Submission format for suspicious activity reports
Suspicious activity reports (SARs) must still be submitted either via the web interface of the goAML system or in a structured, machine-readable XML format. Other transmission methods are not permitted. Attachments must be submitted in a format specified by the FIU, which is machine-readable and electronically searchable. Exceptions to these formal requirements are only permitted in the event of system disruptions. In such cases, obliged entities may use alternative submission channels, as published on the FIU’s website.
Mandatory fields in a suspicious activity report
The GwGMeldV puts a stronger focus on standardisation. Data such as personal and account details, payment information, reporting reasons, and background facts must now be provided in required fields and filled out completely. The possibility of describing complex cases solely in free text fields is significantly reduced. Especially for transactions, the regulation now requires more detailed data than before. Funds must be recorded with precision — including date, amount, currency, account details, payment references, and the beneficial owner involved.
The goal is clear: the FIU should be able to process reports automatically and reduce the need for manual follow-ups or clarifications.
However, this also means that submitting a legally compliant, data-driven SAR will become more demanding and time-consuming for obliged entities.
Requirements for case descriptions
The GwGMeldV ties the factual description of a case even more closely to the due diligence obligations under the AML Act. Specifically, the data collected in accordance with: Section 10 GwG (type and purpose of the business relationship) and Section 11 GwG (identification obligations and beneficial ownership) are now explicitly required in every suspicious activity report. These KYC details are now a mandatory part of the report content.
Additional requirements for crypto transactions
For the first time, the regulation explicitly requires the following information for transactions involving crypto assets: Blockchain transaction ID, amount in cryptocurrency, conversion rate to euros. This represents a clear tightening of reporting obligations for crypto service providers, who must ensure their systems can record and transmit these data in structured form. Banks that are involved in crypto transactions are also affected and cannot opt out. Without this information, a report will not be considered legally compliant.
New requirements for real estate transactions
Another area affected by stricter obligations is real estate. The GwGMeldV requires SARs to include additional information beyond previous standards. In addition to the usual data on parties and purchase price, reports must now include: Location and type of use, land register reference, size of the property, purchase price. These are now mandatory fields within the SAR submission.
Technical validation of reports
To check whether SARs are submitted in the correct format and contain all required information, the FIU may apply technical validation procedures. This makes automated checks binding — incomplete or incorrect reports can be rejected more quickly or returned for revision.
More time for implementation
The effective date of the regulation was postponed by five months compared to the draft issued by the Federal Ministry of Finance on 22 April 2025. Instead of taking effect in October 2025, the final version will apply from 1 March 2026.
This transitional period gives obliged entities valuable time to adapt their systems to the new reporting standards — time that is urgently needed given the scope of the changes.
Deutsch 
English (UK)