Home
home
 
 
CBA Publications
Latest Banking News
California Banker
Federal PAC Fundraising Guide
Community Banker
Compensation Survey
Corp Governance Bulletins
Grassroots Update
Legislative Summary
Monday Courier
Regulatory Compliance Bulletins
BOLI Resources
   
 

CBA Publications >> CBA Regulatory Compliance Bulletin >> Vol 2002 No.19 November 1, 2002

Vol 2002 No. 19 November 1, 2002

New FinCEN Information Sharing Rules

The Financial Crime Enforcement Network (FinCEN) has issued a final rule, effective September 26, 2002, to encourage information sharing among financial institutions and federal law enforcement agencies for the purpose of combating money laundering and terrorist activity. The rule is issued under authority of Section 314 of the USA PATRIOT Act, which encourages information sharing by creating a qualified exemption from liability under any federal, state, or local law, or under contract, for a disclosure or failure to provide notice of a disclosure.

Information requests through FinCEN. Federal law enforcement agencies investigating money laundering or terrorist activities will be authorized to request FinCEN, by means of a written certification, to obtain information from a financial institution on the agency's behalf. The purpose of going through FinCEN rather than directly to a financial institution is to take advantage of FinCEN's ability to reach out to a broad array of institutions. This new authority is not intended to affect or limit direct law enforcement requests to financial institutions under existing law.

The certification must include the identity of each person or entity which is the subject of the request, including date of birth, address, social security number, or other specific identifiers needed to facilitate the financial institution's search.

The financial institution must designate a contact person and "expeditiously" search its records for the following: (i) any current account maintained for a named suspect; (ii) any account maintained for a named suspect during the preceding 12 months; and (iii) any transaction conducted by or on behalf of a named suspect, or any transmittal of funds by or to the named suspect during the preceding 6 months that the institution is required by law or regulation to keep records of (i.e., transactions of $3,000 or more), that it recorded and maintained electronically. The institution may contact the requesting law enforcement agency directly for clarifications of the request.

The institution is required to report information matches to FinCEN as follows: the name of the suspect, account number, date and type of transaction, and social security number, taxpayer ID, passport number, date of birth, address, or other similar identifying information. FinCEN reserves the right to require a more comprehensive search. Generally, these reporting requirements are intended to be limited. For example, unless requested, an institution is not required to search processed checks to determine whether a named suspect was a payee of a check because the payee is neither the person who conducted the transaction nor the person on whose behalf the transaction was conducted (unless the suspect wrote a check to himself).

The rules restrict financial institutions from using information contained in FinCEN's requests except to research the request and report to FinCEN, nor may an institution disclose that a request has been made. However, an institution may share information concerning a suspect with another financial institution (see discussion below), but it may not disclose the fact that FinCEN has requested information concerning the suspect. Requests must be safeguarded in the same manner that an institution's consumer data is safeguarded pursuant to the data protection requirements set forth in section 501 of the Gramm-Leach-Bliley Act and its applicable regulations.

The rules also clarify that a financial institution is not required to take any action with respect to an account or transaction subject to a FinCEN request, or even decline to establish an account. Nor must the institution report on future account opening activity or transactions or to treat a suspect as included in a government list.

Sharing among financial institutions. The final rules create a safe harbor for financial institutions, including an association (i.e., a group comprised entirely) of institutions, when they share information with each other regarding individuals, entities, organizations, and countries for purposes of identifying and reporting money laundering.

Institutions sharing information must first file a notice to FinCEN, which is effective for one year. The notice may be submitted through its website at http://www.treas.gov/fincen or by mail to: FinCEN, P.O. Box 39, Mail Stop 100, Vienna, VA 22183. In order to continue sharing information beyond the one year period, a new notice must be filed. One of the stated purposes of the notice is for FinCEN to have some controls over the security of shared information.

Institutions must ensure that the institution with whom information will be shared has also submitted a notice, a fact that may be verified directly with the other institution or by checking a list to be made available about quarterly by FinCEN. In its comments to the new rule, FinCEN notes that an institution may confirm another's filing of a notice by obtaining a copy of it, accepting a representation, or any other reasonable means. Note that institutions that previously have filed certifications with FinCEN under the interim rule are not required to file a notice to replace those certifications.

Again, institutions are restricted in their use of information obtained from other institutions except to identify and report money laundering or terrorist activities, determine whether to establish or maintain an account or to engage in a transaction, and to comply with laws and regulations. As with information reportable to FinCEN, shared information must be similarly safeguarded. A safe harbor from liability is available only if the institution has filed a notice FinCEN, confirmed the other institution's filing, and complied with the use restrictions.

The SAR filing requirements apply to information shared with another financial institution. Even where the SAR filing rules are not triggered, FinCEN "encourages" institutions to file. Where a violation requires immediate attention, the institution must, in addition to filing an SAR, immediately contact law enforcement by telephone and notify its regulatory supervisor.

The rules are effective as of September 26, 2002. For further information, contact: Office of Chief Counsel, FinCEN, (703) 905-3590; Office of the Assistant General Counsel (Enforcement), (202) 622-1927; or the Office of the Assistant General Counsel (Banking and Finance), (202) 622-0480 (not toll-free numbers).

The information contained in this CBA Regulatory Compliance Bulletin is not intended to constitute, and should not be received as, legal advice. Please consult with your counsel for more detailed information applicable to your institution.

The information contained in this CBA Regulatory Compliance Bulletin is not intended to constitute, and should not be received as, legal advice.  Please consult with your counsel for more detailed information applicable to your institution.
   

CBA Regulatory Compliance Committee

Patricia A. Cantu (Chair), Mary Lou Bonkofsky, Janet Bonnefin, Lyndon Christensen, James Curtis, Vira Jo Denny, Michael Hood, Jeri Killian, Lynn Lawrence, Stuart J. Lehr, Garry Prosperi, Thomas E. McCullough, James Rockenbach, Christine Scott, Deborah Thoren-Peden, James Thvedt and Meg Troughton

Leland Chan, General Counsel
California Bankers Association 201 Mission Street Suite 2400 San Francisco California 94105-1839 
Tel (415) 284-6999ext. 214, Fax (415) 284-1521 
E-mail: lchan@calbankers.com

 

 

Return to top