Suspicious transaction reports to the CTIF: when, how and why to report in Belgium
Reporting suspicious transactions to the CTIF/CFI is the most sensitive obligation of the Belgian AML framework. Here is how to recognise a suspicious transaction, how to draft a useful report without breaching confidentiality rules, and what becomes of the information once submitted.
In brief
The CTIF is the Belgian independent authority that receives suspicious-transaction reports from regulated professions, analyses them, and transmits relevant files to the public prosecutor. The reporting obligation arises as soon as a reasonable suspicion exists — without waiting for proof — and applies even to refused transactions. The law fully protects the good-faith reporter (civil, criminal and disciplinary immunity) and absolutely prohibits informing the client.
The CTIF, in two sentences
The Financial Intelligence Processing Unit (CTIF in French, CFI in Dutch) is the Belgian authority created by the Act of 11 January 1993 and confirmed by that of 18 September 2017 to receive, analyse and transmit to the public prosecutor information on suspicious money-laundering or terrorist-financing transactions.
It is an independent administrative authority, distinct from police and prosecutor. Its strength: receiving reports directly from regulated entities, cross-referencing financial intelligence, and triggering judicial files when analysis reveals an underlying offence.
The reporting obligation: who, when, why
Article 47 of the Act of 18 September 2017 requires all regulated professions (banks, accountants, notaries, lawyers — within limits, real-estate agents, company service providers) to transmit to the CTIF any transaction over which a suspicion of money laundering or terrorist financing exists.
Three crucial clarifications:
No proof needed
A reasonable suspicion is enough. The regulated entity does not have to build a case like an investigator; it must report what seems abnormal, and let the CTIF analyse. The law even protects the good-faith entity against any civil, criminal or disciplinary action for having reported (Article 57).
No execution required
The reporting obligation also applies to refused, cancelled or not-yet-executed transactions. A client asking to transfer €500,000 to an offshore account, whose request is refused → CTIF report.
Absolute prohibition to inform the client ("tipping-off")
Article 55 strictly forbids disclosing to the client (or any third party) that a report is being prepared, will be made, or has been made. Breach is criminally punished (fine and imprisonment). In practice: no mention in emails, no "your file is under review", no allusion during a phone call.
The red flags to know
How to recognise a suspicious transaction? Here are the most frequent indicators, grouped by category.
Client-related indicators
- Client reluctant to provide KYC documents or providing inconsistent ones
- UBO different from the one declared in the register, without explanation
- Client domiciled in a high-risk country or with a profile inconsistent with the transactions announced
- Politically exposed person (PEP) with no clear economic justification for their flows
- Client conducting transactions unrelated to their declared activity
Transaction-related indicators
- Structuring: multiple transfers just under thresholds (€9,500 instead of €10,000)
- Large cash transactions without economic consistency
- Fragmented payments or coming from multiple unrelated accounts
- "Round-trip" transactions (send then quickly return) without commercial logic
- Over-invoicing or under-invoicing compared to market
- Real-estate investment with opaque financing or unexplained personal contribution
Geography-related indicators
- Flows to or from tax havens
- Counterparties in high-risk jurisdictions (Russia, Iran, North Korea, etc.)
- Schemes involving shell companies in countries without UBO transparency
Indicators specific to terrorism
- Small transfers to sensitive destinations (conflict zones, unverified charities)
- Purchase of easily convertible or usable goods (sensitive equipment, luxury items)
- Sudden withdrawals from inactive accounts before going abroad
How to draft a useful report
A good CTIF report is factual, chronological and complete. Avoid value judgements, provide facts.
Recommended structure
The transmission channel
Reporting is done exclusively via the goAML online platform provided by the CTIF. It is an international standard developed by UNODC, used by most financial intelligence units worldwide. The platform structures data via XML schemas (transactions, persons, accounts) — hence the interest of a module that generates the goAML file directly from your KYC files and recorded transactions. See also our guide to the annual AML audit to understand how reports fit into your overall framework.
Deadline
The law speaks of transmission "without delay" as soon as the suspicion is established. In practice: within 48 to 72 hours after internal analysis and the AMLCO's decision. A longer delay must be justified.
What happens to the report after submission
The CTIF receives tens of thousands of reports each year (around 40,000 in 2024). The process:
The regulated entity does not control what comes next. Its responsibility ends at the good-faith reporting.
Legal protections for the reporter
To encourage reporting, Belgian law provides several immunities:
- Civil immunity: no client claim for damages for having reported
- Criminal immunity: no prosecution for breach of professional secrecy or disclosure
- Disciplinary immunity: no sanction by the professional body
- Anonymity in the judicial file: the reporting entity's name is not mentioned in documents transmitted to the prosecutor (save for a motivated decision by the investigating judge)
These protections cover any report made in good faith, even if the analysis does not ultimately confirm the initial suspicion.
Sanctions for failure to report
Conversely, absence or delay in reporting is heavily sanctioned. For a full overview of penalties, see our article on AML non-compliance sanctions in Belgium :
- Administrative fine up to €5,000,000 for the legal entity, pronounced by the competent supervisor
- Criminal penalty (Article 137): fine and imprisonment for the responsible natural person
- Professional sanctions: withdrawal of authorisation, suspension, ban on practising
- Publication: the sanction is made public, naming the entity and sometimes the responsible persons
Supervisors can also impose fines for "convenience reports" — systematic reports without real suspicion to be administratively in order. Quality prevails over quantity.
Good practices to put in place
How Company Belgium simplifies your CTIF reports
Suspicious-transaction reporting is framed and traced inside Company Belgium:
- Assisted red-flag detection: thresholds, structuring, UBO divergences, risk countries are automatically flagged on your files
- goAML report preparation: XML file generated directly from the KYC file and recorded transaction history
- Decision log: timestamped retention of analyses, including reasoned non-reporting decisions (often forgotten yet checked)
- Strict compartmentalisation: reporting information is never exposed to the client (tipping-off compliance)
- Hardened confidentiality: access logs, conditional deletion, 10-year retention
- AMLCO dashboard: overall tracking, activity indicators, training log
You keep control of the decision; we handle the technical chain and traceability.
Bottom line
The CTIF suspicious-transaction report is the most sensitive but also the most protected obligation of the Belgian AML framework. Done well, it protects the regulated entity, contributes to the fight against financial crime, and demonstrates the maturity of the framework during inspection. Done poorly, or avoided out of fear of upsetting the client, it exposes the entity to heavy sanctions and personal liability.
The right reflex: factual, chronological, judgement-free, transmitted without delay — and never mentioned to the client.
Frequently asked questions
What is the CTIF and what is its role in the Belgian AML framework?
The CTIF (Financial Intelligence Processing Unit) is the independent administrative authority created in 1993 to receive, analyse and transmit to the public prosecutor information on suspicious money-laundering or terrorist-financing transactions. It is distinct from police and prosecutor. Its strength lies in its ability to cross-reference financial intelligence from multiple reporters before triggering a judicial investigation.
What are the main money-laundering red flags that a domiciliation center should know?
Red flags fall into four categories: client-related indicators (reluctance to provide KYC documents, UBO differs from register, PEP profile), transaction-related indicators (structuring below thresholds, circular flows, fragmented payments), geographic indicators (links to tax havens or FATF high-risk countries) and behavioural indicators (unjustified urgency, transactions with no apparent economic substance).
What happens after a suspicious-transaction report is submitted to the CTIF?
The CTIF filters reports (automatically then manually), enriches them by cross-referencing other sources (BCE, UBO register, VAT returns), and conducts an in-depth analysis. Around 5 to 10 % of reports are transmitted to the federal prosecutor for judicial investigation. In 96 % of cases, the report is filed without follow-up. The reporter may be informed if their file has been transmitted to the prosecutor.
What does the tipping-off prohibition mean and what are the consequences in Belgium?
Tipping-off means informing the client (or any third party) that a CTIF report is under way, will be made, or has been made. This is formally prohibited by Article 55 of the Act of 18 September 2017. In practice, no mention may appear in emails, phone calls or meetings with the client. Breach is criminally punished: imprisonment from 6 months to 3 years and a fine of 2,600 to 100,000 euros.
Comments
Related articles

Notaries: verifying beneficial owners before an authentic act
Notaries are on the front line to block money-laundering setups via companies. Incorporation, merger, share transfer, real estate sale: every act demands enhanced UBO due diligence. Here is the complete checklist to secure an authentic act without burdening practice.

The Belgian trial period is back: what the Clarinval reform changes for SMEs from day one
On 21 May 2026, the Belgian Chamber voted to reinstate a trial regime covering the first six months of the employment contract. Notice cut to one week, written reasoning, scope limited to new contracts: what employers need to grasp before publication in the Moniteur belge.

Branch in Belgium and the UBO register: what the foreign company must do
A foreign company opening a branch in Belgium is not a Belgian company: the branch has no separate legal personality. That changes everything for the UBO register. Find out who must declare what, and why a Belgian SRL subsidiary offers a cleaner compliance footprint.
