[Federal Register Volume 61, Number 24 (Monday, February 5, 1996)]
[Rules and Regulations]
[Pages 4332-4338]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 96-2246]
=======================================================================
-----------------------------------------------------------------------
DEPARTMENT OF THE TREASURY
Office of the Comptroller of the Currency
12 CFR Part 21
[Docket No. 96-02]
RIN 1557-AB19
Minimum Security Devices and Procedures, Reports of Suspicious
Activities, and Bank Secrecy Act Compliance Program
AGENCY: Office of the Comptroller of the Currency, Treasury.
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: The Office of the Comptroller of the Currency (OCC) is
amending its regulations that require national banks to file criminal
referral and suspicious transaction reports. This final rule
streamlines reporting requirements by providing that national banks
file a new Suspicious Activity Report (SAR) with the OCC and the
appropriate Federal law enforcement agencies by sending SARs to the
Financial Crimes Enforcement Network of the Department of the Treasury
(FinCEN) to report a known or suspected criminal offense or a
transaction that a bank suspects involves money laundering or violates
the Bank Secrecy Act (BSA).
EFFECTIVE DATE: April 1, 1996.
FOR FURTHER INFORMATION CONTACT: Robert S. Pasley, Assistant Director,
or Neil M. Robinson, Senior Attorney, Enforcement and Compliance
Division, (202-874-4800), or Daniel L. Cooke, Attorney, Legislative and
Regulatory Activities Division (202-874-5090).
SUPPLEMENTARY INFORMATION:
Background
The OCC, the Board of Governors of the Federal Reserve System
(Board), the Federal Deposit Insurance Corporation (FDIC), and the
Office of Thrift Supervision (OTS) (collectively, the Agencies) issued
for public comment substantially similar proposals to revise their
rules that require the institutions under their supervision to report
known or suspected criminal conduct and suspicious transactions. See 60
FR 34476 (July 3, 1995) (OCC); 60 FR 34481 (July 3, 1995) (Board); 60
FR 36366 (July 17, 1995) (OTS); 60 FR 47719 (September 14, 1995)
(FDIC). The Department of the Treasury, through FinCEN, has issued for
public comment a substantially similar proposal to require the
reporting of suspicious activities. See 60 FR 46556 (September 7,
1995).
[[Page 4333]]
As noted in the OCC's proposed regulation, the interagency Bank
Fraud Working Group, consisting of representatives from the Agencies,
law enforcement agencies, and FinCEN, has been working on the
development of a single form, the SAR, for the reporting of known or
suspected Federal criminal law violations and transactions that an
institution suspects involve money laundering or violate the BSA. The
SAR will be available to national banks both in paper form and as a
computer software shell. SARs can be obtained from the appropriate OCC
District Office listed in 12 CFR part 4.1
\1\ The OCC recently revised Part 4. See 60 FR 57315 (November
15, 1995). The geographical composition of each OCC District Office
is listed at 12 CFR 4.5. See 60 FR at 57322.
---------------------------------------------------------------------------
The new SAR reporting system will: (1) Combine the current criminal
referral rules of the Federal financial institutions regulatory
agencies with the Department of the Treasury's suspicious activity
reporting requirements; (2) create a uniform reporting form, the new
SAR, for use by financial institutions in reporting known or suspected
criminal offenses and transactions that an institution suspects involve
money laundering or violate the BSA; (3) provide a system whereby a
financial institution need only refer to the SAR and its instructions
in order to complete and file the form in conformance with the
Agencies' and FinCEN's reporting regulations; (4) require the filing of
only one form with FinCEN; (5) eliminate the need to file supporting
documentation with a SAR; (6) enable a filer, through computer software
that the OCC will provide to all national banks, to prepare a SAR on a
computer and file it by mailing a computer disc or tape; (7) establish
a database that will be accessible to Federal and state financial
institution regulators and law enforcement agencies; (8) raise the
thresholds for mandatory reporting in two categories and create a
threshold for the reporting of transactions that an institution
suspects involve money laundering or violate the BSA in order to reduce
unnecessary reporting burdens on banking organizations; and (9)
emphasize recent changes in the law that provide (a) a safe harbor from
civil liability to financial institutions and their employees when they
report known or suspected criminal offenses or suspicious activities,
by filing a SAR or by reporting by other means, and (b) criminal
sanctions for the disclosure of such a report to any party involved in
the reported transaction.
Comments Received
The OCC received letters from 33 public commenters, including 26
banks, five trade and industry research groups, and two law firms.
The large majority of commenters expressed general support for the
proposal. None of the commenters opposed the proposed new suspicious
activity reporting rules although, as discussed below, a number of
commenters made suggestions for improving the rule and requests for
clarification.
Description of the Final Rule and Responses to Comments Received
After consideration of the public comments received, the Agencies
are each promulgating a substantially identical final rule on the
filing of SARs. Under the OCC's final rule, national banks need only
follow SAR instructions for completing and filing the SAR to be in
compliance with the OCC's and FinCEN's reporting requirements.
The final rule adopts the proposal with a few additional changes
that are made in response to the comments received. The final rule
makes several changes that reduce unnecessary regulatory burden in
addition to those that were proposed. In particular, the final rule
further reduces burden by: (1) Adding a $5,000 threshold for reporting
transactions that an institution suspects involve money laundering or
violate the BSA; (2) eliminating the requirement that banks report a
transaction that is ``suspicious for any reason'' by modifying the
description of the types of suspicious activity that must be reported;
(3) reducing the record retention period from ten years to five; and
(4) permitting banks to maintain the business record equivalent of a
document rather than requiring the bank to maintain the original.
Purpose and Scope (Sec. 21.11(a))
The proposal clarified the scope of the current rule. The OCC
received no comments on this section, and it is adopted as proposed.
Definitions (Sec. 21.11(b))
The proposal added definitions for several terms used in the
operative provisions of the rule. The OCC received one comment on this
section. The commenter stated that the definition of ``known or
suspected violation'' was too broad because it included violations that
have been attempted or may occur. The OCC has concluded, however, that
attempted and potential crimes must be reported in order to maintain
effective law enforcement. The definition has been incorporated into
each of the reporting requirement provisions in Sec. 21.11(c). This
definitions section is otherwise adopted as proposed, with minor
technical changes.
SARs Required (Sec. 21.11(c))
The proposal clarified and revised the provision in the former rule
that requires a bank to file a criminal referral report. The proposal
raised the dollar thresholds that trigger filing requirements and
modified the scope of events that a national bank must report.
Most of the comments received by the OCC addressed this section.
Approximately one-third of the commenters encouraged the OCC to change
proposed Sec. 21.11(c)(4), which required banks to report all financial
transactions that are suspicious ``for any reason.'' The commenters
stated that this language was too broad and made meaningless the $5,000
reporting threshold of Sec. 21.11(c)(2) (requiring banks to report
suspected crimes committed by an identifiable suspect) and the $25,000
reporting threshold of Sec. 21.11(c)(3) (requiring banks to report
suspected crimes for which no suspect is identified). These commenters
asserted that requiring banks to report all financial transactions that
are suspicious for any reason required banks to report transactions
that would otherwise fall under the appropriate threshold and would
therefore be exempt from mandatory reporting. Several commenters also
encouraged the Agencies to adopt a threshold for reporting transactions
that are suspicious.
The OCC and the other Agencies agree with the concerns expressed by
these commenters. Accordingly, the OCC has substantially revised
Sec. 21.11(c)(4) to add a $5,000 reporting threshold for transactions
that are suspicious and to clarify that this section of the rule
requires banks to report only transactions that a bank suspects involve
money laundering or violate the BSA. Under the final rule, a national
bank must file a SAR for any transaction of $5,000 or more if the bank
knows, suspects, or has reason to suspect that the transaction: (i)
Involves funds derived from illicit activities or is intended to hide
or disguise funds derived from illicit activities; (ii) is part of a
plan to evade any reporting requirement, including those under the BSA,
or (iii) has no business or apparent lawful purpose or is not the sort
in which the particular customer would normally be expected to engage,
and the institution knows of no reasonable explanation for the
transaction after
[[Page 4334]]
examining the available facts, including the background and possible
purpose of the transaction. For purposes of the subsection, the term
``transaction'' means a deposit, withdrawal, transfer between accounts,
exchange of currency, loan, extension of credit, or purchase or sale of
any stock, bond, certificate of deposit, or other monetary instrument
or investment security, or any other payment, transfer, or delivery by,
through, or to a financial institution, by whatever means effected.
The text of Sec. 21.11(c)(4) in the final rule recognizes that
efforts to deter, substantially reduce, and eventually eradicate money
laundering are greatly assisted when financial institutions report
transactions that they suspect may involve money laundering or violate
the BSA. The requirements of this section comply with the
recommendations adopted by multi-country organizations in which the
United States is an active participant, including the Financial Action
Task Force of the G-7 nations and the Organization of American States,
and are consistent with European Community's directive on preventing
money laundering through financial institutions.
A few commenters encouraged the Agencies to raise the dollar
thresholds for known or suspected criminal conduct by non-insiders, and
several commenters urged the Agencies to establish a dollar threshold
for insiders.
The Agencies considered these comments, but concluded that the
thresholds, as proposed, properly balance the dual concerns of
prosecuting criminal activity involving national banks and minimizing
the burden on national banks. With respect to the suggestion that the
OCC adopt a dollar threshold for insider violations, the OCC notes that
insider abuse has long been a key concern and focus of enforcement
efforts at the OCC. With the development of a new sophisticated and
automated database, the OCC and law enforcement agencies will have the
benefit of a comprehensive and easily accessible catalogue of known or
suspected insider wrongdoing. When insiders are involved, even small-
scale offenses--for example, repetitive thefts of small amounts of cash
by an employee who frequently moves between banking organizations--may
undermine the integrity of banking institutions and warrant enforcement
action or criminal prosecution. Therefore, the OCC does not wish to
limit the information it receives regarding insider wrongdoing.
One commenter suggested an indexed threshold, based on the regional
differences in the various dollar thresholds below which the Federal,
state, and local prosecutors generally decline criminal prosecution.
Any regional variations in the dollar amount of financial crimes
generally prosecuted involve issues pertaining to the exercise of
prosecutorial discretion that are not within the OCC's province to
resolve. The OCC's objective is to ensure that banks place the relevant
information in the hands of the investigating and prosecuting
authorities. In the OCC's view, the dollar thresholds proposed and
adopted in this final rule best balance the interests of law
enforcement authorities and national banks. The OCC also believes that
indexed thresholds could generate additional burden for banks by
creating a standard that is unclear and confusing.
One commenter noted that the OCC and OTS proposals keyed the
reporting thresholds to the amount of loss or potential loss to the
institution, while the Board keyed its reporting thresholds to events
that ``involve or aggregate'' more than the appropriate threshold. The
commenter urged all agencies to use the OCC and OTS standard.
The OCC observes that its former provision used the same language
that the Board used in its proposal and required reporting of all
events that ``involve or aggregate'' more than the appropriate
threshold. The OCC has concluded that this language provides greater
predictability in determining when to file a SAR because the amount of
loss or potential loss may differ from the actual sum involved and may
be difficult to calculate in many instances. The OCC believes that,
were the Agencies to rely on the amount of loss or potential loss, a
national bank might consider the potential for recovery of funds to
estimate loss.
To avoid potential uncertainty, the OCC's final rule conforms to
the OCC's former rule by requiring national banks to file SARs whenever
a bank detects a known or suspected Federal criminal violation, or
pattern of criminal violations, committed or attempted against the bank
or involving a transaction or transactions conducted through the bank
that involves or aggregates more than the appropriate threshold.
One commenter expressed the concern that a banking organization
would need to establish probable cause before reporting crimes for
which an essential element of the proof of the crime was the intent of
the actor.
This is not the case, however. Nothing in the rule requires that
national banks assume the burden of proving illegal conduct; rather,
banks are required only to report actual or suspected crimes or
suspicious activities for possible action by the appropriate
authorities.
A few commenters requested clarification of whether the proposal
required a national bank to file multiple SARs for a crime committed by
several individuals or multiple related crimes by the same individual.
Financial institutions should complete one SAR to describe a
suspected or known criminal offense committed by several individuals.
The instructions to the SAR permit banks to report additional suspects
by means of a supplemental page. A financial institution should file a
separate SAR whenever an individual commits a suspected or known crime.
If the same individual commits multiple or related crimes within the
same reporting period, the financial institution may consider reporting
the crimes on one SAR, but only if doing so will present clearly what
has occurred.
National banks are encouraged to file the SAR via magnetic media
using the computer software to be provided to all national banks by the
OCC. National banks that currently file currency transaction reports
via magnetic tape with FinCEN may also file SARs by magnetic tape.
FinCEN has advised the Agencies that it will be unable to accept
filings via telecopier/FAX.
Time for Reporting (Sec. 21.11(d))
Proposed section 21.11(d) did not substantively change the current
requirements with respect to the timing of the reporting of known or
suspected criminal offenses and transactions that a bank suspects
involve money laundering or violate the BSA.
Several commenters requested that the OCC clarify the application
of the filing deadline for SARs when no suspect is identified at the
initial detection of the suspicious activity, the amount of the
transaction is less than the applicable $25,000 mandatory reporting
threshold, and the institution later identifies a suspect. For example,
some commenters wondered if they would be in violation of the rule if a
suspect were identified after 60 days had past.
These comments reflect a misunderstanding of how the filing
requirements operate. The time period for reporting commences only when
a bank identifies a known or potential violation that fits within the
thresholds. Therefore, if a bank uncovers a transaction involving less
than $25,000 (but more than $5,000), but does not identify a potential
suspect until after the passage of 60 days, the 30-day
[[Page 4335]]
period for filing a SAR would begin to run only as of the time the
suspect is identified. To make this point clear, the final rule inserts
the word ``reportable'' and states that in no case shall reporting be
delayed more than 60 calendar days after the date of initial detection
of a reportable transaction.
Section 21.11(d) also requires a bank to notify law enforcement
authorities immediately in the event of an on-going violation. The OCC
wishes to clarify that immediate notification is limited to situations
involving on-going violations, for example, when a check kite or money
laundering has been detected and may be continuing. It is not feasible,
however, for the OCC to contemplate all of the circumstances in which
it might be appropriate for a financial institution immediately to
advise state and local law enforcement authorities. National banks
should use their best judgment regarding when to alert these
authorities regarding on-going criminal offenses or suspicious
activities that involve money laundering or violate the BSA.
Reports to State and Local Authorities (Sec. 21.11(e))
The proposal encouraged national banks to file SARs with state and
local law enforcement agencies when appropriate. Some commenters
expressed the concern that national banks and their institution-
affiliated parties could be liable under Federal and state laws, such
as the Right to Financial Privacy Act (12 U.S.C. Sec. 3401 et seq.)
(RFPA), for filing SARs with respect to conduct that is later found not
to have been criminal. Another concern was that the filing of SARs with
state and local law enforcement agencies would subject filers to claims
under state law. Both of these concerns are addressed by the scope of
the safe harbor protection provided in 31 U.S.C. 5318(g) and, as
discussed below, stated in new paragraph 21.11(l) of this section.
Exceptions (Sec. 21.11(f))
Proposed Sec. 21.11(g) set forth two exceptions to the SAR filing
requirement, which did not substantively change its predecessor
provision. Under the proposal, a national bank was not required to file
a SAR for a robbery or burglary that the bank reported to appropriate
law enforcement authorities or to file a SAR for lost, missing,
counterfeit, or stolen securities for which the bank filed a report
pursuant to 17 CFR 240.17f-l.
The OCC received no comments on this section and adopts it as
proposed. The final rule, however, reverses the order of proposed
paragraphs (g) and (f) to conform with the other Agencies' rules.
Retention of Records (Sec. 21.11(g))
The proposal required a bank to retain a copy of the SAR and the
original of any underlying documentation relating to the SAR for ten
years.
Approximately one-third of the commenters expressed the view that
the ten-year period for the retention of records in proposed 21.11(f)
was excessive, especially in light of the five-year record retention
requirement that is contained in the BSA. Several commenters
recommended that the Agencies adopt a five-year requirement. The
Agencies agree, and the OCC's final rule reduces the required record
retention period to five years.
Many commenters asserted that the provision that required banks to
disclose supporting documentation to law enforcement agencies upon
their request was either unclear or posed potential RFPA liability.
Some therefore questioned whether law enforcement agencies would still
need to subpoena relevant documents from a financial institution.
The final rule requires national banks filing SARs to identify,
maintain, and treat the documentation supporting the report as if it
were actually filed with the SAR. This means that subsequent requests
from law enforcement authorities for the supporting documentation
relating to a particular SAR do not require the service of a subpoena
or other legal processes normally associated with providing information
to law enforcement agencies. This treatment of supporting documentation
is not a substantive change from the current rule's requirement that
supporting documentation be filed with each referral, since it only
changes the timing of when an agency will have access to the supporting
documentation, not the fact that the information needs to be assembled
and made available for law enforcement purposes. The Agencies are
therefore of the opinion that the final rule's treatment does not give
rise to RFPA liability.
Proposed section 21.11(f) required the maintenance of supporting
documentation in its original form. A number of commenters noted that
electronic storage of documents is becoming the rule rather than the
exception, and that requiring the storage of paper originals would
impose undue burdens on financial institutions. Moreover, some records
are retained only in a computer database.
The proposal reflected the concerns of the law enforcement agencies
that the best evidence be preserved. However, this can include
electronic storage of original documentation related to the filing of
an SAR. The OCC recognizes that a banking organization will not always
have custody of the originals of documents and that some documents will
not exist at the organization in paper form. In those cases,
preservation of the best available evidentiary documents, for example,
computer disks or photocopies, will be acceptable. The final rule
reflects these changes by allowing banks to retain business record
equivalents of supporting documentation.
Several commenters criticized as inconsistent and vague the
proposed requirements that an institution maintain ``related''
documentation and make ``supporting'' documentation available to the
law enforcement agencies upon request. One commenter questioned whether
the OCC intended a substantive difference in meaning between
``related'' and ``supporting.''
Because a substantive difference is not intended, the OCC has
referred to ``supporting'' documentation in the final rule in stating
both the maintenance and production requirements. The OCC believes that
the use of the word ``supporting'' is more precise and limits the scope
of the information that must be segregated and retained to information
that would be relevant in proving the crime and the individuals who
committed the crime.
The OCC anticipates that banks will use their best judgment in
determining the scope of the information to be retained. It is not
feasible for the OCC to catalogue the precise types of information
covered by this requirement because the scope necessarily depends upon
the facts of a particular case.
Notification to Board of Directors (Sec. 21.11(h))
The proposal reduced the burden on boards of directors to review
criminal referrals by allowing the management of a bank promptly to
notify either the board of directors or a committee of directors or
executive officers designated by the board to receive notice of the
filing of an SAR. The proposal prohibited a bank from giving notice of
an SAR filing to any director or officer who is a suspect in the known
or suspected violation. The proposal also required management to notify
the entire board of directors, except the suspect, when an executive
officer or director is a suspect.
Most commenters supported this provision of the proposal. One
commenter, however, questioned whether the provision that required
[[Page 4336]]
prompt notification of the board of directors required notice prior to
the next board meeting. This commenter said that a requirement to
provide notice between board meetings would be more burdensome than the
former rule, which required notification not later than the next board
meeting.
The OCC did not intend for the rule as proposed to be more
burdensome than the former rule and does not construe the requirement
for prompt notification to mean that notice must be provided before the
next board meeting. The final rule is intended to be flexible. For
example, the OCC expects that, with respect to serious crimes, the
appointed committee may consider it appropriate to make more immediate
disclosure to the full board. The final rule does not dictate the
content of the board or committee notification, and, in some cases,
such as when relatively minor non-insider crimes are to be reported, it
may be completely appropriate to provide only a summary listing of SARs
filed.
Compliance (Sec. 21.11(i))
The proposal clarified that the OCC treats a national bank's
failure to comply with reporting requirements like any other violation
of law or regulation, which may result in supervisory actions,
including enforcement action. The proposal also conformed the OCC's
penalty standard with the rules of the Board and the FDIC by removing
the requirement that the failure to file had to be the result of a
willful failure or careless disregard of applicable filing obligations.
The OCC received no comments on this section and adopts it as
proposed.
Obtaining SARs (Sec. 21.11(j))
The proposal added section 21.11(j), which provides national banks
with information on how to obtain SARs. The OCC received no comments on
this section and adopts it as proposed.
Confidentiality of SARs (Sec. 21.11(k))
The proposal preserved the confidential nature of criminal referral
reports by stating that a SAR and the information contained in a SAR
are confidential.
One commenter correctly noted that the proposed regulation is
unclear as to whether the confidential treatment applies only to the
information contained on the SAR itself or also extends to the
``supporting'' documentation. The OCC takes the position that only the
SAR and the information on the SAR are confidential under 31 U.S.C.
5318(g). However, as stated below in the discussion of new
Sec. 21.11(l), the safe harbor provisions of 31 U.S.C. 5318(g) for
disclosure of information to law enforcement agencies apply to both
SARs and the supporting documentation.
Several commenters urged the OCC to adopt regulations that would
make SARs undiscoverable in civil litigation, in order to avoid
situations in which a financial institution could be ordered by a court
to produce a SAR in civil litigation and could be confronted with the
prospect of having to choose between being found in contempt or
violating the OCC's rules. In the opinion of the OCC, 31 U.S.C. 5318(g)
precludes the disclosure of SARs in discovery.2 However, the final
rule requires a bank that receives a subpoena or other request for a
SAR to notify the OCC so that the OCC may intervene in litigation if
appropriate.
\2\ Section 5318(g)(2) prohibits financial institutions and
directors, officers, employees, or agents of financial institutions
from notifying any person involved in a suspicious transaction that
the transaction has been reported.
---------------------------------------------------------------------------
This notification requirement is consistent with the approach the
OCC has recently taken in the final revisions to part 4 of its
regulations. In part 4, the OCC requires that a person or entity served
in civil litigation with a subpoena provide non-public OCC information
notify the OCC so that the OCC can determine whether it should
intervene in the proceedings. See 60 FR 57315 (November 15, 1995).
Right to Financial Privacy Act Safe Harbor (Sec. 21.11(l))
Several commenters expressed concern that disclosure of SARs and
supporting documentation to law enforcement agencies could give rise to
potential RFPA liability. In particular, the commenters questioned the
permissibility of voluntarily filing SARs with state agencies or in
situations in which the amount of a transaction falls below the
appropriate minimum threshold for the known or suspected criminal
conduct, or when a transaction involving money laundering or the BSA
does not meet the requisite standards or thresholds.
The Agencies are of the opinion that the broad safe harbor
protection of 31 U.S.C. 5318(g)(3) includes any reporting of known or
suspected criminal offenses or suspicious activities with state and
local law enforcement authorities or with the Agencies and FinCEN,
regardless of whether such reports are filed pursuant to the mandatory
requirements of the OCC's regulations or are filed on a voluntary
basis.3 The OCC takes the same position with regard to the
disclosure of documentation supporting a report.
\3\ Section 5318(g)(3) states that a financial institution will
not be held liable to any person under any law or regulation of the
United States or any constitution, law, or regulation of any state
for making a disclosure of any possible violation of law or
regulation.
---------------------------------------------------------------------------
The OCC's final rule adds new paragraph 21.11(l), which states this
position.
Comments on Information Sharing
Several commenters suggested that the final rule should facilitate
the sharing of information among banking organizations in order to
better detect new fraudulent schemes. It is anticipated that the
Treasury Department, through FinCEN, and the Agencies, will keep
reporting entities apprised of recent developments and trends in
banking-related crimes through periodic pronouncements, meetings, and
seminars.
Effective Date
Section 302 of the Riegle Community Development and Regulatory
Improvement Act of 1994 delays the effective date of regulations
promulgated by the Federal banking agencies that impose additional
reporting, disclosure, or other new requirements to the first day of
the first calendar quarter following publication of the final rule. The
OCC believes that Section 302 is not applicable to this final rule,
because the effect of the regulation is to reduce reporting burdens on
national banks. The final regulation does not impose any additional
reporting or other requirements not already contained in the current
version of the OCC's criminal referral regulations. The effective date
of this final rule is April 1, 1996.
Derivation Table for 12 CFR Part 21
[This table directs readers to the provisions of the current 12 CFR part
21.11 on which the revised 12 CFR part 21.11 is based]
------------------------------------------------------------------------
Revised provision Current provision Comments
------------------------------------------------------------------------
Sec. 21.11(a)............ Sec. 21.11(a)........ Modified.
Sec. 21.11(b)(1)......... ...................... Added.
Sec. 21.11(b)(2)......... ...................... Added.
Sec. 21.11(b)(3)......... ...................... Added.
Sec. 21.11(c)(1)......... Sec. 21.11(b)(2)..... Modified.
Sec. 21.11(c)(2)......... Sec. 21.11(b)(3)..... Modified.
Sec. 21.11(c)(3)......... Sec. 21.11(b) (1) & Modified.
(4).
[[Page 4337]]
Sec. 21.11(c)(4)......... Derived in part from Added.
the OCC's current
criminal referral
forms.
Sec. 21.11(d)(1)......... Sec. 21.11(c) (1) & Modified.
(3).
Sec. 21.11(d)(2)......... Sec. 21.11(c)(2)..... Modified.
Sec. 21.11(e)............ Sec. 21.11(d)........ Modified.
Sec. 21.11(f)(1)......... Sec. 21.11(f)(1)..... Modified.
Sec. 21.11(f)(2)......... Sec. 21.11(f)(2)..... Modified.
Sec. 21.11(g)............ ...................... Added.
Sec. 21.11(h)(1)......... Sec. 21.11(g)........ Modified.
Sec. 21.11(h)(2)......... ...................... Added.
Sec. 21.11(i)............ Sec. 21.11(h)........ Modified.
Sec. 21.11(j)............ ...................... Added.
Sec. 21.11(k)............ ...................... Added.
Sec. 21.11(l)............ ...................... Added.
------------------------------------------------------------------------
Regulatory Flexibility Act
Pursuant to section 605(b) of the Regulatory Flexibility Act, the
OCC hereby certifies that this final rule will not have a significant
economic impact on a substantial number of small entities. This rule
primarily reorganizes the process for making criminal referrals and
reduces administrative and cost burdens on national banks. It has no
material economic impact on national banks, regardless of size.
Accordingly, a regulatory flexibility analysis is not required.
Executive Order 12866
The OCC has determined that this document is not a significant
regulatory action under Executive Order 12866.
Unfunded Mandates Act of 1995 Statement
Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L.
104-4 (Unfunded Mandates Act) (signed into law on March 22, 1995)
requires that an agency prepare a budgetary impact statement before
promulgating a rule that includes a Federal mandate that may result in
expenditure by state, local, and tribal governments, in the aggregate,
or by the private sector, of $100 million or more in any one year. If a
budgetary impact statement is required, section 202 of the Unfunded
Mandates Act also requires an agency to identify and consider a
reasonable number of regulatory alternatives before promulgating a
rule. The OCC has determined that this final rule will not result in an
expenditure by national banks of $100 million or more and has concluded
that, on balance, this final rule provides the most cost-effective and
least burdensome alternative to achieve the objectives of the rule. The
OCC has therefore determined that it is not required to prepare a
written statement under section 202.
List of Subjects in 12 CFR Part 21
Bank Secrecy Act, Crime, Currency, National banks, Reporting and
recordkeeping requirements, Security measures.
Authority and Issuance
For the reasons set out in the preamble, part 21 of chapter I of
title 12 of the Code of Federal Regulations is amended as follows:
PART 21--MINIMUM SECURITY DEVICES AND PROCEDURES, REPORTS OF
SUSPICIOUS ACTIVITIES, AND BANK SECRECY ACT COMPLIANCE PROGRAM
1. The heading of part 21 is revised to read as set forth above.
2. The authority citation for part 21 is revised to read as
follows:
Authority: 12 U.S.C. 93a, 1818, 1881-1884, and 3401-3422; 31
U.S.C. 5318.
3. Subpart B, consisting of Sec. 21.11, is revised to read as
follows:
Subpart B--Reports of Suspicious Activities
Sec. 21.11 Suspicious Activity Report.
(a) Purpose and scope. This section ensures that national banks
file a Suspicious Activity Report when they detect a known or suspected
violation of Federal law or a suspicious transaction related to a money
laundering activity or a violation of the Bank Secrecy Act. This
section applies to all national banks as well as any Federal branches
and agencies of foreign banks licensed or chartered by the OCC.
(b) Definitions. For the purposes of this section:
(1) FinCEN means the Financial Crimes Enforcement Network of the
Department of the Treasury.
(2) Institution-affiliated party means any institution-affiliated
party as that term is defined in sections 3(u) and 8(b)(5) of the
Federal Deposit Insurance Act (12 U.S.C. 1813(u) and 1818(b)(5)).
(3) SAR means a Suspicious Activity Report on the form prescribed
by the OCC.
(c) SARs required. A national bank shall file a SAR with the
appropriate Federal law enforcement agencies and the Department of the
Treasury in accordance with the form's instructions, by sending a
completed SAR to FinCEN in the following circumstances:
(1) Insider abuse involving any amount. Whenever the national bank
detects any known or suspected Federal criminal violation, or pattern
of criminal violations, committed or attempted against the bank or
involving a transaction or transactions conducted through the bank,
where the bank believes that it was either an actual or potential
victim of a criminal violation, or series of criminal violations, or
that the bank was used to facilitate a criminal transaction, and the
bank has a substantial basis for identifying one of its directors,
officers, employees, agents or other institution-affiliated parties as
having committed or aided in the commission of a criminal act,
regardless of the amount involved in the violation.
(2) Violations aggregating $5,000 or more where a suspect can be
identified. Whenever the national bank detects any known or suspected
Federal criminal violation, or pattern of criminal violations,
committed or attempted against the bank or involving a transaction or
transactions conducted through the bank and involving or aggregating
$5,000 or more in funds or other assets where the bank believes that it
was either an actual or potential victim of a criminal violation, or
series of criminal violations or that it was used to facilitate a
criminal transaction, and the bank has a substantial basis for
identifying a possible suspect or group of suspects. If it is
determined prior to filing this report that the identified suspect or
group of suspects has used an alias, then information regarding the
true identity of the suspect or group of suspects, as well as alias
identifiers, such as drivers' license or social security numbers,
addresses and telephone numbers, must be reported.
(3) Violations aggregating $25,000 or more regardless of potential
suspects. Whenever the national bank detects any known or suspected
Federal criminal violation, or pattern of criminal violations,
committed or attempted against the bank or involving a transaction or
transactions conducted through the bank and involving or aggregating
$25,000 or more in funds or other assets where the bank believes that
it was either an actual or potential victim of a criminal violation, or
series of criminal violations, or that the bank was used to facilitate
a criminal transaction, even though there is no substantial basis for
identifying a possible suspect or group of suspects.
(4) Transactions aggregating $5,000 or more that involve potential
money laundering or violate the Bank Secrecy Act. Any transaction
(which for purposes of this paragraph (c)(4) means a deposit,
withdrawal, transfer between
[[Page 4338]]
accounts, exchange of currency, loan, extension of credit, or purchase
or sale of any stock, bond, certificate of deposit, or other monetary
instrument or investment security, or any other payment, transfer, or
delivery by, through, or to a financial institution, by whatever means
effected) conducted or attempted by, at or through the national bank
and involving or aggregating $5,000 or more in funds or other assets,
if the bank knows, suspects, or has reason to suspect that:
(i) The transaction involves funds derived from illegal activities
or is intended or conducted in order to hide or disguise funds or
assets derived from illegal activities (including, without limitation,
the ownership, nature, source, location, or control of such funds or
assets) as part of a plan to violate or evade any law or regulation or
to avoid any transaction reporting requirement under Federal law;
(ii) The transaction is designed to evade any regulations
promulgated under the Bank Secrecy Act; or
(iii) The transaction has no business or apparent lawful purpose or
is not the sort in which the particular customer would normally be
expected to engage, and the institution knows of no reasonable
explanation for the transaction after examining the available facts,
including the background and possible purpose of the transaction.
(d) Time for reporting. A national bank is required to file a SAR
no later than 30 calendar days after the date of the initial detection
of facts that may constitute a basis for filing a SAR. If no suspect
was identified on the date of detection of the incident requiring the
filing, a national bank may delay filing a SAR for an additional 30
calendar days to identify a suspect. In no case shall reporting be
delayed more than 60 calendar days after the date of initial detection
of a reportable transaction. In situations involving violations
requiring immediate attention, such as when a reportable violation is
ongoing, the financial institution shall immediately notify, by
telephone, an appropriate law enforcement authority and the OCC in
addition to filing a timely SAR.
(e) Reports to state and local authorities. National banks are
encouraged to file a copy of the SAR with state and local law
enforcement agencies where appropriate.
(f) Exceptions. (1) A national bank need not file a SAR for a
robbery or burglary committed or attempted that is reported to
appropriate law enforcement authorities.
(2) A national bank need not file a SAR for lost, missing,
counterfeit, or stolen securities if it files a report pursuant to the
reporting requirements of 17 CFR 240.17f-1.
(g) Retention of records. A national bank shall maintain a copy of
any SAR filed and the original or business record equivalent of any
supporting documentation for a period of five years from the date of
the filing of the SAR. Supporting documentation shall be identified and
maintained by the bank as such, and shall be deemed to have been filed
with the SAR. A national bank shall make all supporting documentation
available to appropriate law enforcement agencies upon request.
(h) Notification to board of directors--(1) Generally. Whenever a
national bank files a SAR pursuant to this section, the management of
the bank shall promptly notify its board of directors, or a committee
of directors or executive officers designated by the board of directors
to receive notice.
(2) Suspect is a director or executive officer. If the bank files a
SAR pursuant to paragraph (c) of this section and the suspect is a
director or executive officer, the bank may not notify the suspect,
pursuant to 31 U.S.C. 5318(g)(2), but shall notify all directors who
are not suspects.
(i) Compliance. Failure to file a SAR in accordance with this
section and the instructions may subject the national bank, its
directors, officers, employees, agents, or other institution-affiliated
parties to supervisory action.
(j) Obtaining SARs. A national bank may obtain SARs and the
Instructions from the appropriate OCC District Office listed in 12 CFR
part 4.
(k) Confidentiality of SARs. SARs are confidential. Any national
bank or person subpoenaed or otherwise requested to disclose a SAR or
the information contained in a SAR shall decline to produce the SAR or
to provide any information that would disclose that a SAR has been
prepared or filed, citing this section, applicable law (e.g., 31 U.S.C.
5318(g)), or both, and shall notify the OCC.
(l) Safe harbor. The safe harbor provision of 31 U.S.C. 5318(g),
which exempts any financial institution that makes a disclosure of any
possible violation of law or regulation from liability under any law or
regulation of the United States, or any constitution, law, or
regulation of any state or political subdivision, covers all reports of
suspected or known criminal violations and suspicious activities to law
enforcement and financial institution supervisory authorities,
including supporting documentation, regardless of whether such reports
are required to be filed pursuant to this section or are filed on a
voluntary basis.
Dated: January 30, 1996.
Eugene A. Ludwig,
Comptroller of the Currency.
[FR Doc. 96-2246 Filed 2-2-96; 8:45 am]
BILLING CODE 4810-33-P