Second in a Three-Part Series of Blog Posts

As we recently blogged, the Royal United Services Institute (“RUSI”) for Defence and Security Studies — a U.K. think tank – has released a study:  The Role of Financial Information-Sharing Partnerships in the Disruption of Crime (the “Study”).  The Study focuses on international efforts — including efforts by the United States — regarding the reporting of suspicious transactions revealing criminal activity such as money laundering and terrorist financing.  The Study critiques current approaches to Anti-Money Laundering (“AML”) reporting, and suggests improvements, primarily in the form of enhanced information sharing among financial institutions and governments.

In our first blog post in this series, we described some of the criticisms set forth by the Study regarding the general effectiveness of suspicious activity reporting, which the Study described as often presenting little or no “operational value to active law enforcement investigations.” In this second blog post pertaining to the Study, we will discuss the current landscape of AML information sharing in the United States — which is governed by Section 314 of the Patriot Act, and which is an important component of many financial institutions’ ability to fulfill successfully their AML obligations. In the third and final blog post pertaining to the Study, we will circle back to the Study and examine its findings and proposals for an enhanced process of information sharing by financial institutions and governments in order to better fight money laundering and terrorism.Through enacting the International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001 (the “Act”), which was part of the USA Patriot Act of 2001, Congress has required greater cooperation and information sharing among financial institutions, their regulatory authorities, and law enforcement authorities. Section 314(a) of the Act authorizes the Financial Crimes Enforcement Network, or FinCEN, to provide to financial institutions a “Section 314(a) List” which contains the names of individuals or entities suspected of criminal activity, and to compel those financial institutions to supply information regarding the named suspects. Further, Section 314(b) of the Act calls for financial institutions to share information among each other through the circulation of a “Section 314(b) List,” and provides these institutions with immunity from private civil actions resulting from any disclosures in conformity with the Bank Secrecy Act (“BSA”).

Required Information Sharing With Law Enforcement: Section 314(a) Lists

Federal, state, local, and foreign law enforcement agencies that are investigating money laundering or terrorism can request that FinCEN obtain certain information from one or more financial institutions.  According to the relevant regulationgoverning information sharing between government agencies and financial institutions, a foreign law enforcement agency may make such a request if it is “from a jurisdiction that is a party to a treaty that provides, or in the determination of FinCEN is from a jurisdiction that otherwise allows, law enforcement agencies in the United States reciprocal access to information comparable to that obtain[able] under this section.”

When the law enforcement agency submits such a request to FinCEN, it also must submit a written certification stating that each individual, entity, or organization about which the law enforcement agency is seeking information is engaged in, or is reasonably suspected of engaging in, terrorist activity or money laundering. After receiving a law enforcement agency’s request, FinCEN can request that a financial institution search its records to see if it maintains accounts for or does business with the person or entity being investigated. The document supplied to financial institutions that contains the names of the suspects is the Section 314(a) List, and is highly confidential. If a financial institution receives such a request from FinCEN, then it is obligated to: 1) conduct a record search; 2) report its findings to FinCEN; and 3) designate a contact person for the request and to receive similar requests for information from FinCEN in the future.

A financial institution conducting a record search is generally required to search for the following: 1) any account maintained currently or within the past 12 months for the named suspect; or 2) any transaction conducted by or on behalf of the suspect, or any transmittal of funds in which the suspect was either the transmittor or the recipient, during the preceding six months, when the transaction was required to be recorded or was recorded and maintained. The financial institution then must report to FinCEN if it has identified an account or transaction associated with any listed suspect. The institution should report the following: 1) the name of the suspected individual, entity, or organization; 2) the number of each associated account and/or the date and type of each transaction; and 3) any Social Security number, taxpayer identification number, passport number, date of birth, address, or other identifying information provided by the suspect when the account was opened or the transaction occurred.

The receipt of a request for information under Section 314(a) does not require the financial institution to close existing accounts, refuse to open future accounts, terminate a relationship with a listed suspect, or otherwise take any additional action, beyond making the required report. However, the fact that FinCEN requested information under Section 314(a) is itself confidential.

Voluntary Information Sharing Among Financial Institutions: Section 314(b) Lists

The Patriot Act and relevant regulations also contain provisions that encourage the voluntary sharing of information among financial institutions. Subject to three requirements, a financial institution or an association of financial institutions may share information — free from liability — with other financial institutions regarding individuals, entities, organizations, and countries to identify and report activities that may involve money laundering or terrorist activities. 

The first of these requirements is that any financial institution intending to voluntarily share information must submit notice of such sharing to FinCEN. Each notice provided to FinCEN is effective for a one-year period beginning on the date of the notice. After the one-year period expires, a financial institution must submit a new notice to continue to share information.

Another requirement is verification. Before sharing information, a financial institution must take reasonable steps to verify that the other financial institution with which it intends to share information also has submitted a notice form to FinCEN. The verification requirement can be satisfied by confirming that the other financial institution appears on a list that FinCEN makes available to institutions that have filed notices. Alternatively, a financial institution may confirm directly with the other institution that it has filed the requisite notice.

Lastly, the Patriot Act limits the ways in which the financial institution can use information received through the information-sharing process. An institution can use information only for the following purposes: 1) identifying and reporting on money laundering or terrorist activities; 2) determining whether to establish or maintain an account, or to engage in a transaction; or 3) assisting the financial institution in complying with any of the information-sharing requirements. Moreover, a financial institution that shares information must maintain adequate procedures to protect the security and confidentiality of such information. If these three requirements are satisfied, then a financial institution that shares information is protected from liability for doing so, or for any failure to provide notice of such sharing.  FinCEN has issued guidance stating that financial institutions may share information within the protections of Section 314(b)’s safe harbor, which is triggered when the institution suspects that a transaction may involve the proceeds of a specified unlawful activity (“SUA”) and the information relates to the SUA.

Finally, if, after receiving shared information, a financial institution knows, suspects, or has reason to suspect that an individual, entity, or organization is involved in money laundering or terrorist activity, then it should file a Suspicious Activity Report (“SAR”) if it is subject to the SAR reporting requirements. If the situation requires immediate attention (e.g., it involves suspected terrorist activity), then the financial institution also should telephone appropriate law enforcement and financial institution supervisory authorities. If the financial institution is not subject to the SAR reporting requirement, then the regulations encourage voluntarily reporting the suspicious activity.  According to the guidance issued by FinCEN, the Section 314(b) safe harbor

must be read as being consistent with the confidentiality provision set forth at 31 U.S.C. § 5318(g), which prohibits financial institutions from disclosing a [SAR] to the subject of the report. FinCEN has construed this language broadly to prohibit a financial institution from disclosing a SAR to any person other than FinCEN, the Securities Exchange Commission, or another appropriate law enforcement or regulatory agency[.] Accordingly, a financial institution, when sharing information relating to possible money laundering or terrorist activity [under Section 314(b)], may not disclose a [SAR] or reveal its existence but may share the information underlying a [SAR].