Proposed Rule2022-01331
Pilot Program on Sharing of Suspicious Activity Reports and Related Information With Foreign Branches, Subsidiaries, and Affiliates
Primary source
Metadata and text below are from the Federal Register, a public-domain U.S. government work. Always verify the official published version before relying on it for any legal matter.
Published
January 25, 2022
Issuing agencies
Treasury DepartmentFinancial Crimes Enforcement Network
Abstract
FinCEN is issuing this notice of proposed rulemaking to seek public comment on the proposed establishment of a limited-duration pilot program, subject to conditions set by FinCEN, to permit a financial institution with a suspicious activity report (SAR) reporting obligation to share SARs and information related to SARs with the institution's foreign branches, subsidiaries, and affiliates for the purpose of combating illicit finance risk, in accordance with Section 6212(a) of the Anti-Money Laundering Act of 2020 (AML Act).
Full Text
<html>
<head>
<title>Federal Register, Volume 87 Issue 16 (Tuesday, January 25, 2022)</title>
</head>
<body><pre>
[Federal Register Volume 87, Number 16 (Tuesday, January 25, 2022)]
[Proposed Rules]
[Pages 3719-3729]
From the Federal Register Online via the Government Publishing Office [<a href="http://www.gpo.gov">www.gpo.gov</a>]
[FR Doc No: 2022-01331]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Financial Crimes Enforcement Network
31 CFR Part 1010
RIN 1506-AB51
Pilot Program on Sharing of Suspicious Activity Reports and
Related Information With Foreign Branches, Subsidiaries, and Affiliates
AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: FinCEN is issuing this notice of proposed rulemaking to seek
public comment on the proposed establishment of a limited-duration
pilot program, subject to conditions set by FinCEN, to permit a
financial institution with a suspicious activity report (SAR) reporting
obligation to share SARs and information related to SARs with the
institution's foreign branches, subsidiaries, and affiliates for the
purpose of combating illicit finance risk, in accordance with Section
6212(a) of the Anti-Money Laundering Act of 2020 (AML Act).
DATES: Written comments on this proposed rule must be received on or
before March 28, 2022.
ADDRESSES: Comments may be submitted by any of the following methods:
<bullet> Federal E-rulemaking Portal: <a href="http://www.regulations.gov">http://www.regulations.gov</a>.
Follow the instructions for submitting comments. Refer to Docket Number
FINCEN-2022-0002 and RIN 1506-AB51.
<bullet> Mail: Policy Division, Financial Crimes Enforcement
Network, P.O. Box 39, Vienna, VA 22183. Refer to Docket Number FINCEN-
2022-0002 and RIN 1506-AB51.
FOR FURTHER INFORMATION CONTACT: The FinCEN Regulatory Support Section
at 1-800-767-2825 or electronically at <a href="https://fincen.gov/contact">https://fincen.gov/contact</a>.
SUPPLEMENTARY INFORMATION:
I. Scope of Notice of Proposed Rulemaking (NPRM)
FinCEN is issuing this NPRM pursuant to 31 U.S.C. 5318(g)(8), as
added by section 6212 of the AML Act,\1\ which requires the Secretary
of the Treasury (the Secretary) to issue rules establishing a pilot
program that permits a financial institution subject to a SAR reporting
requirement under 31 U.S.C. 5318(g) to share SARs and related
information, including the fact that a SAR has been filed, with the
institution's foreign branches, subsidiaries, and affiliates for the
purpose of combating illicit finance risks.\2\
---------------------------------------------------------------------------
\1\ The AML Act was enacted as Division F, sections 6001-6511,
of the William M. (Mac) Thornberry National Defense Authorization
Act for Fiscal Year 2021, Public Law 116-283, 134 Stat 3388 (2021).
\2\ For purposes of this NPRM, ``SARs and related information''
means a report filed pursuant to 31 U.S.C. 5318(g) and any
information that would reveal the existence of such a report.
Because SARs filed on insider abuse are filed under Federal banking
agency regulations (see, e.g., 12 CFR 21.11(c)(1)), and are not part
of FinCEN's SAR regulations, they are not included in this
definition and are not permitted to be shared under the pilot
program FinCEN is proposing to establish by this NPRM.
---------------------------------------------------------------------------
II. Background
A. The Bank Secrecy Act (BSA)
Enacted in 1970 and amended most recently by the AML Act, the BSA
aids in the prevention of money laundering, terrorism financing, and
other illicit financial activity, and the protection of U.S. national
security.\3\ The purposes of the BSA include, among other things,
``requir[ing] certain reports or records that are highly useful in--(A)
criminal, tax, or regulatory investigations, risk assessments, or
proceedings; or (B) intelligence or counterintelligence activities,
including analysis, to protect against terrorism'' and ``establish[ing]
appropriate frameworks for information sharing'' among financial
institutions and government authorities, among others.\4\
---------------------------------------------------------------------------
\3\ The BSA is codified at 12 U.S.C. 1829b, 1951-1959 and 31
U.S.C. 5311-5314, 5316-5336. Implementing regulations are codified
at 31 CFR Chapter X. Section 6212 of the AML Act amends 31 U.S.C.
5318 by adding Section 5318(g)(8).
\4\ 31 U.S.C. 5311(1), (5).
---------------------------------------------------------------------------
The Secretary is authorized to require domestic financial
institutions or nonfinancial trades or businesses to maintain
appropriate procedures to ensure compliance with the BSA and the
regulations promulgated thereunder or to guard against money
laundering, the financing of terrorism, and other forms of illicit
finance.\5\ The Secretary has delegated to the Director of FinCEN the
authority to implement, administer, and enforce compliance with the BSA
and associated regulations.\6\
---------------------------------------------------------------------------
\5\ 31 U.S.C. 5318(a)(2).
\6\ 31 U.S.C. 310(b)(2); Treasury Order 180-01, (Jan. 14, 2020).
---------------------------------------------------------------------------
The BSA authorizes the Secretary to require the reporting of
suspicious
[[Page 3720]]
transactions.\7\ FinCEN's implementing regulations require a financial
institution to file a SAR if the financial institution knows, suspects,
or has reason to suspect that a transaction conducted or attempted by,
at, or through the financial institution: (i) Involves funds derived
from illegal activity or is an attempt to disguise funds derived from
illegal activity; (ii) is designed to evade regulations promulgated
under the BSA; or (iii) lacks a business or apparent lawful purpose or
is not the sort in which the particular customer would normally engage
and the financial institution knows of no reasonable explanation for
the transaction.\8\ Pursuant to FinCEN's regulations implementing the
BSA, financial institutions obligated to file SARs include banks,
casinos and card clubs, money services businesses, brokers or dealers
in securities, mutual funds, insurance companies, futures commission
merchants and introducing brokers in commodities, loan and finance
companies, and housing government-sponsored enterprises.\9\
---------------------------------------------------------------------------
\7\ 31 U.S.C. 5318(g)(1).
\8\ See, e.g., 31 CFR 1020.320. Financial institutions must file
with FinCEN, to the extent and in the manner required, a report of
any suspicious transaction relevant to a possible violation of law
or regulation. See, e.g., 31 CFR 1022.320(a)(2)(iv) (requiring a
money services business to file a SAR if it knows, suspects, or has
reason to suspect that the transaction involves use of the money
services business to facilitate criminal activity). A financial
institution may also file a SAR with respect to any suspicious
transaction that it believes is relevant to a possible violation of
law or regulation but whose reporting is not required by FinCEN
regulations. See, e.g., 31 CFR 1020.320(a)(1).
\9\ FinCEN has issued implementing regulations at 31 CFR
1020.320 (SAR rule for banks); 1021.320 (SAR rule for casinos and
card clubs); 1022.320 (SAR Rule for money services businesses);
1023.320 (SAR rule for brokers or dealers in securities); 1024.320
(SAR rule for mutual funds); 1025.320 (SAR rule for insurance
companies); 1026.320 (SAR rule for futures commission merchants and
introducing brokers in commodities); 1029.320 (SAR rule for loan or
finance companies); 1030.320 (SAR rule for housing government-
sponsored enterprises).
---------------------------------------------------------------------------
B. SAR Confidentiality Regulations
The BSA provides that a financial institution and its directors,
officers, employees, and agents are prohibited from notifying any
person involved in a suspicious transaction that the transaction was
reported, or from otherwise revealing any information that would reveal
that the transaction has been reported.\10\ FinCEN has issued
implementing regulations that generally prohibit the disclosure of a
SAR or information revealing the existence of a SAR by a financial
institution and its directors, officers, employees, and agents.\11\
Provided that no person involved in a reported transaction is notified
that the transaction has been reported, the regulation specifies that
it is not to be construed as prohibiting disclosure to appropriate law
enforcement agencies, regulatory authorities that examine the financial
institution for compliance with the BSA, or FinCEN.\12\ The regulation
further specifies that it is not to be construed as prohibiting a
financial institution to share the underlying facts, transactions, and
documents upon which a SAR is based, including sharing such materials
with another financial institution for the preparation of a joint
SAR.\13\ It also specifies that a financial institution can share a SAR
within its corporate organizational structure for purposes consistent
with Title II of the BSA as determined by regulation or in
guidance.\14\
---------------------------------------------------------------------------
\10\ 31 U.S.C. 5318(g)(2)(A), as amended by Section 6212(b) of
the AML Act.
\11\ See, e.g., 31 CFR 1020.320(e).
\12\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(A)(1).
\13\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(A)(2)(i).
\14\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(B).
---------------------------------------------------------------------------
C. FinCEN's Prior Guidance on Sharing SARs Within Corporate
Organizational Structures
In 2006, FinCEN and the Federal banking agencies issued guidance on
the sharing of SARs with head offices and controlling companies (2006
Guidance).\15\ The 2006 Guidance states that a U.S. branch of a foreign
bank may share a SAR with its head office, and a U.S. bank or savings
association may share a SAR with its controlling company, whether
domestic or foreign.\16\ At the same time, FinCEN issued similar
guidance permitting securities broker-dealers, futures commission
merchants, and introducing brokers in commodities to share SARs with
parent entities, both domestic and foreign, and later in 2006, FinCEN
released related guidance to mutual funds.\17\ FinCEN permitted such
sharing because a financial institution's head office or controlling
entity may have a need to discharge oversight responsibilities with
respect to enterprise-wide risk management and compliance with
applicable laws and regulations.\18\
---------------------------------------------------------------------------
\15\ See Financial Crimes Enforcement Network, Board of
Governors of the Federal Reserve System, Office of the Comptroller
of the Currency, Federal Depository Insurance Corporation, and the
Office of Thrift Supervision Interagency Guidance on Sharing
Suspicious Activity Reports with Head Offices and Controlling
Companies, (Jan. 20, 2006), available at <a href="https://www.fincen.gov/resources/statutes-regulations/guidance/interagency-guidance-sharing-suspicious-activity-reports">https://www.fincen.gov/resources/statutes-regulations/guidance/interagency-guidance-sharing-suspicious-activity-reports</a>.
\16\ Id. The 2006 Guidance states that depository institutions,
as part of their AML programs, must have written confidentiality
agreements or arrangements in place specifying that the head office
or controlling company must protect the confidentiality of the SARs
through appropriate internal controls. The Guidance states that the
confidentiality agreements or arrangements must also address
concerns about the ability of the foreign entity to protect the SAR
in light of possible requests for disclosure abroad that may be
subject to foreign law.
\17\ See Financial Crimes Enforcement Network, Guidance on
Sharing Suspicious Activity Reports by Securities Broker-Dealers,
Futures Commission Merchants, and Introducing Brokers in
Commodities, Jan. 20, 2006, available at <a href="https://www.fincen.gov/resources/statutes-regulations/guidance/guidance-sharing-suspicious-activity-reports-securities">https://www.fincen.gov/resources/statutes-regulations/guidance/guidance-sharing-suspicious-activity-reports-securities</a>. On October 4, 2006, FinCEN also issued
guidance permitting mutual funds to share SARs with the investment
adviser that controls the fund, whether domestic or foreign. See
Financial Crimes Enforcement Network, FIN-2006-G013, Frequently
Asked Questions Suspicious Activity Reporting Requirements for
Mutual Funds, (Oct. 4, 2006), available at <a href="https://www.fincen.gov/resources/statutes-regulations/guidance/frequently-asked-questions-suspicious-activity-reporting">https://www.fincen.gov/resources/statutes-regulations/guidance/frequently-asked-questions-suspicious-activity-reporting</a>.
\18\ See the 2006 Guidance; see also Financial Crimes
Enforcement Network, Guidance on Sharing of Suspicious Activity
Reports by Securities Broker-Dealers, Futures Commission Merchants,
and Introducing Brokers in Commodities, (Jan. 20, 2006).
---------------------------------------------------------------------------
In 2010, following an amendment to FinCEN's SAR regulations,\19\
FinCEN issued guidance on sharing SARs with certain U.S. affiliates of
depository institutions (2010 Guidance).\20\ The 2010 Guidance
generally permits the sharing of SARs and related information by
depository institutions with their affiliates that are subject to a SAR
regulation. U.S. affiliates of depository institutions that are subject
to SAR filing obligations include brokers or dealers in securities,
futures commission merchants and introducing brokers in commodities,
money services businesses, and residential mortgage lenders or
originators.\21\ At the same time, FinCEN issued similar guidance
permitting securities broker-dealers, mutual funds, futures commission
merchants, and introducing brokers in commodities to share SARs with
certain affiliates.\22\ The 2010 Guidance also
[[Page 3721]]
explained that ``[b]ecause foreign branches of U.S. banks are regarded
as foreign banks for purposes of the BSA, under this guidance, they are
`affiliates' that are not subject to a SAR regulation'' and therefore a
U.S. bank may not share SARs, or any information that would reveal the
existence of the SAR, with its foreign branches. In 2017, FinCEN also
issued guidance confirming that casinos and card clubs may share SARs
with domestic parents and affiliates, subject to certain
limitations.\23\
---------------------------------------------------------------------------
\19\ Financial Crimes Enforcement Network, Confidentiality of
Suspicious Activity Reports, 75 FR 75593, (Dec. 3, 2010).
\20\ Financial Crimes Enforcement Network, FIN-2010-G006,
Sharing Suspicious Activity Reports by Depository Institutions with
Certain U.S. Affiliates, (Nov. 23, 2010) (the ``2010 Guidance''),
available at <a href="https://www.fincen.gov/sites/default/files/shared/fin-2010-g006.pdf">https://www.fincen.gov/sites/default/files/shared/fin-2010-g006.pdf</a>.
\21\ See 31 CFR 1023.320 (brokers or dealers in securities);
1026.320 (futures commission merchants and introducing brokers in
commodities); 1022.320 (money services businesses); 1029.320 (loan
or finance companies).
\22\ Financial Crimes Enforcement Network, FIN-2010-G005,
Sharing Suspicious Activity Reports by Securities Broker-Dealers,
Mutual Funds, Futures Commission Merchants, and Introducing Brokers
in Commodities with Certain U.S. Affiliates, (Nov. 23. 2010),
available at <a href="https://www.fincen.gov/resources/statutes-regulations/guidance/sharing-suspicious-activity-reports-securities-broker">https://www.fincen.gov/resources/statutes-regulations/guidance/sharing-suspicious-activity-reports-securities-broker</a>.
\23\ Financial Crimes Enforcement Network, FIN-2017-G001,
Sharing Suspicious Activity Reports with U.S. Parents and Affiliates
of Casinos, (Jan. 4, 2017), available at <a href="https://www.fincen.gov/sites/default/files/2017-01/FinCENGuidanceJan4_508FINAL.pdf">https://www.fincen.gov/sites/default/files/2017-01/FinCENGuidanceJan4_508FINAL.pdf</a>.
---------------------------------------------------------------------------
The 2006 and 2010 Guidance also made clear that there may be
circumstances under which the financial institution, its affiliate, or
both entities could be liable for direct or indirect disclosure of a
SAR or any information that would reveal the existence of a SAR.
Accordingly, the 2006 and 2010 Guidance stated that a financial
institution, as part of its internal controls, should have policies and
procedures in place to protect the confidentiality of the SAR.\24\
---------------------------------------------------------------------------
\24\ See the 2006 Guidance, supra note 15, (stating that a
depository institution must have written confidentiality agreements
or arrangements in place specifying that the head office or
controlling company must protect the confidentiality of the SAR
through appropriate internal controls); see also the 2010 Guidance,
supra note 20, (stating that a depositiory institution, as part of
its internal controls, should have policies and procedures in place
to ensure its affiliates protect the confidentiality of the SAR).
---------------------------------------------------------------------------
D. The AML Act
On January 1, 2021, Congress enacted the AML Act to, among other
things, improve coordination and information sharing among the agencies
tasked with administering AML/countering the financing of terrorism
(AML/CFT) requirements and to modernize the AML/CFT laws to better
adapt the government and private sector response to new and emerging
threats.\25\
---------------------------------------------------------------------------
\25\ See AML Act Section 6002.
---------------------------------------------------------------------------
Section 6212(a) of the AML Act amends the BSA by adding 31 U.S.C.
5318(g)(8), which requires the Secretary to issue rules establishing a
pilot program that permits a financial institution with a SAR reporting
obligation to share SARs and related information with its foreign
branches, subsidiaries, and affiliates for the purpose of combating
illicit finance risks.\26\ In issuing the rules, the Secretary must
ensure that the sharing of information is limited by the requirements
of Federal and State law enforcement operations, takes into account
potential concerns of the intelligence community, is subject to
appropriate standards and requirements regarding data security and the
confidentiality of personally identifiable information, and excludes
sharing with foreign branches, subsidiaries, and affiliates in certain
jurisdictions.\27\ Further, the pilot program permits the Secretary to
consider, implement, and enforce provisions that would hold a foreign
affiliate of a U.S. financial institution liable for the disclosure of
SARs and related information shared under the pilot program.\28\
---------------------------------------------------------------------------
\26\ See 31 U.S.C. 5318(g)(8).
\27\ See 31 U.S.C. 5318(g)(8)(A)(ii).
\28\ See 31 U.S.C. 5318(g)(8)(B)(ii).
---------------------------------------------------------------------------
The pilot program must terminate three years after the date of the
AML Act's enactment (i.e., January 1, 2024), unless the Secretary
extends the pilot for not more than two years upon submitting a report
to the Senate Committee on Banking, Housing, and Urban Affairs and the
House Committee on Financial Services that includes: (1) A
certification and a detailed explanation of the reasons that the
extension is in the national interest of the United States; (2) an
evaluation of the usefulness of the pilot program, including a detailed
analysis of any illicit activity identified or prevented as a result of
the program, after appropriate consultation by the Secretary with the
participants in the pilot program; and (3) a detailed legislative
proposal providing for a long-term extension of activities under the
pilot program, measures to ensure data security, and confidentiality of
personally identifiable information, including expected budgetary
resources for those activities, if the Secretary determines that a
long-term extension is appropriate.\29\
---------------------------------------------------------------------------
\29\ See 31 U.S.C. 5318(g)(8)(B)(iii).
---------------------------------------------------------------------------
Under the pilot program, a financial institution may not share SARs
or related information with a foreign branch, subsidiary, or affiliate
located in: (1) The People's Republic of China; (2) the Russian
Federation; or (3) a jurisdiction that is a state sponsor of terrorism,
that is subject to sanctions imposed by the Federal Government, or that
the Secretary has determined cannot reasonably protect the security and
confidentiality of such information.\30\ The Secretary may make
exceptions, on a case-by-case basis, for a financial institution
located in the People's Republic of China or the Russian Federation by
notifying the Senate Committee on Banking, Housing, and Urban Affairs
and the House Committee on Financial Services that such an exception is
in the national security interest of the United States.\31\
---------------------------------------------------------------------------
\30\ See 31 U.S.C. 5318(g)(8)(C)(i).
\31\ See 31 U.S.C. 5318(g)(8)(C)(ii).
---------------------------------------------------------------------------
Not later than 360 days after the pilot program rules are
promulgated, and annually thereafter for three years, the Secretary, or
the Secretary's designee, must brief the Senate Committee on Banking,
Housing, and Urban Affairs and the House Committee on Financial
Services on: (1) The degree of information sharing permitted under the
pilot program and a description of criteria used by the Secretary to
evaluate the appropriateness of the information sharing; (2) the
effectiveness of the pilot program in identifying or preventing the
violation of a United States law or regulation and mechanisms that may
improve that effectiveness; and (3) any recommendations to amend the
design of the pilot program.\32\
---------------------------------------------------------------------------
\32\ See 31 U.S.C. 5318(g)(8)(D).
---------------------------------------------------------------------------
Information related to reports of suspicious transactions received
by a financial institution from a foreign affiliate with respect to a
suspicious transaction relevant to a possible violation of law or
regulation shall be subject to confidentiality requirements that are
the same as those that apply to SARs filed under 31 U.S.C.
5318(g)(1).\33\ No financial institution may establish or maintain any
operation located outside of the United States the primary purpose of
which is to ensure compliance with the BSA as a result of the sharing
granted under the pilot program.\34\ Finally, an ``affiliate'' is
defined for purposes of the pilot program as ``an entity that controls,
is controlled by, or is under common control with another entity.''
\35\ The terms ``Bank Secrecy Act,'' ``State bank Supervisor,'' and
``State credit union supervisor'' have the same meanings given in
Section 6003 of the AML Act.
---------------------------------------------------------------------------
\33\ See 31 U.S.C. 5318(g)(9).
\34\ See 31 U.S.C. 5318(g)(10).
\35\ See 31 U.S.C. 5318(g)(11)(A).
---------------------------------------------------------------------------
III. Section-by-Section Analysis
This proposed rule would add a new section at 31 CFR 1010.240
establishing a pilot program that permits financial institutions with a
SAR reporting obligation under 31 U.S.C. 5318(g) and FinCEN's
regulations to share SARs and related information with their foreign
branches, subsidiaries, and affiliates for the purpose of combating
illicit finance risks.
Application process: In issuing the pilot program rules, FinCEN
must take into account certain considerations to ensure that the
sharing of information permitted under the pilot program is limited by
the requirements of Federal
[[Page 3722]]
and State law enforcement operations, takes into account potential
concerns of the intelligence community, and is subject to appropriate
standards and requirements regarding data security and the
confidentiality of personally identifiable information. Participant
financial institutions must also comply with the applicable
jurisdictional restrictions described above.
To that end, the proposed rule requires a financial institution to
submit a written application to FinCEN that: (1) Identifies the
institution's point of contact for pilot program-related
correspondence; (2) specifies the foreign branches, subsidiaries, and
affiliates with which the financial institution intends to share SARs
and related information; (3) specifies the particular purpose or
purposes for which the foreign branches, subsidiaries, and affiliates
intend to use SARs and related information, including the operational
jurisdictions of such entities, as well as whether such entities will
be providing reciprocal information to the applicant financial
institution; (4) provides an estimated commencement date for the pilot
program, and; (5) describes internal controls in place to prevent
unauthorized disclosures of SARs and related information.\36\ Given the
sensitive nature of the information contained in or relating to a SAR,
including personally identifiable information of U.S. persons, and the
jurisdictional limitations set out in the statute, FinCEN believes a
formal application and approval process is necessary to ensure that
adequate safeguards are in place before allowing a financial
institution to share SARs and related information with its foreign
branches, subsidiaries, and affiliates.
---------------------------------------------------------------------------
\36\ See 31 CFR 1020.320(e), 1021.320(e), 1022.320(d),
1023.320(e), 1024.320(d), 1025.320(e), and 1026.320(e). Filing
institutions, and their current and former directors, officers,
employees, and agents, are prohibited from disclosing SARs, or any
information that would reveal the existence of a SAR.
---------------------------------------------------------------------------
The proposed rule also specifies that applicant financial
institutions should, at a minimum, implement certain controls,
including confidentiality agreements and procedures for personnel
located in the United States to review requests from foreign law
enforcement, foreign regulators, or an outside foreign party for SARs
and related information, and to immediately notify FinCEN of such
requests. Given the sensitive nature of SAR information, participant
financial institutions and their foreign branches, subsidiaries, or
affiliates must direct the requesting authority to both contact FinCEN
about obtaining the requested SAR or related information and to seek to
obtain such records or information through a request to the United
States pursuant to a mutual legal assistance treaty or another
appropriate mechanism for obtaining records from the United States.
Participant financial institutions shall also maintain records
sufficient to identify the specific foreign jurisdictions in which
branches, subsidiaries, or affiliates of financial institutions are
located and that received any specific SAR or related information. Such
records shall be maintained so as to enable the participant financial
institution to readily report this information to FinCEN upon request.
FinCEN is including this requirement because, in the event of an
unauthorized disclosure, it will assist in FinCEN's efforts to identify
those individuals and entities that were in possession of SARs and
related information that were inappropriately disclosed.
The proposed rule requires that an application specify those
foreign branches, subsidiaries, and affiliates with which a financial
institution intends to share SARs and related information pursuant to
the proposed pilot program. Upon receipt of an application, FinCEN
would determine a financial institution's suitability for participation
in the pilot program based on FinCEN's assessment of the financial
institution's internal controls, as well as the entities with which it
intends to share information and corresponding jurisdictions in which
the entities are located. FinCEN will notify the financial
institution's relevant Federal functional regulator of the application.
FinCEN will also consult with the relevant Federal functional regulator
and other relevant agencies on the application, as needed. The proposed
rule also states that FinCEN will share information received pursuant
to the application process with relevant Federal functional regulators,
or, as appropriate, other relevant agencies.\37\ The proposed rule also
states that FinCEN will limit the sharing of SARs and related
information based on the requirements of Federal and State law
enforcement operations, and will take into account concerns of the
intelligence community.
---------------------------------------------------------------------------
\37\ While there is no consultation requirement in 31 U.S.C.
5318(g)(8), FinCEN intends to consult with Federal functional
regulators with respect to their assessment of the financial
institution's suitability for participation in the pilot program.
For example, the relevant Federal functional regulator may have
particular expertise with respect to a financial institution's risk
profile and supervisory history with respect to BSA.
---------------------------------------------------------------------------
FinCEN expects that the resourcing and strengths of compliance
programs and internal control frameworks will vary among applicant
financial institutions. Consequently, the proposed rule permits FinCEN
to require implementation of additional internal controls to ensure
data security and confidentiality of SARs and related information,
including the personally identifiable information contained therein, as
a prerequisite to approving an application. As the pilot program
matures, and best practices for ensuring data security and
confidentiality are identified, FinCEN may require certain participant
financial institutions to implement additional internal controls as a
condition for continued participation in the pilot program. In response
to concerns of the intelligence community, or to take into account
requirements for State and Federal law enforcement operations, FinCEN
may also require participant financial institutions to enhance or
modify internal controls as a condition for continued participation in
the pilot program.
The proposed rule also provides a mechanism by which participant
financial institutions may seek modifications to the internal controls
specified in its FinCEN-approved application to address operational
contingencies, resourcing challenges, or other circumstances.
Specifically, the proposed rule would require participant financial
institutions to submit a request to FinCEN that details the nature and
extent of the requested changes to applicable internal controls before
implementing any such modifications. FinCEN, in consultation with
relevant Federal functional regulators, as needed, would approve or
reject such requests for modification, or condition its approval on
implementation of additional controls, as appropriate. FinCEN, in its
sole discretion, may also modify a financial institution's
participation in the pilot program based on the requirements of Federal
and State law enforcement operations or concerns of the intelligence
community.
The proposed rule would permit FinCEN to terminate a financial
institution's participation in the pilot program at any time. Grounds
for termination could include, but are not limited to, actual, or
unreasonable risk of, unauthorized disclosures of SARs and related
information; significant internal control deficiencies identified while
participating in the pilot program; failure to adhere to the specific
requirements for participation; or any other issues that indicate that
a participant financial institution is unable to adequately safeguard
against unauthorized disclosures of SARs and
[[Page 3723]]
related information or to ensure adequate data security and
confidentiality of personally identifiable information.
Given the limited duration of the pilot program, FinCEN will make
every effort to expeditiously review applications and provide responses
to potential participant financial institutions in a timely manner. To
that end, FinCEN will seek to provide responses within 90 days of
receipt of an application to participate in the pilot program. FinCEN
welcomes comments on whether this time period is sufficient to
encourage participation in the pilot program during the timeframe
allotted by Congress.
Quarterly reporting requirement: The proposed rule would require
participant financial institutions to report certain information to
FinCEN on a quarterly basis, including: (1) The total number of SARs
and related information shared; (2) the name and jurisdiction of each
entity that received SARs and related information, the relationship
between the entity and the participant financial institution, and the
intended purposes and uses for which the SARs and related information
were shared; (3) legal and compliance issues encountered; (4) technical
difficulties and challenges; (5) enhancements to the financial
institution's AML/CFT program enabled as a result of participating in
the pilot program, to include reallocation of resources to higher-
priority AML/CFT risks, such as those described in FinCEN's National
AML/CFT Priorities, issued pursuant to Section 5318(h)(4)(A) of the
BSA; and, (6) lessons learned, to include any identified inefficiencies
in the institution's AML/CFT program. The proposed rule's quarterly
reporting requirement would provide a control to ensure that the
sharing of information permitted under the pilot program is in
compliance with the statutory requirements with regard to Federal and
State law enforcement operations, concerns of the intelligence
community, and ensuring appropriate standards and requirements are in
place with respect to data security and confidentiality of personally
identifiable information. FinCEN expects that quarterly reporting will
yield critical information and data that should shed light on the
effectiveness of the pilot program and inform best practices for
information sharing and confidentiality of SARs and related
information. FinCEN intends to use this information to satisfy specific
statutory reporting requirements, including annual implementation
updates to Congress, as well as the report and accompanying legislative
proposal for any request to extend the pilot program.\38\
---------------------------------------------------------------------------
\38\ As the pilot program matures, FinCEN may request additional
data points from pilot program participants to fulfil these
statutory obligations.
---------------------------------------------------------------------------
Quarterly reporting should also enable FinCEN, and Federal
functional regulators, as appropriate, to identify pilot program-
related internal control deficiencies at participant financial
institutions that may need to be addressed as a condition for continued
participation in the pilot program. For instance, a participant
financial institution may report a legal and compliance issue under the
rule, such as an internal audit finding of ineffective controls on SAR
confidentiality. To ensure ongoing compliance with the requirements of
the pilot program, and a financial institution's suitability to
continue to participate, FinCEN intends to share these quarterly
reports with relevant Federal functional regulators and consult with
them as appropriate.
Prohibition involving certain jurisdictions: The proposed rule
would prohibit participant financial institutions from sharing SARs and
related information with foreign branches, subsidiaries, and affiliates
in specific jurisdictions, including the People's Republic of China,
the Russian Federation, jurisdictions that are state sponsors of
terrorism, jurisdictions subject to sanctions imposed by the Federal
Government, and jurisdictions the Secretary has determined cannot
reasonably protect the security and confidentiality of such
information.
For purposes of this section, a ``state sponsor of terrorism'' is a
jurisdiction so determined by the U.S. Department of State.
Jurisdictions ``subject to sanctions imposed by the Federal
Government'' are jurisdictions with governments whose property and
interests in property in U.S. jurisdiction are blocked pursuant to U.S.
sanctions authorities, as well as jurisdictions subject to broad
prohibitions on transactions by U.S. persons involving that
jurisdiction, such as prohibitions on importing or exporting goods,
services, or technology to the jurisdiction or dealing in goods or
services originating from the jurisdiction, pursuant to U.S. sanctions
authorities. FinCEN welcomes comments on this interpretation, and
encourages financial institutions to monitor for sanctions issued by
the U.S. Government to ensure compliance with this requirement.
Under 31 U.S.C. 5318(g)(8)(C)(i)(III)(c), as added by Section
6212(C)(i)(III)(cc) of the AML Act, FinCEN has determined that a
jurisdiction that FinCEN has identified as a primary money laundering
concern pursuant to Sections 311 of the USA PATRIOT Act (Pub. L. 107-
56) or 9714 of the Combating Russian Money Laundering Act (Pub. L. 116-
283) cannot reasonably protect the security and confidentiality of SARs
and related information given the deficient AML/CFT controls in those
jurisdictions as identified by FinCEN. The proposed rule, therefore,
also prohibits financial institutions from sharing SARs and related
information with foreign branches, subsidiaries, and affiliates in
jurisdictions identified by FinCEN as such.\39\ FinCEN may further
restrict sharing of SARs and related information, as authorized by
statute, based on requirements of Federal or State law enforcement
operations, the concerns of the intelligence community, or where FinCEN
has otherwise determined that such information cannot reasonably be
protected.
---------------------------------------------------------------------------
\39\ See <a href="https://www.fincen.gov/resources/statutes-and-regulations/311-special-measures">https://www.fincen.gov/resources/statutes-and-regulations/311-special-measures</a>.
---------------------------------------------------------------------------
The proposed rule would authorize the Secretary to grant narrow
exceptions on a case-by-case basis for foreign branches, subsidiaries,
and affiliates located in the People's Republic of China and the
Russian Federation. Under the proposed rule, the Secretary would be
required to notify the Committee on Banking, Housing, and Urban Affairs
of the U.S. Senate and the Committee on Financial Services of the U.S.
House of Representatives that such exceptions are in the national
security interest of the United States.
Treatment of foreign jurisdiction-originated reports. As required
by 31 U.S.C. 5318(g)(9), as added by the AML Act, information related
to a report received by a financial institution from a foreign
affiliate with respect to a suspicious transaction relevant to a
possible violation of law or regulation shall be subject to the same
confidentiality requirements as reports filed under 31 U.S.C. 5318(g).
Prohibition on offshoring compliance operations: As required by 31
U.S.C. 5318(g)(10), as added by the AML Act, the proposed rule would
expressly prohibit participant financial institutions from establishing
or maintaining any operation located outside of the United States the
primary purpose of which is to ensure compliance with the BSA as a
result of the information sharing granted by this pilot program.
Duration of the pilot program: The proposed rule implements the
statutory requirement that the pilot program terminate three years
after enactment of
[[Page 3724]]
the AML Act. The rule would permit the Secretaryto extend the pilot
program for not longer than two years upon reporting to the Committee
on Banking, Housing, and Urban Affairs of the Senate and the Committee
on Financial Services of the House of Representatives, as required by
the AML Act.
Prohibition on Disclosure: Under 31 U.S.C. 5318(g)(8)(B)(ii), the
pilot program shall ``permit the Secretary to consider, implement, and
enforce provisions that would hold a foreign affiliate of a U.S.
financial institution liable for the disclosure of SARs and related
information.'' The proposed rule provides that, except to the extent
authorized pursuant to the pilot program or in existing regulations or
guidance, a participant financial institution, its foreign branches,
subsidiaries and affiliates, and certain other associated individuals
may not disclose a SAR or related information shared pursuant to the
pilot program. The reference to ``existing regulations and guidance''
in the proposed rule accounts for exceptions to SAR confidentiality
that apply to filing institutions located or doing business within the
United States, and their directors, officers, employees, or agents.\40\
---------------------------------------------------------------------------
\40\ See, e.g., 31 CFR 1020.320(e)(1)(ii) (banks).
---------------------------------------------------------------------------
A participant financial institution must implement policies,
procedures, and internal controls that are reasonably designed to
ensure that its foreign branches, subsidiaries, or affiliates do not
permit unauthorized disclosures of SARs or related information. FinCEN,
in consultation with relevant Federal functional regulators, as needed,
will assess the sufficiency of a financial institution's internal
controls before approving an application to participate in the pilot
program. SARs and related information contain highly sensitive
information, including sensitive information about U.S. persons, and it
is vital that they be protected. FinCEN encourages participant
financial institutions to ensure that their foreign branches,
subsidiaries, or affiliates have sufficient internal controls in place
prior to sharing any SARs or related information.
Under 31 U.S.C. 5321 and 31 U.S.C. 5322, civil penalties and
criminal sanctions may be imposed on participant financial
institutions, directors, officers, employees, or agents for violations
of the prohibition on the disclosure of SARs and related information.
The proposed rule makes clear that this prohibition also applies to
foreign affiliates, and that foreign affiliates can be held liable for
civil penalties and criminal sanctions pursuant to 31 U.S.C. 5321 and
31 U.S.C. 5322. Civil money penalties under 31 U.S.C. 5321(a)(1) apply
to a ``domestic financial institution or nonfinancial trade or
business,'' and the term ``domestic financial institution'' is defined
as referring to ``an action in the United States'' of the financial
institution.\41\ However, 31 U.S.C. 5318(g)(8)(B)(ii) specifically
authorizes the Secretary to implement and enforce ``provisions that
would hold a foreign affiliate of a U.S. financial institution liable
for the disclosure of SARs and related information.'' In light of that
mandate, FinCEN would construe its authority to impose civil money
penalties under 31 U.S.C. 5321(a)(1) as applying to foreign affiliates
that disclose SARs and related information in violation of the proposed
rule, without regard to whether the unauthorized disclosure occurs in
the United States.
---------------------------------------------------------------------------
\41\ 31 U.S.C. 5312(b)(1); see also 31 CFR 1010.100(o) (stating
that ``domestic'' refers ``to the doing of business within the
United States'' or ``the performance . . . of functions within the
United States'').
---------------------------------------------------------------------------
Definitions: 31 U.S.C. 5318(g)(11) defines an affiliate as ``an
entity that controls, is controlled by, or is under common control with
another entity.'' The broad nature of this definition would include
branches and subsidiaries of participant financial institutions.
Therefore, the proposed rule both adopts this definition and includes
branches and subsidiaries within the term affiliate for the purpose of
this proposed pilot program.
IV. Request for Comment
FinCEN welcomes comment on all aspects of this proposed rule and
encourages all interested parties to provide their views.
With respect to the effect of establishing a pilot program to
permit financial institutions to share SARs with foreign branches,
subsidiaries, and affiliates, FinCEN in particular requests comment
from financial institutions and members of the public on the following
questions:
(1) Describe the expected costs and associated burdens of complying
with the proposed pilot program requirements, to the extent that a
financial institution chooses to participate.
(2) Describe the expected impact, including costs and/or associated
burdens, of complying with the statutory prohibition on offshoring
compliance operations within the context of the proposed pilot program.
(3) Describe expected technical challenges to implementation that
could make it harder or more expensive to participate in the pilot
program.
(4) Describe the expected benefits to a financial institution from
being permitted to share SARs and related information with a foreign
branch, subsidiary, or affiliate for the purpose of combating illicit
finance risks. Would the proposed sharing of SARs and related
information enable a financial institution to shift or allocate
resources to higher-priority AML/CFT risks?
(5) Has FinCEN struck a reasonable balance between facilitating
information sharing of SARs and related information permitted under the
pilot program and imposing conditions to protect the confidentiality
and prevent unauthorized disclosures of SARs and related information?
If not, how could FinCEN more reasonably balance these considerations?
(6) Describe potential challenges in protecting the confidentiality
of SARs and related information and preventing unauthorized disclosures
in connection with participation in the pilot program. Are there
additional provisions FinCEN could include in the pilot program that
would better enable a financial institution to comply with the program
confidentiality requirements and ensure accurate reporting? How does a
financial institution expect to protect SAR confidentiality and prevent
unauthorized SAR disclosures if foreign regulatory examinations of
foreign affiliates of U.S. financial institutions requests access to
such foreign institutions' files? Are there jurisdictions in which this
information would be subject to disclosure to non-government parties by
legal process?
(7) For the quarterly reports FinCEN is proposing to require, are
there any other particular metrics FinCEN should include in the current
list for required feedback?
(8) Is FinCEN's proposed timeline of 90 days to respond to
application requests reasonable? Would such a timeline encourage
financial institutions to participate in the pilot program?
(9) Should FinCEN consider a broader, longer-term program that
would enable financial institutions to share SARs and related
information with their foreign branches, subsidiaries, and affiliates
for the purpose of combating illicit finance risks?
V. Regulatory Analysis
A. Executive Orders 13563 and 12866
Executive Orders 13563 and 12866 direct agencies to assess costs
and
[[Page 3725]]
benefits of available regulatory alternatives and, if regulation is
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, and public health and
safety effects; distributive impacts; and equity). Executive Order
13563 emphasizes the importance of quantifying both costs and benefits,
of reducing costs, of harmonizing rules, and of promoting flexibility.
It has determined that this proposed rule is not a significant
regulatory action for purposes of Executive Order 12866. Accordingly, a
regulatory impact analysis is not required.
B. Regulatory Flexibility Act
The Regulatory Flexibility Act (RFA) (5 U.S.C. 601, et seq.)
requires an agency either to provide an initial regulatory flexibility
analysis with a proposed rule or certify that the proposed rule will
not have a significant economic impact on a substantial number of small
entities. This proposed regulation on its face would apply to all
financial institutions with a SAR reporting obligation under 31 U.S.C.
5318(g). However, because of the voluntary nature of the proposed rule,
only financial institutions choosing to participate in the pilot
program would be affected. FinCEN believes the proposed regulatory
changes are unlikely to have a significant economic impact on a
substantial number of small entities, as smaller entities are less
likely to have foreign-based branches, subsidiaries, and affiliates.
FinCEN, however, recognizes the limitations in readily available data
about potential costs and benefits and has prepared an initial
regulatory flexibility analysis pursuant to the RFA. FinCEN welcomes
comments on all aspects of the initial regulatory flexibility analysis.
A final regulatory flexibility analysis will be conducted after
consideration of comments received during the comment period.
i. Statement on the Need for, and Objectives of, the Proposed
Regulations
The need for, and objectives of, the proposed regulations are
established in 31 U.S.C. 5318(g), as amended by Section 6212 of the AML
Act. The purpose of the proposed regulation is to establish a pilot
program that permits a financial institution with a reporting
obligation under 31 U.S.C. 5318(g) to share information related to
SARs, including that such a report has been filed, with the
institution's foreign branches, subsidiaries, and affiliates for the
purpose of combating illicit finance risks.
ii. Small Entities Affected by the Proposed Regulation
The proposed regulations would apply to financial institutions with
a reporting obligation under 31 U.S.C. 5318(g). FinCEN most recently
identified these institutions in the Paperwork Reduction Act of 1995
(PRA) notice renewing information collection related to SARs.\42\ While
the full list of financial institutions with a reporting obligation
under 31 U.S.C. 5318(g) includes a substantial number of small
entities, FinCEN does not believe that a substantial number of small
entities would be affected by the proposed regulation. The proposed
pilot program would apply only to those institutions that choose to
participate, and it is unlikely that small entities would choose to
participate in a SAR sharing pilot program, as they are less likely to
have foreign branches, subsidiaries, and affiliates.
---------------------------------------------------------------------------
\42\ Financial Crimes Enforcement Network, Agency Information
Collection Activities; Proposed Renewal; Comment Request; Renewal
Without Change of the Bank Secrecy Act Reports by Financial
Institutions of Suspicious Transactions at 31 CFR 1020.320,
1021.320, 1022.320, 1023.320, 1024.320, 1025.320, 1026.320, and
1029.320, and FinCEN Report 111--Suspicious Activity Report, 85 FR
31598 (May 26, 2020).
---------------------------------------------------------------------------
iii. Compliance Requirements
The compliance costs for entities that choose to participate in the
pilot program would include implementation and administrative costs.
These would include costs to file an initial application with, and
provide quarterly updates to, FinCEN, as well as costs associated with
ensuring that adequate controls are in place to abide by the conditions
imposed by FinCEN.
iv. Duplicative, Overlapping, or Conflicting Federal Rules
FinCEN is not aware of any duplicative, overlapping, or conflicting
Federal rules with respect to pilot programs that enable financial
institutions to share SARs and related information with their foreign
branches, subsidiaries, and affiliates. As discussed previously,
existing guidance from FinCEN and Federal functional regulators
prohibits U.S. financial institutions from sharing SARs with foreign
branches, subsidiaries, and affiliates, and allows only for sharing
SARs with head offices and controlling entities of U.S. financial
institutions, consistent with the 2006 Guidance, and U.S. affiliates
within a financial institution's corporate organizational structure,
consistent with the 2010 Guidance.
v. Significant Alternatives to the Proposed Regulations
FinCEN considered foregoing the requirement for financial
institutions to submit an application and provide quarterly updates on
the progress of the pilot program. Given the sensitive nature of the
information contained in or relating to a SAR, including personally
identifiable information of U.S. persons, and the jurisdictional
limitations set out in the statute, FinCEN proposes requiring an
application and approval process to ensure that adequate safeguards are
in place before allowing a financial institution to share information
with its foreign branches, subsidiaries, and affiliates. Additionally,
as required by the AML Act, FinCEN must provide annual updates to the
Committee on Banking, Housing, and Urban Affairs of the Senate and the
Committee on Financial Services of the House of Representatives on the
pilot program, and submit a detailed legislative proposal concerning
the long-term extension of the pilot, if appropriate. FinCEN therefore
proposes to require financial institutions to provide quarterly updates
to ensure that FinCEN, in consultation with relevant Federal functional
regulators, as needed, can meet these statutory requirements.
C. Unfunded Mandates Act
Section 202 of the Unfunded Mandates Reform Act of 1995 (``Unfunded
Mandates Act''), Public Law 104-4 (March 22, 1995), requires that an
agency prepare a budgetary impact statement before promulgating a rule
that may result in expenditure by the State, local, and tribal
governments, in the aggregate, or by the private sector, of $100
million or more in any one year. If a budgetary impact statement is
required, Section 202 of the Unfunded Mandates Act also requires an
agency to identify and consider a reasonable number of regulatory
alternatives before promulgating a rule. Taking into account the
factors noted above and using conservative estimates of average labor
costs in evaluating the cost of the burden imposed by the proposed
regulation, FinCEN has determined that it is not required to prepare a
written statement under Section 202.
D. Paperwork Reduction Act of 1995
The recordkeeping and reporting requirements contained in this
proposed rule (31 CFR 1010.240) have been submitted by FinCEN to the
Office of Management and Budget (``OMB'') for review in accordance with
the PRA. Written comments and
[[Page 3726]]
recommendations for the proposed information collection can be
submitted by visiting <a href="http://www.reginfo.gov/public/do/PRAMain">www.reginfo.gov/public/do/PRAMain</a>. Find this
particular document by selecting ``Currently Under Review--Open for
Public Comments'' or by using the search function. Comments are welcome
and must be received by March 28, 2022. In accordance with the
requirements of the PRA and its implementing regulations, 5 CFR part
1320, the following information concerning the collections of
information is presented to assist those persons wishing to comment on
the information collections. Currently, financial institutions subject
to a SAR requirement must collect, retain, and report certain
information related to suspicious activity that takes places by, at, or
through the financial institution. This proposed rule would permit
financial institutions to share this information with their foreign
branches, subsidiaries, and affiliates, subject to the conditions and
prohibitions described above. As part of the application process to
request participation in the pilot program, FinCEN is proposing to
require a written submission with quarterly updates. As there is no
requirement to participate in the pilot program, FinCEN has calculated
an hourly burden only for those financial institutions that voluntarily
decide to participate.
Description of Recordkeepers: Banks, casinos and card clubs, money
services businesses, brokers or dealers in securities, mutual funds,
insurance companies, futures commission merchants and introducing
brokers in commodities, loan or finance companies, and housing
government sponsored enterprises.
Estimated Number of Affected Institutions: FinCEN estimates that
approximately 100 financial institutions will decide to participate in
the pilot program, which will permit the financial institutions to
share SARs and related information with their foreign branches,
subsidiaries, and affiliates. Because this is a new voluntary program,
this is an estimate, and FinCEN is requesting comment from institutions
that anticipate voluntarily participating in the pilot program.
Estimated Average Annual Burden Hours per Recordkeeper: Fewer than
59 hours per participant financial institution.
FinCEN estimates that the recordkeeping burden per recordkeeper to
submit a written application to FinCEN requesting participation in the
pilot program, including a description of internal controls in place to
limit unauthorized disclosures of SARs and related information, is 20
hours per year. This includes filing an application to participate that
includes notice that a person has been designated as a point-of-contact
for ongoing correspondence with FinCEN during the pilot program,
written pre-commencement notice that a participant financial
institution has the appropriate agreements and internal controls in
place to begin sharing SARs and related information, and written notice
that a commencement date has been set. FinCEN estimates an additional
one-hour-per-year burden in the event a participant financial
institution needs to contact FinCEN in writing to request advance
approval for any modifications to the commitments in the written
application. FinCEN is requesting comment on how frequently a
prospective participant financial institution anticipates that it may
need to modify the commitments listed in its application.
FinCEN estimates that the recordkeeping burden to draft and
maintain written confidentiality agreements for personnel granted
access to shared information, and to draft and maintain documented
policies and procedures to account for any requests or demands for SARs
and related information under foreign law, is 20 hours per year. FinCEN
estimates that the recordkeeping burden to prepare and submit quarterly
reports, to include technical difficulties encountered, legal issues
uncovered, the outcome of requests or demands made for SARs shared
pursuant to the pilot program, successes or lessons learned, is four
hours per report, for a total of 16 hours per year (4 hours x 4 reports
per year).
FinCEN estimates one hour for the recordkeeping burden associated
with the notice requirement, where a participant institution must
notify FinCEN of any requests or demands from foreign law enforcement,
foreign regulators, or other outside foreign party for SARs and related
information shared with foreign branches, subsidiaries, and affiliates
pursuant to the pilot program, and notify FinCEN of the outcome of such
request and any further attempts to obtain such SARs and related
information. FinCEN also estimates one hour for the burden associated
with maintaining records sufficient to identify the specific foreign
jurisdictions in which branches, subsidiaries, or affiliates of
financial institutions are located and that received any specific SAR
or related information.
FinCEN understands that some participant financial institutions may
have existing SAR sharing procedures and confidentiality agreements in
place that could be leveraged for the pilot program, whereas other
institutions may need to create them. For that reason, FinCEN estimates
that the proposed rule would add roughly 59 burden hours per
participant financial institution a year based on the above
calculations.\43\
---------------------------------------------------------------------------
\43\ FinCEN arrived at the estimate of 58 burden hours by
calculating 20 hours (application) + 1 hour (material deviations
from the written agreement) + 20 hours (confidentiality agreements)
+ 16 hours (quarterly reports) + 1 hour (law enforcement referrals)
= 58 hours annual per financial institution.
---------------------------------------------------------------------------
Estimated Total Annual Reporting Burden: 5,900 hours (100 financial
institutions multiplied by 59 hours). This is a new regulatory
requirement that requires a new OMB control number. The OMB control
number assigned to the recordkeeping and reporting requirements
described in this notice is 1506-XXXX. 5,900 hours will be assigned to
new OMB control number 1506-XXXX.
Specific Questions for Comment:
(1) FinCEN is requesting comment from financial institutions that
anticipate voluntarily participating in the pilot program on whether
the estimate of 100 financial institutions that might participate in a
pilot program is accurate, so that FinCEN can further refine its
estimate of expected participants.
(2) Is FinCEN's burden estimate of 20 hours per year for a
financial institution to draft and submit an application reasonable?
(3) Is FinCEN's burden estimate of 20 hours per year for a
financial institution to draft and maintain written confidentiality
agreements and maintain policies and procedures related to disclosure
requests reasonable?
(4) Is FinCEN's burden estimate of 16 hours per year for a
financial institution to submit four quarterly reports reasonable?
(5) Is FinCEN's burden estimate of one hour per year for a
financial institution to refer law enforcement, regulator, or outside
party requests to FinCEN reasonable?
(6) Is FinCEN's burden estimate of one hour per year for a
financial institution to maintain records to sufficiently track SARs
such that a participant financial institution can identify a specific
SAR shared with a specific foreign branch, subsidiary, or affiliate?
(7) How often does an institution receive requests or demands for
SARs and related information from law enforcement, a regulator, or
other outside party?
General Questions for Comment: In addition to the questions listed
above, FinCEN invites comment on: (a) Whether the proposed collection
of
[[Page 3727]]
information is necessary for the proper performance of the functions of
FinCEN, including whether the information will have practical utility;
(b) the accuracy of the estimated burden associated with the proposed
collection of information; (c) how the quality, utility, and clarity of
the information to be collected may be enhanced; and (d) how the burden
of complying with the proposed collection of information may be
minimized, including through the application of automated collection
techniques or other forms of information technology.
List of Subjects in 31 CFR Part 1010
Administrative practice and procedure, Banks, Banking, Currency,
Foreign banking, Foreign currencies, Investigations, Penalties,
Reporting and recordkeeping requirements, Terrorism.
Authority and Issuance
For the reasons set forth in the preamble, part 1010 of chapter X
of title 31 of the Code of Federal Regulations is proposed to be
amended as follows:
PART 1010--GENERAL PROVISIONS
0
1. The authority citation for part 1010 continues to read as follows:
Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314,
5316-5336; Title III, sec. 314, Pub. L. 107-56, 115 Stat. 307; sec.
2006, Pub.L 114-41. Stat. 458-459; sec. 701, Pub. L. 114-74, 129
Stat. 599; sec. 6403, Pub. L. 116-283, 134 Stat. 3388.
0
2. Add Sec. 1010.240 to subpart B to read as follows:
Sec. 1010.240 Pilot program authorizing SAR sharing with foreign
branches, subsidiaries, and affiliates.
(a) Definitions. For purposes of this section, the following terms
have the following meanings:
(1) Eligible financial institution. The term ``eligible financial
institution'' means a financial institution as described in 31 U.S.C.
5312(a)(2) that is obligated to report suspicious activity under 31
U.S.C. 5318(g), including without limitation:
(i) Banks, as defined at 31 CFR 1010.100(d);
(ii) Casinos and card clubs, as defined at 31 CFR 1010.100(t)(5)
and (6), respectively;
(iii) Money services businesses, as defined at 31 CFR 1010.100(ff);
(iv) Brokers or dealers in securities, as defined at 31 CFR
1010.100(h);
(v) Mutual funds, as defined at 31 CFR 1010.100(gg);
(vi) Insurance companies, as defined at 31 CFR 1025.100(g);
(vii) Futures commission merchants and introducing brokers in
commodities, as defined at 31 CFR 1010.100(x) and (bb), respectively;
(viii) Loan or finance companies, as defined at 31 CFR
1010.100(lll); and
(ix) Housing government sponsored enterprises, as defined at 31 CFR
1010.100(mmm).
(2) Participant financial institution. The term ``participant
financial institution'' means an eligible financial institution that
FinCEN has authorized to engage in the pilot program described in this
section, in accordance with the requirements set forth in this section
and any other conditions imposed by FinCEN.
(3) Affiliate. The term ``affiliate'' means an entity that
controls, is controlled by, or is under common control with another
entity, including any branch or subsidiary.
(4) Suspicious activity report (SAR) and related information. The
term ``SAR and related information'' means a report filed pursuant to
31 CFR 1020.320 (banks); 1021.320 (casinos and card clubs); 1022.320
(money services businesses); 1023.320 (brokers or dealers in
securities); 1024.320 (mutual funds); 1025.320 (insurance companies);
1026.320 (futures commission merchants and introducing brokers in
commodities); 1029.320 (loan or finance companies); 1030.320 (housing
government-sponsored enterprises), and any information that would
reveal the existence of such a report.
(5) Commencement date. The term ``commencement date'' means the
date on which a participant financial institution begins sharing SARs
and related information with foreign affiliates pursuant to the
requirements of the pilot program described in this section, in
accordance with the requirements set forth in this section and any
other conditions imposed by FinCEN.
(b) Participation in the SAR pilot program. Notwithstanding any
other provision of this chapter, and subject to the terms and
conditions specified in this section or otherwise prescribed by FinCEN,
a financial institution approved by FinCEN to participate in the SAR
pilot program may share SARs and related information, including the
fact that a SAR has been filed, with the institution's foreign
affiliates for the purpose of combating illicit finance risks.
(c) Obligations of a participant financial institution--(1)
Application. Eligible financial institutions must obtain approval from
FinCEN to participate in the pilot program. To obtain FinCEN approval,
an eligible financial institution shall submit a written application to
FinCEN. FinCEN will notify the financial institution's relevant Federal
functional regulator of the application. FinCEN will share any
materials submitted in connection with an application under this
section with relevant Federal functional regulators, or, as
appropriate, other relevant agencies. The written application must:
(i) Identify the institution's point of contact(s) for pilot
program-related correspondence with FinCEN, and, for entities located
abroad, appoint agents for service of process in the United States;
(ii) Specify the foreign affiliates with which the financial
institution intends to share SARs and related information, including
the operational jurisdictions of such entities, as well as whether such
entities will be providing reciprocal information to the applicant
institution;
(iii) Specify the particular purpose or purposes for which the
foreign affiliates intend to use SARs and related information;
(iv) Include an estimated commencement date for the institution's
pilot program; and
(v) Provide a description of all internal controls in place to
protect the confidentiality of and prevent unauthorized disclosures of
SARs and related information and ensure data security and
confidentiality of personally identifiable information.
(2) Internal controls--(i) Implementation of internal controls. A
participant financial institution must implement and maintain policies,
procedures, and internal controls that are reasonably designed to
ensure that its foreign affiliates do not permit unauthorized
disclosures of SARs and related information shared pursuant to the
pilot program. These controls should include:
(A) Written confidentiality agreements or arrangements specifying
that all personnel in foreign affiliates granted access to SARs and
related information pursuant to the pilot program must safeguard the
confidentiality of SARs and related information shared pursuant to the
pilot program, including information indicating that a SAR has been
filed;
(B) Provisions for the secure transmission and storage of SARs and
related information between the participant financial institution and
its foreign affiliates; and
(C) Processes and procedures for personnel located in the United
States to review any request from foreign law enforcement, foreign
regulators, or an outside foreign party for SARs and related
information shared pursuant to the pilot program.
[[Page 3728]]
(ii) Copies of internal controls. FinCEN may request copies of
internal policies and procedures, including confidentiality agreements,
designed to ensure compliance with the pilot program. FinCEN may share
these documents with relevant Federal functional regulators or other
relevant agencies.
(3) Approval. In determining whether to approve an application,
FinCEN will consider, in its sole discretion, the requirements of
Federal and State law enforcement operations; any potential concerns of
the intelligence community; appropriate standards and requirements
regarding data security and the confidentiality of personally
identifiable information, including the adequacy of the financial
institution's internal controls; and, any other appropriate factors
consistent with the purposes of the Bank Secrecy Act.
(4) Additional requirements. As a condition of approving an
application, FinCEN may impose additional requirements, including
requiring a participant financial institution to adopt additional
controls related to its participation in the pilot program. FinCEN may
impose additional requirements on a participant financial institution
at any time after the application is approved.
(5) Modification. A participant financial institution shall not
deviate in any material manner from the controls proposed in the
application described in paragraph (1) or from any additional
requirements imposed by FinCEN, except with FinCEN's written approval.
(6) Termination. FinCEN may terminate a financial institution's
participation in the pilot program at any time if, in its sole
discretion, FinCEN determines that such termination is consistent with
the considerations set forth in 31 U.S.C. 5318(g)(8)(A) or for other
good cause.
(7) Pre-commencement notice to FinCEN. After obtaining approval
from FinCEN, a participant financial institution shall provide FinCEN
with advance written confirmation of the commencement date of the
financial institution's sharing of SARs and related information with
its foreign affiliates.
(8) Quarterly reporting requirement. A participant financial
institution shall submit reports regarding its participation in the
pilot program to FinCEN every three months after the commencement date
of its pilot program. FinCEN intends to share quarterly reports with
relevant Federal functional regulators or other relevant agencies.
Quarterly reports shall include information concerning:
(i) Total number of SARs and related information shared;
(ii) The name and jurisdiction of each foreign affiliate that
received SARs and related information, its relationship with the
participant financial institution, and the intended purposes and uses
for which the SAR and related information were shared;
(iii) Any legal and compliance issues related to the financial
institution's participation in the pilot program;
(iv) Any technical difficulties and challenges encountered;
(v) Any enhancements to the financial institution's AML/CFT
program, including reallocation of resources to higher-priority AML/CFT
risks enabled as a result of the financial institution's participation
in the pilot program. Financial institutions may consult FinCEN's AML/
CFT National Priorities, issued pursuant to section 5318(h)(4)(A) of
the BSA, to further describe successes in this area; and
(vi) Lessons learned arising from the financial institution's
participation in the pilot program, to include any identified
deficiencies.
(9) Requirement for personnel located in the United States. A
participant financial institution shall maintain appropriate personnel
located in the United States to review requests or demands of a foreign
affiliate for SARs and related information pursuant to its
participation in the pilot program.
(10) Receipt of information requests, subpoenas, and other requests
for SARs and related information. A participant financial institution
shall immediately notify FinCEN of all requests or demands on the
participant financial institution or its foreign affiliates for SARs or
related information from foreign law enforcement, foreign regulators,
or any other outside foreign party. Participant financial institutions
and their foreign affiliates shall direct the requesting authority to
both contact FinCEN about obtaining the requested SARs or related
information, and seek to obtain such records or information through a
request to the United States pursuant to a mutual legal assistance
treaty or other appropriate mechanism for obtaining records from the
United States.
(11) Unauthorized disclosures. A participant financial institution
must immediately notify FinCEN upon learning of or discovering any
unauthorized disclosures of SARs or related information shared pursuant
to the pilot program and provide all information to FinCEN relating to
such unauthorized disclosure.
(12) SAR tracking. A participant financial institution shall
maintain records sufficient to identify the specific foreign
jurisdictions in which affiliates of financial institutions are located
and that received any specific SAR or related information. Such records
shall be maintained so as to enable the participant financial
institution to readily report this information to FinCEN upon request.
(d) Prohibition involving certain jurisdictions. (1) A participant
financial institution shall not share SARs or related information with
a foreign affiliate located in:
(i) The People's Republic of China;
(ii) The Russian Federation; or
(iii) A jurisdiction that:
(A) Is a state sponsor of terrorism, as determined by the U.S.
Department of State;
(B) Is subject to financial and economic sanctions imposed by the
Federal Government, i.e., jurisdictions with governments whose property
and interests in property in U.S. jurisdictions are blocked pursuant to
U.S. sanctions authorities and jurisdictions subject to broad
prohibitions on transactions by U.S. persons involving that
jurisdiction, such as prohibitions on importing or exporting goods,
services, or technology to the jurisdiction or dealing in goods or
services originating from the jurisdiction, pursuant to U.S. sanctions
authorities;
(C) Has been identified as a primary money laundering concern
pursuant to Section 311 of the USA PATRIOT Act (Pub. L. 107-56) or
section 9714 of the Combating Russian Money Laundering Act (Pub. L.
116-283); or
(D) The Secretary has determined cannot reasonably protect the
security and confidentiality of suspicious activity reports and related
information.
(2) The Secretary may make an exception on a case-by-case basis for
a financial institution located in jurisdictions listed in paragraphs
(c)(1)(i) and (ii) of this section if the Secretary determines that
such an exception is in the national security interest of the United
States and provides appropriate notification to Congress. A financial
institution seeking an exception to share SARs or related information
with a foreign affiliate located in jurisdictions listed in paragraphs
(c)(1)(i) and (ii) of this section must submit a written request to the
Director of FinCEN setting forth its reasons for the exception.
(e) Treatment of foreign jurisdiction-originated reports.
Information related to a report received by a financial institution
from a foreign affiliate with respect to a suspicious transaction
relevant to a possible violation of law or
[[Page 3729]]
regulation shall be subject to the same confidentiality requirements as
reports filed under 31 U.S.C. 5318(g).
(f) Prohibition on offshoring compliance operations. Participant
financial institutions are prohibited from establishing or maintaining
any operation located outside of the United States the primary purpose
of which is to ensure compliance with the Bank Secrecy Act as a result
of the information sharing granted by this pilot program.
(g) Duration of the pilot program. This pilot program shall
terminate on January 1, 2024. The Secretary may extend the pilot
program for not more than two years upon appropriate notification to
Congress pursuant to 31 U.S.C. 5318(g)(8)(B)(iii).
(h) Prohibition on disclosure. Except to the extent authorized
pursuant to the pilot program or in existing regulations or guidance,
no participant financial institution, director, officer, employee, or
agent of or for a participant financial institution, and no foreign
affiliate of a participant financial institution shall disclose to any
person any SAR or related information shared pursuant to the pilot
program.
(i) SAR disclosures by a foreign affiliate. Civil money penalties
and criminal sanctions may be imposed on any foreign affiliate under 31
U.S.C. 5321 and 31 U.S.C. 5322 for any violation of the preceding
paragraph (h) of this section, without regard to whether the
unauthorized disclosure occurs in the United States. Civil money
penalties shall be assessed and collected in the manner provided in 31
U.S.C. 5321(b) and (d).
By the Department of the Treasury.
Himamauli Das,
Acting Director, Financial Crimes Enforcement Network.
[FR Doc. 2022-01331 Filed 1-24-22; 8:45 am]
BILLING CODE 4810-02-P
</pre></body>
</html>Indexed from Federal Register on January 25, 2022.
This is legal information, not legal advice. Laws vary by jurisdiction and change frequently. Always verify current law with official sources and consult a licensed attorney in your jurisdiction for advice on your specific situation.