[Federal Register Volume 71, Number 208 (Friday, October 27, 2006)]
[Rules and Regulations]
[Pages 62876-62879]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-17838]
-----------------------------------------------------------------------
NATIONAL CREDIT UNION ADMINISTRATION
12 CFR Part 748
RIN 3133-AD23
Filing Requirements for Suspicious Activity Reports
AGENCY: National Credit Union Administration (NCUA).
ACTION: Final rule.
-----------------------------------------------------------------------
SUMMARY: NCUA is issuing a final rule to describe in greater detail the
requirements for reporting and filing a Suspicious Activity Report
(SAR) and to address prompt notification of the board of directors of
SAR filings, the confidentiality of reports, and liability protection.
NCUA also is changing the heading for this part so it more accurately
describes its scope. NCUA seeks to enhance credit union compliance with
SAR reporting requirements by providing greater detail in its rule on
the thresholds and procedures for filing a SAR.
DATES: This rule is effective November 27, 2006.
FOR FURTHER INFORMATION CONTACT: Linda K. Dent, Staff Attorney, Office
of General Counsel, at (703) 518-6540.
SUPPLEMENTARY INFORMATION:
Background
On June 28, 2006, the NCUA Board requested comments on a proposed
rule to amend part 748 to more clearly describe the reportable activity
covered by the Suspicious Activity Report (SAR) filing requirements,
identify important
[[Page 62877]]
filing procedures, and highlight record retention requirements. The
proposed rule addressed several other key aspects of the SAR process
including the confidentiality of the reports, safe harbor information,
and notification of the credit union's board of directors of its SAR
reporting activity.
Discussion
NCUA periodically reviews a third of its existing regulations to
update, clarify, and simplify these regulations where necessary and to
eliminate redundant and unnecessary provisions. Interpretative Ruling
and Policy Statement (IRPS) 87-2, Developing and Reviewing Government
Regulations. The proposed changes resulted from such a review and were
intended to provide basic information addressing mandatory reporting
requirements and other important provisions in a single location. The
changes also were intended to establish a regulation consistent with
the suspicious activity report (SAR) regulations of the other Federal
Financial Institutions Examination Counsel (FFIEC) regulators and
Treasury's regulation at 31 CFR 103.18. The proposed changes were not
intended to eliminate the need for credit unions to review more
specific information when considering potentially suspicious activity
or completing a SAR. Resources such as Sec. 103.18, the SAR form
instructions, guidance provided in the FFIEC Bank Secrecy Act/Anti-
Money Laundering Examination Manual, NCUA's Web site, and the Financial
Crimes Enforcement Network's (FinCEN) Web site, among others, continue
to be useful tools in the SAR process.
Summary of Comments
The NCUA Board (Board) received twenty-four comment letters
regarding the proposed rule: Thirteen from natural person credit
unions, two from corporate credit unions, eight from credit union trade
associations, and one from an individual. The comments almost
exclusively concern the proposal to require prompt notice to the credit
union's board or its designated committee of any SAR filed. Twenty of
the twenty-four commenters addressed this requirement.
Approximately a third of the commenters believed the requirement
unnecessary for a variety of reasons, among these its being a
regulatory burden and not statutorily required. NCUA believes notifying
a credit union's board, or its designated committee, of the credit
union's SAR activity is important to ensure a board receives sufficient
information to properly discharge its responsibilities. For example,
awareness of suspicious activity can identify vulnerabilities and
strengths in a credit union's operations and inform its board with
respect to decisions regarding funding priorities and requirements for
systems and training.
Several commenters wanted a description of the type of information
to include in the notice. The Board determined the final rule should
not require a particular format for notice to a board of directors to
allow credit unions and their boards the flexibility necessary to
tailor the format to their particular needs and circumstances. The
FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual lists
several formats but credit unions are not limited to these.
A majority of commenters on this section also felt the Board should
define the term prompt. Commenters provided several suggestions ranging
from annual notification, to specific time frames from the date
reportable activity occurs, to allowing the credit union to decide
which SARs to report and when. The Board recognizes the need for some
flexibility in interpreting ``prompt'' given differences among credit
unions regarding the nature and frequency of SAR activity. The Board
believes prompt means a board of directors should receive notice of the
credit union's SAR activity at least monthly, for example at the
monthly board meeting, if there is activity to report unless the
seriousness of an activity merits immediate reporting.
NCUA also received various comments seeking additional guidance for
identifying suspicious activity, direction for specific products and
services, instruction on fact-specific scenarios, and recommendations
of useful reference materials. While the rule provides general
statements of the filing requirements and other key provisions for the
SAR process, it cannot cover every possible activity or situation
without becoming unwieldy and ineffective. Consequently, the rule
references NCUA's and FinCEN's Web sites where information such as
Frequently Asked Questions, the SAR form and accompanying instructions,
the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual,
and other materials are housed. NCUA's effort to provide credit unions
with useful guidance is ongoing.
One commenter asked the Board to include language in the rule
permitting SAR processing within shared branch networks. The commenter
stated shared branches currently prepare the report and send it to the
member's credit union for processing. The Board appreciates the issue
the commenter has raised but believes more information and input are
necessary before any regulatory changes are in order.
There are a few changes in the final rule from the proposed rule.
The final rule includes technical corrections for consistency for
references to the FFIEC Bank Secrecy Act/Money-Laundering Examination
Manual The final rule revises the first sentence under Sec. 748.1(c)
to clarify that reporting is also required where the credit union has
reason to suspect a crime or suspicious transaction has occurred. The
Board added a sentence to the end of Sec. 748.1(c)(2)(ii) providing
information on the location of useful SAR guidance. The phrase ``but
must notify all directors who are not suspects'' was revised in Section
748.1(c)(4)(ii) to read ``but must notify all directors, or a committee
designated by the board of directors to receive such notice, who are
not suspects.'' The change expands a credit union's notification
options in this circumstance by also allowing the board to designate a
committee for this purpose. Lastly, the Board added a sentence to Sec.
748.1(c)(5) to clarify a credit union's obligation to make the filed
report and supporting documentation available to appropriate law
enforcement and its regulatory supervisory authority when requested.
Regulatory Procedures
Regulatory Flexibility Act
The Regulatory Flexibility Act requires NCUA to prepare an analysis
to describe any significant economic impact a proposed rule may have on
a substantial number of small credit unions (those under $10 million in
assets). This proposed rule modifies the language of a preexisting
requirement for federally-insured credit unions to file reports of
suspected crimes and suspicious activity. The proposed rule, therefore,
will not have a significant economic impact on a substantial number of
small credit unions and a regulatory flexibility analysis is not
required.
Paperwork Reduction Act
The Office of Management and Budget assigned 3133-0094 as the
control number for NCUA's Form 2362. NCUA has determined that the
proposed amendments will not increase paperwork requirements and a
paperwork reduction analysis is not required.
[[Page 62878]]
Executive Order 13132
Executive Order 13132 encourages independent regulatory agencies to
consider the impact of their actions on state and local interests. In
adherence to fundamental federalism principles, NCUA, an independent
regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies
with the executive order. The proposed rule would not have substantial
direct effects on the states, on the connection between the national
government and the states, or on the distribution of power and
responsibilities among the various levels of government. NCUA has
determined that this proposed rule does not constitute a policy that
has federalism implications for purposes of the executive order.
The Treasury and General Government Appropriations Act, 1999--
Assessment of Federal Regulations and Policies on Families
NCUA has determined that this proposed rule would not affect family
well-being within the meaning of section 654 of the Treasury and
General Government Appropriations Act, 1999, Public Law 105-277, 112
Stat. 2681 (1998).
List of Subjects in 12 CFR Part 748
Credit unions, Suspicious Activity Report.
By the National Credit Union Administration Board on October 19,
2006.
Mary Rupp,
Secretary of the Board.
0
For the reasons stated in the preamble, the National Credit Union
Administration amends 12 CFR part 748 as set forth below:
PART 748--SECURITY PROGRAM, REPORT OF SUSPECTED CRIMES, SUSPICIOUS
TRANSACTIONS, CATASTROPHIC ACTS AND BANK SECRECY ACT COMPLIANCE
0
1. The authority citation for part 748 continues to read as follows:
Authority: 12 U.S.C. 1766(a) and 1786(q); 31 U.S.C. 5311.
0
2. The heading of part 748 is revised to read as set forth above.
0
3. Section 748.1(c) is revised to read as follows:
Sec. 748.1 Filing of reports.
* * * * *
(c) Suspicious Activity Report. A credit union must file a report
if it knows, suspects, or has reason to suspect that any crime or any
suspicious transaction related to money laundering activity or a
violation of the Bank Secrecy Act has occurred. For the purposes of
this paragraph (c) credit union means a federally-insured credit union
and official means any member of the board of directors or a volunteer
committee.
(1) Reportable activity. Transaction for purposes of this paragraph
means a deposit, withdrawal, transfer between accounts, exchange of
currency, loan, extension of credit, purchase or sale of any stock,
bond, share certificate, or other monetary instrument or investment
security, or any other payment, transfer, or delivery by, through, or
to a financial institution, by whatever means effected. A credit union
must report any known or suspected crime or any suspicious transaction
related to money laundering or other illegal activity, for example,
terrorism financing, loan fraud, or embezzlement, or a violation of the
Bank Secrecy Act by sending a completed suspicious activity report
(SAR) to the Financial Crimes Enforcement Network (FinCEN) in the
following circumstances:
(i) Insider abuse involving any amount. Whenever the credit union
detects any known or suspected Federal criminal violations, or pattern
of criminal violations, committed or attempted against the credit union
or involving a transaction or transactions conducted through the credit
union, where the credit union believes it was either an actual or
potential victim of a criminal violation, or series of criminal
violations, or that the credit union was used to facilitate a criminal
transaction, and the credit union has a substantial basis for
identifying one of the credit union's officials, employees, or agents
as having committed or aided in the commission of the criminal
violation, regardless of the amount involved in the violation;
(ii) Transactions aggregating $5,000 or more where a suspect can be
identified. Whenever the credit union detects any known or suspected
Federal criminal violation, or pattern of criminal violations,
committed or attempted against the credit union or involving a
transaction or transactions conducted through the credit union, and
involving or aggregating $5,000 or more in funds or other assets, where
the credit union believes it was either an actual or potential victim
of a criminal violation, or series of criminal violations, or that the
credit union was used to facilitate a criminal transaction, and the
credit union has a substantial basis for identifying a possible suspect
or group of suspects. If it is determined before filing this report
that the identified suspect or group of suspects has used an alias,
then information regarding the true identity of the suspect or group of
suspects, as well as alias identifiers, such as drivers' licenses or
social security numbers, addresses and telephone numbers, must be
reported;
(iii) Transactions aggregating $25,000 or more regardless of
potential suspects. Whenever the credit union detects any known or
suspected Federal criminal violation, or pattern of criminal
violations, committed or attempted against the credit union or
involving a transaction or transactions conducted through the credit
union, involving or aggregating $25,000 or more in funds or other
assets, where the credit union believes it was either an actual or
potential victim of a criminal violation, or series of criminal
violations, or that the credit union was used to facilitate a criminal
transaction, even though the credit union has no substantial basis for
identifying a possible suspect or group of suspects; or
(iv) Transactions aggregating $5,000 or more that involve potential
money laundering or violations of the Bank Secrecy Act. Any transaction
conducted or attempted by, at or through the credit union and involving
or aggregating $5,000 or more in funds or other assets, if the credit
union knows, suspects, or has reason to suspect:
(A) The transaction involves funds derived from illegal activities
or is intended or conducted in order to hide or disguise funds or
assets derived from illegal activities (including, without limitation,
the ownership, nature, source, location, or control of such funds or
assets) as part of a plan to violate or evade any Federal law or
regulation or to avoid any transaction reporting requirement under
Federal law;
(B) The transaction is designed to evade any regulations
promulgated under the Bank Secrecy Act; or
(C) The transaction has no business or apparent lawful purpose or
is not the sort of transaction in which the particular member would
normally be expected to engage, and the credit union knows of no
reasonable explanation for the transaction after examining the
available facts, including the background and possible purpose of the
transaction.
(v) Exceptions. A credit union is not required to file a SAR for a
robbery or burglary committed or attempted that is reported to
appropriate law enforcement authorities, or for lost, missing,
counterfeit, or stolen securities and the credit union files a report
pursuant to the reporting requirements of 17 CFR 240.17f-1.
(2) Filing Procedures. (i) Timing. A credit union must file a SAR
with
[[Page 62879]]
FinCEN no later than 30 calendar days from the date the suspicious
activity is initially detected, unless there is no identified suspect
on the date of detection. If no suspect is identified on the date of
detection, a credit union may use an additional 30 calendar days to
identify a suspect before filing a SAR. In no case may a credit union
take more than 60 days from the date it initially detects a reportable
transaction to file a SAR. In situations involving violations requiring
immediate attention, such as ongoing money laundering schemes, a credit
union must immediately notify, by telephone, an appropriate law
enforcement authority and its supervisory authority, in addition to
filing a SAR.
(ii) Content. A credit union must complete, fully and accurately,
SAR form TDF 90-22.47, Suspicious Activity Report (also known as NCUA
Form 2362) in accordance with the form's instructions and 31 CFR Part
103.18. A copy of the SAR form may be obtained from the credit union
resources section of NCUA's Web site, http://www.ncua.gov, or the
regulatory section of FinCEN's Web site, http://www.fincen.gov. These
sites include other useful guidance on SARs, for example, forms and
filing instructions, Frequently Asked Questions, and the FFIEC Bank
Secrecy Act/Anti-Money Laundering Examination Manual.
(iii) Compliance. Failure to file a SAR as required by the form's
instructions and 31 CFR Part 103.18 may subject the credit union, its
officials, employees, and agents to the assessment of civil money
penalties or other administrative actions.
(3) Retention of Records. A credit union must maintain a copy of
any SAR that it files and the original or business record equivalent of
all supporting documentation to the report for a period of five years
from the date of the report. Supporting documentation must be
identified and maintained by the credit union as such. Supporting
documentation is considered a part of the filed report even though it
should not be actually filed with the submitted report. A credit union
must make all supporting documentation available to appropriate law
enforcement authorities and its regulatory supervisory authority upon
request.
(4) Notification to board of directors. (i) Generally. The
management of the credit union must promptly notify its board of
directors, or a committee designated by the board of directors to
receive such notice, of any SAR filed.
(ii) Suspect is a director or committee member. If a credit union
files a SAR and the suspect is a director or member of a committee
designated by the board of directors to receive notice of SAR filings,
the credit union may not notify the suspect, pursuant to 31 U.S.C.
5318(g)(2), but must notify the remaining directors, or designated
committee members, who are not suspects.
(5) Confidentiality of reports. SARs are confidential. Any credit
union, including its officials, employees, and agents, subpoenaed or
otherwise requested to disclose a SAR or the information in a SAR must
decline to produce the SAR or to provide any information that would
disclose that a SAR was prepared or filed, citing this part, applicable
law, for example, 31 U.S.C. 5318(g), or both, and notify NCUA of the
request. A credit union must make the filed report and all supporting
documentation available to appropriate law enforcement authorities and
its regulatory supervisory authority upon request.
(6) Safe Harbor. Any credit union, including its officials,
employees, and agents, that makes a report of suspected or known
criminal violations and suspicious activities to law enforcement and
financial institution supervisory authorities, including supporting
documentation, are protected from liability for any disclosure in the
report, or for failure to disclose the existence of the report, or
both, to the full extent provided by 31 U.S.C. 5318(g)(3). This
protection applies if the report is filed pursuant to this part or is
filed on a voluntary basis.
[FR Doc. E6-17838 Filed 10-26-06; 8:45 am]
BILLING CODE 7535-01-P