for errors or missing parts. You might identify gaps that need improvement. Also, the process must stay relevant to the UAE’s AML laws and align with your AML objectives.
To ensure that alignment and relevance are checked, you must assess the process periodically. Make improvements for effective reporting of suspicious transactions and activities.
Best practices around STR/SAR filing on the goAML Portal
These are the ten critical lapses that can occur during STR/SAR filing on the goAML Portal. Avoid them at all costs to reduce the chances of failure in this process. The likelihood of non-compliance is high if you commit any of these errors.
Some of the best practices you can implement to avert these deficits are:
- Register on the goAML Portal and ensure the details furnished on the portal about the entity and Compliance Officer are up-to-date.
- Documenting a detailed list of general red flags and industry-specific risk indicators in the AML/CFT policy itself.
- Develop a clear reporting hierarchy and step-wise process to be followed by the frontline employees when any suspicion is observed.
- Designing a comprehensive internal STR/SAR format, covering the fields to capture mandatory details and the staff’s understanding of the risk indicator involved in a specific activity or transaction.
- Having a checklist to ensure accurate and complete details are furnished in the STR/SAR filed on the goAML Portal.
- Keeping a log of the reports filed and copies thereof.
- Periodically apprise the senior management of the STR/SAR filed, key red flags identified, and the action taken by the entity.
- Creating awareness amongst the team around the “no tipping off” requirement.
- Immediately adhere to the authorities’ feedback or instructions against the STR/SAR filed.
- Mandatory training to the staff at the time of joining and at periodic intervals to keep them aligned with the emerging ML/FT typologies.
AML UAE’s support in ensuring timely compliance with STR/SAR filing on the goAML Portal
If you want a faultless process of submitting STR and SAR, you can connect with our team. We will help you at every step in identifying suspicious transactions and activities and reporting them to authorities. With our expertise, you can generate accurate, complete, and on-time reports and submit them on goAML.
AML UAE is a distinguished provider of AML compliance services in the UAE. We keep your business protected and compliant with the UAE’s AML regulations.
Want to enjoy a tailored AML compliance strategy for your business?
Let’s connect and discuss your requirements.
Our recent blogs
side bar form
Share via :
About the Author
Pathik Shah
FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)
Pathik is a Chartered Accountant with more than 22 years of experience in compliance management, Anti-Money Laundering, tax consultancy, risk management, accounting, system audits, IT consultancy, and digital marketing.
He has extensive knowledge of local and international Anti-Money Laundering rules and regulations. He helps companies with end-to-end AML compliance services, from understanding the AML business-specific risk to implementing the robust AML Compliance framework.