[Federal Register Volume 61, Number 33 (Friday, February 16, 1996)]
[Rules and Regulations]
[Pages 6095-6100]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 96-3519]



=======================================================================
-----------------------------------------------------------------------

FEDERAL DEPOSIT INSURANCE CORPORATION

12 CFR Part 353

RIN 3064-AB63


Suspicious Activity Reports

AGENCY: Federal Deposit Insurance Corporation.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Federal Deposit Insurance Corporation (FDIC) is amending 
its regulation on the reporting of known or suspected criminal and 
suspicious activities by insured state nonmember banks. This final rule 
streamlines reporting requirements by providing that a state nonmember 
bank file a new Suspicious Activity Report (SAR) with the FDIC and the 
appropriate federal law enforcement agencies by sending a single copy 
of the SAR to the Financial Crimes Enforcement Network of the 
Department of the Treasury (FinCEN) to report a known or suspected 
criminal offense or a transaction that it suspects involves money 
laundering or violates the Bank Secrecy Act.

EFFECTIVE DATE: April 1, 1996.

FOR FURTHER INFORMATION CONTACT: Carol A. Mesheske, Chief, Special 
Activities Section, (202) 898-6750, or Gregory Gore, Counsel, (202) 
898-7109.

SUPPLEMENTARY INFORMATION:

Background

    The FDIC, FRB, OCC, and OTS have issued for public comment 
substantially similar proposals to revise their regulations on the 
reporting of known or suspected criminal conduct and suspicious 
activities. The Department of the Treasury, through FinCEN, has issued 
for public comment a substantially similar proposal to require the 
reporting of suspicious transactions relating to money laundering 
activities. 

[[Page 6096]]

    The FDIC's proposed regulation (60 FR 47719, September 14, 1995) 
noted that the interagency Bank Fraud Working Group, consisting of 
representatives from the Agencies, law enforcement agencies, and 
FinCEN, has been working on the development of a single form, the SAR, 
for the reporting of known or suspected federal criminal law violations 
and suspicious activities. The FDIC's proposed regulation, as well as 
those proposed by the FRB, OCC, OTS, and FinCEN, would simplify and 
clarify the reporting requirements and reduce banks' reporting burdens 
by raising mandatory reporting thresholds for criminal offenses and by 
requiring the filing of only one report with FinCEN.
    The final rule adopts the proposal with a few additional changes 
that generally have been made in response to the comments received. The 
changes will result in burden reductions even greater than those that 
were proposed.

Section-by-Section Analysis

    The title of the regulation has been changed to conform to the name 
on the SAR.
    Section 353.1 (Instruction No. 1 on the SAR) provides that a bank 
must file a SAR when it detects a known or suspected criminal violation 
of federal law or a suspicious activity pertinent to a money laundering 
offense.
    Section 353.2 provides pertinent definitions.
    Sections 353.3(a) (1), (2), and (3) (Instructions 1. a., b., and c. 
on the SAR) instruct a bank to file a SAR with FinCEN in order to 
comply with the requirement to notify federal law enforcement agencies 
and the Department of the Treasury if the bank detects any known or 
suspected federal criminal violation, or pattern of violations, 
committed or attempted against the bank, or involving one or more 
transactions conducted through the bank, and the bank believes it was 
an actual or potential victim of a crime, or was used to facilitate a 
crime. If the bank has a substantial basis for identifying one of its 
insiders or other institution-affiliated parties in connection with the 
known or suspected crime, reporting is required, regardless of the 
dollar amount involved. If the bank can identify a non-insider suspect, 
the applicable transaction threshold is $5,000. In cases in which no 
suspect can be identified, the applicable transaction threshold 
increases to $25,000. These sections were not changed from the proposed 
regulation published for public comment in September 1995.
    Section 353.3(a)(4) (Instruction 1. d. on the SAR) instructs a bank 
to file a SAR for transactions involving $5,000 or more in funds or 
other assets when the bank knows, suspects or has reason to suspect 
that the transaction: (i) Involves money laundering, or (ii) is 
designed to evade any regulations promulgated under the Bank Secrecy 
Act, or (iii) has no business or apparent lawful purpose or is not the 
sort of transaction in which the particular customer normally engages, 
and, after examining the available facts, the bank knows of no 
reasonable explanation for the transaction. Section 353.3(a)(4) has 
been modified in the final rule to reflect comments received on the 
proposal. Most notably, the circumstances under which a transaction 
should be reported under this section were clarified, and a reporting 
threshold of $5,000 was added.
    Section 353.3(a)(4) recognizes the emerging international consensus 
that the efforts to deter, substantially reduce, and eventually 
eradicate money laundering are greatly assisted by the reporting of 
suspicious transactions by financial institutions. The requirements of 
this section comply with the recommendations adopted by multi-country 
organizations in which the United States is an active participant, 
including the Financial Action Task Force of the G-7 nations and the 
Organization of American States and are consistent with the European 
Community's directive on preventing money laundering through financial 
institutions.
    Section 353.3(b) (Instruction 2 on the SAR) provides that SARs must 
be filed within 30 calendar days of the initial detection of the 
criminal or suspicious activity. An additional 30 days is permitted in 
order to enable a bank to identify a suspect, but in no event may a SAR 
be filed later than 60 days after the initial detection of the 
reportable conduct. The FDIC and law enforcement must be notified in 
the case of a violation requiring immediate action, such as an on-going 
violation. These reporting requirements were not changed from the 
September 1995 proposal.
    Section 353.3(c) encourages a bank to file a SAR with state and 
local law enforcement agencies. This section is unchanged from the 
September 1995 proposal.
    Section 353.3(d) (Instruction 3 on the SAR) provides that a bank 
need not file a SAR for an attempted or committed burglary or robbery 
reported to the appropriate law enforcement agencies. In addition, a 
SAR need not be filed for missing or counterfeit securities that are 
the subject of a report pursuant to Rule 17f-1 under the Securities 
Exchange Act of 1934. The section of the final rule was modified to 
require reporting of larcenies to be consistent with the interagency 
SAR instructions.
    Section 353.3(e) requires a bank to retain a copy of the SAR and 
the original or business record equivalent of supporting documentation 
for a period of five years. The section also requires that a bank 
identify and maintain supporting documentation in its files and that 
the bank make available such documentation to law enforcement agencies 
upon their request. The FDIC made three changes to this section from 
the version published for public comment in September 1995. First, the 
record retention period was shortened from ten years to five. Second, 
provision was made for the retention of business record equivalents of 
original documents, such as microfiche and computer imaged record 
systems, in recognition of modern record retention technology. The 
third change involves the clarification of a bank's obligation to 
provide supporting documentation upon request to law enforcement 
officials. Supporting documentation is deemed filed with a SAR in 
accordance with this section of the FDIC's final rule; as such, law 
enforcement authorities need not make their access requests through 
subpoena or other legal processes.
    Section 353.3(f) requires the management of a bank to report the 
filing of all SARs to the board of directors of the bank, or a 
designated committee thereof. No change was made from the September 
1995 proposal.
    Section 353.3(g) provides that SARs are confidential. Requests for 
SARS or the information contained therein should be declined. The final 
rule also adds a requirement that a request for a SAR or the 
information contained therein should be reported to the FDIC. With the 
exception of the added requirement that requests for SARs be reported 
to the FDIC, no changes were made to this section from the September 
1995 proposal.
    Section 353.3(h) sets forth the safe harbor provisions of 31 U.S.C. 
5318(g). This new section, which was added to the final rule as the 
result of many comments concerning this important statutory protection 
for banking organizations, states that the safe harbor provisions of 
the law are triggered by a report of known or suspected criminal 
violations or suspicious activities to law enforcement authorities, 
regardless of whether the report is made by the filing of a SAR in 
accordance with the FDIC's 

[[Page 6097]]
regulation or by different means for other reasons.

Comments Received

    The FDIC received letters from 14 public commenters. Comments were 
received from 4 community banks, 5 multinational or large regional 
banks, 2 trade and industry research groups, 2 regulatory bodies, and 
one consulting firm.
    The large majority of commenters expressed general support for the 
FDIC's proposal. None of the commenters opposed the proposed new 
suspicious activity reporting rules. A number of suggestions and 
requests for clarification were received. They are as follows.

Criminal Versus Suspicious Activities

    Almost one half of the commenters expressed confusion over the 
difference between the known or suspected criminal conduct that would 
be subject to the dollar reporting thresholds (provided such conduct 
does not involve an institution-affiliated party of the reporting 
entity) and the suspicious activities that would be reported regardless 
of dollar amount. Section 353.3(a)(4) has been revised to add a $5,000 
reporting threshold and to clarify that the suspicious activity must 
relate to money laundering or Bank Secrecy Act violations. A threshold 
for the reporting of suspicious activities was added to reduce further 
the reporting burdens on banks.

Reporting of Crimes Under State Law

    Two commenters requested clarification of whether activities 
constituting crimes under state law, but not under federal law, should 
be reported on the SAR. The FDIC continues to encourage banks to refer 
criminal and suspicious activities under both federal and state law by 
filing a Suspicious Activity Report. Under the new reporting system 
designed by the FDIC, the other Agencies, and FinCEN, state chartered, 
nonmember banks should be able to fulfill their state reporting 
obligations by filing a SAR with FinCEN.

Safe Harbor Protections; Potential Liability Under Federal and State 
Laws

    Some commenters expressed the concern that banks and their 
institution-affiliated parties could be liable under federal and state 
laws, such as the Right to Financial Privacy Act, for filing SARs with 
respect to conduct that is later found not to have been criminal. 
Another concern was that the filing of SARs with state and local law 
enforcement agencies would subject filers to claims under state law. 
Both of these concerns are addressed by the scope of the safe harbor 
protection provided in 31 U.S.C. 5318(g).
    The FDIC is of the opinion the safe harbor statute is broadly 
defined to include the reporting of known or suspected criminal 
offenses or suspicious activities, by filing a SAR or by reporting by 
other means, with state and local law enforcement authorities, as well 
as with the Agencies and FinCEN.
    A few commenters requested that the FDIC make explicit the safe 
harbor protections of 31 U.S.C. 5318(g) (2) and (3) on the SAR. The 
safe harbor provisions are included in new Sec. 353.3(h) of this 
regulation and on the form.

Record Retention

    Half the commenters expressed the view that the proposed 10-year 
period for the retention of records in Sec. 353.3(b) was excessive, 
especially in light of a five year record retention requirement 
contained in the Bank Secrecy Act. In recognition of the potential 
burden of document retention on financial institutions, the FDIC has 
limited the record retention period to five years.

Dollar Thresholds

    A few comments encouraged the FDIC to raise the dollar thresholds 
for known or suspected criminal conduct by non-insiders, or to 
establish a dollar threshold for insiders. The FDIC has considered 
these comments, but at this time, it believes the thresholds meet and 
properly balance the dual concerns of prosecuting criminal activity 
involving banks and minimizing the burden on banks. With respect to the 
suggestion the FDIC adopt a dollar threshold for insider violations, it 
is noted that insider abuse has long been a key concern and focus of 
enforcement efforts at the FDIC. With the development of a new 
sophisticated and automated database, the FDIC and law enforcement 
agencies will have the benefit of a comprehensive and easily accessible 
catalogue of known or suspected insider wrongdoing. The FDIC does not 
wish to limit the information it receives regarding insider wrongdoing. 
Some petty crimes, for example, repetitive thefts of small amounts of 
cash by an employee who frequently transfers between banking 
organizations, may warrant enforcement action or criminal prosecution.
    One commenter suggested an indexed threshold, based on the regional 
differences in the various dollar thresholds below which the federal, 
state, and local prosecutors generally decline prosecution. While the 
FDIC recognizes there may be regional variations in the dollar amount 
of financial crimes generally prosecuted, the FDIC's concern is to 
place the relevant information in the hands of the investigating and 
prosecuting authorities. The prosecuting authorities then may consider 
whether to pursue a particular matter. In the FDIC's view, the dollar 
thresholds adopted in this final rule best balance the interests of law 
enforcement and banks. The FDIC also believes indexed thresholds could 
create more confusion than benefit to banks.
    Commenters also suggested the creation of a dollar threshold for 
the reporting of suspicious activities relating to money laundering 
offenses. A $5,000 threshold has been established for reporting of such 
suspicious activities.
    Questions were raised regarding the permissibility of filing SARs 
in situations in which the dollar thresholds for known or suspected 
criminal conduct or suspicious activity are not met and the 
applicability of the safe harbor provisions of 31 U.S.C. 5318(g) to 
such non-mandatory filings. It is the opinion of the FDIC that the safe 
harbor provisions of 31 U.S.C. 5318(g) cover all reports of suspected 
or known criminal violations and suspicious activities to law 
enforcement authorities, regardless of whether such reports are filed 
pursuant to the mandatory requirements of the FDIC's regulations or are 
voluntary.

Notification of On-Going Violations and of State and Local Law 
Enforcement Authorities.

    Proposed Sec. 353.3(b)(2) required a bank to notify the law 
enforcement authorities immediately in the event of an on-going 
violation. Section 353.3(c) encourages the filing of a copy of the SAR 
with state and local law enforcement agencies, in appropriate cases. 
This requirement and guidance were found by some commenters to be 
unclear as to when immediate notification or the filing of the SAR with 
state and local authorities would be required. The FDIC wishes to 
clarify that immediate notification is limited to situations involving 
on-going violations, for example, when a check kite or money laundering 
has been detected and may be continuing. It is impossible for the FDIC 
to contemplate all of the possible circumstances in which it might be 
appropriate for a bank to advise state and local law enforcement 
authorities. Banks should use their best judgment regarding when to 
alert the 

[[Page 6098]]
authorities regarding on-going criminal offenses or suspicious 
activities.

Supporting Documentation

    The proposed requirements that an institution maintain ``related'' 
documentation and make ``supporting'' documentation available to the 
law enforcement agencies upon request were criticized as inconsistent 
and vague. As no substantive difference is intended, the FDIC has 
referred to ``supporting'' documentation in the final rule in reference 
both to the maintenance and production requirements. The FDIC believes 
the use of the word ``supporting'' is more precise and limits the scope 
of the information which must be retained to that which would be useful 
in proving that the crime has been committed and by whom it has been 
committed. As to the criticism that the meaning of ``related'' or 
``supporting'' documentation is vague, it is anticipated banks will use 
their judgment in determining the information to be retained. It is 
impossible for the FDIC to catalogue the precise types of information 
covered by this requirement, as it necessarily depends upon the facts 
of a particular case.

Scope of Confidentiality Requirement

    Two commenters correctly noted the proposed regulation is unclear 
as to whether the confidentiality requirement applies only to the 
information contained on the SAR itself, or whether the requirement 
extends to the ``supporting'' documentation. The FDIC takes the 
position that only the existence of a SAR and its supporting 
documentation are subject to the confidentiality requirements of 31 
U.S.C. 5318(g). The supporting documentation itself is not subject to 
the confidentiality provisions of 31 U.S.C. 5318(g). The safe harbor 
provisions of 31 U.S.C. 5318(g), however, apply to the SAR and 
supporting documentation, as set forth in Part 353.3(h).

Provisions of Supporting Documentation to Law Enforcement Authorities 
Upon Request

    Many commenters noted the guidance provided in the FDIC's proposed 
regulation regarding the provision of supporting documentation to law 
enforcement agencies upon their request after the filing of an SAR was 
unclear or contrary to law. Some questioned whether law enforcement 
agencies would still need to subpoena relevant documents from a bank. 
The FDIC's regulation requires banks filing SARs to identify, maintain 
and treat the documentation supporting the report as if it were 
actually filed with the SAR. This means that subsequent requests from 
law enforcement authorities for the supporting documentation relating 
to a particular SAR do not require the service of a subpoena or other 
legal processes normally associated with providing information to law 
enforcement agencies.

Civil Litigation

    The FDIC was encouraged to adopt regulations that would make SARs 
undiscoverable in civil litigation, in order to avoid situations in 
which a bank could be ordered by a court to produce a SAR in civil 
litigation and could be confronted with the prospect of having to 
choose between being found in contempt or violating the FDIC's rules. 
In the opinion of the FDIC, 31 U.S.C. 5318(g) precludes the disclosure 
of SARs. The final rule requires a bank that receives a subpoena or 
other request for a SAR to notify the FDIC so that the FDIC may, if 
appropriate, intervene in litigation or seek the assistance of the U.S. 
Department of Justice.

Maintenance of Originals

    Proposed Sec. 353.3(e) required the maintenance of supporting 
documentation in its original form. A number of commenters noted 
electronic storage of documents is becoming the rule rather than the 
exception, and requiring the storage of paper originals would impose 
undue burdens on financial institutions. Moreover, some records are 
retained only in a computer database. The proposed regulation reflected 
the concerns of the law enforcement agencies that the best evidence be 
preserved. However, upon further consideration, the FDIC wishes to 
clarify that the electronic storage of original documentation related 
to the filing of a SAR is permissible. In addition, the FDIC recognizes 
a bank will not always have custody of the originals of documents, and 
some documents will not exist at the bank in paper form. In those 
cases, preservation of the best available evidentiary documents, for 
example, computer disks or photocopies, should be acceptable. This has 
been reflected in the final rule by changing the reference to original 
documents to original documents or ``business record equivalent''.

Investigation and Proof Burdens

    Two commenters expressed the concern a bank would need to establish 
probable cause before reporting crimes for which an essential element 
of the proof of the crime was the intent of the actor. The FDIC does 
not intend that banks assume the burden of proving illegal conduct; 
rather, banks are required to report known or suspected crimes or 
suspicious activities in accordance with this final rule.
Supplementary or Corrective Information; Reporting of Multiple Crimes 
or Suspects
    Material information that supplements or corrects an SAR should be 
filed with FinCEN by means of a subsequent SAR. The first page of the 
SAR provides boxes for the reporter to indicate whether the report is 
an initial, a corrected, or a supplemental report.
    Two commenters requested guidance on the reporting of multiple 
crimes or related crimes committed by more than one individual. The 
instructions to the SAR contemplate that additional suspects may be 
reported by means of a supplemental page. Likewise, multiple crimes 
committed by a suspect may be reported by means of multiple check-offs 
on the SAR, or if needed, by a written addendum to the SAR. In the 
event related crimes have been committed by more than one person, a 
description of the related crimes may be made by addendum to the SAR. 
The FDIC encourages filers to make a complete report of all known or 
suspected criminal or suspicious activity. The SAR may be supplemented 
in order to facilitate a complete disclosure.
Calculation of Time Frame for Reporting
    A few commenters requested the FDIC clarify the application of the 
deadline for filing SARs. The FDIC's proposed regulation used the 
broadest possible language to set the time frames for the reporting of 
known or suspected criminal offenses and suspicious activities in order 
to best guide reporting institutions. Absolute deadlines for the filing 
of SARs are important to the investigatory and prosecutorial efforts of 
law enforcement authorities. It is expected banks will meet the filing 
deadlines once conduct triggering the reporting requirements is 
identified. Further clarification of the time frames is not needed in 
the FDIC's view.
Board of Directors Notification Requirements
    The commenters expressed general support for the modification of 
the reporting requirement which permits reporting of SARs to a 
committee of the board of directors. As a matter of clarification, 
notification of a committee of the bank's board relieves the bank of 
the obligation to disclose the SARs filed to the entire board. It would 
be 

[[Page 6099]]
expected, however, that the designated committee, for example, the 
audit committee, would report to the full board of directors at regular 
meetings with respect to routine matters in the same manner and to the 
same extent as other committees report at regular board meetings. With 
respect to serious crimes or insider malfeasance, the appointed 
committee likely should consider it appropriate to make more immediate 
disclosure to the full board of directors. Some larger banking 
organizations expressed the view that prompt disclosure of SARs to the 
board of directors or a committee would impose a serious burden since 
larger organizations typically file a larger number of criminal 
referral forms (now, SARs). While the FDIC acknowledges that larger 
institutions may have more SARs to report to the board of directors or 
a committee, this does not alter the directors' fiduciary obligation to 
monitor the condition of the institution and to take action to prevent 
losses. The final regulation does not dictate the content of the board 
of directors or committee notification, and, in some cases, such as 
when relatively minor non-insider crimes are to be reported, it may be 
completely appropriate to provide only a summary listing of SARs filed. 
The FDIC expects the management of banks to provide a more detailed 
notification of SARs involving insiders or a potential material loss to 
the institution to the board of directors or committees.

Information Sharing

    It was suggested the final regulations should somehow facilitate 
the sharing of information among banking organizations in order to 
better detect new fraudulent schemes. It is anticipated that the 
Treasury Department, through FinCEN, and the Agencies, will keep 
reporting entities apprised of recent developments and trends in 
banking-related crimes through periodic pronouncements, meetings, and 
seminars.

Single Filing Requirement; Acknowledgment of Filings

    The FDIC wishes to clarify that the filing of the SAR with FinCEN 
is the only filing of the SAR that is required. Federal and state law 
enforcement and bank supervisory agencies will have access to the 
database created and maintained by FinCEN on behalf of the Agencies and 
the Department of Treasury; thus, a single filing with FinCEN is all 
that is required under the new reporting system.
    Commenters also requested that the final rule permit the filing of 
SARs via telecopier. Such filings are not compatible with the system 
developed by the Agencies and FinCEN. Banks can file the SAR via 
magnetic media using the computer software to be made available to all 
banks by the FDIC and each of the other Agencies with respect to the 
institutions they supervise. Larger banking organizations that 
currently file currency transaction reports via magnetic tape with 
FinCEN may also file SARs by magnetic tape.

Regulatory Flexibility Act

    Pursuant to section 605(b) of the Regulatory Flexibility Act, the 
FDIC hereby certifies that this final rule will not have a significant 
economic impact on a substantial number of small entities. This final 
rule primarily reorganizes the process for making criminal referrals 
and has no material impact on banks, regardless of size. Accordingly, a 
regulatory flexibility analysis is not required.

Paperwork Reduction Act

    This final rule revises a collection of information that is 
currently approved by the Office of Management and Budget (OMB) under 
control number 3064-0077. The revisions raise the reporting thresholds 
and permit reporting institutions to use a simplified, shorter form; to 
file one form only; and to eliminate the submission of supporting 
documentation with a report. These revisions have been reviewed and 
approved by OMB in accordance with the requirements of the Paperwork 
Reduction Act (44 U.S.C. 3501 et seq.).
    The estimated average burden associated with the collection of 
information contained in a SAR is approximately .6 hours per 
respondent. The burden per respondent will vary depending on the nature 
of the suspicious activity being reported.

    Estimated Number of Respondents: 6,500.
    Estimated Total Annual Burden Hours: 3,900

    Comments concerning the accuracy of this burden estimate and 
suggestions for reducing this burden should be directed to the 
Assistant Executive Secretary (Regulatory Analysis), Room F-400, 
Federal Deposit Insurance Corporation, Washington, DC 20429, and to the 
Office of Management and Budget, Paperwork Reduction Project (3064-
0077), Washington, DC 20503.

List of Subjects in 12 CFR Part 353

    Banks, Banking, Crime, Currency, Insider abuse, Money laundering, 
Reporting and recordkeeping requirements.
    For the reasons set forth in the preamble, 12 CFR part 353 of the 
Code of Federal Regulations is revised to read as follows:

PART 353--SUSPICIOUS ACTIVITY REPORTS

Sec.
353.1  Purpose and scope.
353.2  Definitions.
353.3  Reports and records.

    Authority: 12 U.S.C. 1818, 1819; 31 U.S.C. 5318.


Sec. 353.1  Purpose and scope.

    The purpose of this part is to ensure that an insured state 
nonmember bank files a Suspicious Activity Report when it detects a 
known or suspected criminal violation of federal law or a suspicious 
transaction related to a money laundering activity or a violation of 
the Bank Secrecy Act. This part applies to all insured state nonmember 
banks as well as any insured, state-licensed branches of foreign banks.


Sec. 353.2  Definitions.

    For the purposes of this part:
    (a) FinCEN means the Financial Crimes Enforcement Network of the 
Department of the Treasury.
    (b) Institution-affiliated party means any institution-affiliated 
party as that term is defined in sections 3(u) and 8(b)(5) of the 
Federal Deposit Insurance Act (12 U.S.C. 1813(u) and 1818(b)(5)).


Sec. 353.3  Reports and records.

    (a) Suspicious activity reports required. A bank shall file a 
suspicious activity report with the appropriate federal law enforcement 
agencies and the Department of the Treasury, in accordance with the 
form's instructions, by sending a completed suspicious activity report 
to FinCEN in the following circumstances:
    (1) Insider abuse involving any amount. Whenever the bank detects 
any known or suspected federal criminal violation, or pattern of 
criminal violations, committed or attempted against the bank or 
involving a transaction or transactions conducted through the bank, 
where the bank believes it was either an actual or potential victim of 
a criminal violation, or series of criminal violations, or that the 
bank was used to facilitate a criminal transaction, and the bank has a 
substantial basis for identifying one of the bank's directors, 
officers, employees, agents, or other institution-affiliated parties as 
having committed or aided in the commission of the criminal violation, 
regardless of the amount involved in the violation; 

[[Page 6100]]

    (2) Transactions aggregating $5,000 or more where a suspect can be 
identified. Whenever the bank detects any known or suspected federal 
criminal violation, or pattern of criminal violations, committed or 
attempted against the bank or involving a transaction or transactions 
conducted through the bank, and involving or aggregating $5,000 or more 
in funds or other assets, where the bank believes it was either an 
actual or potential victim of a criminal violation, or series of 
criminal violations, or that the bank was used to facilitate a criminal 
transaction, and the bank has a substantial basis for identifying a 
possible suspect or group of suspects. If it is determined prior to 
filing this report that the identified suspect or group of suspects has 
used an ``alias'', then information regarding the true identity of the 
suspect or group of suspects, as well as alias identifiers, such as 
driver's license or social security numbers, addresses and telephone 
numbers, must be reported;
    (3) Transactions aggregating $25,000 or more regardless of 
potential suspects. Whenever the bank detects any known or suspected 
federal criminal violation, or pattern of criminal violations, 
committed or attempted against the bank or involving a transaction or 
transactions conducted through the bank, involving or aggregating 
$25,000 or more in funds or other assets, where the bank believes it 
was either an actual or potential victim of a criminal violation, or 
series of criminal violations, or that the bank was used to facilitate 
a criminal transaction, even though the bank has no substantial basis 
for identifying a possible suspect or group of suspects; or
    (4) Transactions aggregating $5,000 or more that involve potential 
money laundering or violations of the Bank Secrecy Act. Any transaction 
(which for purposes of this paragraph (a)(4) means a deposit, 
withdrawal, transfer between accounts, exchange of currency, loan, 
extension of credit, purchase or sale of any stock, bond, certificate 
of deposit, or other monetary instrument or investment security, or any 
other payment, transfer, or delivery by, through, or to a financial 
institution, by whatever means effected) conducted or attempted by, at 
or through the bank and involving or aggregating $5,000 or more in 
funds or other assets, if the bank knows, suspects, or has reason to 
suspect that:
    (i) The transaction involves funds derived from illegal activities 
or is intended or conducted in order to hide or disguise funds or 
assets derived from illegal activities (including, without limitation, 
the ownership, nature, source, location, or control of such funds or 
assets) as part of a plan to violate or evade any federal law or 
regulation or to avoid any transaction reporting requirement under 
federal law;
    (ii) The transaction is designed to evade any regulations 
promulgated under the Bank Secrecy Act; or
    (iii) The transaction has no business or apparent lawful purpose or 
is not the sort of transaction in which the particular customer would 
normally be expected to engage, and the bank knows of no reasonable 
explanation for the transaction after examining the available facts, 
including the background and possible purpose of the transaction.
    (b) Time for reporting. (1) A bank shall file the suspicious 
activity report no later than 30 calendar days after the date of 
initial detection of facts that may constitute a basis for filing a 
suspicious activity report. If no suspect was identified on the date of 
detection of the incident requiring the filing, a bank may delay filing 
a suspicious activity report for an additional 30 calendar days to 
identify a suspect. In no case shall reporting be delayed more than 60 
calendar days after the date of initial detection of a reportable 
transaction.
    (2) In situations involving violations requiring immediate 
attention, such as when a reportable violation is ongoing, the bank 
shall immediately notify, by telephone, an appropriate law enforcement 
authority and the appropriate FDIC regional office (Division of 
Supervision) in addition to filing a timely report.
    (c) Reports to state and local authorities. A bank is encouraged to 
file a copy of the suspicious activity report with state and local law 
enforcement agencies where appropriate.
    (d) Exemptions. (1) A bank need not file a suspicious activity 
report for a robbery or burglary committed or attempted, that is 
reported to appropriate law enforcement authorities.
    (2) A bank need not file a suspicious activity report for lost, 
missing, counterfeit, or stolen securities if it files a report 
pursuant to the reporting requirements of 17 CFR 240.17f-1.
    (e) Retention of records. A bank shall maintain a copy of any 
suspicious activity report filed and the original or business record 
equivalent of any supporting documentation for a period of five years 
from the date of filing the suspicious activity report. Supporting 
documentation shall be identified and maintained by the bank as such, 
and shall be deemed to have been filed with the suspicious activity 
report. A bank must make all supporting documentation available to 
appropriate law enforcement authorities upon request.
    (f) Notification to board of directors. The management of a bank 
shall promptly notify its board of directors, or a committee thereof, 
of any report filed pursuant to this section. The term ``board of 
directors'' includes the managing official of an insured state-licensed 
branch of a foreign bank for purposes of this part.
    (g) Confidentiality of suspicious activity reports. Suspicious 
activity reports are confidential. Any bank subpoenaed or otherwise 
requested to disclose a suspicious activity report or the information 
contained in a suspicious activity report shall decline to produce the 
suspicious activity report or to provide any information that would 
disclose that a suspicious activity report has been prepared or filed 
citing this part, applicable law (e.g., 31 U.S.C. 5318(g)), or both, 
and notify the appropriate FDIC regional office (Division of 
Supervision).
    (h) Safe Harbor. The safe harbor provisions of 31 U.S.C. 5318(g), 
which exempts any bank that makes a disclosure of any possible 
violation of law or regulation from liability under any law or 
regulation of the United States, or any constitution, law or regulation 
of any state or political subdivision, cover all reports of suspected 
or known criminal violations and suspicious activities to law 
enforcement and financial institution supervisory authorities, 
including supporting documentation, regardless of whether such reports 
are filed pursuant to this part or are filed on a voluntary basis.

    By Order of the Board of Directors.

    Dated at Washington, D.C., this 6th day of February 1996.

Federal Deposit Insurance Corporation.
Jerry L. Langley,
Executive Secretary.
[FR Doc. 96-3519 Filed 2-15-96; 8:45 am]
BILLING CODE 6714-01-P