[Federal Register Volume 61, Number 24 (Monday, February 5, 1996)]
[Rules and Regulations]
[Pages 4332-4338]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 96-2246]



=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 21

[Docket No. 96-02]
RIN 1557-AB19


Minimum Security Devices and Procedures, Reports of Suspicious 
Activities, and Bank Secrecy Act Compliance Program

AGENCY: Office of the Comptroller of the Currency, Treasury.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Office of the Comptroller of the Currency (OCC) is 
amending its regulations that require national banks to file criminal 
referral and suspicious transaction reports. This final rule 
streamlines reporting requirements by providing that national banks 
file a new Suspicious Activity Report (SAR) with the OCC and the 
appropriate Federal law enforcement agencies by sending SARs to the 
Financial Crimes Enforcement Network of the Department of the Treasury 
(FinCEN) to report a known or suspected criminal offense or a 
transaction that a bank suspects involves money laundering or violates 
the Bank Secrecy Act (BSA).

EFFECTIVE DATE: April 1, 1996.

FOR FURTHER INFORMATION CONTACT: Robert S. Pasley, Assistant Director, 
or Neil M. Robinson, Senior Attorney, Enforcement and Compliance 
Division, (202-874-4800), or Daniel L. Cooke, Attorney, Legislative and 
Regulatory Activities Division (202-874-5090).

SUPPLEMENTARY INFORMATION:

Background

    The OCC, the Board of Governors of the Federal Reserve System 
(Board), the Federal Deposit Insurance Corporation (FDIC), and the 
Office of Thrift Supervision (OTS) (collectively, the Agencies) issued 
for public comment substantially similar proposals to revise their 
rules that require the institutions under their supervision to report 
known or suspected criminal conduct and suspicious transactions. See 60 
FR 34476 (July 3, 1995) (OCC); 60 FR 34481 (July 3, 1995) (Board); 60 
FR 36366 (July 17, 1995) (OTS); 60 FR 47719 (September 14, 1995) 
(FDIC). The Department of the Treasury, through FinCEN, has issued for 
public comment a substantially similar proposal to require the 
reporting of suspicious activities. See 60 FR 46556 (September 7, 
1995). 

[[Page 4333]]

    As noted in the OCC's proposed regulation, the interagency Bank 
Fraud Working Group, consisting of representatives from the Agencies, 
law enforcement agencies, and FinCEN, has been working on the 
development of a single form, the SAR, for the reporting of known or 
suspected Federal criminal law violations and transactions that an 
institution suspects involve money laundering or violate the BSA. The 
SAR will be available to national banks both in paper form and as a 
computer software shell. SARs can be obtained from the appropriate OCC 
District Office listed in 12 CFR part 4.1

    \1\ The OCC recently revised Part 4. See 60 FR 57315 (November 
15, 1995). The geographical composition of each OCC District Office 
is listed at 12 CFR 4.5. See 60 FR at 57322.
---------------------------------------------------------------------------

    The new SAR reporting system will: (1) Combine the current criminal 
referral rules of the Federal financial institutions regulatory 
agencies with the Department of the Treasury's suspicious activity 
reporting requirements; (2) create a uniform reporting form, the new 
SAR, for use by financial institutions in reporting known or suspected 
criminal offenses and transactions that an institution suspects involve 
money laundering or violate the BSA; (3) provide a system whereby a 
financial institution need only refer to the SAR and its instructions 
in order to complete and file the form in conformance with the 
Agencies' and FinCEN's reporting regulations; (4) require the filing of 
only one form with FinCEN; (5) eliminate the need to file supporting 
documentation with a SAR; (6) enable a filer, through computer software 
that the OCC will provide to all national banks, to prepare a SAR on a 
computer and file it by mailing a computer disc or tape; (7) establish 
a database that will be accessible to Federal and state financial 
institution regulators and law enforcement agencies; (8) raise the 
thresholds for mandatory reporting in two categories and create a 
threshold for the reporting of transactions that an institution 
suspects involve money laundering or violate the BSA in order to reduce 
unnecessary reporting burdens on banking organizations; and (9) 
emphasize recent changes in the law that provide (a) a safe harbor from 
civil liability to financial institutions and their employees when they 
report known or suspected criminal offenses or suspicious activities, 
by filing a SAR or by reporting by other means, and (b) criminal 
sanctions for the disclosure of such a report to any party involved in 
the reported transaction.

Comments Received

    The OCC received letters from 33 public commenters, including 26 
banks, five trade and industry research groups, and two law firms.
    The large majority of commenters expressed general support for the 
proposal. None of the commenters opposed the proposed new suspicious 
activity reporting rules although, as discussed below, a number of 
commenters made suggestions for improving the rule and requests for 
clarification.

Description of the Final Rule and Responses to Comments Received

    After consideration of the public comments received, the Agencies 
are each promulgating a substantially identical final rule on the 
filing of SARs. Under the OCC's final rule, national banks need only 
follow SAR instructions for completing and filing the SAR to be in 
compliance with the OCC's and FinCEN's reporting requirements.
    The final rule adopts the proposal with a few additional changes 
that are made in response to the comments received. The final rule 
makes several changes that reduce unnecessary regulatory burden in 
addition to those that were proposed. In particular, the final rule 
further reduces burden by: (1) Adding a $5,000 threshold for reporting 
transactions that an institution suspects involve money laundering or 
violate the BSA; (2) eliminating the requirement that banks report a 
transaction that is ``suspicious for any reason'' by modifying the 
description of the types of suspicious activity that must be reported; 
(3) reducing the record retention period from ten years to five; and 
(4) permitting banks to maintain the business record equivalent of a 
document rather than requiring the bank to maintain the original.

Purpose and Scope (Sec. 21.11(a))

    The proposal clarified the scope of the current rule. The OCC 
received no comments on this section, and it is adopted as proposed.

Definitions (Sec. 21.11(b))

    The proposal added definitions for several terms used in the 
operative provisions of the rule. The OCC received one comment on this 
section. The commenter stated that the definition of ``known or 
suspected violation'' was too broad because it included violations that 
have been attempted or may occur. The OCC has concluded, however, that 
attempted and potential crimes must be reported in order to maintain 
effective law enforcement. The definition has been incorporated into 
each of the reporting requirement provisions in Sec. 21.11(c). This 
definitions section is otherwise adopted as proposed, with minor 
technical changes.

SARs Required (Sec. 21.11(c))

    The proposal clarified and revised the provision in the former rule 
that requires a bank to file a criminal referral report. The proposal 
raised the dollar thresholds that trigger filing requirements and 
modified the scope of events that a national bank must report.
    Most of the comments received by the OCC addressed this section. 
Approximately one-third of the commenters encouraged the OCC to change 
proposed Sec. 21.11(c)(4), which required banks to report all financial 
transactions that are suspicious ``for any reason.'' The commenters 
stated that this language was too broad and made meaningless the $5,000 
reporting threshold of Sec. 21.11(c)(2) (requiring banks to report 
suspected crimes committed by an identifiable suspect) and the $25,000 
reporting threshold of Sec. 21.11(c)(3) (requiring banks to report 
suspected crimes for which no suspect is identified). These commenters 
asserted that requiring banks to report all financial transactions that 
are suspicious for any reason required banks to report transactions 
that would otherwise fall under the appropriate threshold and would 
therefore be exempt from mandatory reporting. Several commenters also 
encouraged the Agencies to adopt a threshold for reporting transactions 
that are suspicious.
    The OCC and the other Agencies agree with the concerns expressed by 
these commenters. Accordingly, the OCC has substantially revised 
Sec. 21.11(c)(4) to add a $5,000 reporting threshold for transactions 
that are suspicious and to clarify that this section of the rule 
requires banks to report only transactions that a bank suspects involve 
money laundering or violate the BSA. Under the final rule, a national 
bank must file a SAR for any transaction of $5,000 or more if the bank 
knows, suspects, or has reason to suspect that the transaction: (i) 
Involves funds derived from illicit activities or is intended to hide 
or disguise funds derived from illicit activities; (ii) is part of a 
plan to evade any reporting requirement, including those under the BSA, 
or (iii) has no business or apparent lawful purpose or is not the sort 
in which the particular customer would normally be expected to engage, 
and the institution knows of no reasonable explanation for the 
transaction after 

[[Page 4334]]
examining the available facts, including the background and possible 
purpose of the transaction. For purposes of the subsection, the term 
``transaction'' means a deposit, withdrawal, transfer between accounts, 
exchange of currency, loan, extension of credit, or purchase or sale of 
any stock, bond, certificate of deposit, or other monetary instrument 
or investment security, or any other payment, transfer, or delivery by, 
through, or to a financial institution, by whatever means effected.
    The text of Sec. 21.11(c)(4) in the final rule recognizes that 
efforts to deter, substantially reduce, and eventually eradicate money 
laundering are greatly assisted when financial institutions report 
transactions that they suspect may involve money laundering or violate 
the BSA. The requirements of this section comply with the 
recommendations adopted by multi-country organizations in which the 
United States is an active participant, including the Financial Action 
Task Force of the G-7 nations and the Organization of American States, 
and are consistent with European Community's directive on preventing 
money laundering through financial institutions.
    A few commenters encouraged the Agencies to raise the dollar 
thresholds for known or suspected criminal conduct by non-insiders, and 
several commenters urged the Agencies to establish a dollar threshold 
for insiders.
    The Agencies considered these comments, but concluded that the 
thresholds, as proposed, properly balance the dual concerns of 
prosecuting criminal activity involving national banks and minimizing 
the burden on national banks. With respect to the suggestion that the 
OCC adopt a dollar threshold for insider violations, the OCC notes that 
insider abuse has long been a key concern and focus of enforcement 
efforts at the OCC. With the development of a new sophisticated and 
automated database, the OCC and law enforcement agencies will have the 
benefit of a comprehensive and easily accessible catalogue of known or 
suspected insider wrongdoing. When insiders are involved, even small-
scale offenses--for example, repetitive thefts of small amounts of cash 
by an employee who frequently moves between banking organizations--may 
undermine the integrity of banking institutions and warrant enforcement 
action or criminal prosecution. Therefore, the OCC does not wish to 
limit the information it receives regarding insider wrongdoing.
    One commenter suggested an indexed threshold, based on the regional 
differences in the various dollar thresholds below which the Federal, 
state, and local prosecutors generally decline criminal prosecution.
    Any regional variations in the dollar amount of financial crimes 
generally prosecuted involve issues pertaining to the exercise of 
prosecutorial discretion that are not within the OCC's province to 
resolve. The OCC's objective is to ensure that banks place the relevant 
information in the hands of the investigating and prosecuting 
authorities. In the OCC's view, the dollar thresholds proposed and 
adopted in this final rule best balance the interests of law 
enforcement authorities and national banks. The OCC also believes that 
indexed thresholds could generate additional burden for banks by 
creating a standard that is unclear and confusing.
    One commenter noted that the OCC and OTS proposals keyed the 
reporting thresholds to the amount of loss or potential loss to the 
institution, while the Board keyed its reporting thresholds to events 
that ``involve or aggregate'' more than the appropriate threshold. The 
commenter urged all agencies to use the OCC and OTS standard.
    The OCC observes that its former provision used the same language 
that the Board used in its proposal and required reporting of all 
events that ``involve or aggregate'' more than the appropriate 
threshold. The OCC has concluded that this language provides greater 
predictability in determining when to file a SAR because the amount of 
loss or potential loss may differ from the actual sum involved and may 
be difficult to calculate in many instances. The OCC believes that, 
were the Agencies to rely on the amount of loss or potential loss, a 
national bank might consider the potential for recovery of funds to 
estimate loss.
    To avoid potential uncertainty, the OCC's final rule conforms to 
the OCC's former rule by requiring national banks to file SARs whenever 
a bank detects a known or suspected Federal criminal violation, or 
pattern of criminal violations, committed or attempted against the bank 
or involving a transaction or transactions conducted through the bank 
that involves or aggregates more than the appropriate threshold.
    One commenter expressed the concern that a banking organization 
would need to establish probable cause before reporting crimes for 
which an essential element of the proof of the crime was the intent of 
the actor.
    This is not the case, however. Nothing in the rule requires that 
national banks assume the burden of proving illegal conduct; rather, 
banks are required only to report actual or suspected crimes or 
suspicious activities for possible action by the appropriate 
authorities.
    A few commenters requested clarification of whether the proposal 
required a national bank to file multiple SARs for a crime committed by 
several individuals or multiple related crimes by the same individual.
    Financial institutions should complete one SAR to describe a 
suspected or known criminal offense committed by several individuals. 
The instructions to the SAR permit banks to report additional suspects 
by means of a supplemental page. A financial institution should file a 
separate SAR whenever an individual commits a suspected or known crime. 
If the same individual commits multiple or related crimes within the 
same reporting period, the financial institution may consider reporting 
the crimes on one SAR, but only if doing so will present clearly what 
has occurred.
    National banks are encouraged to file the SAR via magnetic media 
using the computer software to be provided to all national banks by the 
OCC. National banks that currently file currency transaction reports 
via magnetic tape with FinCEN may also file SARs by magnetic tape. 
FinCEN has advised the Agencies that it will be unable to accept 
filings via telecopier/FAX.

Time for Reporting (Sec. 21.11(d))

    Proposed section 21.11(d) did not substantively change the current 
requirements with respect to the timing of the reporting of known or 
suspected criminal offenses and transactions that a bank suspects 
involve money laundering or violate the BSA.
    Several commenters requested that the OCC clarify the application 
of the filing deadline for SARs when no suspect is identified at the 
initial detection of the suspicious activity, the amount of the 
transaction is less than the applicable $25,000 mandatory reporting 
threshold, and the institution later identifies a suspect. For example, 
some commenters wondered if they would be in violation of the rule if a 
suspect were identified after 60 days had past.
    These comments reflect a misunderstanding of how the filing 
requirements operate. The time period for reporting commences only when 
a bank identifies a known or potential violation that fits within the 
thresholds. Therefore, if a bank uncovers a transaction involving less 
than $25,000 (but more than $5,000), but does not identify a potential 
suspect until after the passage of 60 days, the 30-day 

[[Page 4335]]
period for filing a SAR would begin to run only as of the time the 
suspect is identified. To make this point clear, the final rule inserts 
the word ``reportable'' and states that in no case shall reporting be 
delayed more than 60 calendar days after the date of initial detection 
of a reportable transaction.
    Section 21.11(d) also requires a bank to notify law enforcement 
authorities immediately in the event of an on-going violation. The OCC 
wishes to clarify that immediate notification is limited to situations 
involving on-going violations, for example, when a check kite or money 
laundering has been detected and may be continuing. It is not feasible, 
however, for the OCC to contemplate all of the circumstances in which 
it might be appropriate for a financial institution immediately to 
advise state and local law enforcement authorities. National banks 
should use their best judgment regarding when to alert these 
authorities regarding on-going criminal offenses or suspicious 
activities that involve money laundering or violate the BSA.

Reports to State and Local Authorities (Sec. 21.11(e))

    The proposal encouraged national banks to file SARs with state and 
local law enforcement agencies when appropriate. Some commenters 
expressed the concern that national banks and their institution-
affiliated parties could be liable under Federal and state laws, such 
as the Right to Financial Privacy Act (12 U.S.C. Sec. 3401 et seq.) 
(RFPA), for filing SARs with respect to conduct that is later found not 
to have been criminal. Another concern was that the filing of SARs with 
state and local law enforcement agencies would subject filers to claims 
under state law. Both of these concerns are addressed by the scope of 
the safe harbor protection provided in 31 U.S.C. 5318(g) and, as 
discussed below, stated in new paragraph 21.11(l) of this section.

Exceptions (Sec. 21.11(f))

    Proposed Sec. 21.11(g) set forth two exceptions to the SAR filing 
requirement, which did not substantively change its predecessor 
provision. Under the proposal, a national bank was not required to file 
a SAR for a robbery or burglary that the bank reported to appropriate 
law enforcement authorities or to file a SAR for lost, missing, 
counterfeit, or stolen securities for which the bank filed a report 
pursuant to 17 CFR 240.17f-l.
    The OCC received no comments on this section and adopts it as 
proposed. The final rule, however, reverses the order of proposed 
paragraphs (g) and (f) to conform with the other Agencies' rules.

Retention of Records (Sec. 21.11(g))

    The proposal required a bank to retain a copy of the SAR and the 
original of any underlying documentation relating to the SAR for ten 
years.
    Approximately one-third of the commenters expressed the view that 
the ten-year period for the retention of records in proposed 21.11(f) 
was excessive, especially in light of the five-year record retention 
requirement that is contained in the BSA. Several commenters 
recommended that the Agencies adopt a five-year requirement. The 
Agencies agree, and the OCC's final rule reduces the required record 
retention period to five years.
    Many commenters asserted that the provision that required banks to 
disclose supporting documentation to law enforcement agencies upon 
their request was either unclear or posed potential RFPA liability. 
Some therefore questioned whether law enforcement agencies would still 
need to subpoena relevant documents from a financial institution.
    The final rule requires national banks filing SARs to identify, 
maintain, and treat the documentation supporting the report as if it 
were actually filed with the SAR. This means that subsequent requests 
from law enforcement authorities for the supporting documentation 
relating to a particular SAR do not require the service of a subpoena 
or other legal processes normally associated with providing information 
to law enforcement agencies. This treatment of supporting documentation 
is not a substantive change from the current rule's requirement that 
supporting documentation be filed with each referral, since it only 
changes the timing of when an agency will have access to the supporting 
documentation, not the fact that the information needs to be assembled 
and made available for law enforcement purposes. The Agencies are 
therefore of the opinion that the final rule's treatment does not give 
rise to RFPA liability.
    Proposed section 21.11(f) required the maintenance of supporting 
documentation in its original form. A number of commenters noted that 
electronic storage of documents is becoming the rule rather than the 
exception, and that requiring the storage of paper originals would 
impose undue burdens on financial institutions. Moreover, some records 
are retained only in a computer database.
    The proposal reflected the concerns of the law enforcement agencies 
that the best evidence be preserved. However, this can include 
electronic storage of original documentation related to the filing of 
an SAR. The OCC recognizes that a banking organization will not always 
have custody of the originals of documents and that some documents will 
not exist at the organization in paper form. In those cases, 
preservation of the best available evidentiary documents, for example, 
computer disks or photocopies, will be acceptable. The final rule 
reflects these changes by allowing banks to retain business record 
equivalents of supporting documentation.
    Several commenters criticized as inconsistent and vague the 
proposed requirements that an institution maintain ``related'' 
documentation and make ``supporting'' documentation available to the 
law enforcement agencies upon request. One commenter questioned whether 
the OCC intended a substantive difference in meaning between 
``related'' and ``supporting.''
    Because a substantive difference is not intended, the OCC has 
referred to ``supporting'' documentation in the final rule in stating 
both the maintenance and production requirements. The OCC believes that 
the use of the word ``supporting'' is more precise and limits the scope 
of the information that must be segregated and retained to information 
that would be relevant in proving the crime and the individuals who 
committed the crime.
    The OCC anticipates that banks will use their best judgment in 
determining the scope of the information to be retained. It is not 
feasible for the OCC to catalogue the precise types of information 
covered by this requirement because the scope necessarily depends upon 
the facts of a particular case.

Notification to Board of Directors (Sec. 21.11(h))

    The proposal reduced the burden on boards of directors to review 
criminal referrals by allowing the management of a bank promptly to 
notify either the board of directors or a committee of directors or 
executive officers designated by the board to receive notice of the 
filing of an SAR. The proposal prohibited a bank from giving notice of 
an SAR filing to any director or officer who is a suspect in the known 
or suspected violation. The proposal also required management to notify 
the entire board of directors, except the suspect, when an executive 
officer or director is a suspect.
    Most commenters supported this provision of the proposal. One 
commenter, however, questioned whether the provision that required 

[[Page 4336]]
prompt notification of the board of directors required notice prior to 
the next board meeting. This commenter said that a requirement to 
provide notice between board meetings would be more burdensome than the 
former rule, which required notification not later than the next board 
meeting.
    The OCC did not intend for the rule as proposed to be more 
burdensome than the former rule and does not construe the requirement 
for prompt notification to mean that notice must be provided before the 
next board meeting. The final rule is intended to be flexible. For 
example, the OCC expects that, with respect to serious crimes, the 
appointed committee may consider it appropriate to make more immediate 
disclosure to the full board. The final rule does not dictate the 
content of the board or committee notification, and, in some cases, 
such as when relatively minor non-insider crimes are to be reported, it 
may be completely appropriate to provide only a summary listing of SARs 
filed.

Compliance (Sec. 21.11(i))

    The proposal clarified that the OCC treats a national bank's 
failure to comply with reporting requirements like any other violation 
of law or regulation, which may result in supervisory actions, 
including enforcement action. The proposal also conformed the OCC's 
penalty standard with the rules of the Board and the FDIC by removing 
the requirement that the failure to file had to be the result of a 
willful failure or careless disregard of applicable filing obligations.
    The OCC received no comments on this section and adopts it as 
proposed.

Obtaining SARs (Sec. 21.11(j))

    The proposal added section 21.11(j), which provides national banks 
with information on how to obtain SARs. The OCC received no comments on 
this section and adopts it as proposed.

Confidentiality of SARs (Sec. 21.11(k))

    The proposal preserved the confidential nature of criminal referral 
reports by stating that a SAR and the information contained in a SAR 
are confidential.
    One commenter correctly noted that the proposed regulation is 
unclear as to whether the confidential treatment applies only to the 
information contained on the SAR itself or also extends to the 
``supporting'' documentation. The OCC takes the position that only the 
SAR and the information on the SAR are confidential under 31 U.S.C. 
5318(g). However, as stated below in the discussion of new 
Sec. 21.11(l), the safe harbor provisions of 31 U.S.C. 5318(g) for 
disclosure of information to law enforcement agencies apply to both 
SARs and the supporting documentation.
    Several commenters urged the OCC to adopt regulations that would 
make SARs undiscoverable in civil litigation, in order to avoid 
situations in which a financial institution could be ordered by a court 
to produce a SAR in civil litigation and could be confronted with the 
prospect of having to choose between being found in contempt or 
violating the OCC's rules. In the opinion of the OCC, 31 U.S.C. 5318(g) 
precludes the disclosure of SARs in discovery.2 However, the final 
rule requires a bank that receives a subpoena or other request for a 
SAR to notify the OCC so that the OCC may intervene in litigation if 
appropriate.

    \2\ Section 5318(g)(2) prohibits financial institutions and 
directors, officers, employees, or agents of financial institutions 
from notifying any person involved in a suspicious transaction that 
the transaction has been reported.
---------------------------------------------------------------------------

    This notification requirement is consistent with the approach the 
OCC has recently taken in the final revisions to part 4 of its 
regulations. In part 4, the OCC requires that a person or entity served 
in civil litigation with a subpoena provide non-public OCC information 
notify the OCC so that the OCC can determine whether it should 
intervene in the proceedings. See 60 FR 57315 (November 15, 1995).

Right to Financial Privacy Act Safe Harbor (Sec. 21.11(l))

    Several commenters expressed concern that disclosure of SARs and 
supporting documentation to law enforcement agencies could give rise to 
potential RFPA liability. In particular, the commenters questioned the 
permissibility of voluntarily filing SARs with state agencies or in 
situations in which the amount of a transaction falls below the 
appropriate minimum threshold for the known or suspected criminal 
conduct, or when a transaction involving money laundering or the BSA 
does not meet the requisite standards or thresholds.
    The Agencies are of the opinion that the broad safe harbor 
protection of 31 U.S.C. 5318(g)(3) includes any reporting of known or 
suspected criminal offenses or suspicious activities with state and 
local law enforcement authorities or with the Agencies and FinCEN, 
regardless of whether such reports are filed pursuant to the mandatory 
requirements of the OCC's regulations or are filed on a voluntary 
basis.3 The OCC takes the same position with regard to the 
disclosure of documentation supporting a report.

    \3\ Section 5318(g)(3) states that a financial institution will 
not be held liable to any person under any law or regulation of the 
United States or any constitution, law, or regulation of any state 
for making a disclosure of any possible violation of law or 
regulation.
---------------------------------------------------------------------------

    The OCC's final rule adds new paragraph 21.11(l), which states this 
position.

Comments on Information Sharing

    Several commenters suggested that the final rule should facilitate 
the sharing of information among banking organizations in order to 
better detect new fraudulent schemes. It is anticipated that the 
Treasury Department, through FinCEN, and the Agencies, will keep 
reporting entities apprised of recent developments and trends in 
banking-related crimes through periodic pronouncements, meetings, and 
seminars.

Effective Date

    Section 302 of the Riegle Community Development and Regulatory 
Improvement Act of 1994 delays the effective date of regulations 
promulgated by the Federal banking agencies that impose additional 
reporting, disclosure, or other new requirements to the first day of 
the first calendar quarter following publication of the final rule. The 
OCC believes that Section 302 is not applicable to this final rule, 
because the effect of the regulation is to reduce reporting burdens on 
national banks. The final regulation does not impose any additional 
reporting or other requirements not already contained in the current 
version of the OCC's criminal referral regulations. The effective date 
of this final rule is April 1, 1996.

                   Derivation Table for 12 CFR Part 21                  
[This table directs readers to the provisions of the current 12 CFR part
         21.11 on which the revised 12 CFR part 21.11 is based]         
------------------------------------------------------------------------
    Revised  provision        Current  provision          Comments      
------------------------------------------------------------------------
Sec.  21.11(a)............  Sec.  21.11(a)........  Modified.           
Sec.  21.11(b)(1).........  ......................  Added.              
Sec.  21.11(b)(2).........  ......................  Added.              
Sec.  21.11(b)(3).........  ......................  Added.              
Sec.  21.11(c)(1).........  Sec.  21.11(b)(2).....  Modified.           
Sec.  21.11(c)(2).........  Sec.  21.11(b)(3).....  Modified.           
Sec.  21.11(c)(3).........  Sec.  21.11(b) (1) &    Modified.           
                             (4).                                       

[[Page 4337]]
                                                                        
Sec.  21.11(c)(4).........  Derived in part from    Added.              
                             the OCC's current                          
                             criminal referral                          
                             forms.                                     
Sec.  21.11(d)(1).........  Sec.  21.11(c) (1) &    Modified.           
                             (3).                                       
Sec.  21.11(d)(2).........  Sec.  21.11(c)(2).....  Modified.           
Sec.  21.11(e)............  Sec.  21.11(d)........  Modified.           
Sec.  21.11(f)(1).........  Sec.  21.11(f)(1).....  Modified.           
Sec.  21.11(f)(2).........  Sec.  21.11(f)(2).....  Modified.           
Sec.  21.11(g)............  ......................  Added.              
Sec.  21.11(h)(1).........  Sec.  21.11(g)........  Modified.           
Sec.  21.11(h)(2).........  ......................  Added.              
Sec.  21.11(i)............  Sec.  21.11(h)........  Modified.           
Sec.  21.11(j)............  ......................  Added.              
Sec.  21.11(k)............  ......................  Added.              
Sec.  21.11(l)............  ......................  Added.              
------------------------------------------------------------------------



Regulatory Flexibility Act

    Pursuant to section 605(b) of the Regulatory Flexibility Act, the 
OCC hereby certifies that this final rule will not have a significant 
economic impact on a substantial number of small entities. This rule 
primarily reorganizes the process for making criminal referrals and 
reduces administrative and cost burdens on national banks. It has no 
material economic impact on national banks, regardless of size. 
Accordingly, a regulatory flexibility analysis is not required.

Executive Order 12866

    The OCC has determined that this document is not a significant 
regulatory action under Executive Order 12866.

Unfunded Mandates Act of 1995 Statement

    Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L. 
104-4 (Unfunded Mandates Act) (signed into law on March 22, 1995) 
requires that an agency prepare a budgetary impact statement before 
promulgating a rule that includes a Federal mandate that may result in 
expenditure by state, local, and tribal governments, in the aggregate, 
or by the private sector, of $100 million or more in any one year. If a 
budgetary impact statement is required, section 202 of the Unfunded 
Mandates Act also requires an agency to identify and consider a 
reasonable number of regulatory alternatives before promulgating a 
rule. The OCC has determined that this final rule will not result in an 
expenditure by national banks of $100 million or more and has concluded 
that, on balance, this final rule provides the most cost-effective and 
least burdensome alternative to achieve the objectives of the rule. The 
OCC has therefore determined that it is not required to prepare a 
written statement under section 202.

List of Subjects in 12 CFR Part 21

    Bank Secrecy Act, Crime, Currency, National banks, Reporting and 
recordkeeping requirements, Security measures.

Authority and Issuance

    For the reasons set out in the preamble, part 21 of chapter I of 
title 12 of the Code of Federal Regulations is amended as follows:

PART 21--MINIMUM SECURITY DEVICES AND PROCEDURES, REPORTS OF 
SUSPICIOUS ACTIVITIES, AND BANK SECRECY ACT COMPLIANCE PROGRAM

    1. The heading of part 21 is revised to read as set forth above.
    2. The authority citation for part 21 is revised to read as 
follows:

    Authority: 12 U.S.C. 93a, 1818, 1881-1884, and 3401-3422; 31 
U.S.C. 5318.

    3. Subpart B, consisting of Sec. 21.11, is revised to read as 
follows:

Subpart B--Reports of Suspicious Activities


Sec. 21.11  Suspicious Activity Report.

    (a) Purpose and scope. This section ensures that national banks 
file a Suspicious Activity Report when they detect a known or suspected 
violation of Federal law or a suspicious transaction related to a money 
laundering activity or a violation of the Bank Secrecy Act. This 
section applies to all national banks as well as any Federal branches 
and agencies of foreign banks licensed or chartered by the OCC.
    (b) Definitions. For the purposes of this section:
    (1) FinCEN means the Financial Crimes Enforcement Network of the 
Department of the Treasury.
    (2) Institution-affiliated party means any institution-affiliated 
party as that term is defined in sections 3(u) and 8(b)(5) of the 
Federal Deposit Insurance Act (12 U.S.C. 1813(u) and 1818(b)(5)).
    (3) SAR means a Suspicious Activity Report on the form prescribed 
by the OCC.
    (c) SARs required. A national bank shall file a SAR with the 
appropriate Federal law enforcement agencies and the Department of the 
Treasury in accordance with the form's instructions, by sending a 
completed SAR to FinCEN in the following circumstances:
    (1) Insider abuse involving any amount. Whenever the national bank 
detects any known or suspected Federal criminal violation, or pattern 
of criminal violations, committed or attempted against the bank or 
involving a transaction or transactions conducted through the bank, 
where the bank believes that it was either an actual or potential 
victim of a criminal violation, or series of criminal violations, or 
that the bank was used to facilitate a criminal transaction, and the 
bank has a substantial basis for identifying one of its directors, 
officers, employees, agents or other institution-affiliated parties as 
having committed or aided in the commission of a criminal act, 
regardless of the amount involved in the violation.
    (2) Violations aggregating $5,000 or more where a suspect can be 
identified. Whenever the national bank detects any known or suspected 
Federal criminal violation, or pattern of criminal violations, 
committed or attempted against the bank or involving a transaction or 
transactions conducted through the bank and involving or aggregating 
$5,000 or more in funds or other assets where the bank believes that it 
was either an actual or potential victim of a criminal violation, or 
series of criminal violations or that it was used to facilitate a 
criminal transaction, and the bank has a substantial basis for 
identifying a possible suspect or group of suspects. If it is 
determined prior to filing this report that the identified suspect or 
group of suspects has used an alias, then information regarding the 
true identity of the suspect or group of suspects, as well as alias 
identifiers, such as drivers' license or social security numbers, 
addresses and telephone numbers, must be reported.
    (3) Violations aggregating $25,000 or more regardless of potential 
suspects. Whenever the national bank detects any known or suspected 
Federal criminal violation, or pattern of criminal violations, 
committed or attempted against the bank or involving a transaction or 
transactions conducted through the bank and involving or aggregating 
$25,000 or more in funds or other assets where the bank believes that 
it was either an actual or potential victim of a criminal violation, or 
series of criminal violations, or that the bank was used to facilitate 
a criminal transaction, even though there is no substantial basis for 
identifying a possible suspect or group of suspects.
    (4) Transactions aggregating $5,000 or more that involve potential 
money laundering or violate the Bank Secrecy Act. Any transaction 
(which for purposes of this paragraph (c)(4) means a deposit, 
withdrawal, transfer between 

[[Page 4338]]
accounts, exchange of currency, loan, extension of credit, or purchase 
or sale of any stock, bond, certificate of deposit, or other monetary 
instrument or investment security, or any other payment, transfer, or 
delivery by, through, or to a financial institution, by whatever means 
effected) conducted or attempted by, at or through the national bank 
and involving or aggregating $5,000 or more in funds or other assets, 
if the bank knows, suspects, or has reason to suspect that:
    (i) The transaction involves funds derived from illegal activities 
or is intended or conducted in order to hide or disguise funds or 
assets derived from illegal activities (including, without limitation, 
the ownership, nature, source, location, or control of such funds or 
assets) as part of a plan to violate or evade any law or regulation or 
to avoid any transaction reporting requirement under Federal law;
    (ii) The transaction is designed to evade any regulations 
promulgated under the Bank Secrecy Act; or
    (iii) The transaction has no business or apparent lawful purpose or 
is not the sort in which the particular customer would normally be 
expected to engage, and the institution knows of no reasonable 
explanation for the transaction after examining the available facts, 
including the background and possible purpose of the transaction.
    (d) Time for reporting. A national bank is required to file a SAR 
no later than 30 calendar days after the date of the initial detection 
of facts that may constitute a basis for filing a SAR. If no suspect 
was identified on the date of detection of the incident requiring the 
filing, a national bank may delay filing a SAR for an additional 30 
calendar days to identify a suspect. In no case shall reporting be 
delayed more than 60 calendar days after the date of initial detection 
of a reportable transaction. In situations involving violations 
requiring immediate attention, such as when a reportable violation is 
ongoing, the financial institution shall immediately notify, by 
telephone, an appropriate law enforcement authority and the OCC in 
addition to filing a timely SAR.
    (e) Reports to state and local authorities. National banks are 
encouraged to file a copy of the SAR with state and local law 
enforcement agencies where appropriate.
    (f) Exceptions. (1) A national bank need not file a SAR for a 
robbery or burglary committed or attempted that is reported to 
appropriate law enforcement authorities.
    (2) A national bank need not file a SAR for lost, missing, 
counterfeit, or stolen securities if it files a report pursuant to the 
reporting requirements of 17 CFR 240.17f-1.
    (g) Retention of records. A national bank shall maintain a copy of 
any SAR filed and the original or business record equivalent of any 
supporting documentation for a period of five years from the date of 
the filing of the SAR. Supporting documentation shall be identified and 
maintained by the bank as such, and shall be deemed to have been filed 
with the SAR. A national bank shall make all supporting documentation 
available to appropriate law enforcement agencies upon request.
    (h) Notification to board of directors--(1) Generally. Whenever a 
national bank files a SAR pursuant to this section, the management of 
the bank shall promptly notify its board of directors, or a committee 
of directors or executive officers designated by the board of directors 
to receive notice.
    (2) Suspect is a director or executive officer. If the bank files a 
SAR pursuant to paragraph (c) of this section and the suspect is a 
director or executive officer, the bank may not notify the suspect, 
pursuant to 31 U.S.C. 5318(g)(2), but shall notify all directors who 
are not suspects.
    (i) Compliance. Failure to file a SAR in accordance with this 
section and the instructions may subject the national bank, its 
directors, officers, employees, agents, or other institution-affiliated 
parties to supervisory action.
    (j) Obtaining SARs. A national bank may obtain SARs and the 
Instructions from the appropriate OCC District Office listed in 12 CFR 
part 4.
    (k) Confidentiality of SARs. SARs are confidential. Any national 
bank or person subpoenaed or otherwise requested to disclose a SAR or 
the information contained in a SAR shall decline to produce the SAR or 
to provide any information that would disclose that a SAR has been 
prepared or filed, citing this section, applicable law (e.g., 31 U.S.C. 
5318(g)), or both, and shall notify the OCC.
    (l) Safe harbor. The safe harbor provision of 31 U.S.C. 5318(g), 
which exempts any financial institution that makes a disclosure of any 
possible violation of law or regulation from liability under any law or 
regulation of the United States, or any constitution, law, or 
regulation of any state or political subdivision, covers all reports of 
suspected or known criminal violations and suspicious activities to law 
enforcement and financial institution supervisory authorities, 
including supporting documentation, regardless of whether such reports 
are required to be filed pursuant to this section or are filed on a 
voluntary basis.

    Dated: January 30, 1996.
Eugene A. Ludwig,
Comptroller of the Currency.
[FR Doc. 96-2246 Filed 2-2-96; 8:45 am]
BILLING CODE 4810-33-P