What you need to know from the JFSC's 2025 Thematic Examination feedback on SARs

by
Caroline Dutot
|
05 June 2026

The JFSC's 2025 thematic examination on suspicious activity reporting has identified gaps that were consistent, and avoidable. Here is what compliance teams and boards need to know.

โ€

๐—™or Compliance Teams:

๐—ฃ๐—ผ๐—น๐—ถ๐—ฐ๐—ถ๐—ฒ๐˜€ ๐—ฎ๐—ป๐—ฑ ๐—ฝ๐—ฟ๐—ผ๐—ฐ๐—ฒ๐—ฑ๐˜‚๐—ฟ๐—ฒ๐˜€

Your SAR policies need to be current, clear and accessible.

Common gaps included:

  • No requirement for the MLRO to notify the FIU when additional information emerges
  • No disciplinary process for employees who fail to submit an iSAR
  • Employees not knowing where to find the iSAR form
  • No requirement for the MLRO to acknowledge receipt of an iSAR

๐—ฆ๐—”๐—ฅ ๐—ฟ๐—ฒ๐—ด๐—ถ๐˜€๐˜๐—ฒ๐—ฟ ๐—ฎ๐—ป๐—ฑ ๐—ฟ๐—ฒ๐—ฐ๐—ผ๐—ฟ๐—ฑ๐˜€

Registers were missing critical data points:

  • Date the information came to the employee's attention
  • Name and capacity of the person submitting to the FIU
  • Comprehensive customer/transaction details
  • Clear records of enquiries made and decisions reached

๐— ๐—Ÿ๐—ฅ๐—ข ๐˜๐—ฟ๐—ฎ๐—ถ๐—ป๐—ถ๐—ป๐—ด

Role-specific training was lacking. MLROs need training covering:

  • Handling and validating iSARs
  • Liaising with the FIU, JFSC and law enforcement
  • Managing tipping-off risk
  • Handling production and restraining orders

๐—–๐—ผ๐—บ๐—ฝ๐—น๐—ถ๐—ฎ๐—ป๐—ฐ๐—ฒ ๐—บ๐—ผ๐—ป๐—ถ๐˜๐—ผ๐—ฟ๐—ถ๐—ป๐—ด

Testing of SAR controls wasn't robust enough to identify weaknesses. When issues are found, they must be reported to the board and tracked to completion.

โ€

For Boards:

๐—ข๐˜ƒ๐—ฒ๐—ฟ๐˜€๐—ถ๐—ด๐—ต๐˜ ๐—ผ๐—ณ ๐˜๐—ถ๐—บ๐—ฒ๐—น๐—ถ๐—ป๐—ฒ๐˜€๐˜€

Boards couldn't demonstrate adequate oversight of how quickly the MLRO decides whether to file an eSAR.

Board minutes should document scrutiny and challenge of the MLRO report, with enough detail to understand whether reporting obligations are being met promptly.

๐— ๐—Ÿ๐—ฅ๐—ข ๐—ถ๐—ป๐—ฑ๐—ฒ๐—ฝ๐—ฒ๐—ป๐—ฑ๐—ฒ๐—ป๐—ฐ๐—ฒ ๐—ฎ๐—ป๐—ฑ ๐˜€๐˜‚๐—ฝ๐—ฝ๐—ผ๐—ฟ๐˜

Where the MLRO also has client-facing duties, conflicts weren't being recorded or mitigated. And where DMLROs were active, there was no evidence of regular oversight meetings between MLRO and Deputy.

๐—™๐—ฒ๐—ฒ๐—ฑ๐—ฏ๐—ฎ๐—ฐ๐—ธ ๐—น๐—ผ๐—ผ๐—ฝ

Is there a proactive feedback loop between the MLRO and the board?

Reports need to contain the information the board actually needs for robust oversight.

โ€

JFSC has signalled it may revisit this theme to assess whether guidance has been acted on in the future.

It is worth asking yourself: โ€œIf the regulator knocked on your door tomorrow, could you demonstrate your SAR processes are working?โ€