By 2026, AML teams will have the ability to quickly identify risky cross-chain transactions. They'll be able to gather all the evidence they need and create a FinCEN-ready Suspicious Activity Report (SAR) in just a few hours instead of the weeks it used to take. How cool is that? On top of that, they'll make sure to keep everything confidential and stay on top of the EU Travel Rule and DAC8 deadlines. Take a look at this handy guide below that’ll help you turn “SARs onchain” into something real! And don’t worry--we’ve got tips to keep your PII safe and ensure that no one gets tipped off.

Automating “Suspicious Activity Reports” (SARs) Onchain

---

Hey, so you noticed a chain-hop with approved exposure at 2:13 a.m.? m. And just like that, the 30-day SAR countdown begins! Your analyst has some responsibilities to handle: Alright, let’s break down how UTXO and account-based systems link up across more than five different blockchains, and yeah, some of those chains make use of bridges to connect everything. It's pretty interesting how these systems interact!

• Make sure to run those counterparty Travel Rule checks. Don't forget to keep an eye out for any risks that come with self-hosted wallets and the whole CASP-to-CASP situation!
• Check out the most recent updates from the OFAC SDN. Make sure you put together a strong narrative along with all the necessary attachments that can really stand up to any examiner's review. It’s a good idea to use a BSA E-Filing XML batch--this way, you won’t have to type the same information over and over again. Trust me, it’ll save you some time and headaches down the road! If you happen to skip any of these steps, you're definitely at risk of filing late. Plus, there's a chance that you might end up “tipping off” someone when engineers leave some clear traces on the blockchain.
• In the meantime, the rulebook is still experiencing some changes.
• For U.S. If you come across anything suspicious, make sure to file your initial Suspicious Activity Report (SAR) within 30 days. If there’s no suspect involved, you’ve got a bit more time - you can file it within 60 days. Just stay on top of it! After that, make sure to keep track of everything that’s happening every 90 days. You’ll want to have check-ins scheduled for about 120 to 150 days later too.
  (federalreserve.gov). So, just a heads up for anyone in the EU: the Travel Rule, which falls under Regulation (EU) 2023/1113, is set to take effect on December 30, 2024. That’s when the final guidelines from the EBA will start rolling out. Just something to keep an eye on! Here’s the scoop on what CASPs need to take care of, including how to deal with self-hosted addresses.
  (eur-lex.europa.eu). Oh, and just a heads-up about DAC8! It's set to start collecting data on January 1, 2026. Make sure you keep that on your radar! Hey, just a heads-up! The first reports are supposed to be in by September 30, 2027. Hey, just a heads up--your data model for 2026 needs to line up with CARF already. (taxation-customs.ec.europa.eu).
• Late or low-quality SARs: You know those 30/60-day deadlines? They’re pretty straightforward--being “almost on time” just doesn't make the cut. Just a heads-up, the stuff examiners find can really build up over time, making things a lot trickier later on.
• Keeping things private is super important: SARs are confidential. Hey, just a heads up - if you accidentally let slip any info about a SAR or even suggest that one’s out there in places you shouldn’t, that’s definitely overstepping. This actually breaks the rules set out in 31 U.S.C. So, let's talk about 5318(g)(2) and how it plays out in different industries. There are some specific rules that apply, and they can vary quite a bit depending on the sector. It's interesting to see how these guidelines shape practices and compliance across the board! Keep an eye out for any on-chain "clues" that could hint at a SAR (Suspicious Activity Report). These could lead to some pretty big problems down the line. (federalreserve.gov).

So, when it comes to the Travel Rule operations, things are still pretty all over the place. The communication between different CASPs, the IVMS101 payloads, and making sure you’re validating your counterparty is kind of a headache, honestly. It’s mainly due to those protocol silos we’ve got going on--like TRP, TRISA, and TRUST. It’s a bit of a tangled web right now! If you find yourself dealing with misroutes and having to retry things, you’re definitely creeping closer to that scary Day 30. (trisa.io).

• Cross-chain blind spots: It's getting pretty wild out there! Criminals are getting really clever, moving dirty money around through decentralized exchanges (DEXs), bridges, and swaps. It's estimated that by mid-2025, we're going to see over $21 billion in cross-chain crime. Crazy, right? If you're just focusing on single-chain alerts, you're really not seeing the whole picture. (elliptic.co).

We’ve put together a solid operating model that dives into the technical details when necessary, but also keeps things safe and sound whenever legal issues come into play. We're focused on minimizing any unnecessary manual tasks, all while ensuring that we never store sensitive SAR content on public chains.

1. Easily Trackable Coverage and Ingestion.

• Multi-Chain Listening: We’ve got you all set when it comes to both EVM and non-EVM chains, DEX pools, and those major bridge events. No worries there! Mempool hooks are super handy for spotting those early “pre-confirm” risks, like when transactions are on their way to a known mixer. They give you a heads-up before things get finalized!
• Checking for Sanctions and Politically Exposed Persons (PEPs): You can easily plug in OFAC’s Sanctions List Service (SLS) for SDN and consolidated lists with our Advanced Data Model. It’s super straightforward! Oh, and don't forget to subscribe to deltas and use hash verification for your downloads! It’s a great way to add that extra layer of security and peace of mind. (ofac.treasury.gov).
• Travel Rule Interoperability: We've got your back with TRP (OpenVASP) and TRISA flows, using IVMS101. Plus, we’re all about mutual TLS and directory lookups to keep things running smoothly! We've set up our system to make sure that payloads are normalized. That way, you can always follow your risk policy, regardless of the protocol your counterparty decides to use. (openvasp.org).
• Regulatory Calendars: Just a quick reminder! The EBA Travel Rule ruleset is set to roll out on December 30, 2024. Also, keep in mind that DAC8 data capture will begin on January 1, 2026, and it's all aligned with CARF. Make sure you’re ready for these changes! Hey there! Our data model actually highlights fields that pop up in SAR narratives and DAC8 exports. This way, you can skip the hassle of redoing things and save some time! (eba.europa.eu).

2) Detection That Speaks Examiner Language (Not Just "Anomalies")

• Typology Libraries Adjusted for 2025/2026 Trends: We’ve got some cool chain-hopping sequences that jump between 3 to 10 chains. Plus, there are speedy off-ramps between DEX and CEX, patterns that definitely hint at state-sponsored exchanges, and some interesting connections with mixers. If you want to dive deeper into this topic, check out the article on Elliptic. There's a lot of interesting info there!
• They've got some really useful vendor intelligence tools, too. Things like “sanctioned entity exposure” and “ransomware cluster proximity” can really come in handy. "These tools really help us link up on-chain patterns with our watchlists and case notes." So, looking at reports from 2024 to 2025, it turns out that a big portion of the illegal activity is still tied to sanctions. It's kind of wild how much of an impact those sanctions continue to have! Hey! If you're curious about the latest on crypto crime, definitely take a look at the details from TRM Labs. They’ve got some really insightful information that’s worth checking out!
• Time-to-Triage SLAs: Here at our place, speed is everything! You can turn an event into a case in just a few minutes. The clock starts ticking toward that important Day-30 milestone as soon as we spot the “initial detection,” a term that’s laid out by U.S. guidelines. Just a heads-up--make sure to get your guidance before that alert shows up! We always make sure to add that timestamp right in the case timeline. That way, there's no room for confusion! If you're looking for more info, check out the insights from the FDIC. They’ve got some great details on the importance of timely and effective suspicious activity reports.

3) Evidence Provenance Without PII Leakage

• Zero-knowledge attestations:
• With zkTLS/TLSNotary, you can easily prove that “we checked against the OFAC SLS as of YYYY‑MM‑DD HH:MM UTC” or “we confirmed the counterparty CASP policy at URL X” without having to share any session details. It’s a cool way to maintain privacy while still providing verification! This way, you can get strong cryptographic proof for any web-based evidence you need, all while keeping your session secrets nice and secure. Take a look at this: (tlsnotary.github.io). You won't want to miss it!
• Selective disclosure credentials:
• Group your attestations together as W3C Verifiable Credentials and use BBS+ signatures for smart selective sharing. You might say something like, “SAR was submitted at t0; the ack ID has been redacted.” "These are really high-quality and auditor-friendly, plus you can verify them offline. Just a heads-up though, they’re definitely not meant for public chain postings." More info here: (w3c.github.io).
• Onchain commitments (carefully): If you want to keep things secure, a good move is to use salted hashes for any non-personally identifiable information and tie them to a permissioned ledger or use a delayed-publish method. It’s a smart way to maintain integrity! To steer clear of any hint that "a SAR is out there," it's best to avoid using public mainnets in real-time. We've got some pretty solid confidentiality rules to keep your info safe, and we’ve put all the right controls in place to make sure those boundaries are respected. Learn more here: (federalreserve.gov).

4) Auto-Drafting SARs for Your BSA Officer's Signature

• Narrative Scaffolding:
• We’ve crafted our templates to match up nicely with FinCEN SAR elements and what examiners usually look for in narratives. We’ve got all the essentials covered--who did what, where it happened, how it went down, and why it matters. Plus, we make sure everything is clearly labeled and that the evidence chain is super transparent.
• BSA E-Filing Integration:
• We’ve made it super simple to create SAR XML files for bulk uploads--just like how you’d handle FinCEN Form 111 through the BSA E-Filing System. You can easily add zipped exhibits, keep tabs on acknowledgments, and just hang onto what you really need for those 5 years. Our solution seamlessly integrates into your workflow, no matter if you lean towards discrete or batch processing. Plus, you won’t have to worry about relying on BSA E-Filing for your records. We've got you covered! Take a look at it here: fincen.gov.
• Continuing Activity Cadence: Keep things running smoothly with our handy automatic reminders! You'll get a 90-day review task to keep you on track, plus filing reminders at 120 and 150 days for those ongoing activities. It's a great way to stay organized without the hassle! This is in line with FinCEN's latest guidance, so you can rest easy knowing you’re staying compliant. If you're looking for more details, just check this out: fincen.gov. It’s got a bunch of helpful info!

5) Travel Rule Done Right (And On Time)

• EU TFR/EBA Conformance: Hey there! It’s time to gear up for rolling out EBA’s final Travel Rule guidelines! This means you’ll need to put some procedures in place for handling any missing or incomplete info on the originator and beneficiary. Don’t forget to set up those risk controls for self-hosted addresses too. Let's make sure we're all set! Hey everyone, just a heads up! Make sure to save the date: the application opens up on December 30, 2024. If you want to dive deeper into the topic, check out more details here. It’s got a wealth of info that’s definitely worth a look!
• Protocol-Agnostic CASP Messaging: Hey there! We really believe in keeping communication smooth and easy. With TRP endpoints and the TRISA directory/PKI, you’re totally covered for secure exchanges between CASPs. You’ll be good to go! We’ve got your back when it comes to translating IVMS101 schemas into your own case fields. We'll make it super easy for you! Check it out here.
• Getting DAC8/CARF Ready for 2026: Hey there! Just a heads up--starting January 1, 2026, you’ll want to get ready to collect reportable event data for folks living in the EU. And don't forget, you’ll need to store it in a way that’s compatible with CARF. Just a heads-up! The first reporting window closes on September 30, 2027, so make sure to mark your calendars. We're here to help you identify any overlaps with the SAR evidence so you can avoid collecting any duplicate data. If you're looking for more details, check it out here. It's got everything you need!

6) U.S.-EU Program Governance That Keeps You in the Clear

• 314(b) Information Sharing: Don't worry, we've got you covered when it comes to sharing important info and transactions with other institutions in line with 314(b) compliance. Just to clarify, we won't be passing along the SAR itself! We always keep things above board by following the safe-harbor rules. This means we're on top of notifying FinCEN, checking in on the other parties involved, and making sure we're using everything for the right reasons. (fincen.gov).
• Confidentiality Controls: We've put some great safeguards in place to make sure you don’t accidentally spill the beans to anyone. Hey, just a heads-up! If we ever get a subpoena asking for SAR content, don’t worry--we have a go-to response all set. It references 31 U.S.C., so we’ll be covered.
  Sure! So, we're talking about 5318(g)(2) and the related section in the 31 CFR. Oh, and there's this cool automatic workflow that sends a heads-up to FinCEN as well. (federalreserve.gov).
• Trigger: So, here’s the scoop: we just spotted 42 ETH showing up in a hot wallet. It made a journey from Arbitrum to Polygon and then hit the mainnet, picking up some DEX swaps along the way. Interesting, right? We’ve flagged this because it’s connected to an exchange that’s on the OFAC list, and the mixing patterns we’re seeing here line up with what we typically find in Elliptic’s cross-chain typologies. (elliptic.co).
• Actions: So, we take the event and turn it into a case. Then, we go ahead and apply the OFAC SLS delta. Oh, and just so you know, we made sure to hash-verify that download and we’ve got the timestamp all logged.
  (ofac.treasury.gov). Hey there! So, we did a TRP inquiry on the beneficiary CASP, and it gave us some extra info about the originator. We also pulled in the IVMS101 payload. (openvasp.org). To keep track of where our evidence comes from, we rely on TLSNotary proof. This helps us confirm that the sanctions dataset was current when we went through it. We’ve got everything backed up as a Verifiable Credential using BBS+, so we can easily share it selectively with our internal audit team when needed. (tlsnotary.github.io). We automatically draft the SAR XML using the labeled on-chain paths and fiat interfaces. Then, we zip up all the attachments and send everything in batches through the BSA E-Filing system. So, just to wrap things up, the ack ID will be kept on file for a solid five years. (fincen.gov).
• Outcome: Can you believe it? I knocked out the first draft in just 3 hours and 18 minutes! Not too shabby, right? So, we got the filing in on Day 4, and according to FinCEN's guidelines, we've got a follow-up activity review lined up for Day 120. (fincen.gov).
• Trigger: This happens when you try to send money to a self-hosted wallet, but the Travel Rule information isn’t filled out completely.
• Actions:
• Make sure to check out the EBA guidelines to find and fill in any gaps in the information. This means boosting our monitoring efforts and making sure to check for any sanctions before we finalize the transfer. (eba.europa.eu). So, just a heads-up! Beginning on January 1, 2026, make sure to collect those DAC8 fields--stuff like the resident TIN and transaction type. You’ll need those to meet that initial reporting deadline, which is coming up on September 30, 2027. Let's go ahead and use the Travel Rule and KYC documents again. It'll help us keep everything running smoothly and save us from having to redo the same work! (taxation-customs.ec.europa.eu).
• Outcome: You won’t have to do any manual rekeying when you’re juggling Travel Rule tasks, SAR evidence, and DAC8 exports. How great is that? This helps keep everything neat and makes sure there’s a reliable record that follows all the different regulations.
• Context: So, guess what? FinCEN has decided to delay the effective date for some of those annoying AML/SAR requirements that investment advisers have to handle. It looks like they’re starting to really dig into the whole situation with scope and burden. This change suggests they're paying more attention to it. So, what's our game plan? We're putting some controls in place that are active right now but can be adjusted down the line. This way, if the timeline shifts again, we won’t be caught off guard trying to redo everything last minute. If you want to dive deeper into this topic, you can check it out here. Happy reading!

Best Emerging Practices (Jan 2026 and Forward)

• Keep provenance portable, not public: Hey, if you're looking for a smart way to handle your data, you might want to consider using TLSNotary or zkTLS proofs along with W3C VCs. It’s definitely a better approach than just throwing everything on-chain. Trust me, it’s worth it! By keeping SAR-related attestations off public ledgers, we can steer clear of any confidentiality issues. If you want to make sure integrity is solid, your best bet is to set it up in a permissioned environment and play around with time-shifting. (tlsnotary.github.io).
• Get everyone on the same page with Travel Rule protocols:
• Stick to one policy engine for TRP, TRISA, and TRUST. That way, the risk outcomes stay consistent and aren’t affected by the tech stack of whoever you’re working with. (trisa.io).

Think of DAC8 as more of a data-model initiative rather than just a tax project. Starting from January 1, 2026, rolling out CARF-aligned schemas will really help reduce the amount of rework we have to do and make it easier to stay compliant with MiCA and TFR at the same time. It's a win-win! (taxation-customs.ec.europa.eu).

• Link SLAs to regulatory deadlines:
• Just double-check that the timestamps for when cases are created align with the “initial detection” definitions we have for the U.S.
  Just a heads-up: those SAR timers for ongoing activities should be generated automatically! (fdic.gov).
• Cross-chain is the way to go: Hey there! So, I've been looking at some fresh data from 2025, and it turns out that a lot of the more complicated investigations these days actually cover multiple chains. It's clear that we need to start using bridge and DEX heuristics to keep up with this trend! (elliptic.co).

What You Get with 7Block Labs

• A delivery playbook that seamlessly integrates with what you already have in place--so there's no need to change everything up! Onchain listeners and Travel Rule adapters are super useful little microservices. They really make things easier! Make sure you’re keeping an eye on where your evidence comes from by using zkTLS or TLSNotary along with W3C Verifiable Credentials. This way, you can share only the info you want to, when you want to!
• Experience the ease of SAR auto-drafting with BSA E-Filing! We've got batch support and automation ready for your ongoing activities, so you can handle everything without the stress.
• Results that are a breeze for procurement (typically within 60 to 90 days): You can look forward to trimming down manual hours spent on each SAR by about 35-55%. This is all thanks to the power of data reuse and auto-drafting!
• Service Level Agreement: We aim to go from alerting you to having a case ready in just a few minutes, and you can expect the first draft for high-priority issues in under 24 hours. We designed this system to have “zero leakage” right from the get-go. That means you won’t see any signs of SARs popping up on public chains. We keep all the anchoring private and secure, plus we’ve set up some solid access controls to make sure everything stays just the way we want it.

Where This Lands in Your Roadmap

• For U.S. entities: Hey team, let's make sure we stay on top of our SAR clock compliance--remember, it's all about the 30/60 days! Also, let’s not forget to keep an eye on those continuing-activity reviews. We got this! This basically means we're making sure that everything is secured with a strong, unchangeable source, while still keeping it private. If you want to dive deeper into the details, just click here. Enjoy exploring!
• For EU CASPs: Hey everyone, it’s time to buckle down and focus on TFR compliance! Just a friendly reminder that the application deadline is coming up on December 30, 2024, so let’s get cracking! Also, make sure you're getting ready for DAC8, which is set to start on January 1, 2026. Just a heads up--those first reports are due by September 30, 2027, so mark your calendar! If you're looking for more details, just check this out here. You’ll find plenty of useful info!
• For global programs: Let's focus on getting those Travel Rule payloads (IVMS101) in sync between TRP and TRISA. Also, we need to bring in the OFAC SLS updates to ensure we're on top of global sanctions. This way, we’ll have everything covered! Feel free to dive into all the details here!

How We Implement (Condensed)

Week 0-2: Controls Design + Data Model

Let’s get started on putting together a comprehensive case schema! We’ll dig into mapping out SAR fields, tackle those Travel Rule payloads (you know, the IVMS101 stuff), and look into the DAC8/CARF fields as well as the OFAC SLS schema. The goal is to bring everything together into one neat package. If you want to dive deeper into this topic, feel free to check out ofac.treasury.gov for more info!

Week 3-6: Integrations + Provenance

Alright, let’s get started with rolling out those chain listeners and integrating SLS! We’ll also set up the TRP/TRISA endpoints, get that TLSNotary and zkTLS proof action going to keep everything up to date, and make sure we can issue VCs for those top-notch auditor artifacts. Exciting times ahead! If you're looking for more information, check out tlsnotary.github.io. They’ve got a lot of great stuff there!

Week 7-10: SAR Auto-Draft + Batch

Alright, let’s get the BSA E-Filing XML and batch all set up. We can also sort out the attachments pipeline while we’re at it, and don’t forget about the ongoing activity tasks we need to handle.
We're going to run through a couple of historical cases as a practice run, just to make sure everything flows smoothly. If you're curious and want to dive deeper into this topic, just check out fincen.gov. It's a great resource!

Week 11-12: Production Hardening

Alright, so here’s the plan: we’ll take a look at the live alerts to show how SLAs hold up, and then we’ll finalize our documentation for the examiners. We’ll make sure to touch on confidentiality, go over the 314(b) procedures, and talk about retention, too. Sounds good?

Relevant 7Block Labs Services

• Want to create a full build? Take a look at our custom blockchain development services and web3 development services. We’ve got you covered!
• Looking to integrate the Travel Rule or DAC8 stacks? No worries! Our blockchain integration team is here to help you out. Looking to up your smart contract game? Check out our security audit services. We provide thorough SAR-grade checks to ensure everything is running smoothly and securely. Your peace of mind is just a click away! Looking to build dApps that follow all the rules? Our awesome dApp development team is here to help! We make sure your app is fully equipped with evidence provenance and policy hooks to keep everything compliant. Got worries about cross-chain risks? No problem! We've got your back with our cross-chain solutions. We monitor bridges and swaps from beginning to end, making sure you're covered every step of the way.

GTM Metrics and Impact

• The improvements in KPI that our clients have noticed (just typical ranges, keeping things anonymous): Did you know that about 40-70% of the SAR fields are filled in automatically? We're doing this by reusing case schemas, which is pretty cool! Basically, we're taking advantage of the similarities between the Travel Rule and DAC8 to make the process a whole lot smoother. Analysts are cutting down their time by about 30-55% on each SAR, and they’re managing to whip up first-draft narratives in less than 24 hours for Sev-1 cases. That’s pretty impressive!
• You can throw together an alert into a case in under 5 minutes, and guess what? Those Day-30 and ongoing activity timers are running on autopilot, so you don't have to worry about them! So, here’s the deal: there’s absolutely no public-chain info on SAR-sensitive signals. Everything’s pretty much locked up tight on a private or permissioned ledger. They’ve got some serious access controls in place to make sure they’re meeting those confidentiality requirements for SAR. (federalreserve.gov).
• External validation on why this is important at the moment: There's been a noticeable increase in criminal activities happening across different blockchain networks, not to mention state-sponsored operations on the rise. Plus, we can’t overlook the risk of sanctions exposure--it’s still a big player in the world of illegal activities. It's really important for your tools to be cross-chain compatible and also keep an eye on sanctions. (elliptic.co). So, the EU compliance deadlines are either already here, like the TFR, or coming up fast with DAC8 right around the corner. These dates aren't changing, so it's time to get ready! (eba.europa.eu).

Brief in-depth notes on tech choices

Why zkTLS/TLSNotary over plain screenshots/APIs?

Working with APIs can be a bit of a challenge. Sometimes they have these pesky rate limits, and just when you think you have everything figured out, they can change their terms on a whim. It's kind of like trying to hit a moving target! On the other hand, screenshots aren't exactly the best proof out there. That's where zkTLS/TLSNotary steps into the picture. It creates cryptographic proofs that demonstrate a certain HTTPS response was tied to a domain at a particular moment. Also, it gives you the control to share only the info you’re comfortable with. This is great for staying updated on sanctions-list changes or checking out counterparty policies, all without having to reveal any sensitive credentials. Take a look at it here: (tlsnotary.github.io). You might find it really interesting!

Why W3C VCs with BBS+?

When it comes to audits, having solid proof is super important. BBS+ is really cool because it lets you choose what to share and what to keep private. What this means is that you can show that a SAR was filed, complete with the timestamp, but without revealing any personal info or specific details. The VC working group has gone ahead and upgraded the BBS cryptosuites to Candidate Recommendation. This is a big step forward because it means the approach is not only future-proof but can also be easily adapted for other applications down the line. Learn more at: (w3c.github.io).

Why protocol-agnostic Travel Rule?

TRP and TRISA each address different parts of the puzzle, but honestly, the best approach is to unify the IVMS101 payloads under a single policy engine. That way, everything can run more smoothly! This way, analysts can handle everything in one queue, regardless of who they’re dealing with. It really makes everything easier! If you want more information, just check it out here: openvasp.org.

Bring this to life in your surroundings!

We work closely with your BSA Officer and Compliance Engineering to ensure that:

• We always keep SAR confidentiality under wraps, so there's no on-chain signaling involved.
• U.S. We've got these handy 30/60-day clocks and 120/150-day continuing-activity cycles all lined up as tasks now--so long, spreadsheets! You can check out more about it over at federalreserve.gov. The EBA TFR and DAC8 data models are both up and running, just in time for their application dates! (eba.europa.eu).

Customized Call to Action

Hey! So, if you're heading up the BSA/AML efforts in a U.S. bank or financial institution, it’s super important to stay on top of your game. You want to make sure you're following all the regulations and keeping things above board, especially with everything changing so quickly these days. Remember, it’s not just about ticking boxes; it’s about genuinely protecting your organization and your customers. Pushing a culture of compliance can really make a difference! If you’re handling an exchange or EU CASP and you're facing that Day-30 SAR deadline while your team is busy managing TFR messaging and prepping for DAC8 data capture by January 1, 2026, let’s put our heads together and figure out your workflow. Could you shoot over two anonymized cases when you get a chance? I’d love to see one for a cross-chain wallet and another for a self-hosted wallet. Also, if you could include your current SAR template, that’d be awesome. Thanks! In the next 72 hours, we'll send you a working sample that includes:

• Auto-draft SAR XML
• Normalizing the Travel Rule payload.
• We’ve got the OFAC SLS-verified evidence wrapped up tight with zkTLS and TLSNotary. Here's a reliable SLA that you can share with your exam team.

After that, we’ll guide you through the implementation process, taking it one step at a time, with your analysts right there at the keyboard. Alright, let's get this figured out!

---

Key references used above

• U.S. So, we’ve got these SAR timelines set up: we’re looking at 30 and 60-day periods, with ongoing activities that follow a rhythm of 90, 120, and even 150 days. Pretty straightforward, right? (federalreserve.gov).
• Keeping SARs (Suspicious Activity Reports) confidential and the whole "no tipping off" thing. (federalreserve.gov). Hey there! Just a quick note about the BSA E-Filing System: it handles both individual and batch SARs, which is pretty handy. Just keep in mind, though, it’s not designed for recordkeeping.
  (fincen.gov). Sure! So, just to give you a quick rundown on the EU Travel Rule (Reg. It’s basically a regulation that came into play to make travel and money transfers between EU countries a bit smoother. The idea is to keep everything transparent and secure, so that both travelers and financial institutions can have peace of mind. If you’re looking to navigate your way through EU travel regulations, this rule is definitely something you’ll want to keep in mind. Just a heads up, the EBA guidelines are set to roll out on December 30, 2024, following the updates from 2023/1113. (eur-lex.europa.eu). Alright, here’s the lowdown on the DAC8 timeline: Data collection kicks off on January 1, 2026, and you’ll need to have your first reports submitted by September 30, 2027. Mark your calendars! (taxation-customs.ec.europa.eu). We've got some exciting news! The OFAC Sanctions List Service (SLS) is set to launch in 2024. Make sure to keep an eye out for all the details! (ofac.treasury.gov).
• The rise in cross-chain crime and how much of that shady activity ties back to sanctions. (elliptic.co).
• Check out the TLSNotary/zkTLS docs for all the details and get the latest scoop on performance updates! (tlsnotary.github.io). Hey there! Just a heads up, you’ll want to check out the TRP (OpenVASP) and TRISA directories along with the PKI. (openvasp.org).

Are you tired of scrambling at the last minute? It’s time to step up your game and start rolling out compliant automation! We’ve got everything sorted for you--the diagrams, the XML, and all the guidelines you’ll need. With these resources in hand, your team can nail those deadlines and have SARs that are audit-ready. Let’s make this happen!