[Federal Register Volume 71, Number 208 (Friday, October 27, 2006)]
[Rules and Regulations]
[Pages 62876-62879]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E6-17838]


-----------------------------------------------------------------------

NATIONAL CREDIT UNION ADMINISTRATION

12 CFR Part 748

RIN 3133-AD23


Filing Requirements for Suspicious Activity Reports

AGENCY: National Credit Union Administration (NCUA).

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: NCUA is issuing a final rule to describe in greater detail the 
requirements for reporting and filing a Suspicious Activity Report 
(SAR) and to address prompt notification of the board of directors of 
SAR filings, the confidentiality of reports, and liability protection. 
NCUA also is changing the heading for this part so it more accurately 
describes its scope. NCUA seeks to enhance credit union compliance with 
SAR reporting requirements by providing greater detail in its rule on 
the thresholds and procedures for filing a SAR.

DATES: This rule is effective November 27, 2006.

FOR FURTHER INFORMATION CONTACT: Linda K. Dent, Staff Attorney, Office 
of General Counsel, at (703) 518-6540.

SUPPLEMENTARY INFORMATION:

Background

    On June 28, 2006, the NCUA Board requested comments on a proposed 
rule to amend part 748 to more clearly describe the reportable activity 
covered by the Suspicious Activity Report (SAR) filing requirements, 
identify important

[[Page 62877]]

filing procedures, and highlight record retention requirements. The 
proposed rule addressed several other key aspects of the SAR process 
including the confidentiality of the reports, safe harbor information, 
and notification of the credit union's board of directors of its SAR 
reporting activity.

Discussion

    NCUA periodically reviews a third of its existing regulations to 
update, clarify, and simplify these regulations where necessary and to 
eliminate redundant and unnecessary provisions. Interpretative Ruling 
and Policy Statement (IRPS) 87-2, Developing and Reviewing Government 
Regulations. The proposed changes resulted from such a review and were 
intended to provide basic information addressing mandatory reporting 
requirements and other important provisions in a single location. The 
changes also were intended to establish a regulation consistent with 
the suspicious activity report (SAR) regulations of the other Federal 
Financial Institutions Examination Counsel (FFIEC) regulators and 
Treasury's regulation at 31 CFR 103.18. The proposed changes were not 
intended to eliminate the need for credit unions to review more 
specific information when considering potentially suspicious activity 
or completing a SAR. Resources such as Sec.  103.18, the SAR form 
instructions, guidance provided in the FFIEC Bank Secrecy Act/Anti-
Money Laundering Examination Manual, NCUA's Web site, and the Financial 
Crimes Enforcement Network's (FinCEN) Web site, among others, continue 
to be useful tools in the SAR process.

Summary of Comments

    The NCUA Board (Board) received twenty-four comment letters 
regarding the proposed rule: Thirteen from natural person credit 
unions, two from corporate credit unions, eight from credit union trade 
associations, and one from an individual. The comments almost 
exclusively concern the proposal to require prompt notice to the credit 
union's board or its designated committee of any SAR filed. Twenty of 
the twenty-four commenters addressed this requirement.
    Approximately a third of the commenters believed the requirement 
unnecessary for a variety of reasons, among these its being a 
regulatory burden and not statutorily required. NCUA believes notifying 
a credit union's board, or its designated committee, of the credit 
union's SAR activity is important to ensure a board receives sufficient 
information to properly discharge its responsibilities. For example, 
awareness of suspicious activity can identify vulnerabilities and 
strengths in a credit union's operations and inform its board with 
respect to decisions regarding funding priorities and requirements for 
systems and training.
    Several commenters wanted a description of the type of information 
to include in the notice. The Board determined the final rule should 
not require a particular format for notice to a board of directors to 
allow credit unions and their boards the flexibility necessary to 
tailor the format to their particular needs and circumstances. The 
FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual lists 
several formats but credit unions are not limited to these.
    A majority of commenters on this section also felt the Board should 
define the term prompt. Commenters provided several suggestions ranging 
from annual notification, to specific time frames from the date 
reportable activity occurs, to allowing the credit union to decide 
which SARs to report and when. The Board recognizes the need for some 
flexibility in interpreting ``prompt'' given differences among credit 
unions regarding the nature and frequency of SAR activity. The Board 
believes prompt means a board of directors should receive notice of the 
credit union's SAR activity at least monthly, for example at the 
monthly board meeting, if there is activity to report unless the 
seriousness of an activity merits immediate reporting.
    NCUA also received various comments seeking additional guidance for 
identifying suspicious activity, direction for specific products and 
services, instruction on fact-specific scenarios, and recommendations 
of useful reference materials. While the rule provides general 
statements of the filing requirements and other key provisions for the 
SAR process, it cannot cover every possible activity or situation 
without becoming unwieldy and ineffective. Consequently, the rule 
references NCUA's and FinCEN's Web sites where information such as 
Frequently Asked Questions, the SAR form and accompanying instructions, 
the FFIEC Bank Secrecy Act/Anti-Money Laundering Examination Manual, 
and other materials are housed. NCUA's effort to provide credit unions 
with useful guidance is ongoing.
    One commenter asked the Board to include language in the rule 
permitting SAR processing within shared branch networks. The commenter 
stated shared branches currently prepare the report and send it to the 
member's credit union for processing. The Board appreciates the issue 
the commenter has raised but believes more information and input are 
necessary before any regulatory changes are in order.
    There are a few changes in the final rule from the proposed rule. 
The final rule includes technical corrections for consistency for 
references to the FFIEC Bank Secrecy Act/Money-Laundering Examination 
Manual The final rule revises the first sentence under Sec.  748.1(c) 
to clarify that reporting is also required where the credit union has 
reason to suspect a crime or suspicious transaction has occurred. The 
Board added a sentence to the end of Sec.  748.1(c)(2)(ii) providing 
information on the location of useful SAR guidance. The phrase ``but 
must notify all directors who are not suspects'' was revised in Section 
748.1(c)(4)(ii) to read ``but must notify all directors, or a committee 
designated by the board of directors to receive such notice, who are 
not suspects.'' The change expands a credit union's notification 
options in this circumstance by also allowing the board to designate a 
committee for this purpose. Lastly, the Board added a sentence to Sec.  
748.1(c)(5) to clarify a credit union's obligation to make the filed 
report and supporting documentation available to appropriate law 
enforcement and its regulatory supervisory authority when requested.

Regulatory Procedures

Regulatory Flexibility Act

    The Regulatory Flexibility Act requires NCUA to prepare an analysis 
to describe any significant economic impact a proposed rule may have on 
a substantial number of small credit unions (those under $10 million in 
assets). This proposed rule modifies the language of a preexisting 
requirement for federally-insured credit unions to file reports of 
suspected crimes and suspicious activity. The proposed rule, therefore, 
will not have a significant economic impact on a substantial number of 
small credit unions and a regulatory flexibility analysis is not 
required.

Paperwork Reduction Act

    The Office of Management and Budget assigned 3133-0094 as the 
control number for NCUA's Form 2362. NCUA has determined that the 
proposed amendments will not increase paperwork requirements and a 
paperwork reduction analysis is not required.

[[Page 62878]]

Executive Order 13132

    Executive Order 13132 encourages independent regulatory agencies to 
consider the impact of their actions on state and local interests. In 
adherence to fundamental federalism principles, NCUA, an independent 
regulatory agency as defined in 44 U.S.C. 3502(5), voluntarily complies 
with the executive order. The proposed rule would not have substantial 
direct effects on the states, on the connection between the national 
government and the states, or on the distribution of power and 
responsibilities among the various levels of government. NCUA has 
determined that this proposed rule does not constitute a policy that 
has federalism implications for purposes of the executive order.

The Treasury and General Government Appropriations Act, 1999--
Assessment of Federal Regulations and Policies on Families

    NCUA has determined that this proposed rule would not affect family 
well-being within the meaning of section 654 of the Treasury and 
General Government Appropriations Act, 1999, Public Law 105-277, 112 
Stat. 2681 (1998).

List of Subjects in 12 CFR Part 748

    Credit unions, Suspicious Activity Report.

    By the National Credit Union Administration Board on October 19, 
2006.
Mary Rupp,
Secretary of the Board.

0
For the reasons stated in the preamble, the National Credit Union 
Administration amends 12 CFR part 748 as set forth below:

PART 748--SECURITY PROGRAM, REPORT OF SUSPECTED CRIMES, SUSPICIOUS 
TRANSACTIONS, CATASTROPHIC ACTS AND BANK SECRECY ACT COMPLIANCE

0
1. The authority citation for part 748 continues to read as follows:

    Authority: 12 U.S.C. 1766(a) and 1786(q); 31 U.S.C. 5311.

0
2. The heading of part 748 is revised to read as set forth above.


0
3. Section 748.1(c) is revised to read as follows:


Sec.  748.1  Filing of reports.

* * * * *
    (c) Suspicious Activity Report. A credit union must file a report 
if it knows, suspects, or has reason to suspect that any crime or any 
suspicious transaction related to money laundering activity or a 
violation of the Bank Secrecy Act has occurred. For the purposes of 
this paragraph (c) credit union means a federally-insured credit union 
and official means any member of the board of directors or a volunteer 
committee.
    (1) Reportable activity. Transaction for purposes of this paragraph 
means a deposit, withdrawal, transfer between accounts, exchange of 
currency, loan, extension of credit, purchase or sale of any stock, 
bond, share certificate, or other monetary instrument or investment 
security, or any other payment, transfer, or delivery by, through, or 
to a financial institution, by whatever means effected. A credit union 
must report any known or suspected crime or any suspicious transaction 
related to money laundering or other illegal activity, for example, 
terrorism financing, loan fraud, or embezzlement, or a violation of the 
Bank Secrecy Act by sending a completed suspicious activity report 
(SAR) to the Financial Crimes Enforcement Network (FinCEN) in the 
following circumstances:
    (i) Insider abuse involving any amount. Whenever the credit union 
detects any known or suspected Federal criminal violations, or pattern 
of criminal violations, committed or attempted against the credit union 
or involving a transaction or transactions conducted through the credit 
union, where the credit union believes it was either an actual or 
potential victim of a criminal violation, or series of criminal 
violations, or that the credit union was used to facilitate a criminal 
transaction, and the credit union has a substantial basis for 
identifying one of the credit union's officials, employees, or agents 
as having committed or aided in the commission of the criminal 
violation, regardless of the amount involved in the violation;
    (ii) Transactions aggregating $5,000 or more where a suspect can be 
identified. Whenever the credit union detects any known or suspected 
Federal criminal violation, or pattern of criminal violations, 
committed or attempted against the credit union or involving a 
transaction or transactions conducted through the credit union, and 
involving or aggregating $5,000 or more in funds or other assets, where 
the credit union believes it was either an actual or potential victim 
of a criminal violation, or series of criminal violations, or that the 
credit union was used to facilitate a criminal transaction, and the 
credit union has a substantial basis for identifying a possible suspect 
or group of suspects. If it is determined before filing this report 
that the identified suspect or group of suspects has used an alias, 
then information regarding the true identity of the suspect or group of 
suspects, as well as alias identifiers, such as drivers' licenses or 
social security numbers, addresses and telephone numbers, must be 
reported;
    (iii) Transactions aggregating $25,000 or more regardless of 
potential suspects. Whenever the credit union detects any known or 
suspected Federal criminal violation, or pattern of criminal 
violations, committed or attempted against the credit union or 
involving a transaction or transactions conducted through the credit 
union, involving or aggregating $25,000 or more in funds or other 
assets, where the credit union believes it was either an actual or 
potential victim of a criminal violation, or series of criminal 
violations, or that the credit union was used to facilitate a criminal 
transaction, even though the credit union has no substantial basis for 
identifying a possible suspect or group of suspects; or
    (iv) Transactions aggregating $5,000 or more that involve potential 
money laundering or violations of the Bank Secrecy Act. Any transaction 
conducted or attempted by, at or through the credit union and involving 
or aggregating $5,000 or more in funds or other assets, if the credit 
union knows, suspects, or has reason to suspect:
    (A) The transaction involves funds derived from illegal activities 
or is intended or conducted in order to hide or disguise funds or 
assets derived from illegal activities (including, without limitation, 
the ownership, nature, source, location, or control of such funds or 
assets) as part of a plan to violate or evade any Federal law or 
regulation or to avoid any transaction reporting requirement under 
Federal law;
    (B) The transaction is designed to evade any regulations 
promulgated under the Bank Secrecy Act; or
    (C) The transaction has no business or apparent lawful purpose or 
is not the sort of transaction in which the particular member would 
normally be expected to engage, and the credit union knows of no 
reasonable explanation for the transaction after examining the 
available facts, including the background and possible purpose of the 
transaction.
    (v) Exceptions. A credit union is not required to file a SAR for a 
robbery or burglary committed or attempted that is reported to 
appropriate law enforcement authorities, or for lost, missing, 
counterfeit, or stolen securities and the credit union files a report 
pursuant to the reporting requirements of 17 CFR 240.17f-1.
    (2) Filing Procedures. (i) Timing. A credit union must file a SAR 
with

[[Page 62879]]

FinCEN no later than 30 calendar days from the date the suspicious 
activity is initially detected, unless there is no identified suspect 
on the date of detection. If no suspect is identified on the date of 
detection, a credit union may use an additional 30 calendar days to 
identify a suspect before filing a SAR. In no case may a credit union 
take more than 60 days from the date it initially detects a reportable 
transaction to file a SAR. In situations involving violations requiring 
immediate attention, such as ongoing money laundering schemes, a credit 
union must immediately notify, by telephone, an appropriate law 
enforcement authority and its supervisory authority, in addition to 
filing a SAR.
    (ii) Content. A credit union must complete, fully and accurately, 
SAR form TDF 90-22.47, Suspicious Activity Report (also known as NCUA 
Form 2362) in accordance with the form's instructions and 31 CFR Part 
103.18. A copy of the SAR form may be obtained from the credit union 
resources section of NCUA's Web site, http://www.ncua.gov, or the 
regulatory section of FinCEN's Web site, http://www.fincen.gov. These 
sites include other useful guidance on SARs, for example, forms and 
filing instructions, Frequently Asked Questions, and the FFIEC Bank 
Secrecy Act/Anti-Money Laundering Examination Manual.
    (iii) Compliance. Failure to file a SAR as required by the form's 
instructions and 31 CFR Part 103.18 may subject the credit union, its 
officials, employees, and agents to the assessment of civil money 
penalties or other administrative actions.
    (3) Retention of Records. A credit union must maintain a copy of 
any SAR that it files and the original or business record equivalent of 
all supporting documentation to the report for a period of five years 
from the date of the report. Supporting documentation must be 
identified and maintained by the credit union as such. Supporting 
documentation is considered a part of the filed report even though it 
should not be actually filed with the submitted report. A credit union 
must make all supporting documentation available to appropriate law 
enforcement authorities and its regulatory supervisory authority upon 
request.
    (4) Notification to board of directors. (i) Generally. The 
management of the credit union must promptly notify its board of 
directors, or a committee designated by the board of directors to 
receive such notice, of any SAR filed.
    (ii) Suspect is a director or committee member. If a credit union 
files a SAR and the suspect is a director or member of a committee 
designated by the board of directors to receive notice of SAR filings, 
the credit union may not notify the suspect, pursuant to 31 U.S.C. 
5318(g)(2), but must notify the remaining directors, or designated 
committee members, who are not suspects.
    (5) Confidentiality of reports. SARs are confidential. Any credit 
union, including its officials, employees, and agents, subpoenaed or 
otherwise requested to disclose a SAR or the information in a SAR must 
decline to produce the SAR or to provide any information that would 
disclose that a SAR was prepared or filed, citing this part, applicable 
law, for example, 31 U.S.C. 5318(g), or both, and notify NCUA of the 
request. A credit union must make the filed report and all supporting 
documentation available to appropriate law enforcement authorities and 
its regulatory supervisory authority upon request.
    (6) Safe Harbor. Any credit union, including its officials, 
employees, and agents, that makes a report of suspected or known 
criminal violations and suspicious activities to law enforcement and 
financial institution supervisory authorities, including supporting 
documentation, are protected from liability for any disclosure in the 
report, or for failure to disclose the existence of the report, or 
both, to the full extent provided by 31 U.S.C. 5318(g)(3). This 
protection applies if the report is filed pursuant to this part or is 
filed on a voluntary basis.

[FR Doc. E6-17838 Filed 10-26-06; 8:45 am]
BILLING CODE 7535-01-P