The reporting a suspicious transaction to Tracfin directly triggers your AML-CFT compliance framework. It is triggered when an anomaly goes beyond a simple operational alert : economic inconsistency, insufficiently justified source of funds, unusual arrangement, atypical transaction, potential link to a crime or terrorist financing.
At AP Solutions IO, we know that the challenge lies as much in filing the DS Tracfin as it is characterization of the suspicious activity, the strength of the case, and the traceability of the analysis. During an ACPR audit, an internal review, or a request for justification, the institution must be able to explain why the report was filed at that specific time.
Section Article L. 561-15 of the Monetary and Financial Code requires reporting entities to report to Tracfin any sums or transactions whose illicit origin they know, suspect, or have good reason to suspect. This obligation applies when such sums or transactions stem from an offense punishable by a prison sentence of more than one year, or when they are linked to the financing of terrorism. Attempted transactions also fall within the scope of this obligation.
What constitutes a suspicion in the context of AML-CFT
A suspicion of AML-CFT is not based on a single hunch. It is built onconverging clues : unusual client behavior, inconsistencies in documentation, a deviation from the expected profile, or a lack of economic justification. It may also result from a beneficial owner that is difficult to identify, exposure to a high-risk country , or the presence of a politically exposed person, also known as a PEP.
Your challenge is to distinguish thetechnical alert from legally actionable suspicion. An alert may be dismissed after analysis; a suspicion arises when the available information no longer allows for the reasonable exclusion of a risk of money laundering, tax fraud or terrorist financing.
In a high-stakes organization, this assessment must be thoroughly documented. The file details the red flags identified, the checks conducted, internal communications, the supporting documents requested, and the final decision. This approach protects your institution and enhances the reliability of suspicion reports submitted to Tracfin.
This procedure is part of the broader framework of Tracfin, money laundering and AML-CFT compliance. It must therefore align with your internal policies, your risk mapping and your ongoing controls.
Who Must File: A Structured and Regulated Responsibility
The report of a suspicious transaction submitted to Tracfin should not be the result of an isolated initiative. It is part of a formalized governance process: according to Tracfin, Tracfin liaison, compliance officer, legal department, internal audit, or even senior management, depending on the sensitivity of the case.
In practice, the authorized filer compiles the necessary information, assesses the admissibility of the application, and submits it. This process helps minimize incomplete filings, loss of information, and decisions that lack sufficient documentation.
At AP Solutions IO, we recommend distinguishing between three levels: alert detection, compliance-driven analysis, and declarative decision-making. This approach streamlines case processing while maintaining a clear audit trail for both internal teams and regulatory authorities.
Contents of the Tracfin report: required information
A effective DS Tracfin system is not merely about flagging anomalies. It must enable Tracfin to understand the case, the individuals involved, the financial flows, the grounds for suspicion, and the due diligence already performed.
The reporting form includes information regarding the individuals and legal entities concerned. Depending on the circumstances, it may include professional activity, assets, registration number, legal form, or sector of activity.
A usable report generally includes the identity of the customer, the beneficial owner and related parties. It describes the transactions in question, including amounts, dates, accounts, and counterparties. It also includes KYC, KYB or KYT the source of the suspicion, the analysis conducted by the compliance team, the supporting documents requested, and the reasons why the explanations provided remain insufficient.
Relevant documents should be attached when they help clarify the case: identification documents, articles of incorporation, bank statements, proof of the source of funds, or correspondence with the client. The report may also mention actions already taken, such as enhanced monitoring, placing the transaction on hold, or a supplementary report.
The quality of the writing is just as important as the reliability of the data provided. A suspicion report to Tracfin must be structured, factual, and clear. It is strengthened when it distinguishes between observed facts, the customer’s statements, and the analysis conducted by the institution.
Submission via ERMES: A Secure Process to Master
A declaration is submitted via ERMES, the secure platform of Tracfin. Thedecree of June 6, 2013 organizes this transmission via an online procedure, with electronic filing, authentication of the filer, electronic signature, and secure transmission.
Since February 1, 2025, the use of ERMES has become mandatory for all eligible professionals. Exceptions remain, particularly in cases of special emergencies or if the secure platform is unavailable.
For your teams, masteringERMES requires advance preparation. The filer must have the necessary authorizations, a complete file, and an internal validation process. The challenge goes beyond the technical procedure: the goal is to submit a clear, well-supported declaration that is consistent with your risk map.
Timeframe and urgency: immediate or supplemental reporting
Compliance with reporting deadlines is one of the most critical aspects of the system. Article L. 561-16 of the Monetary and Financial Code requires reporting entities to refrain from carrying out a suspicious transaction until it has been reported. This obligation applies when they know, suspect, or have good reason to suspect theillicit origin of the funds or a link to financing of terrorism.
When the transaction has already been completed, Tracfin must be notified immediately in the situations specified by the law. This requirement calls for an organization capable of making decisions within tight deadlines without compromising the quality of the analysis.
The supplementary statement serves a specific purpose. Article L. 561-15 of the Monetary and Financial Code provides that any information likely to invalidate, confirm, or modify the information already submitted must be brought to the attention of Tracfin.
In practice, your organization must answer three questions: at what point does a report become a suspicion, who validates the report, and how should information received after the report is filed be incorporated? A written procedure reduces hesitation, particularly when dealing with an urgent matter, a sensitive client, or a reputational risk.
Non-disclosure and Whistleblower Protection
The suspicion report is confidential. The principle of non-disclosure, often referred to as “tipping-off,”, prohibits disclosing to the customer or to third parties the existence, content, or consequences of the report. This principle is specifically governed by Article L. 561-18 of the Monetary and Financial Code, while Article L. 561-19 regulates certain limited cases of disclosure to judicial authorities.
This rule serves a clear operational purpose: to maintain the effectiveness of investigations and prevent clients from altering their behavior. It must be understood by advisors, account managers, and analysts ,, sales teams, and senior management.
Whistleblower protection is the other component of the system. Article L. 561-22 of the Monetary and Financial Code provides, in particular, that no prosecution may be brought based on certain provisions of the the Criminal Code may be brought against the reporting person. This protection applies when the suspicion report was made in good faith, under the conditions provided by law. It also provides protection against civil liability claims and certain adverse professional measures.
Automate the detection of suspicious transactions with AP-Scan
The quality of a suspicious activity report submitted to Tracfin depends on your ability to identify early warning signs before they fall outside the scope of analysis. Traditional approaches reach their limits when transaction volumes increase, customers use multiple channels, and transactions are split up.
With AP-Scan, we help regulated institutions streamline the detection of atypical transactions, while maintaining an explainable interpretation of alerts. Our Glass Box approach, based on augmented intelligence, prioritizes traceability: rules, criteria, weightings, analysis history, and justification of decisions.
This approach is part of an API-interoperable SaaS architecture, hosted in France and compliant with GDPR, auditability requirements, and the principles of the European Artificial Intelligence Act (AI Act). The goal is to enhance the decision-making capabilities of compliance teams through a robust, configurable, and defensible analytical foundation.
AP-Scan can be linked to AP-Scoring, AP-Monitoring and AP-Filter to cover onboarding, transaction monitoring, sanctions screening, and the identification of PEP, identification of reputational risk (adverse media) and ongoing monitoring. This approach reduces false positives, structures investigations, and improves the quality of the files submitted to Tracfin.
To evaluate AP-Scan in your system, visit our AP-Monitoring, automated detection of suspicious operations.
Best practices for a usable and auditable report
A robust Tracfin report is prepared prior to submission. The most reliable institutions integrate the report into a comprehensive process: KYC, KYB, KYT, scoring, transaction monitoring, sanctions screening, human review, and traceability.
We recommend establishing several standard procedures: documenting warning signs as soon as they are detected, retaining relevant supporting documentation, distinguishing facts from assumptions, and then documenting the analysis conducted by the compliance team. A regular review of detection scenarios and false positives should also be scheduled.
This practice improves the consistency of your reporting, facilitates internal controls, and enhances the credibility of your system in the eyes of regulators.
In 2024, Tracfin received 215,410 reports, including 211,165 suspicious activity reports submitted by regulated professions. The Ministry of the Economy also highlights the importance of the quality of these reports and the work carried out with theACPR to improve the data submitted.
FAQ on Reporting Suspicious Activity to Tracfin
Can the declarant be prosecuted for making a false declaration?
The reporting party is protected when acting in good faith and complying with the legal requirements for reporting. The Monetary and Financial Code provides protection against certain criminal prosecutions, civil liability claims, and adverse professional measures. This protection does not cover fraudulent conduct or abuse of process.
How many suspicious activity reports does Tracfin receive each year?
In 2024, Tracfin received 211,165 suspicious activity reports, out of a total of 215,410 reports received. This volume reflects the intensification of AML-CFT and the importance, for regulated institutions, of having tools capable of generating qualified, documented, and actionable alerts.
Securing the DS Tracfin through methodology and traceability
The suspicion report requires rigorous organization. It draws on your KYC, your transaction monitoring rules, your risk analyses, your internal governance, and your ability to justify the decision to file a report.
At AP Solutions IO, we design AML-CFT compliance as a demonstrable requirement. Thanks to Glass Box, an API-interoperable SaaS architecture and hosting in France, we help you strengthen your compliance framework. Our approach, designed by experienced specialists in AML, strengthens your detection, qualification and traceability.
To organize your alerts, reduce false positives, and ensure the accuracy of your reporting files, request a demo ofAP-Scan and let’s discuss how to structure your AML-CFT framework.
