Pilot Program on Sharing of Suspicious Activity Reports and Related Information With Foreign Branches, Subsidiaries, and Affiliates, 3719-3729 [2022-01331]
Download as PDF
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
Service Bulletin 601R–28–068, dated
December 3, 2020.
(2) This paragraph provides credit for
actions required by paragraph (i) of this AD,
if those actions were performed before the
effective date of this AD using MHI RJ
Service Bulletin 670BA–28–041, dated
December 3, 2020; or Revision A, dated
December 21, 2020.
Issued on January 19, 2022.
Lance T. Gant,
Director, Compliance & Airworthiness
Division, Aircraft Certification Service.
[FR Doc. 2022–01352 Filed 1–24–22; 8:45 am]
BILLING CODE 4910–13–P
DEPARTMENT OF THE TREASURY
(m) Other FAA AD Provisions
The following provisions also apply to this
AD:
(1) Alternative Methods of Compliance
(AMOCs): The Manager, New York ACO
Branch, FAA, has the authority to approve
AMOCs for this AD, if requested using the
procedures found in 14 CFR 39.19. In
accordance with 14 CFR 39.19, send your
request to your principal inspector or
responsible Flight Standards Office, as
appropriate. If sending information directly
to the manager of the certification office,
send it to ATTN: Program Manager,
Continuing Operational Safety, FAA, New
York ACO Branch, 1600 Stewart Avenue,
Suite 410, Westbury, NY 11590; telephone
516–228–7300; fax 516–794–5531. Before
using any approved AMOC, notify your
appropriate principal inspector, or lacking a
principal inspector, the manager of the
responsible Flight Standards Office.
(2) Contacting the Manufacturer: For any
requirement in this AD to obtain instructions
from a manufacturer, the instructions must
be accomplished using a method approved
by the Manager, New York ACO Branch,
FAA; or Transport Canada Civil Aviation
(TCCA); or MHI RJ Aviation ULC’s TCCA
Design Approval Organization (DAO). If
approved by the DAO, the approval must
include the DAO-authorized signature.
khammond on DSKJM1Z7X2PROD with PROPOSALS
(n) Related Information
(1) Refer to Mandatory Continuing
Airworthiness Information (MCAI) TCCA AD
CF–2021–16, dated April 26, 2021, for related
information. This MCAI may be found in the
AD docket on the internet at https://
www.regulations.gov by searching for and
locating Docket No. FAA–2022–0011.
(2) For more information about this AD,
contact Jiwan Karunatilake, Aerospace
Engineer, Airframe and Propulsion Section,
FAA, New York ACO Branch, 1600 Stewart
Avenue, Suite 410, Westbury, NY 11590;
telephone 516–228–7300; fax 516–794–5531;
email 9-avs-nyaco-cos@faa.gov.
(3) For service information identified in
this AD, contact MHI RJ Aviation ULC, 12655
Henri-Fabre Blvd., Mirabel, Que´bec J7N 1E1
Canada; Widebody Customer Response
Center North America toll-free telephone +1–
844–272–2720 or direct-dial telephone +1–
514–855–8500; fax +1–514–855–8501; email
thd.crj@mhirj.com; internet https://
mhirj.com. You may view this service
information at the FAA, Airworthiness
Products Section, Operational Safety Branch,
2200 South 216th St., Des Moines, WA. For
information on the availability of this
material at the FAA, call 206–231–3195.
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
Financial Crimes Enforcement Network
31 CFR Part 1010
Pilot Program on Sharing of
Suspicious Activity Reports and
Related Information With Foreign
Branches, Subsidiaries, and Affiliates
Financial Crimes Enforcement
Network (FinCEN), Treasury.
ACTION: Notice of proposed rulemaking.
AGENCY:
FinCEN is issuing this notice
of proposed rulemaking to seek public
comment on the proposed establishment
of a limited-duration pilot program,
subject to conditions set by FinCEN, to
permit a financial institution with a
suspicious activity report (SAR)
reporting obligation to share SARs and
information related to SARs with the
institution’s foreign branches,
subsidiaries, and affiliates for the
purpose of combating illicit finance risk,
in accordance with Section 6212(a) of
the Anti-Money Laundering Act of 2020
(AML Act).
DATES: Written comments on this
proposed rule must be received on or
before March 28, 2022.
ADDRESSES: Comments may be
submitted by any of the following
methods:
• Federal E-rulemaking Portal: https://
www.regulations.gov. Follow the
instructions for submitting comments.
Refer to Docket Number FINCEN–2022–
0002 and RIN 1506–AB51.
• Mail: Policy Division, Financial
Crimes Enforcement Network, P.O. Box
39, Vienna, VA 22183. Refer to Docket
Number FINCEN–2022–0002 and RIN
1506–AB51.
FOR FURTHER INFORMATION CONTACT: The
FinCEN Regulatory Support Section at
1–800–767–2825 or electronically at
https://fincen.gov/contact.
SUPPLEMENTARY INFORMATION:
SUMMARY:
I. Scope of Notice of Proposed
Rulemaking (NPRM)
FinCEN is issuing this NPRM
pursuant to 31 U.S.C. 5318(g)(8), as
added by section 6212 of the AML Act,1
1 The AML Act was enacted as Division F,
sections 6001–6511, of the William M. (Mac)
Frm 00021
Fmt 4702
which requires the Secretary of the
Treasury (the Secretary) to issue rules
establishing a pilot program that permits
a financial institution subject to a SAR
reporting requirement under 31 U.S.C.
5318(g) to share SARs and related
information, including the fact that a
SAR has been filed, with the
institution’s foreign branches,
subsidiaries, and affiliates for the
purpose of combating illicit finance
risks.2
II. Background
RIN 1506–AB51
PO 00000
3719
Sfmt 4702
A. The Bank Secrecy Act (BSA)
Enacted in 1970 and amended most
recently by the AML Act, the BSA aids
in the prevention of money laundering,
terrorism financing, and other illicit
financial activity, and the protection of
U.S. national security.3 The purposes of
the BSA include, among other things,
‘‘requir[ing] certain reports or records
that are highly useful in—(A) criminal,
tax, or regulatory investigations, risk
assessments, or proceedings; or (B)
intelligence or counterintelligence
activities, including analysis, to protect
against terrorism’’ and ‘‘establish[ing]
appropriate frameworks for information
sharing’’ among financial institutions
and government authorities, among
others.4
The Secretary is authorized to require
domestic financial institutions or
nonfinancial trades or businesses to
maintain appropriate procedures to
ensure compliance with the BSA and
the regulations promulgated thereunder
or to guard against money laundering,
the financing of terrorism, and other
forms of illicit finance.5 The Secretary
has delegated to the Director of FinCEN
the authority to implement, administer,
and enforce compliance with the BSA
and associated regulations.6
The BSA authorizes the Secretary to
require the reporting of suspicious
Thornberry National Defense Authorization Act for
Fiscal Year 2021, Public Law 116–283, 134 Stat
3388 (2021).
2 For purposes of this NPRM, ‘‘SARs and related
information’’ means a report filed pursuant to 31
U.S.C. 5318(g) and any information that would
reveal the existence of such a report. Because SARs
filed on insider abuse are filed under Federal
banking agency regulations (see, e.g., 12 CFR
21.11(c)(1)), and are not part of FinCEN’s SAR
regulations, they are not included in this definition
and are not permitted to be shared under the pilot
program FinCEN is proposing to establish by this
NPRM.
3 The BSA is codified at 12 U.S.C. 1829b, 1951–
1959 and 31 U.S.C. 5311–5314, 5316–5336.
Implementing regulations are codified at 31 CFR
Chapter X. Section 6212 of the AML Act amends
31 U.S.C. 5318 by adding Section 5318(g)(8).
4 31 U.S.C. 5311(1), (5).
5 31 U.S.C. 5318(a)(2).
6 31 U.S.C. 310(b)(2); Treasury Order 180–01,
(Jan. 14, 2020).
E:\FR\FM\25JAP1.SGM
25JAP1
3720
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
transactions.7 FinCEN’s implementing
regulations require a financial
institution to file a SAR if the financial
institution knows, suspects, or has
reason to suspect that a transaction
conducted or attempted by, at, or
through the financial institution: (i)
Involves funds derived from illegal
activity or is an attempt to disguise
funds derived from illegal activity; (ii) is
designed to evade regulations
promulgated under the BSA; or (iii)
lacks a business or apparent lawful
purpose or is not the sort in which the
particular customer would normally
engage and the financial institution
knows of no reasonable explanation for
the transaction.8 Pursuant to FinCEN’s
regulations implementing the BSA,
financial institutions obligated to file
SARs include banks, casinos and card
clubs, money services businesses,
brokers or dealers in securities, mutual
funds, insurance companies, futures
commission merchants and introducing
brokers in commodities, loan and
finance companies, and housing
government-sponsored enterprises.9
B. SAR Confidentiality Regulations
The BSA provides that a financial
institution and its directors, officers,
employees, and agents are prohibited
from notifying any person involved in a
suspicious transaction that the
transaction was reported, or from
otherwise revealing any information
that would reveal that the transaction
has been reported.10 FinCEN has issued
implementing regulations that generally
prohibit the disclosure of a SAR or
information revealing the existence of a
SAR by a financial institution and its
7 31
U.S.C. 5318(g)(1).
e.g., 31 CFR 1020.320. Financial
institutions must file with FinCEN, to the extent
and in the manner required, a report of any
suspicious transaction relevant to a possible
violation of law or regulation. See, e.g., 31 CFR
1022.320(a)(2)(iv) (requiring a money services
business to file a SAR if it knows, suspects, or has
reason to suspect that the transaction involves use
of the money services business to facilitate criminal
activity). A financial institution may also file a SAR
with respect to any suspicious transaction that it
believes is relevant to a possible violation of law or
regulation but whose reporting is not required by
FinCEN regulations. See, e.g., 31 CFR
1020.320(a)(1).
9 FinCEN has issued implementing regulations at
31 CFR 1020.320 (SAR rule for banks); 1021.320
(SAR rule for casinos and card clubs); 1022.320
(SAR Rule for money services businesses); 1023.320
(SAR rule for brokers or dealers in securities);
1024.320 (SAR rule for mutual funds); 1025.320
(SAR rule for insurance companies); 1026.320 (SAR
rule for futures commission merchants and
introducing brokers in commodities); 1029.320
(SAR rule for loan or finance companies); 1030.320
(SAR rule for housing government-sponsored
enterprises).
10 31 U.S.C. 5318(g)(2)(A), as amended by Section
6212(b) of the AML Act.
khammond on DSKJM1Z7X2PROD with PROPOSALS
8 See,
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
directors, officers, employees, and
agents.11 Provided that no person
involved in a reported transaction is
notified that the transaction has been
reported, the regulation specifies that it
is not to be construed as prohibiting
disclosure to appropriate law
enforcement agencies, regulatory
authorities that examine the financial
institution for compliance with the
BSA, or FinCEN.12 The regulation
further specifies that it is not to be
construed as prohibiting a financial
institution to share the underlying facts,
transactions, and documents upon
which a SAR is based, including sharing
such materials with another financial
institution for the preparation of a joint
SAR.13 It also specifies that a financial
institution can share a SAR within its
corporate organizational structure for
purposes consistent with Title II of the
BSA as determined by regulation or in
guidance.14
C. FinCEN’s Prior Guidance on Sharing
SARs Within Corporate Organizational
Structures
In 2006, FinCEN and the Federal
banking agencies issued guidance on the
sharing of SARs with head offices and
controlling companies (2006
Guidance).15 The 2006 Guidance states
that a U.S. branch of a foreign bank may
share a SAR with its head office, and a
U.S. bank or savings association may
share a SAR with its controlling
company, whether domestic or
foreign.16 At the same time, FinCEN
issued similar guidance permitting
securities broker-dealers, futures
commission merchants, and introducing
brokers in commodities to share SARs
with parent entities, both domestic and
foreign, and later in 2006, FinCEN
released related guidance to mutual
11 See,
e.g., 31 CFR 1020.320(e).
e.g., 31 CFR 1020.320(e)(1)(ii)(A)(1).
13 See, e.g., 31 CFR 1020.320(e)(1)(ii)(A)(2)(i).
14 See, e.g., 31 CFR 1020.320(e)(1)(ii)(B).
15 See Financial Crimes Enforcement Network,
Board of Governors of the Federal Reserve System,
Office of the Comptroller of the Currency, Federal
Depository Insurance Corporation, and the Office of
Thrift Supervision Interagency Guidance on
Sharing Suspicious Activity Reports with Head
Offices and Controlling Companies, (Jan. 20, 2006),
available at https://www.fincen.gov/resources/
statutes-regulations/guidance/interagencyguidance-sharing-suspicious-activity-reports.
16 Id. The 2006 Guidance states that depository
institutions, as part of their AML programs, must
have written confidentiality agreements or
arrangements in place specifying that the head
office or controlling company must protect the
confidentiality of the SARs through appropriate
internal controls. The Guidance states that the
confidentiality agreements or arrangements must
also address concerns about the ability of the
foreign entity to protect the SAR in light of possible
requests for disclosure abroad that may be subject
to foreign law.
12 See,
PO 00000
Frm 00022
Fmt 4702
Sfmt 4702
funds.17 FinCEN permitted such sharing
because a financial institution’s head
office or controlling entity may have a
need to discharge oversight
responsibilities with respect to
enterprise-wide risk management and
compliance with applicable laws and
regulations.18
In 2010, following an amendment to
FinCEN’s SAR regulations,19 FinCEN
issued guidance on sharing SARs with
certain U.S. affiliates of depository
institutions (2010 Guidance).20 The
2010 Guidance generally permits the
sharing of SARs and related information
by depository institutions with their
affiliates that are subject to a SAR
regulation. U.S. affiliates of depository
institutions that are subject to SAR
filing obligations include brokers or
dealers in securities, futures
commission merchants and introducing
brokers in commodities, money services
businesses, and residential mortgage
lenders or originators.21 At the same
time, FinCEN issued similar guidance
permitting securities broker-dealers,
mutual funds, futures commission
merchants, and introducing brokers in
commodities to share SARs with certain
affiliates.22 The 2010 Guidance also
17 See Financial Crimes Enforcement Network,
Guidance on Sharing Suspicious Activity Reports
by Securities Broker-Dealers, Futures Commission
Merchants, and Introducing Brokers in
Commodities, Jan. 20, 2006, available at https://
www.fincen.gov/resources/statutes-regulations/
guidance/guidance-sharing-suspicious-activityreports-securities. On October 4, 2006, FinCEN also
issued guidance permitting mutual funds to share
SARs with the investment adviser that controls the
fund, whether domestic or foreign. See Financial
Crimes Enforcement Network, FIN–2006–G013,
Frequently Asked Questions Suspicious Activity
Reporting Requirements for Mutual Funds, (Oct. 4,
2006), available at https://www.fincen.gov/
resources/statutes-regulations/guidance/frequentlyasked-questions-suspicious-activity-reporting.
18 See the 2006 Guidance; see also Financial
Crimes Enforcement Network, Guidance on Sharing
of Suspicious Activity Reports by Securities BrokerDealers, Futures Commission Merchants, and
Introducing Brokers in Commodities, (Jan. 20,
2006).
19 Financial Crimes Enforcement Network,
Confidentiality of Suspicious Activity Reports, 75
FR 75593, (Dec. 3, 2010).
20 Financial Crimes Enforcement Network, FIN–
2010–G006, Sharing Suspicious Activity Reports by
Depository Institutions with Certain U.S. Affiliates,
(Nov. 23, 2010) (the ‘‘2010 Guidance’’), available at
https://www.fincen.gov/sites/default/files/shared/
fin-2010-g006.pdf.
21 See 31 CFR 1023.320 (brokers or dealers in
securities); 1026.320 (futures commission
merchants and introducing brokers in
commodities); 1022.320 (money services
businesses); 1029.320 (loan or finance companies).
22 Financial Crimes Enforcement Network, FIN–
2010–G005, Sharing Suspicious Activity Reports by
Securities Broker-Dealers, Mutual Funds, Futures
Commission Merchants, and Introducing Brokers in
Commodities with Certain U.S. Affiliates, (Nov. 23.
2010), available at https://www.fincen.gov/
resources/statutes-regulations/guidance/sharingsuspicious-activity-reports-securities-broker.
E:\FR\FM\25JAP1.SGM
25JAP1
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
explained that ‘‘[b]ecause foreign
branches of U.S. banks are regarded as
foreign banks for purposes of the BSA,
under this guidance, they are ‘affiliates’
that are not subject to a SAR regulation’’
and therefore a U.S. bank may not share
SARs, or any information that would
reveal the existence of the SAR, with its
foreign branches. In 2017, FinCEN also
issued guidance confirming that casinos
and card clubs may share SARs with
domestic parents and affiliates, subject
to certain limitations.23
The 2006 and 2010 Guidance also
made clear that there may be
circumstances under which the
financial institution, its affiliate, or both
entities could be liable for direct or
indirect disclosure of a SAR or any
information that would reveal the
existence of a SAR. Accordingly, the
2006 and 2010 Guidance stated that a
financial institution, as part of its
internal controls, should have policies
and procedures in place to protect the
confidentiality of the SAR.24
khammond on DSKJM1Z7X2PROD with PROPOSALS
D. The AML Act
On January 1, 2021, Congress enacted
the AML Act to, among other things,
improve coordination and information
sharing among the agencies tasked with
administering AML/countering the
financing of terrorism (AML/CFT)
requirements and to modernize the
AML/CFT laws to better adapt the
government and private sector response
to new and emerging threats.25
Section 6212(a) of the AML Act
amends the BSA by adding 31 U.S.C.
5318(g)(8), which requires the Secretary
to issue rules establishing a pilot
program that permits a financial
institution with a SAR reporting
obligation to share SARs and related
information with its foreign branches,
subsidiaries, and affiliates for the
purpose of combating illicit finance
risks.26 In issuing the rules, the
Secretary must ensure that the sharing
of information is limited by the
requirements of Federal and State law
23 Financial Crimes Enforcement Network, FIN–
2017–G001, Sharing Suspicious Activity Reports
with U.S. Parents and Affiliates of Casinos, (Jan. 4,
2017), available at https://www.fincen.gov/sites/
default/files/2017-01/FinCENGuidanceJan4_
508FINAL.pdf.
24 See the 2006 Guidance, supra note 15, (stating
that a depository institution must have written
confidentiality agreements or arrangements in place
specifying that the head office or controlling
company must protect the confidentiality of the
SAR through appropriate internal controls); see also
the 2010 Guidance, supra note 20, (stating that a
depositiory institution, as part of its internal
controls, should have policies and procedures in
place to ensure its affiliates protect the
confidentiality of the SAR).
25 See AML Act Section 6002.
26 See 31 U.S.C. 5318(g)(8).
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
enforcement operations, takes into
account potential concerns of the
intelligence community, is subject to
appropriate standards and requirements
regarding data security and the
confidentiality of personally identifiable
information, and excludes sharing with
foreign branches, subsidiaries, and
affiliates in certain jurisdictions.27
Further, the pilot program permits the
Secretary to consider, implement, and
enforce provisions that would hold a
foreign affiliate of a U.S. financial
institution liable for the disclosure of
SARs and related information shared
under the pilot program.28
The pilot program must terminate
three years after the date of the AML
Act’s enactment (i.e., January 1, 2024),
unless the Secretary extends the pilot
for not more than two years upon
submitting a report to the Senate
Committee on Banking, Housing, and
Urban Affairs and the House Committee
on Financial Services that includes: (1)
A certification and a detailed
explanation of the reasons that the
extension is in the national interest of
the United States; (2) an evaluation of
the usefulness of the pilot program,
including a detailed analysis of any
illicit activity identified or prevented as
a result of the program, after appropriate
consultation by the Secretary with the
participants in the pilot program; and
(3) a detailed legislative proposal
providing for a long-term extension of
activities under the pilot program,
measures to ensure data security, and
confidentiality of personally identifiable
information, including expected
budgetary resources for those activities,
if the Secretary determines that a longterm extension is appropriate.29
Under the pilot program, a financial
institution may not share SARs or
related information with a foreign
branch, subsidiary, or affiliate located
in: (1) The People’s Republic of China;
(2) the Russian Federation; or (3) a
jurisdiction that is a state sponsor of
terrorism, that is subject to sanctions
imposed by the Federal Government, or
that the Secretary has determined
cannot reasonably protect the security
and confidentiality of such
information.30 The Secretary may make
exceptions, on a case-by-case basis, for
a financial institution located in the
People’s Republic of China or the
Russian Federation by notifying the
Senate Committee on Banking, Housing,
and Urban Affairs and the House
Committee on Financial Services that
such an exception is in the national
security interest of the United States.31
Not later than 360 days after the pilot
program rules are promulgated, and
annually thereafter for three years, the
Secretary, or the Secretary’s designee,
must brief the Senate Committee on
Banking, Housing, and Urban Affairs
and the House Committee on Financial
Services on: (1) The degree of
information sharing permitted under the
pilot program and a description of
criteria used by the Secretary to evaluate
the appropriateness of the information
sharing; (2) the effectiveness of the pilot
program in identifying or preventing the
violation of a United States law or
regulation and mechanisms that may
improve that effectiveness; and (3) any
recommendations to amend the design
of the pilot program.32
Information related to reports of
suspicious transactions received by a
financial institution from a foreign
affiliate with respect to a suspicious
transaction relevant to a possible
violation of law or regulation shall be
subject to confidentiality requirements
that are the same as those that apply to
SARs filed under 31 U.S.C. 5318(g)(1).33
No financial institution may establish or
maintain any operation located outside
of the United States the primary
purpose of which is to ensure
compliance with the BSA as a result of
the sharing granted under the pilot
program.34 Finally, an ‘‘affiliate’’ is
defined for purposes of the pilot
program as ‘‘an entity that controls, is
controlled by, or is under common
control with another entity.’’ 35 The
terms ‘‘Bank Secrecy Act,’’ ‘‘State bank
Supervisor,’’ and ‘‘State credit union
supervisor’’ have the same meanings
given in Section 6003 of the AML Act.
III. Section-by-Section Analysis
This proposed rule would add a new
section at 31 CFR 1010.240 establishing
a pilot program that permits financial
institutions with a SAR reporting
obligation under 31 U.S.C. 5318(g) and
FinCEN’s regulations to share SARs and
related information with their foreign
branches, subsidiaries, and affiliates for
the purpose of combating illicit finance
risks.
Application process: In issuing the
pilot program rules, FinCEN must take
into account certain considerations to
ensure that the sharing of information
permitted under the pilot program is
limited by the requirements of Federal
31 See
27 See
31 U.S.C. 5318(g)(8)(A)(ii).
28 See 31 U.S.C. 5318(g)(8)(B)(ii).
29 See 31 U.S.C. 5318(g)(8)(B)(iii).
30 See 31 U.S.C. 5318(g)(8)(C)(i).
PO 00000
Frm 00023
Fmt 4702
Sfmt 4702
3721
31 U.S.C. 5318(g)(8)(C)(ii).
31 U.S.C. 5318(g)(8)(D).
33 See 31 U.S.C. 5318(g)(9).
34 See 31 U.S.C. 5318(g)(10).
35 See 31 U.S.C. 5318(g)(11)(A).
32 See
E:\FR\FM\25JAP1.SGM
25JAP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
3722
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
and State law enforcement operations,
takes into account potential concerns of
the intelligence community, and is
subject to appropriate standards and
requirements regarding data security
and the confidentiality of personally
identifiable information. Participant
financial institutions must also comply
with the applicable jurisdictional
restrictions described above.
To that end, the proposed rule
requires a financial institution to submit
a written application to FinCEN that: (1)
Identifies the institution’s point of
contact for pilot program-related
correspondence; (2) specifies the foreign
branches, subsidiaries, and affiliates
with which the financial institution
intends to share SARs and related
information; (3) specifies the particular
purpose or purposes for which the
foreign branches, subsidiaries, and
affiliates intend to use SARs and related
information, including the operational
jurisdictions of such entities, as well as
whether such entities will be providing
reciprocal information to the applicant
financial institution; (4) provides an
estimated commencement date for the
pilot program, and; (5) describes
internal controls in place to prevent
unauthorized disclosures of SARs and
related information.36 Given the
sensitive nature of the information
contained in or relating to a SAR,
including personally identifiable
information of U.S. persons, and the
jurisdictional limitations set out in the
statute, FinCEN believes a formal
application and approval process is
necessary to ensure that adequate
safeguards are in place before allowing
a financial institution to share SARs and
related information with its foreign
branches, subsidiaries, and affiliates.
The proposed rule also specifies that
applicant financial institutions should,
at a minimum, implement certain
controls, including confidentiality
agreements and procedures for
personnel located in the United States
to review requests from foreign law
enforcement, foreign regulators, or an
outside foreign party for SARs and
related information, and to immediately
notify FinCEN of such requests. Given
the sensitive nature of SAR information,
participant financial institutions and
their foreign branches, subsidiaries, or
affiliates must direct the requesting
authority to both contact FinCEN about
obtaining the requested SAR or related
36 See 31 CFR 1020.320(e), 1021.320(e),
1022.320(d), 1023.320(e), 1024.320(d), 1025.320(e),
and 1026.320(e). Filing institutions, and their
current and former directors, officers, employees,
and agents, are prohibited from disclosing SARs, or
any information that would reveal the existence of
a SAR.
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
information and to seek to obtain such
records or information through a request
to the United States pursuant to a
mutual legal assistance treaty or another
appropriate mechanism for obtaining
records from the United States.
Participant financial institutions shall
also maintain records sufficient to
identify the specific foreign
jurisdictions in which branches,
subsidiaries, or affiliates of financial
institutions are located and that
received any specific SAR or related
information. Such records shall be
maintained so as to enable the
participant financial institution to
readily report this information to
FinCEN upon request. FinCEN is
including this requirement because, in
the event of an unauthorized disclosure,
it will assist in FinCEN’s efforts to
identify those individuals and entities
that were in possession of SARs and
related information that were
inappropriately disclosed.
The proposed rule requires that an
application specify those foreign
branches, subsidiaries, and affiliates
with which a financial institution
intends to share SARs and related
information pursuant to the proposed
pilot program. Upon receipt of an
application, FinCEN would determine a
financial institution’s suitability for
participation in the pilot program based
on FinCEN’s assessment of the financial
institution’s internal controls, as well as
the entities with which it intends to
share information and corresponding
jurisdictions in which the entities are
located. FinCEN will notify the financial
institution’s relevant Federal functional
regulator of the application. FinCEN
will also consult with the relevant
Federal functional regulator and other
relevant agencies on the application, as
needed. The proposed rule also states
that FinCEN will share information
received pursuant to the application
process with relevant Federal functional
regulators, or, as appropriate, other
relevant agencies.37 The proposed rule
also states that FinCEN will limit the
sharing of SARs and related information
based on the requirements of Federal
and State law enforcement operations,
and will take into account concerns of
the intelligence community.
FinCEN expects that the resourcing
and strengths of compliance programs
37 While there is no consultation requirement in
31 U.S.C. 5318(g)(8), FinCEN intends to consult
with Federal functional regulators with respect to
their assessment of the financial institution’s
suitability for participation in the pilot program.
For example, the relevant Federal functional
regulator may have particular expertise with respect
to a financial institution’s risk profile and
supervisory history with respect to BSA.
PO 00000
Frm 00024
Fmt 4702
Sfmt 4702
and internal control frameworks will
vary among applicant financial
institutions. Consequently, the proposed
rule permits FinCEN to require
implementation of additional internal
controls to ensure data security and
confidentiality of SARs and related
information, including the personally
identifiable information contained
therein, as a prerequisite to approving
an application. As the pilot program
matures, and best practices for ensuring
data security and confidentiality are
identified, FinCEN may require certain
participant financial institutions to
implement additional internal controls
as a condition for continued
participation in the pilot program. In
response to concerns of the intelligence
community, or to take into account
requirements for State and Federal law
enforcement operations, FinCEN may
also require participant financial
institutions to enhance or modify
internal controls as a condition for
continued participation in the pilot
program.
The proposed rule also provides a
mechanism by which participant
financial institutions may seek
modifications to the internal controls
specified in its FinCEN-approved
application to address operational
contingencies, resourcing challenges, or
other circumstances. Specifically, the
proposed rule would require participant
financial institutions to submit a request
to FinCEN that details the nature and
extent of the requested changes to
applicable internal controls before
implementing any such modifications.
FinCEN, in consultation with relevant
Federal functional regulators, as needed,
would approve or reject such requests
for modification, or condition its
approval on implementation of
additional controls, as appropriate.
FinCEN, in its sole discretion, may also
modify a financial institution’s
participation in the pilot program based
on the requirements of Federal and State
law enforcement operations or concerns
of the intelligence community.
The proposed rule would permit
FinCEN to terminate a financial
institution’s participation in the pilot
program at any time. Grounds for
termination could include, but are not
limited to, actual, or unreasonable risk
of, unauthorized disclosures of SARs
and related information; significant
internal control deficiencies identified
while participating in the pilot program;
failure to adhere to the specific
requirements for participation; or any
other issues that indicate that a
participant financial institution is
unable to adequately safeguard against
unauthorized disclosures of SARs and
E:\FR\FM\25JAP1.SGM
25JAP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
related information or to ensure
adequate data security and
confidentiality of personally identifiable
information.
Given the limited duration of the pilot
program, FinCEN will make every effort
to expeditiously review applications
and provide responses to potential
participant financial institutions in a
timely manner. To that end, FinCEN
will seek to provide responses within 90
days of receipt of an application to
participate in the pilot program. FinCEN
welcomes comments on whether this
time period is sufficient to encourage
participation in the pilot program
during the timeframe allotted by
Congress.
Quarterly reporting requirement: The
proposed rule would require participant
financial institutions to report certain
information to FinCEN on a quarterly
basis, including: (1) The total number of
SARs and related information shared;
(2) the name and jurisdiction of each
entity that received SARs and related
information, the relationship between
the entity and the participant financial
institution, and the intended purposes
and uses for which the SARs and related
information were shared; (3) legal and
compliance issues encountered; (4)
technical difficulties and challenges; (5)
enhancements to the financial
institution’s AML/CFT program enabled
as a result of participating in the pilot
program, to include reallocation of
resources to higher-priority AML/CFT
risks, such as those described in
FinCEN’s National AML/CFT Priorities,
issued pursuant to Section 5318(h)(4)(A)
of the BSA; and, (6) lessons learned, to
include any identified inefficiencies in
the institution’s AML/CFT program. The
proposed rule’s quarterly reporting
requirement would provide a control to
ensure that the sharing of information
permitted under the pilot program is in
compliance with the statutory
requirements with regard to Federal and
State law enforcement operations,
concerns of the intelligence community,
and ensuring appropriate standards and
requirements are in place with respect
to data security and confidentiality of
personally identifiable information.
FinCEN expects that quarterly reporting
will yield critical information and data
that should shed light on the
effectiveness of the pilot program and
inform best practices for information
sharing and confidentiality of SARs and
related information. FinCEN intends to
use this information to satisfy specific
statutory reporting requirements,
including annual implementation
updates to Congress, as well as the
report and accompanying legislative
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
proposal for any request to extend the
pilot program.38
Quarterly reporting should also
enable FinCEN, and Federal functional
regulators, as appropriate, to identify
pilot program-related internal control
deficiencies at participant financial
institutions that may need to be
addressed as a condition for continued
participation in the pilot program. For
instance, a participant financial
institution may report a legal and
compliance issue under the rule, such
as an internal audit finding of
ineffective controls on SAR
confidentiality. To ensure ongoing
compliance with the requirements of the
pilot program, and a financial
institution’s suitability to continue to
participate, FinCEN intends to share
these quarterly reports with relevant
Federal functional regulators and
consult with them as appropriate.
Prohibition involving certain
jurisdictions: The proposed rule would
prohibit participant financial
institutions from sharing SARs and
related information with foreign
branches, subsidiaries, and affiliates in
specific jurisdictions, including the
People’s Republic of China, the Russian
Federation, jurisdictions that are state
sponsors of terrorism, jurisdictions
subject to sanctions imposed by the
Federal Government, and jurisdictions
the Secretary has determined cannot
reasonably protect the security and
confidentiality of such information.
For purposes of this section, a ‘‘state
sponsor of terrorism’’ is a jurisdiction so
determined by the U.S. Department of
State. Jurisdictions ‘‘subject to sanctions
imposed by the Federal Government’’
are jurisdictions with governments
whose property and interests in
property in U.S. jurisdiction are blocked
pursuant to U.S. sanctions authorities,
as well as jurisdictions subject to broad
prohibitions on transactions by U.S.
persons involving that jurisdiction, such
as prohibitions on importing or
exporting goods, services, or technology
to the jurisdiction or dealing in goods or
services originating from the
jurisdiction, pursuant to U.S. sanctions
authorities. FinCEN welcomes
comments on this interpretation, and
encourages financial institutions to
monitor for sanctions issued by the U.S.
Government to ensure compliance with
this requirement.
Under 31 U.S.C.
5318(g)(8)(C)(i)(III)(c), as added by
Section 6212(C)(i)(III)(cc) of the AML
Act, FinCEN has determined that a
38 As the pilot program matures, FinCEN may
request additional data points from pilot program
participants to fulfil these statutory obligations.
PO 00000
Frm 00025
Fmt 4702
Sfmt 4702
3723
jurisdiction that FinCEN has identified
as a primary money laundering concern
pursuant to Sections 311 of the USA
PATRIOT Act (Pub. L. 107–56) or 9714
of the Combating Russian Money
Laundering Act (Pub. L. 116–283)
cannot reasonably protect the security
and confidentiality of SARs and related
information given the deficient AML/
CFT controls in those jurisdictions as
identified by FinCEN. The proposed
rule, therefore, also prohibits financial
institutions from sharing SARs and
related information with foreign
branches, subsidiaries, and affiliates in
jurisdictions identified by FinCEN as
such.39 FinCEN may further restrict
sharing of SARs and related
information, as authorized by statute,
based on requirements of Federal or
State law enforcement operations, the
concerns of the intelligence community,
or where FinCEN has otherwise
determined that such information
cannot reasonably be protected.
The proposed rule would authorize
the Secretary to grant narrow exceptions
on a case-by-case basis for foreign
branches, subsidiaries, and affiliates
located in the People’s Republic of
China and the Russian Federation.
Under the proposed rule, the Secretary
would be required to notify the
Committee on Banking, Housing, and
Urban Affairs of the U.S. Senate and the
Committee on Financial Services of the
U.S. House of Representatives that such
exceptions are in the national security
interest of the United States.
Treatment of foreign jurisdictionoriginated reports. As required by 31
U.S.C. 5318(g)(9), as added by the AML
Act, information related to a report
received by a financial institution from
a foreign affiliate with respect to a
suspicious transaction relevant to a
possible violation of law or regulation
shall be subject to the same
confidentiality requirements as reports
filed under 31 U.S.C. 5318(g).
Prohibition on offshoring compliance
operations: As required by 31 U.S.C.
5318(g)(10), as added by the AML Act,
the proposed rule would expressly
prohibit participant financial
institutions from establishing or
maintaining any operation located
outside of the United States the primary
purpose of which is to ensure
compliance with the BSA as a result of
the information sharing granted by this
pilot program.
Duration of the pilot program: The
proposed rule implements the statutory
requirement that the pilot program
terminate three years after enactment of
39 See https://www.fincen.gov/resources/statutesand-regulations/311-special-measures.
E:\FR\FM\25JAP1.SGM
25JAP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
3724
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
the AML Act. The rule would permit the
Secretaryto extend the pilot program for
not longer than two years upon
reporting to the Committee on Banking,
Housing, and Urban Affairs of the
Senate and the Committee on Financial
Services of the House of
Representatives, as required by the AML
Act.
Prohibition on Disclosure: Under 31
U.S.C. 5318(g)(8)(B)(ii), the pilot
program shall ‘‘permit the Secretary to
consider, implement, and enforce
provisions that would hold a foreign
affiliate of a U.S. financial institution
liable for the disclosure of SARs and
related information.’’ The proposed rule
provides that, except to the extent
authorized pursuant to the pilot
program or in existing regulations or
guidance, a participant financial
institution, its foreign branches,
subsidiaries and affiliates, and certain
other associated individuals may not
disclose a SAR or related information
shared pursuant to the pilot program.
The reference to ‘‘existing regulations
and guidance’’ in the proposed rule
accounts for exceptions to SAR
confidentiality that apply to filing
institutions located or doing business
within the United States, and their
directors, officers, employees, or
agents.40
A participant financial institution
must implement policies, procedures,
and internal controls that are reasonably
designed to ensure that its foreign
branches, subsidiaries, or affiliates do
not permit unauthorized disclosures of
SARs or related information. FinCEN, in
consultation with relevant Federal
functional regulators, as needed, will
assess the sufficiency of a financial
institution’s internal controls before
approving an application to participate
in the pilot program. SARs and related
information contain highly sensitive
information, including sensitive
information about U.S. persons, and it is
vital that they be protected. FinCEN
encourages participant financial
institutions to ensure that their foreign
branches, subsidiaries, or affiliates have
sufficient internal controls in place
prior to sharing any SARs or related
information.
Under 31 U.S.C. 5321 and 31 U.S.C.
5322, civil penalties and criminal
sanctions may be imposed on
participant financial institutions,
directors, officers, employees, or agents
for violations of the prohibition on the
disclosure of SARs and related
information. The proposed rule makes
clear that this prohibition also applies to
foreign affiliates, and that foreign
40 See,
e.g., 31 CFR 1020.320(e)(1)(ii) (banks).
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
affiliates can be held liable for civil
penalties and criminal sanctions
pursuant to 31 U.S.C. 5321 and 31
U.S.C. 5322. Civil money penalties
under 31 U.S.C. 5321(a)(1) apply to a
‘‘domestic financial institution or
nonfinancial trade or business,’’ and the
term ‘‘domestic financial institution’’ is
defined as referring to ‘‘an action in the
United States’’ of the financial
institution.41 However, 31 U.S.C.
5318(g)(8)(B)(ii) specifically authorizes
the Secretary to implement and enforce
‘‘provisions that would hold a foreign
affiliate of a U.S. financial institution
liable for the disclosure of SARs and
related information.’’ In light of that
mandate, FinCEN would construe its
authority to impose civil money
penalties under 31 U.S.C. 5321(a)(1) as
applying to foreign affiliates that
disclose SARs and related information
in violation of the proposed rule,
without regard to whether the
unauthorized disclosure occurs in the
United States.
Definitions: 31 U.S.C. 5318(g)(11)
defines an affiliate as ‘‘an entity that
controls, is controlled by, or is under
common control with another entity.’’
The broad nature of this definition
would include branches and
subsidiaries of participant financial
institutions. Therefore, the proposed
rule both adopts this definition and
includes branches and subsidiaries
within the term affiliate for the purpose
of this proposed pilot program.
IV. Request for Comment
FinCEN welcomes comment on all
aspects of this proposed rule and
encourages all interested parties to
provide their views.
With respect to the effect of
establishing a pilot program to permit
financial institutions to share SARs with
foreign branches, subsidiaries, and
affiliates, FinCEN in particular requests
comment from financial institutions and
members of the public on the following
questions:
(1) Describe the expected costs and
associated burdens of complying with
the proposed pilot program
requirements, to the extent that a
financial institution chooses to
participate.
(2) Describe the expected impact,
including costs and/or associated
burdens, of complying with the
statutory prohibition on offshoring
compliance operations within the
context of the proposed pilot program.
41 31 U.S.C. 5312(b)(1); see also 31 CFR
1010.100(o) (stating that ‘‘domestic’’ refers ‘‘to the
doing of business within the United States’’ or ‘‘the
performance . . . of functions within the United
States’’).
PO 00000
Frm 00026
Fmt 4702
Sfmt 4702
(3) Describe expected technical
challenges to implementation that could
make it harder or more expensive to
participate in the pilot program.
(4) Describe the expected benefits to
a financial institution from being
permitted to share SARs and related
information with a foreign branch,
subsidiary, or affiliate for the purpose of
combating illicit finance risks. Would
the proposed sharing of SARs and
related information enable a financial
institution to shift or allocate resources
to higher-priority AML/CFT risks?
(5) Has FinCEN struck a reasonable
balance between facilitating information
sharing of SARs and related information
permitted under the pilot program and
imposing conditions to protect the
confidentiality and prevent
unauthorized disclosures of SARs and
related information? If not, how could
FinCEN more reasonably balance these
considerations?
(6) Describe potential challenges in
protecting the confidentiality of SARs
and related information and preventing
unauthorized disclosures in connection
with participation in the pilot program.
Are there additional provisions FinCEN
could include in the pilot program that
would better enable a financial
institution to comply with the program
confidentiality requirements and ensure
accurate reporting? How does a
financial institution expect to protect
SAR confidentiality and prevent
unauthorized SAR disclosures if foreign
regulatory examinations of foreign
affiliates of U.S. financial institutions
requests access to such foreign
institutions’ files? Are there
jurisdictions in which this information
would be subject to disclosure to nongovernment parties by legal process?
(7) For the quarterly reports FinCEN
is proposing to require, are there any
other particular metrics FinCEN should
include in the current list for required
feedback?
(8) Is FinCEN’s proposed timeline of
90 days to respond to application
requests reasonable? Would such a
timeline encourage financial institutions
to participate in the pilot program?
(9) Should FinCEN consider a
broader, longer-term program that
would enable financial institutions to
share SARs and related information
with their foreign branches,
subsidiaries, and affiliates for the
purpose of combating illicit finance
risks?
V. Regulatory Analysis
A. Executive Orders 13563 and 12866
Executive Orders 13563 and 12866
direct agencies to assess costs and
E:\FR\FM\25JAP1.SGM
25JAP1
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
benefits of available regulatory
alternatives and, if regulation is
necessary, to select regulatory
approaches that maximize net benefits
(including potential economic,
environmental, and public health and
safety effects; distributive impacts; and
equity). Executive Order 13563
emphasizes the importance of
quantifying both costs and benefits, of
reducing costs, of harmonizing rules,
and of promoting flexibility. It has
determined that this proposed rule is
not a significant regulatory action for
purposes of Executive Order 12866.
Accordingly, a regulatory impact
analysis is not required.
khammond on DSKJM1Z7X2PROD with PROPOSALS
B. Regulatory Flexibility Act
The Regulatory Flexibility Act (RFA)
(5 U.S.C. 601, et seq.) requires an agency
either to provide an initial regulatory
flexibility analysis with a proposed rule
or certify that the proposed rule will not
have a significant economic impact on
a substantial number of small entities.
This proposed regulation on its face
would apply to all financial institutions
with a SAR reporting obligation under
31 U.S.C. 5318(g). However, because of
the voluntary nature of the proposed
rule, only financial institutions
choosing to participate in the pilot
program would be affected. FinCEN
believes the proposed regulatory
changes are unlikely to have a
significant economic impact on a
substantial number of small entities, as
smaller entities are less likely to have
foreign-based branches, subsidiaries,
and affiliates. FinCEN, however,
recognizes the limitations in readily
available data about potential costs and
benefits and has prepared an initial
regulatory flexibility analysis pursuant
to the RFA. FinCEN welcomes
comments on all aspects of the initial
regulatory flexibility analysis. A final
regulatory flexibility analysis will be
conducted after consideration of
comments received during the comment
period.
i. Statement on the Need for, and
Objectives of, the Proposed Regulations
The need for, and objectives of, the
proposed regulations are established in
31 U.S.C. 5318(g), as amended by
Section 6212 of the AML Act. The
purpose of the proposed regulation is to
establish a pilot program that permits a
financial institution with a reporting
obligation under 31 U.S.C. 5318(g) to
share information related to SARs,
including that such a report has been
filed, with the institution’s foreign
branches, subsidiaries, and affiliates for
the purpose of combating illicit finance
risks.
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
3725
ii. Small Entities Affected by the
Proposed Regulation
v. Significant Alternatives to the
Proposed Regulations
The proposed regulations would
apply to financial institutions with a
reporting obligation under 31 U.S.C.
5318(g). FinCEN most recently
identified these institutions in the
Paperwork Reduction Act of 1995 (PRA)
notice renewing information collection
related to SARs.42 While the full list of
financial institutions with a reporting
obligation under 31 U.S.C. 5318(g)
includes a substantial number of small
entities, FinCEN does not believe that a
substantial number of small entities
would be affected by the proposed
regulation. The proposed pilot program
would apply only to those institutions
that choose to participate, and it is
unlikely that small entities would
choose to participate in a SAR sharing
pilot program, as they are less likely to
have foreign branches, subsidiaries, and
affiliates.
FinCEN considered foregoing the
requirement for financial institutions to
submit an application and provide
quarterly updates on the progress of the
pilot program. Given the sensitive
nature of the information contained in
or relating to a SAR, including
personally identifiable information of
U.S. persons, and the jurisdictional
limitations set out in the statute,
FinCEN proposes requiring an
application and approval process to
ensure that adequate safeguards are in
place before allowing a financial
institution to share information with its
foreign branches, subsidiaries, and
affiliates. Additionally, as required by
the AML Act, FinCEN must provide
annual updates to the Committee on
Banking, Housing, and Urban Affairs of
the Senate and the Committee on
Financial Services of the House of
Representatives on the pilot program,
and submit a detailed legislative
proposal concerning the long-term
extension of the pilot, if appropriate.
FinCEN therefore proposes to require
financial institutions to provide
quarterly updates to ensure that
FinCEN, in consultation with relevant
Federal functional regulators, as needed,
can meet these statutory requirements.
iii. Compliance Requirements
The compliance costs for entities that
choose to participate in the pilot
program would include implementation
and administrative costs. These would
include costs to file an initial
application with, and provide quarterly
updates to, FinCEN, as well as costs
associated with ensuring that adequate
controls are in place to abide by the
conditions imposed by FinCEN.
iv. Duplicative, Overlapping, or
Conflicting Federal Rules
FinCEN is not aware of any
duplicative, overlapping, or conflicting
Federal rules with respect to pilot
programs that enable financial
institutions to share SARs and related
information with their foreign branches,
subsidiaries, and affiliates. As discussed
previously, existing guidance from
FinCEN and Federal functional
regulators prohibits U.S. financial
institutions from sharing SARs with
foreign branches, subsidiaries, and
affiliates, and allows only for sharing
SARs with head offices and controlling
entities of U.S. financial institutions,
consistent with the 2006 Guidance, and
U.S. affiliates within a financial
institution’s corporate organizational
structure, consistent with the 2010
Guidance.
C. Unfunded Mandates Act
Section 202 of the Unfunded
Mandates Reform Act of 1995
(‘‘Unfunded Mandates Act’’), Public
Law 104–4 (March 22, 1995), requires
that an agency prepare a budgetary
impact statement before promulgating a
rule that may result in expenditure by
the State, local, and tribal governments,
in the aggregate, or by the private sector,
of $100 million or more in any one year.
If a budgetary impact statement is
required, Section 202 of the Unfunded
Mandates Act also requires an agency to
identify and consider a reasonable
number of regulatory alternatives before
promulgating a rule. Taking into
account the factors noted above and
using conservative estimates of average
labor costs in evaluating the cost of the
burden imposed by the proposed
regulation, FinCEN has determined that
it is not required to prepare a written
statement under Section 202.
D. Paperwork Reduction Act of 1995
42 Financial
Crimes Enforcement Network,
Agency Information Collection Activities; Proposed
Renewal; Comment Request; Renewal Without
Change of the Bank Secrecy Act Reports by
Financial Institutions of Suspicious Transactions at
31 CFR 1020.320, 1021.320, 1022.320, 1023.320,
1024.320, 1025.320, 1026.320, and 1029.320, and
FinCEN Report 111—Suspicious Activity Report, 85
FR 31598 (May 26, 2020).
PO 00000
Frm 00027
Fmt 4702
Sfmt 4702
The recordkeeping and reporting
requirements contained in this proposed
rule (31 CFR 1010.240) have been
submitted by FinCEN to the Office of
Management and Budget (‘‘OMB’’) for
review in accordance with the PRA.
Written comments and
E:\FR\FM\25JAP1.SGM
25JAP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
3726
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
recommendations for the proposed
information collection can be submitted
by visiting www.reginfo.gov/public/do/
PRAMain. Find this particular
document by selecting ‘‘Currently
Under Review—Open for Public
Comments’’ or by using the search
function. Comments are welcome and
must be received by March 28, 2022. In
accordance with the requirements of the
PRA and its implementing regulations,
5 CFR part 1320, the following
information concerning the collections
of information is presented to assist
those persons wishing to comment on
the information collections. Currently,
financial institutions subject to a SAR
requirement must collect, retain, and
report certain information related to
suspicious activity that takes places by,
at, or through the financial institution.
This proposed rule would permit
financial institutions to share this
information with their foreign branches,
subsidiaries, and affiliates, subject to the
conditions and prohibitions described
above. As part of the application process
to request participation in the pilot
program, FinCEN is proposing to require
a written submission with quarterly
updates. As there is no requirement to
participate in the pilot program, FinCEN
has calculated an hourly burden only
for those financial institutions that
voluntarily decide to participate.
Description of Recordkeepers: Banks,
casinos and card clubs, money services
businesses, brokers or dealers in
securities, mutual funds, insurance
companies, futures commission
merchants and introducing brokers in
commodities, loan or finance
companies, and housing government
sponsored enterprises.
Estimated Number of Affected
Institutions: FinCEN estimates that
approximately 100 financial institutions
will decide to participate in the pilot
program, which will permit the
financial institutions to share SARs and
related information with their foreign
branches, subsidiaries, and affiliates.
Because this is a new voluntary
program, this is an estimate, and
FinCEN is requesting comment from
institutions that anticipate voluntarily
participating in the pilot program.
Estimated Average Annual Burden
Hours per Recordkeeper: Fewer than 59
hours per participant financial
institution.
FinCEN estimates that the
recordkeeping burden per recordkeeper
to submit a written application to
FinCEN requesting participation in the
pilot program, including a description
of internal controls in place to limit
unauthorized disclosures of SARs and
related information, is 20 hours per
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
year. This includes filing an application
to participate that includes notice that a
person has been designated as a pointof-contact for ongoing correspondence
with FinCEN during the pilot program,
written pre-commencement notice that a
participant financial institution has the
appropriate agreements and internal
controls in place to begin sharing SARs
and related information, and written
notice that a commencement date has
been set. FinCEN estimates an
additional one-hour-per-year burden in
the event a participant financial
institution needs to contact FinCEN in
writing to request advance approval for
any modifications to the commitments
in the written application. FinCEN is
requesting comment on how frequently
a prospective participant financial
institution anticipates that it may need
to modify the commitments listed in its
application.
FinCEN estimates that the
recordkeeping burden to draft and
maintain written confidentiality
agreements for personnel granted access
to shared information, and to draft and
maintain documented policies and
procedures to account for any requests
or demands for SARs and related
information under foreign law, is 20
hours per year. FinCEN estimates that
the recordkeeping burden to prepare
and submit quarterly reports, to include
technical difficulties encountered, legal
issues uncovered, the outcome of
requests or demands made for SARs
shared pursuant to the pilot program,
successes or lessons learned, is four
hours per report, for a total of 16 hours
per year (4 hours × 4 reports per year).
FinCEN estimates one hour for the
recordkeeping burden associated with
the notice requirement, where a
participant institution must notify
FinCEN of any requests or demands
from foreign law enforcement, foreign
regulators, or other outside foreign party
for SARs and related information shared
with foreign branches, subsidiaries, and
affiliates pursuant to the pilot program,
and notify FinCEN of the outcome of
such request and any further attempts to
obtain such SARs and related
information. FinCEN also estimates one
hour for the burden associated with
maintaining records sufficient to
identify the specific foreign
jurisdictions in which branches,
subsidiaries, or affiliates of financial
institutions are located and that
received any specific SAR or related
information.
FinCEN understands that some
participant financial institutions may
have existing SAR sharing procedures
and confidentiality agreements in place
that could be leveraged for the pilot
PO 00000
Frm 00028
Fmt 4702
Sfmt 4702
program, whereas other institutions may
need to create them. For that reason,
FinCEN estimates that the proposed rule
would add roughly 59 burden hours per
participant financial institution a year
based on the above calculations.43
Estimated Total Annual Reporting
Burden: 5,900 hours (100 financial
institutions multiplied by 59 hours).
This is a new regulatory requirement
that requires a new OMB control
number. The OMB control number
assigned to the recordkeeping and
reporting requirements described in this
notice is 1506–XXXX. 5,900 hours will
be assigned to new OMB control
number 1506–XXXX.
Specific Questions for Comment:
(1) FinCEN is requesting comment
from financial institutions that
anticipate voluntarily participating in
the pilot program on whether the
estimate of 100 financial institutions
that might participate in a pilot program
is accurate, so that FinCEN can further
refine its estimate of expected
participants.
(2) Is FinCEN’s burden estimate of 20
hours per year for a financial institution
to draft and submit an application
reasonable?
(3) Is FinCEN’s burden estimate of 20
hours per year for a financial institution
to draft and maintain written
confidentiality agreements and maintain
policies and procedures related to
disclosure requests reasonable?
(4) Is FinCEN’s burden estimate of 16
hours per year for a financial institution
to submit four quarterly reports
reasonable?
(5) Is FinCEN’s burden estimate of one
hour per year for a financial institution
to refer law enforcement, regulator, or
outside party requests to FinCEN
reasonable?
(6) Is FinCEN’s burden estimate of one
hour per year for a financial institution
to maintain records to sufficiently track
SARs such that a participant financial
institution can identify a specific SAR
shared with a specific foreign branch,
subsidiary, or affiliate?
(7) How often does an institution
receive requests or demands for SARs
and related information from law
enforcement, a regulator, or other
outside party?
General Questions for Comment: In
addition to the questions listed above,
FinCEN invites comment on: (a)
Whether the proposed collection of
43 FinCEN arrived at the estimate of 58 burden
hours by calculating 20 hours (application) + 1 hour
(material deviations from the written agreement) +
20 hours (confidentiality agreements) + 16 hours
(quarterly reports) + 1 hour (law enforcement
referrals) = 58 hours annual per financial
institution.
E:\FR\FM\25JAP1.SGM
25JAP1
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
information is necessary for the proper
performance of the functions of FinCEN,
including whether the information will
have practical utility; (b) the accuracy of
the estimated burden associated with
the proposed collection of information;
(c) how the quality, utility, and clarity
of the information to be collected may
be enhanced; and (d) how the burden of
complying with the proposed collection
of information may be minimized,
including through the application of
automated collection techniques or
other forms of information technology.
List of Subjects in 31 CFR Part 1010
Administrative practice and
procedure, Banks, Banking, Currency,
Foreign banking, Foreign currencies,
Investigations, Penalties, Reporting and
recordkeeping requirements, Terrorism.
Authority and Issuance
For the reasons set forth in the
preamble, part 1010 of chapter X of title
31 of the Code of Federal Regulations is
proposed to be amended as follows:
PART 1010—GENERAL PROVISIONS
1. The authority citation for part 1010
continues to read as follows:
■
Authority: 12 U.S.C. 1829b and 1951–
1959; 31 U.S.C. 5311–5314, 5316–5336; Title
III, sec. 314, Pub. L. 107–56, 115 Stat. 307;
sec. 2006, Pub.L 114–41. Stat. 458–459; sec.
701, Pub. L. 114–74, 129 Stat. 599; sec. 6403,
Pub. L. 116–283, 134 Stat. 3388.
2. Add § 1010.240 to subpart B to read
as follows:
■
khammond on DSKJM1Z7X2PROD with PROPOSALS
§ 1010.240 Pilot program authorizing SAR
sharing with foreign branches, subsidiaries,
and affiliates.
(a) Definitions. For purposes of this
section, the following terms have the
following meanings:
(1) Eligible financial institution. The
term ‘‘eligible financial institution’’
means a financial institution as
described in 31 U.S.C. 5312(a)(2) that is
obligated to report suspicious activity
under 31 U.S.C. 5318(g), including
without limitation:
(i) Banks, as defined at 31 CFR
1010.100(d);
(ii) Casinos and card clubs, as defined
at 31 CFR 1010.100(t)(5) and (6),
respectively;
(iii) Money services businesses, as
defined at 31 CFR 1010.100(ff);
(iv) Brokers or dealers in securities, as
defined at 31 CFR 1010.100(h);
(v) Mutual funds, as defined at 31
CFR 1010.100(gg);
(vi) Insurance companies, as defined
at 31 CFR 1025.100(g);
(vii) Futures commission merchants
and introducing brokers in
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
commodities, as defined at 31 CFR
1010.100(x) and (bb), respectively;
(viii) Loan or finance companies, as
defined at 31 CFR 1010.100(lll); and
(ix) Housing government sponsored
enterprises, as defined at 31 CFR
1010.100(mmm).
(2) Participant financial institution.
The term ‘‘participant financial
institution’’ means an eligible financial
institution that FinCEN has authorized
to engage in the pilot program described
in this section, in accordance with the
requirements set forth in this section
and any other conditions imposed by
FinCEN.
(3) Affiliate. The term ‘‘affiliate’’
means an entity that controls, is
controlled by, or is under common
control with another entity, including
any branch or subsidiary.
(4) Suspicious activity report (SAR)
and related information. The term ‘‘SAR
and related information’’ means a report
filed pursuant to 31 CFR 1020.320
(banks); 1021.320 (casinos and card
clubs); 1022.320 (money services
businesses); 1023.320 (brokers or
dealers in securities); 1024.320 (mutual
funds); 1025.320 (insurance companies);
1026.320 (futures commission
merchants and introducing brokers in
commodities); 1029.320 (loan or finance
companies); 1030.320 (housing
government-sponsored enterprises), and
any information that would reveal the
existence of such a report.
(5) Commencement date. The term
‘‘commencement date’’ means the date
on which a participant financial
institution begins sharing SARs and
related information with foreign
affiliates pursuant to the requirements
of the pilot program described in this
section, in accordance with the
requirements set forth in this section
and any other conditions imposed by
FinCEN.
(b) Participation in the SAR pilot
program. Notwithstanding any other
provision of this chapter, and subject to
the terms and conditions specified in
this section or otherwise prescribed by
FinCEN, a financial institution
approved by FinCEN to participate in
the SAR pilot program may share SARs
and related information, including the
fact that a SAR has been filed, with the
institution’s foreign affiliates for the
purpose of combating illicit finance
risks.
(c) Obligations of a participant
financial institution—(1) Application.
Eligible financial institutions must
obtain approval from FinCEN to
participate in the pilot program. To
obtain FinCEN approval, an eligible
financial institution shall submit a
written application to FinCEN. FinCEN
PO 00000
Frm 00029
Fmt 4702
Sfmt 4702
3727
will notify the financial institution’s
relevant Federal functional regulator of
the application. FinCEN will share any
materials submitted in connection with
an application under this section with
relevant Federal functional regulators,
or, as appropriate, other relevant
agencies. The written application must:
(i) Identify the institution’s point of
contact(s) for pilot program-related
correspondence with FinCEN, and, for
entities located abroad, appoint agents
for service of process in the United
States;
(ii) Specify the foreign affiliates with
which the financial institution intends
to share SARs and related information,
including the operational jurisdictions
of such entities, as well as whether such
entities will be providing reciprocal
information to the applicant institution;
(iii) Specify the particular purpose or
purposes for which the foreign affiliates
intend to use SARs and related
information;
(iv) Include an estimated
commencement date for the institution’s
pilot program; and
(v) Provide a description of all
internal controls in place to protect the
confidentiality of and prevent
unauthorized disclosures of SARs and
related information and ensure data
security and confidentiality of
personally identifiable information.
(2) Internal controls—(i)
Implementation of internal controls. A
participant financial institution must
implement and maintain policies,
procedures, and internal controls that
are reasonably designed to ensure that
its foreign affiliates do not permit
unauthorized disclosures of SARs and
related information shared pursuant to
the pilot program. These controls
should include:
(A) Written confidentiality
agreements or arrangements specifying
that all personnel in foreign affiliates
granted access to SARs and related
information pursuant to the pilot
program must safeguard the
confidentiality of SARs and related
information shared pursuant to the pilot
program, including information
indicating that a SAR has been filed;
(B) Provisions for the secure
transmission and storage of SARs and
related information between the
participant financial institution and its
foreign affiliates; and
(C) Processes and procedures for
personnel located in the United States
to review any request from foreign law
enforcement, foreign regulators, or an
outside foreign party for SARs and
related information shared pursuant to
the pilot program.
E:\FR\FM\25JAP1.SGM
25JAP1
khammond on DSKJM1Z7X2PROD with PROPOSALS
3728
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
(ii) Copies of internal controls.
FinCEN may request copies of internal
policies and procedures, including
confidentiality agreements, designed to
ensure compliance with the pilot
program. FinCEN may share these
documents with relevant Federal
functional regulators or other relevant
agencies.
(3) Approval. In determining whether
to approve an application, FinCEN will
consider, in its sole discretion, the
requirements of Federal and State law
enforcement operations; any potential
concerns of the intelligence community;
appropriate standards and requirements
regarding data security and the
confidentiality of personally identifiable
information, including the adequacy of
the financial institution’s internal
controls; and, any other appropriate
factors consistent with the purposes of
the Bank Secrecy Act.
(4) Additional requirements. As a
condition of approving an application,
FinCEN may impose additional
requirements, including requiring a
participant financial institution to adopt
additional controls related to its
participation in the pilot program.
FinCEN may impose additional
requirements on a participant financial
institution at any time after the
application is approved.
(5) Modification. A participant
financial institution shall not deviate in
any material manner from the controls
proposed in the application described in
paragraph (1) or from any additional
requirements imposed by FinCEN,
except with FinCEN’s written approval.
(6) Termination. FinCEN may
terminate a financial institution’s
participation in the pilot program at any
time if, in its sole discretion, FinCEN
determines that such termination is
consistent with the considerations set
forth in 31 U.S.C. 5318(g)(8)(A) or for
other good cause.
(7) Pre-commencement notice to
FinCEN. After obtaining approval from
FinCEN, a participant financial
institution shall provide FinCEN with
advance written confirmation of the
commencement date of the financial
institution’s sharing of SARs and related
information with its foreign affiliates.
(8) Quarterly reporting requirement. A
participant financial institution shall
submit reports regarding its
participation in the pilot program to
FinCEN every three months after the
commencement date of its pilot
program. FinCEN intends to share
quarterly reports with relevant Federal
functional regulators or other relevant
agencies. Quarterly reports shall include
information concerning:
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
(i) Total number of SARs and related
information shared;
(ii) The name and jurisdiction of each
foreign affiliate that received SARs and
related information, its relationship
with the participant financial
institution, and the intended purposes
and uses for which the SAR and related
information were shared;
(iii) Any legal and compliance issues
related to the financial institution’s
participation in the pilot program;
(iv) Any technical difficulties and
challenges encountered;
(v) Any enhancements to the financial
institution’s AML/CFT program,
including reallocation of resources to
higher-priority AML/CFT risks enabled
as a result of the financial institution’s
participation in the pilot program.
Financial institutions may consult
FinCEN’s AML/CFT National Priorities,
issued pursuant to section 5318(h)(4)(A)
of the BSA, to further describe successes
in this area; and
(vi) Lessons learned arising from the
financial institution’s participation in
the pilot program, to include any
identified deficiencies.
(9) Requirement for personnel located
in the United States. A participant
financial institution shall maintain
appropriate personnel located in the
United States to review requests or
demands of a foreign affiliate for SARs
and related information pursuant to its
participation in the pilot program.
(10) Receipt of information requests,
subpoenas, and other requests for SARs
and related information. A participant
financial institution shall immediately
notify FinCEN of all requests or
demands on the participant financial
institution or its foreign affiliates for
SARs or related information from
foreign law enforcement, foreign
regulators, or any other outside foreign
party. Participant financial institutions
and their foreign affiliates shall direct
the requesting authority to both contact
FinCEN about obtaining the requested
SARs or related information, and seek to
obtain such records or information
through a request to the United States
pursuant to a mutual legal assistance
treaty or other appropriate mechanism
for obtaining records from the United
States.
(11) Unauthorized disclosures. A
participant financial institution must
immediately notify FinCEN upon
learning of or discovering any
unauthorized disclosures of SARs or
related information shared pursuant to
the pilot program and provide all
information to FinCEN relating to such
unauthorized disclosure.
(12) SAR tracking. A participant
financial institution shall maintain
PO 00000
Frm 00030
Fmt 4702
Sfmt 4702
records sufficient to identify the specific
foreign jurisdictions in which affiliates
of financial institutions are located and
that received any specific SAR or
related information. Such records shall
be maintained so as to enable the
participant financial institution to
readily report this information to
FinCEN upon request.
(d) Prohibition involving certain
jurisdictions. (1) A participant financial
institution shall not share SARs or
related information with a foreign
affiliate located in:
(i) The People’s Republic of China;
(ii) The Russian Federation; or
(iii) A jurisdiction that:
(A) Is a state sponsor of terrorism, as
determined by the U.S. Department of
State;
(B) Is subject to financial and
economic sanctions imposed by the
Federal Government, i.e., jurisdictions
with governments whose property and
interests in property in U.S.
jurisdictions are blocked pursuant to
U.S. sanctions authorities and
jurisdictions subject to broad
prohibitions on transactions by U.S.
persons involving that jurisdiction, such
as prohibitions on importing or
exporting goods, services, or technology
to the jurisdiction or dealing in goods or
services originating from the
jurisdiction, pursuant to U.S. sanctions
authorities;
(C) Has been identified as a primary
money laundering concern pursuant to
Section 311 of the USA PATRIOT Act
(Pub. L. 107–56) or section 9714 of the
Combating Russian Money Laundering
Act (Pub. L. 116–283); or
(D) The Secretary has determined
cannot reasonably protect the security
and confidentiality of suspicious
activity reports and related information.
(2) The Secretary may make an
exception on a case-by-case basis for a
financial institution located in
jurisdictions listed in paragraphs
(c)(1)(i) and (ii) of this section if the
Secretary determines that such an
exception is in the national security
interest of the United States and
provides appropriate notification to
Congress. A financial institution seeking
an exception to share SARs or related
information with a foreign affiliate
located in jurisdictions listed in
paragraphs (c)(1)(i) and (ii) of this
section must submit a written request to
the Director of FinCEN setting forth its
reasons for the exception.
(e) Treatment of foreign jurisdictionoriginated reports. Information related
to a report received by a financial
institution from a foreign affiliate with
respect to a suspicious transaction
relevant to a possible violation of law or
E:\FR\FM\25JAP1.SGM
25JAP1
Federal Register / Vol. 87, No. 16 / Tuesday, January 25, 2022 / Proposed Rules
regulation shall be subject to the same
confidentiality requirements as reports
filed under 31 U.S.C. 5318(g).
(f) Prohibition on offshoring
compliance operations. Participant
financial institutions are prohibited
from establishing or maintaining any
operation located outside of the United
States the primary purpose of which is
to ensure compliance with the Bank
Secrecy Act as a result of the
information sharing granted by this pilot
program.
(g) Duration of the pilot program. This
pilot program shall terminate on January
1, 2024. The Secretary may extend the
pilot program for not more than two
years upon appropriate notification to
Congress pursuant to 31 U.S.C.
5318(g)(8)(B)(iii).
(h) Prohibition on disclosure. Except
to the extent authorized pursuant to the
pilot program or in existing regulations
or guidance, no participant financial
institution, director, officer, employee,
or agent of or for a participant financial
institution, and no foreign affiliate of a
participant financial institution shall
disclose to any person any SAR or
related information shared pursuant to
the pilot program.
(i) SAR disclosures by a foreign
affiliate. Civil money penalties and
criminal sanctions may be imposed on
any foreign affiliate under 31 U.S.C.
5321 and 31 U.S.C. 5322 for any
violation of the preceding paragraph (h)
of this section, without regard to
whether the unauthorized disclosure
occurs in the United States. Civil money
penalties shall be assessed and collected
in the manner provided in 31 U.S.C.
5321(b) and (d).
By the Department of the Treasury.
Himamauli Das,
Acting Director, Financial Crimes
Enforcement Network.
[FR Doc. 2022–01331 Filed 1–24–22; 8:45 am]
BILLING CODE 4810–02–P
DEPARTMENT OF THE INTERIOR
National Park Service
36 CFR Part 52
khammond on DSKJM1Z7X2PROD with PROPOSALS
[NPS–WASO–32954; PPWOBSADC0;
PPMVSCS1Y.Y00000]
RIN 1024–AE47
Visitor Experience Improvements
Authority Contracts
National Park Service, Interior.
Proposed rule.
AGENCY:
ACTION:
This proposed rule would
implement the Visitor Experience
SUMMARY:
VerDate Sep<11>2014
16:04 Jan 24, 2022
Jkt 256001
Improvements Authority given to the
National Park Service by Congress in
Title VII of the National Park Service
Centennial Act. This authority allows
the National Park Service to award and
administer commercial services
contracts and related professional
services contracts for the operation and
expansion of commercial visitor
facilities and visitor services programs
in units of the National Park System.
DATES: Comments must be received by
March 28, 2022.
Information Collection Requirements:
If you wish to comment on the
information collection requirements in
this proposed rule, please note that the
Office of Management and Budget
(OMB) is required to make a decision
concerning the collection of information
contained in this proposed rule between
30 and 60 days after publication of this
proposed rule in the Federal Register.
Therefore, comments should be
submitted to OMB by March 28, 2022.
ADDRESSES: You may submit your
comments, identified by Regulation
Identifier Number (RIN) 1024–AE47, by
any of the following methods:
• Federal eRulemaking Portal:
https://www.regulations.gov. Follow the
instructions for submitting comments.
• Mail to: Commercial Services
Program, National Park Service, 1849 C
Street NW, Mail Stop 2410, Attn: VEIA
Rule Comments, Washington, DC 20240.
Instructions: All submissions received
must include the words ‘‘National Park
Service’’ or ‘‘NPS’’ and the RIN (1024–
AE47) for this rulemaking. Comments
received may be posted without change
to https://www.regulations.gov,
including any personal information
provided. The NPS will not accept bulk
comments in any format (hard copy or
electronic) submitted on behalf of
others.
Docket: For access to the docket to
read background documents or
comments received, go to https://
www.regulations.gov.
Information Collection Requirements:
Written comments and suggestions on
the information collection requirements
should be submitted by the date
specified above in DATES to
www.reginfo.gov/public/do/PRAMain.
Find this particular information
collection by selecting ‘‘Currently under
Review—Open for Public Comments’’ or
by using the search function. Please
provide a copy of your comments to the
NPS Information Collection Clearance
Officer (ADIR–ICCO), 12201 Sunrise
Valley Drive, Reston, VA 20191 (mail);
or phadrea_ponds@nps.gov (email).
Please include ‘‘1024–AE47’’ in the
subject line of your comments.
PO 00000
Frm 00031
Fmt 4702
Sfmt 4702
3729
Kurt
Rausch, Acting Chief of Commercial
Services Program, National Park
Service; (202) 513–7202; kurt_rausch@
nps.gov. Questions regarding the NPS’s
information collection request may be
submitted to the NPS Information
Collection Clearance Officer (ADIR–
ICCO), 12201 Sunrise Valley Drive,
Reston, VA 20191 (mail); or phadrea_
ponds@nps.gov (email). Please include
‘‘1024–AE47’’ in the subject line of your
email request.
SUPPLEMENTARY INFORMATION:
FOR FURTHER INFORMATION CONTACT:
Background
NPS Authorities To Contract for
Commercial Visitor Services
The National Park Service (NPS)
enters into concession contracts with
other entities to provide commercial
visitor services in over 100 units of the
National Park System. Examples of such
services include lodging, food, retail,
marinas, transportation, and recreation.
NPS concession contracts generate
approximately $1.6 billion per year in
gross receipts, while returning
approximately $133 million in franchise
fees to the NPS. What was commonly
known as the National Park Service
Concession Policies Act of 1965 (1965
Act), Public Law 89–249, provided the
first comprehensive statutory authority
for the NPS to issue concession
contracts. Since the repeal of the 1965
Act, concession contracts have been
awarded under the Concessions
Management Improvement Act of 1998
(1998 Act), 54 U.S.C. 101901–101926.
NPS regulations in 36 CFR part 51
govern the solicitation and award of
concession contracts issued under the
1998 Act and the administration of
concession contracts issued under the
1965 and 1998 Acts.
The National Park Service Centennial
Act (Centennial Act), 54 U.S.C. 101931–
101938, established the Visitor
Experience Improvements Authority
(VEIA) allowing the NPS to solicit,
award, and administer commercial
services contracts for the improvement,
modernization, and expansion of
commercial visitor facilities and visitor
services programs in units of the
National Park System. The VEIA
supplements but does not replace the
existing authority granted to the NPS in
the 1998 Act to enter into concession
contracts or any other existing NPS
authorities to provide commercial
visitor services in units of the National
Park System. The VEIA is also separate
from authorities granted under the
Office of Federal Procurement Policy
Act and Federal Acquisition
Regulations.
E:\FR\FM\25JAP1.SGM
25JAP1
Agencies
[Federal Register Volume 87, Number 16 (Tuesday, January 25, 2022)]
[Proposed Rules]
[Pages 3719-3729]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-01331]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Financial Crimes Enforcement Network
31 CFR Part 1010
RIN 1506-AB51
Pilot Program on Sharing of Suspicious Activity Reports and
Related Information With Foreign Branches, Subsidiaries, and Affiliates
AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury.
ACTION: Notice of proposed rulemaking.
-----------------------------------------------------------------------
SUMMARY: FinCEN is issuing this notice of proposed rulemaking to seek
public comment on the proposed establishment of a limited-duration
pilot program, subject to conditions set by FinCEN, to permit a
financial institution with a suspicious activity report (SAR) reporting
obligation to share SARs and information related to SARs with the
institution's foreign branches, subsidiaries, and affiliates for the
purpose of combating illicit finance risk, in accordance with Section
6212(a) of the Anti-Money Laundering Act of 2020 (AML Act).
DATES: Written comments on this proposed rule must be received on or
before March 28, 2022.
ADDRESSES: Comments may be submitted by any of the following methods:
Federal E-rulemaking Portal: https://www.regulations.gov.
Follow the instructions for submitting comments. Refer to Docket Number
FINCEN-2022-0002 and RIN 1506-AB51.
Mail: Policy Division, Financial Crimes Enforcement
Network, P.O. Box 39, Vienna, VA 22183. Refer to Docket Number FINCEN-
2022-0002 and RIN 1506-AB51.
FOR FURTHER INFORMATION CONTACT: The FinCEN Regulatory Support Section
at 1-800-767-2825 or electronically at https://fincen.gov/contact.
SUPPLEMENTARY INFORMATION:
I. Scope of Notice of Proposed Rulemaking (NPRM)
FinCEN is issuing this NPRM pursuant to 31 U.S.C. 5318(g)(8), as
added by section 6212 of the AML Act,\1\ which requires the Secretary
of the Treasury (the Secretary) to issue rules establishing a pilot
program that permits a financial institution subject to a SAR reporting
requirement under 31 U.S.C. 5318(g) to share SARs and related
information, including the fact that a SAR has been filed, with the
institution's foreign branches, subsidiaries, and affiliates for the
purpose of combating illicit finance risks.\2\
---------------------------------------------------------------------------
\1\ The AML Act was enacted as Division F, sections 6001-6511,
of the William M. (Mac) Thornberry National Defense Authorization
Act for Fiscal Year 2021, Public Law 116-283, 134 Stat 3388 (2021).
\2\ For purposes of this NPRM, ``SARs and related information''
means a report filed pursuant to 31 U.S.C. 5318(g) and any
information that would reveal the existence of such a report.
Because SARs filed on insider abuse are filed under Federal banking
agency regulations (see, e.g., 12 CFR 21.11(c)(1)), and are not part
of FinCEN's SAR regulations, they are not included in this
definition and are not permitted to be shared under the pilot
program FinCEN is proposing to establish by this NPRM.
---------------------------------------------------------------------------
II. Background
A. The Bank Secrecy Act (BSA)
Enacted in 1970 and amended most recently by the AML Act, the BSA
aids in the prevention of money laundering, terrorism financing, and
other illicit financial activity, and the protection of U.S. national
security.\3\ The purposes of the BSA include, among other things,
``requir[ing] certain reports or records that are highly useful in--(A)
criminal, tax, or regulatory investigations, risk assessments, or
proceedings; or (B) intelligence or counterintelligence activities,
including analysis, to protect against terrorism'' and ``establish[ing]
appropriate frameworks for information sharing'' among financial
institutions and government authorities, among others.\4\
---------------------------------------------------------------------------
\3\ The BSA is codified at 12 U.S.C. 1829b, 1951-1959 and 31
U.S.C. 5311-5314, 5316-5336. Implementing regulations are codified
at 31 CFR Chapter X. Section 6212 of the AML Act amends 31 U.S.C.
5318 by adding Section 5318(g)(8).
\4\ 31 U.S.C. 5311(1), (5).
---------------------------------------------------------------------------
The Secretary is authorized to require domestic financial
institutions or nonfinancial trades or businesses to maintain
appropriate procedures to ensure compliance with the BSA and the
regulations promulgated thereunder or to guard against money
laundering, the financing of terrorism, and other forms of illicit
finance.\5\ The Secretary has delegated to the Director of FinCEN the
authority to implement, administer, and enforce compliance with the BSA
and associated regulations.\6\
---------------------------------------------------------------------------
\5\ 31 U.S.C. 5318(a)(2).
\6\ 31 U.S.C. 310(b)(2); Treasury Order 180-01, (Jan. 14, 2020).
---------------------------------------------------------------------------
The BSA authorizes the Secretary to require the reporting of
suspicious
[[Page 3720]]
transactions.\7\ FinCEN's implementing regulations require a financial
institution to file a SAR if the financial institution knows, suspects,
or has reason to suspect that a transaction conducted or attempted by,
at, or through the financial institution: (i) Involves funds derived
from illegal activity or is an attempt to disguise funds derived from
illegal activity; (ii) is designed to evade regulations promulgated
under the BSA; or (iii) lacks a business or apparent lawful purpose or
is not the sort in which the particular customer would normally engage
and the financial institution knows of no reasonable explanation for
the transaction.\8\ Pursuant to FinCEN's regulations implementing the
BSA, financial institutions obligated to file SARs include banks,
casinos and card clubs, money services businesses, brokers or dealers
in securities, mutual funds, insurance companies, futures commission
merchants and introducing brokers in commodities, loan and finance
companies, and housing government-sponsored enterprises.\9\
---------------------------------------------------------------------------
\7\ 31 U.S.C. 5318(g)(1).
\8\ See, e.g., 31 CFR 1020.320. Financial institutions must file
with FinCEN, to the extent and in the manner required, a report of
any suspicious transaction relevant to a possible violation of law
or regulation. See, e.g., 31 CFR 1022.320(a)(2)(iv) (requiring a
money services business to file a SAR if it knows, suspects, or has
reason to suspect that the transaction involves use of the money
services business to facilitate criminal activity). A financial
institution may also file a SAR with respect to any suspicious
transaction that it believes is relevant to a possible violation of
law or regulation but whose reporting is not required by FinCEN
regulations. See, e.g., 31 CFR 1020.320(a)(1).
\9\ FinCEN has issued implementing regulations at 31 CFR
1020.320 (SAR rule for banks); 1021.320 (SAR rule for casinos and
card clubs); 1022.320 (SAR Rule for money services businesses);
1023.320 (SAR rule for brokers or dealers in securities); 1024.320
(SAR rule for mutual funds); 1025.320 (SAR rule for insurance
companies); 1026.320 (SAR rule for futures commission merchants and
introducing brokers in commodities); 1029.320 (SAR rule for loan or
finance companies); 1030.320 (SAR rule for housing government-
sponsored enterprises).
---------------------------------------------------------------------------
B. SAR Confidentiality Regulations
The BSA provides that a financial institution and its directors,
officers, employees, and agents are prohibited from notifying any
person involved in a suspicious transaction that the transaction was
reported, or from otherwise revealing any information that would reveal
that the transaction has been reported.\10\ FinCEN has issued
implementing regulations that generally prohibit the disclosure of a
SAR or information revealing the existence of a SAR by a financial
institution and its directors, officers, employees, and agents.\11\
Provided that no person involved in a reported transaction is notified
that the transaction has been reported, the regulation specifies that
it is not to be construed as prohibiting disclosure to appropriate law
enforcement agencies, regulatory authorities that examine the financial
institution for compliance with the BSA, or FinCEN.\12\ The regulation
further specifies that it is not to be construed as prohibiting a
financial institution to share the underlying facts, transactions, and
documents upon which a SAR is based, including sharing such materials
with another financial institution for the preparation of a joint
SAR.\13\ It also specifies that a financial institution can share a SAR
within its corporate organizational structure for purposes consistent
with Title II of the BSA as determined by regulation or in
guidance.\14\
---------------------------------------------------------------------------
\10\ 31 U.S.C. 5318(g)(2)(A), as amended by Section 6212(b) of
the AML Act.
\11\ See, e.g., 31 CFR 1020.320(e).
\12\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(A)(1).
\13\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(A)(2)(i).
\14\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(B).
---------------------------------------------------------------------------
C. FinCEN's Prior Guidance on Sharing SARs Within Corporate
Organizational Structures
In 2006, FinCEN and the Federal banking agencies issued guidance on
the sharing of SARs with head offices and controlling companies (2006
Guidance).\15\ The 2006 Guidance states that a U.S. branch of a foreign
bank may share a SAR with its head office, and a U.S. bank or savings
association may share a SAR with its controlling company, whether
domestic or foreign.\16\ At the same time, FinCEN issued similar
guidance permitting securities broker-dealers, futures commission
merchants, and introducing brokers in commodities to share SARs with
parent entities, both domestic and foreign, and later in 2006, FinCEN
released related guidance to mutual funds.\17\ FinCEN permitted such
sharing because a financial institution's head office or controlling
entity may have a need to discharge oversight responsibilities with
respect to enterprise-wide risk management and compliance with
applicable laws and regulations.\18\
---------------------------------------------------------------------------
\15\ See Financial Crimes Enforcement Network, Board of
Governors of the Federal Reserve System, Office of the Comptroller
of the Currency, Federal Depository Insurance Corporation, and the
Office of Thrift Supervision Interagency Guidance on Sharing
Suspicious Activity Reports with Head Offices and Controlling
Companies, (Jan. 20, 2006), available at https://www.fincen.gov/resources/statutes-regulations/guidance/interagency-guidance-sharing-suspicious-activity-reports.
\16\ Id. The 2006 Guidance states that depository institutions,
as part of their AML programs, must have written confidentiality
agreements or arrangements in place specifying that the head office
or controlling company must protect the confidentiality of the SARs
through appropriate internal controls. The Guidance states that the
confidentiality agreements or arrangements must also address
concerns about the ability of the foreign entity to protect the SAR
in light of possible requests for disclosure abroad that may be
subject to foreign law.
\17\ See Financial Crimes Enforcement Network, Guidance on
Sharing Suspicious Activity Reports by Securities Broker-Dealers,
Futures Commission Merchants, and Introducing Brokers in
Commodities, Jan. 20, 2006, available at https://www.fincen.gov/resources/statutes-regulations/guidance/guidance-sharing-suspicious-activity-reports-securities. On October 4, 2006, FinCEN also issued
guidance permitting mutual funds to share SARs with the investment
adviser that controls the fund, whether domestic or foreign. See
Financial Crimes Enforcement Network, FIN-2006-G013, Frequently
Asked Questions Suspicious Activity Reporting Requirements for
Mutual Funds, (Oct. 4, 2006), available at https://www.fincen.gov/resources/statutes-regulations/guidance/frequently-asked-questions-suspicious-activity-reporting.
\18\ See the 2006 Guidance; see also Financial Crimes
Enforcement Network, Guidance on Sharing of Suspicious Activity
Reports by Securities Broker-Dealers, Futures Commission Merchants,
and Introducing Brokers in Commodities, (Jan. 20, 2006).
---------------------------------------------------------------------------
In 2010, following an amendment to FinCEN's SAR regulations,\19\
FinCEN issued guidance on sharing SARs with certain U.S. affiliates of
depository institutions (2010 Guidance).\20\ The 2010 Guidance
generally permits the sharing of SARs and related information by
depository institutions with their affiliates that are subject to a SAR
regulation. U.S. affiliates of depository institutions that are subject
to SAR filing obligations include brokers or dealers in securities,
futures commission merchants and introducing brokers in commodities,
money services businesses, and residential mortgage lenders or
originators.\21\ At the same time, FinCEN issued similar guidance
permitting securities broker-dealers, mutual funds, futures commission
merchants, and introducing brokers in commodities to share SARs with
certain affiliates.\22\ The 2010 Guidance also
[[Page 3721]]
explained that ``[b]ecause foreign branches of U.S. banks are regarded
as foreign banks for purposes of the BSA, under this guidance, they are
`affiliates' that are not subject to a SAR regulation'' and therefore a
U.S. bank may not share SARs, or any information that would reveal the
existence of the SAR, with its foreign branches. In 2017, FinCEN also
issued guidance confirming that casinos and card clubs may share SARs
with domestic parents and affiliates, subject to certain
limitations.\23\
---------------------------------------------------------------------------
\19\ Financial Crimes Enforcement Network, Confidentiality of
Suspicious Activity Reports, 75 FR 75593, (Dec. 3, 2010).
\20\ Financial Crimes Enforcement Network, FIN-2010-G006,
Sharing Suspicious Activity Reports by Depository Institutions with
Certain U.S. Affiliates, (Nov. 23, 2010) (the ``2010 Guidance''),
available at https://www.fincen.gov/sites/default/files/shared/fin-2010-g006.pdf.
\21\ See 31 CFR 1023.320 (brokers or dealers in securities);
1026.320 (futures commission merchants and introducing brokers in
commodities); 1022.320 (money services businesses); 1029.320 (loan
or finance companies).
\22\ Financial Crimes Enforcement Network, FIN-2010-G005,
Sharing Suspicious Activity Reports by Securities Broker-Dealers,
Mutual Funds, Futures Commission Merchants, and Introducing Brokers
in Commodities with Certain U.S. Affiliates, (Nov. 23. 2010),
available at https://www.fincen.gov/resources/statutes-regulations/guidance/sharing-suspicious-activity-reports-securities-broker.
\23\ Financial Crimes Enforcement Network, FIN-2017-G001,
Sharing Suspicious Activity Reports with U.S. Parents and Affiliates
of Casinos, (Jan. 4, 2017), available at https://www.fincen.gov/sites/default/files/2017-01/FinCENGuidanceJan4_508FINAL.pdf.
---------------------------------------------------------------------------
The 2006 and 2010 Guidance also made clear that there may be
circumstances under which the financial institution, its affiliate, or
both entities could be liable for direct or indirect disclosure of a
SAR or any information that would reveal the existence of a SAR.
Accordingly, the 2006 and 2010 Guidance stated that a financial
institution, as part of its internal controls, should have policies and
procedures in place to protect the confidentiality of the SAR.\24\
---------------------------------------------------------------------------
\24\ See the 2006 Guidance, supra note 15, (stating that a
depository institution must have written confidentiality agreements
or arrangements in place specifying that the head office or
controlling company must protect the confidentiality of the SAR
through appropriate internal controls); see also the 2010 Guidance,
supra note 20, (stating that a depositiory institution, as part of
its internal controls, should have policies and procedures in place
to ensure its affiliates protect the confidentiality of the SAR).
---------------------------------------------------------------------------
D. The AML Act
On January 1, 2021, Congress enacted the AML Act to, among other
things, improve coordination and information sharing among the agencies
tasked with administering AML/countering the financing of terrorism
(AML/CFT) requirements and to modernize the AML/CFT laws to better
adapt the government and private sector response to new and emerging
threats.\25\
---------------------------------------------------------------------------
\25\ See AML Act Section 6002.
---------------------------------------------------------------------------
Section 6212(a) of the AML Act amends the BSA by adding 31 U.S.C.
5318(g)(8), which requires the Secretary to issue rules establishing a
pilot program that permits a financial institution with a SAR reporting
obligation to share SARs and related information with its foreign
branches, subsidiaries, and affiliates for the purpose of combating
illicit finance risks.\26\ In issuing the rules, the Secretary must
ensure that the sharing of information is limited by the requirements
of Federal and State law enforcement operations, takes into account
potential concerns of the intelligence community, is subject to
appropriate standards and requirements regarding data security and the
confidentiality of personally identifiable information, and excludes
sharing with foreign branches, subsidiaries, and affiliates in certain
jurisdictions.\27\ Further, the pilot program permits the Secretary to
consider, implement, and enforce provisions that would hold a foreign
affiliate of a U.S. financial institution liable for the disclosure of
SARs and related information shared under the pilot program.\28\
---------------------------------------------------------------------------
\26\ See 31 U.S.C. 5318(g)(8).
\27\ See 31 U.S.C. 5318(g)(8)(A)(ii).
\28\ See 31 U.S.C. 5318(g)(8)(B)(ii).
---------------------------------------------------------------------------
The pilot program must terminate three years after the date of the
AML Act's enactment (i.e., January 1, 2024), unless the Secretary
extends the pilot for not more than two years upon submitting a report
to the Senate Committee on Banking, Housing, and Urban Affairs and the
House Committee on Financial Services that includes: (1) A
certification and a detailed explanation of the reasons that the
extension is in the national interest of the United States; (2) an
evaluation of the usefulness of the pilot program, including a detailed
analysis of any illicit activity identified or prevented as a result of
the program, after appropriate consultation by the Secretary with the
participants in the pilot program; and (3) a detailed legislative
proposal providing for a long-term extension of activities under the
pilot program, measures to ensure data security, and confidentiality of
personally identifiable information, including expected budgetary
resources for those activities, if the Secretary determines that a
long-term extension is appropriate.\29\
---------------------------------------------------------------------------
\29\ See 31 U.S.C. 5318(g)(8)(B)(iii).
---------------------------------------------------------------------------
Under the pilot program, a financial institution may not share SARs
or related information with a foreign branch, subsidiary, or affiliate
located in: (1) The People's Republic of China; (2) the Russian
Federation; or (3) a jurisdiction that is a state sponsor of terrorism,
that is subject to sanctions imposed by the Federal Government, or that
the Secretary has determined cannot reasonably protect the security and
confidentiality of such information.\30\ The Secretary may make
exceptions, on a case-by-case basis, for a financial institution
located in the People's Republic of China or the Russian Federation by
notifying the Senate Committee on Banking, Housing, and Urban Affairs
and the House Committee on Financial Services that such an exception is
in the national security interest of the United States.\31\
---------------------------------------------------------------------------
\30\ See 31 U.S.C. 5318(g)(8)(C)(i).
\31\ See 31 U.S.C. 5318(g)(8)(C)(ii).
---------------------------------------------------------------------------
Not later than 360 days after the pilot program rules are
promulgated, and annually thereafter for three years, the Secretary, or
the Secretary's designee, must brief the Senate Committee on Banking,
Housing, and Urban Affairs and the House Committee on Financial
Services on: (1) The degree of information sharing permitted under the
pilot program and a description of criteria used by the Secretary to
evaluate the appropriateness of the information sharing; (2) the
effectiveness of the pilot program in identifying or preventing the
violation of a United States law or regulation and mechanisms that may
improve that effectiveness; and (3) any recommendations to amend the
design of the pilot program.\32\
---------------------------------------------------------------------------
\32\ See 31 U.S.C. 5318(g)(8)(D).
---------------------------------------------------------------------------
Information related to reports of suspicious transactions received
by a financial institution from a foreign affiliate with respect to a
suspicious transaction relevant to a possible violation of law or
regulation shall be subject to confidentiality requirements that are
the same as those that apply to SARs filed under 31 U.S.C.
5318(g)(1).\33\ No financial institution may establish or maintain any
operation located outside of the United States the primary purpose of
which is to ensure compliance with the BSA as a result of the sharing
granted under the pilot program.\34\ Finally, an ``affiliate'' is
defined for purposes of the pilot program as ``an entity that controls,
is controlled by, or is under common control with another entity.''
\35\ The terms ``Bank Secrecy Act,'' ``State bank Supervisor,'' and
``State credit union supervisor'' have the same meanings given in
Section 6003 of the AML Act.
---------------------------------------------------------------------------
\33\ See 31 U.S.C. 5318(g)(9).
\34\ See 31 U.S.C. 5318(g)(10).
\35\ See 31 U.S.C. 5318(g)(11)(A).
---------------------------------------------------------------------------
III. Section-by-Section Analysis
This proposed rule would add a new section at 31 CFR 1010.240
establishing a pilot program that permits financial institutions with a
SAR reporting obligation under 31 U.S.C. 5318(g) and FinCEN's
regulations to share SARs and related information with their foreign
branches, subsidiaries, and affiliates for the purpose of combating
illicit finance risks.
Application process: In issuing the pilot program rules, FinCEN
must take into account certain considerations to ensure that the
sharing of information permitted under the pilot program is limited by
the requirements of Federal
[[Page 3722]]
and State law enforcement operations, takes into account potential
concerns of the intelligence community, and is subject to appropriate
standards and requirements regarding data security and the
confidentiality of personally identifiable information. Participant
financial institutions must also comply with the applicable
jurisdictional restrictions described above.
To that end, the proposed rule requires a financial institution to
submit a written application to FinCEN that: (1) Identifies the
institution's point of contact for pilot program-related
correspondence; (2) specifies the foreign branches, subsidiaries, and
affiliates with which the financial institution intends to share SARs
and related information; (3) specifies the particular purpose or
purposes for which the foreign branches, subsidiaries, and affiliates
intend to use SARs and related information, including the operational
jurisdictions of such entities, as well as whether such entities will
be providing reciprocal information to the applicant financial
institution; (4) provides an estimated commencement date for the pilot
program, and; (5) describes internal controls in place to prevent
unauthorized disclosures of SARs and related information.\36\ Given the
sensitive nature of the information contained in or relating to a SAR,
including personally identifiable information of U.S. persons, and the
jurisdictional limitations set out in the statute, FinCEN believes a
formal application and approval process is necessary to ensure that
adequate safeguards are in place before allowing a financial
institution to share SARs and related information with its foreign
branches, subsidiaries, and affiliates.
---------------------------------------------------------------------------
\36\ See 31 CFR 1020.320(e), 1021.320(e), 1022.320(d),
1023.320(e), 1024.320(d), 1025.320(e), and 1026.320(e). Filing
institutions, and their current and former directors, officers,
employees, and agents, are prohibited from disclosing SARs, or any
information that would reveal the existence of a SAR.
---------------------------------------------------------------------------
The proposed rule also specifies that applicant financial
institutions should, at a minimum, implement certain controls,
including confidentiality agreements and procedures for personnel
located in the United States to review requests from foreign law
enforcement, foreign regulators, or an outside foreign party for SARs
and related information, and to immediately notify FinCEN of such
requests. Given the sensitive nature of SAR information, participant
financial institutions and their foreign branches, subsidiaries, or
affiliates must direct the requesting authority to both contact FinCEN
about obtaining the requested SAR or related information and to seek to
obtain such records or information through a request to the United
States pursuant to a mutual legal assistance treaty or another
appropriate mechanism for obtaining records from the United States.
Participant financial institutions shall also maintain records
sufficient to identify the specific foreign jurisdictions in which
branches, subsidiaries, or affiliates of financial institutions are
located and that received any specific SAR or related information. Such
records shall be maintained so as to enable the participant financial
institution to readily report this information to FinCEN upon request.
FinCEN is including this requirement because, in the event of an
unauthorized disclosure, it will assist in FinCEN's efforts to identify
those individuals and entities that were in possession of SARs and
related information that were inappropriately disclosed.
The proposed rule requires that an application specify those
foreign branches, subsidiaries, and affiliates with which a financial
institution intends to share SARs and related information pursuant to
the proposed pilot program. Upon receipt of an application, FinCEN
would determine a financial institution's suitability for participation
in the pilot program based on FinCEN's assessment of the financial
institution's internal controls, as well as the entities with which it
intends to share information and corresponding jurisdictions in which
the entities are located. FinCEN will notify the financial
institution's relevant Federal functional regulator of the application.
FinCEN will also consult with the relevant Federal functional regulator
and other relevant agencies on the application, as needed. The proposed
rule also states that FinCEN will share information received pursuant
to the application process with relevant Federal functional regulators,
or, as appropriate, other relevant agencies.\37\ The proposed rule also
states that FinCEN will limit the sharing of SARs and related
information based on the requirements of Federal and State law
enforcement operations, and will take into account concerns of the
intelligence community.
---------------------------------------------------------------------------
\37\ While there is no consultation requirement in 31 U.S.C.
5318(g)(8), FinCEN intends to consult with Federal functional
regulators with respect to their assessment of the financial
institution's suitability for participation in the pilot program.
For example, the relevant Federal functional regulator may have
particular expertise with respect to a financial institution's risk
profile and supervisory history with respect to BSA.
---------------------------------------------------------------------------
FinCEN expects that the resourcing and strengths of compliance
programs and internal control frameworks will vary among applicant
financial institutions. Consequently, the proposed rule permits FinCEN
to require implementation of additional internal controls to ensure
data security and confidentiality of SARs and related information,
including the personally identifiable information contained therein, as
a prerequisite to approving an application. As the pilot program
matures, and best practices for ensuring data security and
confidentiality are identified, FinCEN may require certain participant
financial institutions to implement additional internal controls as a
condition for continued participation in the pilot program. In response
to concerns of the intelligence community, or to take into account
requirements for State and Federal law enforcement operations, FinCEN
may also require participant financial institutions to enhance or
modify internal controls as a condition for continued participation in
the pilot program.
The proposed rule also provides a mechanism by which participant
financial institutions may seek modifications to the internal controls
specified in its FinCEN-approved application to address operational
contingencies, resourcing challenges, or other circumstances.
Specifically, the proposed rule would require participant financial
institutions to submit a request to FinCEN that details the nature and
extent of the requested changes to applicable internal controls before
implementing any such modifications. FinCEN, in consultation with
relevant Federal functional regulators, as needed, would approve or
reject such requests for modification, or condition its approval on
implementation of additional controls, as appropriate. FinCEN, in its
sole discretion, may also modify a financial institution's
participation in the pilot program based on the requirements of Federal
and State law enforcement operations or concerns of the intelligence
community.
The proposed rule would permit FinCEN to terminate a financial
institution's participation in the pilot program at any time. Grounds
for termination could include, but are not limited to, actual, or
unreasonable risk of, unauthorized disclosures of SARs and related
information; significant internal control deficiencies identified while
participating in the pilot program; failure to adhere to the specific
requirements for participation; or any other issues that indicate that
a participant financial institution is unable to adequately safeguard
against unauthorized disclosures of SARs and
[[Page 3723]]
related information or to ensure adequate data security and
confidentiality of personally identifiable information.
Given the limited duration of the pilot program, FinCEN will make
every effort to expeditiously review applications and provide responses
to potential participant financial institutions in a timely manner. To
that end, FinCEN will seek to provide responses within 90 days of
receipt of an application to participate in the pilot program. FinCEN
welcomes comments on whether this time period is sufficient to
encourage participation in the pilot program during the timeframe
allotted by Congress.
Quarterly reporting requirement: The proposed rule would require
participant financial institutions to report certain information to
FinCEN on a quarterly basis, including: (1) The total number of SARs
and related information shared; (2) the name and jurisdiction of each
entity that received SARs and related information, the relationship
between the entity and the participant financial institution, and the
intended purposes and uses for which the SARs and related information
were shared; (3) legal and compliance issues encountered; (4) technical
difficulties and challenges; (5) enhancements to the financial
institution's AML/CFT program enabled as a result of participating in
the pilot program, to include reallocation of resources to higher-
priority AML/CFT risks, such as those described in FinCEN's National
AML/CFT Priorities, issued pursuant to Section 5318(h)(4)(A) of the
BSA; and, (6) lessons learned, to include any identified inefficiencies
in the institution's AML/CFT program. The proposed rule's quarterly
reporting requirement would provide a control to ensure that the
sharing of information permitted under the pilot program is in
compliance with the statutory requirements with regard to Federal and
State law enforcement operations, concerns of the intelligence
community, and ensuring appropriate standards and requirements are in
place with respect to data security and confidentiality of personally
identifiable information. FinCEN expects that quarterly reporting will
yield critical information and data that should shed light on the
effectiveness of the pilot program and inform best practices for
information sharing and confidentiality of SARs and related
information. FinCEN intends to use this information to satisfy specific
statutory reporting requirements, including annual implementation
updates to Congress, as well as the report and accompanying legislative
proposal for any request to extend the pilot program.\38\
---------------------------------------------------------------------------
\38\ As the pilot program matures, FinCEN may request additional
data points from pilot program participants to fulfil these
statutory obligations.
---------------------------------------------------------------------------
Quarterly reporting should also enable FinCEN, and Federal
functional regulators, as appropriate, to identify pilot program-
related internal control deficiencies at participant financial
institutions that may need to be addressed as a condition for continued
participation in the pilot program. For instance, a participant
financial institution may report a legal and compliance issue under the
rule, such as an internal audit finding of ineffective controls on SAR
confidentiality. To ensure ongoing compliance with the requirements of
the pilot program, and a financial institution's suitability to
continue to participate, FinCEN intends to share these quarterly
reports with relevant Federal functional regulators and consult with
them as appropriate.
Prohibition involving certain jurisdictions: The proposed rule
would prohibit participant financial institutions from sharing SARs and
related information with foreign branches, subsidiaries, and affiliates
in specific jurisdictions, including the People's Republic of China,
the Russian Federation, jurisdictions that are state sponsors of
terrorism, jurisdictions subject to sanctions imposed by the Federal
Government, and jurisdictions the Secretary has determined cannot
reasonably protect the security and confidentiality of such
information.
For purposes of this section, a ``state sponsor of terrorism'' is a
jurisdiction so determined by the U.S. Department of State.
Jurisdictions ``subject to sanctions imposed by the Federal
Government'' are jurisdictions with governments whose property and
interests in property in U.S. jurisdiction are blocked pursuant to U.S.
sanctions authorities, as well as jurisdictions subject to broad
prohibitions on transactions by U.S. persons involving that
jurisdiction, such as prohibitions on importing or exporting goods,
services, or technology to the jurisdiction or dealing in goods or
services originating from the jurisdiction, pursuant to U.S. sanctions
authorities. FinCEN welcomes comments on this interpretation, and
encourages financial institutions to monitor for sanctions issued by
the U.S. Government to ensure compliance with this requirement.
Under 31 U.S.C. 5318(g)(8)(C)(i)(III)(c), as added by Section
6212(C)(i)(III)(cc) of the AML Act, FinCEN has determined that a
jurisdiction that FinCEN has identified as a primary money laundering
concern pursuant to Sections 311 of the USA PATRIOT Act (Pub. L. 107-
56) or 9714 of the Combating Russian Money Laundering Act (Pub. L. 116-
283) cannot reasonably protect the security and confidentiality of SARs
and related information given the deficient AML/CFT controls in those
jurisdictions as identified by FinCEN. The proposed rule, therefore,
also prohibits financial institutions from sharing SARs and related
information with foreign branches, subsidiaries, and affiliates in
jurisdictions identified by FinCEN as such.\39\ FinCEN may further
restrict sharing of SARs and related information, as authorized by
statute, based on requirements of Federal or State law enforcement
operations, the concerns of the intelligence community, or where FinCEN
has otherwise determined that such information cannot reasonably be
protected.
---------------------------------------------------------------------------
\39\ See https://www.fincen.gov/resources/statutes-and-regulations/311-special-measures.
---------------------------------------------------------------------------
The proposed rule would authorize the Secretary to grant narrow
exceptions on a case-by-case basis for foreign branches, subsidiaries,
and affiliates located in the People's Republic of China and the
Russian Federation. Under the proposed rule, the Secretary would be
required to notify the Committee on Banking, Housing, and Urban Affairs
of the U.S. Senate and the Committee on Financial Services of the U.S.
House of Representatives that such exceptions are in the national
security interest of the United States.
Treatment of foreign jurisdiction-originated reports. As required
by 31 U.S.C. 5318(g)(9), as added by the AML Act, information related
to a report received by a financial institution from a foreign
affiliate with respect to a suspicious transaction relevant to a
possible violation of law or regulation shall be subject to the same
confidentiality requirements as reports filed under 31 U.S.C. 5318(g).
Prohibition on offshoring compliance operations: As required by 31
U.S.C. 5318(g)(10), as added by the AML Act, the proposed rule would
expressly prohibit participant financial institutions from establishing
or maintaining any operation located outside of the United States the
primary purpose of which is to ensure compliance with the BSA as a
result of the information sharing granted by this pilot program.
Duration of the pilot program: The proposed rule implements the
statutory requirement that the pilot program terminate three years
after enactment of
[[Page 3724]]
the AML Act. The rule would permit the Secretaryto extend the pilot
program for not longer than two years upon reporting to the Committee
on Banking, Housing, and Urban Affairs of the Senate and the Committee
on Financial Services of the House of Representatives, as required by
the AML Act.
Prohibition on Disclosure: Under 31 U.S.C. 5318(g)(8)(B)(ii), the
pilot program shall ``permit the Secretary to consider, implement, and
enforce provisions that would hold a foreign affiliate of a U.S.
financial institution liable for the disclosure of SARs and related
information.'' The proposed rule provides that, except to the extent
authorized pursuant to the pilot program or in existing regulations or
guidance, a participant financial institution, its foreign branches,
subsidiaries and affiliates, and certain other associated individuals
may not disclose a SAR or related information shared pursuant to the
pilot program. The reference to ``existing regulations and guidance''
in the proposed rule accounts for exceptions to SAR confidentiality
that apply to filing institutions located or doing business within the
United States, and their directors, officers, employees, or agents.\40\
---------------------------------------------------------------------------
\40\ See, e.g., 31 CFR 1020.320(e)(1)(ii) (banks).
---------------------------------------------------------------------------
A participant financial institution must implement policies,
procedures, and internal controls that are reasonably designed to
ensure that its foreign branches, subsidiaries, or affiliates do not
permit unauthorized disclosures of SARs or related information. FinCEN,
in consultation with relevant Federal functional regulators, as needed,
will assess the sufficiency of a financial institution's internal
controls before approving an application to participate in the pilot
program. SARs and related information contain highly sensitive
information, including sensitive information about U.S. persons, and it
is vital that they be protected. FinCEN encourages participant
financial institutions to ensure that their foreign branches,
subsidiaries, or affiliates have sufficient internal controls in place
prior to sharing any SARs or related information.
Under 31 U.S.C. 5321 and 31 U.S.C. 5322, civil penalties and
criminal sanctions may be imposed on participant financial
institutions, directors, officers, employees, or agents for violations
of the prohibition on the disclosure of SARs and related information.
The proposed rule makes clear that this prohibition also applies to
foreign affiliates, and that foreign affiliates can be held liable for
civil penalties and criminal sanctions pursuant to 31 U.S.C. 5321 and
31 U.S.C. 5322. Civil money penalties under 31 U.S.C. 5321(a)(1) apply
to a ``domestic financial institution or nonfinancial trade or
business,'' and the term ``domestic financial institution'' is defined
as referring to ``an action in the United States'' of the financial
institution.\41\ However, 31 U.S.C. 5318(g)(8)(B)(ii) specifically
authorizes the Secretary to implement and enforce ``provisions that
would hold a foreign affiliate of a U.S. financial institution liable
for the disclosure of SARs and related information.'' In light of that
mandate, FinCEN would construe its authority to impose civil money
penalties under 31 U.S.C. 5321(a)(1) as applying to foreign affiliates
that disclose SARs and related information in violation of the proposed
rule, without regard to whether the unauthorized disclosure occurs in
the United States.
---------------------------------------------------------------------------
\41\ 31 U.S.C. 5312(b)(1); see also 31 CFR 1010.100(o) (stating
that ``domestic'' refers ``to the doing of business within the
United States'' or ``the performance . . . of functions within the
United States'').
---------------------------------------------------------------------------
Definitions: 31 U.S.C. 5318(g)(11) defines an affiliate as ``an
entity that controls, is controlled by, or is under common control with
another entity.'' The broad nature of this definition would include
branches and subsidiaries of participant financial institutions.
Therefore, the proposed rule both adopts this definition and includes
branches and subsidiaries within the term affiliate for the purpose of
this proposed pilot program.
IV. Request for Comment
FinCEN welcomes comment on all aspects of this proposed rule and
encourages all interested parties to provide their views.
With respect to the effect of establishing a pilot program to
permit financial institutions to share SARs with foreign branches,
subsidiaries, and affiliates, FinCEN in particular requests comment
from financial institutions and members of the public on the following
questions:
(1) Describe the expected costs and associated burdens of complying
with the proposed pilot program requirements, to the extent that a
financial institution chooses to participate.
(2) Describe the expected impact, including costs and/or associated
burdens, of complying with the statutory prohibition on offshoring
compliance operations within the context of the proposed pilot program.
(3) Describe expected technical challenges to implementation that
could make it harder or more expensive to participate in the pilot
program.
(4) Describe the expected benefits to a financial institution from
being permitted to share SARs and related information with a foreign
branch, subsidiary, or affiliate for the purpose of combating illicit
finance risks. Would the proposed sharing of SARs and related
information enable a financial institution to shift or allocate
resources to higher-priority AML/CFT risks?
(5) Has FinCEN struck a reasonable balance between facilitating
information sharing of SARs and related information permitted under the
pilot program and imposing conditions to protect the confidentiality
and prevent unauthorized disclosures of SARs and related information?
If not, how could FinCEN more reasonably balance these considerations?
(6) Describe potential challenges in protecting the confidentiality
of SARs and related information and preventing unauthorized disclosures
in connection with participation in the pilot program. Are there
additional provisions FinCEN could include in the pilot program that
would better enable a financial institution to comply with the program
confidentiality requirements and ensure accurate reporting? How does a
financial institution expect to protect SAR confidentiality and prevent
unauthorized SAR disclosures if foreign regulatory examinations of
foreign affiliates of U.S. financial institutions requests access to
such foreign institutions' files? Are there jurisdictions in which this
information would be subject to disclosure to non-government parties by
legal process?
(7) For the quarterly reports FinCEN is proposing to require, are
there any other particular metrics FinCEN should include in the current
list for required feedback?
(8) Is FinCEN's proposed timeline of 90 days to respond to
application requests reasonable? Would such a timeline encourage
financial institutions to participate in the pilot program?
(9) Should FinCEN consider a broader, longer-term program that
would enable financial institutions to share SARs and related
information with their foreign branches, subsidiaries, and affiliates
for the purpose of combating illicit finance risks?
V. Regulatory Analysis
A. Executive Orders 13563 and 12866
Executive Orders 13563 and 12866 direct agencies to assess costs
and
[[Page 3725]]
benefits of available regulatory alternatives and, if regulation is
necessary, to select regulatory approaches that maximize net benefits
(including potential economic, environmental, and public health and
safety effects; distributive impacts; and equity). Executive Order
13563 emphasizes the importance of quantifying both costs and benefits,
of reducing costs, of harmonizing rules, and of promoting flexibility.
It has determined that this proposed rule is not a significant
regulatory action for purposes of Executive Order 12866. Accordingly, a
regulatory impact analysis is not required.
B. Regulatory Flexibility Act
The Regulatory Flexibility Act (RFA) (5 U.S.C. 601, et seq.)
requires an agency either to provide an initial regulatory flexibility
analysis with a proposed rule or certify that the proposed rule will
not have a significant economic impact on a substantial number of small
entities. This proposed regulation on its face would apply to all
financial institutions with a SAR reporting obligation under 31 U.S.C.
5318(g). However, because of the voluntary nature of the proposed rule,
only financial institutions choosing to participate in the pilot
program would be affected. FinCEN believes the proposed regulatory
changes are unlikely to have a significant economic impact on a
substantial number of small entities, as smaller entities are less
likely to have foreign-based branches, subsidiaries, and affiliates.
FinCEN, however, recognizes the limitations in readily available data
about potential costs and benefits and has prepared an initial
regulatory flexibility analysis pursuant to the RFA. FinCEN welcomes
comments on all aspects of the initial regulatory flexibility analysis.
A final regulatory flexibility analysis will be conducted after
consideration of comments received during the comment period.
i. Statement on the Need for, and Objectives of, the Proposed
Regulations
The need for, and objectives of, the proposed regulations are
established in 31 U.S.C. 5318(g), as amended by Section 6212 of the AML
Act. The purpose of the proposed regulation is to establish a pilot
program that permits a financial institution with a reporting
obligation under 31 U.S.C. 5318(g) to share information related to
SARs, including that such a report has been filed, with the
institution's foreign branches, subsidiaries, and affiliates for the
purpose of combating illicit finance risks.
ii. Small Entities Affected by the Proposed Regulation
The proposed regulations would apply to financial institutions with
a reporting obligation under 31 U.S.C. 5318(g). FinCEN most recently
identified these institutions in the Paperwork Reduction Act of 1995
(PRA) notice renewing information collection related to SARs.\42\ While
the full list of financial institutions with a reporting obligation
under 31 U.S.C. 5318(g) includes a substantial number of small
entities, FinCEN does not believe that a substantial number of small
entities would be affected by the proposed regulation. The proposed
pilot program would apply only to those institutions that choose to
participate, and it is unlikely that small entities would choose to
participate in a SAR sharing pilot program, as they are less likely to
have foreign branches, subsidiaries, and affiliates.
---------------------------------------------------------------------------
\42\ Financial Crimes Enforcement Network, Agency Information
Collection Activities; Proposed Renewal; Comment Request; Renewal
Without Change of the Bank Secrecy Act Reports by Financial
Institutions of Suspicious Transactions at 31 CFR 1020.320,
1021.320, 1022.320, 1023.320, 1024.320, 1025.320, 1026.320, and
1029.320, and FinCEN Report 111--Suspicious Activity Report, 85 FR
31598 (May 26, 2020).
---------------------------------------------------------------------------
iii. Compliance Requirements
The compliance costs for entities that choose to participate in the
pilot program would include implementation and administrative costs.
These would include costs to file an initial application with, and
provide quarterly updates to, FinCEN, as well as costs associated with
ensuring that adequate controls are in place to abide by the conditions
imposed by FinCEN.
iv. Duplicative, Overlapping, or Conflicting Federal Rules
FinCEN is not aware of any duplicative, overlapping, or conflicting
Federal rules with respect to pilot programs that enable financial
institutions to share SARs and related information with their foreign
branches, subsidiaries, and affiliates. As discussed previously,
existing guidance from FinCEN and Federal functional regulators
prohibits U.S. financial institutions from sharing SARs with foreign
branches, subsidiaries, and affiliates, and allows only for sharing
SARs with head offices and controlling entities of U.S. financial
institutions, consistent with the 2006 Guidance, and U.S. affiliates
within a financial institution's corporate organizational structure,
consistent with the 2010 Guidance.
v. Significant Alternatives to the Proposed Regulations
FinCEN considered foregoing the requirement for financial
institutions to submit an application and provide quarterly updates on
the progress of the pilot program. Given the sensitive nature of the
information contained in or relating to a SAR, including personally
identifiable information of U.S. persons, and the jurisdictional
limitations set out in the statute, FinCEN proposes requiring an
application and approval process to ensure that adequate safeguards are
in place before allowing a financial institution to share information
with its foreign branches, subsidiaries, and affiliates. Additionally,
as required by the AML Act, FinCEN must provide annual updates to the
Committee on Banking, Housing, and Urban Affairs of the Senate and the
Committee on Financial Services of the House of Representatives on the
pilot program, and submit a detailed legislative proposal concerning
the long-term extension of the pilot, if appropriate. FinCEN therefore
proposes to require financial institutions to provide quarterly updates
to ensure that FinCEN, in consultation with relevant Federal functional
regulators, as needed, can meet these statutory requirements.
C. Unfunded Mandates Act
Section 202 of the Unfunded Mandates Reform Act of 1995 (``Unfunded
Mandates Act''), Public Law 104-4 (March 22, 1995), requires that an
agency prepare a budgetary impact statement before promulgating a rule
that may result in expenditure by the State, local, and tribal
governments, in the aggregate, or by the private sector, of $100
million or more in any one year. If a budgetary impact statement is
required, Section 202 of the Unfunded Mandates Act also requires an
agency to identify and consider a reasonable number of regulatory
alternatives before promulgating a rule. Taking into account the
factors noted above and using conservative estimates of average labor
costs in evaluating the cost of the burden imposed by the proposed
regulation, FinCEN has determined that it is not required to prepare a
written statement under Section 202.
D. Paperwork Reduction Act of 1995
The recordkeeping and reporting requirements contained in this
proposed rule (31 CFR 1010.240) have been submitted by FinCEN to the
Office of Management and Budget (``OMB'') for review in accordance with
the PRA. Written comments and
[[Page 3726]]
recommendations for the proposed information collection can be
submitted by visiting www.reginfo.gov/public/do/PRAMain. Find this
particular document by selecting ``Currently Under Review--Open for
Public Comments'' or by using the search function. Comments are welcome
and must be received by March 28, 2022. In accordance with the
requirements of the PRA and its implementing regulations, 5 CFR part
1320, the following information concerning the collections of
information is presented to assist those persons wishing to comment on
the information collections. Currently, financial institutions subject
to a SAR requirement must collect, retain, and report certain
information related to suspicious activity that takes places by, at, or
through the financial institution. This proposed rule would permit
financial institutions to share this information with their foreign
branches, subsidiaries, and affiliates, subject to the conditions and
prohibitions described above. As part of the application process to
request participation in the pilot program, FinCEN is proposing to
require a written submission with quarterly updates. As there is no
requirement to participate in the pilot program, FinCEN has calculated
an hourly burden only for those financial institutions that voluntarily
decide to participate.
Description of Recordkeepers: Banks, casinos and card clubs, money
services businesses, brokers or dealers in securities, mutual funds,
insurance companies, futures commission merchants and introducing
brokers in commodities, loan or finance companies, and housing
government sponsored enterprises.
Estimated Number of Affected Institutions: FinCEN estimates that
approximately 100 financial institutions will decide to participate in
the pilot program, which will permit the financial institutions to
share SARs and related information with their foreign branches,
subsidiaries, and affiliates. Because this is a new voluntary program,
this is an estimate, and FinCEN is requesting comment from institutions
that anticipate voluntarily participating in the pilot program.
Estimated Average Annual Burden Hours per Recordkeeper: Fewer than
59 hours per participant financial institution.
FinCEN estimates that the recordkeeping burden per recordkeeper to
submit a written application to FinCEN requesting participation in the
pilot program, including a description of internal controls in place to
limit unauthorized disclosures of SARs and related information, is 20
hours per year. This includes filing an application to participate that
includes notice that a person has been designated as a point-of-contact
for ongoing correspondence with FinCEN during the pilot program,
written pre-commencement notice that a participant financial
institution has the appropriate agreements and internal controls in
place to begin sharing SARs and related information, and written notice
that a commencement date has been set. FinCEN estimates an additional
one-hour-per-year burden in the event a participant financial
institution needs to contact FinCEN in writing to request advance
approval for any modifications to the commitments in the written
application. FinCEN is requesting comment on how frequently a
prospective participant financial institution anticipates that it may
need to modify the commitments listed in its application.
FinCEN estimates that the recordkeeping burden to draft and
maintain written confidentiality agreements for personnel granted
access to shared information, and to draft and maintain documented
policies and procedures to account for any requests or demands for SARs
and related information under foreign law, is 20 hours per year. FinCEN
estimates that the recordkeeping burden to prepare and submit quarterly
reports, to include technical difficulties encountered, legal issues
uncovered, the outcome of requests or demands made for SARs shared
pursuant to the pilot program, successes or lessons learned, is four
hours per report, for a total of 16 hours per year (4 hours x 4 reports
per year).
FinCEN estimates one hour for the recordkeeping burden associated
with the notice requirement, where a participant institution must
notify FinCEN of any requests or demands from foreign law enforcement,
foreign regulators, or other outside foreign party for SARs and related
information shared with foreign branches, subsidiaries, and affiliates
pursuant to the pilot program, and notify FinCEN of the outcome of such
request and any further attempts to obtain such SARs and related
information. FinCEN also estimates one hour for the burden associated
with maintaining records sufficient to identify the specific foreign
jurisdictions in which branches, subsidiaries, or affiliates of
financial institutions are located and that received any specific SAR
or related information.
FinCEN understands that some participant financial institutions may
have existing SAR sharing procedures and confidentiality agreements in
place that could be leveraged for the pilot program, whereas other
institutions may need to create them. For that reason, FinCEN estimates
that the proposed rule would add roughly 59 burden hours per
participant financial institution a year based on the above
calculations.\43\
---------------------------------------------------------------------------
\43\ FinCEN arrived at the estimate of 58 burden hours by
calculating 20 hours (application) + 1 hour (material deviations
from the written agreement) + 20 hours (confidentiality agreements)
+ 16 hours (quarterly reports) + 1 hour (law enforcement referrals)
= 58 hours annual per financial institution.
---------------------------------------------------------------------------
Estimated Total Annual Reporting Burden: 5,900 hours (100 financial
institutions multiplied by 59 hours). This is a new regulatory
requirement that requires a new OMB control number. The OMB control
number assigned to the recordkeeping and reporting requirements
described in this notice is 1506-XXXX. 5,900 hours will be assigned to
new OMB control number 1506-XXXX.
Specific Questions for Comment:
(1) FinCEN is requesting comment from financial institutions that
anticipate voluntarily participating in the pilot program on whether
the estimate of 100 financial institutions that might participate in a
pilot program is accurate, so that FinCEN can further refine its
estimate of expected participants.
(2) Is FinCEN's burden estimate of 20 hours per year for a
financial institution to draft and submit an application reasonable?
(3) Is FinCEN's burden estimate of 20 hours per year for a
financial institution to draft and maintain written confidentiality
agreements and maintain policies and procedures related to disclosure
requests reasonable?
(4) Is FinCEN's burden estimate of 16 hours per year for a
financial institution to submit four quarterly reports reasonable?
(5) Is FinCEN's burden estimate of one hour per year for a
financial institution to refer law enforcement, regulator, or outside
party requests to FinCEN reasonable?
(6) Is FinCEN's burden estimate of one hour per year for a
financial institution to maintain records to sufficiently track SARs
such that a participant financial institution can identify a specific
SAR shared with a specific foreign branch, subsidiary, or affiliate?
(7) How often does an institution receive requests or demands for
SARs and related information from law enforcement, a regulator, or
other outside party?
General Questions for Comment: In addition to the questions listed
above, FinCEN invites comment on: (a) Whether the proposed collection
of
[[Page 3727]]
information is necessary for the proper performance of the functions of
FinCEN, including whether the information will have practical utility;
(b) the accuracy of the estimated burden associated with the proposed
collection of information; (c) how the quality, utility, and clarity of
the information to be collected may be enhanced; and (d) how the burden
of complying with the proposed collection of information may be
minimized, including through the application of automated collection
techniques or other forms of information technology.
List of Subjects in 31 CFR Part 1010
Administrative practice and procedure, Banks, Banking, Currency,
Foreign banking, Foreign currencies, Investigations, Penalties,
Reporting and recordkeeping requirements, Terrorism.
Authority and Issuance
For the reasons set forth in the preamble, part 1010 of chapter X
of title 31 of the Code of Federal Regulations is proposed to be
amended as follows:
PART 1010--GENERAL PROVISIONS
0
1. The authority citation for part 1010 continues to read as follows:
Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314,
5316-5336; Title III, sec. 314, Pub. L. 107-56, 115 Stat. 307; sec.
2006, Pub.L 114-41. Stat. 458-459; sec. 701, Pub. L. 114-74, 129
Stat. 599; sec. 6403, Pub. L. 116-283, 134 Stat. 3388.
0
2. Add Sec. 1010.240 to subpart B to read as follows:
Sec. 1010.240 Pilot program authorizing SAR sharing with foreign
branches, subsidiaries, and affiliates.
(a) Definitions. For purposes of this section, the following terms
have the following meanings:
(1) Eligible financial institution. The term ``eligible financial
institution'' means a financial institution as described in 31 U.S.C.
5312(a)(2) that is obligated to report suspicious activity under 31
U.S.C. 5318(g), including without limitation:
(i) Banks, as defined at 31 CFR 1010.100(d);
(ii) Casinos and card clubs, as defined at 31 CFR 1010.100(t)(5)
and (6), respectively;
(iii) Money services businesses, as defined at 31 CFR 1010.100(ff);
(iv) Brokers or dealers in securities, as defined at 31 CFR
1010.100(h);
(v) Mutual funds, as defined at 31 CFR 1010.100(gg);
(vi) Insurance companies, as defined at 31 CFR 1025.100(g);
(vii) Futures commission merchants and introducing brokers in
commodities, as defined at 31 CFR 1010.100(x) and (bb), respectively;
(viii) Loan or finance companies, as defined at 31 CFR
1010.100(lll); and
(ix) Housing government sponsored enterprises, as defined at 31 CFR
1010.100(mmm).
(2) Participant financial institution. The term ``participant
financial institution'' means an eligible financial institution that
FinCEN has authorized to engage in the pilot program described in this
section, in accordance with the requirements set forth in this section
and any other conditions imposed by FinCEN.
(3) Affiliate. The term ``affiliate'' means an entity that
controls, is controlled by, or is under common control with another
entity, including any branch or subsidiary.
(4) Suspicious activity report (SAR) and related information. The
term ``SAR and related information'' means a report filed pursuant to
31 CFR 1020.320 (banks); 1021.320 (casinos and card clubs); 1022.320
(money services businesses); 1023.320 (brokers or dealers in
securities); 1024.320 (mutual funds); 1025.320 (insurance companies);
1026.320 (futures commission merchants and introducing brokers in
commodities); 1029.320 (loan or finance companies); 1030.320 (housing
government-sponsored enterprises), and any information that would
reveal the existence of such a report.
(5) Commencement date. The term ``commencement date'' means the
date on which a participant financial institution begins sharing SARs
and related information with foreign affiliates pursuant to the
requirements of the pilot program described in this section, in
accordance with the requirements set forth in this section and any
other conditions imposed by FinCEN.
(b) Participation in the SAR pilot program. Notwithstanding any
other provision of this chapter, and subject to the terms and
conditions specified in this section or otherwise prescribed by FinCEN,
a financial institution approved by FinCEN to participate in the SAR
pilot program may share SARs and related information, including the
fact that a SAR has been filed, with the institution's foreign
affiliates for the purpose of combating illicit finance risks.
(c) Obligations of a participant financial institution--(1)
Application. Eligible financial institutions must obtain approval from
FinCEN to participate in the pilot program. To obtain FinCEN approval,
an eligible financial institution shall submit a written application to
FinCEN. FinCEN will notify the financial institution's relevant Federal
functional regulator of the application. FinCEN will share any
materials submitted in connection with an application under this
section with relevant Federal functional regulators, or, as
appropriate, other relevant agencies. The written application must:
(i) Identify the institution's point of contact(s) for pilot
program-related correspondence with FinCEN, and, for entities located
abroad, appoint agents for service of process in the United States;
(ii) Specify the foreign affiliates with which the financial
institution intends to share SARs and related information, including
the operational jurisdictions of such entities, as well as whether such
entities will be providing reciprocal information to the applicant
institution;
(iii) Specify the particular purpose or purposes for which the
foreign affiliates intend to use SARs and related information;
(iv) Include an estimated commencement date for the institution's
pilot program; and
(v) Provide a description of all internal controls in place to
protect the confidentiality of and prevent unauthorized disclosures of
SARs and related information and ensure data security and
confidentiality of personally identifiable information.
(2) Internal controls--(i) Implementation of internal controls. A
participant financial institution must implement and maintain policies,
procedures, and internal controls that are reasonably designed to
ensure that its foreign affiliates do not permit unauthorized
disclosures of SARs and related information shared pursuant to the
pilot program. These controls should include:
(A) Written confidentiality agreements or arrangements specifying
that all personnel in foreign affiliates granted access to SARs and
related information pursuant to the pilot program must safeguard the
confidentiality of SARs and related information shared pursuant to the
pilot program, including information indicating that a SAR has been
filed;
(B) Provisions for the secure transmission and storage of SARs and
related information between the participant financial institution and
its foreign affiliates; and
(C) Processes and procedures for personnel located in the United
States to review any request from foreign law enforcement, foreign
regulators, or an outside foreign party for SARs and related
information shared pursuant to the pilot program.
[[Page 3728]]
(ii) Copies of internal controls. FinCEN may request copies of
internal policies and procedures, including confidentiality agreements,
designed to ensure compliance with the pilot program. FinCEN may share
these documents with relevant Federal functional regulators or other
relevant agencies.
(3) Approval. In determining whether to approve an application,
FinCEN will consider, in its sole discretion, the requirements of
Federal and State law enforcement operations; any potential concerns of
the intelligence community; appropriate standards and requirements
regarding data security and the confidentiality of personally
identifiable information, including the adequacy of the financial
institution's internal controls; and, any other appropriate factors
consistent with the purposes of the Bank Secrecy Act.
(4) Additional requirements. As a condition of approving an
application, FinCEN may impose additional requirements, including
requiring a participant financial institution to adopt additional
controls related to its participation in the pilot program. FinCEN may
impose additional requirements on a participant financial institution
at any time after the application is approved.
(5) Modification. A participant financial institution shall not
deviate in any material manner from the controls proposed in the
application described in paragraph (1) or from any additional
requirements imposed by FinCEN, except with FinCEN's written approval.
(6) Termination. FinCEN may terminate a financial institution's
participation in the pilot program at any time if, in its sole
discretion, FinCEN determines that such termination is consistent with
the considerations set forth in 31 U.S.C. 5318(g)(8)(A) or for other
good cause.
(7) Pre-commencement notice to FinCEN. After obtaining approval
from FinCEN, a participant financial institution shall provide FinCEN
with advance written confirmation of the commencement date of the
financial institution's sharing of SARs and related information with
its foreign affiliates.
(8) Quarterly reporting requirement. A participant financial
institution shall submit reports regarding its participation in the
pilot program to FinCEN every three months after the commencement date
of its pilot program. FinCEN intends to share quarterly reports with
relevant Federal functional regulators or other relevant agencies.
Quarterly reports shall include information concerning:
(i) Total number of SARs and related information shared;
(ii) The name and jurisdiction of each foreign affiliate that
received SARs and related information, its relationship with the
participant financial institution, and the intended purposes and uses
for which the SAR and related information were shared;
(iii) Any legal and compliance issues related to the financial
institution's participation in the pilot program;
(iv) Any technical difficulties and challenges encountered;
(v) Any enhancements to the financial institution's AML/CFT
program, including reallocation of resources to higher-priority AML/CFT
risks enabled as a result of the financial institution's participation
in the pilot program. Financial institutions may consult FinCEN's AML/
CFT National Priorities, issued pursuant to section 5318(h)(4)(A) of
the BSA, to further describe successes in this area; and
(vi) Lessons learned arising from the financial institution's
participation in the pilot program, to include any identified
deficiencies.
(9) Requirement for personnel located in the United States. A
participant financial institution shall maintain appropriate personnel
located in the United States to review requests or demands of a foreign
affiliate for SARs and related information pursuant to its
participation in the pilot program.
(10) Receipt of information requests, subpoenas, and other requests
for SARs and related information. A participant financial institution
shall immediately notify FinCEN of all requests or demands on the
participant financial institution or its foreign affiliates for SARs or
related information from foreign law enforcement, foreign regulators,
or any other outside foreign party. Participant financial institutions
and their foreign affiliates shall direct the requesting authority to
both contact FinCEN about obtaining the requested SARs or related
information, and seek to obtain such records or information through a
request to the United States pursuant to a mutual legal assistance
treaty or other appropriate mechanism for obtaining records from the
United States.
(11) Unauthorized disclosures. A participant financial institution
must immediately notify FinCEN upon learning of or discovering any
unauthorized disclosures of SARs or related information shared pursuant
to the pilot program and provide all information to FinCEN relating to
such unauthorized disclosure.
(12) SAR tracking. A participant financial institution shall
maintain records sufficient to identify the specific foreign
jurisdictions in which affiliates of financial institutions are located
and that received any specific SAR or related information. Such records
shall be maintained so as to enable the participant financial
institution to readily report this information to FinCEN upon request.
(d) Prohibition involving certain jurisdictions. (1) A participant
financial institution shall not share SARs or related information with
a foreign affiliate located in:
(i) The People's Republic of China;
(ii) The Russian Federation; or
(iii) A jurisdiction that:
(A) Is a state sponsor of terrorism, as determined by the U.S.
Department of State;
(B) Is subject to financial and economic sanctions imposed by the
Federal Government, i.e., jurisdictions with governments whose property
and interests in property in U.S. jurisdictions are blocked pursuant to
U.S. sanctions authorities and jurisdictions subject to broad
prohibitions on transactions by U.S. persons involving that
jurisdiction, such as prohibitions on importing or exporting goods,
services, or technology to the jurisdiction or dealing in goods or
services originating from the jurisdiction, pursuant to U.S. sanctions
authorities;
(C) Has been identified as a primary money laundering concern
pursuant to Section 311 of the USA PATRIOT Act (Pub. L. 107-56) or
section 9714 of the Combating Russian Money Laundering Act (Pub. L.
116-283); or
(D) The Secretary has determined cannot reasonably protect the
security and confidentiality of suspicious activity reports and related
information.
(2) The Secretary may make an exception on a case-by-case basis for
a financial institution located in jurisdictions listed in paragraphs
(c)(1)(i) and (ii) of this section if the Secretary determines that
such an exception is in the national security interest of the United
States and provides appropriate notification to Congress. A financial
institution seeking an exception to share SARs or related information
with a foreign affiliate located in jurisdictions listed in paragraphs
(c)(1)(i) and (ii) of this section must submit a written request to the
Director of FinCEN setting forth its reasons for the exception.
(e) Treatment of foreign jurisdiction-originated reports.
Information related to a report received by a financial institution
from a foreign affiliate with respect to a suspicious transaction
relevant to a possible violation of law or
[[Page 3729]]
regulation shall be subject to the same confidentiality requirements as
reports filed under 31 U.S.C. 5318(g).
(f) Prohibition on offshoring compliance operations. Participant
financial institutions are prohibited from establishing or maintaining
any operation located outside of the United States the primary purpose
of which is to ensure compliance with the Bank Secrecy Act as a result
of the information sharing granted by this pilot program.
(g) Duration of the pilot program. This pilot program shall
terminate on January 1, 2024. The Secretary may extend the pilot
program for not more than two years upon appropriate notification to
Congress pursuant to 31 U.S.C. 5318(g)(8)(B)(iii).
(h) Prohibition on disclosure. Except to the extent authorized
pursuant to the pilot program or in existing regulations or guidance,
no participant financial institution, director, officer, employee, or
agent of or for a participant financial institution, and no foreign
affiliate of a participant financial institution shall disclose to any
person any SAR or related information shared pursuant to the pilot
program.
(i) SAR disclosures by a foreign affiliate. Civil money penalties
and criminal sanctions may be imposed on any foreign affiliate under 31
U.S.C. 5321 and 31 U.S.C. 5322 for any violation of the preceding
paragraph (h) of this section, without regard to whether the
unauthorized disclosure occurs in the United States. Civil money
penalties shall be assessed and collected in the manner provided in 31
U.S.C. 5321(b) and (d).
By the Department of the Treasury.
Himamauli Das,
Acting Director, Financial Crimes Enforcement Network.
[FR Doc. 2022-01331 Filed 1-24-22; 8:45 am]
BILLING CODE 4810-02-P