Form of submission of suspicious activity reports
Suspicious activity reports must continue to be submitted either via the goAML system web mask or in the structured machine-readable XML file format. No other means of transmission are envisaged. Attachments should be included with the report in a format provided by the FIU that can be analysed automatically and searched electronically. Exceptions to these formal requirements are only provided for in the event of disruptions: In these cases, the obliged entities may use alternative transmission channels, about which the FIU provides information on its website.
Mandatory details of a suspicious activity report
The GwGMeldV places greater emphasis on standardisation. Personal and account data, payment information, reasons for reporting and background information are requested in mandatory fields and must be completed in full. The possibility of presenting complex facts exclusively in free text fields is thus significantly reduced. For transactions in particular, the regulation now requires more detailed information than before. Money movements must be recorded precisely with the date, amount, currency, account details, payment references and the respective beneficial owner.
The aim is clear: the FIU should be able to process reports automatically and manual enquiries or checks should be reduced.
However, this also means that the internal effort for the legally compliant, data-based submission of a suspicious activity report on the part of the obliged entities will become more complex and costly.
Requirement for the statement of facts
The GwGMeldV links the presentation of the facts even more closely with the existing due diligence obligations of the Money Laundering Act. Specifically, the data collected in accordance with Section 10 AMLA (nature and purpose of the business relationship) and Section 11 AMLA (identification obligations and details of beneficial owners) are now expressly included in the information required for the statement of facts. This KYC data is now a mandatory part of a SAR.
Special features of crypto transactions
With regard to transactions with crypto assets, the legislator is explicitly requiring the blockchain transaction ID, the amount in cryptocurrency and the conversion rate in euros for the first time. This is a significant tightening for crypto service providers, as they must organise their systems to record this data in a structured manner and report it electronically. Even banks that come into contact with crypto transactions cannot avoid the obligation. Without this information, legally compliant reporting is not possible.
New requirements for property transactions
Another area in which the requirements have been tightened concerns property transactions. Here, the GwGMeldV stipulates that suspicious activity reports must contain additional information that goes beyond the previous requirements. In addition to the familiar information on the contracting parties and the purchase price, more detailed information on the property itself must now also be provided. Mandatory fields now include, for example, the location and economic type of the property, land register data, size and purchase price.
Technical procedures for checking notifications
The FIU can use technical procedures to check whether reports have been submitted in the prescribed form and contain the required information. This makes automated validations binding and incorrect reports can be rejected or requested more quickly.
More time for implementation
The entry into force of the ordinance was postponed by five months in the final version compared to the draft ordinance (draft ordinance of the Federal Ministry of Finance dated 22 April 2025). Instead of October 2025, it will now apply from March 2026.
The purpose of the transition period is to give obliged entities the opportunity to adapt their systems to the new requirements. Time that they urgently need in view of the change.
Deutsch 
English (UK)