Crypto SAR narrative: what examiners look for
A SAR is judged on its narrative. A strong one tells a clear story from evidence; a weak one asserts suspicion without showing the work. Here is what goes into a defensible crypto narrative, and what an examiner actually reads it for.
The five Ws, with on-chain specifics
The narrative discipline here is not unique to crypto. A SAR is filed for anything suspicious under BSA and AML, in a bank or a PayFac as much as an exchange. What makes the crypto version distinct is the on-chain evidence the narrative has to carry. A good narrative answers who, what, when, where, and why, and for crypto it adds the chain. Who is the subject, identified through your KYC. What was the activity, in plain terms. When did it happen. Where did the funds move, including the wallets, the counterparties, and any movement through mixers, bridges, or cross-chain swaps. And why is it suspicious, tying the on-chain pattern to a typology. The test is whether a reader who is not a blockchain analyst can follow the path.
What examiners read it for
Three things. Whether the conclusion follows from the evidence presented. Whether the description is clear and complete enough to be useful to law enforcement. And whether your own process is visible in the file: what triggered the alert, what was reviewed, who dispositioned it, and why. The most common finding is a narrative that states a conclusion without the supporting facts behind it, or a file where the evidence the narrative refers to cannot be located.
Where the narrative comes from
FinQub is the single source of truth for fintech risk decisions. The evidence a crypto narrative draws on, the alert, the wallet exposure, the KYC result, and the counterparty trail, lands on one record per customer. The analyst writes the narrative and files the SAR in the case tool, working from a complete view rather than compiling it across Chainalysis, the KYC console, and a spreadsheet first. FinQub supplies the facts; the judgment and the filing stay with your analyst.
Because the evidence behind each narrative stays on the record with the policy version that applied, the file an examiner pulls months later matches the narrative: the facts it cited are still there, in one place.
A checklist for a defensible crypto SAR narrative
- Identify the subject through your own KYC, not by wallet address alone.
- State plainly what the activity was, before any on-chain detail.
- Trace where the funds moved: wallets, counterparties, and any mixer, bridge, or cross-chain hop.
- Tie the on-chain pattern to a named typology, so the why is explicit, not implied.
- Show your process: what triggered the alert, what was reviewed, who dispositioned it.
- Keep every fact the narrative cites on the record, so the file still matches the narrative at exam time.
Frequently asked questions
What should a crypto SAR narrative include?
The narrative should answer the five Ws: who the subject is, what the activity was, when it occurred, where it moved (the wallets, counterparties, and any cross-chain movement), and why it is suspicious. For crypto it also needs the on-chain specifics: addresses, exposure categories, and the path of funds, written so a reader who is not a blockchain analyst can follow it.
What do examiners read a SAR narrative for?
Whether the conclusion follows from the evidence, whether the activity is described clearly enough to be useful to law enforcement, and whether the institution's own process is visible: what triggered the alert, what was reviewed, and why the disposition was reached. A narrative that asserts suspicion without showing the supporting facts is the common finding.
Does FinQub write the narrative?
No. The narrative is written and the SAR is filed by your analyst in your case tool. FinQub supplies the evidence the narrative is built from, on one record: the alert and what triggered it, the wallet exposure, the KYC result, and the counterparty trail. The analyst works from a complete view instead of compiling it across consoles first.
How much on-chain detail belongs in the narrative?
Enough to let a non-specialist follow the path of funds, and no more. Name the wallet addresses, the exposure categories, and the counterparties, and explain in plain terms how the funds moved through any mixer, bridge, or cross-chain swap. Keep the full transaction trail attached to the file as supporting evidence rather than dumping every hop into the prose. The narrative tells the story; the record holds the proof.
None of this replaces your tools. FinQub is the record every vendor signal lands on, running on the stack you already use. See how the evidence gets assembled before the narrative, or book a short walkthrough below.