How to File a Suspicious Activity Report (SAR) in Czechia — Step-by-Step

When you spot a transaction or behavior that looks suspicious, the clock starts. In Czechia, obliged entities must notify the Financial Analytical Office (FAÚ) without undue delay using the official electronic form for Oznámení o podezřelém obchodu (often called an SAR – suspicious activity report, or STR – suspicious transaction report). Understanding how to file a suspicious activity report properly helps ensure full AML compliance and avoid regulatory issues.

Before you start: Do you really need to report?

File an SAR if you have reasonable grounds to suspect money-laundering, terrorist financing, sanctions breaches, or related crime. You don’t need courtroom-level proof—reporting is triggered by suspicion, not certainty.

Under Czech AML rules, the duty arises as soon as a suspicious transaction/activity is detected and must be reported without undue delay (i.e., as soon as practicable; do not wait for “more evidence” if the suspicion is already reasonable). 

Where and how to file a Suspicious Activity Report

To file a suspicious activity report in Czechia, use FAÚ’s electronic form and send it via your datová schránka (data box). The online form lets you mark urgency, attach evidence, generate a submission receipt, and later view the sent data in read-only mode.

Electronic SAR form: “Elektronický formulář k zaslání OPO” (FAÚ). 

Step-by-step: Completing the SAR

Tip: Prepare key facts first (who, what, when, how much, why suspicious), then fill the form in one sitting.

1) Reporter (your company) details

• Legal name, ID/registration number, contact details.
• Select your type of obliged entity (bank, VASP/crypto, accountant, lawyer, real estate, etc.).

2) Urgency flag (first line of the form)

Tick “urgent” only if it’s a § 20 situation (e.g., risk of immediate harm; postponing execution by up to 24 hours), or § 15(1) (non-execution).

If not urgent, leave it blank.

3) Your internal reference

Enter your internal file/case number so you can track the matter later.

4) Parties involved

• Client(s), counterparties, beneficial owners (if known).
• Identify with names, dates of birth/IDs or company numbers, addresses—whatever you legitimately hold.
• Do not include your employee’s personal details beyond what the law allows.

5) Transaction details

Type (cash/transfer/crypto exchange, etc.), amount, currency, date/time, accounts/wallets used, reference, location/channel (branch, online, OTC).

• If multiple related transactions form a pattern, describe them as a series.

6) Why it’s suspicious (the narrative)

In plain language, explain the red flags (structuring, unusual counterparties, high-risk geography, sanctions hit, forged KYC, inconsistent source of funds, mixing services, mule indicators, etc.).

Stick to facts; avoid speculation. Reference any internal alerts (e.g., monitoring rules that fired).

7) Sanctions link (if applicable)

If assets may be subject to international sanctions, say so and briefly describe the property, location, owner, and any imminent risk of misuse or dissipation.

8) What you did internally

Indicate if the transaction was executed, postponed, or declined, and why.

Note any account freezes/holds within your legal powers, and any steps to preserve evidence (logs, screenshots).

9) Attachments

KYC/KYB records, screenshots, payment/transfer confirmations, invoices, correspondence, blockchain explorers’ hashes/URLs, risk-engine outputs—anything that helps FAÚ quickly understand and assess the case.

Keep filenames meaningful.

10) Contact person for the case

Provide the contact of the designated person in your firm who can respond to FAÚ queries (phone and email that you actually monitor).

Submitting the report

1. Review for completeness and clarity.
2. Submit via the electronic form; if authentication fails, you can manually send via data box (the new form version supports this fallback).
3. Save the submission confirmation for your records.

After you file: what to expect

After you file a suspicious activity report, FAÚ may request additional information or clarifications. Be ready to respond promptly. Be ready to respond promptly.

FAÚ uses internal quality feedback (e.g., indicating minor or serious shortcomings) so reporters can improve future submissions. Clear, well-evidenced reports strengthen your compliance profile.

Quality checklist (use before sending)

• Urgency correctly marked (only when justified).
• Parties identified as fully as your records allow.
• Transaction facts (who/what/when/how much/how) are complete.
• Narrative explains why it’s suspicious (red flags + context).
• Sanctions link addressed (if relevant).
• Attachments included and legible.
• Clear contact person listed.
• No unnecessary employee personal data. 

Common mistakes to avoid

• Waiting too long “to be sure.” The duty is to report suspicion promptly. 
• Submitting with thin narratives (“looks odd”) and no facts or attachments.
• Forgetting urgency when there’s real risk of dissipation or harm.
• Missing beneficial owner info even though you have it.
• Not providing a reachable contact (FAÚ needs to get hold of you).

Need hands-on help?

AMS can review your internal AML process, train staff on red flags, and help you prepare high-quality SAR submissions via FAÚ’s system—end-to-end, with templates and checklists tailored to your sector (banking, payments, crypto/VASP, real estate, advisory).

Contact AMS to get expert assistance with urgent or complex SAR submissions.

FAQ: Filing SARs in Czechia

How fast do I need to submit a suspicious activity report (SAR) in Czechia?

You must file an SAR “without undue delay” — meaning as soon as you have reasonable suspicion, not after gathering full evidence. In practice, this should happen within a few days of identifying the suspicious activity. Waiting to “be certain” can be treated as non-compliance by the FAÚ.

Can I submit a draft SAR and update it later if I find new details?

Yes. You can send an initial SAR immediately and later file an additional or supplementary report once new information becomes available. The key is to ensure the first submission happens on time — updates are always better than delays.

Should I inform the client that I filed an SAR about them?

No — and doing so can violate Czech AML rules. Informing the client or related parties that a report has been made (so-called tipping-off) is strictly prohibited. All communication with FAÚ must remain confidential within your company.

Can I include multiple suspicious clients or transactions in one SAR?

Yes, if the activities are clearly connected — for example, the same client using several accounts or recurring transfers linked to the same pattern.
However, unrelated cases should always be reported separately to keep your reports clear and focused.

What supporting documents improve SAR quality?

Include everything that supports your suspicion:
– KYC/KYB data, invoices, bank statements, blockchain traces, chat records, or payment screenshots.
Well-documented SARs help FAÚ assess the case quickly and can reduce follow-up queries.

What happens after FAÚ receives my SAR?

FAÚ may request additional information or conduct an internal analysis.
If the suspicion is substantiated, they can freeze assets temporarily, forward the case to law enforcement, or close it with no action.
You might later receive a quality rating of your report (e.g., “no issues,” “minor shortcomings,” or “serious shortcomings”).

More questions

AMS helps review your AML process and prepare high-quality SAR submissions.

Need hands-on help?

Get Expert Support Regulatory Reporting & SAR Filing