40 FATF 40 Recommendations
20

Recommendation 20 · Group D · Preventive Measures

Former: R.13 & SRIV

Suspicious transaction reports (STRs)

Recommendation 20 requires financial institutions to file a suspicious transaction report (STR) with the financial intelligence unit (FIU) — promptly, by law — whenever they have reasonable grounds to suspect that funds are the proceeds of criminal activity, or are related to terrorist financing. Reporting is mandatory regardless of any threshold and must occur even when a transaction is attempted but not completed.

Who must comply?

  • Banks, securities firms, insurers (life and investment products)
  • MVTS providers and money changers
  • Virtual Asset Service Providers (VASPs)
  • DNFBPs subject to STR obligations (R.23)

Key requirements

  1. 1

    Mandatory by law

    STR filing must be a legal obligation — not a voluntary action — and supported by a clear legal duty in primary legislation.

  2. 2

    Reasonable grounds to suspect

    The trigger is reasonable grounds to suspect that funds are proceeds of criminal activity (any predicate offence) or are related to terrorist financing — even if the predicate is not specifically identified.

  3. 3

    No threshold

    Reporting must apply regardless of the amount of the transaction. Even small transactions can be the subject of an STR if suspicion exists.

  4. 4

    Attempted transactions count

    STRs must be filed even when transactions were attempted but not completed (e.g., the customer was rejected during CDD or backed out after questioning).

  5. 5

    Promptly

    STRs must be filed promptly — typically within a defined number of days from the suspicion arising. Delays must be justified and documented.

  6. 6

    Direct reporting to FIU

    STRs must be reported directly to the FIU — through a secure channel — and must contain the information necessary for the FIU's analysis (parties, amounts, dates, accounts, narrative of suspicion).

  7. 7

    Liability protection

    Persons reporting in good faith must be protected from civil and criminal liability for breach of confidentiality, even if the predicate offence is not actually proven.

Practical example

Example: structuring detected at a Mexican bank

A retail customer at a Mexican bank deposits MXN 99,000 in cash on five consecutive days at different branches — pattern indicating structuring (smurfing) to avoid the MXN 100,000 reporting threshold under SHCP rules. The compliance system flags it. The compliance officer reviews, agrees suspicion is warranted (no apparent commercial source) and files a Reporte de Operación Inusual (ROI) with the CNBV (which forwards to the UIF). The customer is not informed (tipping-off prohibited under R.21). The bank is protected from liability for filing in good faith — even if it later turns out the customer was just paranoid about cash.

How Mexico implements it

Country-specific section in Spanish — Mexican regulatory references (LFPIORPI, CNBV, SAT, UIF).

México opera dos sistemas paralelos de reporte:

Sector financiero — ROR / ROI / ROIP a la CNBV → UIF

Las entidades financieras presentan tres tipos de reporte: ROR (Operaciones Relevantes, sobre umbrales), ROI (Operaciones Inusuales, sospechosas) y ROIP (Operaciones Internas Preocupantes, conducta de empleados). Se presentan a la CNBV que los enruta a la UIF.

Reportes PLD SOFOM ENR

AV — Avisos al SAT vía SPPLD

Las actividades vulnerables presentan avisos al SAT mediante el portal SPPLD en formato XML. Los avisos pueden ser de operaciones que rebasan umbrales (Art. 17) o de actos sospechosos (Art. 18 Fr. VI: aviso 24h tras detectar). El SAT enruta a la UIF.

SPPLD: portal antilavado del SAT 2026

Aviso 24h por intento (reforma marzo 2026)

El Reglamento LFPIORPI reformado introdujo el Art. 7 Bis: aviso al SAT en 24 horas tras detectar un intento de operación inusual o sospechosa, no solo operaciones consumadas. Está sujeto a actualización del formato XML.

Protección de quien reporta

El Art. 38 LFPIORPI protege de responsabilidad civil, penal o administrativa a quien presenta avisos de buena fe. Incluye a empleados que firman los avisos en nombre del sujeto obligado.

Milestones

  1. 1990

    Original Recommendation 13 on STR filing

  2. 2001

    Special Recommendation IV adds TF-related reporting after 9/11

  3. 2012

    Consolidated as Recommendation 20

  4. 2025

    October 2025 update emphasises detection of attempted transactions

Related Recommendations

Other Recommendations in Group D — Preventive Measures

9 R.9 Financial institution secrecy laws 10 R.10 Customer due diligence (CDD) 11 R.11 Record keeping 12 R.12 Politically exposed persons (PEPs) 13 R.13 Correspondent banking 14 R.14 Money or value transfer services (MVTS) 15 R.15 New technologies & virtual assets 16 R.16 Payment transparency (Travel Rule) 17 R.17 Reliance on third parties 18 R.18 Internal controls & foreign branches 19 R.19 Higher-risk countries 21 R.21 Tipping-off & confidentiality 22 R.22 DNFBPs: customer due diligence 23 R.23 DNFBPs: other measures

Official citation

FATF (2012-2025), International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation, Recommendation 20, FATF, Paris, France. Last updated October 2025.

Read the official text on fatf-gafi.org