Filing a Suspicious Activity Report is one of the more consequential compliance actions a Nigerian fintech will take. Done well, it gives the Nigerian Financial Intelligence Unit the information it needs to pursue a financial crime investigation. Done poorly, it consumes compliance resources, muddies the intelligence picture for investigators, and can expose the reporting institution to regulatory criticism for inadequate or incomplete filings. The quality of a SAR matters as much as the decision to file one.
The Legal Basis for SAR Filing in Nigeria
The obligation to file SARs in Nigeria flows from the Money Laundering (Prevention and Prohibition) Act 2022 and the Terrorism (Prevention and Prohibition) Act 2022, both of which require reporting entities to promptly report transactions suspected of involving proceeds of crime or financing of terrorism to the NFIU. The NFIU serves as the central repository for these disclosures. CBN-regulated entities are additionally subject to directives and AML/CFT guidelines from the CBN's Financial Policy and Regulation Department, which specify reporting timelines, formats, and threshold considerations.
What Should Trigger a SAR
The legal threshold is reasonable suspicion, not certainty. You do not need to know that a crime has occurred; you need grounds to suspect it. Common triggers include transactions with no apparent business purpose, customers reluctant to provide identification, activity that deviates sharply from an established customer profile, transactions structured just below reporting thresholds, and any pattern that resembles known money laundering typologies such as smurfing, layering through multiple accounts, or rapid fund movements followed by immediate withdrawal. Fintechs should maintain a documented typology library so analysts have a shared reference when making filing decisions.
The Structure of a Well-Written SAR
A good SAR has four core sections: the subject description, the suspicious conduct description, the reason for suspicion, and the supporting evidence narrative. The subject description should be precise: full legal name, date of birth, BVN or NIN where collected, account numbers, and any linked entities or counterparties. The suspicious conduct section should be factual and specific, describing what the customer did or attempted, not what you think their motive was. The reason for suspicion section connects the observed conduct to a specific typology or red flag indicator. Supporting evidence should reference transaction IDs, dates, and amounts.
Common Mistakes That Weaken a SAR
The most common weaknesses in SAR filings from Nigerian fintechs include vague language, missing transaction references, incomplete subject identification, and conclusions unsupported by the facts described. Phrases like 'customer appears to be laundering money' without supporting detail are not useful to investigators. Equally unhelpful is a SAR that lists dozens of transactions without explaining which ones are suspicious and why. Investigators at the NFIU receive large volumes of reports; a SAR that requires significant interpretation or follow-up slows the process and reduces the likelihood that it will lead to action.
Describing Suspicious Conduct Effectively
Good conduct descriptions use concrete, observable facts. Instead of 'customer made unusual transactions,' write 'between January 3 and January 7, the customer received 14 inward transfers from 11 different senders, aggregating to NGN 4.2 million, followed by 9 outward transfers depleting the balance within 48 hours.' This level of specificity helps investigators reconstruct the pattern without accessing your systems. Fintechs using structured compliance workflows typically produce more consistent filings because analysts work from templated formats that enforce completeness. Related reading on identifying mule account patterns and rethinking AML stack architecture can help compliance teams sharpen their typology recognition before a SAR obligation arises.
Tipping Off and Confidentiality Rules
Once a SAR has been filed or a decision to file has been made, Nigerian law prohibits tipping off the subject of the report. You cannot tell the customer that they have been reported, that their account is under review in connection with a SAR, or that their activity has triggered an AML investigation. This prohibition covers both direct and indirect disclosure. Customer-facing communications must be carefully reviewed during this period to ensure that nothing in a transaction query response, an account restriction notice, or a customer service interaction inadvertently signals that a SAR has been or will be filed.
