Title31

ITINs - Used for BSA Identification ... but should they be?

Jim Richards — Fri, 04 Jan 2008 16:36:33 -0500

Individual Taxpayer Identification Numbers (ITINs) are an IRS creation ... but even the IRS warns against using them for identification purposes! Read here for some background on ITINs ... from http://www.irs.gov/individuals/article/0,,id=96287,00.html

What is an ITIN?

An Individual Taxpayer Identification Number (ITIN) is a tax processing number issued by the Internal Revenue Service. It is a nine-digit number that always begins with the number 9 and has a 7 or 8 in the fourth digit, example 9XX-7X-XXXX. IRS issues ITINs to individuals who are required to have a U.S. taxpayer identification number but who do not have, and are not eligible to obtain a Social Security Number (SSN) from the Social Security Administration (SSA). ITINs are issued regardless of immigration status because both resident and nonresident aliens may have U.S. tax return and payment responsibilities under the Internal Revenue Code.
Individuals must have a filing requirement and file a valid federal income tax return to receive an ITIN, unless they meet an exception.

What is an ITIN used for?

ITINs are for federal tax reporting only, and are not intended to serve any other purpose. An ITIN does not authorize work in the U.S. or provide eligibility for Social Security benefits or the Earned Income Tax Credit. ITINs are not valid identification outside the tax system. IRS issues ITINs to help individuals comply with the U.S. tax laws, and to provide a means to efficiently process and account for tax returns and payments for those not eligible for Social Security Numbers.

Who needs an ITIN?

IRS issues ITINs to foreign nationals and others who have federal tax reporting or filing requirements and do not qualify for SSNs. A non-resident alien individual not eligible for an SSN, who is required to file a U.S. tax return only to claim a refund of tax under the provisions of a U.S. tax treaty, needs an ITIN.

Examples of individuals who need ITINs include:

Non-resident alien filing a U.S. tax return and not eligible for an SSN
U.S. resident alien (based on days present in the United States) filing a U.S. tax return and not eligible for an SSN
Dependent or spouse of a U.S. citizen/resident alien
Dependent or spouse of a non-resident alien visa holder

How do I know if I need an ITIN?

If you do not have an SSN and are not eligible to obtain an SSN, but you have a requirement to furnish a federal tax identification number or file a federal income tax return, you must apply for an ITIN. By law, an alien individual cannot have both an ITIN and an SSN. IRS processes returns showing SSNs or ITINs in the blanks where tax forms request SSNs. IRS no longer accepts, and will not process, forms showing "SSA205c," "applied for," "NRA," blanks, etc.

Are ITINs valid for identification?

No. ITINs are not valid identification outside the tax system. Since ITINs are strictly for tax processing, IRS does not apply the same standards as agencies that provide genuine identity certification. ITIN applicants are not required to apply in person, and IRS does not further validate the authenticity of identity documents. ITINs do not prove identity outside the tax system, and should not be offered or accepted as identification for non-tax purposes.

Are ITINs valid for work purposes?

No. ITINs are for federal income tax purposes only.

What are the revised application standards for ITINs?
Effective immediately, each ITIN applicant must now:

Apply using the revised Form W-7, Application for IRS Individual Taxpayer Identification Number ; and
Attach a federal income tax return to the Form W-7.
Applicants who meet an exception to the requirement to file a tax return (see the instructions for Form W-7)must provide documentation to support the exception.

What documents are acceptable as proof of identity and foreign status?

IRS has streamlined the number of documents the agency will accept as proof of identity to obtain an ITIN. There are now 13 acceptable documents.

An original, or a certified or notarized copy, of an UNEXPIRED passport is the only document that is accepted for both identity and foreign status. If you do not have a passport, you must provide a combination of current documents that contain expiration dates - we accept docs issued within 12 months of the application if no expiration date is normally available. The documents must also show your name and photograph, and support your claim of foreign status. IRS will accept certified or notarized copies of a combination (two or more) of the following documents, in lieu of a passport:

National identification card (must show photo, name, current address, date of birth, and expiration date)
U.S. driver's license
Civil birth certificate
Foreign driver's license
U.S. state identification card
Foreign voter's registration card
U.S. military identification card
Foreign military identification card
Visa
U.S. Citizenship and Immigration Services (USCIS) photo identification
Medical records (dependents - under 14 years old - only)
School records (dependents and/or students - under 25 years old - only)

How do I apply for an ITIN?

Use the January 2005 revision of Form W-7, Application for IRS Individual Taxpayer Identification Number to apply. Attach a valid federal income tax return unless you qualify for an exception, and include your original or certified proof of identity documents.
Because you are filing your tax return as an attachment to your ITIN application, you should not mail your return to the address listed in the Form 1040, 1040A or 1040EZ instructions. Instead, send your return, Form W-7 and proof of identity documents to the address listed in the Form W-7 instructions:
Internal Revenue Service
Philadelphia Service Center
ITIN Unit, P.O. Box 447
Bensalem, PA 19020
You may also apply using the services of an IRS-authorized Acceptance Agent or visit an IRS Taxpayer Assistance Center in lieu of mailing your information to the IRS in Philadelphia. TACs in the United States provide in-person help with ITIN applications on a walk-in or appointment basis. Applicants outside the United States should contact an overseas the IRS office to find out if that office accepts Form W-7 applications. The IRS's ITIN Unit in Philadelphia issues all numbers by mail.

When should I apply for an ITIN?

You should complete Form W-7 as soon as you are ready to file your federal income tax return, since you need to attach the return to your application.
If you meet one of the exceptions and do not need to file a return, submit Form W-7, along with the documents required to meet your purpose for needing an ITIN, as soon as possible after you determine that you are covered by that exception.
You can apply for an ITIN any time during the year; however, if the tax return you attach to Form W-7 is filed after the return's due date, you may owe interest and/or penalties. You should file your current year return by the April 15 deadline to avoid this.

How and when can I expect to receive my ITIN?

If you qualify for an ITIN and your application is complete, you will receive a letter from the IRS assigning your tax identification number, usually within four to six weeks. The IRS is changing from an ITIN card to an authorization letter to avoid any possible similarities with a Social Security Number card. Current ITIN holders' cards will not be replaced; they should continue to use the numbers previously issued when they need to supply identifying numbers for tax purposes.
If you have not received your ITIN or other correspondence six weeks after applying, you may call the IRS to find out the status of your application.

Where can I get help with my ITIN application?

You may call the IRS toll-free at 1-800-829-1040 for information and help in completing your Form W-7 and your tax return, or to check on the status of your application six weeks after submitting Form W-7. Assistance is also available by appointment at IRS Taxpayer Assistance Centers (TACs) in the United States provide in-person help with ITIN applications on a walk-in or appointment basis. Applicants outside the United States may contact an overseas IRS office to find out if that office accepts Form W-7 applications. You may also use the services of an IRS-authorized Acceptance Agent.

What is an Acceptance Agent?

An Acceptance Agent is an individual, business or organization (college, financial institution, accounting firm, etc.) authorized by IRS to assist individuals in obtaining ITINs. Acceptance Agents review applicants' documentation, complete a certificate of accuracy, and forward the certificate and application to the IRS for processing. Some Acceptance Agents may charge a fee. Click here for a list of Acceptance Agents.

ITINs and BSA requirements ...
Section 326 CIP requirements state that we must collect an “identification number.” The regulations state that an identification number for a US person is a TIN. Per IRS rules, an ITIN is a TIN, but an ITIN should not be used as proof of identification. We are not using an ITIN (or SSN or EIN) as proof of identity…it is customer information that we are required to obtain, as a first step in our process of verifying a customer’s identity to the extent reasonably possible.

FATF 40 Recommendations

Jim Richards — Fri, 04 Jan 2008 16:33:34 -0500

FATF 40 Recommendations
1900 - revised 1996
Four categories:
A. Legal Considerations - Recs 1-3
B. Measures for Financial and Non-Financial Institutions - Recs 4-25
C. Countries' Programs - Recs 26-34
D. International Cooperation - Recs 35-40

A. Legal Considerations
1. Scope of criminal offence of money laundering - incorporate 1988 Vienna Convention (drugs), 2000 Palermo Convention (OC), consider predicate crimes by category or threshold (Glossary has 20 categories of predicates)
2. Intent for crime of ML per Vienna and Palermo. Extend crime to legal persons
3. Forfeiture

B. Measures to Prevent ML
4. Secrecy laws should not inhibit implementation of 40 Recs
5. Customer Due Diligence and Recordkeeping - the BIGGEST Recommendation with Interpetive Notes! - do not keep anonymous accounts or accounts in obviously fictitious names. Identify and verify - ongoing process through monitoring. Risk "sensitive"
6. EDD for PEPs - defined in Glossary similar to SFPF in 312 of USA PATRIOT Act (friends and family)
7. EDD for "cross-border" correspondent banking
8. Caution re changing technologies for opening and accessing accounts
9. Reliance on Intermediaries
10. Recordkeeping - 5 years
11. Monitor complex, unusual transactions and patterns that have "no apparent economic or visible lawful purpose" and keep records thereof
12. "Designated Non-Financial Businesses and Entities" - Recs 5-11 appply to these 6 categories of Designated Non-Financial Businesses and Entities: (1) Casinos (2) Real Estate Agents (3) Dealers in Precious Metals (4) Dealers in Precious Jewels (5) Lawyers, Notaries, Accountants (when they carry our transactions for their clients) (6) Trust and Service Company Providers. Note that "Financial Institutions" are also defined in the Glosaary by function, not type (eg., providing deposit taking services, etc)
13. Suspicious Transaction Reporting
14. Safe Harbor and Non-Disclosure of STRs
15. AML Programs need (1) Controls (2) Training (3) Testing and, if a Financial Institution, (4) Compliance Officer
16. 13-15 apply to Non-Financial Businesses and Entities to the extent they are doing transactions
17. Sanctions - effective, proportionate, dissuasive sanctions ... criminal, civil, or administrative ... against natural and legal persons
18. Prohibition on shell banks
19. CONSIDER reporting currency transactions above a fixed amount
20. CONSIDER extending the list of designated non-financial businesses or entities
21. Special attention to corporations and financial institutions in countries that don't adhere to FATF 40 Recs
22. Special attention to subs of corps and branches of FIs in countries that don't adhere to FATF 40 Recs
23. Adequate supervision and regulation of FIs. Apply the "Core Principles" (from Basel for banks, and for insurance and securities)
24. Adequate supervision and regulation of designated non-financial businesses and entities, especially casinos
25. Supervisors and regulators should provide guidance

C. Domestic Institutions and Systems
26. Establish FIU
27. Dedicated Law Enforcement
28. Law enforcement to have subpoena and seizure powers
29. Supervisors with authority
30. FIU, Law Enforcement, and Supervisors to have the needed resources
31. Policy Makers, FIU, Law Enforcement, Supervisors to cooperate and coordinate
32. Keep statistics (helps with annual self-assessments and mutual evaluations conducted by FATF)
33. Prevent unlawful use of Legal PERSONS by money launderers
34. Prevent unlawful use of Legal ARRANGEMENTS by money launderers

D. International Cooperation
35. Implement 1988 Vienna Convention (ML in drug trafficking), 2000 Palermo Convention (ML in Organized Crime), and 1999 UN Convention on the Suppression of Terrorism and Terrorist Financing
36. Mutual Legal Assistance - should "rapidly, constructively, and effectively" provide the widest range of MLA: don't place unduly restrictive conditions, ensure clear and efficient processes, do not refuswe if only "fiscal" (eg., tax cheats), do not refuse because of secrecy or confidentiality laws, allow subpoenas
37. Mutual Legal Assistance - should "to the greatest extent possible" render MLA notwithstanding there is no dual criminality
38. Mutual Legal Assistance - allow for forfeiture and seizure, and share proceeds
39. Money laundering is an extraditable offence
40. Other forms of international cooperation, including exchange of information (really at the FIU level)

BSA Exam Manual - A Barebones outline

Jim Richards — Fri, 04 Jan 2008 16:32:09 -0500

BSA Exam Manual
2005 - June 23
2006 - July 28
2007 - August 24

Key BSA/AML Regulatory Requirements
1. Customer Identification Program - CIP
2. Customer Due Diligence - CDD
3. Suspicious Activity Reporting - SARs
4. Currency Transaction Reporting - CTRs
5. Currency Transaction Reporting Exemptions
6. Information Sharing - 314(a) and 314(b)
7. Purchase and Sale of Monetary Instruments Recordkeeping
8. Funds Transfers Recordkeeping
9. Foreign Correspondent Account Recordkeeping and Due Diligence
10. Private Banking Due Diligence Program
11. Special Measures - 319
12. Foreign Bank and Financial Accounts Reporting
13. International Transportation of Currency or Monetary Instruments Reporting
14. OFAC

Key BSA/AML Products and Services
1. Correspondent Accounts - Domestic
2. Correspondent Accounts - Foreign
3. US Dollar Drafts
4. Payable Through Accounts
5. Pouch Activities
6. Electronic Banking
7. Funds Transfers
8. Automated Clearing House Transactions
9. Electronic Cash
10. Third-Party Payment Processors
11. Purchase and Sale of Monetary Instruments
12. Brokered Deposits
13. Privately Owned ATMs
14. Nondeposit Investment Products
15. Insurance
16. Concentration Accounts
17. Lending Activities
18. Trade Finance Activities
19. Private Banking
20. Trust and Asset Management Services

Key BSA/AML Persons and Entities
1. Nonresident Aliens and Foreign Individuals
2. Politically Exposied Persons
3. Embassy and foreign Consulate Accounts
4. Non-Bank Financial Institutions
5. Professional Service Providers
6. Non-governmental Organizations and Charities
7. Business Entities (Domestic and Foreign)
8. Cash-Intensive Businesses

The 30-Day Clock ...

Jim Richards — Thu, 23 Mar 2006 09:03:27 -0500

Suspicious Activity Reports (SARs) - Timing of SAR Filings
Expeditious Reasonableness, or “I know it when I see it”

Issue Summary

There is no definitive judicial or regulatory decision that provides clear guidance as to when the statutory 30-day SAR filing period begins to run. Rather, one can argue that, without guidance or ruling, the 30-day SAR filing period begins when it ends, so long as the beginning is reasonable and the end is reached expeditiously. Maybe. The 30-day time period within which a financial institution must make a decision to file/not file a SAR runs from some time “during its review” of the suspect activity “or because of other factors.” There is no guidance on what these “other factors” are or why they would occur or be identified outside the period of review, giving the regulators a perfectly subjective, case-by-case, bank-by-bank standard. The ultimate result is that the only answer to the question “when does the SAR 30-day time period begin to run is the famous "I know it when I see it".

By regulation, a bank is required to file a SAR “no later than 30 calendar days after the date of initial detection by the bank of facts that may constitute a basis for filing the SAR.”

The June 2005 BSA/AML Examination Manual issued by the federal financial institution regulatory agencies provided that “the time period for filing a SAR starts when the organization, during its review or because of other factors, knows or has reason to suspect that the activity or transactions under review meet one or more of the definitions of suspicious activity … Whenever possible, an expeditious review of the transaction or the account is recommended and can be of significant assistance to law enforcement. In any event, the review should be completed in a reasonable period of time.”

This guidance is not particularly helpful: what is meant by the terms “initial detection” and “facts”; how does the modifier “may” affect the requirement; when does a bank “know or have reason to suspect that the activity” is suspicious; what is “expeditious” and a “reasonable period of time”?

Although the regulation does not so indicate, the regulators appear to have taken the position that the clock does NOT begin to run when a transaction that eventually forms the basis for a SAR is first detected by a person (perhaps in a branch) or by a transaction-monitoring tool. But what about when a SAR investigative group receives such a report or an alert, or opens up an investigation? Does the clock begin to run only when the investigator determines the activity to be suspicious … so long as that investigation is completed in a “reasonable” period of time? If so, what is “reasonable”? Does it depend on the complexity of the investigation? Or is an investigator’s decision determinative, or is it his/her supervisor or manager or the legal department or the AML oversight committee that can only provide the suspicion?

An excerpt from a FinCEN SAR Activity Review dated October 2000 best illustrates the industry’s longstanding position:

“The time to file a SAR starts when the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.”

Is this position practical when looked at from the perspective of the intent and wording and history of the SAR regulation?

Historical Background

The Suspicious Activity Report "30 day clock" issue comes from the bank SAR filing regulation, 31 CFR 103.18, specifically subsections (a) and (b):

(a) General

(1) Every bank shall file with the Treasury Department, to the extent and in the manner required by this section, a report of any suspicious transaction relevant to a possible violation of law or regulation…

(2) A transaction requires reporting under the terms of this section if it is conducted or attempted by, at, or through the bank, it involves or aggregates at least $5,000 in funds or other assets, and the bank knows, suspects, or has reason to suspect that:
(i) The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities … as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;
(ii) The transaction is designed to evade any requirements of this part or of any other regulations promulgated under the Bank Secrecy Act …; or
(iii) The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.”

(b) Filing Procedures

(3) When to file. A bank is required to file a SAR no later than 30 calendar days after the date of initial detection by the bank of facts that may constitute a basis for filing the SAR. If no suspect was identified on the date of the detection of the incident requiring the filing, a bank may delay filing a SAR for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction. In situations involving violations that require immediate attention, such as, for example, ongoing money laundering schemes, the bank shall immediately notify, by telephone, an appropriate law enforcement authority in addition to filing timely a SAR."

The first proposed regulation had different language. As published in the Federal Register on September 7, 1995, it read as follows:

(3) When to file. A bank is required to file each SAR not later than 30 calendar days after the first date on which the bank becomes aware of the facts constituting the transaction to which the report relates. If no suspect is identified on the date of detection of the incident triggering the filing, a bank may delay filing an SAR for an additional 30 calendar days, but in no case shall reporting be delayed more than 60 calendar days after the date of the transaction. In situations involving violations that require immediate attention, such as when a reportable violation is ongoing, the bank shall immediately notify by telephone the appropriate law enforcement authority in addition to filing an SAR. [60FR46561-622]

The key difference, then, was a change from “30 calendar days after the first date on which the bank becomes aware of the facts constituting the transaction to which the report relates” to “30 calendar days after the date of initial detection by the bank of facts that may constitute a basis for filing the SAR”. There was some discussion by the regulatory agencies about this change, as discussed below.

The final regulation was published in the Federal Register on February 5, 1996 (see Appendix II, attached, for the entire text of the proposed rule and final rule as published in the Federal Register). In it, the regulatory agencies that published the final Rule wrote, in relevant part, as follows:

“ … the period for filing runs not from the date of the transaction being reported, but from the date of the ‘initial detection’ of facts that may constitute a basis for the filing of a SAR; in many cases the two dates will be the same, but in others, where the transaction is detected by the bank's compliance screening systems, the dates may differ. If the bank's own internal investigation is still ongoing when filing is required the form filed may so indicate, but the form must nonetheless be filed within the periods specified in the rule.” 61 FR 4329

The first sentence is helpful: the period for filing does not begin on the date of the transaction being reported. But the last sentence adds some confusion. It appears that the regulators envisioned that in many cases the date of the transaction being reported was the same as the date of the “initial detection” of the facts that may constitute the filing of the SAR. But where that transaction comes to the attention of the bank because it was flagged or caught by screening or monitoring systems, the date of the transaction and the date of initial detection may not be the same. But the time within which to conduct an investigation is limited – even if it is a complicated investigation, the clock doesn’t pause, and the SAR “must nonetheless be filed within the periods specified in the rule.” The clock doesn’t begin to run on the date of the transaction being reported, but on the date of the initial detection of facts that may constitute the basis for filing a SAR. But if it is a complicated case that may take months before a SAR can be filed, the bank still must file a SAR within the period specified (“30 days from the date of initial detection of facts that may constitute the basis for filing a SAR”). So their logic appears circular, and the guidance is less helpful than first appears.

Compare this language in the SAR timing sections to that of the CTR timing section in 31 CFR 103.27(a): "CTR shall be filed within 15 days following the day on which the transaction occurred." There is nothing in the CTR language that suggests an “investigation” is required before a bank can form a reasonable belief a CTR must be filed. Thus, perhaps, the shorter time period – but a period beginning from the date of the transaction being reported.

What sort of “investigation” did the regulators envision for suspicious activities? Subsection 31CFR103.18(a) speaks of a transaction involving criminal-related funds or a transaction designed to evade the reporting requirements, or where:

“ … the transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.” (emphasis added).

More revealing perhaps, of the regulators’ mind-set or intent when they wrote this regulation in 1996 was this comment in the Federal Register, where they estimated that the time burden for banks to prepare a SAR was one hour:

“The burden per respondent varies depending on the nature of the suspicious transaction being reported. FinCEN estimates that the average annual burden for reporting and recordkeeping per response will be 1 hour.” 61 FR 4331

This wholly unrealistic estimate of the time it takes to identify, investigate, and report suspicious activity suggests that a review of the entire SAR process is warranted.

Since 1996, the banking industry's position appears to have evolved to be that a bank has 30 days to file a SAR after determining that the transaction is suspicious.

How does this position stack up against an objective view and interpretation of the wording and intent of the regulation?

If you took out the words "initial" and "may" from the regulation, the industry's position seems reasonable: a SAR must be filed "no later than 30 calendar days after the date of initial detection by the bank of facts that may constitute a basis for filing the SAR." Including the phrases "initial detection" and "may constitute", without having any wording about a "reasonable time to conduct an investigation", suggests to me that the intent of the regulation is different than the industry's position.

103.18(a) speaks of filing a SAR on a suspicious “transaction”. The timing requirements in 103.18(b), however, mentions the term “transaction” but also mentions “facts that may constitute a basis for filing the SAR”, an “incident requiring the filing” and a “reportable transaction.” It is confusing.

To compound the confusion, the SAR form itself does not allow the filing institution to include a “date of initial detection of facts that may constitute the filing of a SAR.” Instead, Part III, box 33 in Treasury Department Form TD F 90-22.47 (the “bank” SAR form) provides for “date or date range of suspicious activity” using a “From” date and “To” date. In other words, it is a date range. And the instructions accompanying the form do not provide any guidance, other than quoting the regulation.

The SAR-C form for casinos and card clubs (FinCEN Form 102) is a bit more instructive. Part II Box 24 provides for “date or date range of suspicious activity” using a “From” date and “To” date. However, the instructions provide as follows:

“Part 24 … Enter the date of the reported activity in the ‘From’ field. If more than one day, indicate the duration of the activity by entering the first date in the ‘From’ field and the last date in the ‘To’ field. If the same individual or organization conducts multiple or related activities within the 30 calendar day period after the date of initial detection, the reporting institution may consider reporting the suspicious transactions on one form but only if doing so will fully describe what has occurred. A new report must be filed for other related suspicious transactions committed after the initial detection period.”

From when, then, does this 30-day clock begin to run? It ends on the day the SAR is filed with FinCEN.

The following discussion is contained in Section 5 of The SAR Activity Review – Trends, Tips & Issues, October, 2000 accessed online on April 14, 2005 at http://www.fincen.gov/sarreviewforweb.pdf:

“It may be appropriate for organizations to conduct a review of the activity to determine whether a need exists to file a SASR. The fact that a review of customer activity or transactions is determined to be necessary is not necessarily indicative of the need to file a SAR, even if a reasonable review of the activity or transactions might take an extended period of time. The time to file a SAR starts when the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.

Of course, an expeditious review, wherever possible, is recommended and can be of significant assistance to law enforcement. In situations involving violations of law requiring immediate attention, the organization should immediately notify law appropriate enforcement and supervisory authorities, in addition to filing a SAR.”

* * * * *

“As a general rule of thumb, organizations should report continuing suspicious activity with a report being filed at least every 90 days. This will serve the purposes of notifying law enforcement of the continuous nature of the activity, as well as provide a reminder to the organization that it must continue to review the suspicious activity to determine if other actions may be appropriate, such as terminating its relationship with the customer or employee that is the subject of the filing.”

The SAR Activity Reviews are published under the auspices of the BSA Advisory Group, a statutorily mandated group of representatives from the public and private sectors, appointed by the Director of FinCEN. For as long as the Review has been published, its co-chairs have been John Byrne of the American Bankers Association and a representative from FinCEN.

It appears, then, that the position of industry, as set out in this SAR Activity Review, is that:

The time to file a SAR starts when the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.

How does this position, from October 2000, match up with more current thinking? On March 23, 2005 the Office of Inspector General Department of the Treasury issued an Audit Report titled "FinCEN: Heightened Management Attention Needed Over Longstanding SAR Data Quality Problems." (See Appendix “I” –excerpts from that report that deal with the SAR timing issue).
Among other things, the OIG looked at how timely SARs had been filed and processed. They measured three time periods, all from the date of the suspected activity: days for the bank to prepare the SAR, days from SAR preparation to IRS receipt, and days from IRS receipt to posting in the SAR system. The OIG found that it took Banks, on average, 51 days to prepare SARs, a further 11 days for the IRS to receive those SARs, and a further 7 days for the IRS to enter those SARs in their system: a total of 68 days from the date of the suspected activity to the date of posting in the SAR database.

The OIG also noted "just over 25 percent of the sampled SARs entailed total processing times exceeding 60 days. Most of the lapsed time could be accounted for by financial institutions’ filing time rather than IRS processing time."

What was FinCEN's response? At page 9 of the Report FinCEN responded:

"Our report does not provide the information necessary to determine whether a SAR was timely filed. The timeframe between the conclusion of the suspicious activity, as provided in the SAR, and the date the report was filed does not conclusively establish whether the SAR was filed in a timely manner because the date the activity was discovered is not reported. Moreover, FinCEN believes it essential that financial institutions use the allotted filing time to ensure that the facts are reviewed and the reports receive appropriate senior level review before they are filed." (my emphasis added).

The OIG's evaluation of FinCEN's response is also helpful. At pages 10-11 the OIG writes:

“Our purpose in presenting filing and processing timeframes for the sampled SARs was to show when SAR information would be available to law enforcement, and for FinCEN to consider in ascertaining whether current regulatory timeframes are responsive to the needs of law enforcement. FinCEN is correct that it cannot be conclusively determined whether the institutions were late in filing the SARs as the regulatory filing timeframes are based on the date the institution first identifies the suspicious activity, which is information not captured on the SAR form. We note this limitation in the report. However, as the report describes below, groups of SARs with lengthy timeframes far exceeding regulatory time frames does indicate potential regulatory non-compliance, and we believe FinCEN should monitor for such patterns." (my emphasis added).

Regulatory Guidance on SAR Filing Timing

On June 23, 2005, the five federal financial institution regulatory agencies published the BSA/AML Examination Manual. At page 46 of the Manual, it provides as follows:

TIMING OF A SAR FILING
The SAR rules require that a SAR be filed no later than 30 calendar days from the date of the initial detection of the suspicious activity, unless no suspect can be identified. In that case, the time period for filing a SAR is extended to 60 days. Organizations may need to review transaction or account activity for a customer to determine whether to file a SAR. The need for a review of customer activity or transactions does not necessarily indicate a need to file a SAR. The time period for filing a SAR starts when the organization, during its review or because of other factors, knows or has reason to suspect that the activity or transactions under review meet one or more of the definitions of suspicious activity. (Footnote 49 – citing the Bank Secrecy Act Advisory Group, ‘Section 5 – Issues and Guidance’ The SAR Activity Review – Trends, Tips & Issues, October 2000, page 27.).
Whenever possible, an expeditious review of the transaction or the account is recommended and can be of significant assistance to law enforcement. In any event, the review should be completed in a reasonable period of time. For violations requiring immediate attention, such as when a reportable violation is ongoing, a bank is required to immediately notify, by telephone, an “appropriate law enforcement authority” and as necessary the bank’s primary regulator, in addition to filing a timely SAR. An “appropriate law enforcement authority” would generally be the local office of the Internal Revenue Service Criminal Investigation Division or the FBI. Notifying law enforcement of a suspicious activity does not relieve a bank of its obligation to file a SAR. (emphasis added)
The critical language may be “during its review” and the temporally significant “under review” contained in the sentence “The time period for filing a SAR starts when the organization, during its review or because of other factors, knows or has reason to suspect that the activity or transactions under review meet one or more of the definitions of suspicious activity.”

This guidance must be read in conjunction with a reference immediately above it (under a separate heading, “SAR Decision-Making Process”) that requires banks to have “policies, procedures, and processes for referring unusual activity from all business lines to the personnel or department responsible for evaluating unusual activity.” (See page 46 of the Exam Manual).

Taken in its entirety, then, it appears that the 30-day clock does not begin with the generation of an “alert” or “work item” from an automated system, nor from the generation of a report of unusual activity from a LOB. At the earliest, then, the clock could start to run when, during the course of their review, the personnel or department responsible for evaluating unusual activity determines that the alert or work item or unusual activity report contains transactions or activity that meet one or more of the definitions of suspicious activity. In other words, the clock doesn’t begin to run when the “SAR Investigations Group” receives notice of an unusual transaction, but sometime during the course of their review or investigation of that item. So long as that review is completed in a reasonable period of time and, if possible, is done expeditiously.

Bottom line? It goes back to the age-old question from first year law school: “what is reasonable in the context?” Although helpful, this guidance appears to lack any firm date from which a Bank can systemically begin its 30-day clock. It starts some time after the investigator gets his case; it starts when, during the course of his investigation, the organization (not the investigator, but the organization) determines the activity to be suspicious; but only so long as that review is done expeditiously and in a reasonable period of time.

Does the reference to “organization” rather than investigator have any meaning? Does it allow a filer to have a “SAR review process” involving Investigative Supervisors or Managers, Legal, Compliance, Line Management, etc., that will take an individual investigator’s report and review it for completeness, accuracy, and “suspiciousness”? Probably.

So the clock doesn’t begin to run until the Bank, after “examining the available facts, including the background and possible purpose of the transaction” [] “knows, suspects, or has reason to suspect” that the transaction “has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the Bank knows of no reasonable explanation for the transaction.” (paraphrasing and quoting 31 CFR 103.18(a), emphasis added). Then, once that determination is made, the Bank then has another 30 days within which to file the SAR. So long as the entire process is done in a reasonable period of time and, if possible, expeditiously.

Maybe. As set out above, the June 2005 guidance provides, in part, that “The time period for filing a SAR starts when the organization, during its review or because of other factors, knows or has reason to suspect that the activity or transactions under review meet one or more of the definitions of suspicious activity.” (emphasis added). There appears to be no guidance on the meaning and intent of the highlighted phrase. But the alternative “or” suggests that the time period begins sometime during the bank’s review, or, outside of that period (either before or after the period of review) if there are other factors present. There is nothing to suggest what “other factors” may exist. A reasonable guess is that there may be some cases – egregious cases – that arise from Lines of Business or monitoring tools that, once reported to the investigating group, are so obvious, that the 30-day time period begins before the period of review – arguably when the investigating group gets notice of the egregious case.

There is no guidance on what these “other factors” are or why they would occur or be identified outside the period of review, giving the regulators a perfectly subjective, case-by-case, bank-by-bank standard.

Many institutions generate hundreds or even thousands of “internal referrals” of unusual or potentially suspicious activity or transactions, whether generated from humans (tellers, relationship managers, etc.) or machines (monitoring, surveillance systems). Which of those are egregious or obvious enough to rise to the nebulous “other factors” standard? Those hundreds or thousands of internal referrals are then reviewed or investigated, resulting in hundreds or thousands of SARs every year.

The vague “other factors” phrase is an impossible one to manage in this context. The (reasonable and expeditious) determination of suspiciousness standard requires some firm event that can be identified and then tracked for compliance other than some reasonable time or date when an investigator makes a determination of suspiciousness. With this vague standard, a bank could expeditiously (whenever possible) identify unusual activity, report that unusual activity to a central group for further research; that group could review that activity and, at some point, make a decision that the activity was suspicious. They would then turn on the 30-day clock. In this scenario, it can be argued that (so long as Legal or Compliance bureaucracies don’t slow down the process) 100% of filers would file 100% of their SARs within 30 days of the date they decide the activity is suspicious. The identification and investigation process may take months, but whether those months are “reasonable” or not is still a subjective determination.

Possibilities for the Starting Point for the 30-Day SAR Filing “Clock”

Based on common industry practices, systems, and available technology, the choices may be eight-fold:

1. From the date of initial detection of the transaction that triggers the investigation (eg., the date of the "alert" from a monitoring system);
2. From the date the Branch or relationship manager or back-room control area initially detects or reports the unusual activity or transaction (the date of an internal “referral” or “report” of “unusual activity”);
3. From the date the this internal referral is received by the AML investigative group (eg., the date received by this group for logging into its case management system);
4. From the date the AML case is opened on the case management system;
5. From the date the AML case is assigned to an AML Investigator;
6. From the date the AML Investigator initially detects "facts that may constitute a basis for filing the SAR";
7. From the date the AML Supervisor initially detects "facts that may constitute a basis for filing the SAR" (when he/she approves the Investigator's decision to file a SAR); or
8. “When the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.” (using the language from the SAR Activity Review).

Conclusion

As stated in the opening, there is no definitive judicial or regulatory decision that provides clear guidance as to when the statutory 30-day SAR filing period begins to run. Rather, one can argue that, without guidance or ruling, there are two “standards” for determining when the 30-day SAR filing period begins: first, it begins when it ends, so long as the beginning is reasonable and the end is reached expeditiously. Or second, when a particular examiner or regulator decides in any particular case, based on the “other factors” standard, or the "I know it when I see it" standard.

The first proposed rule published in September 1995 provided that the time to file a SAR was “30 calendar days after the first date on which the bank becomes aware of the facts constituting the transaction to which the report relates”. Between September 1995 and February 1996 the SAR timing rule changed to “30 calendar days after the date of initial detection by the bank of facts that may constitute a basis for filing the SAR”.

Fudging the original rule, in October 2000 a joint private sector/public sector publication provided the following guidance:

“The time to file a SAR starts when the organization, in the course of its review or on account of other factors, reaches the position in which it knows, or has reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.”

Most recently, the June 2005 regulatory examination manual provides that “whenever possible, an expeditious review of the transaction or the account is recommended and … should be completed in a reasonable period of time.”
If this guidance is determinative, filers would need to ensure that they have policies, procedures, and systems in place to identify and track when they reach the position in which they know, or have reason to suspect, that the activity or transactions under review meets one or more of the definitions of suspicious activity.

In other words, the best answer to the question “when does the 30-day clock begin to run for purposes of ensuring you are complying with the SAR filing guidelines?” appears to be “I’ll know it when I see it so long as it’s reasonably expeditious.”

Appendix I
Office of Inspector General Department of the Treasury
Audit Report OIG 05-033
FinCEN: Heightened Management Attention Needed Over Longstanding SAR Data Quality Problems
March 23, 2005

Results In Brief
Page 6

Finally, we also looked at how timely SARs had been filed and processed to gauge how quickly law enforcement might gain access to SARs. We found that, on average, SARs with data quality problems took longer (73 versus 67 days) than non-problem SARs, as measured from the time of the suspicious activity to the time the SAR was entered onto the automated data system. In addition, just over 25 percent of the sampled SARs entailed total processing times exceeding 60 days. Most of the lapsed time could be accounted for by financial institutions’ filing time rather than IRS processing time. (See Finding 2 on page 23.)

Management (FinCEN) Response
Page 9

Our report does not provide the information necessary to determine whether a SAR was timely filed. The timeframe between the conclusion of the suspicious activity, as provided in the SAR, and the date the report was filed does not conclusively establish whether the SAR was filed in a timely manner because the date the activity was discovered is not reported. Moreover, FinCEN believes it essential that financial institutions use the allotted filing time to ensure that the facts are reviewed and the reports receive appropriate senior level review before they are filed.

OIG Evaluation (of FinCEN’s Response)
Pages 10-11

“Our purpose in presenting filing and processing timeframes for the sampled SARs was to show when SAR information would be available to law enforcement, and for FinCEN to consider in ascertaining whether current regulatory timeframes are responsive to the needs of law enforcement. FinCEN is correct that it cannot be conclusively determined whether the institutions were late in filing the SARs as the regulatory filing timeframes are based on the date the institution first identifies the suspicious activity, which is information not captured on the SAR form. We note this limitation in the report. However, as the report describes below, groups of SARs with lengthy timeframes far exceeding regulatory time frames does indicate potential regulatory non-compliance, and we believe FinCEN should monitor for such patterns.

Finding 2 – Extensive SAR Data Quality Problems Likely To impact Law Enforcement Usage
Pages 23-25

Timeliness of SAR Filings and Processing

Besides reviewing the 406 SARs for data quality problems, we also looked at how long it took financial institutions to file and the IRS to process SARs onto the automated system. These timeframes taken together approximated how long before law enforcement would have access to SARs through the SAR automated data system.15 Under the SAR regulations, financial institutions are required to file a SAR within 30 days of discovery of the suspicious activity. DIs are given an additional 30 days if they are unable to identity a suspect. As shown below, we found from the sampled SARs it took on average 71 days between the day of the suspicious activity to the date the SAR was posted to the SAR System.”

“Most of the total elapsed time can be accounted for by the filing institution rather than IRS processing time. As shown in the above table, IRS processing time was the shortest average time of the four measured timeframes.

Total elapsed time differed very little between paper and electronic filings (72 versus 69 days), but it appears to take financial institutions longer to prepare the SAR when using an electronic media (59 versus 48 days). The largest difference in elapsed time was between SARs with and without data quality problems. The former took on average 6 more days before getting into the SAR System.

Though the total elapsed time averaged 71 days, there were 154 SARs (52 DIs and102 MSBs), or 38%, that may have exceeded applicable regulatory SAR filing timeframes, as shown below.”

“Note, DIs are given an additional 30 days to identify a suspect, whereas MSBs are not accorded the additional 30 days. As shown above, 52 DIs total filing time exceeded 60 days, whereas almost twice as many MSBs (102) exceeded 30 days. Because we were not able to determine when the filer had first suspected a potential violation (i.e., the discovery date), the above table only provides an indication of potential late filings. Of particular note would be the 44 SARs with total filing times exceeding 120 days or four months.”

Recommendations
Pages 35-37

In Finding 2, we provided information on the average filing and processing times for the sampled SARs. With just over 25% of SARs exceeding 60 days, and 11% taking longer than 4 months, we recommend that the Director of FinCEN:

6. Advise and solicit the views of law enforcement agencies as to whether the observed timeframes are responsive to their needs. In so doing, FinCEN will be better positioned to assess any needed changes, such as whether filer outreach or supervisory oversight should be focusing on the timely filing of SARs.

Management Response FinCEN concurred. It plans to solicit the views of law enforcement as well as the views of the federal regulators that supervise these institutions. FinCEN noted that the timeframes observed in the report alone do not indicate that its regulations were violated. The target date for completion is December 1, 2005.

OIG Comments The OIG believes FinCEN’s planned management corrective action adequately addresses the recommendation if properly implemented. And as we noted in Finding 2, the reported timeframes are intended to bring to FinCEN’s attention to indications of potentially late filings that we believe FinCEN should monitor.

7. Assess the need to review timeliness as part of the planned quarterly SAR reviews for indications of potential violations of the regulatory filing timeframes.

Management Response FinCEN concurred and plans to assess the feasibility of identifying institutions that may be pervasively filing SARs after the required regulatory filing timeframes. If accurate information can be extracted, procedures will be developed for incorporating this data as part of the planned quarterly reviews. The target date for completion is September 30, 2005.

OIG Comments The OIG believes FinCEN’s planned management corrective action adequately addresses the recommendation if properly implemented.

Although our analysis surfaced indications that as many as 154 SARs exceeded the 30 or 60 day regulatory timeframe, our analysis did not include a review of the filers' records to establish when the suspicious activities were discovered. We also did not determine whether any of the extensive filing timeframes were willful or due to negligence, and we did not assess whether any one filer demonstrated a pattern or practice of untimely filings. Nevertheless, we recommend that the Director of FinCEN:

8. Assess the need to refer any of the identified lengthy filing timeframes (those exceeding 30 or 60 days) to the applicable regulatory agencies to determine whether timely SAR filing is an area warranting detailed examination or enforcement action.

Management Response FinCEN concurred. If feasible pursuant to recommendation 7, FinCEN plans to refer financial institutions with pervasive filing deficiencies to the applicable regulatory agency for possible follow-up action. The target date for completion is December 1, 2005.

OIG Comments The OIG believes FinCEN’s planned management corrective action adequately addresses the intent of the recommendation if properly implemented. The OIG also recognizes the difficulty of obtaining precise information to assess compliance with the required filing timeframes given that the date the suspicious activity was discovered is not captured on the SAR form. However, as we note in Finding 2, the overall timeframes as measured from information available on the SAR form does provide an indicator of potential late filers. For example, total filing time for 44 (11%) of the 402 sampled SARs exceeded 120 days, well over the maximum 60 days accorded DIs under the regulation. Accordingly, we believe such large time periods as these provide a reasonable indictor of potential late filings worthy of follow-up.

Appendix II
Original SAR Regulation – Proposed and Final
Highlighted Text (emphasis added)

[Federal Register: September 7, 1995 (Volume 60, Number 173)]
[Proposed Rules]
[Page 46556-46562]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr07se95-20]
DEPARTMENT OF THE TREASURY
31 CFR Part 103
RIN 1506-AA13

Proposed Amendment to the Bank Secrecy Act Regulations-- Requirement to Report Suspicious Transactions
AGENCY: Financial Crimes Enforcement Network, Treasury.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: The Financial Crimes Enforcement Network (``FinCEN'') is proposing rules for the centralized filing with it of reports of suspicious transactions under the Bank Secrecy Act. The proposal is a key to the creation of a new method for the reporting, on a uniform ``Suspicious Activity Report,'' of suspicious
[[Page 46557]]
transactions and known or suspected criminal violations by depository institutions; related rules have been or will be issued by the five federal financial supervisory agencies that examine and regulate the safety and soundness of depository institutions. The new centralized reporting system will eliminate the need for burdensome filing of multiple copies of reports with various federal regulatory and law enforcement agencies and will ensure more effective use of the information reported to such agencies.

DATES: Written comments on all aspects of the proposal are welcome and must be received on or before October 10, 1995.

ADDRESSES: Written comments should be submitted to: Office of Regulatory Policy and Enforcement, Financial Crimes Enforcement Network, Department of the Treasury, 2070 Chain Bridge Road, Vienna, Virginia 22182, Attention: NPRM--Suspicious Transaction Reporting.
Submission of Comments: An original and four copies of any comment must be submitted. All comments will be available for public inspection and copying, and no material in any such comments, including the name of any person submitting comments, will be recognized as confidential. Accordingly, material not intended to be disclosed to the public should not be submitted.
Inspection of Comments: Comments may be inspected at the Department of the Treasury between 10:00 a.m. and 4:00 p.m., in the Treasury Library, which is located in room 5030, 1500 Pennsylvania Avenue, N.W., Washington, D.C. 20220. Persons wishing to inspect the comments submitted should request an appointment at the Treasury Library by telephoning (202) 622-0990.

FOR FURTHER INFORMATION CONTACT: Charles Klingman, Office of Financial Institutions Policy, FinCEN, at (703) 905-3920, or Joseph M. Myers, Attorney-Advisor, Office of Legal Counsel, FinCEN, at (703) 905-3590.

SUPPLEMENTARY INFORMATION:
I. Introduction
This document proposes to add a new section 103.21 to 31 CFR Part 103 to require banks and other depository institutions ^{1 to report to the Department of the Treasury any suspicious transaction relevant to a possible violation of law or regulation. The amendments are proposed by FinCEN, to implement the authority granted to the Secretary of the Treasury by 31 U.S.C. 5318(g), in coordination with the Office of the Comptroller of the Currency (the ``OCC''), the Board of Governors of the Federal Reserve System (the ``Board''), the Federal Deposit Insurance Corporation (the ``FDIC''), the Office of Thrift Supervision (the ``OTS''), and the National Credit Union Administration (the ``NCUA'').

\1\ References to ``bank'' include not only commercial banks, but also thrift institutions, credit unions, and other types of depository institutions. See 31 CFR 103.11(b) (defining ``bank'' for purposes of 31 CFR Part 103).

---------------------------------------------------------------------------

The proposed regulation creates a single coordinated process for the reporting of suspicious transactions under the Bank Secrecy Act and known or suspected criminal violations involving such institutions under the regulations of the regulatory agencies. The new process represents a fundamental change in the manner in which potential violations and suspicious activities are reported by banks and other depository institutions to the federal government.

II. Background

A. Statutory Provisions

The Bank Secrecy Act, Pub. L. 91-508, as amended, codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-5330, authorizes the Secretary of the Treasury, inter alia, to ssue regulations requiring financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, and regulatory matters, and to implement counter-money laundering programs and compliance procedures. Regulations implementing Title II of the Bank Secrecy Act (codified at 31 U.S.C. 5311-5330), appear at 31 CFR Part 103. The authority of the Secretary to administer the Bank Secrecy Act has been delegated to the Director of FinCEN.

The authority to require reporting of suspicious transactions was added to the Bank Secrecy Act by section 1517 of the Annunzio-Wylie Anti-Money Laundering Act (``Annunzio-Wylie''), Title XV of the Housing and Community Development Act of 1992, Pub. L. 102-550; it was expanded by section 403 of the Money Laundering Suppression Act of 1994 (the ``Money Laundering Suppression Act''), Title IV of the Riegle Community Development and Regulatory Improvement Act of 1994, Pub. L. 103-325, to require designation of a single government recipient for reports of suspicious transactions.

The provisions of 31 U.S.C. 5318(g) deal with the reporting of suspicious transactions by financial institutions subject to the Bank Secrecy Act and the protection from liability to customers of persons who make such reports. Subsection (g)(1) states generally:

The Secretary may require any financial institution, and any director, officer, employee, or agent of any financial institution to report any suspicious transaction relevant to a possible violation of law or regulation.

Subsection (g)(2) provides further:

A financial institution, and a director, officer, employee, or agent of any financial institution, who voluntarily reports a suspicious transaction, or that reports a suspicious transaction pursuant to this section or any other authority, may not notify any person involved in the transaction that the transaction has been reported.

Subsection (g)(3) provides that neither a financial institution, nor any director, officer, employee, or agent

That makes a disclosure of any possible violation of law or regulation or a disclosure pursuant to this subsection or any other authority . . . shall . . . be liable to any person under any law or regulation of the United States or any constitution, law, or regulation of any State or political subdivision thereof, for such disclosure or for any failure to notify the person involved in the transaction or any other person of such disclosure.

Finally, subsection (g)(4) requires the Secretary of the Treasury, ``to the extent practicable and appropriate,'' to designate ``a single officer or agency of the United States to whom such reports shall be made.'' This designation is not to preclude the authority of supervisory agencies to require financial institutions to submit other reports to the same agency ``under any other applicable provision of law.'' 31 U.S.C. 5318(g)(4)(C). The designated agency is in turn responsible for referring any report of a suspicious transaction to ``any appropriate law enforcement agency.'' Id., at subsection (g)(4)(B).

B. Coordinated Process for Reporting Suspicious Transactions

At present, banks report transactions that indicate the existence of ``known or suspected violations of federal law'' by filing multiple copies of criminal referral forms with their respective primary federal financial regulator and with federal law enforcement agencies (including in most cases the Federal Bureau of Investigation, the United States Secret Service, and the Criminal Investigation Division of the Internal Revenue Service). The referral forms (each promulgated by a different regulator, under independent but parallel authority) are not uniform, and the requirement for multiple filings imposes a considerable administrative burden on filers. In the absence of a central repository, law enforcement and

[[Page 46558]]

regulatory agencies--receiving different forms from different filers in different regions of the country--struggle to analyze and correlate the filings and to coordinate investigations.

At the same time, banks (and other financial institutions) are required under the Bank Secrecy Act to file a Currency Transaction Report (or ``CTR'') to report transactions in currency of more than $10,000. The CTR form includes a box that can be checked to indicate that the currency transaction is ``suspicious.'' ^{2 The box on the CTR may also be used to report suspicious currency transactions in amounts less than $10,000. In practice, some financial institutions have also used the CTR form to report non-currency transactions that they believed to be ``suspicious'' but did not rise to the level of a known or suspected violation of law. Still other financial institutions reported such transactions by telephone to local offices of federal law enforcement or regulatory agencies. In many cases, financial institutions that were uncertain what to do naturally and commendably filed all possibly applicable reports.

\2\ The revised and simplified CTR that goes into effect on October 1, 1995 eliminates the box in anticipation of the adoption of the Suspicious Activity Report for reporting of, inter alia, suspicious currency transactions. An advance copy of the revised CTR was issued by FinCEN in early May 1995. See ``FinCENnews'', May 10, 1995.

---------------------------------------------------------------------------

As also discussed in proposed regulations issued in connection with the creation of the unified reporting system by the Office of the Comptroller of the Currency, 60 FR 34,476 (July 3, 1995), and the Board of Governors of the Federal Reserve System, 60 FR 34,481 (July 3, 1995), the current criminal referral system is cumbersome and burdensome, for both regulators and depository institutions. Moreover, it does not maximize the amount of usable information available to law enforcement officials and bank regulators. Therefore, beginning in 1991, the regulatory agencies began working on a project to improve the criminal referral process, with the goal of creating a single form and placing all referrals in an automated information system, managed on their behalf by FinCEN, to which all regulators and FinCEN would have access. The purpose of that project, begun under the auspices of the inter-agency Bank Fraud Working Group, was to assure that information generated by referrals of banking crimes would be uniformly available both as a basis for regulatory decisions and for analysis of the effectiveness of the reporting process and banking crime enforcement efforts.

A year later, Annunzio-Wylie vested broad suspicious transaction reporting authority in the Department of the Treasury. Soon thereafter, a ``Money Laundering Review Task Force,'' made up of enforcement and regulatory officials, was established in the Office of the then-Assistant Secretary (Enforcement) to examine the effectiveness of Treasury's anti-money laundering policies. The Task Force's analysis emphasized that identification and reporting of suspicious activity can and should be one of law enforcement's most effective tools against money laundering, so long as the reporting is not burdensome and reflects as much guidance about money laundering transactions and methods as government can provide. The work of the Task Force resulted in a consensus at Treasury that a reasoned implementation of Treasury's expanded suspicious transaction reporting authority (together with the accompanying ``know your customer'' rule) would increase the effectiveness of counter-money laundering efforts and permit significant reduction in mechanical currency transaction reporting requirements.

The single integrated system of which this proposed rule is a part thus reflects (i) the effect on the pre-existing criminal referral process of the statutory grant of central authority to Treasury, under the Bank Secrecy Act, to require reporting of all suspicious transactions (not merely transactions in currency or its equivalents) involving financial institutions, (ii) the mutual desire of Treasury and the financial regulators to simplify and reduce the burdensomeness of the reporting process, and (iii) the centrality of suspicious transaction reporting to Treasury counter-money laundering policy.

The central feature of the integrated reporting system is the creation of a single reporting form, filing point, and information system for all reports of suspicious activity made by depository institutions. The single form standardizes filing requirements and facilitates the creation of a single, automated data base containing information from all filings. The single filing point not only eliminates the need for multiple copies but also permits magnetic filing of reports by most institutions capable of and accustomed to making such filings with the Internal Revenue Service. (In a related development, as explained more fully below, the requirement that supporting documentation be filed with the report has been eliminated.) Finally, the single data base will permit rapid dissemination to appropriate law enforcement agencies of reports within their jurisdiction, more thorough analysis and tracking of those reports, and, in time, the provision to the financial communities of information about trends and patterns gleaned from the information reported.

Each agency involved has issued or shortly will issue a proposed rule requiring reporting under its respective authority. It is anticipated that those proposed rules will be conformed to one another in their final form and that they will be identical with Treasury's suspicious transaction reporting rules. Thus a financial institution will file a suspicious activity report in satisfaction of both the rules of FinCEN and the rules of the applicable banking regulator or regulators.

The selection of a single term--Suspicious Activity Report (``SAR'')--for the new report reflects the overlap and consolidation of the two reporting requirements. There will be a significant group of activities that are required to be reported both under the authority of 31 U.S.C. 5318(g) and under the financial regulatory agencies own administrative requirements. A single filing, however, will suffice to comply with all requirements.

C. Importance of Suspicious Transaction Reporting in Treasury's Anti-Money Laundering Program

The Congressional mandate to require reporting of suspicious transactions recognizes two basic points that have increasingly become central to Treasury's anti-money laundering and anti-financial crime programs. First, it is to financial institutions that money launderers must go. Second, the officials of those institutions are more likely than government officials to have a sense as to what transactions appear to lack commercial justification or otherwise cannot be explained as falling within the usual methods of legitimate commerce. Money laundering transactions are often designed to appear legitimate in order to avoid detection. Under these circumstances, the creation of a meaningful system for detection and prevention of money laundering is impossible without the cooperation of financial institutions.

The provisions of Annunzio-Wylie and the Money Laundering Suppression Act recognize that the traditional reliance of Treasury counter-money laundering programs on the reporting of currency transactions between financial institutions and their customers and the transportation of currency and certain monetary instruments into or out of the United States is neither adequate nor

[[Page 46559]]

cost effective. The change in emphasis from routine reporting of all currency transactions above a certain amount to reporting of information most likely to be of use to law enforcement officials and financial regulators is a key component of the flexible and cost-efficient compliance system required to prevent the use of the nation's financial system for illegal purposes.

The placement of illegally-derived currency into the financial system and the smuggling of such currency out of the country remain two of the most serious issues facing financial law enforcement efforts in the United States and around the world. But banks and other depository institutions, in cooperation with law enforcement agencies and federal and state banking regulators, have responded in many positive ways to the challenges posed by money laundering. It is now far more difficult than in the past to pass large amounts of cash directly into the nation's banks unnoticed and far easier to identify and isolate those institutions and officials still willing to assist or ignore money launderers.

Moreover, the placement of currency into the financial system is at most only the first stage in the money laundering process. While many currency transactions are not indicative of money laundering or other violations of law, many non-currency transactions can indicate illicit activity, especially in light of the breadth of the statutes that make money laundering itself a crime. See 18 U.S.C. 1956 and 1957.

No system for the reporting of suspicious transactions can be effective unless information flows from as well as to the government. Thus, Treasury recognizes its responsibility to issue and update guidelines about patterns of suspicious activity.

The reporting of suspicious transactions is also a key to the emerging international consensus on the prevention of money laundering.

One of the central recommendations in the Report of the Financial Action Task Force of the G-7 nations (the United States, The United Kingdom, Germany, France, Italy, Japan, and Canada) is that:

If financial institutions suspect that funds stem from a criminal activity, they should be permitted or required to report promptly their suspicions to the competent authorities.

Financial Action Task Force Report (April 19, 1990), Section III(B)(3) (Recommendation 16). The European Community's Directive on prevention of the use of the financial system for the purpose of money laundering calls for member states to

Ensure that credit and financial institutions and their directors and employees cooperate fully with the authorities responsible for combating money laundering . . . by [in part] informing those authorities, on their own initiative, of any fact which might be an indication of money laundering.

EC Directive, O.J. Eur. Comm. (No. L 166) 77 (1991), Article 6. Accord, the Model Regulations Concerning Laundering Offenses Connected to Illicit Drug Trafficking and Related Offenses of the Organization of American States, OEA/Ser. P. AG/Doc. 2916/92 rev. 1 (May 23, 1992), Article 13, section 2.^{3

\3\ The OAS reporting requirement is linked to the provision of the Model Regulations that institutions ``shall pay special attention to all complex, unusual or large transactions, whether

completed or not, and to all unusual patterns of transactions, and to insignificant but periodic transactions, which have no apparent economic or lawful purpose.'' OAS Model Regulation, Article 13, section 1.

---------------------------------------------------------------------------

D. Suspicious Transaction Reporting by Financial Institutions Other Than Banks

31 U.S.C. 5318(g) authorizes the Treasury to require the reporting of suspicious transactions by all financial institutions, and extends to financial institutions other than banks. FinCEN intends to extend the obligation to report suspicious transactions to such other institutions in the near future. However, this proposed rule applies only to reporting of suspicious transactions by banks and other depository institutions.

III. Specific Provisions

A. 103.11(qq) FinCEN

FinCEN is specifically defined for the first time in the Bank Secrecy Act regulations, because FinCEN is being designated by the Secretary of the Treasury as the central recipient of SARs filed pursuant to 31 U.S.C. 5318.

B. 103.11(r) Transaction

The definition of ``transaction in currency'' in the Bank Secrecy Act regulations has been changed to a definition of ``transaction.'' The definition conforms to the definitions in 18 U.S.C. 1956 used when Congress criminalized money laundering in 1986.^{4 This definition of transaction is broad enough to cover all activity that will be reported on an SAR.

\4\ See Pub. L. 99-570, Title XIII, 1352(a), 100 Stat. 3207-18 (Oct. 27, 1986).

---------------------------------------------------------------------------

Treasury does not believe that the change varies the substance of the requirement to report currency transactions under 31 CFR 103.22, other than in the case of deposits of cash in safe deposit boxes, and the change is not intended to make any other modifications in that requirement. Treasury would be interested in comments concerning the safe deposit box issue and other instances in which financial institution personnel believe that application of the new definition, required for implementation of the suspicious transaction reporting rule, would unintentionally alter the separate currency transaction reporting requirement.

C. 103.20 Determination by the Secretary

Section 103.21 is redesignated as section 103.20 in order to make room in Subpart B, ``Reports Required To Be Made,'' for the suspicious transaction reporting requirement in this proposed rule.

D. 103.21 Reports of Suspicious Transactions

New section 103.21 contains the rules setting forth the obligation of banks to file reports of suspicious transactions. Paragraph (a) contains the general statement of the obligation to file, and a general definition of the term ``suspicious transaction.'' The obligation extends only to transactions conducted or attempted by, at, through, or otherwise involving, the bank; however, it is important to recognize that transactions are reportable under this rule and 31 U.S.C. 5318(g) whether or not they involve currency.

The proposed rule designates three classes of transactions as requiring reporting. The first class, described in proposed paragraph (a)(2)(i), includes transaction involving funds derived from illegal activity or intended or conducted in order to hide or disguise funds or assets derived from illegal activity. The second class, described in proposed paragraph (a)(2)(ii), involves transactions designed to evade the requirements of the Bank Secrecy Act. The third class, described in proposed paragraph (a)(2)(iii), involves transactions that appear to have no business purpose or vary so substantially from normal commercial activities or activities appropriate for the particular customer or class of customer as to have no reasonable explanation.

Of course, determinations as to whether a report is required must be based on all the facts and circumstances relating to the transaction and bank customer in question. Different fact patterns will require different types of judgments. In some cases, the facts of the transaction may clearly indicate the need to report. For example, continued payments or withdrawals of currency in amounts each beneath the currency transaction reporting threshold

[[Page 46560]]

applicable under 31 CFR 103.22, or multiple exchanges of small denominations of currency into large denominations of currency, can indicate that a customer is involved in suspicious activity. Similarly, the fact that a customer refuses to provide information necessary for the bank to make reports or keep records required by this Part or other regulations, provides information that a bank determines to be false, or seeks to change or cancel the transaction after such person is informed of reporting requirements relevant to the transaction or of the bank's intent to file reports with respect to the transaction, would all indicate that an SAR should be filed.

In other situations a more involved judgment may need to be made whether a transaction is suspicious within the meaning of the rule. Transactions that raise the need for such judgments may include, for example, (i) funds transfers, payments or withdrawals that are not commensurate with the stated business or other activity of the person conducting the transaction or on whose behalf the transaction is conducted; (ii) transmission or receipt of funds transfers without normal identifying information or in a manner that indicates an attempt to disguise or hide the country of origin or destination or the identity of the customer sending the funds or of the beneficiary to whom the funds are sent; or (iii) repeated use of an account as a temporary resting place for funds from multiple sources without a clear business purpose therefor. The judgments involved will also extent to whether the facts and circumstances and the institution's knowledge of its customer provide a reasonable explanation for the transaction that removes it from the suspicious category.

The means of commerce and the techniques of money launderers are continually evolving, and there is no way to provide an exhaustive list of suspicious transactions. For these reasons, Treasury ultimately must rely on creation of a working partnership that enables the financial community to apply its knowledge of both its customers and of the developments in financial commerce to identify and report suspicious activity. At the same time, Treasury intends to provide meaningful guidance to the banking community concerning the particular circumstances and types of behavior that Treasury believes indicate suspicious activity.

31 U.S.C. 5318(g)(1) authorizes Treasury to require suspicious transaction reporting not only by financial institutions but by ``any director, officer, employee, or agent of any financial institution.''

This proposed rule addresses reporting by banks, but it is not intended to reduce the obligations of bank employees or agents, within the context of a bank's reporting and Bank Secrecy Act compliance obligations, but simply to avoid at this time creating an obligation on the part of bank employees and agents independent of those general obligations. It is anticipated that a forthcoming notice of proposed rulemaking on anti-money laundering compliance programs will contain additional guidance on this matter.

Paragraph (b) sets forth the filing procedures to be followed by banks making reports of suspicious transactions. Reports are to be made within 30 days after the bank becomes aware of the suspicious transaction by completing an SAR and filing it in a central location, to be determined by FinCEN. Supporting documentation is to be collected and maintained separately by the bank, and made available to law enforcement, as necessary. Special provision is made for situations requiring immediate attention, in which case banks are to telephone the appropriate law enforcement authority in addition to filing an SAR.

These filing procedures represent a significant improvement over the procedures currently followed by banks filing criminal referral forms. There is no requirement to file multiple copies of forms with multiple agencies, and no requirement to file supporting documentation with the

SAR itself.

Paragraph (c) continues in effect the longstanding exception from the obligation to file in the case of a robbery or burglary that is otherwise reported to appropriate law enforcement authorities. Treasury and the financial regulators recognize that bank robbery and burglary require the immediate attention of the appropriate police authorities, and are not the types of crimes about which this regulation is directly concerned.

Paragraph (d) states the obligation of filing banks to maintain copies of SARs and the original related documentation for a period of ten years from the date of filing. As indicated above, supporting documentation is to be made available to FinCEN and appropriate law enforcement authorities on request.

Paragraph (e) incorporates the terms of 31 U.S.C. 5318 (g)(2) and (g)(3). This paragraph thus specifically prohibits those filing SARs from making any disclosure, except to authorized law enforcement and regulatory agencies, about either the reports themselves, the information contained therein, or the supporting documentation. This paragraph thus also restates the broad protection from liability for making reports of suspicious transactions, and for failures to disclose the fact of such reporting, contained in the statute. The regulatory provisions do not extend the scope of either the statutory prohibition or the statutory protection; however, because Treasury recognizes the importance of these statutory provisions to the overall effort to encourage meaningful reports of suspicious transactions, they are described in the regulation in order to remind compliance officers and others of their existence.

Finally, paragraph (f) notes that compliance with the obligation to report suspicious transactions will be audited, and provides that failure to comply with the rule shall constitute a violation of the Bank Secrecy Act and the Bank Secrecy Act regulations, which may subject non-complying banks to enforcement action. The paragraph also notes that compliance with the obligation to report suspicious transactions will have no direct bearing on a bank's potential exposure under the criminal provisions of Title 18 of the U.S. Code. The ``safe harbor'' provisions of 31 U.S.C. 5318(g) do not protect against criminal prosecutions.

IV. Comments

FinCEN invites public comment on all aspects of this proposal. FinCEN is particularly interested in, and specifically requests that financial institutions comment on, the following issues.

1. Consolidating information reported on the existing criminal referral form (CRF) with that reported on suspicious currency transaction reports was done to eliminate confusion and avoid duplicate reporting. Currently, in the absence of specific guidelines, each financial institution has developed internal and specific thresholds and procedures for reporting different types of activity on each form. In this proposed rule, Treasury has attempted to describe instances where, and circumstances in which, a financial institution would determine a transaction to be suspicious and file a report. However, no regulation could possibly cover all instances of potential suspicious activity. Conversely, a regulation should not be crafted so broadly as to provide no parameters or guidelines to follow. Treasury needs to know if the terms set forth in this proposed regulation are clear, specific, and sufficient as a basis for financial institutions to determine when activity is suspicious. If not, Treasury requests specific, detailed suggestions for

[[Page 46561]]

substitute language that should be considered.

2. In addition, over 100 predicate offenses may serve as the basis for a criminal money laundering charge under 18 U.S.C. 1956. The instructions for the SAR, as well as the proposed notices issued by the regulatory agencies, provide specific thresholds for reporting particular types of violations. Treasury is interested in the industry's position as to whether similar types of thresholds should be imposed for reporting Bank Secrecy Act and money laundering violations.

3. Finally, Treasury understands that, after filing a report on a particular customer, a financial institution may be confronted with a decision as to whether to terminate its relationship with that customer. Treasury believes that unless instructed by an authorized official, this is a decision which must be made by the financial institution. However, Treasury is interested in working with the industry to develop procedures which could help frame such decisions.

The comment period for this rule is 30 days. Although the comment period is shorter than that which would normally be employed, many of the terms reflected in this rule are also contained in the rules already proposed by the financial regulators. FinCEN will have access to those comments, and it is believed that on that basis the short comment period is justified, in light of the desire of the agencies involved to commence the operation of the less burdensome single form reporting system on October 1, 1995.

V. Regulatory Flexibility Act

FinCEN certifies that this proposed regulation will not have a significant financial impact on a substantial number of small depository institutions.

VI. Paperwork Reduction Act

The collection of information contained in this proposed rule has been submitted to the Office of Management and Budget (OMB) for review in accordance with the Paperwork Reduction Act of 1980 (44 U.S.C. 3504(h)). Comments on the collection of information should be sent to OMB, Paperwork Reduction Project, Washington, DC 20503, with copies to FinCEN, Office of Financial Institutions Policy, 2070 Chain Bridge Road, Suite 200, Vienna, Virginia 22182.

VII. Executive Order 12866

The Department of the Treasury has determined that this proposed rule is not a significant regulatory action under Executive Order 12866.

VIII. Unfunded Mandates Act of 1995 Statement

Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L. 104-4 (Unfunded Mandates Act), March 22, 1995, requires that an agency prepare a budgetary impact statement before promulgating a rule that includes a federal mandate that may result in expenditure by state, local and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. If a budgetary impact statement is required, section 202 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule. FinCEN has determined that it is not required to prepare a written statement under section 202 and has concluded that on balance this proposal provides the most cost-effective and least burdensome alternative to achieve the objectives of the rule.

List of Subjects in 31 CFR Part 103

Authority delegations (Government agencies), Banks and banking, Currency, Investigations, Law enforcement, Reporting and recordkeeping requirements.

Amendment

For the reasons set forth above in the preamble, 31 CFR Part 103 is proposed to be amended as set forth below:

PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND

FOREIGN TRANSACTIONS

1. The authority citation for Part 103 is revised to read as follows:

Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5330.

2. In Sec. 103.11, paragraph (r) is revised and paragraph (qq) is added to read as follows:

Sec. 103.11 Meaning of terms.

* * * * *

(r) Transaction. Transaction means a purchase, sale, loan, pledge, gift, transfer, delivery or other disposition, and with respect to a financial institution includes a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument, use of a safe deposit box, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected.

* * * * *

(qq) FinCEN. FinCEN means the Financial Crimes Enforcement Network, an office within the Office of the Under Secretary (Enforcement) of the Department of the Treasury.

3. Section 103.21 is redesignated as Sec. 103.20.

4. New Sec. 103.21 is added to read as follows:

Sec. 103.21 Reports of suspicious transactions.

(a) General. (1) Every bank shall file with the Treasury Department, as required by this Sec. 103.21, a report of any suspicious transaction relevant to a possible violation of law or regulation.

(2) A transaction requires reporting under the terms of this section if it is conducted or attempted by, at, or through, or otherwise involves, the bank, and

(i) The bank knows, suspects, or has reason to suspect that the transaction involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any law or regulation or to avoid any transaction reporting requirement under federal law;

(ii) The bank knows, suspects, or has reason to suspect that the transaction is designed to evade any requirements of this Part or of any other regulations promulgated under the Bank Secrecy Act; or

(iii) The transaction or its details appear to have no business purpose, the transaction varies from the normal methods of financial commerce, or the transaction is not the sort in which the particular customer or class of customer would normally be expected to engage, and, in each case, the bank knows of no reasonable explanation for the transaction.

(b) Filing procedures--(1) What to file. A suspicious transaction shall be reported by completing, in accordance with the instructions, a Suspicious Activity Report (``SAR''), and collecting and maintaining supporting documentation related information, in accordance with this rule.

(2) Where to file. The SAR shall be filed in a central location, to be determined by FinCEN.

(3) When to file. A bank is required to file each SAR not later than 30 calendar days after the first date on which the bank becomes aware of the facts constituting the transaction to which the report relates. If no suspect is identified on the date of detection of the incident triggering the filing, a bank may delay

[[Page 46562]]

filing an SAR for an additional 30 calendar days, but in no case shall reporting be delayed more than 60 calendar days after the date of the transaction. In situations involving violations that require immediate attention, such as when a reportable violation is ongoing, the bank shall immediately notify by telephone the appropriate law enforcement authority in addition to filing an SAR.

(c) Exception. A bank is not required to file a suspicious transaction report for a robbery or burglary committed or attempted that is reported to appropriate law enforcement authorities.

(d) Retention of records. A bank shall maintain a copy of any SAR filed and the original of any related documentation for a period of ten years from the date of filing the SAR, unless the bank is informed by FinCEN in writing that the bank may discard the materials sooner. Supporting documentation shall be identified, segregated, and treated as filed with the SAR. A bank shall make all supporting documentation available to FinCEN and any appropriate law enforcement agencies upon request.

(e) Confidentiality of reports; limitation of liability. No financial institution, nor any director, officer, employee, or agent of any financial institution, who reports a suspicious transaction under this Part, may notify any person involved in the transaction that the transaction has been reported. Thus, any person subpoenaed or otherwise requested to disclose an SAR, the information contained in an SAR or any information contained in the documentation supporting an SAR, except where such disclosure is requested by a law enforcement agency, shall refuse to produce the SAR or such other information. See 31 U.S.C. 5318(g)(2). A bank, and any director, officer, employee, or agent of such bank, that make a report pursuant to this Sec. 103.21 shall be protected from liability for any disclosure contained, for failure to disclosure the fact of such report, or both, to the extent provided by 31 U.S.C. section 5318(g)(3).

(f) Compliance. Compliance with these rules shall be audited by the Department of the Treasury or its delegees under the terms of the Bank Secrecy Act. Failure to satisfy the requirements of this rule shall be a violation of the reporting rules of the Bank Secrecy Act and of 31 CFR Part 103. Such failure may also violate provisions of Titles 12 and 15 of the Code of Federal Regulations. Whether or not a bank satisfies the requirements of this reporting rule has no direct bearing on the obligations or possible liabilities of such bank or its directors, officers, employees, or agents, under provisions of Title 18 of the United States Code.

Dated: August 30, 1995.

Stanley E. Morris,

Director, Financial Crimes Enforcement Network.

[FR Doc. 95-22223 Filed 9-6-95; 8:45 am]

BILLING CODE 4820-03-P

[Federal Register: October 13, 1995 (Volume 60, Number 198)]

[Proposed Rules]

[Page 53316]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr13oc95-29]

-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

31 CFR Part 103

RIN 1506-AA13

Proposed Amendment to the Bank Secrecy Act Regulations--Requirement To Report Suspicious Transactions

AGENCY: Financial Crimes Enforcement Network, Treasury.

ACTION: Notice of extension of time for submission of comments.

-----------------------------------------------------------------------

SUMMARY: This document extends until November 13, 1995, the deadline for the submission of comments on the Notice of Proposed Rulemaking to require banks to file with the Financial Crimes Enforcement Network reports of suspicious transactions under the Bank Secrecy Act. The extension is intended to facilitate the submission of comments on the notice without delaying implementation of the suspicious transaction reporting system. The notice was published in the Federal Register on September 7, 1995 (60 FR 46556) and comments were to be received on or before October 10, 1995.

DATES: Comments must be submitted on or before November 13, 1995.

ADDRESSES: Comments should be sent to: Office of Regulatory Policy and Enforcement, Financial Crimes Enforcement Network, Department of the Treasury, 2070 Chain Bridge Road, Vienna, VA 22182, Attention: NPRM--Suspicious Transaction Reporting. Comments received will be available for public inspection and copying at the Treasury Department Library, Room 5030, 1500 Pennsylvania Avenue NW., Washington, DC 20220.

FOR FURTHER INFORMATION CONTACT: Charles Klingman, Office of Financial Institutions Policy, FinCEN, at (703) 905-3920, or Joseph M. Myers, Attorney-Advisor, Office of Legal Counsel, FinCEN, at (703) 905-3590.

SUPPLEMENTARY INFORMATION: The Annunzio-Wylie Anti-Money Laundering Act, Title XV of the Housing and Community Development Act of 1992, Pub. L. 102-550, and the Money Laundering Suppression Act of 1994, Title IV of the Riegle Community Development and Regulatory Improvement Act of 1994, Pub. L. 103-325, amended the Bank Secrecy Act to grant

Treasury authority to require reporting of suspicious transactions and to require Treasury to designate a single government recipient for reports of suspicious transactions. FinCEN has been working with the Office of the Comptroller of the Currency (the ``OCC''), the Board of Governors of the Federal Reserve System (the ``Board''), the Federal Deposit Insurance Corporation (the ``FDIC''), the Office of Thrift Supervision (the ``OTS''), and the National Credit Union Administration (the ``NCUA'') to create a single coordinated process for the reporting of suspicious transactions under the Bank Secrecy Act and known or suspected criminal violations involving financial institutions under the regulations of those agencies.

FinCEN published a notice of proposed rulemaking relating to the suspicious transaction reporting system on September 7, 1995. The notice invited comments from interested parties and requested that they address specific questions. Because all of the agencies were working to implement the system in October, 1995, and because FinCEN's notice related closely to notices already issued by the Board and the OCC, comments were requested by October 10, 1995.

The agencies involved in creating the suspicious transaction reporting system have postponed the target date for the system to become operable until December 15, 1995. The FDIC, whose notice of proposed rulemaking was published on September 14, 1995, has already stated its intention to accept comments through November 13, 1995. All of the agencies involved in the system are working together to review comments as they are submitted and harmonize the proposed rules.

Accordingly, given the fact that extending the time to the end of the FDIC's period will not delay implementation of the system, FinCEN has determined to extend the comment period until November 13, 1995.

Dated: October 10, 1995.

William F. Baity, Acting Director, Financial Crimes Enforcement Network.

[FR Doc. 95-25570 Filed 10-12-95; 8:45 am]

BILLING CODE 4820-03-P

[Federal Register: February 5, 1996 (Volume 61, Number 24)]

[Rules and Regulations ] [Page 4325-4332]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr05fe96-20]

[[Page 4325]]

_______________________________________________________________________

Part IV

Department of the Treasury

31 CFR Part 103

Department of the Treasury

Office of the Comptroller of the Currency

12 CFR Part 21

Federal Reserve System

12 CFR Part 208, et al.

_______________________________________________________________________

Suspicious Transactions Reporting Requirements; Final Rules

[[Page 4326]]

DEPARTMENT OF THE TREASURY

31 CFR Part 103

RIN 1506-AA13

Amendment to the Bank Secrecy Act Regulations; Requirement To

Report Suspicious Transactions

AGENCY: Financial Crimes Enforcement Network, Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: This document contains a final rule requiring banks and other depository institutions to report to the Department of the Treasury under the Bank Secrecy Act any suspicious transactions relevant to possible violations of federal law or regulation. The rule is adopted by the Financial Crimes Enforcement Network (``FinCEN'') to implement the authority granted to the Secretary of the Treasury by the Bank Secrecy Act. The rule is a key to the creation of a new method for the reporting by depository institutions, on a uniform ``Suspicious Activity Report,'' of suspicious transactions and known or suspected criminal violations; related rules have been or will be adopted by the five federal financial supervisory agencies that examine and regulate the safety and soundness of depository institutions.

EFFECTIVE DATE: April 1, 1996.

FOR FURTHER INFORMATION CONTACT: Pamela Johnson, Assistant Director, Office of Financial Institutions Policy, FinCEN (703) 905-3920; Charles Klingman, Office of Financial Institutions Policy, FinCEN (703) 905-3920; Stephen R. Kroll, Legal Counsel, FinCEN (703) 905-3590; or Joseph M. Myers, Attorney-Advisor, Office of Legal Counsel, FinCEN, at (703) 905-3590.

SUPPLEMENTARY INFORMATION:

I. Statutory Provisions

The Bank Secrecy Act, Pub. L. 91-508, as amended, codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-5330, authorizes the Secretary of the Treasury, inter alia, to issue regulations requiring financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, and regulatory matters, and to implement counter-money laundering programs and compliance procedures. Regulations implementing Title II of the Bank Secrecy Act (codified at 31 U.S.C. 5311-5330), appear at 31 CFR Part 103. The authority of the Secretary to administer the Bank Secrecy Act has been delegated to the Director of FinCEN.

The provisions of 31 U.S.C. 5318(g) deal with the reporting of suspicious transactions by financial institutions subject to the Bank Secrecy Act and the protection from liability to customers of persons who make such reports.\1\ Subsection (g)(1) states generally:

\1\ The authority to require reporting of suspicious transactions was added to the Bank Secrecy Act by section 1517 of the Annunzio-Wylie Anti-Money Laundering Act (``Annunzio-Wylie''), Title XV of the Housing and Community Development Act of 1992, Pub. L. 102-550; it was expanded by section 403 of the Money Laundering Suppression Act of 1994 (the ``Money Laundering Suppression Act''), Title IV of the Riegle Community Development and Regulatory Improvement Act of 1994, Pub. L. 103-325, to require designation of a single government recipient for reports of suspicious transactions.

---------------------------------------------------------------------------

The Secretary may require any financial institution, and any director, officer, employee, or agent of any financial institution, to report any suspicious transaction relevant to a possible violation of law or regulation.

Subsection (g)(2) provides further:

A financial institution, and a director, officer, employee, or agent of any financial institution, who voluntarily reports a suspicious transaction, or that reports a suspicious transaction pursuant to this section or any other authority, may not notify any person involved in the transaction that the transaction has been reported.

Subsection (g)(3) provides that neither a financial institution, nor any director, officer, employee, or agent

that makes a disclosure of any possible violation of law or regulation or a disclosure pursuant to this subsection or any other authority . . . shall . . . be liable to any person under any law or regulation of the United States or any constitution, law, or regulation of any State or political subdivision thereof, for such disclosure or for any failure to notify the person involved in the transaction or any other person of such disclosure.

Finally, subsection (g)(4) requires the Secretary of the Treasury, ``to the extent practicable and appropriate,'' to designate ``a single officer or agency of the United States to whom such reports shall be made.'' This designation is not to preclude the authority of supervisory agencies to require financial institutions to submit other reports to the same agency ``under any other applicable provision of law.'' 31 U.S.C. 5318(g)(4)(C). The designated agency is in turn responsible for referring any report of a suspicious transaction to ``any appropriate law enforcement or supervisory agency.'' Id., at subsection (g)(4)(B).

II. Notice of Proposed Rulemaking

On September 7, 1995, a notice of proposed rulemaking (the ``Notice''), under the authority contained in 31 U.S.C. 5318(g), relating to the reporting of suspicious transactions by banks and other depository institutions,\2\ was published in the Federal Register (60 FR 46,556). Like this final rule, the Notice was published in coordination with the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, the Federal Deposit Insurance Corporation, the Office of Thrift Supervision, and the National Credit Union Administration (collectively, the ``Supervisory Agencies''). An announcement that the time to comment on the Notice had been extended until November 13, 1995, was published in the Federal Register on October 13, 1995, 60 FR 53,316.

\2\ References to ``bank'' include not only commercial banks, but also thrift institutions, credit unions, other types of depository institutions, and certain other institutions. See 31 CFR 103.11(c) (defining ``bank'' for purposes of 31 CFR Part 103).

---------------------------------------------------------------------------

The final rule is a key to the creation of a single reporting form, filing point, and data base for all reports of suspicious activity made by depository institutions. (The background of the new system is explained in greater detail in the Notice, see 60 FR at 46557-46558 (September 7, 1995).) The single filing point not only eliminates the need or multiple copies but also permits magnetic filing of reports by most institutions capable of and accustomed to making such filings with the Internal Revenue Service. Finally, the single data base will permit rapid dissemination of reports to appropriate law enforcement agencies, more thorough analysis and tracking of those reports, and, in time, the provision to the financial community of information about trends and patterns gleaned from the information reported.

Each Supervisory Agency involved has issued or shortly will issue a final rule requiring reporting under its respective authority. The final rules have been conformed to one another, so that a bank will file a suspicious activity report in satisfaction of both the rules of FinCEN and the rules of the applicable Supervisory Agency or Agencies.

A significant group of activities are required to be reported both under the authority of 31 U.S.C. 5318(g) and under the Supervisory Agencies' own administrative requirements, but a single filing will suffice to comply with all requirements.

As indicated above, this final rule becomes effective on April 1, 1996, as do the final rules issued by the Supervisory Agencies.

[[Page 4327]]

III. Explanation of Revisions and Summary of Comments

A. Comments on the Notice--Overview

FinCEN received 30 written comments on the Notice. Of these, 14 comments were submitted by banks or bank holding companies, seven by banking trade associations, one by a credit union, three by credit union trade associations, three by non-bank financial institutions, one by an ad hoc association of non-bank financial institutions, and one by a practicing attorney on his own behalf.

The commenters generally applauded the decision to reduce reporting burdens on banks and eliminate the confusion caused by duplicate filing requirements. They also supported efforts to enhance the use of the information submitted by banks about suspicious transactions and noted favorably Treasury's general efforts to work with the financial sector to fashion reasonable and cost-effective rules to prevent money laundering.

Commenters expressed a variety of concerns relating to five subjects. Four of the subjects--the definition of ``transaction'' (especially the treatment of safe deposit box use), the time for filing of suspicious activity reports, the nature of the records required to be retained by institutions in connection with particular suspicious activity reports and the manner and time period for their retention, and the confidentiality rules for such reports--concerned the operational details of the rule outlined in the Notice. The specifics of the comments are outlined below; suggestions made in the comments on those subjects have been adopted in large part.

The fifth subject addressed in the comments was the appropriateness of the proposed definition of suspicious transaction itself, especially the provisions of proposed 31 CFR 103.21(a)(2)(iii), which would require reporting generally of transactions that appear to have no business purpose and for which the reporting institution knew of no reasonable explanation. This provision has been retained, with revision, in the final rule. Specific comments on the provision are also discussed below.

After consideration of all the comments, 31 CFR 103.21, proposed in the Notice, is adopted as revised herein.

B. The Final Rule

While the final rule reflects numerous modifications in response to the comments received on the Notice, the format and substance of the final rule are generally consistent with the rule proposed in the Notice. The changes adopted are intended to improve, clarify, and refine the provisions of the proposed rule that required such modifications, without fundamentally altering the basic policies described in the Notice and reflected in the proposed rule.

The Notice outlined the importance of the reporting of suspicious transactions to Treasury's anti-money laundering and anti-financial crime programs. See 60 FR at 46,558-59 (September 7, 1995). Treasury is reconfirming, in issuing the final rule, its judgment that reporting of suspicious transactions in a timely fashion is a key component of the flexible and cost-efficient compliance system required to prevent the use of the nation's financial system for illegal purposes. The same judgment underlies Treasury's initiatives to sharply reduce the extent to which ordinary currency transactions are required to be reported with respect to ongoing businesses with a significant business history. Reporting of suspicious transactions is also required by the emerging international consensus defining the most effective methods for fighting international organized crime.

IV. Section-by-Section Analysis

A. 31 CFR 103.11--Definitions

1. 31 CFR 103.11 (qq)--FinCEN. The definition of FinCEN is adopted without change.

2. 31 CFR 103.11(ii)--Transaction. The Notice proposed to replace the definition of ``transaction in currency'' in the Bank Secrecy Act regulations with a definition of ``transaction'' that reflected the definition of transaction in 18 U.S.C. 1956 (laundering of monetary instruments). The Notice specifically requested comments on the treatment of the use of safe deposit boxes that would result from the proposed change and noted that the proposal was not intended to vary the substance of the requirement to report currency transactions under 31 CFR 103.22, other than in the case of deposits of cash in safe deposit boxes.

a. Appropriateness of New Definition Generally. One group of commenters questioned the appropriateness generally of the adoption for this rule of a definition of transaction based on the definition in the money laundering statute. Those commenters noted that ``Congress drafted this statutory definition broadly in order to criminalize every conceivable type of criminally-derived property [sic] but not with the expectation that it would be used as the basis for imposing a positive reporting obligation on financial institutions.'' They asserted that ``[s]uch a definition simply would not be workable for financial institutions that must comply with regulatory requirements.''

Treasury believes there is a necessary relationship between the anti-money laundering statute and the Bank Secrecy Act. The extent to which banks should be required to track or monitor certain sorts of transactions will also be addressed in the know-your-customer rules expected to be proposed later this year. Moreover, the ``transaction'' definition in the federal money laundering statute is already necessarily embraced in the existing criminal referral rules.

b. Treatment of Safe Deposit Boxes. The Notice had specifically requested comment on the decision to include use of a safe deposit box in the definition of transaction. The Notice explained that the definition was included to reflect the fact that in appropriate cases use of a safe deposit box may constitute a transaction under 18 U.S.C. 1956, following that statute's amendment to reverse the decision in United States v. Bell, 936 F.2d 337 (7th Cir. 1991).

Commenters strongly felt that a blanket inclusion of safe deposit box transactions within the ambit of the rule was inadvisable, potentially contrary to state law, and in any event contrary to a long established banking practice that a customer's use of a safe deposit box was a private transaction in which bank employees studiously sought not to interfere. After consideration of the comments, FinCEN has excluded use of a safe deposit box from the transaction definition.

Based on present experience, the risk of the use of a safe deposit box by itself as part of a money laundering or similar offense is sufficiently rare that a rule mandating blanket changes in long-established banking practices is uncalled for. At the same time, a transaction that involved both the use of a safe deposit box and a use of other banking facilities would be included in the transaction definition to the extent it involved such other facilities. (Of course, use of a safe deposit box by a customer that came to a bank's attention, for example, when a box was entered by a bank pursuant to accepted procedures, would be a candidate for the voluntary reporting contemplated by the second sentence of section 103.21(a).)

c. Definition of Transaction in Currency. Several commenters requested that the definition of ``transaction in currency'' be retained in 31 CFR 103.11, in order to avoid confusion in the administration of the currency transaction reporting requirement. That definition has been

[[Page 4328]]

retained, solely for purposes of the reporting rule in 31 CFR 103.22.

d. Investment Securities. One commenter pointed out that the proposed definition failed to take account of the fact that the Bank Secrecy Act definition of monetary instrument, unlike the 18 U.S.C. 1956 definition, includes only bearer instruments. The final rule adds the term ``investment security'' to the definition of transaction, as a cross reference to the definition of investment security in 31 CFR 103.11(t).

B. 31 CFR 103.21--Reports of Suspicious Transactions

1. 31 CFR 103.21(a). Subsection (a) contains the general statement of the obligation to file a suspicious activity report, and a general definition of the term ``suspicious transaction.'' The obligation extends only to transactions conducted or attempted by, at, or through a bank; transactions are reportable under this rule and 31 U.S.C. 5318(g) whether or not they involve currency.

Paragraph (a)(1) states, in its first sentence, that section 103.21 implements the regulatory authority granted to the Secretary of the Treasury by 31 U.S.C. 5318(g). Language has been added to the sentence to make it clear that the reporting of transactions ``relevant to a possible violation of law or regulation'' is required only to the extent specified in the rule. A second sentence has been added to encourage the reporting of transactions as so relevant, even in cases in which the rule does not explicitly so require, for example in the case of use of a safe deposit box or with respect to a transaction below the $5,000 threshold added to the rule, as discussed below. As also discussed below, such a voluntary report (that is, the report of a suspicious transaction relevant to a possible violation of law or regulation, in circumstances not required by the rule) is fully covered by the rules relating to non-disclosure and protection against liability specified in 31 U.S.C. 5318 (g)(2) and (g)(3) and in 31 CFR 103.21(e) (added by the final rule).

The proposed rule designated three classes of transactions as requiring reporting. The first class, described in subparagraph (a)(2)(i), includes transactions either involving funds derived from illegal activity or intended or conducted in order to hide or disguise funds or assets derived from illegal activity. The second class, described in subparagraph (a)(2)(ii), involves transactions designed to evade the requirements of the Bank Secrecy Act. The third class, described in subparagraph (a)(2)(iii), involves transactions that appear to have no business purpose or that vary so substantially from normal commercial activities or activities appropriate for the particular customer or class of customer as to have no reasonable explanation.

Commenters raised a number of questions about the terms of the proposed definition in paragraph (a)(2). First, they sought to limit the terms in which knowledge would be ascribed to a bank by questioning a standard that called for reporting when a bank ``knows, suspects, or has reason to suspect'' that a transaction requires reporting. The use of the term is intended to introduce a concept of due diligence into the reporting procedures. As part of the general conforming of the rules of FinCEN and the Supervisory Agencies, the same standards have been adopted by each agency.

Second, the Notice asked for the industry's position as to whether monetary thresholds should be created for reporting Bank Secrecy Act and money laundering violations. Many commenters sought the addition of a threshold for reporting transactions, while several other commenters argued against thresholds. FinCEN has determined to add a $5,000 threshold to the reporting rule, so that reports are now required only for a transaction (or, as explained below, a series of transactions) that involve at least that amount in funds or assets and that otherwise satisfy the terms of the rule. Adoption of this threshold is intended to reduce the burden of reporting and to conform the treatment of money laundering and related transactions to that of other situations in which reporting is required by the Supervisory Agencies. As a concomitant to the creation of a threshold, language has been added to make it clear that related transactions ``aggregating'' $5,000 or more may be reportable.

Several commenters also objected to the requiring of reports of ``attempted'' transactions, on the ground that an attempted transaction may neither be sufficiently obvious to draw a bank's attention nor to generate the sorts of records necessary to complete the report. FinCEN recognizes that these situations may arise and that the standards applied to reporting of attempts must necessarily be somewhat more flexible than those requiring reporting of completed transactions. However, the reporting of ``attempts'' has been required in the criminal referral reports that have evolved into the suspicious activity report, and the requirement to report attempts has been retained in the final rule.

The proposed rule required reporting of transactions conducted or attempted ``by, at, or through, or otherwise involving'' a bank. Several commenters objected to the inclusion in the rule of the words ``otherwise involving'' because their meaning was unclear and provided insufficient guidance for bank officials. The phrase has been deleted.

2. Subparagraph (a)(2)(i). Several commenters questioned whether the requirement to report transactions involving funds derived from illegal activity that are conducted in order to hide or disguise funds or assets derived from illegal activity extended to all illegal activity or only to activity that was illegal under federal law.

Language has been added to specify plainly that only activity that is in violation of federal law or regulation is covered by the requirement. Such a limitation does not, of course, make violation of state law irrelevant, especially in the many cases under 18 U.S.C. 1956, 1957 or 1960 in which violations of state law can serve as a predicate for a federal offense.

3. Subparagraph (a)(2)(ii). No comments were directed specifically toward subparagraph (a)(2)(ii), and that subparagraph is unchanged, except for a revised reference to the Bank Secrecy Act.

4. Subparagraph (a)(2)(iii). As proposed in the Notice, subparagraph (a)(2)(iii) required reporting of a transaction if:

the transaction appears to have no business purpose, the transaction varies from the normal methods of financial commerce, or the transaction is not the sort in which the particular customer or class of customer would normally be expected to engage, and, in each case, the bank knows of no reasonable explanation for the transaction.

Although a number of commenters opposed the reporting of transactions that could not definitively be linked to wrongdoing, FinCEN believes that a suspicious transaction reporting rule appropriately can and indeed must include a requirement for the reporting of transactions that vary so substantially from normal practice that they legitimately can and should raise suspicions of possible illegality. Unlike many criminal acts, money laundering involves the taking of apparently lawful steps--opening bank accounts, wiring funds, or investing or reinvesting assets--for an unlawful purpose. A skillful money launderer will often split the movement of funds between several institutions so that no one institution can have a complete picture of the transactions or funds movement

[[Page 4329]]

involved. Although a number of commenters objected to the standard, others viewed the standard as a workable compromise between the competing needs of enforcement and the financial system and, in one case, as consistent with the advice and training already given to line staff at the commenter's money center bank.

In addition, as indicated in the Notice, subparagraph (a)(2)(iii) recognizes the emerging international consensus that efforts to deter, substantially reduce, and eventually eradicate money laundering are greatly assisted by the reporting of suspicious transactions by banks.

The requirements of this section comply with the recommendations adopted by multilateral organizations in which the United States is an active participant, including the Financial Action Task Force of G-7 nations and the Organization of American States, and are consistent with the European Community's directive on preventing money laundering through financial institutions.

Although the basic standard has been retained, a number of changes have been made in response to specific comments on the Notice. First, the structure of the paragraph (a)(2) now makes it clear that all three subparagraphs in the suspicious transaction definition are qualified by the standard that the bank must ``know, suspect, or have reason to suspect'' that the reportable events have occurred. Second, the description of transactions that ``vary from the normal methods of financial commerce'' has been deleted because the phrase provided insufficient guidance to reporting institutions and was comprehended to the extent relevant by the ``no business purpose'' language of the preceding clause. Third, the specification of transactions in which the ``class of customer'' involved would not be expected to engage has been deleted, in response to concerns that the language unintentionally created a need for comparisons among groups of customers based on their personal characteristics. Fourth, the language has been altered to require reporting of transactions that appear to have no business ``or apparent lawful purpose''; the exception for transactions for which the bank knows of a reasonable explanation has been clarified to specify that knowledge of such an explanation requires an examination by the bank of the available facts, including factors such as the background and possible purpose of the transaction.

It remains true, as indicated in the Notice, that determinations as to whether a report is required must be based on all the facts and circumstances relating to the transaction and bank customer in question. Different fact patterns will require different types of judgments. In some cases, the facts of the transaction may clearly indicate the need to report. For example, continued payments or withdrawals of currency in amounts each beneath the currency transaction reporting threshold applicable under 31 CFR 103.22, or multiple exchanges of small denominations of currency into large denominations of currency, can indicate that a customer is involved in suspicious activity. Similarly, the fact that a customer refuses to provide information necessary for the bank to make reports or keep records required by this Part or other regulations, provides information that a bank determines to be false, or seeks to change or cancel the transaction after such person is informed of reporting requirements relevant to the transaction or of the bank's intent to file reports with respect to the transaction, would all indicate that a Suspicious Activity Report (``SAR'') should be filed.

In other situations a more involved judgment may need to be made whether a transaction is suspicious within the meaning of the rule. Transactions that raise the need for such judgments may include, for example, (i) funds transfers, payments or withdrawals that are not commensurate with the stated business or other activity of the person conducting the transaction or on whose behalf the transaction is conducted; (ii) transmission or receipt of funds transfers without normal identifying information or in a manner that indicates an attempt to disguise or hide the country of origin or destination or the identity of the customer sending the funds or of the beneficiary to whom the funds are sent; or (iii) repeated use of an account as a temporary resting place for funds from multiple sources without a clear business purpose therefore. The judgments involved will also extend to whether the facts and circumstances and the institution's knowledge of its customer provide a reasonable explanation for the transaction that removes it from the suspicious category.

5. 31 CFR 103.21(b). Subsection (b) sets forth the filing procedures to be followed by banks making reports of suspicious transactions. Reports are to be made within 30 calendar days of the initial detection of the suspicious transaction, by completing a SAR and filing it in a central location, to be determined by FinCEN. An additional 30 days is permitted in order to enable a bank to identify a suspect, but in no event may a SAR be filed after 60 days after the initial detection of the reportable transaction. The general timing rule has been changed so that the period for filing runs not from the date of the transaction being reported, but from the date of the ``initial detection'' of facts that may constitute a basis for the filing of a SAR; in many cases the two dates will be the same, but in others, where the transaction is detected by the bank's compliance screening systems, the dates may differ. If the bank's own internal investigation is still ongoing when filing is required the form filed may so indicate, but the form must nonetheless be filed within the periods specified in the rule. FinCEN recognizes that it is always difficult to apply general timing rules to every possible situation in which reporting may be required or reportable activity detected, and it believes that the change made in the rule adequately balances the need to recognize the crucial importance of bank screening systems and to provide clear deadlines for reporting. FinCEN is prepared to consider further changes in the timing rules if experience dictates a need therefore, but it also believes that timely reporting is essential.

Several commenters requested that a change be made in the requirement in the Notice that banks provide immediate telephone notice of ongoing violations to ``the'' appropriate law enforcement agency (in addition to filing the form as required). As requested, the language has been revised to require notice to ``an'' appropriate law enforcement agency.

The new filing procedures represent a significant improvement over the procedures currently followed by banks filing criminal referral forms. There is no longer any requirement to file multiple copies of forms with multiple agencies, and no requirement to file supporting documentation with the SAR itself.

6. 31 CFR 103.21(c). Subsection (c) continues in effect the longstanding exception from the obligation to file in the case of a robbery or burglary that is otherwise reported to appropriate law enforcement authorities. In response to a comment, the second longstanding exception contained in the rules of the Supervisory Agencies for reports of stolen securities has also been repeated in this rule. Treasury and the Supervisory Agencies recognize that bank robbery and burglary require the immediate attention of the appropriate police authorities, and are not the types of crimes about which this regulation is directly concerned.

7. 31 CFR 103.21(d). Subsection (d) states the obligation of filing banks to maintain copies of SARs and their

[[Page 4330]]

supporting documentation following the date of filing. This provision is intended to relieve banks of the need physically to transmit supporting documentation previously required to be filed with criminal referral reports without altering the utility or availability of the supporting documentation to the Supervisory Agencies or law enforcement agencies as needed. The supporting documentation is a part of the SAR and is held by the bank (in effect as agent for the Supervisory Agencies and FinCEN), to avoid requiring often significant masses of paper immediately to be transmitted to investigators or examiners.

Thus, identification of supporting documentation must be made at the time the SAR is filed, and such supporting documentation is deemed filed with a SAR in accordance with this paragraph of the final rule; as such, FinCEN, the Supervisory Agencies, and law enforcement authorities need not make their access requests through subpoena or other legal processes.

Several significant changes requested by commenters in the record retention requirements have been made. First, the time for which retention is required has been reduced from 10 years to five years (the general period for record retention required under the Bank Secrecy Act); a provision authorizing FinCEN to permit earlier destruction has been deleted as unnecessary in light of the reduction of the retention period to five years generally. Second, the wording has been changed to permit record retention in either paper form or in accordance with the bank's general recordkeeping procedures, even if those procedures call for record maintenance in electronic rather than paper form. FinCEN recognizes that a bank will not always have custody of the originals of documents and that some documents will not exist at the bank in paper form. In those cases, preservation of the best available evidentiary documents (for example, computer disks or photocopies) should be acceptable. This has been reflected in the final rule by changing the reference to original documents to ``original document or business record equivalents.''

The Notice referred both to documents ``supporting'' and documents ``related'' to the SAR. Many commenters found this dual reference confusing. FinCEN believes that the use of the word ``supporting'' is more precise and limits the scope of the information which must be retained to that which would be useful in explaining the terms of and parties to any suspicious transaction reported on a SAR. It is anticipated that banks will use their judgment in determining the information to be retained in light of the purposes of the reporting requirement. It is impossible to catalogue the precise types of information covered by this requirement, as the nature of the documentation that will ``support'' the determination embodied in a SAR necessarily depends upon the facts of a particular case.

8. 31 CFR 103.21(e). Subsection (e) incorporates the terms of 31 U.S.C. 5318 (g)(2) and (g)(3). This subsection thus specifically prohibits those filing SARs from making any disclosure, except to authorized law enforcement and regulatory agencies, about either the reports themselves, the information contained therein, or the supporting documentation (in the latter case if the supporting documentation indicates in any way that it is related to a SAR). This subsection thus also restates the broad protection from liability for making reports of suspicious transactions, and for failures to disclose the fact of such reporting, contained in the statute. As pointed out in the Notice, the regulatory provisions do not extend the scope of either the statutory prohibition or the statutory protection; however, because Treasury recognizes the importance of these statutory provisions to the overall effort to encourage meaningful reports of suspicious transactions, they are described in the regulation in order to remind compliance officers and others of their existence. The terms of subsection (e) have been revised to clarify that the protection of the statute, as well as the statutory prohibition against disclosures of filing, extends to voluntary reports of suspicious activity as well as those reports required by the final rule.

A number of commenters sought guidance about whether the statutory prohibitions against disclosure extended to subpoenas from third parties in civil litigation. FinCEN believes that the nondisclosure provisions of the statute extend to requests via subpoenas seeking SARs; as noted, the nondisclosure rule does not apply to supporting documentation, so long as no material in the supporting documentation produced in response to a subpoena or other process indicates its relationship to a SAR. The final rule adds a requirement that requests for a SAR or the information contained therein should be reported to FinCEN. (Under the rules of the Supervisory Agencies, reporting of such requests to those Agencies is also required.)

9. 31 CFR 103.21(f). Subsection (f) notes that compliance with the obligation to report suspicious transactions will be audited, and provides that failure to comply with the rule may constitute a violation of the Bank Secrecy Act and the Bank Secrecy Act regulations.

The substitution of the word ``may'' for the word ``shall'' is intended to indicate that the decision whether a failure to report a transaction in fact constitutes a Bank Secrecy Act violation will necessarily depend upon the facts of each situation. FinCEN anticipates that in general the area for inquiry in the case of failure to report will center upon both the facts of the particular failure and what the failure indicates about the bank's compliance systems and attention to the Bank Secrecy Act rules generally.

The Notice also stated that compliance with the obligation to report suspicious transactions would have no direct bearing on a bank's potential exposure under the criminal provisions of Title 18 of the U.S. Code. One commenter argued that any such statement was a bar to cooperation and urged the Department of the Treasury and the Justice Department to create safe harbors from criminal liability in cases in which SARs are filed.

The sentence questioned by the commenter was intended simply as a reminder that the language of the ``safe harbor'' provisions of 31 U.S.C. 5318(g) does not by its terms protect against criminal prosecutions. The sentence has been deleted in response to the comment, but its deletion in no way alters the scope of the statute.

Finally, a mistaken reference to Title 15 of the Code of Federal Regulations has been deleted.

C. Other Comments

1. Closing Accounts. FinCEN invited comment concerning the guidance that is appropriate in connection with a bank's decision, after filing a report concerning a particular customer, whether to terminate its relationship with that customer. Treasury continues to believe that unless instructed by an authorized official in writing, this is a decision which must be made by the financial institution.

2. Non-Bank Financial Institutions. Several comments were filed on behalf of non-bank financial institutions concerned that the rules embodied in the Notice would be extended to such institutions. Those comments were considered to the extent relevant to the Notice and will be held for consideration when rules are proposed governing such institutions.

V. Regulatory Flexibility Act.

FinCEN certifies that this regulation will not have a significant financial

[[Page 4331]]

impact on a substantial number of small depository institutions.

VI. Paperwork Reduction Act

The collection of information contained in this rule has been reviewed by the Office of Management and Budget (OMB) in accordance with the Paperwork Reduction Act of 1995, 44 U.S.C. 3507(d).

The collection of information requirements in this rule are found in 31 CFR 103.21, as issued in final form herein. This information is mandatory and is necessary to inform appropriate law enforcement and bank supervisory agencies of suspicious transactions involving or that take place at or through depository institutions. Information collected hereunder is confidential, see 31 U.S.C. 5318(g), and may be used by FinCEN, the federal financial institution regulatory agencies, federal law enforcement agencies and, where appropriate, state law enforcement and bank supervisory agencies. The respondent recordkeepers are for-profit financial institutions, including small businesses.

FinCEN may not conduct or sponsor, and an organization is not required to respond to, this information collection unless it displays a currently valid OMB control number. The OMB control number is 1506-0001.

No comments specifically addressing the hour burden for filing the SAR were received.

FinCEN estimates that there will be 15,000 responses from banks subject to the Bank Secrecy Act.

The revisions made to the final rule from the proposed rule published in the Notice simplify the submission of the reporting form and shorten the records retention period. However, the same amount of information will be collected under the final rule as under the proposed rule published in the Notice. The burden per respondent varies depending on the nature of the suspicious transaction being reported. FinCEN estimates that the average annual burden for reporting and recordkeeping per response will be 1 hour. Thus, FinCEN estimates the total annual hour burden to be 15,000 hours. However, this burden will not result in additional cost to the public because the same information is required to be filed by one or more of the Supervisory Agencies, and a single filing will satisfy all filing requirements.

Comments regarding the burden estimate, or any aspect of this collection of information, including suggestions for reducing the burden, should be sent to Office of Regulatory Policy and Enforcement, FinCEN, and to the Office of Management and Budget, Paperwork Reduction Project (7100-0212), Washington, D.C. 20503.

VII. Executive Order 12866

The Department of the Treasury has determined that this rule is not a significant regulatory action under Executive Order 12866.

VIII. Unfunded Mandates Act of 1995 Statement

Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L. 104-4 (Unfunded Mandates Act), March 22, 1995, requires that an agency prepare a budgetary impact statement before promulgating a rule that includes a federal mandate that may result in expenditure by state, local and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. If a budgetary impact statement is required, section 202 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule. FinCEN has determined that it is not required to prepare a written statement under section 202 and has concluded that on balance this rule provides the most cost-effective and least burdensome alternative to achieve the objectives of the rule.

List of Subjects in 31 CFR Part 103

Administrative practice and procedure, Authority delegations (Government agencies), Banks, banking, Currency, Investigations, Law enforcement, Reporting and recordkeeping requirements.

Amendment

For the reasons set forth above in the preamble, 31 CFR Part 103 is amended as set forth below:

PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND

FOREIGN TRANSACTIONS

1. The authority citation for Part 103 is revised to read as follows:

Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5330.

2. Section 103.11 as amended at 60 FR 228 and 44144 effective April 1, 1996, is further amended by revising paragraph (ii) and adding paragraph (qq) to read as follows:

Sec. 103.11 Meaning of terms.

* * * * *

(ii) Transaction. (1) Except as provided in paragraph (ii)(2) of this section, transaction means a purchase, sale, loan, pledge, gift, transfer, delivery or other disposition, and with respect to a financial institution includes a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or other investment security or monetary instrument, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected.

(2) For purposes of Sec. 103.22, and other provisions of this part relating solely to the report required by that section, the term ``transaction in currency'' shall mean a transaction involving the physical transfer of currency from one person to another. A transaction which is a transfer of funds by means of bank check, bank draft, wire transfer, or other written order, and which does not include the physical transfer of currency, is not a transaction in currency for this purpose.

* * * * *

(qq) FinCEN. FinCEN means the Financial Crimes Enforcement Network, an office within the Office of the Under Secretary (Enforcement) of the Department of the Treasury.

Sec. 103.21 [Redesignated as Sec. 103.20]

3. Section 103.21 is redesignated as Sec. 103.20.

4. New Sec. 103.21 is added to read as follows:

Sec. 103.21 Reports by banks of suspicious transactions.

(a) General. (1) Every bank shall file with the Treasury Department, to the extent and in the manner required by this section, a report of any suspicious transaction relevant to a possible violation of law or regulation. A bank may also file with the Treasury Department by using the Suspicious Activity Report specified in paragraph (b)(1) of this section or otherwise, a report of any suspicious transaction that it believes is relevant to the possible violation of any law or regulation but whose reporting is not required by this section.

(2) A transaction requires reporting under the terms of this section if it is conducted or attempted by, at, or through the bank, it involves or aggregates at least $5,000 in funds or other assets, and the bank knows, suspects, or has reason to suspect that:

(i) The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such

[[Page 4332]]

funds or assets) as part of a plan to violate or evade any federal law or regulation or to avoid any transaction reporting requirement under federal law or regulation;

(ii) The transaction is designed to evade any requirements of this part or of any other regulations promulgated under the Bank Secrecy Act, Pub. L. 91-508, as amended, codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31 U.S.C. 5311-5330; or

(iii) The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.

(b) Filing procedures--(1) What to file. A suspicious transaction shall be reported by completing a Suspicious Activity Report (``SAR''), and collecting and maintaining supporting documentation as required by paragraph (d) of this section.

(2) Where to file. The SAR shall be filed with FinCEN in a central location, to be determined by FinCEN, as indicated in the instructions to the SAR.

(3) When to file. A bank is required to file a SAR no later than 30 calendar days after the date of initial detection by the bank of facts that may constitute a basis for filing a SAR. If no suspect was identified on the date of the detection of the incident requiring the filing, a bank may delay filing a SAR for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction. In situations involving violations that require immediate attention, such as, for example, ongoing money laundering schemes, the bank shall immediately notify, by telephone, an appropriate law enforcement authority in addition to filing timely a SAR.

(c) Exceptions. A bank is not required to file a SAR for a robbery or burglary committed or attempted that is reported to appropriate law enforcement authorities, or for lost, missing, counterfeit, or stolen securities with respect to which the bank files a report pursuant to the reporting requirements of 17 CFR 240.17f-1.

(d) Retention of records. A bank shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of filing the SAR. Supporting documentation shall be identified, and maintained by the bank as such, and shall be deemed to have been filed with the SAR.

A bank shall make all supporting documentation available to FinCEN and any appropriate law enforcement agencies or bank supervisory agencies upon request.

(e) Confidentiality of reports; limitation of liability. No bank or other financial institution, and no director, officer, employee, or agent of any bank or other financial institution, who reports a suspicious transaction under this part, may notify any person involved in the transaction that the transaction has been reported. Thus, any person subpoenaed or otherwise requested to disclose a SAR or the information contained in a SAR, except where such disclosure is requested by FinCEN or an appropriate law enforcement or bank supervisory agency, shall decline to produce the SAR or to provide any information that would disclose that a SAR has been prepared or filed, citing this paragraph (e) and 31 U.S.C. 5318(g)(2), and shall notify FinCEN of any such request and its response thereto. A bank, and any director, officer, employee, or agent of such bank, that makes a report pursuant to this section (whether such report is required by this section or is made voluntarily) shall be protected from liability for any disclosure contained in, or for failure to disclosure the fact of such report, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).

(f) Compliance. Compliance with this section shall be audited by the Department of the Treasury, through FinCEN or its delegees under the terms of the Bank Secrecy Act. Failure to satisfy the requirements of this section shall be a violation of the reporting rules of the Bank Secrecy Act and of this part. Such failure may also violate provisions of Title 12 of the Code of Federal Regulations.

Dated: January 30, 1996.

Stanley E. Morris,

Director, Financial Crimes Enforcement Network.

[FR Doc. 96-2272 Filed 2-2-96; 8:45 am]

BILLING CODE 4820-03-P}}}}

The AML/BSA Blueprint

Jim Richards — Mon, 20 Mar 2006 22:28:35 -0500

The Bank Secrecy Act was passed in 1970. It went through a number of changes, the big ones being the criminalization of money laundering and the addition of "structuring" in 1986 ... the addition of the Suspicious Activity Report, or SAR in 1992 ... and the monumental passage of the USA PATRIOT Act in October 2001 (actually 31 years to the day from the passage of the original Act) adding a bucket of new laws.

But legislation without regulation is meaningless ... and it's taken years for the regulations to catch up to the legislation. And in areas where the government reglates industries, such as banking and financial services, regulation without regulatory guidance is often meaningless.

The result? Legislation needs regulation which needs regulatory guidance. In this case, the USA PATRIOT Act, passed on October 26, 2001 relies on multiple regulations, passed between 2002 and 2005, which in turn are almost unenforceable without regulatory guidance ... which was published in the form of the Federal Financial Institutions Examination Council, or FFIEC, Bank Secrecy Act Examination Manual. The Manual, published in June 2005, is available at http://www.ffiec.gov/bsa_aml_infobase/documents/BSA_AML_Man.pdf. Careful ... it's ove 300 pages long!

Title 31 - Quik Link

Jim Richards — Mon, 20 Mar 2006 22:15:45 -0500

http://www.access.gpo.gov/uscode/title31/title31.html

Title 31 - What's With The Name?

Jim Richards — Mon, 20 Mar 2006 22:06:01 -0500

Title 31 of the United States Code contains the Bank Secrecy Act, or BSA - the principle anti-money laundering (AML) statute in the United States. The author of the blog - owner of the blog? Principal of the blog? Whatever ... is an AML/BSA professional at a major US-based bank.