Confidentiality of Suspicious Activity Reports, 75586-75593 [2010-29877]

Download as PDF 75586 Federal Register / Vol. 75, No. 232 / Friday, December 3, 2010 / Rules and Regulations Authority: 12 U.S.C. 1462a, 1463, 1464; Pub.L. 101–410, 104 Stat 890; Pub.L. 104– 134, 110 Stat 1321–358. by the government of a SAR, as that prohibition applies to the OTS’s standards governing the disclosure of ■ 2. Amend § 510.5 by: SARs; clarify that the exclusive standard ■ a. Removing, at the end of paragraph applicable to the disclosure of a SAR, or (a)(3)(ii), the word ‘‘and’’; any information that would reveal the ■ b. Removing, at the end of paragraph existence of a SAR, by the OTS is to (a)(3)(iii), the period and adding ‘‘; and’’ fulfill official duties consistent with the in its place; purposes of the BSA; and modify the ■ c. Adding paragraph (a)(3)(iv) to read safe harbor provision in the OTS’s SAR as set forth below; rules to include changes made by the ■ d. Removing, at the end of paragraph Uniting and Strengthening America by (d)(4)(i)(C), the word ‘‘or’’; Providing Appropriate Tools Required ■ e. Removing, at the end of paragraph to Intercept and Obstruct Terrorism (d)(4)(i)(D) the period and adding ‘‘; and’’ (USA PATRIOT) Act. These in its place; and amendments are consistent with a final ■ f. Adding paragraph (d)(4)(i)(E) as set rule being contemporaneously issued by forth below. the Financial Crimes Enforcement Network (FinCEN) and the Office of § 510.5 Release of unpublished OTS Comptroller of the Currency (OCC). information. DATES: This rule is effective on January (a) * * * 3, 2011. (3) * * * (iv) Requests for a Suspicious Activity FOR FURTHER INFORMATION CONTACT: Marvin Shaw, Senior Attorney, Report (SAR), or any information that Regulations and Legislation (202–906– would reveal the existence of a SAR. 6639); Noelle Kurtin, Senior Attorney, * * * * * Enforcement (202–906–6739); or Stacy (d) * * * Messett, Senior Project Manager, BSA (4) * * * and Compliance Examinations (202– (i) * * * 906–6241); Office of Thrift Supervision, (E) Information that should not be 1700 G Street, NW., Washington, DC disclosed, because such disclosure is 20552. prohibited by law. SUPPLEMENTARY INFORMATION: * * * * * I. Background Dated: June 1, 2010. By the Office of Thrift Supervision. The BSA requires financial institutions, including savings John E. Bowman, associations and service corporations Acting Director. regulated by the OTS, to keep certain [FR Doc. 2010–29871 Filed 12–2–10; 8:45 am] records and make certain reports that BILLING CODE 6720–01–P have been determined to be useful in criminal, tax, or regulatory investigations or proceedings, and for DEPARTMENT OF THE TREASURY intelligence or counter intelligence activities to protect against international Office of Thrift Supervision terrorism. In particular, the BSA and its implementing regulations require a 12 CFR Part 563 financial institution to file a SAR when [Docket ID OTS–2010–0015] it detects a known or suspected violation of Federal law or a suspicious RIN 1550–AC26 activity related to money laundering, Confidentiality of Suspicious Activity terrorist financing, or other criminal Reports activity.1 The Office of Thrift Supervision, Treasury (OTS). ACTION: Final rule. AGENCY: The OTS is issuing this final rule to amend its regulations implementing the Bank Secrecy Act (BSA) governing the confidentiality of a suspicious activity report (SAR) to: Clarify the scope of the statutory prohibition on the disclosure by a financial institution of a SAR, as it applies to savings associations and service corporations; address the statutory prohibition on the disclosure emcdonald on DSK2BSOYB1PROD with RULES2 SUMMARY: VerDate Mar<15>2010 18:12 Dec 02, 2010 Jkt 223001 1 The Annunzio-Wylie Anti-Money Laundering Act of 1992 (the Annunzio-Wylie Act) amended the BSA and authorized the Secretary of the Treasury to require financial institutions to report suspicious transactions relevant to a possible violation of law or regulation. See Pub. L. 102–550, Title XV, section 1517(b), 106 Stat. 4055, 4058–9 (1992); 31 U.S.C. 5318(g)(1). The OTS, Board of Governors of the Federal Reserve System (FRB), Federal Deposit Insurance Corporation (FDIC), Office of the Comptroller of the Currency (OCC), and National Credit Union Administration (NCUA), (collectively referred to as the Federal bank regulatory agencies) subsequently issued virtually identical implementing regulations on suspicious activity reporting. See 12 CFR 21.11 (OCC); 12 CFR 208.62 (FRB); 12 CFR 353.3 (FDIC); 12 CFR 563.180 (OTS); and 12 CFR 748.1 (NCUA). PO 00000 Frm 00014 Fmt 4701 Sfmt 4700 SARs are used for law enforcement or regulatory purposes to combat terrorism, terrorist financing, money laundering and other financial crimes. For this reason, the BSA provides that a financial institution, and its officers, directors, employees, and agents are prohibited from notifying any person involved in a suspicious transaction that the transaction was reported.2 To encourage the voluntary reporting of possible violations of law and regulation, and the filing of SARs, the BSA also contains a safe harbor provision, which shields financial institutions making such reports from civil liability. FinCEN 3 has issued rules implementing the SAR confidentiality provisions for various types of financial institutions that closely mirror the statutory language.4 In addition, the Federal bank regulatory agencies implemented these provisions through similar regulations that provide SARs are confidential and generally no information about or contained in a SAR may be disclosed.5 The regulations issued by FinCEN and the Federal bank regulatory agencies also describe the applicability of the safe harbor provision to both voluntary reports of possible and known violations of law and the required filing of SARs.6 The USA PATRIOT Act of 2001 strengthened the confidentiality of SARs by adding to the BSA a new provision that prohibits officers or employees of the Federal Government or any State, local, tribal, or territorial government within the United States with knowledge of a SAR, from disclosing to any person involved in a suspicious transaction that the transaction was reported, other than as necessary to fulfill the official duties of such officer or employee.7 The USA PATRIOT Act also clarified that the safe harbor shielding financial institutions from liability covers voluntary disclosures of possible violations of law and regulations to a government agency and expanded the scope of the limit on liability to cover any civil liability that 2 31 U.S.C. 5318(g)(2)(A)(i). is the agency designated by the Department of the Treasury to administer the BSA, and with which SARs must be filed. See 31 U.S.C. 5318; 12 CFR 21.11(c). 4 See, e.g., 31 CFR 103.18(e) (SAR confidentiality rule for banks); 31 CFR 103.19(e) (SAR confidentiality rule for brokers or dealers in securities). 5 See 12 CFR 21.11(k) (OCC); 12 CFR 208.62(j) (FRB); 12 CFR 353.3(g) (FDIC); 12 CFR 563.180(d)(12) (OTS); and 12 CFR 748.1 (NCUA). 6 31 U.S.C. 5318(q)(3). 7 See USA PATRIOT Act, section 351(b), Pub. L. 107–56, Title III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(2). 3 FinCEN E:\FR\FM\03DER2.SGM 03DER2 Federal Register / Vol. 75, No. 232 / Friday, December 3, 2010 / Rules and Regulations emcdonald on DSK2BSOYB1PROD with RULES2 may exist ‘‘under any contract or other legally enforceable agreement (including any arbitration agreement).’’ 8 FinCEN is issuing a final rule to modify its SAR rules to interpret or further interpret the provisions of the BSA that relate to the confidentiality of SARs and the safe harbor for such reporting. The OTS is amending its SAR rules contemporaneously, consistent with the final rules being issued by FinCEN and the OCC, to clarify the manner in which these provisions apply to savings associations and service corporations and to the OTS’s own standards governing the disclosure of a SAR and any information that would reveal the existence of a SAR (referred to in this preamble as ‘‘SAR information’’). In a separate rulemaking action from the part 563 proposal, the OTS also simultaneously proposed to amend its information disclosure regulation set forth in 12 CFR part 510 to clarify that the exclusive standard governing the release of SAR information is set forth in 12 CFR 563.180.9 The OTS issued that proposed amendment to 12 CFR part 510 at the same time as the part 563 proposal, to make clear that the OTS will disclose SAR information only when necessary to satisfy the BSA purposes for which SARs are filed. Today, the OTS also is adopting the part 510 proposal as final without change. II. Overview of the Proposed Rule and Related Actions On March 9, 2009, the OTS published proposed amendments to its rules 10 to include key changes that would: (1) Clarify the scope of the statutory prohibition on the disclosure by a financial institution of a SAR, as it applies to savings associations and service corporations; (2) address the statutory prohibition on the disclosure by the government of a SAR, which was added to the BSA by section 351(b) of the USA PATRIOT Act of 2001, as that prohibition applies to the OTS’s standards governing the disclosure of SAR information; and (3) clarify that the exclusive standard applicable to the disclosure of SAR information by the OTS is to fulfill official duties consistent with the purposes of the BSA, in order to ensure that SAR information is protected from inappropriate disclosures unrelated to the BSA purposes for which SARs are filed. In addition, the proposed 8 See USA PATRIOT Act, section 351(a), Pub. L. 107–56, Title III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(3). 9 See elsewhere in this issue of the Federal Register. 10 74 FR 10139 (March 9, 2009). VerDate Mar<15>2010 18:12 Dec 02, 2010 Jkt 223001 amendments would modify the safe harbor provision in the OTS’s SAR rules 11 to include changes made by the USA PATRIOT Act. Contemporaneously with the publication of, and as described in, the OTS’s proposal, FinCEN issued for notice and comment proposed guidance regarding the sharing of SARs with affiliates.12 That proposed guidance may be used to interpret a provision of the OTS’s proposed rulemaking. III. Comments on the Proposed Rule The comment period for the proposed rulemakings ended on June 8, 2009. OTS received a total of three comments.13 Of these, two were submitted by bank trade associations and one was submitted by an individual. The comments generally supported the OTS’s proposed rule while requesting broadening of FinCEN’s proposed sharing guidance.14 Comments specific to the OTS’s proposed rule provided suggestions related to the disclosure of the ‘‘underlying facts, transactions, and documents upon which a SAR is based;’’ the requirement to reveal a SAR request to both OTS and FinCEN; and the proposed modification to the safe harbor provision in the OTS’s SAR rules 15 to include changes made by the USA PATRIOT Act. These comments are addressed in the Section-by-Section Analysis section of this SUPPLEMENTARY INFORMATION. IV. Section-by-Section Analysis Section 563.180(d)(2)(iii) Definition of a SAR The primary purpose of the OTS’s SAR rule is to ensure that a savings association or service corporation files a SAR when it detects a known or suspected violation of a Federal law or a suspicious transaction related to money laundering activity or a violation of the BSA. See 12 CFR 563.180. Incidental to this purpose, the OTS’s SAR rule includes a section that addresses the confidentiality of SARs. Under the current SAR rule, the term ‘‘SAR’’ means ‘‘a Suspicious Activity Report on the form prescribed by the OTS.’’ 16 The proposed rule would have 11 12 CFR 563.180(d)(13). FR 10158 (Mar. 9, 2009). 13 None of the comments received by the OTS directly addressed the proposed revisions to the OTS’s information disclosure regulation set forth in 12 CFR part 510. 14 Comments about the sharing guidance are addressed separately in a related ‘‘notice of availability of guidance’’ published by FinCEN elsewhere in today’s Federal Register together with FinCEN’s final rules. 15 12 CFR 1563.180(d)(13). 16 12 CFR 563.180(d)(2). 75587 defined a ‘‘SAR’’ generically as ‘‘a Suspicious Activity Report.’’ This change would extend the confidentiality provisions of the OTS’s SAR rule to all SARs, including those filed on forms prescribed by FinCEN.17 As a consequence, a savings association or service corporation that obtained a SAR, for example, from a non-bank affiliate pursuant to the provisions of the proposed rule, would be required to safeguard the confidentiality of the SAR, even if the SAR had not been filed on a form prescribed by the OTS. The OTS received no comments on the proposed revised definition of SAR and adopts the definition as proposed. Section 563.180(d)(3) SARs Required To clarify that a savings association or service corporation must file a SAR on a form ‘‘prescribed by the OTS,’’ the OTS proposed to add that phrase to the introductory language of the section of the OTS’s SAR rule that describes the procedures for the filing of a SAR. Accordingly, the proposed rule would have required a savings association or service corporation to file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury on the form prescribed by the OTS in accordance with the form’s instructions, by sending a completed SAR to FinCEN in particular circumstances.18 The OTS received no comments on the proposal to add the phrase ‘‘prescribed by the OTS’’ to the introductory language of that section of the OTS’s SAR rule and adopts the change as proposed. Section 563.180(d)(12) of SARs Confidentiality The OTS proposed to amend its rules regarding SAR confidentiality 19 by modifying the introductory sentence regarding SAR confidentiality, and dividing the remainder of the current provision into two sections. The first section would describe the prohibition on disclosure of SAR information by savings association or service corporation and the rules of construction applicable to this prohibition. The second section would describe the prohibition on the OTS’s disclosure of SAR information. 12 74 PO 00000 Frm 00015 Fmt 4701 Sfmt 4700 17 See, e.g., 31 CFR 103.19 (FinCEN regulations requiring brokers or dealers in securities to file reports of suspicious transactions on a SAR–S–F). 18 OTS’s current provision, at 12 CFR 563.180(d)(2), requires a savings association or service corporation to ‘‘file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury in accordance with the form’s instructions * * *,’’ but does not specify which form. 19 12 CFR 563.180(d)(12). E:\FR\FM\03DER2.SGM 03DER2 emcdonald on DSK2BSOYB1PROD with RULES2 75588 Federal Register / Vol. 75, No. 232 / Friday, December 3, 2010 / Rules and Regulations Prior to this final rulemaking action, the OTS’s rules prohibiting the disclosure of SARs began with the statement that SARs are confidential. Over the years, the OTS has received numerous questions regarding the scope of the prohibition on the disclosure of a SAR in its current rules. Accordingly, the OTS proposed to clarify the scope of SAR confidentiality by more clearly describing the information that is subject to the prohibition. Like FinCEN and the OCC, the OTS believes that all of the reasons for maintaining the confidentiality of SARs are equally applicable to any information that would reveal the existence of a SAR. The OTS, like FinCEN and the OCC, recognizes that in order to protect the confidentiality of a SAR, any information that would reveal the existence of a SAR must be afforded the same protection from disclosure. The confidentiality of SARs must be maintained for a number of compelling reasons. For example, the disclosure of a SAR could result in notification to persons involved in the transaction that is being reported, and compromise any investigations being conducted in connection with the SAR. In addition, the OTS believes that even the occasional disclosure of a SAR could chill the willingness of a savings association or service corporation to file SARs, and to provide the degree of detail and completeness in describing suspicious activity in SARs that will be of use to law enforcement. If savings associations or service corporations believe that a SAR can be used for purposes unrelated to the law enforcement and regulatory purposes of the BSA, the disclosure of such information could adversely affect the timely, appropriate, and candid reporting of suspicious transactions. Savings associations and service corporations also may be reluctant to report suspicious transactions, or may delay making such reports, for fear that the disclosure of a SAR will interfere with its relationship with its customer. Further, a SAR may provide insight into how a savings association or service corporation uncovers potential criminal conduct that can be used by others to circumvent detection. The disclosure of a SAR also could compromise personally identifiable information or commercially sensitive information or damage the reputation of individuals or companies that may be named. Finally, the disclosure of a SAR for uses unrelated to the law enforcement and regulatory purposes for which SARs are intended increases the risk that employees of the savings association or VerDate Mar<15>2010 18:12 Dec 02, 2010 Jkt 223001 service corporation or others who are involved in the preparation or filing of a SAR could become targets for retaliation by persons whose criminal conduct has been reported. These reasons for maintaining the confidentiality of SARs also apply to any information that would reveal the existence of a SAR. Therefore, like FinCEN and the OCC, the OTS proposed to modify the general introduction in its rules to state that confidential treatment also must be afforded to ‘‘any information that would reveal the existence of a SAR.’’ The introduction also would indicate that SAR information may not be disclosed, except as authorized in the narrow circumstances that follow. Some commenters asked that the OTS clarify the phrase ‘‘information that would reveal the existence of a SAR’’ for the purpose of defining the scope of SAR confidentiality. One commenter specifically asked whether that term only includes information that affirmatively states that a SAR was filed. Another commenter urged that the OTS formally recognize that material contained in a reporting institution’s files supporting its decision to file or not file a SAR is confidential. Any document or other information that affirmatively states that a SAR has been filed constitutes information that would reveal the existence of a SAR and must be kept confidential. By extension, a savings association or service corporation also must afford confidentiality to any document stating that a SAR has not been filed. Were the OTS to allow disclosure of information when a SAR is not filed, institutions would implicitly reveal the existence of a SAR any time they were unable to produce records because a SAR was filed.20 Documents that may identify suspicious activity, but that do not reveal whether a SAR exists (e.g., a document memorializing a customer transaction such as an account statement indicating a cash deposit or a record of a funds transfer), should be considered as falling within the 20 For example, a private litigant may serve a discovery request on a savings association or service corporation in civil litigation that calls for the savings association or service corporation to produce the underlying documentation on companies A, B, and C, where the financial institution has filed a SAR on company A, but not companies B or C, and the underlying documentation reflects the SAR filing decisions. If the savings association or service corporation then produces the underlying documentation for companies B and C, but neither confirms nor denies the existence of a SAR when declining to provide similar documentation for company A, by negative implication it may have revealed the existence of the SAR filed on company A. PO 00000 Frm 00016 Fmt 4701 Sfmt 4700 underlying facts, transactions, and documents upon which a SAR is based, and need not be afforded confidentiality.21 This distinction is set forth in the final rule’s second rule of construction discussed in this Sectionby-Section Analysis and reflects relevant case law.22 However, the strong public policy that underlies the SAR system as a whole— namely, the creation of an environment that encourages a savings association or service corporation to report suspicious activity without fear of reprisal—leans heavily in favor of applying SAR confidentiality not only to a SAR itself, but also in appropriate circumstances to material prepared by the savings association or service corporation as part of its process to detect and report suspicious activity, regardless of whether a SAR ultimately was filed or not. This interpretation also reflects relevant case law.23 As explained in more detail in the proposed rule,24 the primary purpose for clarifying the scope of the confidentiality provision is to ensure that, due to potentially serious consequences, the persons involved in 21 As one commenter noted, information produced in the ordinary course of business may contain sufficient information that a reasonable and prudent person familiar with SAR filing requirements could use to conclude that an institution likely filed a SAR (e.g., a copy of a fraudulent check or a cash transaction log showing a clear pattern of structured deposits). Such information alone does not constitute information that would reveal the existence of a SAR. 22 See, e.g., Whitney Nat. Bank v. Karam, 306 F. Supp. 2d 678, 682 (S.D. Tex. 2004) (noting that courts have ‘‘allowed the production of supporting documentation that was generated or received in the ordinary course of the banks’ business, on which the report of suspicious activity was based’’); Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002) (holding that the ‘‘factual documents which give rise to suspicious conduct * * * are to be produced in the ordinary course of discovery because they are business records made in the ordinary course of business’’). 23 See, e.g., Whitney at 682–83 (holding that the SAR confidentiality provision protects, inter alia, ‘‘communications preceding the filing of a SAR and preparatory or preliminary to it; communications that follow the filing of a SAR and are explanations or follow-up discussion; or oral communications or suspected or possible violations that did not culminate in the filing of a SAR’’); Cotton at 815 (holding that ‘‘documents representing the drafts of SARs or other work product or privileged communications that relate to the SAR itself * * * are not to be produced [in discovery] because they would disclose whether a SAR has been prepared or filed’’); Union Bank of California, N.A. v. Superior Court, 130 Cal. App. 4th 378, 391 (2005) (holding that ‘‘a draft SAR or internal memorandum prepared as part of a financial institution’s process for complying with federal reporting requirements is generated for the specific purpose of fulfilling the institution’s reporting obligation * * * [and] fall within the scope of SAR [confidentiality] because they may reveal the contents of a SAR and disclose whether a SAR has been prepared or filed’’). 24 74 FR 10142—43 (March 9, 2009). E:\FR\FM\03DER2.SGM 03DER2 Federal Register / Vol. 75, No. 232 / Friday, December 3, 2010 / Rules and Regulations the transaction and identified in the SAR cannot be notified, directly or indirectly, of the report. Accordingly, like FinCEN and the OCC, the OTS proposed replacing the previous rule text prohibiting disclosure of the SAR to the person involved in the transaction with a broad general confidentiality provision for all SAR information applicable to all persons not authorized in the rules of construction to receive such information. With respect to ‘‘information that would reveal the existence of a SAR,’’ therefore, institutions should distinguish between certain types of statistical or abstract information or general discussions of suspicious activity that may indicate that an institution has filed SARs,25 and information that would reveal the existence of a SAR in a manner that could enable the person involved in the transaction potentially to be notified, whether directly or indirectly. Like FinCEN and the OCC, and for the reasons discussed in this section, the OTS is adopting the proposed introductory language to the Confidentiality of SARs provision (§ 563.180(d)(12)(ii) as final without change. Section 563.180(d)(12) Prohibition on Disclosure by Savings Associations The OTS’s current rules provide that any savings association or service corporation or person subpoenaed or otherwise requested to disclose a SAR or the information contained in a SAR must: (1) Decline to produce the SAR or to provide any information that would disclose that a SAR has been prepared or filed and (2) notify the OTS. The proposed rule more specifically addressed the prohibition on the disclosure of a SAR by a savings association or service corporation. The proposed rule provided that the prohibition includes ‘‘any information that would reveal the existence of a SAR’’ instead of using the phrase ‘‘any information that would disclose that a SAR has been prepared or filed.’’ The OTS, like FinCEN and the OCC, believes that the proposed phrase more clearly describes the type of information that is covered by the prohibition on the disclosure of a SAR. In addition, the emcdonald on DSK2BSOYB1PROD with RULES2 25 One example of such information could include summary information commonly provided by savings association or service corporations in the ‘‘notification to the board’’ required by the various Federal bank regulatory agency SAR rules. Savings Associations subject to the requirement are encouraged to be cautious in the production of relevant portions of board minutes or other records to avoid the risk of potentially exposing SAR information to the subject, either directly or indirectly, in the event such records are subpoenaed. VerDate Mar<15>2010 18:12 Dec 02, 2010 Jkt 223001 proposed rule incorporated the specific reference in 31 U.S.C. 5318(g)(2)(A)(i) to a ‘‘director, officer, employees or agent,’’ in order to clarify that the prohibition on disclosure extends to those individuals in a savings association or service corporation who may have access to SAR information. Although 31 U.S.C. 5318(g)(2)(A)(i) provides that a person involved in the transaction may not be notified that the transaction has been reported, the proposed rule reflected case law that has consistently concluded, in accordance with applicable regulations, that financial institutions are broadly prohibited from disclosing SAR information to any person. Accordingly, these cases have held that, in the context of discovery in connection with civil lawsuits, financial institutions are prohibited from disclosing SAR information because section 5318(g) and its implementing regulations have created an unqualified discovery and evidentiary privilege for such information that cannot be waived by financial institutions.26 Consistent with case law and the current regulation, the texts of the proposed rule did not limit the prohibition on disclosure only to the person involved in the transaction. Permitting disclosure to any outside party may make it likely that SAR information would be disclosed to a person involved in the transaction, which the BSA absolutely prohibits. The proposed rule continued to provide that any savings association or service corporation, or any director, officer, employee or agent of a savings association or service corporation, subpoenaed or otherwise requested to disclose SAR information must decline to provide the information, citing that section of the rule and 31 U.S.C. 5318(g)(2)(A)(i), and must give notice of the request to the OTS. In addition, the proposed rule required the savings association or service corporation to notify the OTS of its response to the request and required the savings association or service corporation to provide the same information to FinCEN. Commenters suggested that OTS adjust its SAR rule to remove the ‘‘duplicative’’ requirement for a savings association to notify both OTS and FinCEN when SAR information is inappropriately requested. OTS, like FinCEN and the OCC, disagrees with the commenter’s characterization of the notification requirement as 26 See, e.g., Whitney Nat’l Bank v. Karam, 306 F. Supp. 2d 678, 682 (S.D. Tex. 2004); Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002). PO 00000 Frm 00017 Fmt 4701 Sfmt 4700 75589 ‘‘duplicative’’ because OTS and FinCEN each have issued, and separately administers, its own separate SAR rule. The joint notification requirement in the OTS’s final rule, therefore, simply acknowledges the notification requirement of different SAR regulations issued by separate agencies. Therefore, the OTS adopts proposed § 560.183(d)(12) as final without change. Section 563.180(d)(12) Rules of Construction The OTS, like FinCEN and the OCC, proposed rules of construction to address issues that have arisen over the years about the scope of the SAR disclosure prohibition and to implement statutory modifications to the BSA made by the USA PATRIOT Act. The proposed rules of construction primarily describe situations that are not covered by the prohibition on disclosure of SAR information by a savings association or service corporation. The introduction to the proposed rules of construction makes clear that they are qualified by the statutory mandate that no person involved in any reported suspicious transaction can be notified that the transaction has been reported. The OTS received no comments on the proposed introductory language to the rules of construction and is adopting the language in the final rule as proposed. The first proposed rule of construction clarified the permissibility of disclosures to governmental authorities or other examining authorities that are otherwise entitled by law to receive SARs and to examine for or investigate suspicious activity. Specifically, the proposal was intended to clarify existing language that a savings association or service corporation, or any director, officer, employee, or agent 27 of a savings association may disclose SAR information to FinCEN or any Federal, State, or local law enforcement agency; or any Federal or State regulatory agency that examines the financial institution for compliance with the BSA. Although the permissibility of such disclosures may be readily apparent, the proposal contained this statement to clarify that a savings 27 Some commenters requested guidance related to the appropriate use of SARs by agents of savings associations and service corporations. In the Supplementary Information section of FinCEN’s final rule issued today, FinCEN states that it is considering additional guidance on the appropriate use of SARs by agents of financial institutions. Until such guidance is issued, however, the OTS and FinCEN remind financial institutions of their requirement to protect, through reasonable controls or agreements with their agents, the confidentiality of SAR information, as prescribed by the OTS and FinCEN final rules. E:\FR\FM\03DER2.SGM 03DER2 emcdonald on DSK2BSOYB1PROD with RULES2 75590 Federal Register / Vol. 75, No. 232 / Friday, December 3, 2010 / Rules and Regulations association or service corporation cannot use the prohibition on disclosure of SAR information to withhold this information from governmental authorities that are otherwise entitled by law to receive SARs and to examine for and investigate suspicious activity. Like FinCEN, OTS is adjusting the language slightly in the final rule to make a technical correction in the SAR rule text. The proposal stated that the rule should not be construed as prohibiting disclosure of a SAR ‘‘to FinCEN or any Federal, State or local law enforcement agency; or any Federal or State regulatory authority that examines the savings association for compliance with the Bank Secrecy Act.’’ The proposed rules sought to expand these terms by describing explicitly the types of entities that fit into those categories. Accordingly, the proposed rule used the phrase ‘‘* * * State regulatory authority that examines the savings association for compliance with the BSA.’’ Like FinCEN, OTS believes that commenters clearly understood and consented to the intent of this language, but will use the more technically accurate phrase ‘‘* * * State regulatory authority administering a State law that requires [the institution] to comply with the BSA or otherwise authorizes the State authority to ensure that the institution complies with the BSA’’ in the final rule. This change recognizes that State regulatory authorities are generally authorized by State law to examine for compliance with the BSA in one of two ways: (1) The law authorizes the State authority to examine the institution for compliance with all Federal laws and regulations generally or with the BSA explicitly, or (2) the law requires a financial institution to comply with all Federal laws and regulations generally or with the BSA explicitly, and authorizes the State authority to examine for compliance with the State law. An institution may provide SAR information to a State regulatory authority meeting either criterion. The second proposed rule of construction provided that SAR information does not include the underlying facts, transactions, and documents upon which a SAR is based. This statement reflects case law, which has recognized that, while a financial institution is prohibited from producing documents in discovery that evidence the existence of a SAR, factual documents created in the ordinary course of business (for example, business records and account information, upon which a SAR is based), may be discoverable in civil VerDate Mar<15>2010 18:12 Dec 02, 2010 Jkt 223001 litigation under the Federal Rules of Civil Procedure.28 The second proposed rule of construction included some examples of situations where a savings association or service corporation may disclose the underlying facts, transactions, and documents upon which a SAR is based. The first example clarifies that a savings association or service corporation, or any director, officer, employee or agent of such a financial institution, may disclose this information 29 to another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR.30 The second example simply codifies a rule of construction added to the BSA by section 351 of the USA PATRIOT Act, which provides that such underlying information may be disclosed in certain written employment references and termination notices.31 One commenter suggested that the OTS clarify that the illustrative examples are not exhaustive, and that there may be other situations not prescribed in the rule where an institution may disclose the underlying facts, transactions, and documents upon which a SAR is based. The OTS did not intend for these examples to be exhaustive and does not believe the text, as proposed, implies that the examples are exhaustive. For purposes of clarity, however, like FinCEN and the OCC, the OTS is revising the final rule’s language at § 563.180(d)(12) to read ‘‘* * * [t]he underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures’’ 28 See Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002). 29 Although the underlying facts, transactions, and documents upon which a SAR is based may include previously filed SARs or other information that would reveal the existence of a SAR, these materials cannot be disclosed as underlying documents. 30 On December 21, 2006, FinCEN and the Federal bank regulatory agencies announced that the format for the SAR form for depository institutions had been revised to support a new joint filing initiative to reduce the number of duplicate SARs filed for a single suspicious transaction. ‘‘Suspicious Activity Report (SAR) Revised to Support Joint Filings and Reduce Duplicate SARs,’’ Joint Release issued by FinCEN, the FRB, the OCC, the OTS, the FDIC, and NCUA (Dec. 21, 2006). On February 17, 2006, FinCEN and the Federal bank regulatory agencies published a joint Federal Register notice seeking comment on proposed revisions to the SAR form. See 71 FR 8640. On May 1, 2007, FinCEN announced a delay in implementation of the revised SAR form until further notice. See 72 FR 23891. Until such time as a new SAR form is available that facilitates joint filing, institutions authorized to jointly file should follow FinCEN’s guidance to use the words ‘‘joint filing’’ in the narrative of the SAR and ensure that both institutions maintain a copy of the SAR and any supporting documentation (See, e.g., http://www.fincen.gov/statutes_regs/guidance/ html/guidance_faqs_sar_10042006.html). 31 31 U.S.C. 5318(g)(2)(B). PO 00000 Frm 00018 Fmt 4701 Sfmt 4700 expressly listed as illustrative examples in the rule. Accordingly, with respect to the SAR confidentiality provision only,32 savings associations and service corporations may disclose underlying facts, transactions, and documents for any purpose, provided that no person involved in the transaction is notified that the transaction has been reported and none of the underlying information reveals the existence of a SAR. Another commenter suggested that the rules of construction include a provision expressly authorizing the disclosure of facts, transactions, or documents to affiliates wherever located and clarify that such authority may be exercised independently of the authority to share SAR information with affiliates. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported and the underlying facts, transactions, and documents do not disclose SAR information, the OTS agrees that such disclosure by a savings association or service corporation to its affiliates, wherever located, is not prohibited by the final rule. Furthermore, the OTS agrees that the authorization for a savings association or service corporation to disclose underlying information to affiliates is independent of the authority to share SAR information with affiliates. The OTS believes that the final rule and the BSA already address that commenter’s concerns and that further revision to the rule is unnecessary. The third proposed rule of construction clarified that the prohibition on the disclosure of SAR information by a savings association or service corporation does not include the sharing by a savings association or service corporation, or any director, officer, employee or agent of a savings association, of SAR information within the savings association’s corporate organizational structure, for purposes consistent with Title II of the BSA, as determined by regulation or in guidance. The proposed third rule of construction recognizes that a savings association or service corporation may find it necessary to share SAR information to fulfill its reporting obligations under the BSA, and to facilitate more effective enterprise-wide BSA monitoring and reporting, consistent with Title II of the BSA. The term ‘‘share’’ used in the third rule of construction is an acknowledgement that sharing within a corporate 32 However, other applicable laws or regulations governing a savings association’s responsibilities to maintain and protect information continue to apply, for example, information covered by part 510 of the OTS’s rules regarding the release of non-public OTS information. E:\FR\FM\03DER2.SGM 03DER2 emcdonald on DSK2BSOYB1PROD with RULES2 Federal Register / Vol. 75, No. 232 / Friday, December 3, 2010 / Rules and Regulations organization for purposes consistent with Title II of the BSA, as determined by regulation or guidance issued by the OTS or FinCEN, is distinguishable from a prohibited disclosure. FinCEN and the Federal bank regulatory agencies have already issued joint guidance making clear that the U.S. branch or agency of a foreign bank may share a SAR with its head office, and that a U.S. bank or savings association may share a SAR with its controlling company (whether domestic or foreign). This guidance stated that the sharing of a SAR with a head office or controlling company both facilitates compliance with the applicable requirements of the BSA and enables the head office or controlling company to discharge its oversight responsibilities with respect to enterprise-wide risk management and compliance with applicable laws and regulations.33 Elsewhere in this issue of the Federal Register, FinCEN is issuing additional final guidance that further elaborates on sharing of SAR information within a corporate organization that FinCEN considers to be ‘‘consistent with the purposes of the BSA.’’ The final guidance generally permits the sharing of SAR information by depository institutions with their affiliates 34 that are subject to a SAR rule. In addition, OTS received comments that addressed FinCEN’s proposed guidance, much of which is addressed in FinCEN’s separate notice of availability of guidance published elsewhere in today’s Federal Register. In general, the commenters requested an expansion of the sharing authorities with respect to both the parties permitted to share and the parties with whom SAR information could be shared. Most commenters provided a clear rationale for how expanded SAR sharing would benefit their institutions by increasing efficiency, cutting costs, and enhancing the detection and reporting of suspicious activity. However, like FinCEN and the OCC, OTS notes that most commenters, however, failed to sufficiently address how they would effectively mitigate the risk of unauthorized disclosure of SAR information if the sharing authority was expanded to the extent they requested. The OTS and FinCEN believe the risk of unauthorized disclosure of SAR information outweighs the benefits of 33 ‘‘Interagency Guidance on Sharing Suspicious Activity Reports with Head Offices and Controlling Companies’’ (January 20, 2006). 34 Under FinCEN’s final guidance, an ‘‘affiliate’’ of a depository institution means any company under common control with, or controlled by, that depository institution. VerDate Mar<15>2010 18:12 Dec 02, 2010 Jkt 223001 any expansion of the sharing authority at this time. Therefore, the third rule of construction is adopted as proposed without change. Section 563.180(d)(12) Prohibition on Disclosure by the OTS As previously noted, section 351 of the USA PATRIOT Act, 31 U.S.C. 5318(g)(2)(A)(ii), amended the BSA, and added a new provision prohibiting officers and employees of the government from disclosing a SAR to any person involved in the transaction that the transaction has been reported, except ‘‘as necessary to fulfill the official duties of such officer or employee.’’ Section § 563.180(d)(12) of OTS’s proposed rule addressed this new provision of the BSA and is comparable to FinCEN’s proposal. The proposed section provided that the OTS will not, and no officer, employee or agent of the OTS, shall disclose SAR information, ‘‘except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act.’’ As stated in section 5318(g)(2)(A)(i), which prohibits a financial institution’s disclosure of a SAR, section 5318(g)(2)(A)(ii) also prohibits the government from disclosing a SAR to ‘‘any person involved in the transaction.’’ OTS, like FinCEN and OCC, proposed to address sections 5318(g)(2)(A)(i) and (A)(ii) in a consistent manner, because disclosure by a governmental authority of SAR information to any outside party may make it more likely that the information will be disclosed to a person involved in the transaction. Accordingly, the proposed rule would generally bar disclosures of SAR information by OTS officers, employees, or agents. However, section 5318(g)(2)(A)(ii) also narrowly permits governmental disclosures as necessary to ‘‘fulfill official duties,’’ a phrase that is not defined in the BSA. Consistent with the rules being proposed by FinCEN and the OCC, OTS proposed to construe this phrase in the context of the BSA, in light of the purpose for which SARs are filed. Accordingly, the proposed rule interpreted ‘‘official duties’’ to mean ‘‘official duties consistent with the purposes of Title II of the BSA,’’ namely, for ‘‘criminal, tax, or regulatory investigations or proceedings, or in the conduct of intelligence or counterintelligence activities, including analysis, to protect against international terrorism.’’ 35 When disclosure is necessary to fulfill official duties, OTS will make a determination, through its 35 31 U.S.C. 5311 (setting forth the purposes of the BSA). PO 00000 Frm 00019 Fmt 4701 Sfmt 4700 75591 internal processes, that a SAR may be disclosed to fulfill official duties consistent with the BSA. This standard would permit, for example, disclosures responsive to a grand jury subpoena; a request from an appropriate Federal or State law enforcement agency; a request from an appropriate Congressional committee or subcommittee; and prosecutorial disclosures mandated by statute or the Constitution, in connection with the statement of a government witness to be called at trial, the impeachment of a government witness, or as material exculpatory of a criminal defendant.36 This proposed interpretation of section 5318(g)(2)(A)(ii) would ensure that SAR information will not be disclosed for a reason that is unrelated to the purposes of the BSA. For example, this standard would not permit disclosure of SAR information to the media. The proposed rule also specifically provided that ‘‘official duties’’ shall not include the disclosure of SAR information in response to a request for use in a private legal proceeding or in response to a request for disclosure of non-public information under 12 CFR 510. This statement, which corresponded to a similar provision in FinCEN’s proposed rules, establishes that OTS will not disclose SAR information to a private litigant for use in a private legal proceeding, or pursuant to 12 CFR 510.5, because such a request cannot be consistent with any of the purposes enumerated in Title II of the BSA. The BSA exists, in part, to protect the public’s interest in an effective reporting system that benefits the nation by helping to ensure that the U.S. financial system will not be used for criminal activity or to support terrorism. OTS like the OCC and FinCEN, believes that this purpose would be undermined by the disclosure of SAR information to a private litigant for use in a civil lawsuit for the reasons described earlier, including that such disclosures will chill full and candid reporting by savings associations and service corporations. Finally, the proposed rule applied to OTS, in addition to its officers, employees, and agents. Comparable to a provision being proposed by FinCEN and the OCC, OTS proposed to include the agency itself in the scope of coverage, because requests for SAR information are typically directed to the agency, rather than to individuals within the OTS with authority to 36 See, e.g., Giglio v. United States, 405 U.S. 150, 153–54 (1972); Brady v. State of Maryland, 373 U.S. 83, 86–87 (1963); Jencks v. United States, 353 U.S. 657, 668 (1957). E:\FR\FM\03DER2.SGM 03DER2 75592 Federal Register / Vol. 75, No. 232 / Friday, December 3, 2010 / Rules and Regulations respond to the request. In addition, agents were included in the proposal because agents of OTS may have access to SAR information. Accordingly, the proposed interpretation would more comprehensively cover disclosures by OTS or agents of OTS, and protect the confidentiality of SAR information. OTS did not receive comments on this issue and is adopting this provision as final without change. emcdonald on DSK2BSOYB1PROD with RULES2 Section 563.180(d)(13) Safe Harbor/ Limitation on Liability In 1992, the Annunzio-Wylie Act amended the BSA by providing a safe harbor for financial institutions and their employees from civil liability for the reporting of known or suspected criminal offenses or suspicious activity through the filing of a SAR.37 OTS, FinCEN and the OCC incorporated the safe harbor provisions of the 1992 law into their SAR rules.38 Section 351 of the USA PATRIOT Act amended section 5318(g)(3) to clarify that the scope of the safe harbor provision includes the voluntary disclosure of possible violations of law and regulations to a government agency and to expand the scope of the limit on civil liability to include any liability that may exist ‘‘under any contract or other legally enforceable agreement (including any arbitration agreement).’’ 39 OTS, like FinCEN and the OCC, incorporated the statutory expansion of the safe harbor by cross-referencing section 5318(g)(3) in the proposed rule. In addition, consistent with the proposed rule issued by FinCEN, this provision makes clear that the safe harbor also applies to a disclosure by a savings association or service corporation made jointly with another financial institution for purposes of filing a joint SAR. OTS received no comments on the proposed safe harbor provision. However, one comment received by FinCEN noted that the statutory safe harbor provision protects any person from liability, not just the person involved in the transaction. Accordingly, like FinCEN and the OCC, OTS is amending the proposed safe harbor language by inserting the phrase ‘‘shall be protected from liability to any person, for any such disclosure * * *.’’ and is otherwise adopting proposed 37 See supra note 1. 31 CFR 103.18(e), 12 CFR 563.180(d)(13) and 12 CFR 21.11(l). The safe harbor regulations are also applicable to oral reports of violations. (In situations requiring immediate attention, a savings association must immediately notify its regulator and appropriate law enforcement by telephone, in addition to filing a SAR. See, e.g., 12 CFR 21.11(d).) 39 31 U.S.C. 5318(g)(3). 38 See VerDate Mar<15>2010 18:12 Dec 02, 2010 Jkt 223001 § 563.180(d)(l3) safe harbor provision as final. Conforming Amendments to 12 CFR Part 510 Today, OTS also is publishing a final rule to amend its information disclosure rule set forth in 12 CFR part 510. Among other things, the final rule clarifies that the OTS’s disclosure of SAR information will be governed exclusively by the standards set forth in the amendments to OTS’s SAR rule set forth in 12 CFR 563.180.40 The effect of these final part 510 amendments is that OTS: (1) Will not release SAR information to private litigants and (2) will only release SAR information to other government agencies, in response to a request pursuant to 12 CFR 563.180 or in the exercise of its discretion, when necessary to fulfill official duties consistent with the purposes of Title II of the BSA. V. OTS Regulatory Analysis Regulatory Flexibility Act The Regulatory Flexibility Act (RFA) generally requires an agency that is issuing a final rule to prepare and make available a final regulatory flexibility analysis that describes the impact of the final rule on small entities, 5 U.S.C. 604. However, the RFA provides that an agency is not required to prepare and make available a final regulatory flexibility analysis if the agency certifies that the final rule will not have a significant economic impact on a substantial number of small entities and publishes its certification and a short, explanatory statement in the Federal Register along with its final rule. 5 U.S.C. 605(b). For purposes of the RFA and OTS-regulated entities, a ‘‘small entity’’ is a savings association or service corporation with assets of $175 million or less. OTS has determined that the costs, if any, associated with the final rule are de minimis. The final rule simply clarifies the scope of the statutory prohibition against the disclosure by financial institutions and by the government of SAR information and clarifies the scope of the safe harbor from liability for institutions that report suspicious activities. Therefore, pursuant to section 605(b) of the RFA, OTS hereby certifies that this final rule will not have a significant economic impact on a substantial number of small entities. Accordingly, a regulatory flexibility analysis is not needed. 40 See elsewhere in this issue of the Federal Register. PO 00000 Frm 00020 Fmt 4701 Sfmt 4700 Executive Order 12866 OTS has determined that this final rule is not a significant regulatory action under Executive Order 12866. We have concluded that the changes made by this final rule will not have an annual effect on the economy of $100 million or more. OTS further concludes that this final rule does not meet any of the other standards for a significant regulatory action set forth in Executive Order 12866. Paperwork Reduction Act We have reviewed the final rule in accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR 1320, Appendix A.1) (PRA) and have determined that it does not contain any ‘‘collections of information’’ as defined by the PRA. Unfunded Mandates Reform Act of 1995 Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 104–4 (2 U.S.C. 1532) (Unfunded Mandates Act), requires that an agency prepare a budgetary impact statement before promulgating any rule likely to result in a Federal mandate that may result in the expenditure by State, local, and tribal governments, in the aggregate, or by the private sector of $100 million or more in any one year. If a budgetary impact statement is required, section 205 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule. OTS has determined that this final rule will not result in expenditures by State, local, and tribal governments, or by the private sector, of $100 million or more in any one year. Accordingly, this proposal is not subject to section 202 of the Unfunded Mandates Act. List of Subjects in 12 CFR Part 563 Crime, Currency, Savings associations, reporting and recordkeeping requirements, Security measures. Authority and Issuance For the reasons set forth in the preamble, part 563 of title 12 of the Code of Federal Regulations is amended as follows: ■ PART 563—SAVINGS ASSOCIATIONS—OPERATIONS 1. The authority citation for part 563 continues to read as follows: ■ Authority: 12 U.S.C. 375b, 1462a, 1463, 1464, 1467a, 1468, 1817, 1828, 3806; 31 U.S.C 5318. E:\FR\FM\03DER2.SGM 03DER2 Federal Register / Vol. 75, No. 232 / Friday, December 3, 2010 / Rules and Regulations 2. Section 563.180 is amended by revising paragraphs (d)(2)(iii) and (d)(3) introductory text, adding a new sentence to the end of paragraph (d)(8), and revising paragraph (d)(12) to read as follows: ■ § 563.180 Suspicious Activity Reports and other reports and statements. emcdonald on DSK2BSOYB1PROD with RULES2 * * * * * (d) * * * (2) * * * (iii) SAR means a Suspicious Activity Report. (3) SARs required. A savings association or service corporation shall file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury on the form prescribed by the OTS and in accordance with the form’s instructions, by sending a completed SAR to FinCEN in the following circumstances: * * * * * (8) Retention of records. * * * A savings association or service corporation shall make all supporting documentation available to OTS, FinCEN, or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the savings association or service corporation for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the savings association or service corporation to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act, upon request. * * * * * (12) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential, and shall not be disclosed except as authorized in this paragraph (d)(12). (i) Prohibition on disclosure by savings associations or service corporations. (A) General rule. No savings association or service corporation, and no director, officer, employee, or agent of a savings association or service corporation, shall disclose a SAR or any information that would reveal the existence of a SAR. Any savings association or service corporation, and any director, officer, employee, or agent of any savings association or service corporation that is subpoenaed or otherwise requested to disclose a SAR, or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify the following of any such request and the response thereto: VerDate Mar<15>2010 18:12 Dec 02, 2010 Jkt 223001 (A) Deputy Chief Counsel, Litigation Division, Office of Thrift Supervision; and (B) The Financial Crimes Enforcement Network (FinCEN). (ii) Rules of construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, paragraph (d)(1) of this section shall not be construed as prohibiting: (A) The disclosure by a savings association or service corporation, or any director, officer, employee or agent of a savings association or service corporation of: (1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or OTS, or any Federal, State, or local law enforcement agency; or any Federal regulatory authority that examines the savings association or service corporation for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires compliance with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act; or (2) The underlying facts, transactions, and documents upon which a SAR is based, including, but not limited to, disclosures: (i) To another financial institution, or any director, officer, employee or agent of a financial institution, for the preparation of a joint SAR; or (ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or (B) The sharing by a savings association or service corporation, or any director, officer, employee, or agent of a savings association or service corporation, of a SAR, or any information that would reveal the existence of a SAR, within the corporate organizational structure of the savings association or service corporation, for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance. (iii) Prohibition on disclosure by OTS. The OTS will not, and no officer, employee or agent of OTS, shall disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, ‘‘official duties’’ shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for use in a private legal proceeding or in response to a request PO 00000 Frm 00021 Fmt 4701 Sfmt 4700 75593 for disclosure of non-public information under 12 CFR 510.5. (iv) Limitation on liability. A savings association or service corporation and any director, officer, employee or agent of a savings association or service corporation that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3). * * * * * Dated: June 1, 2010. By the Office of Thrift Supervision. John E. Bowman, Acting Director. [FR Doc. 2010–29877 Filed 12–2–10; 8:45 am] BILLING CODE 6720–01–P DEPARTMENT OF THE TREASURY 31 CFR Part 103 RIN 1506–AA99 Financial Crimes Enforcement Network; Confidentiality of Suspicious Activity Reports The Financial Crimes Enforcement Network (‘‘FinCEN’’), Treasury. ACTION: Final rule. AGENCY: FinCEN is issuing this final rule to amend the Bank Secrecy Act (‘‘BSA’’) regulations regarding the confidentiality of a report of suspicious activity (‘‘SAR’’) to: Clarify the scope of the statutory prohibition against the disclosure by a financial institution of a SAR; address the statutory prohibition against the disclosure by the government of a SAR; clarify that the exclusive standard applicable to the disclosure of a SAR by the government is to fulfill official duties consistent with the purposes of the BSA; modify the safe harbor provision to include changes made by the Uniting and Strengthening America by Providing the Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (‘‘USA PATRIOT Act’’); and make minor technical revisions for consistency and harmonization among the different SAR rules. These amendments are part of the Department of the Treasury’s continuing effort to increase the efficiency and effectiveness of its anti-money laundering and counter-terrorist SUMMARY: E:\FR\FM\03DER2.SGM 03DER2

Agencies

[Federal Register Volume 75, Number 232 (Friday, December 3, 2010)]
[Rules and Regulations]
[Pages 75586-75593]
From the Federal Register Online via the Government Printing Office [www.gpo.gov]
[FR Doc No: 2010-29877]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of Thrift Supervision

12 CFR Part 563

[Docket ID OTS-2010-0015]
RIN 1550-AC26


Confidentiality of Suspicious Activity Reports

AGENCY: The Office of Thrift Supervision, Treasury (OTS).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The OTS is issuing this final rule to amend its regulations 
implementing the Bank Secrecy Act (BSA) governing the confidentiality 
of a suspicious activity report (SAR) to: Clarify the scope of the 
statutory prohibition on the disclosure by a financial institution of a 
SAR, as it applies to savings associations and service corporations; 
address the statutory prohibition on the disclosure by the government 
of a SAR, as that prohibition applies to the OTS's standards governing 
the disclosure of SARs; clarify that the exclusive standard applicable 
to the disclosure of a SAR, or any information that would reveal the 
existence of a SAR, by the OTS is to fulfill official duties consistent 
with the purposes of the BSA; and modify the safe harbor provision in 
the OTS's SAR rules to include changes made by the Uniting and 
Strengthening America by Providing Appropriate Tools Required to 
Intercept and Obstruct Terrorism (USA PATRIOT) Act. These amendments 
are consistent with a final rule being contemporaneously issued by the 
Financial Crimes Enforcement Network (FinCEN) and the Office of 
Comptroller of the Currency (OCC).

DATES: This rule is effective on January 3, 2011.

FOR FURTHER INFORMATION CONTACT: Marvin Shaw, Senior Attorney, 
Regulations and Legislation (202-906-6639); Noelle Kurtin, Senior 
Attorney, Enforcement (202-906-6739); or Stacy Messett, Senior Project 
Manager, BSA and Compliance Examinations (202-906-6241); Office of 
Thrift Supervision, 1700 G Street, NW., Washington, DC 20552.

SUPPLEMENTARY INFORMATION: 

I. Background

    The BSA requires financial institutions, including savings 
associations and service corporations regulated by the OTS, to keep 
certain records and make certain reports that have been determined to 
be useful in criminal, tax, or regulatory investigations or 
proceedings, and for intelligence or counter intelligence activities to 
protect against international terrorism. In particular, the BSA and its 
implementing regulations require a financial institution to file a SAR 
when it detects a known or suspected violation of Federal law or a 
suspicious activity related to money laundering, terrorist financing, 
or other criminal activity.\1\
---------------------------------------------------------------------------

    \1\ The Annunzio-Wylie Anti-Money Laundering Act of 1992 (the 
Annunzio-Wylie Act) amended the BSA and authorized the Secretary of 
the Treasury to require financial institutions to report suspicious 
transactions relevant to a possible violation of law or regulation. 
See Pub. L. 102-550, Title XV, section 1517(b), 106 Stat. 4055, 
4058-9 (1992); 31 U.S.C. 5318(g)(1). The OTS, Board of Governors of 
the Federal Reserve System (FRB), Federal Deposit Insurance 
Corporation (FDIC), Office of the Comptroller of the Currency (OCC), 
and National Credit Union Administration (NCUA), (collectively 
referred to as the Federal bank regulatory agencies) subsequently 
issued virtually identical implementing regulations on suspicious 
activity reporting. See 12 CFR 21.11 (OCC); 12 CFR 208.62 (FRB); 12 
CFR 353.3 (FDIC); 12 CFR 563.180 (OTS); and 12 CFR 748.1 (NCUA).
---------------------------------------------------------------------------

    SARs are used for law enforcement or regulatory purposes to combat 
terrorism, terrorist financing, money laundering and other financial 
crimes. For this reason, the BSA provides that a financial institution, 
and its officers, directors, employees, and agents are prohibited from 
notifying any person involved in a suspicious transaction that the 
transaction was reported.\2\ To encourage the voluntary reporting of 
possible violations of law and regulation, and the filing of SARs, the 
BSA also contains a safe harbor provision, which shields financial 
institutions making such reports from civil liability.
---------------------------------------------------------------------------

    \2\ 31 U.S.C. 5318(g)(2)(A)(i).
---------------------------------------------------------------------------

    FinCEN \3\ has issued rules implementing the SAR confidentiality 
provisions for various types of financial institutions that closely 
mirror the statutory language.\4\ In addition, the Federal bank 
regulatory agencies implemented these provisions through similar 
regulations that provide SARs are confidential and generally no 
information about or contained in a SAR may be disclosed.\5\ The 
regulations issued by FinCEN and the Federal bank regulatory agencies 
also describe the applicability of the safe harbor provision to both 
voluntary reports of possible and known violations of law and the 
required filing of SARs.\6\
---------------------------------------------------------------------------

    \3\ FinCEN is the agency designated by the Department of the 
Treasury to administer the BSA, and with which SARs must be filed. 
See 31 U.S.C. 5318; 12 CFR 21.11(c).
    \4\ See, e.g., 31 CFR 103.18(e) (SAR confidentiality rule for 
banks); 31 CFR 103.19(e) (SAR confidentiality rule for brokers or 
dealers in securities).
    \5\ See 12 CFR 21.11(k) (OCC); 12 CFR 208.62(j) (FRB); 12 CFR 
353.3(g) (FDIC); 12 CFR 563.180(d)(12) (OTS); and 12 CFR 748.1 
(NCUA).
    \6\ 31 U.S.C. 5318(q)(3).
---------------------------------------------------------------------------

    The USA PATRIOT Act of 2001 strengthened the confidentiality of 
SARs by adding to the BSA a new provision that prohibits officers or 
employees of the Federal Government or any State, local, tribal, or 
territorial government within the United States with knowledge of a 
SAR, from disclosing to any person involved in a suspicious transaction 
that the transaction was reported, other than as necessary to fulfill 
the official duties of such officer or employee.\7\ The USA PATRIOT Act 
also clarified that the safe harbor shielding financial institutions 
from liability covers voluntary disclosures of possible violations of 
law and regulations to a government agency and expanded the scope of 
the limit on liability to cover any civil liability that

[[Page 75587]]

may exist ``under any contract or other legally enforceable agreement 
(including any arbitration agreement).'' \8\
---------------------------------------------------------------------------

    \7\ See USA PATRIOT Act, section 351(b), Pub. L. 107-56, Title 
III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(2).
    \8\ See USA PATRIOT Act, section 351(a), Pub. L. 107-56, Title 
III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 5318(g)(3).
---------------------------------------------------------------------------

    FinCEN is issuing a final rule to modify its SAR rules to interpret 
or further interpret the provisions of the BSA that relate to the 
confidentiality of SARs and the safe harbor for such reporting. The OTS 
is amending its SAR rules contemporaneously, consistent with the final 
rules being issued by FinCEN and the OCC, to clarify the manner in 
which these provisions apply to savings associations and service 
corporations and to the OTS's own standards governing the disclosure of 
a SAR and any information that would reveal the existence of a SAR 
(referred to in this preamble as ``SAR information'').
    In a separate rulemaking action from the part 563 proposal, the OTS 
also simultaneously proposed to amend its information disclosure 
regulation set forth in 12 CFR part 510 to clarify that the exclusive 
standard governing the release of SAR information is set forth in 12 
CFR 563.180.\9\ The OTS issued that proposed amendment to 12 CFR part 
510 at the same time as the part 563 proposal, to make clear that the 
OTS will disclose SAR information only when necessary to satisfy the 
BSA purposes for which SARs are filed. Today, the OTS also is adopting 
the part 510 proposal as final without change.
---------------------------------------------------------------------------

    \9\ See elsewhere in this issue of the Federal Register.
---------------------------------------------------------------------------

II. Overview of the Proposed Rule and Related Actions

    On March 9, 2009, the OTS published proposed amendments to its 
rules \10\ to include key changes that would: (1) Clarify the scope of 
the statutory prohibition on the disclosure by a financial institution 
of a SAR, as it applies to savings associations and service 
corporations; (2) address the statutory prohibition on the disclosure 
by the government of a SAR, which was added to the BSA by section 
351(b) of the USA PATRIOT Act of 2001, as that prohibition applies to 
the OTS's standards governing the disclosure of SAR information; and 
(3) clarify that the exclusive standard applicable to the disclosure of 
SAR information by the OTS is to fulfill official duties consistent 
with the purposes of the BSA, in order to ensure that SAR information 
is protected from inappropriate disclosures unrelated to the BSA 
purposes for which SARs are filed. In addition, the proposed amendments 
would modify the safe harbor provision in the OTS's SAR rules \11\ to 
include changes made by the USA PATRIOT Act.
---------------------------------------------------------------------------

    \10\ 74 FR 10139 (March 9, 2009).
    \11\ 12 CFR 563.180(d)(13).
---------------------------------------------------------------------------

    Contemporaneously with the publication of, and as described in, the 
OTS's proposal, FinCEN issued for notice and comment proposed guidance 
regarding the sharing of SARs with affiliates.\12\ That proposed 
guidance may be used to interpret a provision of the OTS's proposed 
rulemaking.
---------------------------------------------------------------------------

    \12\ 74 FR 10158 (Mar. 9, 2009).
---------------------------------------------------------------------------

III. Comments on the Proposed Rule

    The comment period for the proposed rulemakings ended on June 8, 
2009. OTS received a total of three comments.\13\ Of these, two were 
submitted by bank trade associations and one was submitted by an 
individual. The comments generally supported the OTS's proposed rule 
while requesting broadening of FinCEN's proposed sharing guidance.\14\ 
Comments specific to the OTS's proposed rule provided suggestions 
related to the disclosure of the ``underlying facts, transactions, and 
documents upon which a SAR is based;'' the requirement to reveal a SAR 
request to both OTS and FinCEN; and the proposed modification to the 
safe harbor provision in the OTS's SAR rules \15\ to include changes 
made by the USA PATRIOT Act. These comments are addressed in the 
Section-by-Section Analysis section of this SUPPLEMENTARY INFORMATION.
---------------------------------------------------------------------------

    \13\ None of the comments received by the OTS directly addressed 
the proposed revisions to the OTS's information disclosure 
regulation set forth in 12 CFR part 510.
    \14\ Comments about the sharing guidance are addressed 
separately in a related ``notice of availability of guidance'' 
published by FinCEN elsewhere in today's Federal Register together 
with FinCEN's final rules.
    \15\ 12 CFR 1563.180(d)(13).
---------------------------------------------------------------------------

IV. Section-by-Section Analysis

Section 563.180(d)(2)(iii) Definition of a SAR

    The primary purpose of the OTS's SAR rule is to ensure that a 
savings association or service corporation files a SAR when it detects 
a known or suspected violation of a Federal law or a suspicious 
transaction related to money laundering activity or a violation of the 
BSA. See 12 CFR 563.180. Incidental to this purpose, the OTS's SAR rule 
includes a section that addresses the confidentiality of SARs.
    Under the current SAR rule, the term ``SAR'' means ``a Suspicious 
Activity Report on the form prescribed by the OTS.'' \16\ The proposed 
rule would have defined a ``SAR'' generically as ``a Suspicious 
Activity Report.'' This change would extend the confidentiality 
provisions of the OTS's SAR rule to all SARs, including those filed on 
forms prescribed by FinCEN.\17\ As a consequence, a savings association 
or service corporation that obtained a SAR, for example, from a non-
bank affiliate pursuant to the provisions of the proposed rule, would 
be required to safeguard the confidentiality of the SAR, even if the 
SAR had not been filed on a form prescribed by the OTS. The OTS 
received no comments on the proposed revised definition of SAR and 
adopts the definition as proposed.
---------------------------------------------------------------------------

    \16\ 12 CFR 563.180(d)(2).
    \17\ See, e.g., 31 CFR 103.19 (FinCEN regulations requiring 
brokers or dealers in securities to file reports of suspicious 
transactions on a SAR-S-F).
---------------------------------------------------------------------------

Section 563.180(d)(3) SARs Required

    To clarify that a savings association or service corporation must 
file a SAR on a form ``prescribed by the OTS,'' the OTS proposed to add 
that phrase to the introductory language of the section of the OTS's 
SAR rule that describes the procedures for the filing of a SAR. 
Accordingly, the proposed rule would have required a savings 
association or service corporation to file a SAR with the appropriate 
Federal law enforcement agencies and the Department of the Treasury on 
the form prescribed by the OTS in accordance with the form's 
instructions, by sending a completed SAR to FinCEN in particular 
circumstances.\18\ The OTS received no comments on the proposal to add 
the phrase ``prescribed by the OTS'' to the introductory language of 
that section of the OTS's SAR rule and adopts the change as proposed.
---------------------------------------------------------------------------

    \18\ OTS's current provision, at 12 CFR 563.180(d)(2), requires 
a savings association or service corporation to ``file a SAR with 
the appropriate Federal law enforcement agencies and the Department 
of the Treasury in accordance with the form's instructions * * *,'' 
but does not specify which form.
---------------------------------------------------------------------------

Section 563.180(d)(12) Confidentiality of SARs

    The OTS proposed to amend its rules regarding SAR confidentiality 
\19\ by modifying the introductory sentence regarding SAR 
confidentiality, and dividing the remainder of the current provision 
into two sections. The first section would describe the prohibition on 
disclosure of SAR information by savings association or service 
corporation and the rules of construction applicable to this 
prohibition. The second section would describe the prohibition on the 
OTS's disclosure of SAR information.
---------------------------------------------------------------------------

    \19\ 12 CFR 563.180(d)(12).

---------------------------------------------------------------------------

[[Page 75588]]

    Prior to this final rulemaking action, the OTS's rules prohibiting 
the disclosure of SARs began with the statement that SARs are 
confidential. Over the years, the OTS has received numerous questions 
regarding the scope of the prohibition on the disclosure of a SAR in 
its current rules. Accordingly, the OTS proposed to clarify the scope 
of SAR confidentiality by more clearly describing the information that 
is subject to the prohibition. Like FinCEN and the OCC, the OTS 
believes that all of the reasons for maintaining the confidentiality of 
SARs are equally applicable to any information that would reveal the 
existence of a SAR.
    The OTS, like FinCEN and the OCC, recognizes that in order to 
protect the confidentiality of a SAR, any information that would reveal 
the existence of a SAR must be afforded the same protection from 
disclosure. The confidentiality of SARs must be maintained for a number 
of compelling reasons. For example, the disclosure of a SAR could 
result in notification to persons involved in the transaction that is 
being reported, and compromise any investigations being conducted in 
connection with the SAR. In addition, the OTS believes that even the 
occasional disclosure of a SAR could chill the willingness of a savings 
association or service corporation to file SARs, and to provide the 
degree of detail and completeness in describing suspicious activity in 
SARs that will be of use to law enforcement. If savings associations or 
service corporations believe that a SAR can be used for purposes 
unrelated to the law enforcement and regulatory purposes of the BSA, 
the disclosure of such information could adversely affect the timely, 
appropriate, and candid reporting of suspicious transactions. Savings 
associations and service corporations also may be reluctant to report 
suspicious transactions, or may delay making such reports, for fear 
that the disclosure of a SAR will interfere with its relationship with 
its customer. Further, a SAR may provide insight into how a savings 
association or service corporation uncovers potential criminal conduct 
that can be used by others to circumvent detection. The disclosure of a 
SAR also could compromise personally identifiable information or 
commercially sensitive information or damage the reputation of 
individuals or companies that may be named. Finally, the disclosure of 
a SAR for uses unrelated to the law enforcement and regulatory purposes 
for which SARs are intended increases the risk that employees of the 
savings association or service corporation or others who are involved 
in the preparation or filing of a SAR could become targets for 
retaliation by persons whose criminal conduct has been reported.
    These reasons for maintaining the confidentiality of SARs also 
apply to any information that would reveal the existence of a SAR. 
Therefore, like FinCEN and the OCC, the OTS proposed to modify the 
general introduction in its rules to state that confidential treatment 
also must be afforded to ``any information that would reveal the 
existence of a SAR.'' The introduction also would indicate that SAR 
information may not be disclosed, except as authorized in the narrow 
circumstances that follow.
    Some commenters asked that the OTS clarify the phrase ``information 
that would reveal the existence of a SAR'' for the purpose of defining 
the scope of SAR confidentiality. One commenter specifically asked 
whether that term only includes information that affirmatively states 
that a SAR was filed. Another commenter urged that the OTS formally 
recognize that material contained in a reporting institution's files 
supporting its decision to file or not file a SAR is confidential.
    Any document or other information that affirmatively states that a 
SAR has been filed constitutes information that would reveal the 
existence of a SAR and must be kept confidential. By extension, a 
savings association or service corporation also must afford 
confidentiality to any document stating that a SAR has not been filed. 
Were the OTS to allow disclosure of information when a SAR is not 
filed, institutions would implicitly reveal the existence of a SAR any 
time they were unable to produce records because a SAR was filed.\20\
---------------------------------------------------------------------------

    \20\ For example, a private litigant may serve a discovery 
request on a savings association or service corporation in civil 
litigation that calls for the savings association or service 
corporation to produce the underlying documentation on companies A, 
B, and C, where the financial institution has filed a SAR on company 
A, but not companies B or C, and the underlying documentation 
reflects the SAR filing decisions. If the savings association or 
service corporation then produces the underlying documentation for 
companies B and C, but neither confirms nor denies the existence of 
a SAR when declining to provide similar documentation for company A, 
by negative implication it may have revealed the existence of the 
SAR filed on company A.
---------------------------------------------------------------------------

    Documents that may identify suspicious activity, but that do not 
reveal whether a SAR exists (e.g., a document memorializing a customer 
transaction such as an account statement indicating a cash deposit or a 
record of a funds transfer), should be considered as falling within the 
underlying facts, transactions, and documents upon which a SAR is 
based, and need not be afforded confidentiality.\21\ This distinction 
is set forth in the final rule's second rule of construction discussed 
in this Section-by-Section Analysis and reflects relevant case law.\22\
---------------------------------------------------------------------------

    \21\ As one commenter noted, information produced in the 
ordinary course of business may contain sufficient information that 
a reasonable and prudent person familiar with SAR filing 
requirements could use to conclude that an institution likely filed 
a SAR (e.g., a copy of a fraudulent check or a cash transaction log 
showing a clear pattern of structured deposits). Such information 
alone does not constitute information that would reveal the 
existence of a SAR.
    \22\ See, e.g., Whitney Nat. Bank v. Karam, 306 F. Supp. 2d 678, 
682 (S.D. Tex. 2004) (noting that courts have ``allowed the 
production of supporting documentation that was generated or 
received in the ordinary course of the banks' business, on which the 
report of suspicious activity was based''); Cotton v. Private Bank 
and Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill. 2002) (holding 
that the ``factual documents which give rise to suspicious conduct * 
* * are to be produced in the ordinary course of discovery because 
they are business records made in the ordinary course of 
business'').
---------------------------------------------------------------------------

    However, the strong public policy that underlies the SAR system as 
a whole--namely, the creation of an environment that encourages a 
savings association or service corporation to report suspicious 
activity without fear of reprisal--leans heavily in favor of applying 
SAR confidentiality not only to a SAR itself, but also in appropriate 
circumstances to material prepared by the savings association or 
service corporation as part of its process to detect and report 
suspicious activity, regardless of whether a SAR ultimately was filed 
or not. This interpretation also reflects relevant case law.\23\
---------------------------------------------------------------------------

    \23\ See, e.g., Whitney at 682-83 (holding that the SAR 
confidentiality provision protects, inter alia, ``communications 
preceding the filing of a SAR and preparatory or preliminary to it; 
communications that follow the filing of a SAR and are explanations 
or follow-up discussion; or oral communications or suspected or 
possible violations that did not culminate in the filing of a 
SAR''); Cotton at 815 (holding that ``documents representing the 
drafts of SARs or other work product or privileged communications 
that relate to the SAR itself * * * are not to be produced [in 
discovery] because they would disclose whether a SAR has been 
prepared or filed''); Union Bank of California, N.A. v. Superior 
Court, 130 Cal. App. 4th 378, 391 (2005) (holding that ``a draft SAR 
or internal memorandum prepared as part of a financial institution's 
process for complying with federal reporting requirements is 
generated for the specific purpose of fulfilling the institution's 
reporting obligation * * * [and] fall within the scope of SAR 
[confidentiality] because they may reveal the contents of a SAR and 
disclose whether a SAR has been prepared or filed'').
---------------------------------------------------------------------------

    As explained in more detail in the proposed rule,\24\ the primary 
purpose for clarifying the scope of the confidentiality provision is to 
ensure that, due to potentially serious consequences, the persons 
involved in

[[Page 75589]]

the transaction and identified in the SAR cannot be notified, directly 
or indirectly, of the report. Accordingly, like FinCEN and the OCC, the 
OTS proposed replacing the previous rule text prohibiting disclosure of 
the SAR to the person involved in the transaction with a broad general 
confidentiality provision for all SAR information applicable to all 
persons not authorized in the rules of construction to receive such 
information. With respect to ``information that would reveal the 
existence of a SAR,'' therefore, institutions should distinguish 
between certain types of statistical or abstract information or general 
discussions of suspicious activity that may indicate that an 
institution has filed SARs,\25\ and information that would reveal the 
existence of a SAR in a manner that could enable the person involved in 
the transaction potentially to be notified, whether directly or 
indirectly.
---------------------------------------------------------------------------

    \24\ 74 FR 10142--43 (March 9, 2009).
    \25\ One example of such information could include summary 
information commonly provided by savings association or service 
corporations in the ``notification to the board'' required by the 
various Federal bank regulatory agency SAR rules. Savings 
Associations subject to the requirement are encouraged to be 
cautious in the production of relevant portions of board minutes or 
other records to avoid the risk of potentially exposing SAR 
information to the subject, either directly or indirectly, in the 
event such records are subpoenaed.
---------------------------------------------------------------------------

    Like FinCEN and the OCC, and for the reasons discussed in this 
section, the OTS is adopting the proposed introductory language to the 
Confidentiality of SARs provision (Sec.  563.180(d)(12)(ii) as final 
without change.

Section 563.180(d)(12) Prohibition on Disclosure by Savings 
Associations

    The OTS's current rules provide that any savings association or 
service corporation or person subpoenaed or otherwise requested to 
disclose a SAR or the information contained in a SAR must: (1) Decline 
to produce the SAR or to provide any information that would disclose 
that a SAR has been prepared or filed and (2) notify the OTS.
    The proposed rule more specifically addressed the prohibition on 
the disclosure of a SAR by a savings association or service 
corporation. The proposed rule provided that the prohibition includes 
``any information that would reveal the existence of a SAR'' instead of 
using the phrase ``any information that would disclose that a SAR has 
been prepared or filed.'' The OTS, like FinCEN and the OCC, believes 
that the proposed phrase more clearly describes the type of information 
that is covered by the prohibition on the disclosure of a SAR. In 
addition, the proposed rule incorporated the specific reference in 31 
U.S.C. 5318(g)(2)(A)(i) to a ``director, officer, employees or agent,'' 
in order to clarify that the prohibition on disclosure extends to those 
individuals in a savings association or service corporation who may 
have access to SAR information.
    Although 31 U.S.C. 5318(g)(2)(A)(i) provides that a person involved 
in the transaction may not be notified that the transaction has been 
reported, the proposed rule reflected case law that has consistently 
concluded, in accordance with applicable regulations, that financial 
institutions are broadly prohibited from disclosing SAR information to 
any person. Accordingly, these cases have held that, in the context of 
discovery in connection with civil lawsuits, financial institutions are 
prohibited from disclosing SAR information because section 5318(g) and 
its implementing regulations have created an unqualified discovery and 
evidentiary privilege for such information that cannot be waived by 
financial institutions.\26\ Consistent with case law and the current 
regulation, the texts of the proposed rule did not limit the 
prohibition on disclosure only to the person involved in the 
transaction. Permitting disclosure to any outside party may make it 
likely that SAR information would be disclosed to a person involved in 
the transaction, which the BSA absolutely prohibits.
---------------------------------------------------------------------------

    \26\ See, e.g., Whitney Nat'l Bank v. Karam, 306 F. Supp. 2d 
678, 682 (S.D. Tex. 2004); Cotton v. Private Bank and Trust Co., 235 
F. Supp. 2d 809, 815 (N.D. Ill. 2002).
---------------------------------------------------------------------------

    The proposed rule continued to provide that any savings association 
or service corporation, or any director, officer, employee or agent of 
a savings association or service corporation, subpoenaed or otherwise 
requested to disclose SAR information must decline to provide the 
information, citing that section of the rule and 31 U.S.C. 
5318(g)(2)(A)(i), and must give notice of the request to the OTS. In 
addition, the proposed rule required the savings association or service 
corporation to notify the OTS of its response to the request and 
required the savings association or service corporation to provide the 
same information to FinCEN.
    Commenters suggested that OTS adjust its SAR rule to remove the 
``duplicative'' requirement for a savings association to notify both 
OTS and FinCEN when SAR information is inappropriately requested. OTS, 
like FinCEN and the OCC, disagrees with the commenter's 
characterization of the notification requirement as ``duplicative'' 
because OTS and FinCEN each have issued, and separately administers, 
its own separate SAR rule. The joint notification requirement in the 
OTS's final rule, therefore, simply acknowledges the notification 
requirement of different SAR regulations issued by separate agencies. 
Therefore, the OTS adopts proposed Sec.  560.183(d)(12) as final 
without change.

Section 563.180(d)(12) Rules of Construction

    The OTS, like FinCEN and the OCC, proposed rules of construction to 
address issues that have arisen over the years about the scope of the 
SAR disclosure prohibition and to implement statutory modifications to 
the BSA made by the USA PATRIOT Act. The proposed rules of construction 
primarily describe situations that are not covered by the prohibition 
on disclosure of SAR information by a savings association or service 
corporation. The introduction to the proposed rules of construction 
makes clear that they are qualified by the statutory mandate that no 
person involved in any reported suspicious transaction can be notified 
that the transaction has been reported. The OTS received no comments on 
the proposed introductory language to the rules of construction and is 
adopting the language in the final rule as proposed.
    The first proposed rule of construction clarified the 
permissibility of disclosures to governmental authorities or other 
examining authorities that are otherwise entitled by law to receive 
SARs and to examine for or investigate suspicious activity. 
Specifically, the proposal was intended to clarify existing language 
that a savings association or service corporation, or any director, 
officer, employee, or agent \27\ of a savings association may disclose 
SAR information to FinCEN or any Federal, State, or local law 
enforcement agency; or any Federal or State regulatory agency that 
examines the financial institution for compliance with the BSA. 
Although the permissibility of such disclosures may be readily 
apparent, the proposal contained this statement to clarify that a 
savings

[[Page 75590]]

association or service corporation cannot use the prohibition on 
disclosure of SAR information to withhold this information from 
governmental authorities that are otherwise entitled by law to receive 
SARs and to examine for and investigate suspicious activity.
---------------------------------------------------------------------------

    \27\ Some commenters requested guidance related to the 
appropriate use of SARs by agents of savings associations and 
service corporations. In the Supplementary Information section of 
FinCEN's final rule issued today, FinCEN states that it is 
considering additional guidance on the appropriate use of SARs by 
agents of financial institutions. Until such guidance is issued, 
however, the OTS and FinCEN remind financial institutions of their 
requirement to protect, through reasonable controls or agreements 
with their agents, the confidentiality of SAR information, as 
prescribed by the OTS and FinCEN final rules.
---------------------------------------------------------------------------

    Like FinCEN, OTS is adjusting the language slightly in the final 
rule to make a technical correction in the SAR rule text. The proposal 
stated that the rule should not be construed as prohibiting disclosure 
of a SAR ``to FinCEN or any Federal, State or local law enforcement 
agency; or any Federal or State regulatory authority that examines the 
savings association for compliance with the Bank Secrecy Act.'' The 
proposed rules sought to expand these terms by describing explicitly 
the types of entities that fit into those categories. Accordingly, the 
proposed rule used the phrase ``* * * State regulatory authority that 
examines the savings association for compliance with the BSA.'' Like 
FinCEN, OTS believes that commenters clearly understood and consented 
to the intent of this language, but will use the more technically 
accurate phrase ``* * * State regulatory authority administering a 
State law that requires [the institution] to comply with the BSA or 
otherwise authorizes the State authority to ensure that the institution 
complies with the BSA'' in the final rule.
    This change recognizes that State regulatory authorities are 
generally authorized by State law to examine for compliance with the 
BSA in one of two ways: (1) The law authorizes the State authority to 
examine the institution for compliance with all Federal laws and 
regulations generally or with the BSA explicitly, or (2) the law 
requires a financial institution to comply with all Federal laws and 
regulations generally or with the BSA explicitly, and authorizes the 
State authority to examine for compliance with the State law. An 
institution may provide SAR information to a State regulatory authority 
meeting either criterion.
    The second proposed rule of construction provided that SAR 
information does not include the underlying facts, transactions, and 
documents upon which a SAR is based. This statement reflects case law, 
which has recognized that, while a financial institution is prohibited 
from producing documents in discovery that evidence the existence of a 
SAR, factual documents created in the ordinary course of business (for 
example, business records and account information, upon which a SAR is 
based), may be discoverable in civil litigation under the Federal Rules 
of Civil Procedure.\28\
---------------------------------------------------------------------------

    \28\ See Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 
809, 815 (N.D. Ill. 2002).
---------------------------------------------------------------------------

    The second proposed rule of construction included some examples of 
situations where a savings association or service corporation may 
disclose the underlying facts, transactions, and documents upon which a 
SAR is based. The first example clarifies that a savings association or 
service corporation, or any director, officer, employee or agent of 
such a financial institution, may disclose this information \29\ to 
another financial institution, or any director, officer, employee, or 
agent of a financial institution, for the preparation of a joint 
SAR.\30\ The second example simply codifies a rule of construction 
added to the BSA by section 351 of the USA PATRIOT Act, which provides 
that such underlying information may be disclosed in certain written 
employment references and termination notices.\31\
---------------------------------------------------------------------------

    \29\ Although the underlying facts, transactions, and documents 
upon which a SAR is based may include previously filed SARs or other 
information that would reveal the existence of a SAR, these 
materials cannot be disclosed as underlying documents.
    \30\ On December 21, 2006, FinCEN and the Federal bank 
regulatory agencies announced that the format for the SAR form for 
depository institutions had been revised to support a new joint 
filing initiative to reduce the number of duplicate SARs filed for a 
single suspicious transaction. ``Suspicious Activity Report (SAR) 
Revised to Support Joint Filings and Reduce Duplicate SARs,'' Joint 
Release issued by FinCEN, the FRB, the OCC, the OTS, the FDIC, and 
NCUA (Dec. 21, 2006). On February 17, 2006, FinCEN and the Federal 
bank regulatory agencies published a joint Federal Register notice 
seeking comment on proposed revisions to the SAR form. See 71 FR 
8640. On May 1, 2007, FinCEN announced a delay in implementation of 
the revised SAR form until further notice. See 72 FR 23891. Until 
such time as a new SAR form is available that facilitates joint 
filing, institutions authorized to jointly file should follow 
FinCEN's guidance to use the words ``joint filing'' in the narrative 
of the SAR and ensure that both institutions maintain a copy of the 
SAR and any supporting documentation (See, e.g., http://www.fincen.gov/statutes_regs/guidance/html/guidance_faqs_sar_10042006.html).
    \31\ 31 U.S.C. 5318(g)(2)(B).
---------------------------------------------------------------------------

    One commenter suggested that the OTS clarify that the illustrative 
examples are not exhaustive, and that there may be other situations not 
prescribed in the rule where an institution may disclose the underlying 
facts, transactions, and documents upon which a SAR is based. The OTS 
did not intend for these examples to be exhaustive and does not believe 
the text, as proposed, implies that the examples are exhaustive. For 
purposes of clarity, however, like FinCEN and the OCC, the OTS is 
revising the final rule's language at Sec.  563.180(d)(12) to read

    ``* * * [t]he underlying facts, transactions, and documents upon 
which a SAR is based, including but not limited to, disclosures'' 
expressly listed as illustrative examples in the rule. Accordingly, 
with respect to the SAR confidentiality provision only,\32\ savings 
associations and service corporations may disclose underlying facts, 
transactions, and documents for any purpose, provided that no person 
involved in the transaction is notified that the transaction has 
been reported and none of the underlying information reveals the 
existence of a SAR.

    \32\ However, other applicable laws or regulations governing a 
savings association's responsibilities to maintain and protect 
information continue to apply, for example, information covered by 
part 510 of the OTS's rules regarding the release of non-public OTS 
information.
---------------------------------------------------------------------------

    Another commenter suggested that the rules of construction include 
a provision expressly authorizing the disclosure of facts, 
transactions, or documents to affiliates wherever located and clarify 
that such authority may be exercised independently of the authority to 
share SAR information with affiliates. Provided that no person involved 
in any reported suspicious transaction is notified that the transaction 
has been reported and the underlying facts, transactions, and documents 
do not disclose SAR information, the OTS agrees that such disclosure by 
a savings association or service corporation to its affiliates, 
wherever located, is not prohibited by the final rule. Furthermore, the 
OTS agrees that the authorization for a savings association or service 
corporation to disclose underlying information to affiliates is 
independent of the authority to share SAR information with affiliates. 
The OTS believes that the final rule and the BSA already address that 
commenter's concerns and that further revision to the rule is 
unnecessary.
    The third proposed rule of construction clarified that the 
prohibition on the disclosure of SAR information by a savings 
association or service corporation does not include the sharing by a 
savings association or service corporation, or any director, officer, 
employee or agent of a savings association, of SAR information within 
the savings association's corporate organizational structure, for 
purposes consistent with Title II of the BSA, as determined by 
regulation or in guidance. The proposed third rule of construction 
recognizes that a savings association or service corporation may find 
it necessary to share SAR information to fulfill its reporting 
obligations under the BSA, and to facilitate more effective enterprise-
wide BSA monitoring and reporting, consistent with Title II of the BSA. 
The term ``share'' used in the third rule of construction is an 
acknowledgement that sharing within a corporate

[[Page 75591]]

organization for purposes consistent with Title II of the BSA, as 
determined by regulation or guidance issued by the OTS or FinCEN, is 
distinguishable from a prohibited disclosure.
    FinCEN and the Federal bank regulatory agencies have already issued 
joint guidance making clear that the U.S. branch or agency of a foreign 
bank may share a SAR with its head office, and that a U.S. bank or 
savings association may share a SAR with its controlling company 
(whether domestic or foreign). This guidance stated that the sharing of 
a SAR with a head office or controlling company both facilitates 
compliance with the applicable requirements of the BSA and enables the 
head office or controlling company to discharge its oversight 
responsibilities with respect to enterprise-wide risk management and 
compliance with applicable laws and regulations.\33\
---------------------------------------------------------------------------

    \33\ ``Interagency Guidance on Sharing Suspicious Activity 
Reports with Head Offices and Controlling Companies'' (January 20, 
2006).
---------------------------------------------------------------------------

    Elsewhere in this issue of the Federal Register, FinCEN is issuing 
additional final guidance that further elaborates on sharing of SAR 
information within a corporate organization that FinCEN considers to be 
``consistent with the purposes of the BSA.'' The final guidance 
generally permits the sharing of SAR information by depository 
institutions with their affiliates \34\ that are subject to a SAR rule.
---------------------------------------------------------------------------

    \34\ Under FinCEN's final guidance, an ``affiliate'' of a 
depository institution means any company under common control with, 
or controlled by, that depository institution.
---------------------------------------------------------------------------

    In addition, OTS received comments that addressed FinCEN's proposed 
guidance, much of which is addressed in FinCEN's separate notice of 
availability of guidance published elsewhere in today's Federal 
Register. In general, the commenters requested an expansion of the 
sharing authorities with respect to both the parties permitted to share 
and the parties with whom SAR information could be shared. Most 
commenters provided a clear rationale for how expanded SAR sharing 
would benefit their institutions by increasing efficiency, cutting 
costs, and enhancing the detection and reporting of suspicious 
activity. However, like FinCEN and the OCC, OTS notes that most 
commenters, however, failed to sufficiently address how they would 
effectively mitigate the risk of unauthorized disclosure of SAR 
information if the sharing authority was expanded to the extent they 
requested. The OTS and FinCEN believe the risk of unauthorized 
disclosure of SAR information outweighs the benefits of any expansion 
of the sharing authority at this time. Therefore, the third rule of 
construction is adopted as proposed without change.

Section 563.180(d)(12) Prohibition on Disclosure by the OTS

    As previously noted, section 351 of the USA PATRIOT Act, 31 U.S.C. 
5318(g)(2)(A)(ii), amended the BSA, and added a new provision 
prohibiting officers and employees of the government from disclosing a 
SAR to any person involved in the transaction that the transaction has 
been reported, except ``as necessary to fulfill the official duties of 
such officer or employee.'' Section Sec.  563.180(d)(12) of OTS's 
proposed rule addressed this new provision of the BSA and is comparable 
to FinCEN's proposal. The proposed section provided that the OTS will 
not, and no officer, employee or agent of the OTS, shall disclose SAR 
information, ``except as necessary to fulfill official duties 
consistent with Title II of the Bank Secrecy Act.''
    As stated in section 5318(g)(2)(A)(i), which prohibits a financial 
institution's disclosure of a SAR, section 5318(g)(2)(A)(ii) also 
prohibits the government from disclosing a SAR to ``any person involved 
in the transaction.'' OTS, like FinCEN and OCC, proposed to address 
sections 5318(g)(2)(A)(i) and (A)(ii) in a consistent manner, because 
disclosure by a governmental authority of SAR information to any 
outside party may make it more likely that the information will be 
disclosed to a person involved in the transaction. Accordingly, the 
proposed rule would generally bar disclosures of SAR information by OTS 
officers, employees, or agents.
    However, section 5318(g)(2)(A)(ii) also narrowly permits 
governmental disclosures as necessary to ``fulfill official duties,'' a 
phrase that is not defined in the BSA. Consistent with the rules being 
proposed by FinCEN and the OCC, OTS proposed to construe this phrase in 
the context of the BSA, in light of the purpose for which SARs are 
filed. Accordingly, the proposed rule interpreted ``official duties'' 
to mean ``official duties consistent with the purposes of Title II of 
the BSA,'' namely, for ``criminal, tax, or regulatory investigations or 
proceedings, or in the conduct of intelligence or counterintelligence 
activities, including analysis, to protect against international 
terrorism.'' \35\ When disclosure is necessary to fulfill official 
duties, OTS will make a determination, through its internal processes, 
that a SAR may be disclosed to fulfill official duties consistent with 
the BSA. This standard would permit, for example, disclosures 
responsive to a grand jury subpoena; a request from an appropriate 
Federal or State law enforcement agency; a request from an appropriate 
Congressional committee or subcommittee; and prosecutorial disclosures 
mandated by statute or the Constitution, in connection with the 
statement of a government witness to be called at trial, the 
impeachment of a government witness, or as material exculpatory of a 
criminal defendant.\36\ This proposed interpretation of section 
5318(g)(2)(A)(ii) would ensure that SAR information will not be 
disclosed for a reason that is unrelated to the purposes of the BSA. 
For example, this standard would not permit disclosure of SAR 
information to the media.
---------------------------------------------------------------------------

    \35\ 31 U.S.C. 5311 (setting forth the purposes of the BSA).
    \36\ See, e.g., Giglio v. United States, 405 U.S. 150, 153-54 
(1972); Brady v. State of Maryland, 373 U.S. 83, 86-87 (1963); 
Jencks v. United States, 353 U.S. 657, 668 (1957).
---------------------------------------------------------------------------

    The proposed rule also specifically provided that ``official 
duties'' shall not include the disclosure of SAR information in 
response to a request for use in a private legal proceeding or in 
response to a request for disclosure of non-public information under 12 
CFR 510. This statement, which corresponded to a similar provision in 
FinCEN's proposed rules, establishes that OTS will not disclose SAR 
information to a private litigant for use in a private legal 
proceeding, or pursuant to 12 CFR 510.5, because such a request cannot 
be consistent with any of the purposes enumerated in Title II of the 
BSA. The BSA exists, in part, to protect the public's interest in an 
effective reporting system that benefits the nation by helping to 
ensure that the U.S. financial system will not be used for criminal 
activity or to support terrorism. OTS like the OCC and FinCEN, believes 
that this purpose would be undermined by the disclosure of SAR 
information to a private litigant for use in a civil lawsuit for the 
reasons described earlier, including that such disclosures will chill 
full and candid reporting by savings associations and service 
corporations.
    Finally, the proposed rule applied to OTS, in addition to its 
officers, employees, and agents. Comparable to a provision being 
proposed by FinCEN and the OCC, OTS proposed to include the agency 
itself in the scope of coverage, because requests for SAR information 
are typically directed to the agency, rather than to individuals within 
the OTS with authority to

[[Page 75592]]

respond to the request. In addition, agents were included in the 
proposal because agents of OTS may have access to SAR information. 
Accordingly, the proposed interpretation would more comprehensively 
cover disclosures by OTS or agents of OTS, and protect the 
confidentiality of SAR information. OTS did not receive comments on 
this issue and is adopting this provision as final without change.

Section 563.180(d)(13) Safe Harbor/Limitation on Liability

    In 1992, the Annunzio-Wylie Act amended the BSA by providing a safe 
harbor for financial institutions and their employees from civil 
liability for the reporting of known or suspected criminal offenses or 
suspicious activity through the filing of a SAR.\37\ OTS, FinCEN and 
the OCC incorporated the safe harbor provisions of the 1992 law into 
their SAR rules.\38\ Section 351 of the USA PATRIOT Act amended section 
5318(g)(3) to clarify that the scope of the safe harbor provision 
includes the voluntary disclosure of possible violations of law and 
regulations to a government agency and to expand the scope of the limit 
on civil liability to include any liability that may exist ``under any 
contract or other legally enforceable agreement (including any 
arbitration agreement).'' \39\ OTS, like FinCEN and the OCC, 
incorporated the statutory expansion of the safe harbor by cross-
referencing section 5318(g)(3) in the proposed rule.
---------------------------------------------------------------------------

    \37\ See supra note 1.
    \38\ See 31 CFR 103.18(e), 12 CFR 563.180(d)(13) and 12 CFR 
21.11(l). The safe harbor regulations are also applicable to oral 
reports of violations. (In situations requiring immediate attention, 
a savings association must immediately notify its regulator and 
appropriate law enforcement by telephone, in addition to filing a 
SAR. See, e.g., 12 CFR 21.11(d).)
    \39\ 31 U.S.C. 5318(g)(3).
---------------------------------------------------------------------------

    In addition, consistent with the proposed rule issued by FinCEN, 
this provision makes clear that the safe harbor also applies to a 
disclosure by a savings association or service corporation made jointly 
with another financial institution for purposes of filing a joint SAR.
    OTS received no comments on the proposed safe harbor provision. 
However, one comment received by FinCEN noted that the statutory safe 
harbor provision protects any person from liability, not just the 
person involved in the transaction. Accordingly, like FinCEN and the 
OCC, OTS is amending the proposed safe harbor language by inserting the 
phrase ``shall be protected from liability to any person, for any such 
disclosure * * *.'' and is otherwise adopting proposed Sec.  
563.180(d)(l3) safe harbor provision as final.

Conforming Amendments to 12 CFR Part 510

    Today, OTS also is publishing a final rule to amend its information 
disclosure rule set forth in 12 CFR part 510. Among other things, the 
final rule clarifies that the OTS's disclosure of SAR information will 
be governed exclusively by the standards set forth in the amendments to 
OTS's SAR rule set forth in 12 CFR 563.180.\40\ The effect of these 
final part 510 amendments is that OTS: (1) Will not release SAR 
information to private litigants and (2) will only release SAR 
information to other government agencies, in response to a request 
pursuant to 12 CFR 563.180 or in the exercise of its discretion, when 
necessary to fulfill official duties consistent with the purposes of 
Title II of the BSA.
---------------------------------------------------------------------------

    \40\ See elsewhere in this issue of the Federal Register.
---------------------------------------------------------------------------

V. OTS Regulatory Analysis

Regulatory Flexibility Act

    The Regulatory Flexibility Act (RFA) generally requires an agency 
that is issuing a final rule to prepare and make available a final 
regulatory flexibility analysis that describes the impact of the final 
rule on small entities, 5 U.S.C. 604. However, the RFA provides that an 
agency is not required to prepare and make available a final regulatory 
flexibility analysis if the agency certifies that the final rule will 
not have a significant economic impact on a substantial number of small 
entities and publishes its certification and a short, explanatory 
statement in the Federal Register along with its final rule. 5 U.S.C. 
605(b). For purposes of the RFA and OTS-regulated entities, a ``small 
entity'' is a savings association or service corporation with assets of 
$175 million or less.
    OTS has determined that the costs, if any, associated with the 
final rule are de minimis. The final rule simply clarifies the scope of 
the statutory prohibition against the disclosure by financial 
institutions and by the government of SAR information and clarifies the 
scope of the safe harbor from liability for institutions that report 
suspicious activities. Therefore, pursuant to section 605(b) of the 
RFA, OTS hereby certifies that this final rule will not have a 
significant economic impact on a substantial number of small entities. 
Accordingly, a regulatory flexibility analysis is not needed.

Executive Order 12866

    OTS has determined that this final rule is not a significant 
regulatory action under Executive Order 12866. We have concluded that 
the changes made by this final rule will not have an annual effect on 
the economy of $100 million or more. OTS further concludes that this 
final rule does not meet any of the other standards for a significant 
regulatory action set forth in Executive Order 12866.

Paperwork Reduction Act

    We have reviewed the final rule in accordance with the Paperwork 
Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR 1320, Appendix A.1) (PRA) 
and have determined that it does not contain any ``collections of 
information'' as defined by the PRA.

Unfunded Mandates Reform Act of 1995

    Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 
104-4 (2 U.S.C. 1532) (Unfunded Mandates Act), requires that an agency 
prepare a budgetary impact statement before promulgating any rule 
likely to result in a Federal mandate that may result in the 
expenditure by State, local, and tribal governments, in the aggregate, 
or by the private sector of $100 million or more in any one year. If a 
budgetary impact statement is required, section 205 of the Unfunded 
Mandates Act also requires an agency to identify and consider a 
reasonable number of regulatory alternatives before promulgating a 
rule.
    OTS has determined that this final rule will not result in 
expenditures by State, local, and tribal governments, or by the private 
sector, of $100 million or more in any one year. Accordingly, this 
proposal is not subject to section 202 of the Unfunded Mandates Act.

List of Subjects in 12 CFR Part 563

    Crime, Currency, Savings associations, reporting and recordkeeping 
requirements, Security measures.

Authority and Issuance

0
For the reasons set forth in the preamble, part 563 of title 12 of the 
Code of Federal Regulations is amended as follows:

PART 563--SAVINGS ASSOCIATIONS--OPERATIONS

0
1. The authority citation for part 563 continues to read as follows:

    Authority:  12 U.S.C. 375b, 1462a, 1463, 1464, 1467a, 1468, 
1817, 1828, 3806; 31 U.S.C 5318.


[[Page 75593]]



0
2. Section 563.180 is amended by revising paragraphs (d)(2)(iii) and 
(d)(3) introductory text, adding a new sentence to the end of paragraph 
(d)(8), and revising paragraph (d)(12) to read as follows:


Sec.  563.180  Suspicious Activity Reports and other reports and 
statements.

* * * * *
    (d) * * *
    (2) * * *
    (iii) SAR means a Suspicious Activity Report.
    (3) SARs required. A savings association or service corporation 
shall file a SAR with the appropriate Federal law enforcement agencies 
and the Department of the Treasury on the form prescribed by the OTS 
and in accordance with the form's instructions, by sending a completed 
SAR to FinCEN in the following circumstances:
* * * * *
    (8) Retention of records. * * * A savings association or service 
corporation shall make all supporting documentation available to OTS, 
FinCEN, or any Federal, State, or local law enforcement agency, or any 
Federal regulatory authority that examines the savings association or 
service corporation for compliance with the Bank Secrecy Act, or any 
State regulatory authority administering a State law that requires the 
savings association or service corporation to comply with the Bank 
Secrecy Act or otherwise authorizes the State authority to ensure that 
the institution complies with the Bank Secrecy Act, upon request.
* * * * *
    (12) Confidentiality of SARs. A SAR, and any information that would 
reveal the existence of a SAR, are confidential, and shall not be 
disclosed except as authorized in this paragraph (d)(12).
    (i) Prohibition on disclosure by savings associations or service 
corporations. (A) General rule. No savings association or service 
corporation, and no director, officer, employee, or agent of a savings 
association or service corporation, shall disclose a SAR or any 
information that would reveal the existence of a SAR. Any savings 
association or service corporation, and any director, officer, 
employee, or agent of any savings association or service corporation 
that is subpoenaed or otherwise requested to disclose a SAR, or any 
information that would reveal the existence of a SAR, shall decline to 
produce the SAR or such information, citing this section and 31 U.S.C. 
5318(g)(2)(A)(i), and shall notify the following of any such request 
and the response thereto:
    (A) Deputy Chief Counsel, Litigation Division, Office of Thrift 
Supervision; and
    (B) The Financial Crimes Enforcement Network (FinCEN).
    (ii) Rules of construction. Provided that no person involved in any 
reported suspicious transaction is notified that the transaction has 
been reported, paragraph (d)(1) of this section shall not be construed 
as prohibiting:
    (A) The disclosure by a savings association or service corporation, 
or any director, officer, employee or agent of a savings association or 
service corporation of:
    (1) A SAR, or any information that would reveal the existence of a 
SAR, to FinCEN or OTS, or any Federal, State, or local law enforcement 
agency; or any Federal regulatory authority that examines the savings 
association or service corporation for compliance with the Bank Secrecy 
Act, or any State regulatory authority administering a State law that 
requires compliance with the Bank Secrecy Act or otherwise authorizes 
the State authority to ensure that the institution complies with the 
Bank Secrecy Act; or
    (2) The underlying facts, transactions, and documents upon which a 
SAR is based, including, but not limited to, disclosures:
    (i) To another financial institution, or any director, officer, 
employee or agent of a financial institution, for the preparation of a 
joint SAR; or
    (ii) In connection with certain employment references or 
termination notices, to the full extent authorized in 31 U.S.C. 
5318(g)(2)(B); or
    (B) The sharing by a savings association or service corporation, or 
any director, officer, employee, or agent of a savings association or 
service corporation, of a SAR, or any information that would reveal the 
existence of a SAR, within the corporate organizational structure of 
the savings association or service corporation, for purposes consistent 
with Title II of the Bank Secrecy Act as determined by regulation or in 
guidance.
    (iii) Prohibition on disclosure by OTS. The OTS will not, and no 
officer, employee or agent of OTS, shall disclose a SAR, or any 
information that would reveal the existence of a SAR, except as 
necessary to fulfill official duties consistent with Title II of the 
Bank Secrecy Act. For purposes of this section, ``official duties'' 
shall not include the disclosure of a SAR, or any information that 
would reveal the existence of a SAR, in response to a request for use 
in a private legal proceeding or in response to a request for 
disclosure of non-public information under 12 CFR 510.5.
    (iv) Limitation on liability. A savings association or service 
corporation and any director, officer, employee or agent of a savings 
association or service corporation that makes a voluntary disclosure of 
any possible violation of law or regulation to a government agency or 
makes a disclosure pursuant to this section or any other authority, 
including a disclosure made jointly with another institution, shall be 
protected from liability for any such disclosure, or for failure to 
provide notice of such disclosure to any person identified in the 
disclosure, or both, to the full extent provided by 31 U.S.C. 
5318(g)(3).
* * * * *

    Dated: June 1, 2010.

    By the Office of Thrift Supervision.
John E. Bowman,
Acting Director.
[FR Doc. 2010-29877 Filed 12-2-10; 8:45 am]
BILLING CODE 6720-01-P