Blog Posts

A Better Way to Do SMRs: Lessons from a Compliance Veteran

Jeremy Liu

7 min read
A Better Way to Do SMRs: Lessons from a Compliance Veteran

Suspicious Matter Reports (SMRs) aren’t just another box to tick. When done right, they’re frontline intelligence in the global fight against financial crime. Aaron Soh knows this all too well. As the former Global Head of Compliance at Novatti Group, and currently the Managing Director of Testudo Compliance Group, he has spent a significant amount of his career investigating, collating, writing and reviewing SMRs and was happy to share his experience with us.

With input from Anti-Money Laundering and Counter-Terrorism Financing (AML/CTF) veterans like Aaron, we’re designing BNDRY to make it simpler for designated service providers to submit SMRs. That means less time gathering data and more time focusing on quality investigation details and insights.

“Writing a good SMR isn’t just about meeting your obligations,” Aaron told us. “It’s about showcasing your systems and ability to articulate a suspicion clearly and concisely with genuinely actionable intelligence.”

SMRs in context: the frontline of AML/CTF intelligence

AUSTRAC relies on designated service providers to act as its eyes and ears. SMRs are one of the most critical tools in AUSTRAC's arsenal. At their best, SMRs provide high-value intelligence on potentially suspicious or criminal behaviour, helping AUSTRAC and police target and investigate financial crime from money laundering to terrorist financing.

AUSTRAC’s SMR guidance is intentionally outcomes-focussed, rather than strictly prescriptive. That’s because the people best positioned to detect suspicious behaviour are those delivering the designated service, they're experts in the service provided and therefore best positioned to identify anomalies. AUSTRAC encourages reporting when something seems unusual for your business, leveraging your unique knowledge of your customers and your designated service.

Speed matters. SMRs related to terrorism financing must be submitted within 24 hours of suspicion being formed; all other offence types must be submitted within three business days. Timely, actionable intelligence can make a real difference to help stop financial crime and keep the community from harm. Therefore, regulated entities have a responsibility to report suspicion in a timely manner. But meeting these deadlines isn’t easy, especially when the data needed is buried across different systems and teams. The pressure is real and the workload is often heavy.

Of course, an SMR is just one piece of a bigger puzzle. Recently, AUSTRAC updated the tipping-off provisions to support more collaboration within and between regulated entities in order to share intelligence and stop criminals. This all falls in line with AUSTRAC shifting the focus from a compliance-based approach to a risk-based, outcomes-oriented approach. Rather than ticking boxes, designated service providers are encouraged to take steps towards addressing risks and reducing financial crime.

“Collaboration is key. AUSTRAC opening the door to sharing more is a good step,” Aaron noted. “But it is still crucial that more collaboration doesn’t expose sensitive data and risk tipping off.”

As Tranche 2 brings new professions into regulatory scope including lawyers, real estate agents, accountants, conveyancers and precious metal dealers, SMR reporting is an obligation they’ll all share. SMRs are the reports that provide the most actionable intelligence on potential criminal activity, and are the most useful for helping catch criminals.

SMRs can be complex

Despite how crucial they are, SMRs are notoriously painful to compile. It’s not uncommon for a single SMR to take up to two hours (or more) to complete, this could be even longer if supporting documentation needs to be gathered. The schema is dense and detailed and the information required to complete them is often spread across multiple systems. This contributes to the hours that individuals spend to gather and collate the data required for a quality SMR report. All while the clock is ticking.

Regulated entities are required by law to keep AML/CTF data and records for seven years, including SMRs. Once submitted, all of the details need to be preserved, catalogued and protected for seven years. Many organisations struggle with this requirement and resort to taking screenshots or creating a paper trail. Neither of which are an effective or secure way to retain this data.

SMR processes are typically a mix of subjective analysis and objective data gathering. Objective data, such as providing customer KYC details: address, phone numbers and transaction records, have the potential for automation. But AUSTRAC remains cautious of organisations automating the entire SMR submission processes as the subjective components of it, such as describing the ‘grounds for suspicion’, are most valuable when real people spend time providing analysis and narrative. That’s where the actual intelligence lives, the story, not just the stats.

“The most valuable part of the SMR is well-explained grounds for suspicion,” Aaron explained. “That’s where your thinking shows, not just what happened, but why it raised red flags and why you think AUSTRAC should take note.”

Because of this, it is difficult to justify (or get approval to) automate SMRs when they can’t and shouldn’t be automated end-to-end. It’s precisely the human insight and intelligence that the regulator is after, not a slick macro with a daily export.

What a typical SMR process looks like today

Every business handles SMRs a little differently. For small organisations, the SMR process might sit with a single compliance officer who juggles many roles, alongside their role as the designated AML/CTF compliance officer. In these situations, one person, or a very small team, will be responsible for identifying and investigating suspicious behaviour and submitting SMRs.

In larger organisations, frontline staff may report unusual behaviour, which triggers an internal case management process. A risk or compliance team investigates and may even escalate to senior members before deciding whether suspicion is warranted. In these organisations, there is typically recordkeeping of early signals of suspicion, otherwise known as unusual activities, right through to SMR lodgement once the suspicion is formed. This allows the organisation to collaborate and raise matters across many touchpoints where unusual customer behaviour may occur, whilst funnelling the responsibility of investigating unusual activity and submitting SMRs to a number of dedicated risk and compliance staff.

Suspicious Matter Reports are complex, time-consuming, and require input from multiple systems and people. They are mission critical to Australia’s efforts to fight financial crime. But writing them is difficult, and connecting the dots on multiple suspicious events is even harder. SMRs are fraught with sensitive information, making storing them safely of utmost importance.

That’s where BNDRY comes in.

How we’re building SMR’s in BNDRY

We’re building our SMR capability to support all levels of organisational maturity and size, from sole compliance officers in small businesses to multi-person risk teams operating at a national or international level.

Smart Forms for frontline capture

BNDRY includes configurable smart forms that help frontline staff across any industry to report unusual activity quickly and easily, whether it be banks, pubs, real estate agents or digital platforms. These forms can be tailored to reflect what’s considered “unusual” for each designated service, capturing the information needed to start a proper investigation.

A UAR to SMR pipeline

Start with an Unusual Activity Report (UAR), escalate to an SMR if suspicion is formed. Data flows automatically from the UAR to SMR so your team can focus on the details that matter. No double handling or duplicated effort.

Automated data enrichment

We pre-fill structured data from the customer entity profiles that you have in BNDRY, names, addresses, contact information, account details and more, to save time re-entering customer data. This means higher data quality, less manual work and more time spent crafting a strong narrative around the suspicious activity. This also works with integrations. If your BNDRY-integrated transaction monitoring system flags a suspicious pattern, that data can be piped directly into the SMR draft, so you're not spending hours retyping what your system already knows (and fewer typos!)

“Pre-filling the basics means you’ve already won half the battle,” said Aaron. “It frees you up to think about what actually happened, not just copy-pasting addresses.”

Structured, secure record-keeping

Every SMR and UAR in BNDRY is tracked and stored as part of your customer and entity record. Not only does this satisfy your seven-year retention obligations, it also allows you to build intelligence over time, spotting repeat behaviours, understanding risk profiles and even triggering Enhanced Due Diligence automatically based on activity thresholds.

And because BNDRY stores data in a structured, queryable format (not screenshots) you can search and connect the dots on SMR data to gain valuable risk intelligence.

Granular access control

SMRs usually contain highly sensitive information about customers. BNDRY ensures only the right users can see sensitive data, even down to the field level. That means your staff can collaborate on reports without compromising personal information, helping you meet both operational and regulatory data protection requirements.

The bottom line

We didn’t design BNDRY’s SMR capability in a vacuum. We built it by learning from the people who live and breathe financial crime compliance every day. People who’ve felt the pain of two-hour SMR submissions, endless screenshots and missed deadlines.

The result is a system that makes it faster, safer and smarter to report suspicious matters while still keeping the human insight that makes SMRs so valuable in the first place.

Whether you’re new to SMRs or just tired of the chaos, we’ll show you a better way.

Let's Talk