Banks and FinTechs face stricter AML duties as central bank enforces STR/SAR guidelines 2025

KATHMANDU: The Financial Intelligence Unit of Nepal (FIU-Nepal), under the supervision of Nepal Rastra Bank (NRB), has issued the revised Suspicious Transaction Report (STR) and Suspicious Activity Report (SAR) Guidelines 2025, introducing major procedural, technological, and institutional changes in the country’s financial compliance regime. The updated framework — accompanied by an official notice from NRB — formally transitions Nepal’s anti-money laundering (AML) and counter-terrorist financing (CFT) systems into a digitally integrated, AI-supported, and crypto-aware era, aligning the national approach with Financial Action Task Force (FATF) and Asia/Pacific Group (APG) recommendations.

This 2025 version replaces the earlier 2021 edition and marks the fourth comprehensive revision of the STR/SAR framework since its introduction in 2014. Officials said the move reflects Nepal’s growing financial digitization, the emergence of FinTech innovations, and the need to address new financial crime typologies, including cyber laundering, crypto-related fraud, and AI-aided identity manipulation.

Major Revisions in the 2025 Guidelines

The updated STR/SAR Guidelines bring multiple innovations aimed at strengthening Nepal’s financial intelligence network, improving detection quality, and accelerating coordination between reporting entities and regulators.

Digital-Only STR/SAR Submission via goAML
One of the most transformative changes is the mandatory digital submission of all STRs and SARs through goAML, a secure digital platform managed by FIU-Nepal. This reform eliminates the earlier hybrid (manual plus electronic) process, enabling real-time monitoring, data analytics, and traceability. The system will automatically flag inconsistencies, duplicate entries, and incomplete narratives, improving the quality of suspicious transaction reports.

AI-Driven Transaction Monitoring and Risk Categorization
Financial institutions are now obligated to integrate AI-assisted surveillance systems capable of automatically identifying irregular transaction patterns. Each suspicious activity must be categorized into Low, Medium, or High risk tiers, depending on the nature, frequency, and geographic exposure of the transaction. This shift encourages the adoption of RegTech (Regulatory Technology) solutions within the compliance architecture of Nepali financial institutions.

Inclusion of Digital and Virtual Asset Entities
For the first time, Nepal’s STR/SAR framework explicitly includes digital wallets, FinTech companies, payment service providers, and Virtual Asset Service Providers (VASPs) under the reporting perimeter. This expansion brings the country’s AML/CFT mechanism closer to FATF Recommendation 15, which focuses on emerging risks associated with virtual currencies and blockchain-based assets.

Shortened Reporting Timeframe and Real-Time Alerts
Institutions must now report high-risk or terrorism-linked transactions within 24 hours, replacing the previous three-day allowance. The guidelines introduce a “broadcast mechanism” for urgent red flag alerts to ensure FIU-Nepal receives critical intelligence in real time.

Comprehensive Red Flag Indicators and Predicate Offences
The accompanying NRB notice clarifies that the 2025 manual contains sector-specific red flags and predicate-offence indicators, covering areas such as trade finance, insurance, securities, real estate, and digital payments. Predicate offences have been expanded to include hundi transactions, virtual currency abuse, match-fixing, and unauthorized online gambling.

Confidentiality and Whistleblower Protection
The updated guidelines strengthen whistleblower protection provisions, ensuring that compliance officers and employees who report suspicious behavior internally are protected from retaliation. Enhanced confidentiality clauses now legally bind institutions to safeguard reporter identities.

Centralized CDD and KYC Data Sharing
All reporting institutions must now integrate their Customer Due Diligence (CDD) systems with the National ID-based KYC database, enabling centralized verification and inter-bank data coordination. This will reduce duplication, prevent identity fraud, and streamline due diligence for cross-institution clients.

Notice from NRB and FIU-Nepal

The official notice released alongside the guidelines emphasizes that the manual includes general and sector-wise red flags, predicate-offence triggers, and typology-specific indicators. It instructs all reporting entities to adopt the goAML system for both STR/SAR submissions and real-time broadcast alerts. The notice serves as a compliance directive, guiding banks, non-bank financial institutions, and Designated Non-Financial Businesses and Professions (DNFBPs) to fully comply with the new digital system.

NRB has also informed institutions that the complete STR/SAR manual is available for download via its official website and that technical workshops will be conducted to train compliance officers and AML focal points on system operations and filing protocols.

The FIU-Nepal, in the notice, underscores that the new guidelines are not merely procedural but part of a national compliance modernization strategy aimed at improving Nepal’s standing in FATF’s mutual evaluation and enhancing cross-border intelligence cooperation.

Institutional and Market Implications

The 2025 STR/SAR update introduces a paradigm shift in compliance operations across Nepal’s financial system. Banks, insurance companies, microfinance institutions, securities brokers, and payment firms must now upgrade their compliance infrastructure and adopt AI-supported RegTech platforms.

Compliance officers are required to maintain automated monitoring dashboards, carry out quarterly AML audits, and ensure staff training on typology recognition and red flag interpretation. Institutions that fail to file STR/SAR reports on time, or file incomplete reports, will face administrative fines, targeted inspections, and regulatory audits as per the updated NRB enforcement framework.

“The digital transition will strengthen both detection accuracy and speed,” said a senior FIU official. “The aim is to ensure early identification of illicit patterns — from cyber frauds and money laundering to terrorism financing — before systemic risk accumulates.”

What’s New Compared to the 2021 Guidelines

-The 2025 guidelines stand out for several groundbreaking changes compared to their predecessors:

-Full shift from manual submission to digital-only reporting via goAML.

-Integration of FinTechs, wallets, and VASPs as reporting entities.

-24-hour red flag alert requirement for terrorism-linked or cyber laundering cases.

-Stronger data protection and internal whistleblower safeguards.

-Introduction of AI and behavior analytics for proactive detection.

-Broader inclusion of predicate offences and typology examples.

-Streamlined CDD using National ID-linked KYC.

-Greater emphasis on data-driven supervision and real-time analysis by FIU-Nepal.

Why the Update Matters

This overhaul comes at a crucial time when Nepal is under growing international scrutiny for AML/CFT effectiveness. The updates are expected to improve transparency, strengthen investor confidence, and help the country maintain a positive standing in upcoming FATF/APG evaluations.

Analysts believe the reforms could also safeguard Nepal’s correspondent banking relationships, which are vital for remittances and trade settlements. By integrating digital reporting and AI analytics, Nepal’s financial regulators aim to build a future-proof compliance infrastructure resilient to cybercrime, virtual asset misuse, and cross-border financial fraud.

Furthermore, these changes directly support the government’s Digital Nepal Framework and its goal of building a data-centric governance ecosystem that balances innovation with regulation.

FIU-Nepal has planned capacity-building workshops and system onboarding sessions for all reporting institutions through early 2026. The unit will also develop a risk-based feedback loop, where FIU analysts provide regular insights back to reporting entities to improve STR quality.

NRB officials confirmed that these updates are part of Nepal’s long-term vision to ensure financial stability, transparency, and credibility in the global financial system. The adoption of these guidelines represents not only regulatory compliance but a broader shift toward digital transformation in financial governance.