Suspicious activity reports

Detects references to suspicious activity reports in financial and compliance documents. Commonly found in international regulatory filings, transaction records, and audit documentation.

Type

regex

Engine

boost_regex

Confidence

medium

Confidence justification

identifier/document-structure anchored regex with constrained context replaces phrase-only detection. Added context gating and exclusion rules improve precision and reduce incidental matches.

Detection quality

Mixed

Jurisdictions

global

Regulations

GDPR

Data categories

financial

Scope

wide

Platform compatibility

Purview: Compatible, GCP DLP: Compatible, Macie: Compatible, Zscaler: Compatible, Palo Alto: Degraded, Netskope: Unsupported

Pattern

(?is)\b(?:suspicious\s+activity\s+report|SAR\s+filing|suspicious\s+transaction|anti[\s-]+money\s+laundering|financial\s+intelligence|unusual\s+transaction|currency\s+transaction\s+report|suspicious\s+matter\s+report|transaction\s+monitoring|red\s+flag\s+indicator)\b

Corroborative evidence keywords

suspicious activity reports, suspicious, activity, reports, credit, lending, insurance, financial, fiscal, monetary, accounting, treasury, audit, revenue, expenditure, budget, ledger, accounts payable, accounts receivable, balance sheet (+31 more)

Proximity: 300 characters

Should match

• suspicious activity report — Primary topic phrase match
• sar filing — Case-insensitive topic phrase match
• suspicious transaction — Alternative topic phrase match
• anti-money laundering — Additional topic phrase match

Should not match

• unrelated generic text without domain phrases — No relevant topic phrases present
• placeholder value 12345 — Random text should not match topic-specific regex
• credit premium — Generic word pair from old broad template should not match

Known false positives

• Financial terminology appearing in published reports, accounting textbooks, regulatory guidance, or template documents without actual transaction data. Mitigation: Require corroborative evidence keywords within the proximity window. Cross-reference with structured financial identifiers to confirm actual sensitive data.
• In English (as the primary international business language), standard business terminology overlapping with financial detection keywords in routine correspondence and documentation. Mitigation: Increase confidence threshold when scanning business correspondence. Layer with transaction-specific patterns for higher precision.

References

• https://www.austrac.gov.au/business/core-guidance/reporting/suspicious-matter-reports-smrs
• https://www.austrac.gov.au/business/core-guidance/customer-identification-and-verification