CompanyBelgium

Suspicious transaction reports to the CTIF: when, how and why to report in Belgium

Reporting suspicious transactions to the CTIF/CFI is the most sensitive obligation of the Belgian AML framework. Here is how to recognise a suspicious transaction, how to draft a useful report without breaching confidentiality rules, and what becomes of the information once submitted.

May 13, 20268 min read

In brief

The CTIF is the Belgian independent authority that receives suspicious-transaction reports from regulated professions, analyses them, and transmits relevant files to the public prosecutor. The reporting obligation arises as soon as a reasonable suspicion exists — without waiting for proof — and applies even to refused transactions. The law fully protects the good-faith reporter (civil, criminal and disciplinary immunity) and absolutely prohibits informing the client.

The CTIF, in two sentences

The Financial Intelligence Processing Unit (CTIF in French, CFI in Dutch) is the Belgian authority created by the Act of 11 January 1993 and confirmed by that of 18 September 2017 to receive, analyse and transmit to the public prosecutor information on suspicious money-laundering or terrorist-financing transactions.

It is an independent administrative authority, distinct from police and prosecutor. Its strength: receiving reports directly from regulated entities, cross-referencing financial intelligence, and triggering judicial files when analysis reveals an underlying offence.

The reporting obligation: who, when, why

Article 47 of the Act of 18 September 2017 requires all regulated professions (banks, accountants, notaries, lawyers — within limits, real-estate agents, company service providers) to transmit to the CTIF any transaction over which a suspicion of money laundering or terrorist financing exists.

Three crucial clarifications:

No proof needed

A reasonable suspicion is enough. The regulated entity does not have to build a case like an investigator; it must report what seems abnormal, and let the CTIF analyse. The law even protects the good-faith entity against any civil, criminal or disciplinary action for having reported (Article 57).

No execution required

The reporting obligation also applies to refused, cancelled or not-yet-executed transactions. A client asking to transfer €500,000 to an offshore account, whose request is refused → CTIF report.

Absolute prohibition to inform the client ("tipping-off")

Article 55 strictly forbids disclosing to the client (or any third party) that a report is being prepared, will be made, or has been made. Breach is criminally punished (fine and imprisonment). In practice: no mention in emails, no "your file is under review", no allusion during a phone call.

The red flags to know

How to recognise a suspicious transaction? Here are the most frequent indicators, grouped by category.

  • Client reluctant to provide KYC documents or providing inconsistent ones
  • UBO different from the one declared in the register, without explanation
  • Client domiciled in a high-risk country or with a profile inconsistent with the transactions announced
  • Politically exposed person (PEP) with no clear economic justification for their flows
  • Client conducting transactions unrelated to their declared activity
  • Structuring: multiple transfers just under thresholds (€9,500 instead of €10,000)
  • Large cash transactions without economic consistency
  • Fragmented payments or coming from multiple unrelated accounts
  • "Round-trip" transactions (send then quickly return) without commercial logic
  • Over-invoicing or under-invoicing compared to market
  • Real-estate investment with opaque financing or unexplained personal contribution
  • Flows to or from tax havens
  • Counterparties in high-risk jurisdictions (Russia, Iran, North Korea, etc.)
  • Schemes involving shell companies in countries without UBO transparency

Indicators specific to terrorism

  • Small transfers to sensitive destinations (conflict zones, unverified charities)
  • Purchase of easily convertible or usable goods (sensitive equipment, luxury items)
  • Sudden withdrawals from inactive accounts before going abroad

How to draft a useful report

A good CTIF report is factual, chronological and complete. Avoid value judgements, provide facts.

  • Identification of the reporting entity (name, BCE/KBO number, AMLCO in charge)
  • Client identification: full identity, BCE/KBO number if a company, known UBOs
  • Chronological description of the suspicious transactions (dates, amounts, counterparties, banks)
  • Facts triggering the suspicion: cite the concrete indicators observed ("transfer of €49,800 on Monday, €49,700 on Tuesday, €49,900 on Wednesday, to the same beneficiary in Cyprus")
  • Consistency with the client profile: compare what you know about the client with what you observe
  • Attachments: articles of association, BCE/KBO extracts, copies of transactions, KYC, written exchanges where applicable
  • The transmission channel

    Reporting is done exclusively via the goAML online platform provided by the CTIF. It is an international standard developed by UNODC, used by most financial intelligence units worldwide. The platform structures data via XML schemas (transactions, persons, accounts) — hence the interest of a module that generates the goAML file directly from your KYC files and recorded transactions. See also our guide to the annual AML audit to understand how reports fit into your overall framework.

    Deadline

    The law speaks of transmission "without delay" as soon as the suspicion is established. In practice: within 48 to 72 hours after internal analysis and the AMLCO's decision. A longer delay must be justified.

    What happens to the report after submission

    The CTIF receives tens of thousands of reports each year (around 40,000 in 2024). The process:

  • Initial filtering, automated then human — most reports are analysed without immediate follow-up
  • Enrichment: cross-referencing with other reports, BCE databases, UBO register, VAT returns, external sources
  • In-depth analysis by financial analysts
  • Transmission to the prosecutor if analysis reveals a potential offence (around 5–10 % of reports are eventually transmitted)
  • Feedback to the regulated entity: not systematic; it may be informed that its report has been transmitted to the prosecutor
  • The regulated entity does not control what comes next. Its responsibility ends at the good-faith reporting.

    To encourage reporting, Belgian law provides several immunities:

    • Civil immunity: no client claim for damages for having reported
    • Criminal immunity: no prosecution for breach of professional secrecy or disclosure
    • Disciplinary immunity: no sanction by the professional body
    • Anonymity in the judicial file: the reporting entity's name is not mentioned in documents transmitted to the prosecutor (save for a motivated decision by the investigating judge)

    These protections cover any report made in good faith, even if the analysis does not ultimately confirm the initial suspicion.

    Sanctions for failure to report

    Conversely, absence or delay in reporting is heavily sanctioned. For a full overview of penalties, see our article on AML non-compliance sanctions in Belgium :

    • Administrative fine up to €5,000,000 for the legal entity, pronounced by the competent supervisor
    • Criminal penalty (Article 137): fine and imprisonment for the responsible natural person
    • Professional sanctions: withdrawal of authorisation, suspension, ban on practising
    • Publication: the sanction is made public, naming the entity and sometimes the responsible persons

    Supervisors can also impose fines for "convenience reports" — systematic reports without real suspicion to be administratively in order. Quality prevails over quantity.

    Good practices to put in place

  • Train all staff to recognise red flags — not only the AMLCO
  • Written internal procedure: who detects, who escalates, who decides, who drafts, who transmits
  • Decision log: keep a written trace of analysed suspicions, whether they led to a report or not (non-reporting decisions must be motivated)
  • goAML generation tool integrated with the client system to limit manual re-entry
  • Periodic internal reviews: draw lessons from analysed files, recalibrate internal thresholds and the risk assessment
  • How Company Belgium simplifies your CTIF reports

    Suspicious-transaction reporting is framed and traced inside Company Belgium:

    • Assisted red-flag detection: thresholds, structuring, UBO divergences, risk countries are automatically flagged on your files
    • goAML report preparation: XML file generated directly from the KYC file and recorded transaction history
    • Decision log: timestamped retention of analyses, including reasoned non-reporting decisions (often forgotten yet checked)
    • Strict compartmentalisation: reporting information is never exposed to the client (tipping-off compliance)
    • Hardened confidentiality: access logs, conditional deletion, 10-year retention
    • AMLCO dashboard: overall tracking, activity indicators, training log

    You keep control of the decision; we handle the technical chain and traceability.

    Bottom line

    The CTIF suspicious-transaction report is the most sensitive but also the most protected obligation of the Belgian AML framework. Done well, it protects the regulated entity, contributes to the fight against financial crime, and demonstrates the maturity of the framework during inspection. Done poorly, or avoided out of fear of upsetting the client, it exposes the entity to heavy sanctions and personal liability.

    The right reflex: factual, chronological, judgement-free, transmitted without delay — and never mentioned to the client.

    Frequently asked questions

    What is the CTIF and what is its role in the Belgian AML framework?

    The CTIF (Financial Intelligence Processing Unit) is the independent administrative authority created in 1993 to receive, analyse and transmit to the public prosecutor information on suspicious money-laundering or terrorist-financing transactions. It is distinct from police and prosecutor. Its strength lies in its ability to cross-reference financial intelligence from multiple reporters before triggering a judicial investigation.

    What are the main money-laundering red flags that a domiciliation center should know?

    Red flags fall into four categories: client-related indicators (reluctance to provide KYC documents, UBO differs from register, PEP profile), transaction-related indicators (structuring below thresholds, circular flows, fragmented payments), geographic indicators (links to tax havens or FATF high-risk countries) and behavioural indicators (unjustified urgency, transactions with no apparent economic substance).

    What happens after a suspicious-transaction report is submitted to the CTIF?

    The CTIF filters reports (automatically then manually), enriches them by cross-referencing other sources (BCE, UBO register, VAT returns), and conducts an in-depth analysis. Around 5 to 10 % of reports are transmitted to the federal prosecutor for judicial investigation. In 96 % of cases, the report is filed without follow-up. The reporter may be informed if their file has been transmitted to the prosecutor.

    What does the tipping-off prohibition mean and what are the consequences in Belgium?

    Tipping-off means informing the client (or any third party) that a CTIF report is under way, will be made, or has been made. This is formally prohibited by Article 55 of the Act of 18 September 2017. In practice, no mention may appear in emails, phone calls or meetings with the client. Breach is criminally punished: imprisonment from 6 months to 3 years and a fine of 2,600 to 100,000 euros.

    Ready to get started?

    Create your free account and get your API keys in minutes.

    Comments

    Loading comments…

    Leave a comment

    Not published — used only to notify you.

    Comments are moderated before publication.

    Related articles