Suspicious activity reports

Detects references to suspicious activity reports in financial and compliance documents. Commonly found in Australian regulatory filings, transaction records, and audit documentation.

Type

regex

Engine

boost_regex

Confidence

medium

Confidence justification

identifier/document-structure anchored regex with constrained context replaces phrase-only detection.

Detection quality

Mixed

Jurisdictions

au

Regulations

AML/CTF Act (Cth), IPA 2009 (Qld), NDB Scheme (Cth), Privacy Act 1988 (Cth), SOCI Act 2018 (Cth)

Frameworks

ISO 27001, ISO 27701, PCI-DSS, SOC 2

Data categories

financial

Scope

wide

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?is)\b(?:suspicious\s+activity\s+report|suspicious\s+matter\s+report|unusual\s+transaction|threshold\s+transaction|financial\s+intelligence|compliance\s+reporting|suspicious\s+behaviour|transaction\s+alert)\b

Corroborative evidence keywords

suspicious activity reports, suspicious, activity, reports, credit, lending, insurance, financial, fiscal, monetary, accounting, treasury, audit, revenue, expenditure, budget, ledger, accounts payable, accounts receivable, balance sheet (+19 more)

Proximity: 300 characters

Should match

• suspicious activity report — Primary topic phrase match
• suspicious matter report — Case-insensitive topic phrase match
• unusual transaction — Alternative topic phrase match
• threshold transaction — Additional topic phrase match

Should not match

• unrelated generic text without domain phrases — No relevant topic phrases present
• placeholder value 12345 — Random text should not match topic-specific regex
• credit premium — Generic word pair from old broad template should not match

Known false positives

• Financial terminology appearing in published reports, accounting textbooks, regulatory guidance, or template documents without actual transaction data. Mitigation: Require corroborative evidence keywords within the proximity window. Cross-reference with structured financial identifiers to confirm actual sensitive data.
• In Australian English, standard business terminology overlapping with financial detection keywords in routine correspondence and documentation. Mitigation: Increase confidence threshold when scanning business correspondence. Layer with transaction-specific patterns for higher precision.

References

• https://www.austrac.gov.au/business/core-guidance/reporting/suspicious-matter-reports-smrs
• https://www.austrac.gov.au/business/core-guidance/customer-identification-and-verification