Skip to Content
Rule

Financial Crimes Enforcement Network; Confidentiality of Suspicious Activity Reports

Action

Final Rule.

Summary

FinCEN is issuing this final rule to amend the Bank Secrecy Act (“BSA”) regulations regarding the confidentiality of a report of suspicious activity (“SAR”) to: Clarify the scope of the statutory prohibition against the disclosure by a financial institution of a SAR; address the statutory prohibition against the disclosure by the government of a SAR; clarify that the exclusive standard applicable to the disclosure of a SAR by the government is to fulfill official duties consistent with the purposes of the BSA; modify the safe harbor provision to include changes made by the Uniting and Strengthening America by Providing the Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (“USA PATRIOT Act”); and make minor technical revisions for consistency and harmonization among the different SAR rules. These amendments are part of the Department of the Treasury's continuing effort to increase the efficiency and effectiveness of its anti-money laundering and counter-terrorist financing policies. These amendments are consistent with similar proposals to be issued by some of the Federal bank regulatory agencies in conjunction with FinCEN.1

1The Federal bank regulatory agencies have parallel SAR requirements for their supervised entities: See 12 CFR 208.62, 12 CFR 211.24(f), and 12 CFR 225.4(f) (the Board of Governors of the Federal Reserve System) (“Fed”)); 12 CFR 353.3 (the Federal Deposit Insurance Corporation (“FDIC”)); 12 CFR 748.1 (the National Credit Union Administration (“NCUA”)); 12 CFR 21.11 (the Office of the Comptroller of Currency (“OCC”)) and 12 CFR 563.180 (the Office of Thrift Supervision (“OTS”)).

Unified Agenda

Confidentiality of Suspicious Activity Reports

4 actions from March 9th, 2009 to January 3rd, 2011

  • March 9th, 2009
    • NPRM
    • 74 FR10148
  • June 8th, 2009
    • NPRM Comment Period End
  • December 3rd, 2010
  • January 3rd, 2011
    • Final Action Effective
 

Table of Contents Back to Top

DATES: Back to Top

Effective Date: January 3, 2011.

FOR FURTHER INFORMATION CONTACT: Back to Top

The FinCEN regulatory helpline at (800) 949-2732.

SUPPLEMENTARY INFORMATION: Back to Top

I. Background Back to Top

The BSA requires financial institutions to keep certain records and make certain reports that have been determined to be useful in criminal, tax, or regulatory investigations or proceedings, and for intelligence or counter-intelligence activities to protect against international terrorism. In particular, the BSA and its implementing regulations require financial institutions in certain industries [2] to file a SAR when they detect a known or suspected violation of Federal law or regulation, or a suspicious activity related to money laundering, terrorist financing, or other criminal activity. [3]

SARs generally are unproven reports of possible violations of law or regulation, or of suspicious activities, that are used for law enforcement or regulatory purposes. The BSA provides that a financial institution and its officers, directors, employees, and agents are prohibited from notifying any person involved in a suspicious transaction that the transaction was reported. [4] FinCEN implemented this provision in its SAR regulations for each industry through an explicit prohibition that closely mirrored the enacting statutory language. Specifically, we clarified that disclosure could not be made to the person involved in the transaction, but that the SAR could be provided to FinCEN, law enforcement, and the financial institution's supervisory or examining authority. In certain SAR rules, we have expressly provided for the possibility of institutions jointly filing a SAR regarding suspicious activity that occurred at multiple institutions. [5]

The USA PATRIOT Act strengthened the confidentiality of SARs by adding to the BSA a new provision that prohibits officers or employees of the Federal government or any State, local, Tribal, or territorial government within the United States with knowledge of a SAR from disclosing to any person involved in a suspicious transaction that the transaction was reported, other than as necessary to fulfill the official duties of such officer or employee. [6]

To encourage the reporting of possible violations of law or regulation, and the filing of SARs, the BSA contains a safe harbor provision that shields financial institutions making such reports from civil liability in connection with the report. In 2001, the USA PATRIOT Act clarified that the safe harbor also covers voluntary disclosure of possible violations of law and regulations to a government agency and expanded the scope of the limit on liability to cover any civil liability that may exist “under any contract or other legally enforceable agreement (including any arbitration agreement).” [7]

II. The Notice of Proposed Rulemaking and Related Actions Back to Top

On March 9, 2009, FinCEN published in the Federal Register a notice of proposed rulemaking (“the proposed rule”) and two separate notices and requests for comment on proposed guidance (“the proposed guidance”) (collectively, “the notices”). In the proposed rule, FinCEN proposed amendments to each of FinCEN's SAR rules to include key changes that would (1) clarify the scope of the statutory prohibition against the disclosure by a financial institution of a SAR; (2) address the statutory prohibition against the disclosure by the government of a SAR; (3) clarify that the exclusive standard applicable to the disclosure of a SAR, or any information that would reveal the existence of a SAR by the government is “to fulfill official duties consistent with Title II of the BSA,” in order to ensure that SAR information is protected from inappropriate disclosures unrelated to the BSA purposes for which SARs are filed; (4) modify the safe harbor provision to include changes made by the USA PATRIOT Act; and (5) where possible, harmonize minor technical differences that exist among the confidentiality, safe harbor, and compliance provisions of our rulemakings for different industries. The proposed guidance interpreted one of the provisions of the proposed rules relating to (1) above, to clarify that SARs could be shared, subject to certain qualifications, within an institution's corporate organizational structure.

In separate but contemporaneous rulemakings, some of the Federal bank regulatory agencies proposed amending their SAR rules to incorporate comparable provisions to FinCEN's proposed rules, and amending their information disclosure regulations [8] to clarify that the exclusive standard governing the release of a SAR, or any information that would reveal the existence of a SAR, is set forth in the confidentiality provisions of their respective SAR rules.

The notices and related Federal bank regulatory agency actions were published together in their own separate part of the Federal Register to encourage commenters to take into account all relevant provisions.

III. Comments on the Notices—Overview and General Issues Back to Top

The comment period for the notices ended on June 8, 2009. We received a total of 26 submissions from 25 distinct entities. [9] Of these, 15 were submitted by trade groups or associations, four were submitted by individual financial institutions, three were submitted by Federal, Tribal, or foreign government agencies, three were submitted by consultants or attorneys not affiliated with a specific financial institution, and one was submitted by a self-regulatory organization (“SRO”). The comments generally supported the proposed rules while requesting the broadening of the proposed sharing guidance. [10] Several of the comments specific to the proposed rules provided suggestions for additionally strengthening or clarifying the general confidentiality provision, as well as the specific confidentiality provisions for institutions, governments, and SROs. Due to the broad and varied topics raised during comment, the majority of comments are addressed in the section-by-section analysis, below.

IV. Section-by-Section Analysis Back to Top

A. Confidentiality of SARs

FinCEN proposed clarifying the general introduction to the confidentiality provision in each of its SAR rules to read, “A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph.” FinCEN proposed this change to be more comprehensive than the previous language that, on face value, was limited only to the person involved in the transaction and applied only with respect to the SAR form itself. The phrase “SAR[s] are confidential” also was consistent with the existing Federal bank regulatory agency SAR rules, while the application of confidentiality to “a SAR, and information that would reveal the existence of a SAR” (“SAR information”) was consistent with both FinCEN and case law interpretations [11] of the previous non-disclosure provision. In the final rule, FinCEN is adopting this language as proposed, without change.

Some commenters asked that FinCEN clarify the term “information that would reveal the existence of a SAR” for the purpose of defining the scope of SAR confidentiality. One commenter specifically asked whether that term only includes information that affirmatively states that a SAR was filed. Another commenter urged that FinCEN formally recognize that documents prepared by a financial institution when complying with its SAR obligations should be afforded confidentiality.

Clearly, any document or other information that affirmatively states that a SAR has been filed constitutes information that would reveal the existence of a SAR and should be kept confidential. By extension, an institution also should afford confidentiality to any document stating that a SAR has not been filed. Were FinCEN to allow disclosure of information when a SAR is not filed, institutions would implicitly reveal the existence of a SAR any time they were unable to produce records because a SAR was filed. [12]

The more difficult situation is when a document or other information is silent as to whether a SAR has or has not been filed. Documents that may identify suspicious activity but that do not reveal whether a SAR exists (e.g., a document memorializing a customer transaction, such as an account statement indicating a cash deposit or a record of a funds transfer), should be treated as falling within the underlying facts, transactions, and documents upon which a SAR may be based, and should not be afforded confidentiality. [13] This distinction is set forth in the final rule's second rule of construction and reflects relevant case law. [14]

However, the strong public policy that underlies the SAR system as a whole—namely, the creation of an environment that encourages financial institutions to report suspicious activity without fear of reprisal—leans heavily in favor of applying SAR confidentiality not only to a SAR itself, but also in appropriate circumstances to material prepared by the financial institution as part of its process to detect and report suspicious activity, regardless of whether a SAR ultimately was filed or not. This interpretation also reflects relevant case law. [15]

As explained in more detail in the proposed rule, the primary purpose for clarifying the scope of the confidentiality provision is to ensure that, due to potentially serious consequences, the persons involved in the transaction and identified in the SAR cannot be notified, directly or indirectly, of the report. Accordingly, FinCEN proposed replacing the previous rule text prohibiting disclosure of the SAR to the person involved in the transaction with a broad general confidentiality provision for all SAR information applicable to all persons not authorized in the rules of construction to receive such information. With respect to “information that would reveal the existence of a SAR,” therefore, institutions should distinguish between certain types of statistical or abstract information or general discussions of suspicious activity that may indicate that an institution has filed SARs, [16] and information that would reveal the existence of a SAR in a manner that could enable the person involved in the transaction potentially to be notified, whether directly or indirectly.

FinCEN also proposed modifying this introductory section to clarify that “for purposes of [the confidentiality provision] only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this part” and eliminating references in the confidentiality provisions of certain rules to specific versions of the SAR form like the SAR-SF (for use by the securities and futures industries) or SAR-MSB (for use by money services businesses). This change clarified that the confidentiality provisions of our SAR rules apply with respect to any type of SAR in the filing institution's possession, which, since it may result from the joint filing or sharing of a SAR with another type of financial institution in accordance with the provisions of these proposed rules, could include a type of SAR form not used by the institution. This provision is also being adopted as proposed, without change.

B. Disclosure by Financial Institutions

The proposed rule provided that any financial institution, or any director, officer, employee, or agent of a financial institution, that is subpoenaed or otherwise requested to disclose a SAR, or information that would reveal the existence of a SAR, must decline to provide the information, citing this section of the rules and 31 U.S.C. 5318(g)(2)(A)(i), and must provide notification of the request and its response thereto to FinCEN and, in the rules for those industries with parallel SAR requirements administered by a primary Federal functional regulator, [17] notification to that regulator as well.

One commenter suggested that FinCEN adjust the SAR rule for banks to remove the “duplicative” requirement for a bank to notify both FinCEN and its primary Federal functional regulator when SAR information is inappropriately requested. FinCEN disagrees with the characterization of the requirement as “duplicative” since the entities in question have separate SAR rules issued and administered by separate agencies. The joint notification requirement in FinCEN's rule, therefore, simply acknowledges the notification requirement of multiple SAR regulations issued under multiple authorities.

Because FinCEN's jurisdiction is limited to the Title 31 SAR rules, however, FinCEN is removing the requirement from its bank SAR rule that an institution notify its primary Federal regulator in addition to notifying FinCEN in the event of an inappropriate request for SAR information. While this will create greater consistency within FinCEN's SAR rules for multiple industries and between FinCEN's rules and most of the primary Federal regulator bank SAR rules with respect to the requirement to notify only the agency administering that rule, it does not relieve institutions from their requirement to comply with the provisions of similar but distinct rules administered by separate agencies. FinCEN will continue to explore the possibility of streamlining the process of notification under separate legal authorities. [18]

Another commenter asked FinCEN to establish procedures by which an institution, if it thought it would benefit the institution, could petition FinCEN to authorize the disclosure of SAR information for in camera review during a private legal proceeding. As discussed elsewhere in this rulemaking, the protection of the filing institution is not the only reason for the SAR confidentiality provision. Further, FinCEN believes that in most legal proceedings, a filing institution that would benefit from the disclosure of a SAR would benefit comparably with evidence from underlying facts, transactions, and documents. Consequently, FinCEN does not intend to establish procedures for submitting such a request in this rulemaking.

C. Rules of Construction

FinCEN proposed rules of construction that clarify the scope of the SAR disclosure prohibition and implement statutory modifications to the BSA made by the USA PATRIOT Act. The proposed rules of construction primarily describe situations that are not covered by the prohibition against the disclosure of SAR information. The introduction to these rules makes clear that the rules of construction are each qualified by and subordinate to the statutory mandate that no person involved in any reported suspicious transaction can be notified that the transaction has been reported. This introductory sentence is being adopted as proposed, without change, in the final rule.

1. The First Rule of Construction

The first proposed rule of construction clarified the permissibility of disclosures to governmental authorities or other examining authorities that are otherwise entitled by law to receive SARs and to examine for or investigate suspicious activity. For most industries, the rule stated that a financial institution, or any director, officer, employee, or agent of a financial institution, may disclose a SAR, or information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency or any Federal or State regulatory authority that examines the financial institution for compliance with the BSA.

a. State Regulatory Authorities

FinCEN is adjusting the language slightly in the final rule to make a technical correction in the SAR rule text for some industries. While the original SAR rules provided for requests for disclosure from “appropriate law enforcement [and] supervisory agenc[ies],” the proposed rules sought to expand these terms by describing explicitly the types of entities that fit into those categories. Accordingly, some of the proposed rules used the phrase “* * * state regulatory authority that examines [the institution] for compliance with the BSA.” FinCEN believes that commenters clearly understood and consented to the intent of this language, but will use the more technically accurate phrase “* * * state regulatory authority administering a state law that requires [the institution] to comply with the BSA or otherwise authorizes the state authority to ensure that the institution complies with the BSA” in the final rule.

This change recognizes that State regulatory authorities are generally authorized by State law to examine for compliance with the BSA in one of two ways: (1) The law authorizes the State authority to examine the institution for compliance with all Federal laws and regulations generally or with the BSA explicitly, or (2) the law requires a financial institution to comply with all Federal laws and regulations generally or with the BSA explicitly, and authorizes the State authority to examine for compliance with the State law. An institution may provide SAR information to a State regulatory authority meeting either criterion.

Commenters pointed out that some, but not all of the rules, provided for a financial institution to disclose SAR information to these State regulatory authorities. While one of FinCEN's goals for the final rule is to create consistency between the various industry SAR rules where appropriate, FinCEN intentionally omitted State regulatory agencies from this rule of construction for the securities and futures industries. FinCEN has not delegated, and Congress has not authorized, State regulation for compliance with the BSA to these industries. Accordingly, the provision regarding disclosures to State regulatory authorities has been incorporated into the final rule for all industries other than securities broker-dealers, futures commission merchants, introducing brokers in commodities, and mutual funds.

For each of those industries excluded from the aforementioned “state regulatory” provision, FinCEN also has made a comporting change in the final rule to the paragraph entitled “Retention of Records.” With respect to an institution's obligation to provide the supporting documentation to a SAR only to appropriate parties upon request, the final rule text includes Federal regulatory agencies, but not State regulatory agencies.

b. Tribal Regulatory Authorities

FinCEN received a similar comment regarding Tribal casinos that may be regulated by a Tribal regulatory authority. As with State agencies, FinCEN believes disclosures to such authorities should be limited only to an entity with authority to examine for compliance with laws requiring compliance with the BSA. Accordingly, FinCEN is incorporating a technical change similar to that described for State regulatory authorities, above, to more accurately describe the methods by which Tribal regulatory authorities obtain jurisdiction to examine for BSA compliance. The first rule of construction in the final rule for casinos now reads, “* * * or any tribal regulatory authority administering a tribal law that requires the casino to comply with the BSA or otherwise authorizes the tribal regulatory authority to ensure that the casino complies with tribal law.”

c. Self-Regulatory Organizations

For the proposed rules governing securities broker-dealers, futures commission merchants, and introducing brokers in commodities, an institution's ability to disclose under the first rule of construction also was extended to a self-regulatory organization that is examining the institution for compliance with the requirements “of this section,” a phrase FinCEN interpreted in the preamble as meaning the SAR rules. FinCEN received multiple and conflicting comments on this provision. Commenters correctly noted that this language differs from the standard used for Federal and State regulatory authorities.

One comment received from a government agency supported this different standard, stating that while Congress directed FinCEN to make SARs available to certain SROs in Section 358(c) of the USA PATRIOT Act (amending 31 U.S.C. 5319), Congress's simultaneous expansion in Section 358(a) of the “declaration of purpose” for the data collected under the BSA in Chapter 53 of Title 31 of the U.S.C. did not include self-regulatory purposes. Another comment from an SRO argued, however, that limiting SRO access to SAR information only in conjunction with an examination for BSA compliance was inconsistent with the aims of the BSA.

The language in the proposed rule limiting SRO use of SARs was consistent with the uses originally described in the previous SAR rules. [19] As such, the proposed rule did not propose restricting, but rather declined to expand, the existing SRO authority to use SARs. In the final rule, however, FinCEN is emphasizing the important role of BSA data in the support of supervisory functions to promote the integrity of financial markets and mitigate risks of financial crime. Accordingly, the final rule text regarding SROs more closely models the language used for government regulatory authorities. At the same time, the final rule recognizes the relationship of SROs and the Federal agencies responsible for their oversight, upon whom FinCEN relies for the purpose of helping to ensure that the SROs are operating in a manner consistent with FinCEN's mission.

SROs are not governmental entities, but do play a significant role in regulating segments of the financial industry under the close supervision and regulatory oversight by specific Federal agencies. The SEC regulates the Financial Industry Regulatory Authority (“FINRA”) and other SROs, while the CFTC regulates the National Futures Association (“NFA”) and a number of other SROs. FinCEN relies on the close supervision by the Federal functional regulators of those industries also subject to SRO oversight to assist FinCEN in ensuring that SROs appropriately use and handle BSA information. As these agencies are in a position to understand the needs of the SROs for BSA information and are also in a position to monitor the SROs' interaction with the entities subject to both the regulators' and the SROs' purview, FinCEN has determined that SROs should obtain SARs and supporting documentation from the entities that they examine in a manner and for purposes that the Federal agency responsible for its oversight deems appropriate. Thus, the final rule makes it clear that a financial institution examined by an SRO can provide SAR information to the SRO, upon the request of the Federal agency responsible for its oversight.

This request may apply to the SRO in an isolated context or in a broad context to cover a variety of situations and understood uses, as determined appropriate by that agency. FinCEN expects the Federal agency responsible for the SRO's oversight to provide this request either to the institution in writing, or to the SRO in the form of a writing that is available for the SRO to share with the institution. Given the fact that many institutions may come under the jurisdiction of more than one regulator and more than one SRO, a record of the relevant Federal regulator's request is important to avoid confusion.

In keeping with its cooperative relationships with the relevant Federal regulators, FinCEN will monitor the regulators' requests for SAR information and communicate with the regulators with respect to any concerns that either FinCEN or the regulators identify with respect to the use and protection of SARs by an SRO.

In light of the above considerations, the final rule for those industries with SROs now reads to allow disclosure to “* * * any SRO that examines [the institution] for compliance with the requirements of this section, upon the request of [the Federal agency responsible for its oversight].”

d. Civil Enforcement Authorities

One commenter also argued that the SEC and CFTC, in their capacity of civil enforcement of laws applicable to all persons (including institutions they do not examine for compliance with the BSA), should have the authority to request SAR information (specifically, supporting documentation) from all financial institutions in the same manner as law enforcement agencies. FinCEN is not amending the first rule of construction to allow this for two reasons. First, limiting the ability of the SEC or the CFTC to obtain information that would reveal that a SAR has been filed only from the types of institutions they examine for compliance with the BSA is consistent with the treatment under the final rule of all other Federal regulatory authorities, many of which also possess civil enforcement authorities. Second, although FinCEN recognizes the civil enforcement authority of the SEC and CFTC, FinCEN believes both agencies have been adequately empowered with requisite subpoena powers to obtain relevant data from financial institutions they do not examine for BSA compliance. That data includes the underlying facts, transactions, and documents upon which a SAR is based, pursuant to the second rule of construction. For example, if a bank receives a subpoena from the SEC or the CFTC that does not refer to a SAR, but merely requests certain transactional documents, then it would be permissible for the bank to respond to the subpoena with relevant documents, so long as the disclosure of any such document would not reveal the existence of a SAR. FinCEN understands that there may be situations in which documentation revealing the existence of a SAR will be responsive to an SEC or CFTC subpoena. In such situations, a financial institution should contact FinCEN with any questions concerning its ability under the SAR rules to provide information in response to a subpoena. In situations where the SEC or CFTC deem a subpoena to be imprudent, FinCEN notes the ability of those agencies to make a request for supporting documentation through FinCEN or the primary Federal regulator for that institution.

e. Other Requests for SAR Information

One commenter brought to FinCEN's attention examples of “dual filing requirements” imposed by State regulatory authorities that do not meet the criteria in the first rule of construction of administering a State law that requires the financial institution to comply with the BSA or otherwise authorizes the State authority to ensure that the institution complies with the BSA. According to the commenter, these State agencies request that copies of SARs filed with FinCEN be provided to the State authority. [20] The confidentiality provision and first rule of construction, as finalized, explicitly prohibit an institution from complying with such a request. Institutions should provide SAR information to only those entities specifically included in the rules of construction. In the event that a State agency that is not described in the rules of construction requires access to SAR information to exercise its authorities, that agency should seek access from FinCEN for such information. Institutions that are subject to such “dual filing requirements” from an unauthorized entity should contact FinCEN in accordance with the procedures of this rule.

Finally, multiple commenters requested assistance from FinCEN in discerning whether a request for SAR information comes from an appropriate party. For example, one commenter suggested that FinCEN develop a “standard request form” for law enforcement to use when requesting SAR information. Due to the variety of authorities to whom a SAR may be disclosed, the variety of purposes for which they may require SAR information, and the greater clarity already provided in the first rule of construction, FinCEN believes such a request to be impractical and unnecessary. Another commenter suggested FinCEN issue standard verification procedures for an institution to follow to determine who is an “appropriate” authority. In both the proposed rules and final rules, FinCEN has removed the term “appropriate” from the list of entities that could receive SAR information. This change from the previous SAR rules indicates FinCEN's intention to list explicitly in the first rule of construction all categories of authorities to whom an institution may provide SAR information without a subpoena. FinCEN believes this should greatly reduce the ambiguity surrounding requests. One commenter, however, requested confirmation that when an institution receives a request for disclosure of SAR information and contacts FinCEN and its regulator because of uncertainty regarding the requesting entity's status as an authority authorized by the first rule of construction, that the SAR should continue to be kept confidential as prescribed by the regulation. FinCEN agrees, but urges institutions in such a situation to quickly contact FinCEN for resolution.

2. The Second Rule of Construction

The second proposed rule of construction provided that the phrase, “a SAR or information that would reveal the existence of a SAR” does not include “the underlying facts, transactions, and documents upon which a SAR is based,” which therefore are not subject to the confidentiality provision.

This proposed rule of construction included illustrative examples of situations where the underlying facts, transactions, and documents upon which a SAR is based may be disclosed. One commenter suggested that FinCEN clarify that the illustrative examples are not exhaustive, and that there may be other situations not prescribed in the rule where an institution may disclose the underlying facts, transactions, and documents upon which a SAR is based. FinCEN did not intend for these examples to be exhaustive and does not believe the text, as proposed, implies that the examples are exhaustive. The preamble to the proposed rules, for example, expressly stated that “these two examples are not intended to be an exhaustive list of all possible scenarios in which the disclosure of underlying information is permissible” and included a discussion of disclosure of underlying information that was not explicitly listed in the rule text. It stated that “while a financial institution is prohibited from producing documents in discovery that evidence the existence of a SAR, factual documents created in the ordinary course of business (for example, business records and account information upon which a SAR is based), may be discoverable in civil litigation under the Federal Rules of Civil Procedure. [21]

For purposes of clarity, however, FinCEN is modifying the final rule language to read “* * * the underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures” expressly listed as illustrative examples in the rule. Accordingly, with respect to the SAR confidentiality provision only, [22] institutions may disclose underlying facts, transactions, and documents for any purpose, provided that no person involved in the transaction is notified and none of the underlying information reveals the existence of a SAR.

The first illustrative example in the proposed rules clarified that underlying information [23] may be disclosed to another financial institution, or any director, officer, employee, or agent of the financial institution, for the preparation of a joint SAR. This text is being adopted in the final rule, as proposed, and clarifies the authority for all institutions with a SAR requirement to jointly file SARs with any other institution with a SAR requirement. [24]

The second illustrative example in the proposed rule was included only in the final SAR rules for depository institutions, securities broker-dealers, futures commission merchants, and introducing brokers in commodities, and provided that such underlying information may be disclosed in certain written employment references and termination notices as authorized by section 351 of the USA PATRIOT Act. [25] One commenter suggested that this illustrative example should be placed in the SAR rules for all industries. The statutory authority for this provision, however, extends only to entities governed by either section 18(w) of the Federal Deposit Insurance Act or relevant rules of SROs registered with the SEC or the CFTC. [26]

One commenter asked FinCEN to allow the disclosure of SAR information to a party that has expressed interest in purchasing an institution. While FinCEN believes generally that such a disclosure is inconsistent with the purposes of the BSA, certain information, such as statistics or other underlying information that does not reveal the existence of a SAR, could be provided to such parties under the second rule of construction and could assist such purchasers with their due diligence obligations.

Another commenter suggested that FinCEN include another illustrative example of the disclosure of underlying facts, transactions, and documents not prohibited by the confidentiality provision. Specifically, this commenter asked that we explicitly authorize such information to be disclosed within an institution's corporate organizational structure for enterprise-wide risk management and the identification and reporting of suspicious activity. Provided that such information does not disclose a SAR or information that would reveal the existence of a SAR, FinCEN agrees that such disclosure of underlying information is not prohibited by the final rule or any previous SAR rules. Given the greater clarity provided by the phrase “including but not limited to” discussed previously, and the unnecessarily limited universe of entities to whom an institution could disclose underlying information suggested by the commenter, [27] FinCEN is reluctant to introduce the complex and potentially limiting concept of “corporate organizational structure” within this intentionally broad rule of construction.

3. The Third Rule of Construction

As proposed, the third rule of construction applied only to depository institutions, securities broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities, and made clear that the prohibition against the disclosure of SAR information did not preclude the sharing by any of those financial institutions, or any director, officer, employee, or agent of those institutions, of a SAR or information that would reveal the existence of the SAR within the institution's corporate organizational structure, for purposes that are consistent with Title II of the BSA, as determined by regulation or in guidance. This proposed rule of construction recognized that these financial institutions may find it necessary to share SAR information to fulfill reporting obligations under the BSA, and to facilitate more effective enterprise-wide BSA monitoring, reporting, and general risk-management. The term “share” used in this rule of construction was an acknowledgement that sharing within a corporate organization for purposes consistent with Title II of the BSA is distinguishable from a prohibited disclosure.

FinCEN received substantial comment about the issue of SAR sharing, much of which is addressed in the separate notice of availability of guidance published in today's Federal Register. In general, the comments requested an expansion of the sharing authorities with respect to both the parties permitted to share and the parties with whom SAR information could be shared. Most commenters provided a clear rationale for how expanded SAR sharing would benefit their institutions by increasing efficiency, cutting costs, and enhancing the detection and reporting of suspicious activity. Most commenters, however, failed to sufficiently address how they would mitigate effectively the risk of unauthorized disclosure of SAR information if the sharing authority was expanded to the extent requested.

Multiple commenters requested the expansion of the SAR sharing authority to all industries that currently have a SAR requirement, not just to depository institutions and the securities and futures industries. However, these commenters failed to address the disparity in regulatory oversight between those industries with a primary Federal functional regulator (industries to whom the proposed rules granted the authority to share) and those without. Accordingly, FinCEN is taking a phased approach in the final rule to granting additional industries the ability to share within their corporate organizational structure. To allow for potential future expansion of the sharing guidance, we are including the third rule of construction in the final rule text for all industries. As discussed further in the notice of availability of guidance, however, we have not at this time included those industries without a primary Federal functional regulator in the guidance authorizing sharing with affiliates. This approach establishes the regulatory framework for those industries potentially to share SAR information within their corporate structure in the future, as prescribed by FinCEN in regulation or guidance, without necessarily requiring an amendment to the SAR confidentiality provision in each industry's SAR rules. [28]

D. Disclosures by Government Authorities

In the proposed rule, FinCEN included a regulatory prohibition in each industry's SAR rule that created a prohibition against disclosure by all Federal, State, local, territorial, or Tribal government authorities, and any director, officer, employee, or agent of those authorities. The proposed rule tracked the statutory language [29] closely by clarifying that any officer or employee of the government may not disclose a SAR or information that would reveal the existence of the SAR, “except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act.”

This standard would permit, for example, official disclosures responsive to a grand jury subpoena; a request from an appropriate Federal or State law enforcement or regulatory agency; a request from an appropriate Congressional committee or subcommittees; and prosecutorial disclosures mandated by statute or the Constitution, in connection with the statement of a government witness to be called at trial, the impeachment of a government witness, or as material exculpatory of a criminal defendant. [30] This proposed interpretation of section 5318(g)(2)(A)(ii) would ensure that SAR information will not be disclosed for a reason that is unrelated to the purposes of the BSA. For example, this standard would not permit the disclosure of SAR information to the media.

The proposed rules also specifically provide that “official duties consistent with Title II of the BSA” shall not include the disclosure of SAR information in response to a request for disclosure of non-public information [31] or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11. The BSA exists, in part, to protect the public's interest in an effective reporting system that benefits the nation by helping to assure that the U.S. financial system will not be used for criminal activity or to support terrorism. FinCEN believes that this purpose would be undermined by the disclosure of SAR information to a private litigant for use in a civil lawsuit for the reasons described earlier, including the reason that such disclosures could negatively impact full and candid reporting by financial institutions.

FinCEN is adopting the text, as proposed, while clarifying that the rule should not be read to preclude inter-governmental sharing of SAR information. For example, while a FinCEN employee would be precluded under this provision from disclosing SAR information if requested by the press under the Freedom of Information Act, it would not necessarily be outside of the FinCEN employee's official duties to provide that information to another government agency.

E. Disclosures by Self-Regulatory Organizations

In the proposed rules governing entities which may be examined for compliance with their SAR requirements by an SRO, FinCEN included a provision regarding disclosures by SROs that closely paralleled the provision regarding government disclosures. The language differed, however, to reflect the fact that self-regulatory organizations are not governmental entities. One commenter suggested that because SROs are not governmental entities but rather are subject to oversight by the SEC and CFTC, they cannot possess “official duties” in the same capacity as a government representative. Another comment submitted by an SRO requested that FinCEN expand, rather than limit, an SRO's authority to use and disclose SARs for all self-regulatory purposes. While FinCEN agrees that SROs are not government agencies, FinCEN believes it is not necessary to define the extent to which SROs possess “official duties” under 31 U.S.C. 5318(g)(2)(A)(ii) at this time. Instead, FinCEN has modified the language of the final rule text to comport with language from the first rule of construction by stating that SROs “shall not disclose * * * except as necessary to fulfill self-regulatory duties upon the request of [the Federal agency responsible for its oversight], in a manner consistent with title II of the BSA.”

For consistency, we also are removing “official duties” from the subsequent sentences in the final rule (regarding the appropriate SRO response to requests for use in a private legal proceeding or for disclosure of non-public information) and using the same replacement language.

F. Limitation on Liability

In Section 351 of the USA PATRIOT Act, Congress amended section 5318(g)(3) to clarify that the scope of the safe harbor provision also includes the voluntary disclosure of possible violations of law and regulations to a government agency, and to expand the scope of the limit on liability to include any liability which may exist “under any contract or other legally enforceable agreement (including any arbitration agreement).” FinCEN tracked more closely the statutory language in the proposed rules, particularly by stating that the safe harbor applies to “disclosures” (and not “reports” as in some previous rulemakings) made by institutions.

Additionally, to comport with the authorization to jointly file SARs in the second rule of construction, FinCEN clarified that the safe harbor also applies to “a disclosure made jointly with another institution.” This concept exists currently in those SAR rules where joint filing had been explicitly referenced, but has been revised to track more closely the statutory language. It was also inserted for the sake of consistency into those SAR rules where it had been absent previously, clarifying that all parties to a joint filing, and not simply the party that provides the form to FinCEN, fall within the scope of the safe harbor.

For consistency, FinCEN also separated the provision for confidentiality of reports and limitation of liability into two separate provisions in those rules for industries which previously contained both provisions under the single heading “confidentiality of reports; limitation of liability.”

All comments received about the safe harbor provision encouraged making the provision as strong as possible. One commenter identified the statutory phrase, “to any person,” that was not included in the proposed rules, and which FinCEN believes would strengthen the safe harbor provided by the final rule. The commenter correctly pointed out that the statutory safe harbor provision protects persons from liability not only to the person involved in the transaction, but also to any other person. Accordingly the final rule is being amended to insert the phrase “shall be protected from liability to any person, for any such disclosure * * *” and is otherwise being adopted as proposed, without change.

Another commenter requested that FinCEN expressly grant safe harbor to an institution that makes a determination not to file a SAR after investigating potentially suspicious activity. The statutory safe harbor provision, however, is clearly intended to protect persons involved in the filing of a voluntary or required SAR from civil liability only for filing the SAR and for refusing to provide notice of such filing. FinCEN cannot provide additional protection from liability for other actions.

G. Compliance

In the proposed rule, FinCEN streamlined the compliance provision by providing only that (1) FinCEN or its delegatees [32] may examine the institution for compliance with the SAR requirement; (2) that a failure to satisfy the requirements of the SAR rule may constitute a violation of the BSA or BSA regulations; and (3) for depository institutions with parallel Title 12 SAR requirements, that failure to comply with FinCEN's SAR requirement may also constitute a violation of the parallel Title 12 rules. For consistency, the proposed rules also used only the heading “Compliance” for this provision in each of the SAR rules. [33] In the absence of any comments objecting to any of the proposed changes to the Compliance provision, FinCEN is adopting them as proposed, without change, in the final rule.

H. Technical Corrections and Harmonization

In addition to the changes described above in the Section-by-Section analysis, the final rule incorporates the proposed technical corrections to harmonize, where appropriate, each of FinCEN's seven SAR rules with each other and with those being issued by some of the Federal bank regulatory agencies. FinCEN believes that such efforts will simplify compliance with SAR reporting requirements.

In the final rule for each industry, FinCEN is making one such change that had not been proposed. FinCEN is amending the paragraph entitled “retention of records” so that the standard for the disclosure of a SAR's supporting documentation to appropriate governmental authorities comports with the standard found in the first rule of construction. Because the supporting documentation is deemed to have been filed with the SAR but kept in custody by the financial institution, this change is necessary to ensure that all types of SAR information are subject to the same standard of confidentiality. This comporting change is consistent with the substance of the proposed rule text, as addressed through public comment.

For the mutual fund SAR rule only, this comporting change results in striking language regarding supporting documentation for a SAR jointly filed with a broker-dealer in securities being made available by the mutual fund to the SRO of the broker-dealer. This change is consistent with FinCEN's treatment elsewhere in the final rule of regulatory authorities' ability to request SAR information from entities they do not regulate. [34]

V. Other Issues Back to Top

A. Requests for Guidance

One commenter requested additional guidance from FinCEN regarding additional situations under which a SAR could be disclosed, but did not provide any examples of the “unclear and vague” issues that remained. It is FinCEN's intent, and one of the underlying motivations for this rulemaking, that the rules of construction, as finalized, constitute clearly all of the circumstances under which an institution may disclose SAR information to, or share SAR information with, a third party.

Additional commenters requested guidance regarding the appropriate use of SARs by agents of financial institutions. Examples of such agents suggested by one commenter included independent auditors or other contracted service providers (information technology, legal counsel, etc.). Another commenter requested similar clarification regarding the use of SAR information by transfer agents or other third party service providers in the context of mutual funds. FinCEN reiterates from the notices that nothing in the final rule or accompanying guidance supersedes any of FinCEN's previous written guidance or the adopting release for the mutual fund SAR rule. [35]

FinCEN also recognizes, particularly in the context of the money services business (“MSB”) industry, potential concerns regarding confidentiality and the principal-agent relationship when both parties are subject to a SAR rule. Nothing in the final rule is intended to preclude the disclosure of SAR information within the United States between an agent-MSB and its principal-MSB. [36]

FinCEN is considering additional guidance on each of these matters. Until such guidance is issued, however, FinCEN reminds institutions of their ultimate responsibility to protect, through reasonable controls or agreements with such agents, the confidentiality of a SAR, or any information that would reveal the existence of a SAR, as prescribed in the final rule.

B. Comments Outside the Scope of This Rulemaking

FinCEN received multiple comments making suggestions relevant to, but outside the scope of, this final rule. One commenter, for example, requested that FinCEN grant greater electronic access of all BSA data to certain SROs. Similarly, one government agency requested an expansion of the universe of BSA data available to them electronically. Prior to the issuance of the proposed rules, FinCEN was considering each of these issues in a context other than within this rulemaking. FinCEN will continue such efforts apart from this rulemaking. Another commenter's suggestion for FinCEN-issued guidance regarding what constitutes “supporting documentation” of a SAR also had been addressed outside this rulemaking. [37]

Finally, one commenter from a large trade organization stated that the organization interpreted the proposals to have authorized international outsourcing of compliance functions related to suspicious activity reporting. FinCEN was intentionally silent on the issue in the proposed rules, and has been studying the issue while considering additional future guidance with respect to outsourcing. Like the proposed rules, this final rulemaking takes no position on the matter.

VI. Location in Chapter X Back to Top

As discussed in Federal Register Notice, 75 FR 65806, October 26, 2010, FinCEN will be removing Part 103 of Chapter I of Title 31, Code of Federal Regulations, and adding Parts 1000 to 1099 (Chapter X) effective March 1, 2011. Per that final rule, the changes in the present rule will be reorganized according to Chapter X within a separate technical amendment to Chapter X in advance of the March 1, 2011 effective date. The upcoming reorganization will have no substantive effect on the regulatory changes herein. The regulatory changes of this specific rulemaking would be renumbered according to Chapter X as follows:

  • § 103.15 would be moved to § 1024.320;
  • § 103.16 would be moved to § 1025.320;
  • § 103.17 would be moved to § 1026.320;
  • § 103.18 would be moved to § 1020.320;
  • § 103.19 would be moved to § 1023.320;
  • § 103.20 would be moved to § 1022.320; and
  • § 103.21 would be moved to § 1021.320.

VII. Regulatory Matters Back to Top

A. Executive Order 12866

The final rule is a significant regulatory action for purposes of Executive Order 12866.

B. Paperwork Reduction Act Notices

The final rule does not contain any “collections of information” as defined in the Paperwork Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR 1320, Appendix A.1).

C. Regulatory Flexibility Act

Pursuant to the Regulatory Flexibility Act (5 U.S.C. 601 et seq.), FinCEN certifies that this final regulation will not have a significant economic impact on a substantial number of small entities. The regulatory changes in this rulemaking affect only the disclosure provisions of the current rules relating to the reporting of suspicious activity by financial institutions, and do not change any requirement to file or maintain a report. In the context of disclosure, the rulemaking clarifies, rather than adding to, existing regulatory provisions regarding the confidentiality of suspicious activity reports. FinCEN therefore expects little or no economic impact to result from the final rule. Accordingly, a regulatory flexibility analysis is not required.

D. Unfunded Mandates Reform Act of 1995

Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104-4 (2 U.S.C. 1532) (Unfunded Mandates Act), requires that an agency prepare a budgetary impact statement before promulgating any rule likely to result in a Federal mandate that may result in the expenditure by State, local, and Tribal governments, in the aggregate, or by the private sector of $100 million or more in any one year. The current inflation-adjusted expenditure threshold is $133 million. If a budgetary impact statement is required, § 205 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule.

FinCEN has determined that the proposed rules will not result in expenditures by State, local, and Tribal governments, or by the private sector, of $133 million or more in any one year. Accordingly, this proposal is not subject to section 202 of the Unfunded Mandates Act.

List of Subjects in 31 CFR Part 103 Back to Top

begin regulatory text

Authority and Issuance Back to Top

For the reasons set forth in the preamble, 31 CFR Part 103 is amended as follows:

PART 103—FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS Back to Top

1.The authority citation for part 103 continues to read as follows:

Authority:

12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314 and 5316-5332; title III, sec. 314 Pub. L. 107-56, 115 Stat. 307.

2.Section 103.15 is amended by:

a. Revising the last sentence of paragraph (c); and

b. Revising paragraphs (d), (e), and (f), to read as follows:

§ 103.15 Reports by mutual funds of suspicious transactions.

* * * * *

(c) * * * The mutual fund shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the mutual fund for compliance with the Bank Secrecy Act, upon request..

(d) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (d). For purposes of this paragraph (d) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this part.

(1) Prohibition on disclosures by mutual funds. (i) General rule. No mutual fund, and no director, officer, employee, or agent of any mutual fund, shall disclose a SAR or any information that would reveal the existence of a SAR. Any mutual fund, and any director, officer, employee, or agent of any mutual fund that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

(ii) Rules of construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (d)(1) shall not be construed as prohibiting:

(A) The disclosure by a mutual fund, or any director, officer, employee, or agent of a mutual fund, of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the mutual fund for compliance with the Bank Secrecy Act; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures to another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR; or

(B) The sharing by a mutual fund, or any director, officer, employee, or agent of the mutual fund, of a SAR, or any information that would reveal the existence of a SAR, within the mutual fund's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

(e) Limitation on liability. A mutual fund, and any director, officer, employee, or agent of any mutual fund, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(f) Compliance. Mutual funds shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this part.

* * * * *

3.Section 103.16 is amended by:

a. Revising the last sentence of paragraph (e);

b. Revising paragraph (f);

c. Redesignating paragraphs (g) through (i) as paragraphs (h) through (j);

d. Adding new paragraph (g); and

e. Revising newly designated paragraph (h), to read as follows:

§ 103.16 Reports by insurance companies of suspicious transactions.

* * * * *

(e) * * * An insurance company shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the insurance company for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the insurance company to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act, upon request.

(f) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (f). For purposes of this paragraph (f) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this part.

(1) Prohibition on disclosures by insurance companies. (i) General rule. No insurance company, and no director, officer, employee, or agent of any insurance company, shall disclose a SAR or any information that would reveal the existence of a SAR. Any insurance company, and any director, officer, employee, or agent of any insurance company that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

(ii) Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (f)(1) shall not be construed as prohibiting:

(A) The disclosure by an insurance company, or any director, officer, employee, or agent of an insurance company, of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the insurance company for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the insurance company to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures to another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR.

(B) The sharing by an insurance company, or any director, officer, employee, or agent of the insurance company, of a SAR, or any information that would reveal the existence of a SAR, within the insurance company's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

(g) Limitation on liability. An insurance company, and any director, officer, employee, or agent of any insurance company, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(h) Compliance. Insurance companies shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this part.

* * * * *

4.Section 103.17 is amended by revising the last sentence in paragraph (d), and all of paragraphs (e), (f), and (g) to read as follows:

§ 103.17 Reports by futures commission merchants and introducing brokers in commodities of suspicious transactions.

* * * * *

(d) * * * An FCM or IB-C shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the FCM or IB-C for compliance with the BSA, upon request; or to any registered futures association or registered entity (as defined in the Commodity Exchange Act, 7 U.S.C. 21 and 7 U.S.C. 1(a)(29)) (collectively, a self-regulatory organization (“SRO”)) that examines the FCM or IB-C for compliance with the requirements of this section, upon the request of the Commodity Futures Trading Commission.

(e) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (e). For purposes of this paragraph (e) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this part.

(1) Prohibition on disclosures by futures commission merchants and introducing brokers in commodities. (i) General rule. No FCM or IB-C, and no director, officer, employee, or agent of any FCM or IB-C, shall disclose a SAR or any information that would reveal the existence of a SAR. Any FCM or IB-C, and any director, officer, employee, or agent of any FCM or IB-C that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

(ii) Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (e)(1) shall not be construed as prohibiting:

(A) The disclosure by an FCM or IB-C, or any director, officer, employee, or agent of an FCM or IB-C, of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the FCM or IB-C for compliance with the BSA; or to any SRO that examines the FCM or IB-C for compliance with the requirements of this section, upon the request of the Commodity Futures Trading Commission; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures:

(i) To another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR; or

(ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or

(B) The sharing by an FCM or IB-C, or any director, officer, employee, or agent of the FCM or IB-C, of a SAR, or any information that would reveal the existence of a SAR, within the FCM's or IB-C's corporate organizational structure for purposes consistent with Title II of the BSA as determined by regulation or in guidance.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the BSA. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

(3) Prohibition on disclosures by Self-Regulatory Organizations. Any self-regulatory organization registered with or designated by the Commodity Futures Trading Commission, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR except as necessary to fulfill self-regulatory duties upon the request of the Commodity Futures Trading Commission, in a manner consistent with Title II of the BSA. For purposes of this section, “self-regulatory duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding.

(f) Limitation on liability. An FCM or IB-C, and any director, officer, employee, or agent of any FCM or IB-C, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(g) Compliance. FCMs or IB-Cs shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this part.

* * * * *

5.Section 103.18 is amended by:

a. Revising the last sentence of paragraph (d); and

b. Revising paragraphs (e) and (f); and

c. Adding new paragraph (g), to read as follows:

§ 103.18 Reports by banks of suspicious transactions.

* * * * *

(d) * * * A bank shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the bank for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the bank to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act, upon request.

(e) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (e). For purposes of this paragraph (e) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this part.

(1) Prohibition on disclosures by banks. (i) General rule. No bank, and no director, officer, employee, or agent of any bank, shall disclose a SAR or any information that would reveal the existence of a SAR. Any bank, and any director, officer, employee, or agent of any bank that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

(ii) Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (e)(1) shall not be construed as prohibiting:

(A) The disclosure by a bank, or any director, officer, employee, or agent of a bank, of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the bank for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the bank to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the bank complies with the Bank Secrecy Act; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures:

(i) To another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR; or

(ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or

(B) The sharing by a bank, or any director, officer, employee, or agent of the bank, of a SAR, or any information that would reveal the existence of a SAR, within the bank's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

(f) Limitation on liability. A bank, and any director, officer, employee, or agent of any bank, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(g) Compliance. Banks shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this part. Such failure may also violate provisions of Title 12 of the Code of Federal Regulations.

6.Section 103.19 is amended by revising the last sentence in paragraph (d), and all of paragraphs (e), (f), and (g) to read as follows:

§ 103.19 Reports by brokers or dealers in securities of suspicious transactions.

* * * * *

(d) * * * A broker-dealer shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the broker-dealer for compliance with the Bank Secrecy Act, upon request; or to any SRO that examines the broker-dealer for compliance with the requirements of this section, upon the request of the Securities and Exchange Commission.

(e) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (e). For purposes of this paragraph (e) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this part.

(1) Prohibition on disclosures by brokers or dealers in securities. (i) General rule. No broker-dealer, and no director, officer, employee, or agent of any broker-dealer, shall disclose a SAR or any information that would reveal the existence of a SAR. Any broker-dealer, and any director, officer, employee, or agent of any broker-dealer that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

(ii) Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (e)(1) shall not be construed as prohibiting:

(A) The disclosure by a broker-dealer, or any director, officer, employee, or agent of a broker-dealer, of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the broker-dealer for compliance with the Bank Secrecy Act; or to any SRO that examines the broker-dealer for compliance with the requirements of this section, upon the request of the Securities Exchange Commission; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures:

(i) To another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR; or

(ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or

(B) The sharing by a broker-dealer, or any director, officer, employee, or agent of the broker-dealer, of a SAR, or any information that would reveal the existence of a SAR, within the broker-dealer's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

(3) Prohibition on disclosures by Self-Regulatory Organizations. Any self-regulatory organization registered with the Securities and Exchange Commission, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR except as necessary to fulfill self-regulatory duties with the consent of the Securities Exchange Commission, in a manner consistent with Title II of the Bank Secrecy Act. For purposes of this section, “self-regulatory duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding.

(f) Limitation on liability. A broker-dealer, and any director, officer, employee, or agent of any broker-dealer, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(g) Compliance. Broker-dealers shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this part.

* * * * *

7.Section 103.20 is amended by:

a. Revising the last sentence of paragraph (c);

b. Revising paragraph (d);

c. Redesignating paragraphs (e) and (f) as paragraphs (f) and (g);

d. Adding new paragraph (e); and

e. Revising newly designated paragraph (f), to read as follows:

§ 103.20 Reports by money services businesses of suspicious transactions.

* * * * *

(c) * * * A money services business shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the money services business for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the money services business to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the money services business complies with the Bank Secrecy Act.

(d) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (d). For purposes of this paragraph (d) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this part.

(1) Prohibition on disclosures by money services businesses. (i) General rule. No money services business, and no director, officer, employee, or agent of any money services business, shall disclose a SAR or any information that would reveal the existence of a SAR. Any money services business, and any director, officer, employee, or agent of any money services business that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

(ii) Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (d)(1) shall not be construed as prohibiting:

(A) The disclosure by a money services business, or any director, officer, employee, or agent of a money services business, of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the money services business for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the money services business to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the money services business complies with the Bank Secrecy Act; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures to another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR.

(B) The sharing by a money services business, or any director, officer, employee, or agent of the money services business, of a SAR, or any information that would reveal the existence of a SAR, within the money services business's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

(e) Limitation on liability. A money services business, and any director, officer, employee, or agent of any money services business, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(f) Compliance. Money services businesses shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this part.

* * * * *

8.Section 103.21 is amended by:

a. Revising the last sentence of paragraph (d);

b. Revising paragraph (e);

c. Redesignating paragraphs (f) and (g) as paragraphs (g) and (h);

d. Adding new paragraph (f); and

e. Revising newly designated paragraph (g).

§ 103.21 Reports by casinos of suspicious transactions.

* * * * *

(d) * * * A casino shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the casino for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the casino to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the casino complies with the Bank Secrecy Act, or any Tribal regulatory authority administering a Tribal law that requires the casino to comply with the Bank Secrecy Act or otherwise authorizes the Tribal regulatory authority to ensure that the casino complies with the Bank Secrecy Act, upon request.

(e) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (e). For purposes of this paragraph (e) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this part.

(1) Prohibition on disclosures by casinos. (i) General rule. No casino, and no director, officer, employee, or agent of any casino, shall disclose a SAR or any information that would reveal the existence of a SAR. Any casino, and any director, officer, employee, or agent of any casino that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.

(ii) Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (e)(1) shall not be construed as prohibiting:

(A) The disclosure by a casino, or any director, officer, employee, or agent of a casino, of:

(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the casino for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the casino to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the casino complies with the Bank Secrecy Act, or any Tribal regulatory authority administering a Tribal law that requires the casino to comply with the Bank Secrecy Act or otherwise authorizes the Tribal regulatory authority to ensure that casino complies with the Bank Secrecy Act; or

(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures to another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR.

(B) The sharing by a casino, or any director, officer, employee, or agent of the casino, of a SAR, or any information that would reveal the existence of a SAR, within the casino's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.

(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act (BSA). For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.

(f) Limitation on liability. A casino, and any director, officer, employee, or agent of any casino, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(g) Compliance. Casinos shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this part.

* * * * *

end regulatory text

Dated: November 22, 2010.

James H. Freis, Jr.,

Director, Financial Crimes Enforcement Network.

[FR Doc. 2010-29869 Filed 12-2-10; 8:45 am]

BILLING CODE 4810-02-P

Footnotes Back to Top

1. The Federal bank regulatory agencies have parallel SAR requirements for their supervised entities: See 12 CFR 208.62, 12 CFR 211.24(f), and 12 CFR 225.4(f) (the Board of Governors of the Federal Reserve System) (“Fed”)); 12 CFR 353.3 (the Federal Deposit Insurance Corporation (“FDIC”)); 12 CFR 748.1 (the National Credit Union Administration (“NCUA”)); 12 CFR 21.11 (the Office of the Comptroller of Currency (“OCC”)) and 12 CFR 563.180 (the Office of Thrift Supervision (“OTS”)).

Back to Context

2. FinCEN has implemented regulations for suspicious activity reporting at 31 CFR 103.15 (for mutual funds); 31 CFR 103.16 (for insurance companies); 31 CFR 103.17 (for futures commission merchants and introducing brokers in commodities); 31 CFR 103.18 (for banks); 31 CFR 103.19 (for broker-dealers in securities); 31 CFR 103.20 (for money services businesses); 31 CFR 103.21 (for casinos).

Back to Context

3. The Annunzio-Wylie Anti-Money Laundering Act of 1992 (the Annunzio-Wylie Act), amended the BSA and authorized the Secretary of the Treasury to require financial institutions to report suspicious transactions relevant to a possible violation of law or regulation. See 102, Title XV, 1517(b), 106 Stat. 4055, 4058-9 (1992); 31 U.S.C. 5318(g)(1).

Back to Context

5. Bank Secrecy Act regulations expressly permitting the filing of a joint SAR when multiple financial transactions are involved in a common transaction or series of transactions involving suspicious activity can be found at 31 CFR 103.15(a)(3) (for mutual funds); 31 CFR 103.16(b)(3)(ii) (for insurance companies); 31 CFR 103.17(a)(3) (for futures commission merchants and introducing brokers in commodities); 31 CFR 103.19(a)(3) (for broker-dealers in securities); and 31 CFR 103.20(a)(4) (for money services businesses).

Back to Context

6. See USA PATRIOT Act, section 351(b). Public Law 107-56, Title III, § 351, 115 Stat. 272, 321(2001); 31 U.S.C. 5318(g)(2).

Back to Context

7. See USA PATRIOT Act, section 351(a). Public Law 107-56, Title III, § 351, 115 Stat. 272, 321(2001); 31 U.S.C. 5318(g)(3).

Back to Context

8. Generally, these regulations are known as “Touhy regulations,” after the Supreme Court's decision in United States ex rel. Touhy v. Ragen, 340 U.S. 462 (1951). In that case, the Supreme Court held that an agency employee could not be held in contempt for refusing to disclose agency records or information when following the instructions of his or her supervisor regarding the disclosure. As such, an agency's Touhy regulations are the instructions agency employees must follow when those employees receive requests or demands to testify or otherwise disclose agency records or information.

Back to Context

9. All comments to the notices are available for public viewing at http://www.regulations.gov or http://www.fincen.gov/statutes_regs/bsa/regs_proposal_comment.html.

Back to Context

10. Comments about the sharing guidance are addressed separately in a related “notice of availability of guidance” published by FinCEN in today's Federal Register.

Back to Context

11. See, e.g., Whitney Nat'l Bank v. Karam, 306 F. Supp. 2d 678, 682 (S.D. Tex. 2004); Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002).

Back to Context

12. For example, a private litigant may serve a discovery request on a bank in civil litigation that calls for the bank to produce the underlying documentation on companies A, B, and C, where the bank has filed a SAR on company A but not companies B or C, and the underlying documentation reflects the SAR filing decisions. If the bank then produces the underlying documentation for companies B and C, but neither confirms nor denies the existence of a SAR when declining to provide similar documentation for company A, by negative implication it may have revealed the existence of the SAR filed on company A.

Back to Context

13. As one commenter correctly suggested, information produced in the ordinary course of business may contain sufficient information that a reasonable and prudent person familiar with SAR filing requirements could use to conclude that an institution likely filed a SAR (e.g., a copy of a fraudulent check, or a cash transaction log showing a clear pattern of structured deposits). Such information, alone, does not constitute information that would reveal the existence of a SAR.

Back to Context

14. See, e.g., Whitney Nat. Bank v. Karam, 306 F. Supp. 2d 678, 682 (S.D. Tex. 2004) (noting that courts have “allowed the production of supporting documentation that was generated or received in the ordinary course of the banks' business, on which the report of suspicious activity was based”); Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002) (holding that the “factual documents which give rise to suspicious conduct * * * are to be produced in the ordinary course of discovery because they are business records made in the ordinary course of business”).

Back to Context

15. See, e.g., Whitney at 682-83 (holding that the SAR confidentiality provision protects, inter alia,“communications preceding the filing of a SAR and preparatory or preliminary to it; communications that follow the filing of a SAR and are explanations or follow-up discussion; or oral communications or suspected or possible violations that did not culminate in the filing of a SAR”); Cotton at 815 (holding that “documents representing the drafts of SARs or other work product or privileged communications that relate to the SAR itself * * * are not to be produced [in discovery] because they would disclose whether a SAR has been prepared or filed”); Union Bank of California, N.A. v. Superior Court, 130 Cal. App. 4th 378, 391 (2005) (holding that “a draft SAR or internal memorandum prepared as part of a financial institution's process for complying with Federal reporting requirements is generated for the specific purpose of fulfilling the institution's reporting obligation * * * [and] fall within the scope of SAR [confidentiality] because they may reveal the contents of a SAR and disclose whether ‘a SAR has been prepared or filed’ ”).

Back to Context

16. One example of such information could include summary information commonly provided by banks in the “notification to the board” required by the various Federal bank regulatory agency SAR rules. Banks subject to the requirement are encouraged to be cautious in the production of relevant portions of board minutes or other records to avoid the risk of potentially exposing SAR information to the subject, either directly or indirectly, in the event such records are subject to future subpoena.

Back to Context

17. Primary Federal functional regulator, for purposes of this final rule, means the Federal bank regulatory agencies, the Securities and Exchange Commission (“SEC”), and the Commodity Futures Trading Commission (“CFTC”). Only the Federal bank regulatory agencies administer parallel SAR requirements.

Back to Context

18. In the interim, upon notification by a financial institution, FinCEN will ensure that an institution's primary Federal regulator has been notified of such a request and the institution's response thereto.

Back to Context

19. For example, prior to this final rule, the existing SAR rule for securities broker-dealers at 31 CFR 103.19(g) stated that “[r]eports filed under this section shall be made available to an SRO registered with the [SEC] examining a broker-dealer for compliance with the requirements of this section.”

Back to Context

20. Such “dual filing” requirements, regardless of whether the State authority examines for compliance with State laws requiring compliance with the BSA, are inherently inconsistent with 31 U.S.C. 5318(g)(4), which clearly intends that all SARs be filed to a single government agency designated by the Secretary of the Treasury.

Back to Context

21. See Cotton, 235 F. Supp. 2d at 815.

Back to Context

22. This sentence does not speak to any other laws or regulations governing a financial institution's responsibilities to maintain and protect information.

Back to Context

23. FinCEN reminds institutions that the underlying facts, transactions, and documents upon which a SAR is based may include or reference previously filed SARs or other information that would reveal the existence of a SAR. Such underlying information could not be disclosed under this rule of construction.

Back to Context

24. On December 21, 2006, FinCEN and the Federal bank regulatory agencies announced that the format for the SAR form for depository institutions had been revised to support a new joint filing initiative to reduce the number of duplicate SARs filed for a single suspicious transaction. “Suspicious Activity Report (SAR) Revised to Support Joint Filings and Reduce Duplicate SARs,” Joint Release issued by FinCEN, the FRB, the OCC, the OTS, the FDIC, and NCUA (Dec. 21, 2006). On February 17, 2006, FinCEN and the Federal bank regulatory agencies published a joint Federal Register notice seeking comment on proposed revisions to the SAR form. See 71 FR 8640. On April 26, 2007, FinCEN announced a delay in implementation of the revised SAR form until further notice. See 72 FR 23891. Until such time as a new SAR form is available that facilitates joint filing, institutions authorized to jointly file should follow FinCEN's guidance to use the words “joint filing” in the narrative of the SAR and ensure that both institutions maintain a copy of the SAR and any supporting documentation (See, e.g., http://www.fincen.gov/statutes_regs/guidance/html/guidance_faqs_sar_10042006.html).

Back to Context

27. Disclosure of underlying facts, transactions, and documents for compliance purposes to an entity outside of an institution's corporate organizational structure may be warranted and would not be prohibited, provided that a SAR or information that would reveal the existence of a SAR was not disclosed.

Back to Context

28. At this time, we are also not expanding the 2006 guidance on sharing with head offices and controlling companies to additional industries. The regulatory framework provided in the final rule, however, also would facilitate the potential expansion of this authority to those industries in the future.

Back to Context

29. See 31 U.S.C. 5318(g)(2)(A)(ii).

Back to Context

30. See, e.g., Giglio v. United States, 405 U.S. 150, 153-54 (1972); Brady v. State of Maryland, 373 U.S. 83, 86-87 (1963); Jencks v. United States, 353 U.S. 657, 668 (1957).

Back to Context

31. For purposes of this rulemaking, “non-public information” refers to information that is exempt from disclosure under the Freedom of Information Act.

Back to Context

32. In the case of the SEC and the CFTC, that authority may be further delegated to SROs.

Back to Context

33. Identical section in separate SAR rules had been titled “Compliance” or “Examination and Enforcement” prior to the proposed rule.

Back to Context

34. See the earlier preamble discussion of “civil enforcement authorities” under the first rule of construction, including the ability of a regulator to obtain supporting documentation from FinCEN or the supervisor of an institution in cases where its own authorities are limited.

Back to Context

35. Specifically, we note that in both the mutual fund SAR rule adopting release (71 FR 26213) and the October 2006 guidance, (http://www.fincen.gov/statutes_regs/guidance/pdf/guidance_faqs_sar_10042006.pdf), FinCEN acknowledged the role of transfer agents and other service providers and their access to SAR information in the context of the suspicious activity monitoring, detection, and reporting obligations of mutual funds. These service providers may be unaffiliated or affiliated with the mutual funds. The October 2006 guidance and adopting release clarified that a mutual fund may contractually delegate its SAR functions to such an agent, although the mutual fund remains responsible for assuring compliance with the rule, and therefore must monitor actively the performance of its reporting obligations. In those same documents, FinCEN acknowledged the role of an investment adviser that controls a mutual fund and its access to SAR information in the context of enterprise-wide risk management and compliance functions.

Back to Context

36. An agent and principal should only disclose SAR information with respect to transactions common to both parties. For example, an independent currency exchanger may not disclose suspicious activity regarding currency exchange to its principal MSB for money transmission, unless there is a nexus between the currency exchange and money transmission activity. Additionally, FinCEN has not authorized at this time the sharing of SAR information between multiple agents of the same principal MSB.

Back to Context

37. See Suspicious Activity Report Supporting Documentation. June 13, 2007. http://www.fincen.gov/statutes_regs/guidance/html/Supporting_Documentation_Guidance.html.

Back to Context
Site Feedback