FinCEN sar sharing with affiliates comment letter  2

FinCEN sar sharing with affiliates comment letter 2

-

English
4 Pages
Read
Download
Downloading requires you to have access to the YouScribe library
Learn all about the services we offer

Description

June 8, 2009 Financial Crimes Enforcement Network P.O. Box 39 Vienna, VA 22183 Attention: Docket Number TREAS-FinCEN-2008-0022 Re: Clarifying Confidentiality Requirements and Sharing Suspicious Activity Reports by Depository Institutions with Certain U.S. Affiliates Dear Sir or Madam: 1The Independent Community Bankers of America (ICBA) welcomes the opportunity to comment on the Financial Crimes Enforcement Network’s (FinCEN’s) notice of proposed guidance on clarifying the confidentiality requirements of a report of a suspicious transaction and proposed guidance on sharing Suspicious Activity Reports (SARs) with certain United States Affiliates. The Bank Secrecy Act (BSA) and its implementing regulations require financial institutions to file a SAR when a known or suspected violation of Federal law or a suspicious activity related to money laundering, terrorist financing or other criminal activity is detected. SARs are confidential and generally no information about or contained in a SAR may be disclosed. FinCEN is proposing amendments to these rules to clarify the standards governing SAR disclosure. Additionally, FinCEN issued proposed guidance that interprets a provision confirming that a bank may disclose a SAR to its controlling company, whether domestic or foreign as permitting a depository institution to share the SAR with certain affiliates. 1 The ...

Subjects

Informations

Published by
Reads 28
Language English
Report a problem
June 8, 2009
Financial Crimes Enforcement Network
P.O. Box 39
Vienna, VA 22183
Attention:
Docket Number TREAS-FinCEN-2008-0022
Re:
Clarifying Confidentiality Requirements and Sharing Suspicious Activity
Reports by Depository Institutions with Certain U.S. Affiliates
Dear Sir or Madam:
The Independent Community Bankers of America
1
(ICBA) welcomes the
opportunity to comment on the Financial Crimes Enforcement Network’s
(FinCEN’s) notice of proposed guidance on clarifying the confidentiality
requirements of a report of a suspicious transaction and proposed guidance on
sharing Suspicious Activity Reports (SARs) with certain United States Affiliates.
The Bank Secrecy Act (BSA) and its implementing regulations require financial
institutions to file a SAR when a known or suspected violation of Federal law or a
suspicious activity related to money laundering, terrorist financing or other
criminal activity is detected.
SARs are confidential and generally no information
about or contained in a SAR may be disclosed.
FinCEN is proposing
amendments to these rules to clarify the standards governing SAR disclosure.
Additionally, FinCEN issued proposed guidance that interprets a provision
confirming that a bank may disclose a SAR to its controlling company, whether
domestic or foreign as permitting a depository institution to share the SAR with
certain affiliates.
1
The Independent Community Bankers of America represents nearly 5,000 community banks of all sizes
and charter types throughout the United States and is dedicated exclusively to representing the interests of
the community banking industry and the communities and customers we serve. ICBA aggregates the power
of its members to provide a voice for community banking interests in Washington, resources to enhance
community bank education and marketability, and profitability options to help community banks compete in
an everchanging marketplace.
With nearly 5,000 members, representing more than 20,000 locations nationwide and employing nearly
300,000 Americans, ICBA members hold $1 trillion in assets, $800 billion in deposits, and $700 billion in
loans to consumers, small businesses and the agricultural community. For more information, visit ICBA’s
Website at www.icba.org.
2
The rules prohibiting the disclosure of SARs are unclear and vague, generating
numerous questions regarding information that is subject to the prohibition.
Accordingly, FinCEN is proposing to amend its rules to indicate that SAR
information may not be disclosed, except as authorized in the narrow
circumstances identified.
ICBA believes expressly stating the specific conditions
under which a SAR can be disclosed provides additional guidance to community
banks and removes the uncertainty regarding the circumstances under which
SAR information can be shared.
Furthermore, FinCEN is proposing that in addition to the confidentiality of the
SAR form itself, confidential treatment must also be afforded to “any information
that would reveal the existence of a SAR.”
We agree that this additional
language would strengthen the confidential nature of a SAR, which is important
to community banks which value the safeguarding of sensitive information.
If a
bank believes the existence of a SAR could be revealed for purposes other than
for law enforcement, it may be reluctant to candidly report suspicious
transactions with the level of detail that is helpful in potential investigations.
Additionally, the disclosure of a SAR could inadvertently result in notification to
an individual involved in the reported transaction and may risk a community
bank’s relationship with its customer.
The bank would be placed in a precarious
position of defending the SAR filing without disclosing its existence.
For these
reasons, we believe information revealing the existence of a SAR should be
afforded the same protection from disclosure as the SAR form itself.
Moreover, it is important to clarify that while information revealing the existence
of a SAR is confidential, documents and transactions created in the ordinary
course of business that give rise to the reporting may be disclosed in certain
circumstances.
Therefore, we appreciate that the proposed rules expressly state
that underlying facts, transactions, and documents upon which a SAR is based
may be disclosed to another financial institution for the preparation of a joint SAR
or in connection with certain employment references or termination notices.
FinCEN is also proposing to include BSA statutory language in its rules that
specifically subjects directors, officers, employees, and agents of a bank to the
confidentiality requirements.
While we support incorporating the statutory
language in the rules, we believe a bank should be protected from liability if its
agent inadvertently discloses SAR information, provided the bank has
appropriate internal controls and safeguards in place to ensure that its agent
protects the confidentiality of a SAR.
Financial institutions have a long history of working with third-parties or agents to
perform essential bank functions.
They already are subject to comprehensive
Gramm-Leach-Bliley Act
2
(GLB Act) privacy and data security responsibilities,
which require policies and procedures to protect the security and integrity of
confidential information.
Additionally, before a bank shares sensitive information
2
15 U.S.C. 6801 (1999)
3
with a service provider, it must enter into a contract with the third party that
requires it to maintain the confidentiality of the information and generally prohibits
the third party from disclosing or using the information other than to carry out the
purposes for which the information was disclosed.
3
As such, the bank has a
responsibility to have appropriate controls in place when sharing sensitive
information.
We suggest FinCEN provide that a bank that is subject to the GLB
Act shall be protected from liability for any inadvertent disclosure of SAR
information by its agent.
A bank that is subpoenaed or otherwise requested to disclose SAR information
must decline to provide the information and must notify its primary Federal
regulator.
The proposed rulemaking would require a bank to also submit the
request, and its response to the request, to FinCEN.
ICBA believes this
provision is redundant and not necessary to comply with the standards governing
SAR disclosure.
The additional notification requirement was added so that either
or both the primary Federal regulator and FinCEN can intervene, if necessary, to
prevent the disclosure of SAR information by a bank.
Informing only it primary
Federal regulator should be sufficient notification and provide adequate
information for the agency to contact FinCEN directly to determine whether
intervention is needed.
The proposed rules make clear that a bank may share SAR information within its
corporate organizational structure for purposes consistent with the BSA.
FinCEN
issued additional guidance that further elaborates on sharing of SAR information
within a corporate organization, to which ICBA comments below.
FinCEN’s proposed guidance would permit a bank that has filed a SAR to share
the SAR, or any information that would reveal the existence of the SAR, with a
U.S. affiliate, provided that affiliate is subject to a SAR regulation.
There is a
legitimate need for a bank to identify and report suspicious activity across its
enterprise, and effectively managing BSA compliance requires such disclosure of
information.
However, we believe FinCEN should clarify that just as a bank is permitted to
share SARs with its affiliate, the affiliate is permitted to share SARs it has filed
with the financial institution.
The following statement in the supplementary
information of the proposed guidance makes unclear whether the exchange of
information between a bank and its affiliate may flow in both directions:
affiliates subject to a SAR rule are prohibited from
disclosing any SAR or information that a SAR was
filed, including both
SARs they have filed
, and any
SARs they have received that have been filed by
others.
4
(emphasis added)
3
12 C.F.R.§ 40.13
4
Federal Register 74:44 (March 9, 2009) p 10159
4
Without a two-way exchange of information, efforts by the depository institution to
carry out its oversight responsibilities across its corporate organizational
structure would be impeded.
Furthermore, having access to SAR information filed by its affiliates will enable a
bank to better assess the BSA/AML risks that exist throughout its organization
and better manage those risks by adapting an effective enterprise-wide
BSA/AML compliance program across affiliates and business lines tailored to its
specific risk type.
Therefore, we request clarification in the guidance to reflect
that an affiliate that has filed a SAR may share the SAR, or any information that
would reveal the existence of the SAR, with the depository institution.
FinCEN specifically requested comment on whether sharing SAR information
among all financial institutions subject to a SAR rule should be permitted.
We
believe sharing among financial institutions would enable them to more
expediently identify suspicious activity without compromising SAR confidentiality.
Individuals or entities involved in suspicious transactions conduct transactions
across multiple institutions, making the suspected scheme difficult to detect.
Additionally, suspicious transactions that have already been identified and
reported by other institutions are germane to evaluating and identifying potential
suspicious transactions.
As such, sharing SAR information among financial
institutions would facilitate the management of potential risks and expedite the
detection and reporting of additional suspicious activity.
Further, the GLB Act and its implementing regulations require banks to have
policies and procedures in place to protect the security and integrity of
confidential information.
5
As previously mentioned, banks have a responsibility
to have appropriate controls in place when sharing sensitive information and
certainly, would secure the SAR information they receive with as much diligence
as the SARs they have filed.
ICBA appreciates the opportunity to offer comments in connection with FinCEN’s
proposed guidance on sharing SARs with affiliates.
If you have any questions
about our letter or need additional information, please do not hesitate to contact
me at 202-659-8111 or by email at Lilly.Thomas@icba.org.
Sincerely,
/s/
Lilly Thomas
Regulatory Counsel
5
15 U.S.C. 6801 (1999)