Proposed FinCEN Pilot Program on Sharing of Suspicious Activity Reports with Foreign Affiliates
On January 25, 2022, the Financial Crimes Enforcement Network (“FinCEN”) issued its anticipated Notice of Proposed Rulemaking seeking public comment on a proposed pilot program that would permit certain financial institutions to share suspicious activity reports (“SARs”) and information related to SARs with the institutions’ foreign branches, subsidiaries, and affiliates (the “NPRM”). The proposed rule is part of a broader reevaluation and recalibration of the federal anti-money laundering regulatory structure directed by the Anti-Money Laundering Act of 2020 (“AMLA”). The NPRM sets out a highly restrictive program, designed to keep FinCEN informed of any sharing of SAR information with entities outside the United States. Participation in the program may be an important first step in creating an enterprise-wide anti-money laundering compliance function that is able to communicate robustly in support of the core function of an effective compliance program—providing highly useful information to law enforcement. However, financial institutions should carefully assess the value to their organization of participating in the program before enrolling.
Existing regulatory framework
Until FinCEN finalizes the proposed rule, following a 60-day comment period ending on March 28, 2022, and some undefined time to address the comments, the current regulatory framework remains unchanged. The BSA provides that financial institutions are generally prohibited from disclosing the existence of a SAR or any information that would reveal the existence of a SAR to unauthorized persons.[i] This prohibition extends to productions pursuant to a third-party subpoena and FinCEN requires it be notified if an institution receives a subpoena from a private party.
With respect to sharing of information with foreign entities, 2006 FinCEN Guidance states that a U.S. branch of a foreign bank may share a SAR with its head office, and a U.S. bank or savings association may share a SAR with its controlling company, whether domestic or foreign. In 2010, FinCEN further permitted the sharing of SARs and related information by depository institutions with their affiliates that are subject to SAR obligations under the BSA. However, in the 2010 Guidance, FinCEN clarified that “[b]ecause foreign branches of U.S. banks are regarded as foreign banks for purposes of the BSA . . . they are ‘affiliates’ that are not subject to a SAR regulation,” and sharing SAR information with them was prohibited. The proposed program would provide an avenue allowing certain institutions under FinCEN’s authority—not just banks—to share SAR and related information with their foreign affiliates.
The Pilot Program
The NPRM seeks to expand financial institutions’ ability to share SARs and SAR information abroad. FinCEN’s stated objective is to collect stakeholder feedback regarding long-term approaches towards SAR sharing with foreign affiliates as a way to combat illicit finance risks and promote enterprise-wide risk management while ensuring the confidentiality of SARs. Section 6212(a) of the AMLA requires the Secretary of the Treasury to issue rules establishing the pilot program contemplated by the NPRM for combating illicit finance risks.[ii] The proposed limited-duration pilot program would allow a U.S. financial institution with SAR-reporting obligations to share “SAR and related information” with its foreign affiliates. The NPRM defines “SAR and related information” as “a [SAR] [filed with FinCEN] . . . and any information that would reveal the existence of such a report.” FinCEN clarifies in a footnote that the proposed rule does not include SARs filed on insider abuse pursuant to 12 CFR 21.11(c)(1).
To participate in the program, a financial institution would be required to submit a detailed application to and receive approval from FinCEN. Proposed additional requirements for participation include: (1) the submission of quarterly reports, (2) policies and procedures for responding to foreign law enforcement requests or subpoenas, (3) written confidentiality agreements, and (4) the hiring of certain U.S. personnel.
The proposed program would authorize financial institutions to share SARs and SAR related information with a foreign “affiliate;” i.e., “an entity that controls, is controlled by, or is under common control with another entity, including branch or subsidiary.” However, as required by the AMLA, the proposed program would still prohibit such information sharing with affiliates in China, Russia, state sponsors of terrorism (currently North Korea, Iran, Syria, and Cuba), and those countries and entities identified as primary money laundering concerns, pursuant to Section 311 of the USA PATRIOT Act. The AMLA and the proposed rule afford the Secretary of the Treasury the discretion to permit sharing with China and Russia if the Secretary notifies Congress that doing so is in the national security interest of the U.S. The Secretary cannot waive the other prohibitions.
It is imperative that any financial institution considering participating in the program do so only after a thorough evaluation of how the program will affect its compliance operation and resources, and after developing detailed policies and procedures governing the mechanics of sharing. Policies and procedures should include robust confidentiality guardrails within the foreign affiliate. For example, these should include who specifically will receive the SAR and related materials, how will that person mechanically store the SAR information and distribute it to persons authorized to view the materials, who will receive authorization to view SARs, and what is the criteria for granting authorization and for what purpose. To encourage participation, FinCEN has stated that it would review applications expeditiously and endeavor to respond within 90 days.
Critically, financial institutions cannot use participation in the proposed pilot program to outsource the BSA compliance function to foreign branches. The NPRM specifically prohibits “establishing or maintaining any operation located outside the United States the primary purpose of which is to ensure compliance with the Bank Secrecy Act as a result of the information sharing granted by [the pilot program].” But the NRPM does not provide guidance regarding what constitutes a “primary purpose” or precisely what functions may or may not be performed abroad. Therefore, if the program is approved, participants should work closely with their regulator before delegating any aspect of their BSA compliance programs to offshore personnel.
Participating in the program may offer financial institutions unique benefits. For example, sharing of information across borders may create synergies and improve the AML function overall by helping global banks have an international view of a customer and better understand cross-border money laundering typologies. It may also enable participating institutions to shape regulations for the future by providing data on the benefits of information sharing.
FinCEN’s pilot program may be a unique opportunity for global financial institutions to explore creating synergies in their anti-money laundering operations. Doing so, however, would require careful analysis, planning, and execution. Importantly, it also would require proactive and consistent engagement with FinCEN and the participant’s functional regulator.
[i] 31 U.S.C. § 5318(g)(2); 31 CFR § 1020.320(e)(1) (SAR confidentiality requirements for banks).
[ii] 31 U.S.C § 5318(g)(8).