Skip to Content
Rule

Notice of Availability of Final Interpretative Guidance-Sharing Suspicious Activity Reports by Depository Institutions and Securities Broker-Dealers, Mutual Funds, Futures Commission Merchants, or Introducing Brokers in Commodities With Certain U.S. Affiliates

Action

Interpretive Guidance.

Summary

By this notice, FinCEN announces the availability of two related pieces of guidance that apply to depository institutions and to securities broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities (collectively referred to as “final guidance”) interpreting the final rule published elsewhere in this part of today's Federal Register. Among other things, the final rule clarifies the scope of the statutory prohibition on the disclosure by a financial institution of a report of a suspicious transaction set forth in the Bank Secrecy Act (“BSA”) by stating that the confidentiality provision does not apply when a depository institution, securities broker-dealer, mutual fund, futures commission merchant, or introducing broker in commodities (hereafter, “an authorized institution”) shares a suspicious activity report (“SAR”), or any information that would reveal the existence of a SAR, within its corporate organizational structure for purposes consistent with Title II of the BSA, as determined by regulation or guidance. The final guidance interprets this provision to permit an authorized institution to share a SAR, or information that would reveal the existence of a SAR (collectively, “SAR information”), with certain affiliates.

 

Table of Contents Back to Top

DATES: Back to Top

This final guidance is effective January 3, 2011.

ADDRESSES: Back to Top

The final guidance is available in the U.S. Government's electronic docket site at http://www.regulations.gov under the under docket number TREAS-2008-0022 and on FinCEN's Web site at http://www.fincen.gov.

FOR FURTHER INFORMATION CONTACT: Back to Top

FinCEN's Regulatory Helpline, (800) 949-2732.

SUPPLEMENTARY INFORMATION: Back to Top

I. Background Back to Top

FinCEN, through its authority under the BSA, as delegated by the Secretary of the Treasury, may require financial institutions to keep records and file reports that FinCEN determines have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings, or for intelligence or counter-intelligence activities to protect against international terrorism. In particular, the BSA and its implementing regulations require financial institutions in certain industries [1] to file a SAR when they detect a known or suspected violation of Federal law or regulation, or a suspicious activity related to money laundering, terrorist financing, or other criminal activity. [2]

II. The Notice of Proposed Guidance and Related Actions Back to Top

On March 9, 2009, FinCEN published in the Federal Register a notice of proposed rulemaking (“the proposed rule”) and two separate notices and requests for comment on proposed guidance (“the proposed guidance”) (collectively, “the notices”). In the proposed rule, FinCEN proposed amendments to each of FinCEN's SAR rules [3] to include key changes that would, among other things, clarify the scope of the statutory prohibition against the disclosure by a financial institution of a SAR.

In separate but contemporaneous rulemakings, some of the Federal bank regulatory agencies [4] proposed amending their SAR rules to incorporate comparable provisions to FinCEN's proposed rules, and amending their information disclosure regulations [5] to clarify that the exclusive standard governing the release of a SAR, or any information that would reveal the existence of a SAR, is set forth in the confidentiality provisions of their respective SAR rules.

The proposed rule included a provision which states that the confidentiality provision does not apply when a bank shares a SAR, or any information that would reveal the existence of a SAR, within its corporate organizational structure for purposes consistent with Title II of the BSA, as determined by regulation or guidance. The proposed guidance interpreted this provision to permit a bank to share a SAR with certain affiliates, subject to certain qualifications.

The notices and related Federal bank regulatory agency actions were published in their own separate part of the Federal Register to encourage commenters to take into account all relevant provisions.

III. Comments Back to Top

The comment period for the notices ended on June 8, 2009. We received a total of 26 submissions from 25 distinct entities. [6] Of these, 15 were submitted by trade groups or associations, four were submitted by individual financial institutions, three were submitted by Federal, tribal, or foreign government agencies, three were submitted by consultants or attorneys not affiliated with a specific financial institution, and one was submitted by a self regulatory organization (“SRO”). The comments generally supported the proposed rules [7] while requesting the broadening of the proposed sharing guidance.

A. Definition of “Affiliate”

FinCEN did not receive any comments that were critical of its proposed definition of “affiliate.” One commenter, however, did ask FinCEN to treat all of the subsidiaries of a bank holding company not as affiliates, but as the same legal entity, for purposes of SAR confidentiality. The commenter believed this would authorize the entire corporate family held by a bank holding company to share SAR information with each other. Due to the impropriety of arbitrarily creating such a provision for bank holding companies only, and the imprecise legal construct the commenter has conceived, FinCEN is not compelled to accommodate this request. Accordingly, FinCEN is adopting as proposed the definition of affiliate. [8]

B. The Universe of Entities To Whom the Final Guidance is Applicable

Multiple commenters requested the expansion of the SAR sharing authority to all industries that currently have a FinCEN SAR requirement, not just to the authorized institutions proposed. These commenters suggested that institutions and the government would benefit from such expansion by increasing efficiency, cutting costs, and enhancing the detection and reporting of suspicious activity. FinCEN recognizes the importance of a robust and efficient enterprise-wide compliance function, and is committed to facilitating such through rulemaking and guidance whenever possible. Most commenters, however, failed to sufficiently address how they would mitigate effectively the risk of unauthorized disclosure of SAR information if the sharing authority was expanded to the extent requested.

FinCEN is particularly concerned about unauthorized disclosure of SAR information due to the disparity in regulatory oversight between those industries with a primary Federal functional regulator [9] (industries to whom the proposed rules granted the authority to share, and for whom the guidance was proposed) and those without. Were the guidance expanded to include all industries, FinCEN would be unable to ensure, in the absence of regular examination of all institutions within those industries, that SAR information was being disclosed in accordance with the final rule and final guidance. Due to the particular sensitivities associated with SAR information, and the potentially grave consequences of inappropriate disclosure, [10] FinCEN does not believe that the potential benefits of expanding the guidance to additional industries warrant such an expansion at this time. [11]

To facilitate a potential future expansion of the guidance, however, FinCEN is taking a phased approach in the final rule and final guidance to granting additional industries the ability to share within their corporate organizational structure. In the final rule text published separately in today's Federal Register, we included for all industries the rule of construction for sharing within an institution's corporate organizational structure. We are not expanding the final guidance at this time, however, to include additional industries without a primary Federal functional regulator. [12] This phased approach establishes the regulatory framework for those industries potentially to share SAR information within their corporate structure in the future, as prescribed by FinCEN in regulation or guidance, without necessarily requiring an amendment to the SAR confidentiality provision in each industry's SAR rules.

Some commenters also asked FinCEN to authorize “two-way sharing,” a concept they described as an affiliate of an authorized institution (i.e., a party to which the authorized institution could share SAR information) being able to share SAR information with the authorized institution. Under the final guidance, such sharing would be permitted only when both affiliated institutions are either a depository institution, a securities broker-dealer, a mutual fund, a futures commission merchant, or an introducing broker in commodities. Based on FinCEN's determination not to expand the final guidance to authorize additional industries to share SAR information with affiliates, “two-way sharing” is not permissible by an affiliate that is not an authorized institution, even if the affiliate intends to share SAR information only with authorized institutions.

Commenters also asked that an affiliate of an authorized institution that receives shared SAR information be authorized to further share that SAR information with its affiliates. FinCEN cannot comply with this request, noting that the guidance only authorizes an institution “that has filed a SAR [to] share the SAR, or any information that would reveal the existence of the SAR, with certain affiliates.” Because a receiving affiliate is not the filing institution, it may not further share received SAR information. Additionally, in cases where there is no affiliate relationship between the authorized institution and its affiliate's affiliate, further sharing by the receiving affiliate would indirectly cause SAR information to be shared outside of the filing institution's corporate organizational structure, as defined in the guidance.

C. The Universe of Entities to Whom a SAR May Be Shared

Several commenters asked FinCEN to expand the scope of the guidance to include additional parties to whom SAR information may be shared. For example, several commenters asked FinCEN to allow unrestricted sharing with all affiliates within an institution's corporate organizational structure by removing the limitation on sharing only with affiliates subject to a SAR requirement. One of these commenters suggested that institutions should be able to share with any affiliates at least as much information as unaffiliated institutions are authorized to share under Section 314(b) information sharing authorities. [13] FinCEN notes that the final rule may permit the disclosure of such information to any affiliate financial institution, apart from this final guidance, under the rule of construction regarding disclosures of underlying facts, transactions, and documents upon which a SAR is based. However, FinCEN cautions institutions that sharing between affiliates of such information outside the 314(b) process would not be afforded the relevant 314(b) safe harbor. Similarly, when sharing underlying facts, transactions, and documents there would be no SAR safe harbor, which applies only to disclosures (SAR filings) made to the government and to the refusal to disclose SAR information to an inappropriate party.

Other commenters supporting the removal of the requirement that an authorized institution share only with affiliates subject to a SAR stated that institutions could ensure the confidentiality of SAR information once shared with an affiliate not subject to a SAR rule through confidentiality agreements or other security controls. FinCEN does not agree. Given the potentially significant consequences of unauthorized disclosure by an entity in possession of a SAR that is not subject to a SAR rule, the lack of oversight and enforcement powers of FinCEN with respect to such parties, and the significant exposure to liability to which the sharing institution could be exposed, FinCEN believes that authorizing sharing with affiliates without a SAR requirement at this time would be inconsistent with the purposes of the BSA.

Multiple commenters, including some trade organizations, also objected to the requirement that affiliates be subject to a SAR requirement, as this precludes the sharing of SAR information with foreign affiliates that are within an institution's corporate organizational structure. Commenters reasoned that since FinCEN's 2006 Guidance permitted sharing with a foreign head office, controlling company, or parent entity despite concerns that the SAR could become discoverable under the laws of a foreign jurisdiction, sharing with a foreign affiliate should also be permitted despite such concerns. FinCEN disagrees. A foreign head office, controlling company, or parent entity may have oversight responsibilities with respect to enterprise-wide risk management and compliance with laws and regulations. These responsibilities may include a valid need to review compliance by U.S.-based financial institutions with legal requirements to identify and report suspicious activity.

FinCEN believes that the responsibilities of the foreign head office, controlling company, or parent entity in certain jurisdictions may outweigh concerns of a SAR becoming subject to the laws of that jurisdiction, [14] and that in such circumstances the sharing of SARs is consistent with the purposes of the BSA. The same circumstances do not yet apply to foreign affiliates. FinCEN believes that the need to prevent a SAR from becoming subject to the laws of a foreign jurisdiction significantly outweighs any limited need for a foreign affiliate to obtain SAR information. Furthermore, nothing in this guidance or the final rule prevents an authorized institution from sharing underlying facts, transactions, and documents upon which the SAR is based with foreign affiliates, provided that neither the SAR, nor information that would reveal the existence of a SAR, is disclosed. Accordingly, the final guidance does not permit the sharing of SAR information, even by authorized institutions, with their foreign affiliates at this time.

For similar reasons, FinCEN is not incorporating into the final guidance another commenter's suggestion that a bank be authorized to share SAR information with its foreign branches. FinCEN believes that neither a U.S. bank, nor its foreign branch, has sufficient need to share or receive SAR information that would outweigh concerns over SAR information becoming subject to the laws of a foreign jurisdiction and that sharing in such circumstances, at this time, is inconsistent with the purposes of the BSA.

One commenter, perhaps anticipating our reluctance to authorize the international sharing of SAR information, encouraged FinCEN to work with other jurisdictions to ensure equal SAR sharing capabilities for financial institutions in those jurisdictions, and between financial institutions in the United States and financial institutions in foreign jurisdictions. The commenter suggested FinCEN seek to harmonize its SAR rules, and relevant confidentiality authorities, with the rules and provisions of foreign jurisdictions. FinCEN engages regularly with foreign jurisdictions on these issues, and has been vocal about its efforts to promote an international regulatory climate under which the authority for financial institutions to share SAR information could be broadened significantly.

D. Confidentiality Agreements

Multiple commenters questioned the need to have a written confidentiality agreement in place between sharing affiliates. The proposed guidance included a provision that stated that sharing affiliates should have written confidentiality agreements in place. Commenters noted that they should be able to utilize or modify their existing confidentiality processes and procedures for sensitive information, and that requiring “written agreements” unnecessarily burdened financial institutions by being overly prescriptive with respect to an objective that could be accomplished through various means. FinCEN believes that this is a reasonable request, particularly since the final guidance allows sharing only with affiliates subject to a SAR rule. The existing confidentiality requirements prescribed in those rules significantly mitigates the risk of a recipient of shared SAR information further disclosing that information. Therefore, the final guidance has been amended to state that an institution, “as part of its internal controls, should have policies and procedures to ensure that its affiliates protect the confidentiality of a SAR.” [15]

E. Consistency With the Final Rule Language

As discussed in more detail in the final rule published elsewhere in today's Federal Register, FinCEN made several changes to the proposed rule based on the comments received. In several instances, the proposed guidance quoted or referenced language from the proposed rules. In the final guidance, we are making comporting changes to ensure consistency with the final rule. None of these changes substantively impact the authority to share SAR information with affiliates.

F. Guidance

Excluding those changes specifically referenced in the above preamble to this notice of availability of guidance, the final guidance is being adopted, as proposed. FinCEN is making this final guidance available on its Web site today. [16]

Dated: November 22, 2010.

James H. Freis, Jr.,

Director, Financial Crimes Enforcement Network.

[FR Doc. 2010-29884 Filed 12-2-10; 8:45 am]

BILLING CODE 4810-02-P

Footnotes Back to Top

1. FinCEN has implemented regulations for suspicious activity reporting at 31 CFR 103.15 (for mutual funds); 31 CFR 103.16 (for insurance companies); 31 CFR 103.17 (for futures commission merchants and introducing brokers in commodities); 31 CFR 103.18 (for banks); 31 CFR 103.19 (for broker-dealers in securities); 31 CFR 103.20 (for money services businesses); 31 CFR 103.21 (for casinos).

Back to Context

2. The Annunzio-Wylie Anti-Money Laundering Act of 1992 (the Annunzio-Wylie Act), amended the BSA and authorized the Secretary of the Treasury to require financial institutions to report suspicious transactions relevant to a possible violation of law or regulation. See 102, Title XV, § 1517(b), 106 Stat. 4055, 4058-9 (1992); 31 U.S.C. 5318(g)(1).

Back to Context

3. FinCEN's SAR rules include 31 CFR 103.15 (for mutual funds); 31 CFR 103.16 (for insurance companies); 31 CFR 103.17 (for futures commission merchants and introducing brokers in commodities); 31 CFR 103.18 (for banks); 31 CFR 103.19 (for broker-dealers in securities); 31 CFR 103.20 (for money services businesses); 31 CFR 103.21 (for casinos).

Back to Context

4. The Federal Bank Regulatory Agencies include the Board of Governors of the Federal Reserve (“FRB”), the Office of the Comptroller of the Currency (“OCC”), the Federal Deposit Insurance Corporation (“FDIC”), the Office of Thrift Supervision (“OTS”), and the National Credit Union Administration (“NCUA”).

Back to Context

5. Generally, these regulations are known as “Touhy regulations,” after the Supreme Court's decision in United States ex rel. Touhy v. Ragen, 340 U.S. 462 (1951). In that case, the Supreme Court held that an agency employee could not be held in contempt for refusing to disclose agency records or information when following the instructions of his or her supervisor regarding the disclosure. As such, an agency's Touhy regulations are the instructions agency employees must follow when those employees receive requests or demands to testify or otherwise disclose agency records or information.

Back to Context

6. All comments to the notices are available for public viewing at http:// www.regulations.gov or http://www.fincen.gov/statutes_regs/bsa/regs_proposal_comment.html.

Back to Context

7. Comments about the proposed rules are addressed separately in the related Final Rule published by FinCEN in today's Federal Register.

Back to Context

8. To accommodate specific industry terms and practices, the definition in the guidance for banks contains slight differences from the definition in the guidance for the securities broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities.

Back to Context

9. For purposes of this guidance, primary Federal functional regulator includes the Federal bank regulatory agencies, the Securities and Exchange Commission (“SEC”), and the Commodity Futures Trading Commission (“CFTC”).

Back to Context

10. For a more complete discussion of the importance of SAR confidentiality, and the potential consequences of lapses in such, see the relevant discussion in the final rule preamble published in this same part of today's Federal Register.

Back to Context

11. Institutions are reminded that the final rule, published in this same part of today's Federal Register, contains a rule of construction for all industries authorizing the disclosure of “underlying facts, transactions, and documents upon which a SAR is based.” Therefore, although FinCEN is not authorizing SAR sharing with affiliates for all industries at this time, FinCEN has recognized an alternative vehicle to accomplishing many enterprise-wide compliance functions.

Back to Context

12. For similar reasons, we are also not expanding the 2006 guidance on sharing with head offices, controlling company, or parent entities to additional industries at this time.

Back to Context

13. Section 314(b) of the USA PATRIOT Act authorized the sharing of information relating to suspected terrorist or money laundering activities between financial institutions, and created a safe harbor for such sharing. Neither Section 314(b) nor its implementing regulation at 31 CFR 103.110 explicitly authorizes the sharing of a SAR, or information that would reveal the existence of a SAR.

Back to Context

14. Accordingly, the 2006 guidance authorized the sharing of a SAR with such foreign entities, while clarifying that depository and securities/futures institutions may be liable for direct or indirect disclosure by the foreign head office, controlling company, or parent entity. The guidance also required that depository or securities/futures institutions must protect the confidentiality of the SAR and obtain written confidentiality agreements to ensure the confidentiality of the SAR is protected by the foreign recipient of the SAR.

Back to Context

15. This in no way alters the confidentiality agreement requirement imposed in FinCEN's January 20, 2006 “Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies” and the “Guidance on Sharing of Suspicious Activity Reports by Securities Broker-Dealers, Futures Commission Merchants, and Introducing Brokers in Commodities.” FinCEN notes that entities to which an institution is authorized to share in the 2006 guidance may not be subject to a SAR rule. Accordingly, a depository or securities/futures institution that shares a SAR, or information that would the reveal the existence of a SAR to a head office, controlling company, or parent entity must have a confidentiality agreement in place.

Back to Context

16. Initially, the final guidance will appear under the What's New tab. Institutions can also find the final guidance under the Guidance Section of the Financial Industry tab or under the appropriate Industry tab.

Back to Context
Site Feedback