Confidentiality of Suspicious Activity Reports, 75586-75593 [2010-29877]
Download as PDFAgencies
[Federal Register Volume 75, Number 232 (Friday, December 3, 2010)] [Rules and Regulations] [Pages 75586-75593] From the Federal Register Online via the Government Printing Office [www.gpo.gov] [FR Doc No: 2010-29877] ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY Office of Thrift Supervision 12 CFR Part 563 [Docket ID OTS-2010-0015] RIN 1550-AC26 Confidentiality of Suspicious Activity Reports AGENCY: The Office of Thrift Supervision, Treasury (OTS). ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: The OTS is issuing this final rule to amend its regulations implementing the Bank Secrecy Act (BSA) governing the confidentiality of a suspicious activity report (SAR) to: Clarify the scope of the statutory prohibition on the disclosure by a financial institution of a SAR, as it applies to savings associations and service corporations; address the statutory prohibition on the disclosure by the government of a SAR, as that prohibition applies to the OTS's standards governing the disclosure of SARs; clarify that the exclusive standard applicable to the disclosure of a SAR, or any information that would reveal the existence of a SAR, by the OTS is to fulfill official duties consistent with the purposes of the BSA; and modify the safe harbor provision in the OTS's SAR rules to include changes made by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act. These amendments are consistent with a final rule being contemporaneously issued by the Financial Crimes Enforcement Network (FinCEN) and the Office of Comptroller of the Currency (OCC). DATES: This rule is effective on January 3, 2011. FOR FURTHER INFORMATION CONTACT: Marvin Shaw, Senior Attorney, Regulations and Legislation (202-906-6639); Noelle Kurtin, Senior Attorney, Enforcement (202-906-6739); or Stacy Messett, Senior Project Manager, BSA and Compliance Examinations (202-906-6241); Office of Thrift Supervision, 1700 G Street, NW., Washington, DC 20552. SUPPLEMENTARY INFORMATION: I. Background The BSA requires financial institutions, including savings associations and service corporations regulated by the OTS, to keep certain records and make certain reports that have been determined to be useful in criminal, tax, or regulatory investigations or proceedings, and for intelligence or counter intelligence activities to protect against international terrorism. In particular, the BSA and its implementing regulations require a financial institution to file a SAR when it detects a known or suspected violation of Federal law or a suspicious activity related to money laundering, terrorist financing, or other criminal activity.\1\ --------------------------------------------------------------------------- \1\ The Annunzio-Wylie Anti-Money Laundering Act of 1992 (the Annunzio-Wylie Act) amended the BSA and authorized the Secretary of the Treasury to require financial institutions to report suspicious transactions relevant to a possible violation of law or regulation. See Pub. L. 102-550, Title XV, section 1517(b), 106 Stat. 4055, 4058-9 (1992); 31 U.S.C. 5318(g)(1). The OTS, Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and National Credit Union Administration (NCUA), (collectively referred to as the Federal bank regulatory agencies) subsequently issued virtually identical implementing regulations on suspicious activity reporting. See 12 CFR 21.11 (OCC); 12 CFR 208.62 (FRB); 12 CFR 353.3 (FDIC); 12 CFR 563.180 (OTS); and 12 CFR 748.1 (NCUA). --------------------------------------------------------------------------- SARs are used for law enforcement or regulatory purposes to combat terrorism, terrorist financing, money laundering and other financial crimes. For this reason, the BSA provides that a financial institution, and its officers, directors, employees, and agents are prohibited from notifying any person involved in a suspicious transaction that the transaction was reported.\2\ To encourage the voluntary reporting of possible violations of law and regulation, and the filing of SARs, the BSA also contains a safe harbor provision, which shields financial institutions making such reports from civil liability. --------------------------------------------------------------------------- \2\ 31 U.S.C. 5318(g)(2)(A)(i). --------------------------------------------------------------------------- FinCEN \3\ has issued rules implementing the SAR confidentiality provisions for various types of financial institutions that closely mirror the statutory language.\4\ In addition, the Federal bank regulatory agencies implemented these provisions through similar regulations that provide SARs are confidential and generally no information about or contained in a SAR may be disclosed.\5\ The regulations issued by FinCEN and the Federal bank regulatory agencies also describe the applicability of the safe harbor provision to both voluntary reports of possible and known violations of law and the required filing of SARs.\6\ --------------------------------------------------------------------------- \3\ FinCEN is the agency designated by the Department of the Treasury to administer the BSA, and with which SARs must be filed. See 31 U.S.C. 5318; 12 CFR 21.11(c). \4\ See, e.g., 31 CFR 103.18(e) (SAR confidentiality rule for banks); 31 CFR 103.19(e) (SAR confidentiality rule for brokers or dealers in securities). \5\ See 12 CFR 21.11(k) (OCC); 12 CFR 208.62(j) (FRB); 12 CFR 353.3(g) (FDIC); 12 CFR 563.180(d)(12) (OTS); and 12 CFR 748.1 (NCUA). \6\ 31 U.S.C. 5318(q)(3). --------------------------------------------------------------------------- The USA PATRIOT Act of 2001 strengthened the confidentiality of SARs by adding to the BSA a new provision that prohibits officers or employees of the Federal Government or any State, local, tribal, or territorial government within the United States with knowledge of a SAR, from disclosing to any person involved in a suspicious transaction that the transaction was reported, other than as necessary to fulfill the official duties of such officer or employee.\7\ The USA PATRIOT Act also clarified that the safe harbor shielding financial institutions from liability covers voluntary disclosures of possible violations of law and regulations to a government agency and expanded the scope of the limit on liability to cover any civil liability that [[Page 75587]] may exist ``under any contract or other legally enforceable agreement (including any arbitration agreement).'' \8\ --------------------------------------------------------------------------- \7\ See USA PATRIOT Act, section 351(b), Pub. L. 107-56, Title III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(2). \8\ See USA PATRIOT Act, section 351(a), Pub. L. 107-56, Title III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(3). --------------------------------------------------------------------------- FinCEN is issuing a final rule to modify its SAR rules to interpret or further interpret the provisions of the BSA that relate to the confidentiality of SARs and the safe harbor for such reporting. The OTS is amending its SAR rules contemporaneously, consistent with the final rules being issued by FinCEN and the OCC, to clarify the manner in which these provisions apply to savings associations and service corporations and to the OTS's own standards governing the disclosure of a SAR and any information that would reveal the existence of a SAR (referred to in this preamble as ``SAR information''). In a separate rulemaking action from the part 563 proposal, the OTS also simultaneously proposed to amend its information disclosure regulation set forth in 12 CFR part 510 to clarify that the exclusive standard governing the release of SAR information is set forth in 12 CFR 563.180.\9\ The OTS issued that proposed amendment to 12 CFR part 510 at the same time as the part 563 proposal, to make clear that the OTS will disclose SAR information only when necessary to satisfy the BSA purposes for which SARs are filed. Today, the OTS also is adopting the part 510 proposal as final without change. --------------------------------------------------------------------------- \9\ See elsewhere in this issue of the Federal Register. --------------------------------------------------------------------------- II. Overview of the Proposed Rule and Related Actions On March 9, 2009, the OTS published proposed amendments to its rules \10\ to include key changes that would: (1) Clarify the scope of the statutory prohibition on the disclosure by a financial institution of a SAR, as it applies to savings associations and service corporations; (2) address the statutory prohibition on the disclosure by the government of a SAR, which was added to the BSA by section 351(b) of the USA PATRIOT Act of 2001, as that prohibition applies to the OTS's standards governing the disclosure of SAR information; and (3) clarify that the exclusive standard applicable to the disclosure of SAR information by the OTS is to fulfill official duties consistent with the purposes of the BSA, in order to ensure that SAR information is protected from inappropriate disclosures unrelated to the BSA purposes for which SARs are filed. In addition, the proposed amendments would modify the safe harbor provision in the OTS's SAR rules \11\ to include changes made by the USA PATRIOT Act. --------------------------------------------------------------------------- \10\ 74 FR 10139 (March 9, 2009). \11\ 12 CFR 563.180(d)(13). --------------------------------------------------------------------------- Contemporaneously with the publication of, and as described in, the OTS's proposal, FinCEN issued for notice and comment proposed guidance regarding the sharing of SARs with affiliates.\12\ That proposed guidance may be used to interpret a provision of the OTS's proposed rulemaking. --------------------------------------------------------------------------- \12\ 74 FR 10158 (Mar. 9, 2009). --------------------------------------------------------------------------- III. Comments on the Proposed Rule The comment period for the proposed rulemakings ended on June 8, 2009. OTS received a total of three comments.\13\ Of these, two were submitted by bank trade associations and one was submitted by an individual. The comments generally supported the OTS's proposed rule while requesting broadening of FinCEN's proposed sharing guidance.\14\ Comments specific to the OTS's proposed rule provided suggestions related to the disclosure of the ``underlying facts, transactions, and documents upon which a SAR is based;'' the requirement to reveal a SAR request to both OTS and FinCEN; and the proposed modification to the safe harbor provision in the OTS's SAR rules \15\ to include changes made by the USA PATRIOT Act. These comments are addressed in the Section-by-Section Analysis section of this SUPPLEMENTARY INFORMATION. --------------------------------------------------------------------------- \13\ None of the comments received by the OTS directly addressed the proposed revisions to the OTS's information disclosure regulation set forth in 12 CFR part 510. \14\ Comments about the sharing guidance are addressed separately in a related ``notice of availability of guidance'' published by FinCEN elsewhere in today's Federal Register together with FinCEN's final rules. \15\ 12 CFR 1563.180(d)(13). --------------------------------------------------------------------------- IV. Section-by-Section Analysis Section 563.180(d)(2)(iii) Definition of a SAR The primary purpose of the OTS's SAR rule is to ensure that a savings association or service corporation files a SAR when it detects a known or suspected violation of a Federal law or a suspicious transaction related to money laundering activity or a violation of the BSA. See 12 CFR 563.180. Incidental to this purpose, the OTS's SAR rule includes a section that addresses the confidentiality of SARs. Under the current SAR rule, the term ``SAR'' means ``a Suspicious Activity Report on the form prescribed by the OTS.'' \16\ The proposed rule would have defined a ``SAR'' generically as ``a Suspicious Activity Report.'' This change would extend the confidentiality provisions of the OTS's SAR rule to all SARs, including those filed on forms prescribed by FinCEN.\17\ As a consequence, a savings association or service corporation that obtained a SAR, for example, from a non- bank affiliate pursuant to the provisions of the proposed rule, would be required to safeguard the confidentiality of the SAR, even if the SAR had not been filed on a form prescribed by the OTS. The OTS received no comments on the proposed revised definition of SAR and adopts the definition as proposed. --------------------------------------------------------------------------- \16\ 12 CFR 563.180(d)(2). \17\ See, e.g., 31 CFR 103.19 (FinCEN regulations requiring brokers or dealers in securities to file reports of suspicious transactions on a SAR-S-F). --------------------------------------------------------------------------- Section 563.180(d)(3) SARs Required To clarify that a savings association or service corporation must file a SAR on a form ``prescribed by the OTS,'' the OTS proposed to add that phrase to the introductory language of the section of the OTS's SAR rule that describes the procedures for the filing of a SAR. Accordingly, the proposed rule would have required a savings association or service corporation to file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury on the form prescribed by the OTS in accordance with the form's instructions, by sending a completed SAR to FinCEN in particular circumstances.\18\ The OTS received no comments on the proposal to add the phrase ``prescribed by the OTS'' to the introductory language of that section of the OTS's SAR rule and adopts the change as proposed. --------------------------------------------------------------------------- \18\ OTS's current provision, at 12 CFR 563.180(d)(2), requires a savings association or service corporation to ``file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury in accordance with the form's instructions * * *,'' but does not specify which form. --------------------------------------------------------------------------- Section 563.180(d)(12) Confidentiality of SARs The OTS proposed to amend its rules regarding SAR confidentiality \19\ by modifying the introductory sentence regarding SAR confidentiality, and dividing the remainder of the current provision into two sections. The first section would describe the prohibition on disclosure of SAR information by savings association or service corporation and the rules of construction applicable to this prohibition. The second section would describe the prohibition on the OTS's disclosure of SAR information. --------------------------------------------------------------------------- \19\ 12 CFR 563.180(d)(12). --------------------------------------------------------------------------- [[Page 75588]] Prior to this final rulemaking action, the OTS's rules prohibiting the disclosure of SARs began with the statement that SARs are confidential. Over the years, the OTS has received numerous questions regarding the scope of the prohibition on the disclosure of a SAR in its current rules. Accordingly, the OTS proposed to clarify the scope of SAR confidentiality by more clearly describing the information that is subject to the prohibition. Like FinCEN and the OCC, the OTS believes that all of the reasons for maintaining the confidentiality of SARs are equally applicable to any information that would reveal the existence of a SAR. The OTS, like FinCEN and the OCC, recognizes that in order to protect the confidentiality of a SAR, any information that would reveal the existence of a SAR must be afforded the same protection from disclosure. The confidentiality of SARs must be maintained for a number of compelling reasons. For example, the disclosure of a SAR could result in notification to persons involved in the transaction that is being reported, and compromise any investigations being conducted in connection with the SAR. In addition, the OTS believes that even the occasional disclosure of a SAR could chill the willingness of a savings association or service corporation to file SARs, and to provide the degree of detail and completeness in describing suspicious activity in SARs that will be of use to law enforcement. If savings associations or service corporations believe that a SAR can be used for purposes unrelated to the law enforcement and regulatory purposes of the BSA, the disclosure of such information could adversely affect the timely, appropriate, and candid reporting of suspicious transactions. Savings associations and service corporations also may be reluctant to report suspicious transactions, or may delay making such reports, for fear that the disclosure of a SAR will interfere with its relationship with its customer. Further, a SAR may provide insight into how a savings association or service corporation uncovers potential criminal conduct that can be used by others to circumvent detection. The disclosure of a SAR also could compromise personally identifiable information or commercially sensitive information or damage the reputation of individuals or companies that may be named. Finally, the disclosure of a SAR for uses unrelated to the law enforcement and regulatory purposes for which SARs are intended increases the risk that employees of the savings association or service corporation or others who are involved in the preparation or filing of a SAR could become targets for retaliation by persons whose criminal conduct has been reported. These reasons for maintaining the confidentiality of SARs also apply to any information that would reveal the existence of a SAR. Therefore, like FinCEN and the OCC, the OTS proposed to modify the general introduction in its rules to state that confidential treatment also must be afforded to ``any information that would reveal the existence of a SAR.'' The introduction also would indicate that SAR information may not be disclosed, except as authorized in the narrow circumstances that follow. Some commenters asked that the OTS clarify the phrase ``information that would reveal the existence of a SAR'' for the purpose of defining the scope of SAR confidentiality. One commenter specifically asked whether that term only includes information that affirmatively states that a SAR was filed. Another commenter urged that the OTS formally recognize that material contained in a reporting institution's files supporting its decision to file or not file a SAR is confidential. Any document or other information that affirmatively states that a SAR has been filed constitutes information that would reveal the existence of a SAR and must be kept confidential. By extension, a savings association or service corporation also must afford confidentiality to any document stating that a SAR has not been filed. Were the OTS to allow disclosure of information when a SAR is not filed, institutions would implicitly reveal the existence of a SAR any time they were unable to produce records because a SAR was filed.\20\ --------------------------------------------------------------------------- \20\ For example, a private litigant may serve a discovery request on a savings association or service corporation in civil litigation that calls for the savings association or service corporation to produce the underlying documentation on companies A, B, and C, where the financial institution has filed a SAR on company A, but not companies B or C, and the underlying documentation reflects the SAR filing decisions. If the savings association or service corporation then produces the underlying documentation for companies B and C, but neither confirms nor denies the existence of a SAR when declining to provide similar documentation for company A, by negative implication it may have revealed the existence of the SAR filed on company A. --------------------------------------------------------------------------- Documents that may identify suspicious activity, but that do not reveal whether a SAR exists (e.g., a document memorializing a customer transaction such as an account statement indicating a cash deposit or a record of a funds transfer), should be considered as falling within the underlying facts, transactions, and documents upon which a SAR is based, and need not be afforded confidentiality.\21\ This distinction is set forth in the final rule's second rule of construction discussed in this Section-by-Section Analysis and reflects relevant case law.\22\ --------------------------------------------------------------------------- \21\ As one commenter noted, information produced in the ordinary course of business may contain sufficient information that a reasonable and prudent person familiar with SAR filing requirements could use to conclude that an institution likely filed a SAR (e.g., a copy of a fraudulent check or a cash transaction log showing a clear pattern of structured deposits). Such information alone does not constitute information that would reveal the existence of a SAR. \22\ See, e.g., Whitney Nat. Bank v. Karam, 306 F. Supp. 2d 678, 682 (S.D. Tex. 2004) (noting that courts have ``allowed the production of supporting documentation that was generated or received in the ordinary course of the banks' business, on which the report of suspicious activity was based''); Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002) (holding that the ``factual documents which give rise to suspicious conduct * * * are to be produced in the ordinary course of discovery because they are business records made in the ordinary course of business''). --------------------------------------------------------------------------- However, the strong public policy that underlies the SAR system as a whole--namely, the creation of an environment that encourages a savings association or service corporation to report suspicious activity without fear of reprisal--leans heavily in favor of applying SAR confidentiality not only to a SAR itself, but also in appropriate circumstances to material prepared by the savings association or service corporation as part of its process to detect and report suspicious activity, regardless of whether a SAR ultimately was filed or not. This interpretation also reflects relevant case law.\23\ --------------------------------------------------------------------------- \23\ See, e.g., Whitney at 682-83 (holding that the SAR confidentiality provision protects, inter alia, ``communications preceding the filing of a SAR and preparatory or preliminary to it; communications that follow the filing of a SAR and are explanations or follow-up discussion; or oral communications or suspected or possible violations that did not culminate in the filing of a SAR''); Cotton at 815 (holding that ``documents representing the drafts of SARs or other work product or privileged communications that relate to the SAR itself * * * are not to be produced [in discovery] because they would disclose whether a SAR has been prepared or filed''); Union Bank of California, N.A. v. Superior Court, 130 Cal. App. 4th 378, 391 (2005) (holding that ``a draft SAR or internal memorandum prepared as part of a financial institution's process for complying with federal reporting requirements is generated for the specific purpose of fulfilling the institution's reporting obligation * * * [and] fall within the scope of SAR [confidentiality] because they may reveal the contents of a SAR and disclose whether a SAR has been prepared or filed''). --------------------------------------------------------------------------- As explained in more detail in the proposed rule,\24\ the primary purpose for clarifying the scope of the confidentiality provision is to ensure that, due to potentially serious consequences, the persons involved in [[Page 75589]] the transaction and identified in the SAR cannot be notified, directly or indirectly, of the report. Accordingly, like FinCEN and the OCC, the OTS proposed replacing the previous rule text prohibiting disclosure of the SAR to the person involved in the transaction with a broad general confidentiality provision for all SAR information applicable to all persons not authorized in the rules of construction to receive such information. With respect to ``information that would reveal the existence of a SAR,'' therefore, institutions should distinguish between certain types of statistical or abstract information or general discussions of suspicious activity that may indicate that an institution has filed SARs,\25\ and information that would reveal the existence of a SAR in a manner that could enable the person involved in the transaction potentially to be notified, whether directly or indirectly. --------------------------------------------------------------------------- \24\ 74 FR 10142--43 (March 9, 2009). \25\ One example of such information could include summary information commonly provided by savings association or service corporations in the ``notification to the board'' required by the various Federal bank regulatory agency SAR rules. Savings Associations subject to the requirement are encouraged to be cautious in the production of relevant portions of board minutes or other records to avoid the risk of potentially exposing SAR information to the subject, either directly or indirectly, in the event such records are subpoenaed. --------------------------------------------------------------------------- Like FinCEN and the OCC, and for the reasons discussed in this section, the OTS is adopting the proposed introductory language to the Confidentiality of SARs provision (Sec. 563.180(d)(12)(ii) as final without change. Section 563.180(d)(12) Prohibition on Disclosure by Savings Associations The OTS's current rules provide that any savings association or service corporation or person subpoenaed or otherwise requested to disclose a SAR or the information contained in a SAR must: (1) Decline to produce the SAR or to provide any information that would disclose that a SAR has been prepared or filed and (2) notify the OTS. The proposed rule more specifically addressed the prohibition on the disclosure of a SAR by a savings association or service corporation. The proposed rule provided that the prohibition includes ``any information that would reveal the existence of a SAR'' instead of using the phrase ``any information that would disclose that a SAR has been prepared or filed.'' The OTS, like FinCEN and the OCC, believes that the proposed phrase more clearly describes the type of information that is covered by the prohibition on the disclosure of a SAR. In addition, the proposed rule incorporated the specific reference in 31 U.S.C. 5318(g)(2)(A)(i) to a ``director, officer, employees or agent,'' in order to clarify that the prohibition on disclosure extends to those individuals in a savings association or service corporation who may have access to SAR information. Although 31 U.S.C. 5318(g)(2)(A)(i) provides that a person involved in the transaction may not be notified that the transaction has been reported, the proposed rule reflected case law that has consistently concluded, in accordance with applicable regulations, that financial institutions are broadly prohibited from disclosing SAR information to any person. Accordingly, these cases have held that, in the context of discovery in connection with civil lawsuits, financial institutions are prohibited from disclosing SAR information because section 5318(g) and its implementing regulations have created an unqualified discovery and evidentiary privilege for such information that cannot be waived by financial institutions.\26\ Consistent with case law and the current regulation, the texts of the proposed rule did not limit the prohibition on disclosure only to the person involved in the transaction. Permitting disclosure to any outside party may make it likely that SAR information would be disclosed to a person involved in the transaction, which the BSA absolutely prohibits. --------------------------------------------------------------------------- \26\ See, e.g., Whitney Nat'l Bank v. Karam, 306 F. Supp. 2d 678, 682 (S.D. Tex. 2004); Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002). --------------------------------------------------------------------------- The proposed rule continued to provide that any savings association or service corporation, or any director, officer, employee or agent of a savings association or service corporation, subpoenaed or otherwise requested to disclose SAR information must decline to provide the information, citing that section of the rule and 31 U.S.C. 5318(g)(2)(A)(i), and must give notice of the request to the OTS. In addition, the proposed rule required the savings association or service corporation to notify the OTS of its response to the request and required the savings association or service corporation to provide the same information to FinCEN. Commenters suggested that OTS adjust its SAR rule to remove the ``duplicative'' requirement for a savings association to notify both OTS and FinCEN when SAR information is inappropriately requested. OTS, like FinCEN and the OCC, disagrees with the commenter's characterization of the notification requirement as ``duplicative'' because OTS and FinCEN each have issued, and separately administers, its own separate SAR rule. The joint notification requirement in the OTS's final rule, therefore, simply acknowledges the notification requirement of different SAR regulations issued by separate agencies. Therefore, the OTS adopts proposed Sec. 560.183(d)(12) as final without change. Section 563.180(d)(12) Rules of Construction The OTS, like FinCEN and the OCC, proposed rules of construction to address issues that have arisen over the years about the scope of the SAR disclosure prohibition and to implement statutory modifications to the BSA made by the USA PATRIOT Act. The proposed rules of construction primarily describe situations that are not covered by the prohibition on disclosure of SAR information by a savings association or service corporation. The introduction to the proposed rules of construction makes clear that they are qualified by the statutory mandate that no person involved in any reported suspicious transaction can be notified that the transaction has been reported. The OTS received no comments on the proposed introductory language to the rules of construction and is adopting the language in the final rule as proposed. The first proposed rule of construction clarified the permissibility of disclosures to governmental authorities or other examining authorities that are otherwise entitled by law to receive SARs and to examine for or investigate suspicious activity. Specifically, the proposal was intended to clarify existing language that a savings association or service corporation, or any director, officer, employee, or agent \27\ of a savings association may disclose SAR information to FinCEN or any Federal, State, or local law enforcement agency; or any Federal or State regulatory agency that examines the financial institution for compliance with the BSA. Although the permissibility of such disclosures may be readily apparent, the proposal contained this statement to clarify that a savings [[Page 75590]] association or service corporation cannot use the prohibition on disclosure of SAR information to withhold this information from governmental authorities that are otherwise entitled by law to receive SARs and to examine for and investigate suspicious activity. --------------------------------------------------------------------------- \27\ Some commenters requested guidance related to the appropriate use of SARs by agents of savings associations and service corporations. In the Supplementary Information section of FinCEN's final rule issued today, FinCEN states that it is considering additional guidance on the appropriate use of SARs by agents of financial institutions. Until such guidance is issued, however, the OTS and FinCEN remind financial institutions of their requirement to protect, through reasonable controls or agreements with their agents, the confidentiality of SAR information, as prescribed by the OTS and FinCEN final rules. --------------------------------------------------------------------------- Like FinCEN, OTS is adjusting the language slightly in the final rule to make a technical correction in the SAR rule text. The proposal stated that the rule should not be construed as prohibiting disclosure of a SAR ``to FinCEN or any Federal, State or local law enforcement agency; or any Federal or State regulatory authority that examines the savings association for compliance with the Bank Secrecy Act.'' The proposed rules sought to expand these terms by describing explicitly the types of entities that fit into those categories. Accordingly, the proposed rule used the phrase ``* * * State regulatory authority that examines the savings association for compliance with the BSA.'' Like FinCEN, OTS believes that commenters clearly understood and consented to the intent of this language, but will use the more technically accurate phrase ``* * * State regulatory authority administering a State law that requires [the institution] to comply with the BSA or otherwise authorizes the State authority to ensure that the institution complies with the BSA'' in the final rule. This change recognizes that State regulatory authorities are generally authorized by State law to examine for compliance with the BSA in one of two ways: (1) The law authorizes the State authority to examine the institution for compliance with all Federal laws and regulations generally or with the BSA explicitly, or (2) the law requires a financial institution to comply with all Federal laws and regulations generally or with the BSA explicitly, and authorizes the State authority to examine for compliance with the State law. An institution may provide SAR information to a State regulatory authority meeting either criterion. The second proposed rule of construction provided that SAR information does not include the underlying facts, transactions, and documents upon which a SAR is based. This statement reflects case law, which has recognized that, while a financial institution is prohibited from producing documents in discovery that evidence the existence of a SAR, factual documents created in the ordinary course of business (for example, business records and account information, upon which a SAR is based), may be discoverable in civil litigation under the Federal Rules of Civil Procedure.\28\ --------------------------------------------------------------------------- \28\ See Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002). --------------------------------------------------------------------------- The second proposed rule of construction included some examples of situations where a savings association or service corporation may disclose the underlying facts, transactions, and documents upon which a SAR is based. The first example clarifies that a savings association or service corporation, or any director, officer, employee or agent of such a financial institution, may disclose this information \29\ to another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR.\30\ The second example simply codifies a rule of construction added to the BSA by section 351 of the USA PATRIOT Act, which provides that such underlying information may be disclosed in certain written employment references and termination notices.\31\ --------------------------------------------------------------------------- \29\ Although the underlying facts, transactions, and documents upon which a SAR is based may include previously filed SARs or other information that would reveal the existence of a SAR, these materials cannot be disclosed as underlying documents. \30\ On December 21, 2006, FinCEN and the Federal bank regulatory agencies announced that the format for the SAR form for depository institutions had been revised to support a new joint filing initiative to reduce the number of duplicate SARs filed for a single suspicious transaction. ``Suspicious Activity Report (SAR) Revised to Support Joint Filings and Reduce Duplicate SARs,'' Joint Release issued by FinCEN, the FRB, the OCC, the OTS, the FDIC, and NCUA (Dec. 21, 2006). On February 17, 2006, FinCEN and the Federal bank regulatory agencies published a joint Federal Register notice seeking comment on proposed revisions to the SAR form. See 71 FR 8640. On May 1, 2007, FinCEN announced a delay in implementation of the revised SAR form until further notice. See 72 FR 23891. Until such time as a new SAR form is available that facilitates joint filing, institutions authorized to jointly file should follow FinCEN's guidance to use the words ``joint filing'' in the narrative of the SAR and ensure that both institutions maintain a copy of the SAR and any supporting documentation (See, e.g., https://www.fincen.gov/statutes_regs/guidance/html/guidance_faqs_sar_10042006.html). \31\ 31 U.S.C. 5318(g)(2)(B). --------------------------------------------------------------------------- One commenter suggested that the OTS clarify that the illustrative examples are not exhaustive, and that there may be other situations not prescribed in the rule where an institution may disclose the underlying facts, transactions, and documents upon which a SAR is based. The OTS did not intend for these examples to be exhaustive and does not believe the text, as proposed, implies that the examples are exhaustive. For purposes of clarity, however, like FinCEN and the OCC, the OTS is revising the final rule's language at Sec. 563.180(d)(12) to read ``* * * [t]he underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures'' expressly listed as illustrative examples in the rule. Accordingly, with respect to the SAR confidentiality provision only,\32\ savings associations and service corporations may disclose underlying facts, transactions, and documents for any purpose, provided that no person involved in the transaction is notified that the transaction has been reported and none of the underlying information reveals the existence of a SAR. \32\ However, other applicable laws or regulations governing a savings association's responsibilities to maintain and protect information continue to apply, for example, information covered by part 510 of the OTS's rules regarding the release of non-public OTS information. --------------------------------------------------------------------------- Another commenter suggested that the rules of construction include a provision expressly authorizing the disclosure of facts, transactions, or documents to affiliates wherever located and clarify that such authority may be exercised independently of the authority to share SAR information with affiliates. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported and the underlying facts, transactions, and documents do not disclose SAR information, the OTS agrees that such disclosure by a savings association or service corporation to its affiliates, wherever located, is not prohibited by the final rule. Furthermore, the OTS agrees that the authorization for a savings association or service corporation to disclose underlying information to affiliates is independent of the authority to share SAR information with affiliates. The OTS believes that the final rule and the BSA already address that commenter's concerns and that further revision to the rule is unnecessary. The third proposed rule of construction clarified that the prohibition on the disclosure of SAR information by a savings association or service corporation does not include the sharing by a savings association or service corporation, or any director, officer, employee or agent of a savings association, of SAR information within the savings association's corporate organizational structure, for purposes consistent with Title II of the BSA, as determined by regulation or in guidance. The proposed third rule of construction recognizes that a savings association or service corporation may find it necessary to share SAR information to fulfill its reporting obligations under the BSA, and to facilitate more effective enterprise- wide BSA monitoring and reporting, consistent with Title II of the BSA. The term ``share'' used in the third rule of construction is an acknowledgement that sharing within a corporate [[Page 75591]] organization for purposes consistent with Title II of the BSA, as determined by regulation or guidance issued by the OTS or FinCEN, is distinguishable from a prohibited disclosure. FinCEN and the Federal bank regulatory agencies have already issued joint guidance making clear that the U.S. branch or agency of a foreign bank may share a SAR with its head office, and that a U.S. bank or savings association may share a SAR with its controlling company (whether domestic or foreign). This guidance stated that the sharing of a SAR with a head office or controlling company both facilitates compliance with the applicable requirements of the BSA and enables the head office or controlling company to discharge its oversight responsibilities with respect to enterprise-wide risk management and compliance with applicable laws and regulations.\33\ --------------------------------------------------------------------------- \33\ ``Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies'' (January 20, 2006). --------------------------------------------------------------------------- Elsewhere in this issue of the Federal Register, FinCEN is issuing additional final guidance that further elaborates on sharing of SAR information within a corporate organization that FinCEN considers to be ``consistent with the purposes of the BSA.'' The final guidance generally permits the sharing of SAR information by depository institutions with their affiliates \34\ that are subject to a SAR rule. --------------------------------------------------------------------------- \34\ Under FinCEN's final guidance, an ``affiliate'' of a depository institution means any company under common control with, or controlled by, that depository institution. --------------------------------------------------------------------------- In addition, OTS received comments that addressed FinCEN's proposed guidance, much of which is addressed in FinCEN's separate notice of availability of guidance published elsewhere in today's Federal Register. In general, the commenters requested an expansion of the sharing authorities with respect to both the parties permitted to share and the parties with whom SAR information could be shared. Most commenters provided a clear rationale for how expanded SAR sharing would benefit their institutions by increasing efficiency, cutting costs, and enhancing the detection and reporting of suspicious activity. However, like FinCEN and the OCC, OTS notes that most commenters, however, failed to sufficiently address how they would effectively mitigate the risk of unauthorized disclosure of SAR information if the sharing authority was expanded to the extent they requested. The OTS and FinCEN believe the risk of unauthorized disclosure of SAR information outweighs the benefits of any expansion of the sharing authority at this time. Therefore, the third rule of construction is adopted as proposed without change. Section 563.180(d)(12) Prohibition on Disclosure by the OTS As previously noted, section 351 of the USA PATRIOT Act, 31 U.S.C. 5318(g)(2)(A)(ii), amended the BSA, and added a new provision prohibiting officers and employees of the government from disclosing a SAR to any person involved in the transaction that the transaction has been reported, except ``as necessary to fulfill the official duties of such officer or employee.'' Section Sec. 563.180(d)(12) of OTS's proposed rule addressed this new provision of the BSA and is comparable to FinCEN's proposal. The proposed section provided that the OTS will not, and no officer, employee or agent of the OTS, shall disclose SAR information, ``except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act.'' As stated in section 5318(g)(2)(A)(i), which prohibits a financial institution's disclosure of a SAR, section 5318(g)(2)(A)(ii) also prohibits the government from disclosing a SAR to ``any person involved in the transaction.'' OTS, like FinCEN and OCC, proposed to address sections 5318(g)(2)(A)(i) and (A)(ii) in a consistent manner, because disclosure by a governmental authority of SAR information to any outside party may make it more likely that the information will be disclosed to a person involved in the transaction. Accordingly, the proposed rule would generally bar disclosures of SAR information by OTS officers, employees, or agents. However, section 5318(g)(2)(A)(ii) also narrowly permits governmental disclosures as necessary to ``fulfill official duties,'' a phrase that is not defined in the BSA. Consistent with the rules being proposed by FinCEN and the OCC, OTS proposed to construe this phrase in the context of the BSA, in light of the purpose for which SARs are filed. Accordingly, the proposed rule interpreted ``official duties'' to mean ``official duties consistent with the purposes of Title II of the BSA,'' namely, for ``criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.'' \35\ When disclosure is necessary to fulfill official duties, OTS will make a determination, through its internal processes, that a SAR may be disclosed to fulfill official duties consistent with the BSA. This standard would permit, for example, disclosures responsive to a grand jury subpoena; a request from an appropriate Federal or State law enforcement agency; a request from an appropriate Congressional committee or subcommittee; and prosecutorial disclosures mandated by statute or the Constitution, in connection with the statement of a government witness to be called at trial, the impeachment of a government witness, or as material exculpatory of a criminal defendant.\36\ This proposed interpretation of section 5318(g)(2)(A)(ii) would ensure that SAR information will not be disclosed for a reason that is unrelated to the purposes of the BSA. For example, this standard would not permit disclosure of SAR information to the media. --------------------------------------------------------------------------- \35\ 31 U.S.C. 5311 (setting forth the purposes of the BSA). \36\ See, e.g., Giglio v. United States, 405 U.S. 150, 153-54 (1972); Brady v. State of Maryland, 373 U.S. 83, 86-87 (1963); Jencks v. United States, 353 U.S. 657, 668 (1957). --------------------------------------------------------------------------- The proposed rule also specifically provided that ``official duties'' shall not include the disclosure of SAR information in response to a request for use in a private legal proceeding or in response to a request for disclosure of non-public information under 12 CFR 510. This statement, which corresponded to a similar provision in FinCEN's proposed rules, establishes that OTS will not disclose SAR information to a private litigant for use in a private legal proceeding, or pursuant to 12 CFR 510.5, because such a request cannot be consistent with any of the purposes enumerated in Title II of the BSA. The BSA exists, in part, to protect the public's interest in an effective reporting system that benefits the nation by helping to ensure that the U.S. financial system will not be used for criminal activity or to support terrorism. OTS like the OCC and FinCEN, believes that this purpose would be undermined by the disclosure of SAR information to a private litigant for use in a civil lawsuit for the reasons described earlier, including that such disclosures will chill full and candid reporting by savings associations and service corporations. Finally, the proposed rule applied to OTS, in addition to its officers, employees, and agents. Comparable to a provision being proposed by FinCEN and the OCC, OTS proposed to include the agency itself in the scope of coverage, because requests for SAR information are typically directed to the agency, rather than to individuals within the OTS with authority to [[Page 75592]] respond to the request. In addition, agents were included in the proposal because agents of OTS may have access to SAR information. Accordingly, the proposed interpretation would more comprehensively cover disclosures by OTS or agents of OTS, and protect the confidentiality of SAR information. OTS did not receive comments on this issue and is adopting this provision as final without change. Section 563.180(d)(13) Safe Harbor/Limitation on Liability In 1992, the Annunzio-Wylie Act amended the BSA by providing a safe harbor for financial institutions and their employees from civil liability for the reporting of known or suspected criminal offenses or suspicious activity through the filing of a SAR.\37\ OTS, FinCEN and the OCC incorporated the safe harbor provisions of the 1992 law into their SAR rules.\38\ Section 351 of the USA PATRIOT Act amended section 5318(g)(3) to clarify that the scope of the safe harbor provision includes the voluntary disclosure of possible violations of law and regulations to a government agency and to expand the scope of the limit on civil liability to include any liability that may exist ``under any contract or other legally enforceable agreement (including any arbitration agreement).'' \39\ OTS, like FinCEN and the OCC, incorporated the statutory expansion of the safe harbor by cross- referencing section 5318(g)(3) in the proposed rule. --------------------------------------------------------------------------- \37\ See supra note 1. \38\ See 31 CFR 103.18(e), 12 CFR 563.180(d)(13) and 12 CFR 21.11(l). The safe harbor regulations are also applicable to oral reports of violations. (In situations requiring immediate attention, a savings association must immediately notify its regulator and appropriate law enforcement by telephone, in addition to filing a SAR. See, e.g., 12 CFR 21.11(d).) \39\ 31 U.S.C. 5318(g)(3). --------------------------------------------------------------------------- In addition, consistent with the proposed rule issued by FinCEN, this provision makes clear that the safe harbor also applies to a disclosure by a savings association or service corporation made jointly with another financial institution for purposes of filing a joint SAR. OTS received no comments on the proposed safe harbor provision. However, one comment received by FinCEN noted that the statutory safe harbor provision protects any person from liability, not just the person involved in the transaction. Accordingly, like FinCEN and the OCC, OTS is amending the proposed safe harbor language by inserting the phrase ``shall be protected from liability to any person, for any such disclosure * * *.'' and is otherwise adopting proposed Sec. 563.180(d)(l3) safe harbor provision as final. Conforming Amendments to 12 CFR Part 510 Today, OTS also is publishing a final rule to amend its information disclosure rule set forth in 12 CFR part 510. Among other things, the final rule clarifies that the OTS's disclosure of SAR information will be governed exclusively by the standards set forth in the amendments to OTS's SAR rule set forth in 12 CFR 563.180.\40\ The effect of these final part 510 amendments is that OTS: (1) Will not release SAR information to private litigants and (2) will only release SAR information to other government agencies, in response to a request pursuant to 12 CFR 563.180 or in the exercise of its discretion, when necessary to fulfill official duties consistent with the purposes of Title II of the BSA. --------------------------------------------------------------------------- \40\ See elsewhere in this issue of the Federal Register. --------------------------------------------------------------------------- V. OTS Regulatory Analysis Regulatory Flexibility Act The Regulatory Flexibility Act (RFA) generally requires an agency that is issuing a final rule to prepare and make available a final regulatory flexibility analysis that describes the impact of the final rule on small entities, 5 U.S.C. 604. However, the RFA provides that an agency is not required to prepare and make available a final regulatory flexibility analysis if the agency certifies that the final rule will not have a significant economic impact on a substantial number of small entities and publishes its certification and a short, explanatory statement in the Federal Register along with its final rule. 5 U.S.C. 605(b). For purposes of the RFA and OTS-regulated entities, a ``small entity'' is a savings association or service corporation with assets of $175 million or less. OTS has determined that the costs, if any, associated with the final rule are de minimis. The final rule simply clarifies the scope of the statutory prohibition against the disclosure by financial institutions and by the government of SAR information and clarifies the scope of the safe harbor from liability for institutions that report suspicious activities. Therefore, pursuant to section 605(b) of the RFA, OTS hereby certifies that this final rule will not have a significant economic impact on a substantial number of small entities. Accordingly, a regulatory flexibility analysis is not needed. Executive Order 12866 OTS has determined that this final rule is not a significant regulatory action under Executive Order 12866. We have concluded that the changes made by this final rule will not have an annual effect on the economy of $100 million or more. OTS further concludes that this final rule does not meet any of the other standards for a significant regulatory action set forth in Executive Order 12866. Paperwork Reduction Act We have reviewed the final rule in accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR 1320, Appendix A.1) (PRA) and have determined that it does not contain any ``collections of information'' as defined by the PRA. Unfunded Mandates Reform Act of 1995 Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104-4 (2 U.S.C. 1532) (Unfunded Mandates Act), requires that an agency prepare a budgetary impact statement before promulgating any rule likely to result in a Federal mandate that may result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector of $100 million or more in any one year. If a budgetary impact statement is required, section 205 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule. OTS has determined that this final rule will not result in expenditures by State, local, and tribal governments, or by the private sector, of $100 million or more in any one year. Accordingly, this proposal is not subject to section 202 of the Unfunded Mandates Act. List of Subjects in 12 CFR Part 563 Crime, Currency, Savings associations, reporting and recordkeeping requirements, Security measures. Authority and Issuance 0 For the reasons set forth in the preamble, part 563 of title 12 of the Code of Federal Regulations is amended as follows: PART 563--SAVINGS ASSOCIATIONS--OPERATIONS 0 1. The authority citation for part 563 continues to read as follows: Authority: 12 U.S.C. 375b, 1462a, 1463, 1464, 1467a, 1468, 1817, 1828, 3806; 31 U.S.C 5318. [[Page 75593]] 0 2. Section 563.180 is amended by revising paragraphs (d)(2)(iii) and (d)(3) introductory text, adding a new sentence to the end of paragraph (d)(8), and revising paragraph (d)(12) to read as follows: Sec. 563.180 Suspicious Activity Reports and other reports and statements. * * * * * (d) * * * (2) * * * (iii) SAR means a Suspicious Activity Report. (3) SARs required. A savings association or service corporation shall file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury on the form prescribed by the OTS and in accordance with the form's instructions, by sending a completed SAR to FinCEN in the following circumstances: * * * * * (8) Retention of records. * * * A savings association or service corporation shall make all supporting documentation available to OTS, FinCEN, or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the savings association or service corporation for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the savings association or service corporation to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act, upon request. * * * * * (12) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential, and shall not be disclosed except as authorized in this paragraph (d)(12). (i) Prohibition on disclosure by savings associations or service corporations. (A) General rule. No savings association or service corporation, and no director, officer, employee, or agent of a savings association or service corporation, shall disclose a SAR or any information that would reveal the existence of a SAR. Any savings association or service corporation, and any director, officer, employee, or agent of any savings association or service corporation that is subpoenaed or otherwise requested to disclose a SAR, or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify the following of any such request and the response thereto: (A) Deputy Chief Counsel, Litigation Division, Office of Thrift Supervision; and (B) The Financial Crimes Enforcement Network (FinCEN). (ii) Rules of construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, paragraph (d)(1) of this section shall not be construed as prohibiting: (A) The disclosure by a savings association or service corporation, or any director, officer, employee or agent of a savings association or service corporation of: (1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or OTS, or any Federal, State, or local law enforcement agency; or any Federal regulatory authority that examines the savings association or service corporation for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires compliance with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act; or (2) The underlying facts, transactions, and documents upon which a SAR is based, including, but not limited to, disclosures: (i) To another financial institution, or any director, officer, employee or agent of a financial institution, for the preparation of a joint SAR; or (ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or (B) The sharing by a savings association or service corporation, or any director, officer, employee, or agent of a savings association or service corporation, of a SAR, or any information that would reveal the existence of a SAR, within the corporate organizational structure of the savings association or service corporation, for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance. (iii) Prohibition on disclosure by OTS. The OTS will not, and no officer, employee or agent of OTS, shall disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, ``official duties'' shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for use in a private legal proceeding or in response to a request for disclosure of non-public information under 12 CFR 510.5. (iv) Limitation on liability. A savings association or service corporation and any director, officer, employee or agent of a savings association or service corporation that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3). * * * * * Dated: June 1, 2010. By the Office of Thrift Supervision. John E. Bowman, Acting Director. [FR Doc. 2010-29877 Filed 12-2-10; 8:45 am] BILLING CODE 6720-01-P
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.