Tipping Off: The AML Prohibition Explained
The tipping off offence in anti-money-laundering law prohibits disclosing to a person (usually the subject of investigation) that a suspicious activity report has been filed, that they are under investigation, or that financial institutions or regulators are examining their activity. Breach carries criminal penalties and undermines the entire AML framework by allowing suspects to hide evidence or move funds before authorities intervene.
The Legal Foundation: Why Tipping Off Exists
Anti-money-laundering statutes in the US (Bank Secrecy Act), UK (Proceeds of Crime Act), EU (AML Directive), and most other regimes explicitly criminalize tipping off. The rationale is simple: if a person learns that authorities have filed a SAR or begun investigating their finances, they can destroy evidence, move illicit funds, or flee the jurisdiction. Tipping off eviscerate the enforcement mechanism.
The offence applies broadly. It is not just executives and compliance officers who are liable—employees who mention a SAR, customer service representatives who hint at scrutiny, advisors to the institution, and even external consultants can breach the rule if they alert a subject.
The offence is strict liability in many jurisdictions: there is no requirement to prove intent to obstruct justice. Careless disclosure—even a hint—can trigger prosecution.
What Constitutes Tipping Off
Courts and regulators have defined “disclosure” expansively.
Direct disclosure is clearest: “We filed a SAR on your account” or “Regulators are investigating you.” This is unambiguous tipping off.
Indirect disclosure is also caught. Mentioning that “we are conducting enhanced due diligence” or “your transactions are under heightened review,” especially after a SAR is filed, can constitute tipping off if the recipient infers that a report was made. Timing matters: a disclosure made shortly after a SAR filing is probative.
Warnings via third parties count. If a compliance officer tells a lawyer “make sure your client doesn’t move their money,” and the lawyer passes that message, both may be liable.
Non-verbal conduct has been prosecuted. In one notable UK case, an advisor’s abrupt termination of a client relationship, coinciding with a SAR, was deemed to have tipped off the client.
The key test is whether a recipient could reasonably infer that a report has been filed or an investigation opened. The subjective intent of the discloser is often irrelevant; the objective effect is what matters.
Timing and the “In the Course Of” Language
Many statutes phrase the offence as tipping off someone “in the course of or in connection with” a SAR or investigation. This means the prohibition begins from the moment an institution decides to file a SAR—not from the moment the regulator receives it.
Once a SAR is filed, the financial institution and its employees typically cannot disclose the fact to the subject, even if the regulator has since closed the case or taken action. Some jurisdictions recognize a narrow exception once authorities have taken overt enforcement action (e.g., a public indictment); others maintain the prohibition indefinitely.
The phrase “likely to be used for or in connection with a money laundering investigation” captures prospective cases: disclosing information that would tip off a subject about a pending investigation is also prohibited.
Who Is Covered
Financial institution employees at all levels are covered—from the customer-facing banker to the CEO and compliance officer (Money Laundering Reporting Officer, or MLRO).
Advisors and service providers to the institution—auditors, compliance consultants, AML technology vendors—can also be liable if they are aware of the SAR and disclose its filing or the investigation.
Legal counsel enjoys a carve-out in some jurisdictions. Attorney-client privilege may shield communications between an in-house lawyer and the institution or between the institution and external counsel. However, privilege is narrow: a communication must be made for the purpose of seeking legal advice, not for business purposes. Disclosure to the public or to the client in a non-privileged context can still breach the tipping off offence.
Board and shareholder communications present a grey area. If the institution must disclose a SAR or investigation in a regulatory filing or to auditors, the disclosure is often protected—but only if required by law. Volunteering the information can still be tipping off.
Defenses and Exceptions
Legally required disclosure is the primary exception. If a court order, regulator demand, or statutory obligation compels disclosure of the SAR, the financial institution must comply. The tipping off offence yields to lawful compulsion.
Disclosure within the institution for compliance purposes is typically protected. An MLRO can brief the board or senior management on a SAR without breaching the rule, as long as the information does not reach the subject.
Disclosure to law enforcement or regulators is not tipping off; these agencies are the intended recipients.
Disclosure to comply with sanctions or public enforcement action may be permitted once the action is public. However, courts differ on this: some hold that the offence applies until the subject is formally charged; others apply it until the subject is publicly identified.
Good faith belief of legal exception rarely succeeds as a defense. The offence is strict liability; an employee’s honest but mistaken belief that disclosure was safe does not excuse breach.
Penalties and Regulatory Consequences
Criminal penalties vary by jurisdiction but typically include:
- Fines up to millions of dollars (often proportional to the institution’s size and the severity of the breach)
- Imprisonment for individuals, typically 2–5 years, with more in egregious cases
- Disgorgement of profits if the disclosure was made for commercial gain
Regulatory consequences include:
- License suspension or revocation for the institution
- Restrictions on hiring individuals involved in the breach
- Enforcement action by banking regulators (Federal Reserve, OCC, FCA, PRA, BaFin, etc.)
- Public censure and reputational damage
Civil liability can attach to the institution even if criminal prosecution of individuals fails. Regulators and prosecutors pursue institutional SAR-breaches vigorously because the violation strikes at the heart of the AML ecosystem.
Real-World Context
Financial institutions are acutely aware of the tipping off offence. Most have strict internal protocols:
- Designated compliance officers only can decide whether to file a SAR
- Employees are trained never to discuss a SAR with anyone outside a narrow compliance circle
- Customer-facing staff do not learn which accounts are under investigation
- Termination of a relationship is processed through neutral channels and no reason is given that could hint at AML concerns
- External advisors sign confidentiality agreements and are told only what they need to know
Despite these safeguards, breaches occur. They may be accidental (an employee mentions scrutiny to a customer), reckless (a manager discusses a SAR in an overheard phone call), or deliberate (an advisor tips off a client for a fee). Each triggers investigation.
See also
Closely related
- Suspicious Activity Report — the core disclosure mechanism in AML
- Money Laundering Reporting Officer — the executive responsible for SAR decisions
- Know Your Customer — initial due diligence to detect AML risk
- Anti-Money Laundering — the regulatory framework containing the tipping off offence
- Beneficial Ownership — information protected from disclosure under tipping off rules
Wider context
- Proceeds of Crime Act — UK statutory basis for tipping off offence
- Bank Secrecy Act — US statutory basis
- Regulatory Enforcement — mechanisms by which regulators punish breach
- Financial Crime — broader category of offences including money laundering