Financial Crimes Enforcement Network; Confidentiality of Suspicious Activity Reports, 75593-75607 [2010-29869]

Agencies

• DEPARTMENT OF THE TREASURY
• Department of Treasury

[Federal Register Volume 75, Number 232 (Friday, December 3, 2010)]
[Rules and Regulations]
[Pages 75593-75607]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-29869]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

31 CFR Part 103

RIN 1506-AA99


Financial Crimes Enforcement Network; Confidentiality of 
Suspicious Activity Reports

AGENCY: The Financial Crimes Enforcement Network (``FinCEN''), 
Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: FinCEN is issuing this final rule to amend the Bank Secrecy 
Act (``BSA'') regulations regarding the confidentiality of a report of 
suspicious activity (``SAR'') to: Clarify the scope of the statutory 
prohibition against the disclosure by a financial institution of a SAR; 
address the statutory prohibition against the disclosure by the 
government of a SAR; clarify that the exclusive standard applicable to 
the disclosure of a SAR by the government is to fulfill official duties 
consistent with the purposes of the BSA; modify the safe harbor 
provision to include changes made by the Uniting and Strengthening 
America by Providing the Appropriate Tools Required to Intercept and 
Obstruct Terrorism Act of 2001 (``USA PATRIOT Act''); and make minor 
technical revisions for consistency and harmonization among the 
different SAR rules. These amendments are part of the Department of the 
Treasury's continuing effort to increase the efficiency and 
effectiveness of its anti-money laundering and counter-terrorist

[[Page 75594]]

financing policies. These amendments are consistent with similar 
proposals to be issued by some of the Federal bank regulatory agencies 
in conjunction with FinCEN.\1\
---------------------------------------------------------------------------

    \1\ The Federal bank regulatory agencies have parallel SAR 
requirements for their supervised entities: See 12 CFR 208.62, 12 
CFR 211.24(f), and 12 CFR 225.4(f) (the Board of Governors of the 
Federal Reserve System) (``Fed'')); 12 CFR 353.3 (the Federal 
Deposit Insurance Corporation (``FDIC'')); 12 CFR 748.1 (the 
National Credit Union Administration (``NCUA'')); 12 CFR 21.11 (the 
Office of the Comptroller of Currency (``OCC'')) and 12 CFR 563.180 
(the Office of Thrift Supervision (``OTS'')).

---------------------------------------------------------------------------
DATES: Effective Date: January 3, 2011.

FOR FURTHER INFORMATION CONTACT: The FinCEN regulatory helpline at 
(800) 949-2732.

SUPPLEMENTARY INFORMATION: 

I. Background

    The BSA requires financial institutions to keep certain records and 
make certain reports that have been determined to be useful in 
criminal, tax, or regulatory investigations or proceedings, and for 
intelligence or counter-intelligence activities to protect against 
international terrorism. In particular, the BSA and its implementing 
regulations require financial institutions in certain industries \2\ to 
file a SAR when they detect a known or suspected violation of Federal 
law or regulation, or a suspicious activity related to money 
laundering, terrorist financing, or other criminal activity.\3\
---------------------------------------------------------------------------

    \2\ FinCEN has implemented regulations for suspicious activity 
reporting at 31 CFR 103.15 (for mutual funds); 31 CFR 103.16 (for 
insurance companies); 31 CFR 103.17 (for futures commission 
merchants and introducing brokers in commodities); 31 CFR 103.18 
(for banks); 31 CFR 103.19 (for broker-dealers in securities); 31 
CFR 103.20 (for money services businesses); 31 CFR 103.21 (for 
casinos).
    \3\ The Annunzio-Wylie Anti-Money Laundering Act of 1992 (the 
Annunzio-Wylie Act), amended the BSA and authorized the Secretary of 
the Treasury to require financial institutions to report suspicious 
transactions relevant to a possible violation of law or regulation. 
See Public Law 102-550, Title XV, 1517(b), 106 Stat. 4055, 4058-9 
(1992); 31 U.S.C. 5318(g)(1).
---------------------------------------------------------------------------

    SARs generally are unproven reports of possible violations of law 
or regulation, or of suspicious activities, that are used for law 
enforcement or regulatory purposes. The BSA provides that a financial 
institution and its officers, directors, employees, and agents are 
prohibited from notifying any person involved in a suspicious 
transaction that the transaction was reported.\4\ FinCEN implemented 
this provision in its SAR regulations for each industry through an 
explicit prohibition that closely mirrored the enacting statutory 
language. Specifically, we clarified that disclosure could not be made 
to the person involved in the transaction, but that the SAR could be 
provided to FinCEN, law enforcement, and the financial institution's 
supervisory or examining authority. In certain SAR rules, we have 
expressly provided for the possibility of institutions jointly filing a 
SAR regarding suspicious activity that occurred at multiple 
institutions.\5\
---------------------------------------------------------------------------

    \4\ See 31 U.S.C. 5318(g)(2).
    \5\ Bank Secrecy Act regulations expressly permitting the filing 
of a joint SAR when multiple financial transactions are involved in 
a common transaction or series of transactions involving suspicious 
activity can be found at 31 CFR 103.15(a)(3) (for mutual funds); 31 
CFR 103.16(b)(3)(ii) (for insurance companies); 31 CFR 103.17(a)(3) 
(for futures commission merchants and introducing brokers in 
commodities); 31 CFR 103.19(a)(3) (for broker-dealers in 
securities); and 31 CFR 103.20(a)(4) (for money services 
businesses).
---------------------------------------------------------------------------

    The USA PATRIOT Act strengthened the confidentiality of SARs by 
adding to the BSA a new provision that prohibits officers or employees 
of the Federal government or any State, local, Tribal, or territorial 
government within the United States with knowledge of a SAR from 
disclosing to any person involved in a suspicious transaction that the 
transaction was reported, other than as necessary to fulfill the 
official duties of such officer or employee.\6\
---------------------------------------------------------------------------

    \6\ See USA PATRIOT Act, section 351(b). Public Law 107-56, 
Title III, Sec.  351, 115 Stat. 272, 321(2001); 31 U.S.C. 
5318(g)(2).
---------------------------------------------------------------------------

    To encourage the reporting of possible violations of law or 
regulation, and the filing of SARs, the BSA contains a safe harbor 
provision that shields financial institutions making such reports from 
civil liability in connection with the report. In 2001, the USA PATRIOT 
Act clarified that the safe harbor also covers voluntary disclosure of 
possible violations of law and regulations to a government agency and 
expanded the scope of the limit on liability to cover any civil 
liability that may exist ``under any contract or other legally 
enforceable agreement (including any arbitration agreement).'' \7\
---------------------------------------------------------------------------

    \7\ See USA PATRIOT Act, section 351(a). Public Law 107-56, 
Title III, Sec.  351, 115 Stat. 272, 321(2001); 31 U.S.C. 
5318(g)(3).
---------------------------------------------------------------------------

II. The Notice of Proposed Rulemaking and Related Actions

    On March 9, 2009, FinCEN published in the Federal Register a notice 
of proposed rulemaking (``the proposed rule'') and two separate notices 
and requests for comment on proposed guidance (``the proposed 
guidance'') (collectively, ``the notices''). In the proposed rule, 
FinCEN proposed amendments to each of FinCEN's SAR rules to include key 
changes that would (1) clarify the scope of the statutory prohibition 
against the disclosure by a financial institution of a SAR; (2) address 
the statutory prohibition against the disclosure by the government of a 
SAR; (3) clarify that the exclusive standard applicable to the 
disclosure of a SAR, or any information that would reveal the existence 
of a SAR by the government is ``to fulfill official duties consistent 
with Title II of the BSA,'' in order to ensure that SAR information is 
protected from inappropriate disclosures unrelated to the BSA purposes 
for which SARs are filed; (4) modify the safe harbor provision to 
include changes made by the USA PATRIOT Act; and (5) where possible, 
harmonize minor technical differences that exist among the 
confidentiality, safe harbor, and compliance provisions of our 
rulemakings for different industries. The proposed guidance interpreted 
one of the provisions of the proposed rules relating to (1) above, to 
clarify that SARs could be shared, subject to certain qualifications, 
within an institution's corporate organizational structure.
    In separate but contemporaneous rulemakings, some of the Federal 
bank regulatory agencies proposed amending their SAR rules to 
incorporate comparable provisions to FinCEN's proposed rules, and 
amending their information disclosure regulations \8\ to clarify that 
the exclusive standard governing the release of a SAR, or any 
information that would reveal the existence of a SAR, is set forth in 
the confidentiality provisions of their respective SAR rules.
---------------------------------------------------------------------------

    \8\ Generally, these regulations are known as ``Touhy 
regulations,'' after the Supreme Court's decision in United States 
ex rel. Touhy v. Ragen, 340 U.S. 462 (1951). In that case, the 
Supreme Court held that an agency employee could not be held in 
contempt for refusing to disclose agency records or information when 
following the instructions of his or her supervisor regarding the 
disclosure. As such, an agency's Touhy regulations are the 
instructions agency employees must follow when those employees 
receive requests or demands to testify or otherwise disclose agency 
records or information.
---------------------------------------------------------------------------

    The notices and related Federal bank regulatory agency actions were 
published together in their own separate part of the Federal Register 
to encourage commenters to take into account all relevant provisions.

III. Comments on the Notices--Overview and General Issues

    The comment period for the notices ended on June 8, 2009. We 
received a total of 26 submissions from 25 distinct entities.\9\ Of 
these, 15 were submitted by trade groups or associations, four were 
submitted by individual financial

[[Page 75595]]

institutions, three were submitted by Federal, Tribal, or foreign 
government agencies, three were submitted by consultants or attorneys 
not affiliated with a specific financial institution, and one was 
submitted by a self-regulatory organization (``SRO''). The comments 
generally supported the proposed rules while requesting the broadening 
of the proposed sharing guidance.\10\ Several of the comments specific 
to the proposed rules provided suggestions for additionally 
strengthening or clarifying the general confidentiality provision, as 
well as the specific confidentiality provisions for institutions, 
governments, and SROs. Due to the broad and varied topics raised during 
comment, the majority of comments are addressed in the section-by-
section analysis, below.
---------------------------------------------------------------------------

    \9\ All comments to the notices are available for public viewing 
at https://www.regulations.gov or https://www.fincen.gov/statutes_regs/bsa/regs_proposal_comment.html.
    \10\ Comments about the sharing guidance are addressed 
separately in a related ``notice of availability of guidance'' 
published by FinCEN in today's Federal Register.
---------------------------------------------------------------------------

IV. Section-by-Section Analysis

A. Confidentiality of SARs

    FinCEN proposed clarifying the general introduction to the 
confidentiality provision in each of its SAR rules to read, ``A SAR, 
and any information that would reveal the existence of a SAR, are 
confidential and shall not be disclosed except as authorized in this 
paragraph.'' FinCEN proposed this change to be more comprehensive than 
the previous language that, on face value, was limited only to the 
person involved in the transaction and applied only with respect to the 
SAR form itself. The phrase ``SAR[s] are confidential'' also was 
consistent with the existing Federal bank regulatory agency SAR rules, 
while the application of confidentiality to ``a SAR, and information 
that would reveal the existence of a SAR'' (``SAR information'') was 
consistent with both FinCEN and case law interpretations \11\ of the 
previous non-disclosure provision. In the final rule, FinCEN is 
adopting this language as proposed, without change.
---------------------------------------------------------------------------

    \11\ See, e.g., Whitney Nat'l Bank v. Karam, 306 F. Supp. 2d 
678, 682 (S.D. Tex. 2004); Cotton v. Private Bank and Trust Co., 235 
F. Supp. 2d 809, 815 (N.D. Ill. 2002).
---------------------------------------------------------------------------

    Some commenters asked that FinCEN clarify the term ``information 
that would reveal the existence of a SAR'' for the purpose of defining 
the scope of SAR confidentiality. One commenter specifically asked 
whether that term only includes information that affirmatively states 
that a SAR was filed. Another commenter urged that FinCEN formally 
recognize that documents prepared by a financial institution when 
complying with its SAR obligations should be afforded confidentiality.
    Clearly, any document or other information that affirmatively 
states that a SAR has been filed constitutes information that would 
reveal the existence of a SAR and should be kept confidential. By 
extension, an institution also should afford confidentiality to any 
document stating that a SAR has not been filed. Were FinCEN to allow 
disclosure of information when a SAR is not filed, institutions would 
implicitly reveal the existence of a SAR any time they were unable to 
produce records because a SAR was filed.\12\
---------------------------------------------------------------------------

    \12\ For example, a private litigant may serve a discovery 
request on a bank in civil litigation that calls for the bank to 
produce the underlying documentation on companies A, B, and C, where 
the bank has filed a SAR on company A but not companies B or C, and 
the underlying documentation reflects the SAR filing decisions. If 
the bank then produces the underlying documentation for companies B 
and C, but neither confirms nor denies the existence of a SAR when 
declining to provide similar documentation for company A, by 
negative implication it may have revealed the existence of the SAR 
filed on company A.
---------------------------------------------------------------------------

    The more difficult situation is when a document or other 
information is silent as to whether a SAR has or has not been filed. 
Documents that may identify suspicious activity but that do not reveal 
whether a SAR exists (e.g., a document memorializing a customer 
transaction, such as an account statement indicating a cash deposit or 
a record of a funds transfer), should be treated as falling within the 
underlying facts, transactions, and documents upon which a SAR may be 
based, and should not be afforded confidentiality.\13\ This distinction 
is set forth in the final rule's second rule of construction and 
reflects relevant case law.\14\
---------------------------------------------------------------------------

    \13\ As one commenter correctly suggested, information produced 
in the ordinary course of business may contain sufficient 
information that a reasonable and prudent person familiar with SAR 
filing requirements could use to conclude that an institution likely 
filed a SAR (e.g., a copy of a fraudulent check, or a cash 
transaction log showing a clear pattern of structured deposits). 
Such information, alone, does not constitute information that would 
reveal the existence of a SAR.
    \14\ See, e.g., Whitney Nat. Bank v. Karam, 306 F. Supp. 2d 678, 
682 (S.D. Tex. 2004) (noting that courts have ``allowed the 
production of supporting documentation that was generated or 
received in the ordinary course of the banks' business, on which the 
report of suspicious activity was based''); Cotton v. Private Bank 
and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002) (holding 
that the ``factual documents which give rise to suspicious conduct * 
* * are to be produced in the ordinary course of discovery because 
they are business records made in the ordinary course of 
business'').
---------------------------------------------------------------------------

    However, the strong public policy that underlies the SAR system as 
a whole--namely, the creation of an environment that encourages 
financial institutions to report suspicious activity without fear of 
reprisal--leans heavily in favor of applying SAR confidentiality not 
only to a SAR itself, but also in appropriate circumstances to material 
prepared by the financial institution as part of its process to detect 
and report suspicious activity, regardless of whether a SAR ultimately 
was filed or not. This interpretation also reflects relevant case 
law.\15\
---------------------------------------------------------------------------

    \15\ See, e.g., Whitney at 682-83 (holding that the SAR 
confidentiality provision protects, inter alia, ``communications 
preceding the filing of a SAR and preparatory or preliminary to it; 
communications that follow the filing of a SAR and are explanations 
or follow-up discussion; or oral communications or suspected or 
possible violations that did not culminate in the filing of a 
SAR''); Cotton at 815 (holding that ``documents representing the 
drafts of SARs or other work product or privileged communications 
that relate to the SAR itself * * * are not to be produced [in 
discovery] because they would disclose whether a SAR has been 
prepared or filed''); Union Bank of California, N.A. v. Superior 
Court, 130 Cal. App. 4th 378, 391 (2005) (holding that ``a draft SAR 
or internal memorandum prepared as part of a financial institution's 
process for complying with Federal reporting requirements is 
generated for the specific purpose of fulfilling the institution's 
reporting obligation * * * [and] fall within the scope of SAR 
[confidentiality] because they may reveal the contents of a SAR and 
disclose whether `a SAR has been prepared or filed' '').
---------------------------------------------------------------------------

    As explained in more detail in the proposed rule, the primary 
purpose for clarifying the scope of the confidentiality provision is to 
ensure that, due to potentially serious consequences, the persons 
involved in the transaction and identified in the SAR cannot be 
notified, directly or indirectly, of the report. Accordingly, FinCEN 
proposed replacing the previous rule text prohibiting disclosure of the 
SAR to the person involved in the transaction with a broad general 
confidentiality provision for all SAR information applicable to all 
persons not authorized in the rules of construction to receive such 
information. With respect to ``information that would reveal the 
existence of a SAR,'' therefore, institutions should distinguish 
between certain types of statistical or abstract information or general 
discussions of suspicious activity that may indicate that an 
institution has filed SARs,\16\ and information that would reveal the 
existence of a SAR in a manner that could enable the person involved in 
the

[[Page 75596]]

transaction potentially to be notified, whether directly or indirectly.
---------------------------------------------------------------------------

    \16\ One example of such information could include summary 
information commonly provided by banks in the ``notification to the 
board'' required by the various Federal bank regulatory agency SAR 
rules. Banks subject to the requirement are encouraged to be 
cautious in the production of relevant portions of board minutes or 
other records to avoid the risk of potentially exposing SAR 
information to the subject, either directly or indirectly, in the 
event such records are subject to future subpoena.
---------------------------------------------------------------------------

    FinCEN also proposed modifying this introductory section to clarify 
that ``for purposes of [the confidentiality provision] only, a SAR 
shall include any suspicious activity report filed with FinCEN pursuant 
to any regulation in this part'' and eliminating references in the 
confidentiality provisions of certain rules to specific versions of the 
SAR form like the SAR-SF (for use by the securities and futures 
industries) or SAR-MSB (for use by money services businesses). This 
change clarified that the confidentiality provisions of our SAR rules 
apply with respect to any type of SAR in the filing institution's 
possession, which, since it may result from the joint filing or sharing 
of a SAR with another type of financial institution in accordance with 
the provisions of these proposed rules, could include a type of SAR 
form not used by the institution. This provision is also being adopted 
as proposed, without change.

B. Disclosure by Financial Institutions

    The proposed rule provided that any financial institution, or any 
director, officer, employee, or agent of a financial institution, that 
is subpoenaed or otherwise requested to disclose a SAR, or information 
that would reveal the existence of a SAR, must decline to provide the 
information, citing this section of the rules and 31 U.S.C. 
5318(g)(2)(A)(i), and must provide notification of the request and its 
response thereto to FinCEN and, in the rules for those industries with 
parallel SAR requirements administered by a primary Federal functional 
regulator,\17\ notification to that regulator as well.
---------------------------------------------------------------------------

    \17\ Primary Federal functional regulator, for purposes of this 
final rule, means the Federal bank regulatory agencies, the 
Securities and Exchange Commission (``SEC''), and the Commodity 
Futures Trading Commission (``CFTC''). Only the Federal bank 
regulatory agencies administer parallel SAR requirements.
---------------------------------------------------------------------------

    One commenter suggested that FinCEN adjust the SAR rule for banks 
to remove the ``duplicative'' requirement for a bank to notify both 
FinCEN and its primary Federal functional regulator when SAR 
information is inappropriately requested. FinCEN disagrees with the 
characterization of the requirement as ``duplicative'' since the 
entities in question have separate SAR rules issued and administered by 
separate agencies. The joint notification requirement in FinCEN's rule, 
therefore, simply acknowledges the notification requirement of multiple 
SAR regulations issued under multiple authorities.
    Because FinCEN's jurisdiction is limited to the Title 31 SAR rules, 
however, FinCEN is removing the requirement from its bank SAR rule that 
an institution notify its primary Federal regulator in addition to 
notifying FinCEN in the event of an inappropriate request for SAR 
information. While this will create greater consistency within FinCEN's 
SAR rules for multiple industries and between FinCEN's rules and most 
of the primary Federal regulator bank SAR rules with respect to the 
requirement to notify only the agency administering that rule, it does 
not relieve institutions from their requirement to comply with the 
provisions of similar but distinct rules administered by separate 
agencies. FinCEN will continue to explore the possibility of 
streamlining the process of notification under separate legal 
authorities.\18\
---------------------------------------------------------------------------

    \18\ In the interim, upon notification by a financial 
institution, FinCEN will ensure that an institution's primary 
Federal regulator has been notified of such a request and the 
institution's response thereto.
---------------------------------------------------------------------------

    Another commenter asked FinCEN to establish procedures by which an 
institution, if it thought it would benefit the institution, could 
petition FinCEN to authorize the disclosure of SAR information for in 
camera review during a private legal proceeding. As discussed elsewhere 
in this rulemaking, the protection of the filing institution is not the 
only reason for the SAR confidentiality provision. Further, FinCEN 
believes that in most legal proceedings, a filing institution that 
would benefit from the disclosure of a SAR would benefit comparably 
with evidence from underlying facts, transactions, and documents. 
Consequently, FinCEN does not intend to establish procedures for 
submitting such a request in this rulemaking.

C. Rules of Construction

    FinCEN proposed rules of construction that clarify the scope of the 
SAR disclosure prohibition and implement statutory modifications to the 
BSA made by the USA PATRIOT Act. The proposed rules of construction 
primarily describe situations that are not covered by the prohibition 
against the disclosure of SAR information. The introduction to these 
rules makes clear that the rules of construction are each qualified by 
and subordinate to the statutory mandate that no person involved in any 
reported suspicious transaction can be notified that the transaction 
has been reported. This introductory sentence is being adopted as 
proposed, without change, in the final rule.
1. The First Rule of Construction
    The first proposed rule of construction clarified the 
permissibility of disclosures to governmental authorities or other 
examining authorities that are otherwise entitled by law to receive 
SARs and to examine for or investigate suspicious activity. For most 
industries, the rule stated that a financial institution, or any 
director, officer, employee, or agent of a financial institution, may 
disclose a SAR, or information that would reveal the existence of a 
SAR, to FinCEN or any Federal, State, or local law enforcement agency 
or any Federal or State regulatory authority that examines the 
financial institution for compliance with the BSA.
a. State Regulatory Authorities
    FinCEN is adjusting the language slightly in the final rule to make 
a technical correction in the SAR rule text for some industries. While 
the original SAR rules provided for requests for disclosure from 
``appropriate law enforcement [and] supervisory agenc[ies],'' the 
proposed rules sought to expand these terms by describing explicitly 
the types of entities that fit into those categories. Accordingly, some 
of the proposed rules used the phrase ``* * * state regulatory 
authority that examines [the institution] for compliance with the 
BSA.'' FinCEN believes that commenters clearly understood and consented 
to the intent of this language, but will use the more technically 
accurate phrase ``* * * state regulatory authority administering a 
state law that requires [the institution] to comply with the BSA or 
otherwise authorizes the state authority to ensure that the institution 
complies with the BSA'' in the final rule.
    This change recognizes that State regulatory authorities are 
generally authorized by State law to examine for compliance with the 
BSA in one of two ways: (1) The law authorizes the State authority to 
examine the institution for compliance with all Federal laws and 
regulations generally or with the BSA explicitly, or (2) the law 
requires a financial institution to comply with all Federal laws and 
regulations generally or with the BSA explicitly, and authorizes the 
State authority to examine for compliance with the State law. An 
institution may provide SAR information to a State regulatory authority 
meeting either criterion.
    Commenters pointed out that some, but not all of the rules, 
provided for a financial institution to disclose SAR information to 
these State regulatory authorities. While one of FinCEN's goals

[[Page 75597]]

for the final rule is to create consistency between the various 
industry SAR rules where appropriate, FinCEN intentionally omitted 
State regulatory agencies from this rule of construction for the 
securities and futures industries. FinCEN has not delegated, and 
Congress has not authorized, State regulation for compliance with the 
BSA to these industries. Accordingly, the provision regarding 
disclosures to State regulatory authorities has been incorporated into 
the final rule for all industries other than securities broker-dealers, 
futures commission merchants, introducing brokers in commodities, and 
mutual funds.
    For each of those industries excluded from the aforementioned 
``state regulatory'' provision, FinCEN also has made a comporting 
change in the final rule to the paragraph entitled ``Retention of 
Records.'' With respect to an institution's obligation to provide the 
supporting documentation to a SAR only to appropriate parties upon 
request, the final rule text includes Federal regulatory agencies, but 
not State regulatory agencies.
b. Tribal Regulatory Authorities
    FinCEN received a similar comment regarding Tribal casinos that may 
be regulated by a Tribal regulatory authority. As with State agencies, 
FinCEN believes disclosures to such authorities should be limited only 
to an entity with authority to examine for compliance with laws 
requiring compliance with the BSA. Accordingly, FinCEN is incorporating 
a technical change similar to that described for State regulatory 
authorities, above, to more accurately describe the methods by which 
Tribal regulatory authorities obtain jurisdiction to examine for BSA 
compliance. The first rule of construction in the final rule for 
casinos now reads, ``* * * or any tribal regulatory authority 
administering a tribal law that requires the casino to comply with the 
BSA or otherwise authorizes the tribal regulatory authority to ensure 
that the casino complies with tribal law.''
c. Self-Regulatory Organizations
    For the proposed rules governing securities broker-dealers, futures 
commission merchants, and introducing brokers in commodities, an 
institution's ability to disclose under the first rule of construction 
also was extended to a self-regulatory organization that is examining 
the institution for compliance with the requirements ``of this 
section,'' a phrase FinCEN interpreted in the preamble as meaning the 
SAR rules. FinCEN received multiple and conflicting comments on this 
provision. Commenters correctly noted that this language differs from 
the standard used for Federal and State regulatory authorities.
    One comment received from a government agency supported this 
different standard, stating that while Congress directed FinCEN to make 
SARs available to certain SROs in Section 358(c) of the USA PATRIOT Act 
(amending 31 U.S.C. 5319), Congress's simultaneous expansion in Section 
358(a) of the ``declaration of purpose'' for the data collected under 
the BSA in Chapter 53 of Title 31 of the U.S.C. did not include self-
regulatory purposes. Another comment from an SRO argued, however, that 
limiting SRO access to SAR information only in conjunction with an 
examination for BSA compliance was inconsistent with the aims of the 
BSA.
    The language in the proposed rule limiting SRO use of SARs was 
consistent with the uses originally described in the previous SAR 
rules.\19\ As such, the proposed rule did not propose restricting, but 
rather declined to expand, the existing SRO authority to use SARs. In 
the final rule, however, FinCEN is emphasizing the important role of 
BSA data in the support of supervisory functions to promote the 
integrity of financial markets and mitigate risks of financial crime. 
Accordingly, the final rule text regarding SROs more closely models the 
language used for government regulatory authorities. At the same time, 
the final rule recognizes the relationship of SROs and the Federal 
agencies responsible for their oversight, upon whom FinCEN relies for 
the purpose of helping to ensure that the SROs are operating in a 
manner consistent with FinCEN's mission.
---------------------------------------------------------------------------

    \19\ For example, prior to this final rule, the existing SAR 
rule for securities broker-dealers at 31 CFR 103.19(g) stated that 
``[r]eports filed under this section shall be made available to an 
SRO registered with the [SEC] examining a broker-dealer for 
compliance with the requirements of this section.''
---------------------------------------------------------------------------

    SROs are not governmental entities, but do play a significant role 
in regulating segments of the financial industry under the close 
supervision and regulatory oversight by specific Federal agencies. The 
SEC regulates the Financial Industry Regulatory Authority (``FINRA'') 
and other SROs, while the CFTC regulates the National Futures 
Association (``NFA'') and a number of other SROs. FinCEN relies on the 
close supervision by the Federal functional regulators of those 
industries also subject to SRO oversight to assist FinCEN in ensuring 
that SROs appropriately use and handle BSA information. As these 
agencies are in a position to understand the needs of the SROs for BSA 
information and are also in a position to monitor the SROs' interaction 
with the entities subject to both the regulators' and the SROs' 
purview, FinCEN has determined that SROs should obtain SARs and 
supporting documentation from the entities that they examine in a 
manner and for purposes that the Federal agency responsible for its 
oversight deems appropriate. Thus, the final rule makes it clear that a 
financial institution examined by an SRO can provide SAR information to 
the SRO, upon the request of the Federal agency responsible for its 
oversight.
    This request may apply to the SRO in an isolated context or in a 
broad context to cover a variety of situations and understood uses, as 
determined appropriate by that agency. FinCEN expects the Federal 
agency responsible for the SRO's oversight to provide this request 
either to the institution in writing, or to the SRO in the form of a 
writing that is available for the SRO to share with the institution. 
Given the fact that many institutions may come under the jurisdiction 
of more than one regulator and more than one SRO, a record of the 
relevant Federal regulator's request is important to avoid confusion.
    In keeping with its cooperative relationships with the relevant 
Federal regulators, FinCEN will monitor the regulators' requests for 
SAR information and communicate with the regulators with respect to any 
concerns that either FinCEN or the regulators identify with respect to 
the use and protection of SARs by an SRO.
    In light of the above considerations, the final rule for those 
industries with SROs now reads to allow disclosure to ``* * * any SRO 
that examines [the institution] for compliance with the requirements of 
this section, upon the request of [the Federal agency responsible for 
its oversight].''
d. Civil Enforcement Authorities
    One commenter also argued that the SEC and CFTC, in their capacity 
of civil enforcement of laws applicable to all persons (including 
institutions they do not examine for compliance with the BSA), should 
have the authority to request SAR information (specifically, supporting 
documentation) from all financial institutions in the same manner as 
law enforcement agencies. FinCEN is not amending the first rule of 
construction to allow this for two reasons. First, limiting the ability 
of the SEC or the CFTC to obtain information that would reveal that a 
SAR has been filed only from the types of institutions

[[Page 75598]]

they examine for compliance with the BSA is consistent with the 
treatment under the final rule of all other Federal regulatory 
authorities, many of which also possess civil enforcement authorities. 
Second, although FinCEN recognizes the civil enforcement authority of 
the SEC and CFTC, FinCEN believes both agencies have been adequately 
empowered with requisite subpoena powers to obtain relevant data from 
financial institutions they do not examine for BSA compliance. That 
data includes the underlying facts, transactions, and documents upon 
which a SAR is based, pursuant to the second rule of construction. For 
example, if a bank receives a subpoena from the SEC or the CFTC that 
does not refer to a SAR, but merely requests certain transactional 
documents, then it would be permissible for the bank to respond to the 
subpoena with relevant documents, so long as the disclosure of any such 
document would not reveal the existence of a SAR. FinCEN understands 
that there may be situations in which documentation revealing the 
existence of a SAR will be responsive to an SEC or CFTC subpoena. In 
such situations, a financial institution should contact FinCEN with any 
questions concerning its ability under the SAR rules to provide 
information in response to a subpoena. In situations where the SEC or 
CFTC deem a subpoena to be imprudent, FinCEN notes the ability of those 
agencies to make a request for supporting documentation through FinCEN 
or the primary Federal regulator for that institution.
e. Other Requests for SAR Information
    One commenter brought to FinCEN's attention examples of ``dual 
filing requirements'' imposed by State regulatory authorities that do 
not meet the criteria in the first rule of construction of 
administering a State law that requires the financial institution to 
comply with the BSA or otherwise authorizes the State authority to 
ensure that the institution complies with the BSA. According to the 
commenter, these State agencies request that copies of SARs filed with 
FinCEN be provided to the State authority.\20\ The confidentiality 
provision and first rule of construction, as finalized, explicitly 
prohibit an institution from complying with such a request. 
Institutions should provide SAR information to only those entities 
specifically included in the rules of construction. In the event that a 
State agency that is not described in the rules of construction 
requires access to SAR information to exercise its authorities, that 
agency should seek access from FinCEN for such information. 
Institutions that are subject to such ``dual filing requirements'' from 
an unauthorized entity should contact FinCEN in accordance with the 
procedures of this rule.
---------------------------------------------------------------------------

    \20\ Such ``dual filing'' requirements, regardless of whether 
the State authority examines for compliance with State laws 
requiring compliance with the BSA, are inherently inconsistent with 
31 U.S.C. 5318(g)(4), which clearly intends that all SARs be filed 
to a single government agency designated by the Secretary of the 
Treasury.
---------------------------------------------------------------------------

    Finally, multiple commenters requested assistance from FinCEN in 
discerning whether a request for SAR information comes from an 
appropriate party. For example, one commenter suggested that FinCEN 
develop a ``standard request form'' for law enforcement to use when 
requesting SAR information. Due to the variety of authorities to whom a 
SAR may be disclosed, the variety of purposes for which they may 
require SAR information, and the greater clarity already provided in 
the first rule of construction, FinCEN believes such a request to be 
impractical and unnecessary. Another commenter suggested FinCEN issue 
standard verification procedures for an institution to follow to 
determine who is an ``appropriate'' authority. In both the proposed 
rules and final rules, FinCEN has removed the term ``appropriate'' from 
the list of entities that could receive SAR information. This change 
from the previous SAR rules indicates FinCEN's intention to list 
explicitly in the first rule of construction all categories of 
authorities to whom an institution may provide SAR information without 
a subpoena. FinCEN believes this should greatly reduce the ambiguity 
surrounding requests. One commenter, however, requested confirmation 
that when an institution receives a request for disclosure of SAR 
information and contacts FinCEN and its regulator because of 
uncertainty regarding the requesting entity's status as an authority 
authorized by the first rule of construction, that the SAR should 
continue to be kept confidential as prescribed by the regulation. 
FinCEN agrees, but urges institutions in such a situation to quickly 
contact FinCEN for resolution.
2. The Second Rule of Construction
    The second proposed rule of construction provided that the phrase, 
``a SAR or information that would reveal the existence of a SAR'' does 
not include ``the underlying facts, transactions, and documents upon 
which a SAR is based,'' which therefore are not subject to the 
confidentiality provision.
    This proposed rule of construction included illustrative examples 
of situations where the underlying facts, transactions, and documents 
upon which a SAR is based may be disclosed. One commenter suggested 
that FinCEN clarify that the illustrative examples are not exhaustive, 
and that there may be other situations not prescribed in the rule where 
an institution may disclose the underlying facts, transactions, and 
documents upon which a SAR is based. FinCEN did not intend for these 
examples to be exhaustive and does not believe the text, as proposed, 
implies that the examples are exhaustive. The preamble to the proposed 
rules, for example, expressly stated that ``these two examples are not 
intended to be an exhaustive list of all possible scenarios in which 
the disclosure of underlying information is permissible'' and included 
a discussion of disclosure of underlying information that was not 
explicitly listed in the rule text. It stated that ``while a financial 
institution is prohibited from producing documents in discovery that 
evidence the existence of a SAR, factual documents created in the 
ordinary course of business (for example, business records and account 
information upon which a SAR is based), may be discoverable in civil 
litigation under the Federal Rules of Civil Procedure.\21\
---------------------------------------------------------------------------

    \21\ See Cotton, 235 F. Supp. 2d at 815.
---------------------------------------------------------------------------

    For purposes of clarity, however, FinCEN is modifying the final 
rule language to read ``* * * the underlying facts, transactions, and 
documents upon which a SAR is based, including but not limited to, 
disclosures'' expressly listed as illustrative examples in the rule. 
Accordingly, with respect to the SAR confidentiality provision 
only,\22\ institutions may disclose underlying facts, transactions, and 
documents for any purpose, provided that no person involved in the 
transaction is notified and none of the underlying information reveals 
the existence of a SAR.
---------------------------------------------------------------------------

    \22\ This sentence does not speak to any other laws or 
regulations governing a financial institution's responsibilities to 
maintain and protect information.
---------------------------------------------------------------------------

    The first illustrative example in the proposed rules clarified that 
underlying information \23\ may be disclosed to another financial 
institution, or any director, officer, employee, or agent of the 
financial institution, for the preparation of a joint SAR. This text is 
being adopted in the final rule, as

[[Page 75599]]

proposed, and clarifies the authority for all institutions with a SAR 
requirement to jointly file SARs with any other institution with a SAR 
requirement.\24\
---------------------------------------------------------------------------

    \23\ FinCEN reminds institutions that the underlying facts, 
transactions, and documents upon which a SAR is based may include or 
reference previously filed SARs or other information that would 
reveal the existence of a SAR. Such underlying information could not 
be disclosed under this rule of construction.
    \24\ On December 21, 2006, FinCEN and the Federal bank 
regulatory agencies announced that the format for the SAR form for 
depository institutions had been revised to support a new joint 
filing initiative to reduce the number of duplicate SARs filed for a 
single suspicious transaction. ``Suspicious Activity Report (SAR) 
Revised to Support Joint Filings and Reduce Duplicate SARs,'' Joint 
Release issued by FinCEN, the FRB, the OCC, the OTS, the FDIC, and 
NCUA (Dec. 21, 2006). On February 17, 2006, FinCEN and the Federal 
bank regulatory agencies published a joint Federal Register notice 
seeking comment on proposed revisions to the SAR form. See 71 FR 
8640. On April 26, 2007, FinCEN announced a delay in implementation 
of the revised SAR form until further notice. See 72 FR 23891. Until 
such time as a new SAR form is available that facilitates joint 
filing, institutions authorized to jointly file should follow 
FinCEN's guidance to use the words ``joint filing'' in the narrative 
of the SAR and ensure that both institutions maintain a copy of the 
SAR and any supporting documentation (See, e.g., https://www.fincen.gov/statutes_regs/guidance/html/guidance_faqs_sar_10042006.html).
---------------------------------------------------------------------------

    The second illustrative example in the proposed rule was included 
only in the final SAR rules for depository institutions, securities 
broker-dealers, futures commission merchants, and introducing brokers 
in commodities, and provided that such underlying information may be 
disclosed in certain written employment references and termination 
notices as authorized by section 351 of the USA PATRIOT Act.\25\ One 
commenter suggested that this illustrative example should be placed in 
the SAR rules for all industries. The statutory authority for this 
provision, however, extends only to entities governed by either section 
18(w) of the Federal Deposit Insurance Act or relevant rules of SROs 
registered with the SEC or the CFTC.\26\
---------------------------------------------------------------------------

    \25\ 31 U.S.C. 5318(g)(2)(B).
    \26\ See, 31 U.S.C. 5318(g)(2(B).
---------------------------------------------------------------------------

    One commenter asked FinCEN to allow the disclosure of SAR 
information to a party that has expressed interest in purchasing an 
institution. While FinCEN believes generally that such a disclosure is 
inconsistent with the purposes of the BSA, certain information, such as 
statistics or other underlying information that does not reveal the 
existence of a SAR, could be provided to such parties under the second 
rule of construction and could assist such purchasers with their due 
diligence obligations.
    Another commenter suggested that FinCEN include another 
illustrative example of the disclosure of underlying facts, 
transactions, and documents not prohibited by the confidentiality 
provision. Specifically, this commenter asked that we explicitly 
authorize such information to be disclosed within an institution's 
corporate organizational structure for enterprise-wide risk management 
and the identification and reporting of suspicious activity. Provided 
that such information does not disclose a SAR or information that would 
reveal the existence of a SAR, FinCEN agrees that such disclosure of 
underlying information is not prohibited by the final rule or any 
previous SAR rules. Given the greater clarity provided by the phrase 
``including but not limited to'' discussed previously, and the 
unnecessarily limited universe of entities to whom an institution could 
disclose underlying information suggested by the commenter,\27\ FinCEN 
is reluctant to introduce the complex and potentially limiting concept 
of ``corporate organizational structure'' within this intentionally 
broad rule of construction.
---------------------------------------------------------------------------

    \27\ Disclosure of underlying facts, transactions, and documents 
for compliance purposes to an entity outside of an institution's 
corporate organizational structure may be warranted and would not be 
prohibited, provided that a SAR or information that would reveal the 
existence of a SAR was not disclosed.
---------------------------------------------------------------------------

3. The Third Rule of Construction
    As proposed, the third rule of construction applied only to 
depository institutions, securities broker-dealers, mutual funds, 
futures commission merchants, and introducing brokers in commodities, 
and made clear that the prohibition against the disclosure of SAR 
information did not preclude the sharing by any of those financial 
institutions, or any director, officer, employee, or agent of those 
institutions, of a SAR or information that would reveal the existence 
of the SAR within the institution's corporate organizational structure, 
for purposes that are consistent with Title II of the BSA, as 
determined by regulation or in guidance. This proposed rule of 
construction recognized that these financial institutions may find it 
necessary to share SAR information to fulfill reporting obligations 
under the BSA, and to facilitate more effective enterprise-wide BSA 
monitoring, reporting, and general risk-management. The term ``share'' 
used in this rule of construction was an acknowledgement that sharing 
within a corporate organization for purposes consistent with Title II 
of the BSA is distinguishable from a prohibited disclosure.
    FinCEN received substantial comment about the issue of SAR sharing, 
much of which is addressed in the separate notice of availability of 
guidance published in today's Federal Register. In general, the 
comments requested an expansion of the sharing authorities with respect 
to both the parties permitted to share and the parties with whom SAR 
information could be shared. Most commenters provided a clear rationale 
for how expanded SAR sharing would benefit their institutions by 
increasing efficiency, cutting costs, and enhancing the detection and 
reporting of suspicious activity. Most commenters, however, failed to 
sufficiently address how they would mitigate effectively the risk of 
unauthorized disclosure of SAR information if the sharing authority was 
expanded to the extent requested.
    Multiple commenters requested the expansion of the SAR sharing 
authority to all industries that currently have a SAR requirement, not 
just to depository institutions and the securities and futures 
industries. However, these commenters failed to address the disparity 
in regulatory oversight between those industries with a primary Federal 
functional regulator (industries to whom the proposed rules granted the 
authority to share) and those without. Accordingly, FinCEN is taking a 
phased approach in the final rule to granting additional industries the 
ability to share within their corporate organizational structure. To 
allow for potential future expansion of the sharing guidance, we are 
including the third rule of construction in the final rule text for all 
industries. As discussed further in the notice of availability of 
guidance, however, we have not at this time included those industries 
without a primary Federal functional regulator in the guidance 
authorizing sharing with affiliates. This approach establishes the 
regulatory framework for those industries potentially to share SAR 
information within their corporate structure in the future, as 
prescribed by FinCEN in regulation or guidance, without necessarily 
requiring an amendment to the SAR confidentiality provision in each 
industry's SAR rules.\28\
---------------------------------------------------------------------------

    \28\ At this time, we are also not expanding the 2006 guidance 
on sharing with head offices and controlling companies to additional 
industries. The regulatory framework provided in the final rule, 
however, also would facilitate the potential expansion of this 
authority to those industries in the future.
---------------------------------------------------------------------------

D. Disclosures by Government Authorities

    In the proposed rule, FinCEN included a regulatory prohibition in 
each industry's SAR rule that created a prohibition against disclosure 
by all Federal, State, local, territorial, or Tribal government 
authorities, and any director, officer, employee, or agent of those 
authorities. The proposed rule

[[Page 75600]]

tracked the statutory language \29\ closely by clarifying that any 
officer or employee of the government may not disclose a SAR or 
information that would reveal the existence of the SAR, ``except as 
necessary to fulfill official duties consistent with Title II of the 
Bank Secrecy Act.''
---------------------------------------------------------------------------

    \29\ See 31 U.S.C. 5318(g)(2)(A)(ii).
---------------------------------------------------------------------------

    This standard would permit, for example, official disclosures 
responsive to a grand jury subpoena; a request from an appropriate 
Federal or State law enforcement or regulatory agency; a request from 
an appropriate Congressional committee or subcommittees; and 
prosecutorial disclosures mandated by statute or the Constitution, in 
connection with the statement of a government witness to be called at 
trial, the impeachment of a government witness, or as material 
exculpatory of a criminal defendant.\30\ This proposed interpretation 
of section 5318(g)(2)(A)(ii) would ensure that SAR information will not 
be disclosed for a reason that is unrelated to the purposes of the BSA. 
For example, this standard would not permit the disclosure of SAR 
information to the media.
---------------------------------------------------------------------------

    \30\ See, e.g., Giglio v. United States, 405 U.S. 150, 153-54 
(1972); Brady v. State of Maryland, 373 U.S. 83, 86-87 (1963); 
Jencks v. United States, 353 U.S. 657, 668 (1957).
---------------------------------------------------------------------------

    The proposed rules also specifically provide that ``official duties 
consistent with Title II of the BSA'' shall not include the disclosure 
of SAR information in response to a request for disclosure of non-
public information \31\ or a request for use in a private legal 
proceeding, including a request pursuant to 31 CFR 1.11. The BSA 
exists, in part, to protect the public's interest in an effective 
reporting system that benefits the nation by helping to assure that the 
U.S. financial system will not be used for criminal activity or to 
support terrorism. FinCEN believes that this purpose would be 
undermined by the disclosure of SAR information to a private litigant 
for use in a civil lawsuit for the reasons described earlier, including 
the reason that such disclosures could negatively impact full and 
candid reporting by financial institutions.
---------------------------------------------------------------------------

    \31\ For purposes of this rulemaking, ``non-public information'' 
refers to information that is exempt from disclosure under the 
Freedom of Information Act.
---------------------------------------------------------------------------

    FinCEN is adopting the text, as proposed, while clarifying that the 
rule should not be read to preclude inter-governmental sharing of SAR 
information. For example, while a FinCEN employee would be precluded 
under this provision from disclosing SAR information if requested by 
the press under the Freedom of Information Act, it would not 
necessarily be outside of the FinCEN employee's official duties to 
provide that information to another government agency.

E. Disclosures by Self-Regulatory Organizations

    In the proposed rules governing entities which may be examined for 
compliance with their SAR requirements by an SRO, FinCEN included a 
provision regarding disclosures by SROs that closely paralleled the 
provision regarding government disclosures. The language differed, 
however, to reflect the fact that self-regulatory organizations are not 
governmental entities. One commenter suggested that because SROs are 
not governmental entities but rather are subject to oversight by the 
SEC and CFTC, they cannot possess ``official duties'' in the same 
capacity as a government representative. Another comment submitted by 
an SRO requested that FinCEN expand, rather than limit, an SRO's 
authority to use and disclose SARs for all self-regulatory purposes. 
While FinCEN agrees that SROs are not government agencies, FinCEN 
believes it is not necessary to define the extent to which SROs possess 
``official duties'' under 31 U.S.C. 5318(g)(2)(A)(ii) at this time. 
Instead, FinCEN has modified the language of the final rule text to 
comport with language from the first rule of construction by stating 
that SROs ``shall not disclose * * * except as necessary to fulfill 
self-regulatory duties upon the request of [the Federal agency 
responsible for its oversight], in a manner consistent with title II of 
the BSA.''
    For consistency, we also are removing ``official duties'' from the 
subsequent sentences in the final rule (regarding the appropriate SRO 
response to requests for use in a private legal proceeding or for 
disclosure of non-public information) and using the same replacement 
language.

F. Limitation on Liability

    In Section 351 of the USA PATRIOT Act, Congress amended section 
5318(g)(3) to clarify that the scope of the safe harbor provision also 
includes the voluntary disclosure of possible violations of law and 
regulations to a government agency, and to expand the scope of the 
limit on liability to include any liability which may exist ``under any 
contract or other legally enforceable agreement (including any 
arbitration agreement).'' FinCEN tracked more closely the statutory 
language in the proposed rules, particularly by stating that the safe 
harbor applies to ``disclosures'' (and not ``reports'' as in some 
previous rulemakings) made by institutions.
    Additionally, to comport with the authorization to jointly file 
SARs in the second rule of construction, FinCEN clarified that the safe 
harbor also applies to ``a disclosure made jointly with another 
institution.'' This concept exists currently in those SAR rules where 
joint filing had been explicitly referenced, but has been revised to 
track more closely the statutory language. It was also inserted for the 
sake of consistency into those SAR rules where it had been absent 
previously, clarifying that all parties to a joint filing, and not 
simply the party that provides the form to FinCEN, fall within the 
scope of the safe harbor.
    For consistency, FinCEN also separated the provision for 
confidentiality of reports and limitation of liability into two 
separate provisions in those rules for industries which previously 
contained both provisions under the single heading ``confidentiality of 
reports; limitation of liability.''
    All comments received about the safe harbor provision encouraged 
making the provision as strong as possible. One commenter identified 
the statutory phrase, ``to any person,'' that was not included in the 
proposed rules, and which FinCEN believes would strengthen the safe 
harbor provided by the final rule. The commenter correctly pointed out 
that the statutory safe harbor provision protects persons from 
liability not only to the person involved in the transaction, but also 
to any other person. Accordingly the final rule is being amended to 
insert the phrase ``shall be protected from liability to any person, 
for any such disclosure * * *'' and is otherwise being adopted as 
proposed, without change.
    Another commenter requested that FinCEN expressly grant safe harbor 
to an institution that makes a determination not to file a SAR after 
investigating potentially suspicious activity. The statutory safe 
harbor provision, however, is clearly intended to protect persons 
involved in the filing of a voluntary or required SAR from civil 
liability only for filing the SAR and for refusing to provide notice of 
such filing. FinCEN cannot provide additional protection from liability 
for other actions.

G. Compliance

    In the proposed rule, FinCEN streamlined the compliance provision 
by providing only that (1) FinCEN or its

[[Page 75601]]

delegatees \32\ may examine the institution for compliance with the SAR 
requirement; (2) that a failure to satisfy the requirements of the SAR 
rule may constitute a violation of the BSA or BSA regulations; and (3) 
for depository institutions with parallel Title 12 SAR requirements, 
that failure to comply with FinCEN's SAR requirement may also 
constitute a violation of the parallel Title 12 rules. For consistency, 
the proposed rules also used only the heading ``Compliance'' for this 
provision in each of the SAR rules.\33\ In the absence of any comments 
objecting to any of the proposed changes to the Compliance provision, 
FinCEN is adopting them as proposed, without change, in the final rule.
---------------------------------------------------------------------------

    \32\ In the case of the SEC and the CFTC, that authority may be 
further delegated to SROs.
    \33\ Identical section in separate SAR rules had been titled 
``Compliance'' or ``Examination and Enforcement'' prior to the 
proposed rule.
---------------------------------------------------------------------------

H. Technical Corrections and Harmonization

    In addition to the changes described above in the Section-by-
Section analysis, the final rule incorporates the proposed technical 
corrections to harmonize, where appropriate, each of FinCEN's seven SAR 
rules with each other and with those being issued by some of the 
Federal bank regulatory agencies. FinCEN believes that such efforts 
will simplify compliance with SAR reporting requirements.
    In the final rule for each industry, FinCEN is making one such 
change that had not been proposed. FinCEN is amending the paragraph 
entitled ``retention of records'' so that the standard for the 
disclosure of a SAR's supporting documentation to appropriate 
governmental authorities comports with the standard found in the first 
rule of construction. Because the supporting documentation is deemed to 
have been filed with the SAR but kept in custody by the financial 
institution, this change is necessary to ensure that all types of SAR 
information are subject to the same standard of confidentiality. This 
comporting change is consistent with the substance of the proposed rule 
text, as addressed through public comment.
    For the mutual fund SAR rule only, this comporting change results 
in striking language regarding supporting documentation for a SAR 
jointly filed with a broker-dealer in securities being made available 
by the mutual fund to the SRO of the broker-dealer. This change is 
consistent with FinCEN's treatment elsewhere in the final rule of 
regulatory authorities' ability to request SAR information from 
entities they do not regulate.\34\
---------------------------------------------------------------------------

    \34\ See the earlier preamble discussion of ``civil enforcement 
authorities'' under the first rule of construction, including the 
ability of a regulator to obtain supporting documentation from 
FinCEN or the supervisor of an institution in cases where its own 
authorities are limited.
---------------------------------------------------------------------------

V. Other Issues

A. Requests for Guidance

    One commenter requested additional guidance from FinCEN regarding 
additional situations under which a SAR could be disclosed, but did not 
provide any examples of the ``unclear and vague'' issues that remained. 
It is FinCEN's intent, and one of the underlying motivations for this 
rulemaking, that the rules of construction, as finalized, constitute 
clearly all of the