FATF ¦ R.20 Re­port­ing of Sus­pi­cious Trans­ac­tions

Recommendation 20: Why it is the Backbone of Suspicious Transaction Reporting

Recommendation 20 sets out a simple but powerful rule: when a financial institution suspects, or has reasonable grounds to suspect, that funds are the proceeds of criminal activity or are linked to terrorist financing, it must, by law, report those suspicions promptly to the financial intelligence unit (FIU). This is not a best practice suggestion or a soft obligation. It is designed to be a clear legal duty that sits at the heart of any effective financial crime framework. Without timely suspicious transaction reports, FIUs are essentially operating in the dark, unable to see emerging risks, patterns, or networks.

What “Criminal Activity” Really Means Under Recommendation 20

At first glance, “criminal activity” sounds broad, and it is meant to be. The interpretive note clarifies that the term covers all criminal acts that would qualify as predicate offences for money laundering.

There are two approaches a country can take:

• Ideally, “criminal activity” should mean all offences that are predicate offences for money laundering under national law. This is the broad approach and is strongly encouraged.
• At a minimum, it must at least cover those specific offences that are required to be predicate offences under Recommendation 3 (for example, serious fraud, corruption, drug trafficking, and other serious crimes).

The clear policy message is that loopholes should be avoided. If certain offences fall outside the definition of “criminal activity” for reporting purposes, criminals will exploit those gaps. The broad approach makes it harder for them to do so and provides FIUs with a richer, more complete picture of illicit financial flows.

Terrorist Financing: Broader Than Many Institutions Expect

The interpretive note also expands on what “terrorist financing” means in this context. It does not only concern the financing of specific terrorist attacks. It includes funding:

• Terrorist acts;
• Terrorist organisations; and
• Individual terrorists,

even if there is no identifiable link to a particular terrorist act.

This is crucial for financial institutions. Waiting for a direct link to a specific attack before filing a report is far too late. Terrorism networks require money for training, propaganda, recruitment, logistics, and day-to-day operation, not just for committing a specific attack. Recommendation 20 expects institutions to report where there is suspicion that funds may support these broader activities.

In practice, this means that patterns of activity that might initially appear low-risk or low-value can still be relevant. Unusual flows to high-risk non-profit organisations, small but repeated transfers to individuals in high-risk regions, or accounts used inconsistently with a customer’s profile may all raise suspicions, even if there is no known plot or attack.

Bastian Schwind-Wagner_Follow

"Recommendation 20 creates a clear and non-negotiable duty for financial institutions to report suspicions related to criminal funds and terrorist financing to the FIU. It pushes firms to treat reporting not as a defensive tactic, but as a core part of their role in protecting the financial system.

For compliance and legal teams, this means embedding the concepts of broad “criminal activity”, wide-ranging terrorist financing, and the inclusion of attempted transactions into their day-to-day frameworks. When implemented properly, Recommendation 20 strengthens intelligence, supports investigations, and helps close the financial channels that criminals and terrorists try to exploit."

All Suspicious Transactions Really Means All – Including Attempts

One of the most important clarifications in the interpretive note is that the reporting duty extends to all suspicious transactions, including attempted transactions, regardless of the amount.

There are three major implications:

• No minimum threshold: A suspicious transaction must be reported whether it involves one dollar or one million dollars. Risk is driven by context and behaviour, not just by size.
• Attempted transactions count: If a customer tries to carry out a transaction that raises suspicion but it is blocked, cancelled, or fails for any reason, it still has to be reported. The attempt itself is intelligence. It may show testing of controls, early-stage placement of funds, or probing by criminals.
• No materiality filter: Institutions cannot decide that a transaction is “too small” to be worth reporting. Once suspicion or reasonable grounds exist, the obligation to report is triggered.

For compliance teams, this means that internal suspicious activity reporting mechanisms must be capable of capturing:

• Transactions that were processed;
• Transactions that were rejected by the institution’s own controls; and
• Transactions that were started but not completed by the customer.

The Principle of Direct Mandatory Reporting

The interpretive note draws a sharp line between acceptable and unacceptable models of reporting. The requirement must be:

• Direct; and
• Mandatory.

“Direct” means the law imposes a clear obligation on the financial institution to report suspicions to the FIU.

“Mandatory” means that once suspicion exists, there is no discretion to keep the information internal or to decide not to report.

The document explicitly rejects what is sometimes called “indirect reporting”. Indirect reporting occurs where the only incentive to report is the fear of later prosecution for a money laundering or terrorist financing offence if the institution fails to act. In such a system, reporting is not really a direct legal duty; it is more of a defensive step taken to avoid liability.

Why Indirect Reporting Is Not Acceptable

Indirect reporting models are considered inadequate for several reasons:

• They are unpredictable: Institutions might weigh the risk of future prosecution differently and may only report when they feel personally exposed, rather than when the public interest demands it.
• They weaken the FIU’s role: If reporting is driven by fear of prosecution rather than a clear statutory duty, the FIU receives fewer reports and may not get a full view of financial crime risks.
• They create uneven standards: Some institutions may be conservative and over-report to protect themselves; others may under-report to avoid scrutiny or perceived reputational harm.

By insisting on a direct and explicit legal requirement, Recommendation 20 aims to ensure that suspicious transaction reporting is:

• Consistent;
• Systematic; and
• Focused on supporting the wider fight against money laundering and terrorist financing, rather than simply managing institutional liability.

What This Means in Practice for Financial Institutions

For financial institutions, Recommendation 20 and its interpretive note translate into a set of practical expectations:

• Strong detection frameworks: Institutions need monitoring systems and front-line awareness that can identify behaviours suggesting criminal activity or terrorist financing, including low-value and attempted transactions.
• Clear internal escalation: When suspicion arises, there must be a defined path for staff to escalate concerns, typically via internal suspicious activity reports to a compliance or financial crime function.
• Timely reporting to the FIU: Once suspicion or reasonable grounds exist, the report to the FIU must be prompt. Delays can allow funds to be moved, evidence to be lost, or networks to adapt.
• Comprehensive scope: Policies and training must reflect that the obligation covers:
  • All relevant predicate offences for money laundering;
  • Financing of terrorist acts, organisations, and individuals, even without a specific act in sight;
  • All suspicious transactions, including attempts and very small amounts.
• Understanding of legal duty: Staff should be aware that this is a direct legal obligation, not just a risk-avoidance measure. The institution’s duty to report does not depend on whether it fears prosecution.

Policy Implications for Legislators and Regulators

For countries designing or updating their financial crime laws, Recommendation 20 provides a clear blueprint:

• The law should impose a direct, explicit duty on financial institutions to report suspicious transactions to the FIU.
• The scope of “criminal activity” should be as broad as possible, ideally covering all predicate offences for money laundering.
• Terrorist financing should be defined broadly enough to capture support to terrorists and terrorist organisations even without a concrete act.
• The legal framework must cover attempted transactions and make it clear that no reporting threshold applies for suspicious transactions.
• Legislators should avoid relying on liability-based incentives or general criminal provisions as a substitute for a specific suspicious transaction reporting obligation.

A Cornerstone of the Fight Against Financial Crime

Recommendation 20 is more than just a reporting rule. It is a foundational part of how modern financial systems detect, disrupt, and deter money laundering and terrorist financing.

By clarifying what must be reported, when, and under what legal structure, the recommendation aims to create a consistent global standard. When implemented properly, it transforms financial institutions from passive service providers into active partners in protecting the integrity of the financial system.

For compliance professionals, understanding the details of Recommendation 20 is essential. It shapes how internal controls are designed, how staff are trained, how monitoring systems are calibrated, and how institutions interact with FIUs. And for policymakers, it is a reminder that clear, direct, and robust reporting obligations are indispensable in the fight against financial crime.

Dive deeper

• FATF ¦ The FATF Recommendations ¦ Link
• FATF ¦ Luxembourg’s measures to combat money laundering and terrorist financing ¦ Link