[Federal Register: February 16, 1996 (Volume 61, Number 33)]
[Rules and Regulations]
[Page 6095-6100]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
=======================================================================
-----------------------------------------------------------------------
FEDERAL DEPOSIT INSURANCE CORPORATION
12 CFR Part 353
RIN 3064-AB63
Suspicious Activity Reports
AGENCY: Federal Deposit Insurance Corporation.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Federal Deposit Insurance Corporation (FDIC) is amending
its regulation on the reporting of known or suspected criminal and
suspicious activities by insured state nonmember banks. This final rule
streamlines reporting requirements by providing that a state nonmember
bank file a new Suspicious Activity Report (SAR) with the FDIC and the
appropriate federal law enforcement agencies by sending a single copy
of the SAR to the Financial Crimes Enforcement Network of the
Department of the Treasury (FinCEN) to report a known or suspected
criminal offense or a transaction that it suspects involves money
laundering or violates the Bank Secrecy Act.
EFFECTIVE DATE: April 1, 1996.
FOR FURTHER INFORMATION CONTACT: Carol A. Mesheske, Chief, Special
Activities Section, (202) 898-6750, or Gregory Gore, Counsel, (202)
898-7109.
SUPPLEMENTARY INFORMATION:
Background
The FDIC, FRB, OCC, and OTS have issued for public comment
substantially similar proposals to revise their regulations on the
reporting of known or suspected criminal conduct and suspicious
activities. The Department of the Treasury, through FinCEN, has issued
for public comment a substantially similar proposal to require the
reporting of suspicious transactions relating to money laundering
activities.
[[Page 6096]]
The FDIC's proposed regulation (60 FR 47719, September 14, 1995)
noted that the interagency Bank Fraud Working Group, consisting of
representatives from the Agencies, law enforcement agencies, and
FinCEN, has been working on the development of a single form, the SAR,
for the reporting of known or suspected federal criminal law violations
and suspicious activities. The FDIC's proposed regulation, as well as
those proposed by the FRB, OCC, OTS, and FinCEN, would simplify and
clarify the reporting requirements and reduce banks' reporting burdens
by raising mandatory reporting thresholds for criminal offenses and by
requiring the filing of only one report with FinCEN.
The final rule adopts the proposal with a few additional changes
that generally have been made in response to the comments received. The
changes will result in burden reductions even greater than those that
were proposed.
Section-by-Section Analysis
The title of the regulation has been changed to conform to the name
on the SAR.
Section 353.1 (Instruction No. 1 on the SAR) provides that a bank
must file a SAR when it detects a known or suspected criminal violation
of federal law or a suspicious activity pertinent to a money laundering
offense.
Section 353.2 provides pertinent definitions.
Sections 353.3(a) (1), (2), and (3) (Instructions 1. a., b., and c.
on the SAR) instruct a bank to file a SAR with FinCEN in order to
comply with the requirement to notify federal law enforcement agencies
and the Department of the Treasury if the bank detects any known or
suspected federal criminal violation, or pattern of violations,
committed or attempted against the bank, or involving one or more
transactions conducted through the bank, and the bank believes it was
an actual or potential victim of a crime, or was used to facilitate a
crime. If the bank has a substantial basis for identifying one of its
insiders or other institution-affiliated parties in connection with the
known or suspected crime, reporting is required, regardless of the
dollar amount involved. If the bank can identify a non-insider suspect,
the applicable transaction threshold is $5,000. In cases in which no
suspect can be identified, the applicable transaction threshold
increases to $25,000. These sections were not changed from the proposed
regulation published for public comment in September 1995.
Section 353.3(a)(4) (Instruction 1. d. on the SAR) instructs a bank
to file a SAR for transactions involving $5,000 or more in funds or
other assets when the bank knows, suspects or has reason to suspect
that the transaction: (i) Involves money laundering, or (ii) is
designed to evade any regulations promulgated under the Bank Secrecy
Act, or (iii) has no business or apparent lawful purpose or is not the
sort of transaction in which the particular customer normally engages,
and, after examining the available facts, the bank knows of no
reasonable explanation for the transaction. Section 353.3(a)(4) has
been modified in the final rule to reflect comments received on the
proposal. Most notably, the circumstances under which a transaction
should be reported under this section were clarified, and a reporting
threshold of $5,000 was added.
Section 353.3(a)(4) recognizes the emerging international consensus
that the efforts to deter, substantially reduce, and eventually
eradicate money laundering are greatly assisted by the reporting of
suspicious transactions by financial institutions. The requirements of
this section comply with the recommendations adopted by multi-country
organizations in which the United States is an active participant,
including the Financial Action Task Force of the G-7 nations and the
Organization of American States and are consistent with the European
Community's directive on preventing money laundering through financial
institutions.
Section 353.3(b) (Instruction 2 on the SAR) provides that SARs must
be filed within 30 calendar days of the initial detection of the
criminal or suspicious activity. An additional 30 days is permitted in
order to enable a bank to identify a suspect, but in no event may a SAR
be filed later than 60 days after the initial detection of the
reportable conduct. The FDIC and law enforcement must be notified in
the case of a violation requiring immediate action, such as an on-going
violation. These reporting requirements were not changed from the
September 1995 proposal.
Section 353.3(c) encourages a bank to file a SAR with state and
local law enforcement agencies. This section is unchanged from the
September 1995 proposal.
Section 353.3(d) (Instruction 3 on the SAR) provides that a bank
need not file a SAR for an attempted or committed burglary or robbery
reported to the appropriate law enforcement agencies. In addition, a
SAR need not be filed for missing or counterfeit securities that are
the subject of a report pursuant to Rule 17f-1 under the Securities
Exchange Act of 1934. The section of the final rule was modified to
require reporting of larcenies to be consistent with the interagency
SAR instructions.
Section 353.3(e) requires a bank to retain a copy of the SAR and
the original or business record equivalent of supporting documentation
for a period of five years. The section also requires that a bank
identify and maintain supporting documentation in its files and that
the bank make available such documentation to law enforcement agencies
upon their request. The FDIC made three changes to this section from
the version published for public comment in September 1995. First, the
record retention period was shortened from ten years to five. Second,
provision was made for the retention of business record equivalents of
original documents, such as microfiche and computer imaged record
systems, in recognition of modern record retention technology. The
third change involves the clarification of a bank's obligation to
provide supporting documentation upon request to law enforcement
officials. Supporting documentation is deemed filed with a SAR in
accordance with this section of the FDIC's final rule; as such, law
enforcement authorities need not make their access requests through
subpoena or other legal processes.
Section 353.3(f) requires the management of a bank to report the
filing of all SARs to the board of directors of the bank, or a
designated committee thereof. No change was made from the September
1995 proposal.
Section 353.3(g) provides that SARs are confidential. Requests for
SARS or the information contained therein should be declined. The final
rule also adds a requirement that a request for a SAR or the
information contained therein should be reported to the FDIC. With the
exception of the added requirement that requests for SARs be reported
to the FDIC, no changes were made to this section from the September
1995 proposal.
Section 353.3(h) sets forth the safe harbor provisions of 31 U.S.C.
5318(g). This new section, which was added to the final rule as the
result of many comments concerning this important statutory protection
for banking organizations, states that the safe harbor provisions of
the law are triggered by a report of known or suspected criminal
violations or suspicious activities to law enforcement authorities,
regardless of whether the report is made by the filing of a SAR in
accordance with the FDIC's
[[Page 6097]]
regulation or by different means for other reasons.
Comments Received
The FDIC received letters from 14 public commenters. Comments were
received from 4 community banks, 5 multinational or large regional
banks, 2 trade and industry research groups, 2 regulatory bodies, and
one consulting firm.
The large majority of commenters expressed general support for the
FDIC's proposal. None of the commenters opposed the proposed new
suspicious activity reporting rules. A number of suggestions and
requests for clarification were received. They are as follows.
Criminal Versus Suspicious Activities
Almost one half of the commenters expressed confusion over the
difference between the known or suspected criminal conduct that would
be subject to the dollar reporting thresholds (provided such conduct
does not involve an institution-affiliated party of the reporting
entity) and the suspicious activities that would be reported regardless
of dollar amount. Section 353.3(a)(4) has been revised to add a $5,000
reporting threshold and to clarify that the suspicious activity must
relate to money laundering or Bank Secrecy Act violations. A threshold
for the reporting of suspicious activities was added to reduce further
the reporting burdens on banks.
Reporting of Crimes Under State Law
Two commenters requested clarification of whether activities
constituting crimes under state law, but not under federal law, should
be reported on the SAR. The FDIC continues to encourage banks to refer
criminal and suspicious activities under both federal and state law by
filing a Suspicious Activity Report. Under the new reporting system
designed by the FDIC, the other Agencies, and FinCEN, state chartered,
nonmember banks should be able to fulfill their state reporting
obligations by filing a SAR with FinCEN.
Safe Harbor Protections; Potential Liability Under Federal and State
Laws
Some commenters expressed the concern that banks and their
institution-affiliated parties could be liable under federal and state
laws, such as the Right to Financial Privacy Act, for filing SARs with
respect to conduct that is later found not to have been criminal.
Another concern was that the filing of SARs with state and local law
enforcement agencies would subject filers to claims under state law.
Both of these concerns are addressed by the scope of the safe harbor
protection provided in 31 U.S.C. 5318(g).
The FDIC is of the opinion the safe harbor statute is broadly
defined to include the reporting of known or suspected criminal
offenses or suspicious activities, by filing a SAR or by reporting by
other means, with state and local law enforcement authorities, as well
as with the Agencies and FinCEN.
A few commenters requested that the FDIC make explicit the safe
harbor protections of 31 U.S.C. 5318(g) (2) and (3) on the SAR. The
safe harbor provisions are included in new Sec. 353.3(h) of this
regulation and on the form.
Record Retention
Half the commenters expressed the view that the proposed 10-year
period for the retention of records in Sec. 353.3(b) was excessive,
especially in light of a five year record retention requirement
contained in the Bank Secrecy Act. In recognition of the potential
burden of document retention on financial institutions, the FDIC has
limited the record retention period to five years.
Dollar Thresholds
A few comments encouraged the FDIC to raise the dollar thresholds
for known or suspected criminal conduct by non-insiders, or to
establish a dollar threshold for insiders. The FDIC has considered
these comments, but at this time, it believes the thresholds meet and
properly balance the dual concerns of prosecuting criminal activity
involving banks and minimizing the burden on banks. With respect to the
suggestion the FDIC adopt a dollar threshold for insider violations, it
is noted that insider abuse has long been a key concern and focus of
enforcement efforts at the FDIC. With the development of a new
sophisticated and automated database, the FDIC and law enforcement
agencies will have the benefit of a comprehensive and easily accessible
catalogue of known or suspected insider wrongdoing. The FDIC does not
wish to limit the information it receives regarding insider wrongdoing.
Some petty crimes, for example, repetitive thefts of small amounts of
cash by an employee who frequently transfers between banking
organizations, may warrant enforcement action or criminal prosecution.
One commenter suggested an indexed threshold, based on the regional
differences in the various dollar thresholds below which the federal,
state, and local prosecutors generally decline prosecution. While the
FDIC recognizes there may be regional variations in the dollar amount
of financial crimes generally prosecuted, the FDIC's concern is to
place the relevant information in the hands of the investigating and
prosecuting authorities. The prosecuting authorities then may consider
whether to pursue a particular matter. In the FDIC's view, the dollar
thresholds adopted in this final rule best balance the interests of law
enforcement and banks. The FDIC also believes indexed thresholds could
create more confusion than benefit to banks.
Commenters also suggested the creation of a dollar threshold for
the reporting of suspicious activities relating to money laundering
offenses. A $5,000 threshold has been established for reporting of such
suspicious activities.
Questions were raised regarding the permissibility of filing SARs
in situations in which the dollar thresholds for known or suspected
criminal conduct or suspicious activity are not met and the
applicability of the safe harbor provisions of 31 U.S.C. 5318(g) to
such non-mandatory filings. It is the opinion of the FDIC that the safe
harbor provisions of 31 U.S.C. 5318(g) cover all reports of suspected
or known criminal violations and suspicious activities to law
enforcement authorities, regardless of whether such reports are filed
pursuant to the mandatory requirements of the FDIC's regulations or are
voluntary.
Notification of On-Going Violations and of State and Local Law
Enforcement Authorities.
Proposed Sec. 353.3(b)(2) required a bank to notify the law
enforcement authorities immediately in the event of an on-going
violation. Section 353.3(c) encourages the filing of a copy of the SAR
with state and local law enforcement agencies, in appropriate cases.
This requirement and guidance were found by some commenters to be
unclear as to when immediate notification or the filing of the SAR with
state and local authorities would be required. The FDIC wishes to
clarify that immediate notification is limited to situations involving
on-going violations, for example, when a check kite or money laundering
has been detected and may be continuing. It is impossible for the FDIC
to contemplate all of the possible circumstances in which it might be
appropriate for a bank to advise state and local law enforcement
authorities. Banks should use their best judgment regarding when to
alert the
[[Page 6098]]
authorities regarding on-going criminal offenses or suspicious
activities.
Supporting Documentation
The proposed requirements that an institution maintain ``related''
documentation and make ``supporting'' documentation available to the
law enforcement agencies upon request were criticized as inconsistent
and vague. As no substantive difference is intended, the FDIC has
referred to ``supporting'' documentation in the final rule in reference
both to the maintenance and production requirements. The FDIC believes
the use of the word ``supporting'' is more precise and limits the scope
of the information which must be retained to that which would be useful
in proving that the crime has been committed and by whom it has been
committed. As to the criticism that the meaning of ``related'' or
``supporting'' documentation is vague, it is anticipated banks will use
their judgment in determining the information to be retained. It is
impossible for the FDIC to catalogue the precise types of information
covered by this requirement, as it necessarily depends upon the facts
of a particular case.
Scope of Confidentiality Requirement
Two commenters correctly noted the proposed regulation is unclear
as to whether the confidentiality requirement applies only to the
information contained on the SAR itself, or whether the requirement
extends to the ``supporting'' documentation. The FDIC takes the
position that only the existence of a SAR and its supporting
documentation are subject to the confidentiality requirements of 31
U.S.C. 5318(g). The supporting documentation itself is not subject to
the confidentiality provisions of 31 U.S.C. 5318(g). The safe harbor
provisions of 31 U.S.C. 5318(g), however, apply to the SAR and
supporting documentation, as set forth in Part 353.3(h).
Provisions of Supporting Documentation to Law Enforcement Authorities
Upon Request
Many commenters noted the guidance provided in the FDIC's proposed
regulation regarding the provision of supporting documentation to law
enforcement agencies upon their request after the filing of an SAR was
unclear or contrary to law. Some questioned whether law enforcement
agencies would still need to subpoena relevant documents from a bank.
The FDIC's regulation requires banks filing SARs to identify, maintain
and treat the documentation supporting the report as if it were
actually filed with the SAR. This means that subsequent requests from
law enforcement authorities for the supporting documentation relating
to a particular SAR do not require the service of a subpoena or other
legal processes normally associated with providing information to law
enforcement agencies.
Civil Litigation
The FDIC was encouraged to adopt regulations that would make SARs
undiscoverable in civil litigation, in order to avoid situations in
which a bank could be ordered by a court to produce a SAR in civil
litigation and could be confronted with the prospect of having to
choose between being found in contempt or violating the FDIC's rules.
In the opinion of the FDIC, 31 U.S.C. 5318(g) precludes the disclosure
of SARs. The final rule requires a bank that receives a subpoena or
other request for a SAR to notify the FDIC so that the FDIC may, if
appropriate, intervene in litigation or seek the assistance of the U.S.
Department of Justice.
Maintenance of Originals
Proposed Sec. 353.3(e) required the maintenance of supporting
documentation in its original form. A number of commenters noted
electronic storage of documents is becoming the rule rather than the
exception, and requiring the storage of paper originals would impose
undue burdens on financial institutions. Moreover, some records are
retained only in a computer database. The proposed regulation reflected
the concerns of the law enforcement agencies that the best evidence be
preserved. However, upon further consideration, the FDIC wishes to
clarify that the electronic storage of original documentation related
to the filing of a SAR is permissible. In addition, the FDIC recognizes
a bank will not always have custody of the originals of documents, and
some documents will not exist at the bank in paper form. In those
cases, preservation of the best available evidentiary documents, for
example, computer disks or photocopies, should be acceptable. This has
been reflected in the final rule by changing the reference to original
documents to original documents or ``business record equivalent''.
Investigation and Proof Burdens
Two commenters expressed the concern a bank would need to establish
probable cause before reporting crimes for which an essential element
of the proof of the crime was the intent of the actor. The FDIC does
not intend that banks assume the burden of proving illegal conduct;
rather, banks are required to report known or suspected crimes or
suspicious activities in accordance with this final rule.
Supplementary or Corrective Information; Reporting of Multiple Crimes
or Suspects
Material information that supplements or corrects an SAR should be
filed with FinCEN by means of a subsequent SAR. The first page of the
SAR provides boxes for the reporter to indicate whether the report is
an initial, a corrected, or a supplemental report.
Two commenters requested guidance on the reporting of multiple
crimes or related crimes committed by more than one individual. The
instructions to the SAR contemplate that additional suspects may be
reported by means of a supplemental page. Likewise, multiple crimes
committed by a suspect may be reported by means of multiple check-offs
on the SAR, or if needed, by a written addendum to the SAR. In the
event related crimes have been committed by more than one person, a
description of the related crimes may be made by addendum to the SAR.
The FDIC encourages filers to make a complete report of all known or
suspected criminal or suspicious activity. The SAR may be supplemented
in order to facilitate a complete disclosure.
Calculation of Time Frame for Reporting
A few commenters requested the FDIC clarify the application of the
deadline for filing SARs. The FDIC's proposed regulation used the
broadest possible language to set the time frames for the reporting of
known or suspected criminal offenses and suspicious activities in order
to best guide reporting institutions. Absolute deadlines for the filing
of SARs are important to the investigatory and prosecutorial efforts of
law enforcement authorities. It is expected banks will meet the filing
deadlines once conduct triggering the reporting requirements is
identified. Further clarification of the time frames is not needed in
the FDIC's view.
Board of Directors Notification Requirements
The commenters expressed general support for the modification of
the reporting requirement which permits reporting of SARs to a
committee of the board of directors. As a matter of clarification,
notification of a committee of the bank's board relieves the bank of
the obligation to disclose the SARs filed to the entire board. It would
be
[[Page 6099]]
expected, however, that the designated committee, for example, the
audit committee, would report to the full board of directors at regular
meetings with respect to routine matters in the same manner and to the
same extent as other committees report at regular board meetings. With
respect to serious crimes or insider malfeasance, the appointed
committee likely should consider it appropriate to make more immediate
disclosure to the full board of directors. Some larger banking
organizations expressed the view that prompt disclosure of SARs to the
board of directors or a committee would impose a serious burden since
larger organizations typically file a larger number of criminal
referral forms (now, SARs). While the FDIC acknowledges that larger
institutions may have more SARs to report to the board of directors or
a committee, this does not alter the directors' fiduciary obligation to
monitor the condition of the institution and to take action to prevent
losses. The final regulation does not dictate the content of the board
of directors or committee notification, and, in some cases, such as
when relatively minor non-insider crimes are to be reported, it may be
completely appropriate to provide only a summary listing of SARs filed.
The FDIC expects the management of banks to provide a more detailed
notification of SARs involving insiders or a potential material loss to
the institution to the board of directors or committees.
Information Sharing
It was suggested the final regulations should somehow facilitate
the sharing of information among banking organizations in order to
better detect new fraudulent schemes. It is anticipated that the
Treasury Department, through FinCEN, and the Agencies, will keep
reporting entities apprised of recent developments and trends in
banking-related crimes through periodic pronouncements, meetings, and
seminars.
Single Filing Requirement; Acknowledgment of Filings
The FDIC wishes to clarify that the filing of the SAR with FinCEN
is the only filing of the SAR that is required. Federal and state law
enforcement and bank supervisory agencies will have access to the
database created and maintained by FinCEN on behalf of the Agencies and
the Department of Treasury; thus, a single filing with FinCEN is all
that is required under the new reporting system.
Commenters also requested that the final rule permit the filing of
SARs via telecopier. Such filings are not compatible with the system
developed by the Agencies and FinCEN. Banks can file the SAR via
magnetic media using the computer software to be made available to all
banks by the FDIC and each of the other Agencies with respect to the
institutions they supervise. Larger banking organizations that
currently file currency transaction reports via magnetic tape with
FinCEN may also file SARs by magnetic tape.
Regulatory Flexibility Act
Pursuant to section 605(b) of the Regulatory Flexibility Act, the
FDIC hereby certifies that this final rule will not have a significant
economic impact on a substantial number of small entities. This final
rule primarily reorganizes the process for making criminal referrals
and has no material impact on banks, regardless of size. Accordingly, a
regulatory flexibility analysis is not required.
Paperwork Reduction Act
This final rule revises a collection of information that is
currently approved by the Office of Management and Budget (OMB) under
control number 3064-0077. The revisions raise the reporting thresholds
and permit reporting institutions to use a simplified, shorter form; to
file one form only; and to eliminate the submission of supporting
documentation with a report. These revisions have been reviewed and
approved by OMB in accordance with the requirements of the Paperwork
Reduction Act (44 U.S.C. 3501 et seq.).
The estimated average burden associated with the collection of
information contained in a SAR is approximately .6 hours per
respondent. The burden per respondent will vary depending on the nature
of the suspicious activity being reported.
Estimated Number of Respondents: 6,500.
Estimated Total Annual Burden Hours: 3,900
Comments concerning the accuracy of this burden estimate and
suggestions for reducing this burden should be directed to the
Assistant Executive Secretary (Regulatory Analysis), Room F-400,
Federal Deposit Insurance Corporation, Washington, DC 20429, and to the
Office of Management and Budget, Paperwork Reduction Project (3064-
0077), Washington, DC 20503.
List of Subjects in 12 CFR Part 353
Banks, Banking, Crime, Currency, Insider abuse, Money laundering,
Reporting and recordkeeping requirements.
For the reasons set forth in the preamble, 12 CFR part 353 of the
Code of Federal Regulations is revised to read as follows:
PART 353--SUSPICIOUS ACTIVITY REPORTS
Sec.
353.1 Purpose and scope.
353.2 Definitions.
353.3 Reports and records.
Authority: 12 U.S.C. 1818, 1819; 31 U.S.C. 5318.
Sec. 353.1 Purpose and scope.
The purpose of this part is to ensure that an insured state
nonmember bank files a Suspicious Activity Report when it detects a
known or suspected criminal violation of federal law or a suspicious
transaction related to a money laundering activity or a violation of
the Bank Secrecy Act. This part applies to all insured state nonmember
banks as well as any insured, state-licensed branches of foreign banks.
Sec. 353.2 Definitions.
For the purposes of this part:
(a) FinCEN means the Financial Crimes Enforcement Network of the
Department of the Treasury.
(b) Institution-affiliated party means any institution-affiliated
party as that term is defined in sections 3(u) and 8(b)(5) of the
Federal Deposit Insurance Act (12 U.S.C. 1813(u) and 1818(b)(5)).
Sec. 353.3 Reports and records.
(a) Suspicious activity reports required. A bank shall file a
suspicious activity report with the appropriate federal law enforcement
agencies and the Department of the Treasury, in accordance with the
form's instructions, by sending a completed suspicious activity report
to FinCEN in the following circumstances:
(1) Insider abuse involving any amount. Whenever the bank detects
any known or suspected federal criminal violation, or pattern of
criminal violations, committed or attempted against the bank or
involving a transaction or transactions conducted through the bank,
where the bank believes it was either an actual or potential victim of
a criminal violation, or series of criminal violations, or that the
bank was used to facilitate a criminal transaction, and the bank has a
substantial basis for identifying one of the bank's directors,
officers, employees, agents, or other institution-affiliated parties as
having committed or aided in the commission of the criminal violation,
regardless of the amount involved in the violation;
[[Page 6100]]
(2) Transactions aggregating $5,000 or more where a suspect can be
identified. Whenever the bank detects any known or suspected federal
criminal violation, or pattern of criminal violations, committed or
attempted against the bank or involving a transaction or transactions
conducted through the bank, and involving or aggregating $5,000 or more
in funds or other assets, where the bank believes it was either an
actual or potential victim of a criminal violation, or series of
criminal violations, or that the bank was used to facilitate a criminal
transaction, and the bank has a substantial basis for identifying a
possible suspect or group of suspects. If it is determined prior to
filing this report that the identified suspect or group of suspects has
used an ``alias'', then information regarding the true identity of the
suspect or group of suspects, as well as alias identifiers, such as
driver's license or social security numbers, addresses and telephone
numbers, must be reported;
(3) Transactions aggregating $25,000 or more regardless of
potential suspects. Whenever the bank detects any known or suspected
federal criminal violation, or pattern of criminal violations,
committed or attempted against the bank or involving a transaction or
transactions conducted through the bank, involving or aggregating
$25,000 or more in funds or other assets, where the bank believes it
was either an actual or potential victim of a criminal violation, or
series of criminal violations, or that the bank was used to facilitate
a criminal transaction, even though the bank has no substantial basis
for identifying a possible suspect or group of suspects; or
(4) Transactions aggregating $5,000 or more that involve potential
money laundering or violations of the Bank Secrecy Act. Any transaction
(which for purposes of this paragraph (a)(4) means a deposit,
withdrawal, transfer between accounts, exchange of currency, loan,
extension of credit, purchase or sale of any stock, bond, certificate
of deposit, or other monetary instrument or investment security, or any
other payment, transfer, or delivery by, through, or to a financial
institution, by whatever means effected) conducted or attempted by, at
or through the bank and involving or aggregating $5,000 or more in
funds or other assets, if the bank knows, suspects, or has reason to
suspect that:
(i) The transaction involves funds derived from illegal activities
or is intended or conducted in order to hide or disguise funds or
assets derived from illegal activities (including, without limitation,
the ownership, nature, source, location, or control of such funds or
assets) as part of a plan to violate or evade any federal law or
regulation or to avoid any transaction reporting requirement under
federal law;
(ii) The transaction is designed to evade any regulations
promulgated under the Bank Secrecy Act; or
(iii) The transaction has no business or apparent lawful purpose or
is not the sort of transaction in which the particular customer would
normally be expected to engage, and the bank knows of no reasonable
explanation for the transaction after examining the available facts,
including the background and possible purpose of the transaction.
(b) Time for reporting. (1) A bank shall file the suspicious
activity report no later than 30 calendar days after the date of
initial detection of facts that may constitute a basis for filing a
suspicious activity report. If no suspect was identified on the date of
detection of the incident requiring the filing, a bank may delay filing
a suspicious activity report for an additional 30 calendar days to
identify a suspect. In no case shall reporting be delayed more than 60
calendar days after the date of initial detection of a reportable
transaction.
(2) In situations involving violations requiring immediate
attention, such as when a reportable violation is ongoing, the bank
shall immediately notify, by telephone, an appropriate law enforcement
authority and the appropriate FDIC regional office (Division of
Supervision) in addition to filing a timely report.
(c) Reports to state and local authorities. A bank is encouraged to
file a copy of the suspicious activity report with state and local law
enforcement agencies where appropriate.
(d) Exemptions. (1) A bank need not file a suspicious activity
report for a robbery or burglary committed or attempted, that is
reported to appropriate law enforcement authorities.
(2) A bank need not file a suspicious activity report for lost,
missing, counterfeit, or stolen securities if it files a report
pursuant to the reporting requirements of 17 CFR 240.17f-1.
(e) Retention of records. A bank shall maintain a copy of any
suspicious activity report filed and the original or business record
equivalent of any supporting documentation for a period of five years
from the date of filing the suspicious activity report. Supporting
documentation shall be identified and maintained by the bank as such,
and shall be deemed to have been filed with the suspicious activity
report. A bank must make all supporting documentation available to
appropriate law enforcement authorities upon request.
(f) Notification to board of directors. The management of a bank
shall promptly notify its board of directors, or a committee thereof,
of any report filed pursuant to this section. The term ``board of
directors'' includes the managing official of an insured state-licensed
branch of a foreign bank for purposes of this part.
(g) Confidentiality of suspicious activity reports. Suspicious
activity reports are confidential. Any bank subpoenaed or otherwise
requested to disclose a suspicious activity report or the information
contained in a suspicious activity report shall decline to produce the
suspicious activity report or to provide any information that would
disclose that a suspicious activity report has been prepared or filed
citing this part, applicable law (e.g., 31 U.S.C. 5318(g)), or both,
and notify the appropriate FDIC regional office (Division of
Supervision).
(h) Safe Harbor. The safe harbor provisions of 31 U.S.C. 5318(g),
which exempts any bank that makes a disclosure of any possible
violation of law or regulation from liability under any law or
regulation of the United States, or any constitution, law or regulation
of any state or political subdivision, cover all reports of suspected
or known criminal violations and suspicious activities to law
enforcement and financial institution supervisory authorities,
including supporting documentation, regardless of whether such reports
are filed pursuant to this part or are filed on a voluntary basis.
By Order of the Board of Directors.
Dated at Washington, D.C., this 6th day of February 1996.
Federal Deposit Insurance Corporation.
Jerry L. Langley,
Executive Secretary.
[FR Doc. 96-3519 Filed 2-15-96; 8:45 am]
BILLING CODE 6714-01-P