Sharing Suspicious Activity Reports by Depository Institutions with Certain U.S. Affiliates

PDF
fin-2010-g006.pdf95.75 KB
FIN-2010-G006
Issued Date
Guidance Subject
Sharing Suspicious Activity Reports by Depository Institutions with Certain U.S. Affiliates

The Financial Crimes Enforcement Network (“FinCEN”), after consulting with the staffs of the Board of Governors of the Federal Reserve System (“FRB”), the Federal Deposit Insurance Corporation (“FDIC”), the National Credit Union Administration (“NCUA”), the Office of the Comptroller of the Currency (“OCC”), and the Office of Thrift Supervision (“OTS”) (hereinafter, the “Federal Banking Agencies”), is issuing this guidance to confirm that under the Bank Secrecy Act (“BSA”) and its implementing regulations, a depository institution subject to FinCEN regulations (“depository institution”) that has filed a Suspicious Activity Report (“SAR”) may share the SAR, or any information that would reveal the existence of the SAR, with certain affiliates1. This guidance does not address the applicability of any other Federal or state laws.

The BSA prohibits the filer of a SAR from notifying any person involved in a suspicious transaction that the activity has been reported.2 Regulations issued by FinCEN construe this confidentiality provision as generally prohibiting a depository institution from disclosing a SAR, or any information that would reveal the existence of a SAR. 3

However, the regulations make clear that, provided no person involved in the transaction is notified that the transaction has been reported, the prohibition does not include disclosures to (1) FinCEN; (2) any Federal, state, or local law enforcement agency; (3) any Federal regulatory agency that examines the depository institution for compliance with the BSA; or (4) any state regulatory authority that examines the depository institution for compliance with state laws requiring compliance with the BSA. The regulations also provide that the prohibition does not apply to: (i) the disclosure of the underlying facts, transactions, and documents upon which a SAR is based, including, but not limited to, disclosures related to filing a joint SAR and in connection with certain employment references or termination notices; and (ii) the sharing of a SAR, or any information that would reveal the existence of a SAR, within a depository institution’s corporate organizational structure for purposes consistent with Title II of the BSA, as determined by regulation or in guidance. 4

In previously issued guidance (“January 2006 Guidance”), FinCEN, the OCC, the OTS, the FRB, and the FDIC determined that a U.S. branch or agency of a foreign bank may share a SAR with its head office.5 The January 2006 Guidance also stated that a U.S. bank or savings association may share a SAR with its controlling company (whether domestic or foreign). The January 2006 Guidance continues to be applicable and comports with the SAR regulations referenced above. 6 The sharing of a SAR or, more broadly, any information that would reveal the existence of a SAR, with a head office or controlling company (including overseas) promotes compliance with the applicable requirements of the BSA by enabling the head office or controlling company to discharge its oversight responsibilities with respect to enterprise-wide risk management, including oversight of a depository institution’s compliance with applicable laws and regulations.

The January 2006 Guidance deferred taking a position on whether a depository institution is permitted to share a SAR with affiliates and directed institutions not to share with such affiliates. FinCEN has now concluded that a depository institution that has filed a SAR may share the SAR, or any information that would reveal the existence of the SAR, with an affiliate, as defined herein, provided the affiliate is subject to a SAR regulation.7 The sharing of SARs with such affiliates facilitates the identification of suspicious transactions taking place through the depository institution’s affiliates that are subject to a SAR rule. Therefore, such sharing within the depository institution’s corporate organizational structure is consistent with the purposes of Title II of the BSA. 8

It is not consistent with the purposes of Title II of the BSA for an affiliate that has received a SAR from a depository institution that has filed the SAR to further share that SAR, or any information that would reveal the existence of that SAR with an affiliate of its own, even if that affiliate is subject to a SAR rule.

As is the case with sharing SARs with head offices and controlling companies, there may be circumstances under which a depository institution, its affiliate, or both entities would be liable for direct or indirect disclosure by the affiliate of a SAR or any information that would reveal the existence of a SAR. Therefore, the depository institution, as part of its internal controls, should have policies and procedures in place to ensure that its affiliates protect the confidentiality of the SAR

Consistent with the BSA and the implementing regulations issued by FinCEN and the Federal Banking Agencies, a SAR, or any information that would reveal the existence of a SAR, must not be disclosed, even under this guidance, if the depository institution has reason to believe it may be disclosed to any person involved in the suspicious activity that is the subject of the SAR.

Questions or comments regarding the contents of this Guidance should be addressed to the FinCEN Regulatory Helpline at 800-949-2732.

1 For purposes of this guidance, ‘‘affiliate’’ of a depository institution means any company under common control with, or controlled by, that depository institution. ‘‘Under common control’’ means that another company (1) directly or indirectly or acting through one or more other persons owns, controls, or has the power to vote 25 percent or more of any class of the voting securities of the company and the depository institution; or (2) controls in any manner the election of a majority of the directors or trustees of the company and the depository institution. ‘‘Controlled by’’ means that the depository institution (1) directly or indirectly has the power to vote 25 percent or more of any class of the voting securities of the company; or (2) controls in any manner the election of a majority of the directors or trustees of the company. See, e.g., 12 U.S.C. § 1841(a)(2).

2 See 31 U.S.C. § 5318(g)(2).

3 See 31 CFR § 103.18(e).

4 See the Final Rule published in this same separate part of today’s Federal Register.

5 Interagency Guidance, “Sharing Suspicious Activity Reports with Head Offices and Controlling Companies” (January 20, 2006).

6 See supra note 5.

7 See 31 CFR §§ 103.15 to 103.21. See also, 12 CFR § 208.62 (FRB); 12 CFR § 353.3 (FDIC); 12 CFR § 748.1 (NCUA); 12 CFR § 21.11 (OCC); and 12 CFR § 563.180 (OTS).

8 Because foreign branches of U.S. banks are regarded as foreign banks for purposes of the BSA, under this guidance, they are “affiliates” that are not subject to a SAR regulation. Accordingly, a U.S. bank that has filed a SAR may not share the SAR, or any information that would reveal the existence of the SAR, with its foreign branches.

Financial Institution
Depository Institutions