Skip to Content

Proposed Rule

Interpretive Guidance-Sharing Suspicious Activity Reports by Depository Institutions With Certain U.S. Affiliates

Document Details

Information about this document as published in the Federal Register.

Published Document

This document has been published in the Federal Register. Use the PDF linked in the document sidebar for the official electronic format.

Start Preamble

AGENCY:

Financial Crimes Enforcement Network, Department of the Treasury.

ACTION:

Proposed guidance.

SUMMARY:

The Financial Crimes Enforcement Network (“FinCEN”) of the Department of the Treasury, after consulting with the staffs of the Board of Governors of the Federal Reserve System (“FRB”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”), the Office of the Comptroller of the Currency (“OCC”), and the Office of Thrift Supervision (“OTS”) (hereinafter, the “Federal Banking Agencies”), is issuing for comment this proposed interpretive guidance. Published elsewhere in this part of the Federal Register are proposed rules clarifying the scope of the statutory prohibition on the disclosure by a financial institution of a report of a suspicious transaction set forth in the Bank Secrecy Act (“BSA”). The proposed rules include a provision which states that the prohibition does not apply when a bank shares a suspicious activity report (“SAR”), or any information that would reveal the existence of a SAR, within its corporate organizational structure for purposes consistent with Title II of the BSA, as determined by regulation or guidance. The proposed guidance interprets this provision to permit a bank to share a SAR with its affiliates that also are subject to SAR rules.

DATES:

Written comments on the proposed guidance may be submitted on or before June 8, 2009.

ADDRESSES:

You may submit comments, identified by docket number TREAS-FinCen-2008-0022,[1] by any of the following methods:

  • Federal e-rulemaking portal: http://www.regulations.gov. Follow the instructions for submitting comments.
  • E-mail: regcomments@fincen.treas.gov. Include docket number TREAS-FinCen-2008-0022 in the subject line of the message.
  • Mail: FinCEN, P.O. Box 39, Vienna, VA 22183. Include docket number TREAS-FinCen-2008-0022 in the body of the text.
Start Further Info

FOR FURTHER INFORMATION CONTACT:

Regulatory Policy and Programs Division, FinCEN, (800) 949-2732.

End Further Info End Preamble Start Supplemental Information

SUPPLEMENTARY INFORMATION:

I. Background

FinCEN, through its authority under the BSA as delegated by the Secretary of the Treasury, may require financial institutions to keep records and file reports that FinCEN determines have a high degree of usefulness in criminal, tax or regulatory investigations or proceedings, or for intelligence or counterintelligence activities to protect against international terrorism. Within this framework, FinCEN may require financial institutions to file SARs and has issued rules implementing that specific authority with respect to certain types of financial institutions.[2] The Federal Banking Agencies have issued comparable rules for financial institutions subject to their jurisdiction.[3] The SAR rules issued by FinCEN and those issued by the Federal Banking Agencies currently include a section implementing the statutory prohibition on the disclosure by a financial institution of a SAR that is set forth in the BSA.[4]

Sharing Within the Corporate Organizational Structure

In January 2006, FinCEN and all the Federal Banking Agencies other than the NCUA issued joint guidance concluding that, subject to certain exceptions or qualifications, a U.S. branch or agency of a foreign bank may share a SAR with its head office outside the United States, and a U.S. bank or savings association may disclose a SAR to its controlling company, no matter where the entity or party is located.[5] FinCEN also issued guidance in consultation with the staffs of the Securities and Exchange Commission (“SEC”) and the Commodity Futures Trading Commission (“CFTC”) determining that, subject to certain exceptions or qualifications, a securities broker-dealer, futures commission merchant, or introducing broker in commodities may share a SAR with its parent entities, Start Printed Page 10159both domestic and foreign.[6] Moreover, guidance issued by FinCEN in consultation with the SEC in October 2006, stated that a U.S. mutual fund may share a SAR with the investment adviser that controls the fund, whether domestic or foreign, so that the investment adviser could implement enterprise-wide risk management and compliance functions over all of the mutual funds that it controls [7] and improve its identification and reporting of suspicious activity.[8] Nothing in the proposed guidance for sharing with affiliates supersedes any of the guidance mentioned in the preceding paragraph.

These guidance documents reflected a recognition by FinCEN, the FDIC, the FRB, the OCC, the OTS, the SEC, and the CFTC (referred to collectively in the proposed guidance as the “Federal regulators”) that a head office, controlling entity or party, or parent entity of a depository institution, broker-dealer, mutual fund, futures commission merchant, and introducing broker in commodities has oversight responsibilities with respect to enterprise-wide risk management. These responsibilities include a valid need to review compliance by U.S.-based depository institutions, broker-dealers, mutual funds, futures commission merchants, and introducing brokers in commodities with legal requirements to identify and report suspicious activity.

The guidance documents regarding the sharing of SARs with head offices, controlling companies or parties, and parent entities (referred to here as the “2006 Guidance”) expressly noted that the sharing of a SAR with a non-U.S. entity raises concerns about the ability of the foreign entity to protect the SAR in light of possible requests for disclosure abroad that may be subject to foreign law. The 2006 Guidance on sharing SARs with head offices and controlling companies also provides that the recipient may not disclose further any Suspicious Activity Report, or the fact that such a report has been filed; however, the recipient may disclose without permission underlying information. The 2006 Guidance also stated that FinCEN and the Federal regulators were considering whether a financial institution may share a SAR with other entities within the financial institution's corporate organization located inside the United States and those located abroad, and instructed financial institutions not to share SARs with such entities until further guidance was issued.

Proposed Regulatory Changes

In proposed regulations issued today, FinCEN is proposing to revise its regulations implementing the BSA regarding the confidentiality of a SAR to clarify, among other things, the scope of the statutory prohibition against the disclosure by a financial institution of a SAR. These proposed rules include a provision clarifying that the statutory prohibition does not apply to sharing by a depository institution, or any director, officer, employee, or agent of the depository institution, of a SAR, or any information that would reveal the existence of a SAR, within the depository institution's corporate organizational structure for purposes consistent with Title II of the BSA, as determined by regulation or in guidance, provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported.

II. Proposed Guidance

This proposed guidance interprets the general statement in the proposed SAR confidentiality rules [9] that a bank may share a SAR, or information that reveals the existence of a SAR, within its corporate organizational structure for purposes consistent with Title II of the BSA. First, the proposed guidance acknowledges that the 2006 Guidance regarding depository institutions continues to be applicable. It explains that sharing of a SAR or information that reveals the existence of a SAR by a depository institution with its head office or its controlling company, whether domestic or foreign, promotes compliance with the BSA by enabling the head office or controlling company to discharge its oversight responsibilities with respect to enterprise-wide risk management, including oversight of the depository institution's compliance with applicable laws and regulations.

Next, the proposed guidance explains that FinCEN has concluded that the proposed regulations may be interpreted to permit a depository institution that has filed a SAR to share the SAR, or any information that would reveal the existence of the SAR, with an affiliate [10] that is subject to a SAR regulation [11] issued by FinCEN or the Federal Banking Agencies.

FinCEN has concluded that such sharing within a corporate organization is consistent with two important purposes of the BSA: Promoting efforts to detect and report money laundering and terrorist financing by financial institutions that are subject to the BSA, and ensuring the confidentiality of a SAR or any information that would reveal the existence of a SAR. The sharing by a depository institution of a SAR, or any information that would reveal the existence of a SAR, can facilitate the identification of suspicious transactions taking place through the depository institution's affiliates that are also subject to SAR reporting requirements. Although the sharing of information underlying the filing of a SAR has never been prohibited under the BSA, it is understood that the sharing of a SAR itself pursuant to this proposed guidance may entail greater efficiencies.[12]

Moreover, the proposed SAR confidentiality rules provide that a “SAR, and any information that would reveal the existence of a SAR, are confidential.” [13] Accordingly, affiliates subject to a SAR rule are prohibited from disclosing any SAR or information that a SAR was filed, including both SARs they have filed, and any SARs they have received that have been filed by others. In addition, because the guidance applies only to the sharing of a SAR by the depository institution “that has filed” the SAR, the guidance includes a statement clarifying that it is not permissible for an affiliate that has received such a SAR from a depository institution to share that SAR, or any Start Printed Page 10160information that would reveal the existence of that SAR with another affiliate, even if that affiliate is subject to a SAR rule. The guidance also states that a depository institution, as part of its internal controls, should have written confidentiality agreements in place ensuring that its affiliates protect the confidentiality of the SAR through appropriate internal controls. Given the above restrictions, FinCEN is satisfied that the sharing permitted by this guidance is consistent with the BSA objective to ensure that suspicious activity reporting remains confidential.

FinCEN has declined to permit sharing with affiliates that are not subject to a SAR rule, whether domestic or foreign.[14] At this time, it is not apparent that such sharing would be consistent with the purposes of the BSA, to promote efforts to detect and report money laundering and terrorist financing by financial institutions that are subject to rules implementing the BSA, and to ensure the confidentiality of a SAR or any information that would reveal the existence of a SAR.

Finally, this proposed guidance is intended only to remove unnecessary obstacles to detecting and reporting suspicious activity. It should not be read to impose new BSA requirements or to suggest that sharing with affiliates is compulsory.

III. Request for Comment

FinCEN invites comments on all aspects of the guidance. We solicit comment on whether this proposed guidance would achieve the intended effect of promoting compliance with the BSA. We also request comment on whether the proposed guidance will be beneficial, whether it raises any ambiguities, and whether it will result in any negative consequences. In addition, we specifically invite comment on the following:

  • Whether the definition of affiliate is appropriate;
  • Whether the scope of the guidance should be expanded to permit sharing with other affiliates within the United States. Commenters suggesting that the scope of the guidance be expanded should address how additional sharing would be consistent with the purposes of Title II of the BSA;
  • Whether the scope of the guidance should be expanded to permit sharing with other affiliates outside of the United States, including with foreign branches of U.S. banks. Commenters suggesting that the scope of the guidance be expanded should address how additional sharing outside of the U.S. would be consistent with the purposes of Title II of the BSA. In particular, commenters should explain how a foreign affiliate might protect a SAR in light of a possible request for disclosure abroad that may be subject to foreign law;
  • Whether similar provisions to allow sharing with certain affiliates should be permitted among all financial institutions subject to a SAR rule;
  • Whether financial institutions, other than depository institutions, securities broker-dealers, mutual funds, futures commission merchants, or introducing brokers in commodities subject to a SAR rule, should be permitted to share a SAR, or any information that would reveal the existence of a SAR, with parent entities and/or affiliates; and
  • Whether and how a depository institution can store and provide access to SARs in an electronic system in a way that prevents the SARs from being subject to disclosure laws or obligations of foreign jurisdictions.

Proposed Interpretive Guidance15

Sharing Suspicious Activity Reports by Depository Institutions With Certain U.S. Affiliates [1]

The Financial Crimes Enforcement Network (“FinCEN”), after consulting with the staffs of the Board of Governors of the Federal Reserve System (“FRB”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”), the Office of the Comptroller of the Currency (“OCC”), and the Office of Thrift Supervision (“OTS”) (hereinafter, the “Federal Banking Agencies”), is issuing this guidance to confirm that under the Bank Secrecy Act (“BSA”) and its implementing regulations, a depository institution subject to FinCEN regulations (“depository institution”) that has filed a Suspicious Activity Report (“SAR”) may share the SAR, or any information that would reveal the existence of the SAR, with certain affiliates. This guidance does not address the applicability of any other Federal or state laws.

The BSA prohibits the filer of a SAR from notifying any person involved in a suspicious transaction that the activity has been reported.[2] Regulations issued by FinCEN [3] construe this confidentiality provision as generally prohibiting a depository institution from disclosing a SAR, or any information that would reveal the existence of a SAR.

However, the regulations make clear that, provided no person involved in the transaction is notified that the transaction has been reported, the prohibition does not include disclosures to (1) FinCEN; (2) any Federal, state, or local law enforcement agency; or (3) any Federal or state regulatory agency that examines the depository institution for compliance with the BSA. The regulations also provide that the prohibition does not apply to: (i) The disclosure of the underlying facts, transactions, and documents upon which a SAR is based, including, but not limited to, disclosures related to filing a joint SAR and in connection with certain employment references or termination notices; and (ii) the sharing of a SAR, or any information that would reveal the existence of a SAR, within a depository institution's corporate organizational structure for purposes consistent with Title II of the BSA, as determined by regulation or in guidance.[4]

In previously issued guidance (“January 2006 Guidance”), FinCEN, the OCC, the OTS, the FRB, and the FDIC determined that a U.S. branch or agency of a foreign bank may share a SAR with its head office.[5] The January 2006 Guidance also stipulated that a U.S. bank or savings association may share a SAR with its controlling company (whether domestic or foreign). The January 2006 Guidance continues to be applicable and comports with the SAR regulations referenced above.[6] The Start Printed Page 10161sharing of a SAR or, more broadly, any information that would reveal the existence of a SAR, with a head office or controlling company (including overseas) promotes compliance with the applicable requirements of the BSA by enabling the head office or controlling company to discharge its oversight responsibilities with respect to enterprise-wide risk management, including oversight of a depository institution's compliance with applicable laws and regulations.

The January 2006 Guidance deferred taking a position on whether a depository institution is permitted to share a SAR with affiliates and directed institutions not to share with such affiliates. FinCEN has now concluded that a depository institution that has filed a SAR may share the SAR, or any information that would reveal the existence of the SAR, with an affiliate, as defined herein, provided the affiliate is subject to a SAR regulation.[7] The sharing of SARs with such affiliates facilitates the identification of suspicious transactions taking place through the depository institution's affiliates that are subject to a SAR rule. Therefore, such sharing within the depository institution's corporate organizational structure is consistent with the purposes of Title II of the BSA.[8]

It is not consistent with the purposes of Title II of the BSA for an affiliate that has received a SAR from a depository institution that has filed the SAR to further share that SAR, or any information that would reveal the existence of that SAR with an affiliate of its own, even if that affiliate is subject to a SAR rule.

As is the case with sharing SARs with head offices and controlling companies, there may be circumstances under which a depository institution, its affiliate, or both entities would be liable for direct or indirect disclosure by the affiliate of a SAR or any information that would reveal the existence of a SAR. Therefore, the depository institution, as part of its internal controls, should have written confidentiality agreements in place ensuring that its affiliates protect the confidentiality of the SAR through appropriate internal controls.

Consistent with the BSA and the implementing regulations issued by FinCEN and the Federal Banking Agencies, a SAR, or any information that would reveal the existence of a SAR, must not be disclosed, even under this guidance, if the depository institution has reason to believe it may be disclosed to any person involved in the suspicious activity that is the subject of the SAR.

Start Signature

Dated: February 27, 2009.

James H. Freis, Jr.,

Director, Financial Crimes Enforcement Network.

End Signature End Supplemental Information

Footnotes

1.  This single docket number is shared by three related documents (a notice of proposed rulemaking, and this and another piece of proposed guidance related to that notice of proposed rulemaking) published simultaneously by FinCEN in today's Federal Register. Accordingly, commenters may submit comments related to any of the proposals, or any combination of proposals, in a single comment letter.

Back to Citation

2.  See 31 CFR 103.15 to 103.21.

Back to Citation

3.  See 12 CFR 208.62 (FRB); 12 CFR 353.3 (FDIC); 12 CFR 748.1 (NCUA); 12 CFR 21.11 (OCC); and 12 CFR 563.180 (OTS).

Back to Citation

5.  “Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies” (January 20, 2006).

Back to Citation

6.  “Guidance on Sharing of Suspicious Activity Reports by Securities Broker-Dealers, Futures Commission Merchants, and Introducing Brokers in Commodities” (January 20, 2006).

Back to Citation

7.  “Control” for purposes of the October 2006 Guidance is defined in section 2(a)(9) of the Investment Company Act of 1940 (15 U.S.C. 80a-2(a)(9)) to mean “the power to exercise a controlling influence over the management or policies of a company, unless such power is solely the result of an official position with such company.” A mutual fund typically is organized and operated by an investment adviser that controls the fund. By contrast, an investment adviser that performs limited functions in managing a mutual fund's securities portfolio (also known as a “subadviser”) would not typically control the fund and therefore would be outside the scope of the guidance.

Back to Citation

8.  FIN-2006-G013, “Frequently Asked Questions: Suspicious Activity Reporting Requirements for Mutual Funds” (October 4, 2006).

Back to Citation

9.  The proposed guidance interprets a provision in the proposed SAR regulations. The final guidance issued will be modified to correspond to any changes made in the final SAR regulations.

Back to Citation

10.  For the purposes of this proposed guidance, an “affiliate” is effectively defined as a company under common control with, or a subsidiary of, the depository institution. “Affiliate” does not include holding companies because sharing with these entities is already addressed in the 2006 Guidance.

Back to Citation

11.  See 31 CFR 103.15 to 103.21. See also, 12 CFR 208.62 (FRB); 12 CFR 353.3 (FDIC); 12 CFR 748.1 (NCUA); 12 CFR 21.11 (OCC); and 12 CFR 563.180 (OTS).

Back to Citation

12.  For example, the sharing of a SAR eliminates the need to create a separate summary document which, if shared, might inadvertently reveal the existence of a SAR itself.

Back to Citation

13.  See the Notice of Proposed Rulemaking published elsewhere in today's Federal Register.

Back to Citation

14.  A footnote in the proposed guidance makes clear that foreign branches of U.S. banks generally are regarded as foreign banks for purposes of the BSA and, therefore, would be “affiliates” that are not subject to a SAR regulation. Accordingly, a U.S. bank that has filed a SAR may not share the SAR, or any information that would reveal the existence of the SAR, with its foreign branches.

Back to Citation

15.  For purposes of the guidance text below, all citations to Title 31 SAR regulations are references to the amended regulations we anticipate promulgating as discussed in the above section, Proposed Regulatory Changes.

Back to Citation

1.  For purposes of this guidance, “affiliate” of a depository institution means any company under common control with, or controlled by, that depository institution. “Under common control” means that another company (1) directly or indirectly or acting through one or more other persons owns, controls, or has the power to vote 25 percent or more of any class of the voting securities of the company and the depository institution; or (2) controls in any manner the election of a majority of the directors or trustees of the company and the depository institution. “Controlled by” means that the depository institution (1) directly or indirectly has the power to vote 25 percent or more of any class of the voting securities of the company; or (2) controls in any manner the election of a majority of the directors or trustees of the company. See, e.g., 12 U.S.C. 1841(a)(2).

Back to Citation

4.  See the Notice of Proposed Rulemaking published elsewhere in today's Federal Register.

Back to Citation

5.  Interagency Guidance, “Sharing Suspicious Activity Reports with Head Offices and Controlling Companies” (January 20, 2006).

Back to Citation

6.  See supra note 5.

Back to Citation

7.  See 31 CFR 103.15 to 103.21. See also, 12 CFR 208.62 (FRB); 12 CFR 353.3 (FDIC); 12 CFR 748.1 (NCUA); 12 CFR 21.11 (OCC); and 12 CFR 563.180 (OTS).

Back to Citation

8.  Because foreign branches of U.S. banks are regarded as foreign banks for purposes of the BSA, under this guidance, they are “affiliates” that are not subject to a SAR regulation. Accordingly, a U.S. bank that has filed a SAR may not share the SAR, or any information that would reveal the existence of the SAR, with its foreign branches.

Back to Citation

[FR Doc. E9-4693 Filed 3-6-09; 8:45 am]

BILLING CODE 4810-02-P