Skip to content Skip to footer

Tracfin Reporting: Reporting Requirements and Step-by-Step Procedure

The Tracfin reporting refers, in operational terms, to communications between professionals subject to AML-CFT regulations AML-CFT the French Financial Intelligence Unit. This term primarily refers to the suspicion reports, but it does not constitute a single legal category: systematic disclosures of information and responses to requests for information follow distinct procedures.

In this guide, AP Solutions IO outlines the triggering criteria, the analysis steps, the rules for transmission via ERMES, and the confidentiality requirements that govern the process.

In a nutshell: When should you report to Tracfin?

A report must be filed when the professional knows, suspects, or has reasonable grounds to suspect that funds or transactions stem from a crime punishable by more than one year of imprisonment or are related to the financing of terrorism. Specific rules apply to tax fraud, and attempted transactions may also be subject to reporting requirements.

The declaration must, in principle, be submitted before the transaction is carried out in order to allow Tracfin to exercise its right to object. It is submitted via ERMES, the agency’s secure platform. The professional must provide a rationale for their analysis, retain relevant information, and strictly maintain the confidentiality of the report.

Tracfin and Reporting Requirements: What Are We Talking About?

Tracfin is France’s financial intelligence unit, which reports to the Ministry of the Economy. The unit receives reports, analyzes them, and supplements the information using its investigative powers; it may then forward relevant information to judicial authorities, government agencies, or other competent bodies.

In its most recent comprehensive report, covering 2024, Tracfin states that it received 211,165 suspicious activity reports, an increase of 13.2% compared to 2023. This increase underscores the importance of quality: a usable report must include specific facts, a clear timeline, and the reasons for the suspicion.

Report of Suspicion, COSI, and Right to Disclosure

The suspicion report is submitted at the professional’s initiative when the legal requirements are met.

The systematic reports, or COSI, apply to certain categories of transactions defined by regulations and to certain professionals. They are submitted regardless of whether there is any suspicion. A COSI never exempts one from filing a report when the analysis reveals reportable information.

The right to disclose information allows Tracfin to request information or documents as part of its investigations. The business’s response constitutes a separate obligation from a voluntary disclosure. ERMES also facilitates the exchange of files necessary for this procedure.

When to Report: Criteria for Suspicion

The decision to take action is based neither on a general threshold nor on an isolated hunch. The professional must start with concrete evidence, place it within the context of the business relationship, and determine whether any inconsistencies can be explained.

An unusual transaction does not automatically require a report

An unusual amount, an unclear source of funds, a complex structure, or a rapid succession of transactions may trigger an analysis. The transaction must be compared to the customer’s known business activity, income, behavior, and risk profile.

When the supporting documentation provided credibly resolves the inconsistencies, the declaration is not automatic. When the verification process leaves serious grounds for suspecting an illicit origin or a link to terrorist financing, the reporting requirement must be reviewed without waiting for criminal evidence.

Our guide to common errors in a suspicious activity report details insufficient justification, delays, and failure to update information—all of which weaken the cases.

Tracfin procedure

Suspicion and evidence: two different levels

The reporting party is not required to prove the violation or conduct a criminal investigation. However, the reporting party must present a rationale based on verifiable facts, inconsistencies, and the steps taken.

The phrase “a mere suspicion is enough” therefore remains incomplete. The suspicion must be substantiated, contextualized, and documented, without requiring the level of certainty that falls within the purview of investigative authorities.

Tracfin Procedure: Steps to Be Structured Internally

Regulations do not require all professions to follow the same workflow. Nevertheless, a robust organization can structure its system around five clearly defined and documented steps.

Step 1: Identify and gather the facts

The alert may come from an employee, a KYC review, a screening tool, or a transaction monitoring system. The team compiles the relevant transactions, customer data, available supporting documents, and relevant past events.

Step 2: Analyze and classify the alert

The team reviews the economic rationale behind the transaction, the source and destination of the funds, the beneficiaries, the countries involved, and the explanations provided.

This analysis should make it possible to determine whether the alert should be lifted, whether further verification is needed, or whether the conditions for filing a report have been met. A decision not to file a report must also be justifiable, particularly when the initial alert was significant.

Up-to-date knowledge of the customer directly improves this assessment. Our article on continuous KYC and transactional monitoring shows how to link changes in a customer’s profile to transactions observed over the course of the relationship.

Step 3: Involve the designated declarant

The report is usually submitted by the authorized and designated person within the organization. Internal procedures must specify roles, approval levels, escalation procedures, and continuity of operations in the event of absence.

In certain exceptional situations, particularly in an emergency, a manager or employee may take the initiative to file a report. The report must then be confirmed in accordance with the applicable rules.

Step 4: Draft and Submit via ERMES

The report must identify the reporter, the customer, or the beneficiary in question, and describe the transactions, amounts, timeline, and analytical findings that form the basis for the suspicion.

It is transmitted via ERMES, Tracfin’s secure platform. There is no general reporting threshold. The form must be factual, precise, and legible, clearly distinguishing between observed facts, explanations gathered, and the professional’s analysis.

Step 5: Complete and keep the file

After submission, any new information that could invalidate, support, or modify the declaration must be submitted without delay to Tracfin.

Vigilance documents and the information on which the analysis was based must be retained for the applicable regulatory period in a restricted-access area that allows the decision to be reconstructed.

Does the declaration have to be made before the transaction?

Prior reporting is the general rule. The professional must refrain from carrying out the suspicious transaction in order to allow Tracfin the opportunity to exercise its right to object.

A subsequent report is permitted when the professional could not delay the transaction, when a delay would have risked compromising the investigation, or when the suspicion arose after the transaction was completed. In these situations, Tracfin must be notified without delay.

Privacy: What Information Should You Not Disclose?

The existence, content, and consequences of the report are confidential. The client must never be informed that a report concerning him or her has been submitted.

Disclosures to a supervisory authority, a professional association, or any other person are permitted only in cases expressly provided for by law. The professional is protected from civil, criminal, and disciplinary liability when the disclosure is made in good faith and in accordance with legal requirements.

the specific case of cryptoasset stakeholders

Special Case of Cryptoasset Participants

Cryptoasset service providers, or PSCA, must tailor their analysis to include transfers between wallets, cross-border transactions, address exposure, and the information provided by their analytical tools.

The previous content on PSANs remains useful for understanding the key areas of concern for crypto stakeholders when dealing with Tracfin, but current regulatory terminology should now use the term “PSCA” following the end of the MiCA transition period.

Structuring Detection with AP Monitoring

AP Monitoring is the transactional monitoring solution developed by AP Solutions IO. It allows users to configure detection scenarios, identify atypical transactions, prioritize alerts, and maintain a history of how they were handled.

This traceability can inform the internal analysis conducted prior to a declaration. AP Monitoring does not legally qualify the suspicion and does not replace the decision of the authorized reporting officer. The solution helps teams match transactions to the customer’s profile and document the controls performed.

The approach toaugmented intelligence aims to make detection criteria understandable, so that teams can explain the source of an alert and justify how it was handled.

Improving the Quality of Tracfin Reporting

A robust reporting system depends on data quality, clear lines of responsibility, timely analysis, and the traceability of decisions.

AP Solutions IO steps in before the data is transmitted, helping organizations structure the detection and history of alerts. The decision to report, the drafting of the report in ERMES, and compliance with confidentiality requirements remain the responsibility of the regulated professional.

FAQ on Tracfin Reporting

Do you need to have proof before filing a claim?

No. However, the professional must base their suspicion on specific and context-specific evidence. They are not required to establish the offense themselves.

Does an unusual transaction always have to be reported?

No. It must be investigated. A report must be filed when the investigation fails to dispel the suspicion and the legal criteria are met.

Who submits the declaration?

It is usually submitted by the authorized reporting officer designated by the organization, in accordance with internal procedures and the exceptions provided for in the regulations.

Does a statement prevent the operation from being executed?

In principle, the declaration must be made prior to the transaction. Submission after the transaction has been completed is permitted only in the specific exceptional cases provided for and must be made without delay.

Does a COSI replace a suspicious activity report?

No. A COSI fulfills a mandatory requirement established by regulation. It does not exempt one from reporting when a suspicion arises.

Can we inform the customer?

No. The existence, content, and consequences of the statement are confidential.

Regulatory Sources