Updated NCA SARs Best Practice Guidance (Nov 2025)

TLT picks out the key points you shouldn't miss...

What’s this about?

The National Crime Agency (NCA) has published important changes to its suspicious activity reporting (SAR) best practice guidance.

These updates aim to make the portal easier to use, improve data quality, and clarify how reporters should frame suspicions and defence requests under POCA and TACT. For FCA-regulated firms, the guidance reinforces existing obligations and provides clear detail on what constitutes a high-quality SAR.

To help you apply these changes, here are practical takeaways most relevant to front-line staff and in-house legal teams.

Our Head of Risk and Financial Crime, Ben Cooper says...

“The latest NCA guidance raises the bar for what ‘good’ looks like in SAR drafting, with a particular focus on structured data and clarity of suspicion. Firms should treat the new expectations as a practical blueprint for reducing rejections, request for information, and delays. Overall, the guidance brings greater consistency and should help firms navigate their reporting duties with more confidence.”

The points not to miss...

The NCA’s SAR guidance, published by its Financial Intelligence Unit, is now structured into three chapters. The chapters cover use of the SAR Portal, submission of Suspicious Activity Reports (“SARs”), the process for the Defence Against Money Laundering (“DAML”) and Defence Against Terrorist Financing (“DATF”) requests.

Chapter 1: Using the SAR Portal (registration, access, user management)

All users – including those who previously used SAR Online – must register afresh on the SAR Portal. Organisations should ensure only one organisational account exists with the MLRO or Nominated Officer. This should be clearly identified in the main contact.
The NCA strongly recommends shared inboxes for defence-related communications to avoid missed DAML / DATF decisions.
Two factor authentication is mandatory, and users must have reliable access to their registered device. This is required at every login.
Firms submitting on behalf of more than one legal entity can register multiple entities under a single organisation account, provided internal differentiation is maintained.

Chapter 2: Submitting a SAR (quality expectations, mandatory information, suspicion threshold)

A SAR must be submitted as soon as practicable after knowledge or suspicion of money laundering or terrorist financing arises. The NCA reiterates that SARs are not crime reports and do not replace notifications to police or regulatory bodies.
High-quality SARs require complete, structured data entered in the correct fields –especially identifiers such as date of birth, addresses, account numbers, and prior SAR URNs. Failure to populate fields properly can prevent the SAR appearing in law-enforcement searches.
The Da Silva test remains the guiding threshold for suspicion i.e. “a possibility, more than fanciful”, but more than a vague unease.
When describing suspicion, reporters should focus concentrate on the activity indicating criminal or terrorist property, rather than attempting to prove a predicate offence. Attachments cannot be uploaded, and all relevant detail must be included in the SAR itself.
For DAMLs / DATFs, selecting the correct legislations (Proceeds of Crime Act 2002 (POCA) or Terrorism Act (TACT)) at the outset is critical – selecting the wrong option can delay or invalidate the defence.

Chapter 3: Understanding DAMLs & DATFs (when and how to seek a defence; essential information requirements)

A defence request must clearly set out three essential criteria:
- The grounds for suspicion,
- A description of the criminal or terrorist property, and
- A future, specific prohibited act for which a defence is sought.
No assumptions will be made – vague or incomplete submissions may be closed.
The “prohibited act” must be future specific, and within the reporter’s control (e.g. transferring a known amount on a specific date). Open-ended or“ either/or” requests are not accepted.
The NCA can ask for further information during the seven-day notice period; failure to respond promptly may lead to closure of the request.
Where the defence is refused, the reporter has no protection against committing a money-laundering or terrorist-financing offence if they proceed. If the NCA does not respond within seven days, the defence is automatically granted.
Mixed-property exemptions introduced by the Economic Crime and Corporate Transparency Act 2023are acknowledged, but firms are encouraged to seek legal advice on how they apply in practice.

At a glance...

Publication link	Suspicious Activity Reports - National Crime Agency
Published date	21 November 2025
Who has published it?	National Crime Agency
Publication type	Guidance
Any key dates?	N/A
What's it relevant to?	Financial Crime, Financial Services Regulation

‍Authors: Ben Cooper and Sam Omozusi

This publication is intended for general guidance and represents our understanding of the relevant law and practice as at December 2025. Specific advice should be sought for specific cases. For more information see our terms & conditions.

No items found.

Date published

11 Dec 2025