[Federal Register Volume 74, Number 44 (Monday, March 9, 2009)]
[Proposed Rules]
[Pages 10130-10135]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: E9-4703]



[[Page 10129]]

-----------------------------------------------------------------------

Part II





Department of the Treasury





-----------------------------------------------------------------------



31 CFR Part 103



-----------------------------------------------------------------------



Office of the Comptroller of the Currency

12 CFR Parts 4 and 21



-----------------------------------------------------------------------



Office of Thrift Supervision

12 CFR Parts 510 and 563



Confidentiality of Suspicious Activity Reports; Standards Governing the 
Release of a Suspicious Activity Report; Interpretive Guidances--
Sharing Suspicious Activity Reports; Proposed Rules

  Federal Register / Vol. 74, No. 44 / Monday, March 9, 2009 / Proposed 
Rules  

[[Page 10130]]


-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Office of the Comptroller of the Currency

12 CFR Part 21

[Docket ID OCC-2009-0004]
RIN 1557-AD17


Confidentiality of Suspicious Activity Reports

AGENCY: The Office of the Comptroller of the Currency, Treasury (OCC).

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: The OCC is proposing to amend its regulations implementing the 
Bank Secrecy Act (BSA) governing the confidentiality of a suspicious 
activity report (SAR) to: Clarify the scope of the statutory 
prohibition on the disclosure by a financial institution of a report of 
a suspicious transaction, as it applies to national banks; address the 
statutory prohibition on the disclosure by the government of a SAR, as 
that prohibition applies to the OCC's standards governing the 
disclosure of SARs; clarify the exclusive standard applicable to the 
disclosure of a SAR, or any information that would reveal the existence 
of a SAR, by the OCC is ``to fulfill official duties consistent with 
the purposes of the BSA;'' and modify the safe harbor provision in its 
rules to include changes made by the Uniting and Strengthening America 
by Providing Appropriate Tools Required to Intercept and Obstruct 
Terrorism (USA PATRIOT) Act. These amendments are based upon a similar 
proposal being contemporaneously issued by the Financial Crimes 
Enforcement Network (FinCEN).

DATES: Comments must be received by June 8, 2009.

ADDRESSES: Because paper mail in the Washington, DC area and received 
by the OCC is subject to delay, commenters are encouraged to submit 
comments by the Federal eRulemaking Portal or e-mail, if possible. 
Please use the title ``Confidentiality of Suspicious Activity Reports'' 
to facilitate the organization and distribution of the comments. You 
may submit comments by any of the following methods:
    Federal eRulemaking Portal--``Regulations.gov'': Go to http://www.regulations.gov, under the ``More Search Options'' tab click next 
to the ``Advanced Docket Search'' option where indicated, select 
``Comptroller of the Currency'' from the agency drop-down menu, then 
click ``Submit.'' In the ``Docket ID'' column, select ``OCC-2009-0004'' 
to submit or view public comments and to view supporting and related 
materials for this notice of proposed rulemaking. The ``How to Use This 
Site'' link on the Regulations.gov home page provides information on 
using Regulations.gov, including instructions for submitting or viewing 
public comments, viewing other supporting and related materials, and 
viewing the docket after the close of the comment period.
     E-mail: [email protected].
     Mail: Office of the Comptroller of the Currency, 250 E 
Street, SW., Mail Stop 2-3, Washington, DC 20219.
     Fax: (202) 874-5274.
     Hand Delivery/Courier: 250 E Street, SW., Mail Stop 2-3, 
Washington, DC 20219.
    Instructions: You must include ``OCC'' as the agency name and 
``Docket Number OCC-2009-0004'' in your comment. In general, OCC will 
enter all comments received into the docket and publish them on the 
Regulations.gov Web site without change, including any business or 
personal information that you provide such as name and address 
information, e-mail addresses, or phone numbers. Comments received, 
including attachments and other supporting materials, are part of the 
public record and subject to public disclosure. Do not enclose any 
information in your comment or supporting materials that you consider 
confidential or inappropriate for public disclosure.
    You may review comments and other related materials that pertain to 
this notice of proposed rulemaking by any of the following methods:
     Viewing Comments Electronically: Go to http://www.regulations.gov, under the ``More Search Options'' tab click next 
to the ``Advanced Document Search'' option where indicated, select 
``Comptroller of the Currency'' from the agency drop-down menu, then, 
click ``Submit.'' In the ``Docket ID'' column, select ``OCC-2009-0004'' 
to view public comments for this rulemaking action.
     Viewing Comments Personally: You may personally inspect 
and photocopy comments at the OCC, 250 E Street, SW., Washington, DC. 
For security reasons, the OCC requires that visitors make an 
appointment to inspect comments. You may do so by calling (202) 874-
4700. Upon arrival, visitors will be required to present valid 
government-issued photo identification and submit to security screening 
in order to inspect and photocopy comments.
     Docket: You may also view or request available background 
documents and project summaries using the methods described above.

FOR FURTHER INFORMATION CONTACT: James Vivenzio, Senior Counsel for 
BSA/AML, (202) 874-5200; Ellen Warwick, Assistant Director, Litigation, 
(202) 874-5280; or Patrick Tierney, Senior Attorney, Legislative and 
Regulatory Activities, (202) 874-5090; Office of the Comptroller of the 
Currency, 250 E Street, SW., Washington, DC 20219.

SUPPLEMENTARY INFORMATION:

I. Background

    The BSA requires financial institutions, including national banks 
regulated by the OCC, to keep certain records and make certain reports 
that have been determined to be useful in criminal, tax, or regulatory 
investigations or proceedings, and for intelligence or counter 
intelligence activities to protect against international terrorism. In 
particular, the BSA and its implementing regulations require a 
financial institution to file a SAR when it detects a known or 
suspected violation of Federal law or a suspicious activity related to 
money laundering, terrorist financing, or other criminal activity.\1\
---------------------------------------------------------------------------

    \1\ The Annunzio-Wylie Anti-Money Laundering Act of 1992 (the 
Annunzio-Wylie Act), amended the BSA and authorized the Secretary of 
the Treasury to require financial institutions to report suspicious 
transactions relevant to a possible violation of law or regulation. 
See Public Law 102-550, Title XV, section 1517(b), 106 Stat. 4055, 
4058-9 (1992); 31 U.S.C. 5318(g)(1). The OCC, Board of Governors of 
the Federal Reserve System (FRB), Federal Deposit Insurance 
Corporation (FDIC), Office of Thrift Supervision (OTS), and National 
Credit Union Administration (NCUA), (collectively referred to as the 
Federal bank regulatory agencies) subsequently issued virtually 
identical implementing regulations on suspicious activity reporting. 
See 12 CFR 21.11 (OCC); 12 CFR 208.62 (FRB); 12 CFR 353.3 (FDIC); 12 
CFR 563.180 (OTS) and 12 CFR 748.1 (NCUA).
---------------------------------------------------------------------------

    SARs are used for law enforcement or regulatory purposes to combat 
terrorism, terrorist financing, money laundering and other financial 
crimes. For this reason, the BSA provides that a financial institution, 
and its officers, directors, employees, and agents are prohibited from 
notifying any person involved in a suspicious transaction that the 
transaction was reported.\2\ To encourage the voluntary reporting of 
possible violations of law and regulation, and the filing of SARs, the 
BSA also contains a safe harbor provision which shields financial 
institutions making such reports from civil liability.
---------------------------------------------------------------------------

    \2\ 31 U.S.C. 5318(g)(2)(A)(i).
---------------------------------------------------------------------------

    FinCEN has issued rules implementing the SAR confidentiality 
provisions for various types of financial institutions that closely 
mirror the statutory language.\3\ In addition, the

[[Page 10131]]

Federal bank regulatory agencies implemented these provisions through 
similar regulations that provide SARs are confidential and generally no 
information about or contained in a SAR may be disclosed.\4\ The 
regulations issued by FinCEN and the Federal bank regulatory agencies 
also describe the applicability of the safe harbor provision to both 
voluntary reports of possible and known violations of law and the 
required filing of SARs.\5\
---------------------------------------------------------------------------

    \3\ See, e.g., 31 CFR 103.18(e) (SAR confidentiality rule for 
banks); 31 CFR 103.19(e) (SAR confidentiality rule for brokers or 
dealers in securities).
    \4\ See 12 CFR 21.11(k) (OCC); 12 CFR 208.62(j) (FRB); 12 CFR 
353.3(g) (FDIC); 12 CFR 563.180(d)(12) (OTS); and 12 CFR 748.1 
(NCUA).
    \5\ 31 U.S.C. 5318(g)(3).
---------------------------------------------------------------------------

    The USA PATRIOT Act of 2001 strengthened the confidentiality of 
SARs by adding to the BSA a new provision that prohibits officers or 
employees of the Federal government or any State, local, tribal, or 
territorial government within the United States with knowledge of a 
SAR, from disclosing to any person involved in a suspicious transaction 
that the transaction was reported, other than as necessary to fulfill 
the official duties of such officer or employee.\6\ The USA PATRIOT Act 
also clarified that the safe harbor shielding financial institutions 
from liability covers voluntary disclosures of possible violations of 
law and regulations to a government agency and expanded the scope of 
the limit on liability to cover any civil liability which may exist 
``under any contract or other legally enforceable agreement (including 
any arbitration agreement).'' \7\
---------------------------------------------------------------------------

    \6\ See USA PATRIOT Act, section 351(b). Public Law 107-56, 
Title III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 
5318(g)(2).
    \7\ See USA PATRIOT Act, section 351(a). Public Law 107-56, 
Title III, section 351, 115 Stat. 272, 321 (2001); 31 U.S.C. 
5318(g)(3).
---------------------------------------------------------------------------

    FinCEN \8\ is proposing to modify its SAR rules to interpret or 
further interpret the provisions of the BSA that relate to the 
confidentiality of SARs and the safe harbor for such reporting. The OCC 
is proposing to amend its rules contemporaneously, based upon the 
proposal being issued by FinCEN, to clarify the manner in which these 
provisions apply to national banks and to the OCC's own standards 
governing the disclosure of a SAR and any information that would reveal 
the existence of a SAR (referred to in this preamble as ``SAR 
information'').
---------------------------------------------------------------------------

    \8\ FinCEN is the agency designated by the Department of the 
Treasury to administer the BSA, and with which SARs must be filed. 
See 31 U.S.C. 5318; 12 CFR 21.11(c).
---------------------------------------------------------------------------

II. Overview of Proposal

    The proposed amendments to the OCC's rules include key changes that 
would (1) clarify the scope of the statutory prohibition on the 
disclosure by a financial institution of a SAR, as it applies to 
national banks; (2) address the statutory prohibition on the disclosure 
by the government of a SAR, which was added to the BSA by section 
351(b) of the USA PATRIOT Act of 2001, as that prohibition applies to 
the OCC's standards governing the disclosure of SAR information; and 
(3) clarify that the exclusive standard applicable to the disclosure of 
SAR information by the OCC is ``to fulfill official duties consistent 
with the purposes of the BSA,'' in order to ensure that SAR information 
is protected from inappropriate disclosures unrelated to the BSA 
purposes for which SARs are filed. In addition, the proposed amendments 
would modify the safe harbor provision in the OCC's SAR rules \9\ to 
include changes made by the USA PATRIOT Act.
---------------------------------------------------------------------------

    \9\ 12 CFR 21.11(l).
---------------------------------------------------------------------------

    Furthermore, as described in section III of this SUPPLEMENTARY 
INFORMATION, FinCEN is simultaneously issuing for notice and comment 
proposed guidance regarding the sharing of SARs with affiliates. That 
proposed guidance interprets a provision of the proposed rulemaking, 
and, accordingly, should be read in conjunction with this notice.
    In a separate rulemaking, the OCC also is simultaneously proposing 
to amend its information disclosure regulation set forth in 12 CFR part 
4, subpart C, to clarify that the exclusive standard governing the 
release of SAR information is set forth in 12 CFR 21.11.\10\ The OCC is 
issuing this proposed amendment to 12 CFR part 4, subpart C, at the 
same time, to make clear that the OCC will disclose SAR information 
only when necessary to satisfy the BSA purposes for which SARs are 
filed.
---------------------------------------------------------------------------

    \10\ See elsewhere in this issue of the Federal Register.
---------------------------------------------------------------------------

III. Section-by-Section Description of the Proposal

Section 21.11(b): Definition of a SAR

    The primary purpose of the OCC's SAR rule is to ensure that a 
national bank files a SAR when it detects a known or suspected 
violation of a Federal law or a suspicious transaction related to a 
money laundering activity or a violation of the BSA. See 12 CFR 
21.11(a). Incidental to this purpose, the OCC's SAR rule includes a 
section that addresses the confidentiality of SARs.
    Under the current SAR rule, the term ``SAR'' means ``a Suspicious 
Activity Report on the form prescribed by the OCC.'' The proposed rule 
simply defines a ``SAR'' generically as ``a Suspicious Activity 
Report.'' This change would extend the confidentiality provisions of 
the OCC's SAR rule to all SARs, including those filed on forms 
prescribed by FinCEN.\11\ As a consequence, a national bank that 
obtained a SAR, for example, from a non-bank affiliate pursuant to the 
provisions of this proposed rule, would be required to safeguard the 
confidentiality of the SAR, even if the SAR had not been filed on a 
form prescribed by the OCC.
---------------------------------------------------------------------------

    \11\ See, e.g., 31 CFR 103.19 (FinCEN regulations requiring 
brokers or dealers in securities to file reports of suspicious 
transactions on a SAR-S-F).
---------------------------------------------------------------------------

Section 21.11(c): SARs Required

    To clarify that a national bank must file a SAR on a form 
``prescribed by the OCC,'' the OCC is proposing to add this phrase to 
the introductory language of the section of the OCC's SAR rule that 
describes the procedures for the filing of a SAR. Accordingly, the 
proposed rules require a national bank to file a SAR with the 
appropriate Federal law enforcement agencies and the Department of the 
Treasury on the form prescribed by the OCC in accordance with the 
form's instructions, by sending a completed SAR to FinCEN in particular 
circumstances.\12\
---------------------------------------------------------------------------

    \12\ Cf. 12 CFR 21.11(c).
---------------------------------------------------------------------------

Section 21.11(k): Confidentiality of SARs

    The OCC is proposing to amend its rules regarding SAR 
confidentiality \13\ by modifying the introductory sentence, and 
dividing the remainder of the current provision into two sections. The 
first section would describe the prohibition on disclosure of SAR 
information by national banks, and the rules of construction applicable 
to this prohibition. The second section would describe the prohibition 
on the OCC's disclosure of SAR information.
---------------------------------------------------------------------------

    \13\ 12 CFR 21.11(k).
---------------------------------------------------------------------------

    Currently, the OCC's rules prohibiting the disclosure of SARs 
begins with the statement that SARs are confidential. Over the years, 
the OCC has received numerous questions regarding the scope of the 
prohibition on the disclosure of a SAR in its current rules. 
Accordingly, the OCC is proposing to clarify the scope of SAR 
confidentiality by more clearly describing the information that is 
subject to the prohibition. Like FinCEN, the OCC believes that all of 
the reasons for maintaining the confidentiality of SARs are equally 
applicable to any information that would reveal the existence of a SAR.
    The OCC, like FinCEN recognizes that in order to protect the 
confidentiality of

[[Page 10132]]

a SAR, any information that would reveal the existence of a SAR (such 
as the draft of a SAR that has been filed) must be afforded the same 
protection from disclosure. The confidentiality of SARs must be 
maintained for a number of compelling reasons. For example, the 
disclosure of a SAR could result in notification to persons involved in 
the transaction that is being reported, and compromise any 
investigations being conducted in connection with the SAR. In addition, 
the OCC believes that even the occasional disclosure of a SAR could 
chill the willingness of a national bank to file SARs, and to provide 
the degree of detail and completeness in describing suspicious activity 
in SARs that will be of use to law enforcement. If banks believe that a 
SAR can be used for purposes unrelated to the law enforcement and 
regulatory purposes of the BSA, the disclosure of such information 
could adversely affect the timely, appropriate, and candid reporting of 
suspicious transactions. Banks also may be reluctant to report 
suspicious transactions, or may delay making such reports, for fear 
that the disclosure of a SAR will interfere with the bank's 
relationship with its customer. Further, a SAR may provide insight into 
how a bank uncovers potential criminal conduct that can be used by 
others to circumvent detection. The disclosure of a SAR also could 
compromise personally identifiable information or commercially 
sensitive information, or damage the reputation of individuals or 
companies that may be named. Finally, the disclosure of a SAR for uses 
unrelated to the law enforcement and regulatory purposes for which SARs 
are intended increases the risk that bank employees or others who are 
involved in the preparation or filing of a SAR could become targets for 
retaliation by persons whose criminal conduct has been reported.
    These reasons for maintaining the confidentiality of SARs also 
apply to any information that would reveal the existence of a SAR. 
Therefore, like FinCEN, the OCC is proposing to modify the general 
introduction in its rules to state that confidential treatment must 
also be afforded to ``any information that would reveal the existence 
of a SAR.'' The introduction also would indicate that SAR information 
may not be disclosed, except as authorized in the narrow circumstances 
that follow.

Section 21.11(k)(i): Prohibition on Disclosure by National Banks

    The OCC's current rules provide that any national bank or person 
subpoenaed or otherwise requested to disclose a SAR or the information 
contained in a SAR must (1) decline to produce the SAR or to provide 
any information that would disclose that a SAR has been prepared or 
filed, and (2) notify the OCC.
    The proposed rules more specifically address the prohibition on the 
disclosure of a SAR by a national bank. The rules provide that the 
prohibition includes ``any information that would reveal the existence 
of a SAR'' instead of using the phrase ``any information that would 
disclose that a SAR has been prepared or filed.'' The OCC, like FinCEN, 
believes that this phrase more clearly describes the type of 
information that is covered by the prohibition on the disclosure of a 
SAR. In addition, the proposed rules incorporate the specific reference 
in 31 U.S.C. 5318(g)(2)(A)(i) to a ``director, officer, employees or 
agent,'' in order to clarify that the prohibition on disclosure extends 
to those individuals in a national bank who may have access to SAR 
information.
    Although 31 U.S.C. 5318(g)(2)(A)(i) provides that a person involved 
in the transaction may not be notified that the transaction has been 
reported, the proposed rules continue to reflect case law that has 
consistently concluded, in accordance with applicable regulations, that 
financial institutions are broadly prohibited from disclosing SAR 
information to any person. Accordingly, these cases have held that, in 
the context of discovery in connection with civil lawsuits, financial 
institutions are prohibited from disclosing SAR information because 
section 5318(g) and its implementing regulations have created an 
unqualified discovery and evidentiary privilege for such information 
that cannot be waived by financial institutions.\14\ Consistent with 
case law and current regulation, the texts of the proposed rules do not 
limit the prohibition on disclosure only to the person involved in the 
transaction. Permitting disclosure to any outside party may make it 
likely that SAR information would be disclosed to a person involved in 
the transaction, which is absolutely prohibited by the statute.
---------------------------------------------------------------------------

    \14\ See, e.g., Whitney Nat'l Bank v. Karam, 306 F. Supp. 2d 
678, 682 (S.D. Tex. 2004); Cotton v. Private Bank and Trust Co., 235 
F. Supp. 2d 809, 815 (N.D. Ill. 2002).
---------------------------------------------------------------------------

    The proposed rules continue to provide that any national bank, or 
any director, officer, employee or agent of a national bank, subpoenaed 
or otherwise requested to disclose SAR information must decline to 
provide the information, citing this section of the rules and 31 U.S.C. 
5318(g)(2)(A)(i), and must give notice of the request to the OCC. In 
addition, the proposed rules require the bank to notify the OCC of its 
response to the request, and require the bank to provide the same 
information to FinCEN. This new notification requirement was added to 
the proposed rules so that either or both agencies can intervene to 
prevent the disclosure of SAR information by a bank, if necessary.

Section 21.11(k)(1)(ii): Rules of Construction

    The OCC, like FinCEN, is proposing rules of construction to address 
issues that have arisen over the years about the scope of the SAR 
disclosure prohibition, and to implement statutory modifications to the 
BSA made by the USA PATRIOT Act. The proposed rules of construction 
primarily describe situations that are not covered by the prohibition 
on bank disclosure of SAR information. The introduction to these rules 
makes clear that the rules of construction are each qualified by the 
statutory mandate that no person involved in any reported suspicious 
transaction can be notified that the transaction has been reported.
    The first proposed rule of construction builds on existing language 
to clarify that a national bank, or any director, officer, employee or 
agent of a national bank may disclose SAR information to FinCEN or any 
Federal, state, or local law enforcement agency; or any Federal or 
state regulatory agency that examines the financial institution for 
compliance with the BSA. Although the permissibility of such 
disclosures may be readily apparent, the proposal contains this 
statement to clarify that a national bank cannot use the prohibition on 
bank disclosure of SAR information to withhold this information from 
governmental authorities that are otherwise entitled by law to receive 
SARs and to examine for and investigate suspicious activity.
    The second proposed rule of construction provides that SAR 
information does not include the underlying facts, transactions, and 
documents upon which a SAR is based. This statement reflects case law 
which has recognized that, while a financial institution is prohibited 
from producing documents in discovery that evidence the existence of a 
SAR, factual documents created in the ordinary course of business (for 
example, business records and account information, upon which a SAR is 
based), may be discoverable in civil litigation under the Federal Rules 
of Civil Procedure.\15\
---------------------------------------------------------------------------

    \15\ See Cotton v. Private Bank and Trust Co., 235 F. Supp. 2d 
809, 815 (N.D. Ill. 2002).

---------------------------------------------------------------------------

[[Page 10133]]

    This proposed rule of construction includes some examples of 
situations where a national bank may disclose the underlying facts, 
transactions, and documents upon which a SAR is based. The first 
example clarifies that a bank may disclose this information \16\ to 
another financial institution, or any director, officer, employee or 
agent of the financial institution, for the preparation of a joint 
SAR.\17\ The second example simply codifies a rule of construction 
added to the BSA by section 351 of the USA PATRIOT Act which provides 
that such underlying information may be disclosed in certain written 
employment references and termination notices.\18\
---------------------------------------------------------------------------

    \16\ Although the underlying facts, transactions, and documents 
upon which a SAR is based may include previously filed SARs or other 
information that would reveal the existence of a SAR, these 
materials cannot be disclosed as underlying documents.
    \17\ On December 21, 2006, FinCEN and the Federal bank 
regulatory agencies announced that the format for the SAR form for 
depository institutions had been revised to support a new joint 
filing initiative to reduce the number of duplicate SARs filed for a 
single suspicious transaction. ``Suspicious Activity Report (SAR) 
Revised to Support Joint Filings and Reduce Duplicate SARs,'' Joint 
Release issued by FinCEN, the FRB, the OCC, the OTS, the FDIC, and 
NCUA (Dec. 21, 2006). On February 17, 2006, FinCEN and the Federal 
bank regulatory agencies published a joint Federal Register notice 
seeking comment on proposed revisions to the SAR form. See 71 FR 
8640. On May 1, 2007, FinCEN announced a delay in implementation of 
the revised SAR form until further notice. See 72 FR 23891. Until 
such time as a new SAR form is available that facilitates joint 
filing, institutions authorized to jointly file should follow 
FinCEN's guidance to use the words ``joint filing'' in the narrative 
of the SAR and ensure that both institutions maintain a copy of the 
SAR and any supporting documentation (See, e.g., http://www.fincen.gov/statutes_regs/guidance/html/guidance_faqs_sar_10042006.html).
    \18\ 31 U.S.C. 5318(g)(2)(B).
---------------------------------------------------------------------------

    The third proposed rule of construction makes clear that the 
prohibition on the disclosure of SAR information by a national bank 
does not include the sharing by a national bank, or any director, 
officer, employee or agent of a bank, of SAR information within the 
bank's corporate organizational structure, for purposes consistent with 
Title II of the BSA, as determined by regulation or in guidance issued 
by the OCC or FinCEN. This proposed rule recognizes that a national 
bank may find it necessary to share SAR information to fulfill its 
reporting obligations under the BSA, and to facilitate more effective 
enterprise-wide BSA monitoring and reporting, consistent with Title II 
of the BSA. The term ``share'' used in this rule of construction is an 
acknowledgement that sharing within a corporate organization for 
purposes consistent with Title II of the BSA, as determined by 
regulation or guidance issued by the OCC or FinCEN, is distinguishable 
from a prohibited disclosure.
    FinCEN and the Federal bank regulatory agencies have already issued 
joint guidance making clear that the U.S. branch or agency of a foreign 
bank may share a SAR with its head office, and that a U.S. bank or 
savings association may share a SAR with its controlling company 
(whether domestic or foreign). This guidance stated that the sharing of 
a SAR with a head office or controlling company both facilitates 
compliance with the applicable requirements of the BSA and enables the 
head office or controlling company to discharge its oversight 
responsibilities with respect to enterprise-wide risk management and 
compliance with applicable laws and regulations.\19\
---------------------------------------------------------------------------

    \19\ ``Interagency Guidance on Sharing Suspicious Activity 
Reports with Head Offices and Controlling Companies'' (January 20, 
2006).
---------------------------------------------------------------------------

    Elsewhere in this issue of the Federal Register, FinCEN is issuing 
additional guidance for notice and comment that further elaborates on 
sharing of SAR information within a corporate organization that FinCEN 
considers to be ``consistent with the purposes of the BSA.'' The 
proposed guidance would generally permit sharing of SAR information by 
depository institutions with their affiliates \20\ that are subject to 
a SAR rule.\21\
---------------------------------------------------------------------------

    \20\ Under FinCEN's proposed guidance, an ``affiliate'' of a 
depository institution means any company under common control with, 
or controlled by, that depository institution.
    \21\ See, e.g., 12 CFR 21.11 (SAR rule applicable to national 
banks).
---------------------------------------------------------------------------

Section 21.11(k)(2): Prohibition on Disclosure by the OCC

    As previously noted, section 351 of the USA PATRIOT Act, 31 U.S.C. 
5318(g)(2)(A)(ii), amended the BSA, and added a new provision 
prohibiting officers and employees of the government from disclosing a 
SAR to any person involved in the transaction that the transaction has 
been reported, except ``as necessary to fulfill the official duties of 
such officer or employee.'' The OCC is proposing rules to address this 
new section that are comparable to those being proposed by FinCEN. The 
proposed rules provide that the OCC will not, and no officer, employee 
or agent of the OCC, shall disclose SAR information, ``except as 
necessary to fulfill official duties consistent with Title II of the 
Bank Secrecy Act.''
    As stated in section 5318(g)(2)(A)(i), which prohibits a financial 
institution's disclosure of a SAR, section 5318(g)(2)(A)(ii) also 
prohibits the government from disclosing a SAR to ``any person involved 
in the transaction.'' The OCC, like FinCEN, is proposing to address 
sections 5318(g)(2)(A)(i) and (A)(ii) in a consistent manner, because 
disclosure by a governmental authority of SAR information to any 
outside party may make it likely that the information will be disclosed 
to a person involved in the transaction. The OCC believes that the 
purpose of section 5318(g)(2)(A)(ii) could be undermined unless the 
OCC's rules generally address the disclosure of SAR information by the 
OCC and its officers, employees and agents, not simply in the context 
of disclosure to ``any person involved in the transaction.'' 
Accordingly, the proposed rules would generally bar disclosures of SAR 
information by OCC officers, employees, or agents.
    However, section 5318(g)(2)(A)(ii) also narrowly permits 
governmental disclosures as necessary to ``fulfill official duties,'' a 
phrase that is not defined in the BSA. Consistent with the rules being 
proposed by FinCEN, the OCC is proposing to construe this phrase in the 
context of the BSA, in light of the purpose for which SARs are filed. 
Accordingly, the proposed rules interpret ``official duties'' to mean 
``official duties consistent with the purposes of Title II of the 
BSA,'' namely, for ``criminal, tax, or regulatory investigations or 
proceedings, or in the conduct of intelligence or counterintelligence 
activities, including analysis, to protect against international 
terrorism.'' \22\ When disclosure is necessary to fulfill official 
duties, the OCC will make a determination, through its internal 
processes, that a SAR may be disclosed to fulfill official duties 
consistent with the BSA. This standard would permit, for example, 
disclosures responsive to a grand jury subpoena; a request from an 
appropriate Federal or State law enforcement or regulatory agency; a 
request from an appropriate Congressional committee or subcommittee; 
and prosecutorial disclosures mandated by statute or the Constitution, 
in connection with the statement of a government witness to be called 
at trial, the impeachment of a government witness, or as material 
exculpatory of a criminal defendant.\23\ This proposed interpretation 
of section 5318(g)(2)(A)(ii) would ensure that SAR information will not 
be disclosed for a reason that is unrelated to the purposes

[[Page 10134]]

of the BSA. For example, this standard would not permit disclosure of 
SAR information to the media.
---------------------------------------------------------------------------

    \22\ 31 U.S.C. 5311 (setting forth the purposes of the BSA).
    \23\ See, e.g., Giglio v. United States, 405 U.S. 150, 153-54 
(1972); Brady v. State of Maryland, 373 U.S. 83, 86-87 (1963); 
Jencks v. United States, 353 U.S. 657, 668 (1957).
---------------------------------------------------------------------------

    The proposed rules also specifically provide that ``official 
duties'' shall not include the disclosure of SAR information in 
response to a request for use in a private legal proceeding or in 
response to a request for disclosure of non-public information under 12 
CFR 4.33. This statement, which corresponds to a similar provision in 
FinCEN's proposed rules, clearly establishes that the OCC will not 
disclose SAR information to a private litigant for use in a private 
legal proceeding, or pursuant to 12 CFR 4.33, because such a request 
cannot be consistent with any of the purposes enumerated in Title II of 
the BSA. The BSA exists, in part, to protect the public's interest in 
an effective reporting system that benefits the nation by helping to 
ensure that the U.S. financial system will not be used for criminal 
activity or to support terrorism. The OCC, like FinCEN, believes that 
this purpose would be undermined by the disclosure of SAR information 
to a private litigant for use in a civil lawsuit for the reasons 
described earlier, including, that such disclosures will chill full and 
candid reporting by financial institutions, including national banks.
    Finally, the proposed rules would apply to the OCC, in addition to 
its officers, employees, and agents. Comparable to a provision being 
proposed by FinCEN, the OCC is proposing to include the agency itself 
in the scope of coverage, because requests for SAR information are 
typically directed to the agency, rather than to individuals within the 
OCC with authority to respond to the request. In addition, agents are 
included in the proposed paragraph because agents of the OCC may have 
access to SAR information. Accordingly, this proposed interpretation 
would more comprehensively cover disclosures by the OCC, agents of the 
OCC, and protect the confidentiality of SAR information.

Section 21.11(l): Limitation on Liability

    In 1992, the Annunzio-Wylie Act amended the BSA by providing a safe 
harbor for financial institutions and their employees from civil 
liability for the reporting of known or suspected criminal offenses or 
suspicious activity through the filing of a SAR.\24\ FinCEN and the OCC 
incorporated the safe harbor provisions of the 1992 law into their SAR 
rules.\25\ Section 351 of the USA PATRIOT Act amended section 
5318(g)(3) to clarify that the scope of the safe harbor provision 
includes the voluntary disclosure of possible violations of law and 
regulations to a government agency, and to expand the scope of the 
limit on civil liability to include any liability which may exist 
``under any contract or other legally enforceable agreement (including 
any arbitration agreement).'' The OCC, like FinCEN, has incorporated 
the statutory expansion of the safe harbor by placing a cross-reference 
to section 5318(g)(3) in the proposed rules.
---------------------------------------------------------------------------

    \24\ See supra note 1.
    \25\ See 31 CFR 103.18(e) and 12 CFR 21.11(l). The safe harbor 
regulations are also applicable to oral reports of violations. (In 
situations requiring immediate attention, a financial institution 
must immediately notify its regulator and appropriate law 
enforcement by telephone, in addition to filing a SAR. See, e.g., 12 
CFR 21.11(d).)
---------------------------------------------------------------------------

    In addition, consistent with the proposed rule issued by FinCEN, 
this provision makes clear that the safe harbor also applies to a 
disclosure by a bank made jointly with another financial institution 
for purposes of filing a joint SAR.\26\
---------------------------------------------------------------------------

    \26\ See supra note 17.
---------------------------------------------------------------------------

Conforming Amendments to 12 CFR Part 4, Subpart C

    The OCC is proposing to amend its information disclosure rule set 
forth in 12 CFR part 4, subpart C. Among other things, the proposal 
clarifies that the OCC's disclosure of SAR information will be governed 
exclusively by the standards set forth in the proposed amendments to 
the OCC's SAR rule set forth in 12 CFR 21.11(k). See elsewhere in this 
issue of the Federal Register. The effect of these proposed amendments 
is that the OCC: (i) Will not release SAR information to private 
litigants; and (ii) will only release SAR information to other 
government agencies, in response to a request pursuant to 12 CFR 
4.37(c) or in the exercise of its discretion as described in 12 CFR 
4.36, when necessary to fulfill official duties consistent with the 
purposes of Title II of the BSA.

IV. Request for Comments

    The OCC welcomes comments on any aspect of these proposed 
amendments to the SAR rules.
    The OCC has timed the release of this proposal to coincide with the 
issuance of the proposed rules to amend the information disclosure 
rules set forth in 12 CFR part 4, subpart C, so that commenters can 
consider each proposal in commenting on the other.

V. OCC Solicitation of Comments on Use of Plain Language

    Section 722 of the Gramm-Leach-Bliley Act, Public Law 106-102, sec. 
722, 113 Stat. 1338, 1471 (Nov. 12, 1999), requires the OCC to use 
plain language in all proposed and final rules published after January 
1, 2000. Therefore, the OCC specifically invites your comments on how 
to make this proposal easier to understand. For example:
     Have we organized the material to suit your needs? If not, 
how could this material be better organized?
     Are the requirements in the proposed regulations clearly 
stated? If not, how could the regulations be more clearly stated?
     Do the proposed regulations contain language or jargon 
that is not clear? If so, which language requires clarification?
     Would a different format (grouping and order of sections, 
use of headings, paragraphing) make the regulations easier to 
understand? If so, what changes to the format would make them easier to 
understand?
     What else could we do to make the regulations easier to 
understand?

VI. OCC Community Bank Comment Request

    The OCC invites your comments on the impact of this proposal on 
community banks. The OCC recognizes that community banks operate with 
more limited resources than larger institutions and may present a 
different risk profile. Thus, the OCC specifically requests comment on 
the impact of the proposal on community banks' current resources and 
available personnel with the requisite expertise, and whether the goals 
of the proposal could be achieved, for community banks, through an 
alternative approach.

VII. OCC Regulatory Analysis

Regulatory Flexibility Act

    Under section 605(b) of the Regulatory Flexibility Act (RFA), 5 
U.S.C. 605(b), the regulatory flexibility analysis otherwise required 
under section 604 of the RFA is not required if the agency certifies 
that the rule will not have a significant economic impact on a 
substantial number of small entities and publishes its certification 
and a short, explanatory statement in the Federal Register along with 
its rule.
    The OCC has determined that the costs, if any, associated with 
proposed rules are de minimis, as they simply clarify the scope of the 
statutory prohibition against the disclosure by financial institutions 
and by the government of SAR information, and clarify the scope of the 
safe harbor from liability for institutions that report suspicious 
activities. Therefore,

[[Page 10135]]

pursuant to section 605(b) of the RFA, the OCC hereby certifies that 
this proposal will not have a significant economic impact on a 
substantial number of small entities. Accordingly, a regulatory 
flexibility analysis is not needed.

Executive Order 12866

    The OCC has determined that this proposal is not a significant 
regulatory action under Executive Order 12866. We have concluded that 
the changes that would be made by this proposed rule will not have an 
annual effect on the economy of $100 million or more. The OCC further 
concludes that this proposal does not meet any of the other standards 
for a significant regulatory action set forth in Executive Order 12866.

Paperwork Reduction Act

    We have reviewed the proposed rule in accordance with the Paperwork 
Reduction Act of 1995 (44 U.S.C. 3506; 5 CFR 1320, Appendix A.1) (PRA) 
and have determined that it does not contain any ``collections of 
information'' as defined by the PRA.

Unfunded Mandates Reform Act of 1995

    Section 202 of the Unfunded Mandates Reform Act of 1995, Public Law 
104-4 (2 U.S.C. 1532) (Unfunded Mandates Act), requires that an agency 
prepare a budgetary impact statement before promulgating any rule 
likely to result in a Federal mandate that may result in the 
expenditure by State, local, and tribal governments, in the aggregate, 
or by the private sector of $100 million or more in any one year. If a 
budgetary impact statement is required, section 205 of the Unfunded 
Mandates Act also requires an agency to identify and consider a 
reasonable number of regulatory alternatives before promulgating a 
rule.
    The OCC has determined that this proposed rule will not result in 
expenditures by State, local, and tribal governments, or by the private 
sector, of $100 million or more in any one year. Accordingly, this 
proposal is not subject to section 202 of the Unfunded Mandates Act.

List of Subjects in 12 CFR Part 21

    Crime, Currency, National banks, Reporting and recordkeeping 
requirements, Security measures.

Authority and Issuance

    For the reasons set forth in the preamble, part 21 of title 12 of 
the Code of Federal Regulations is proposed to be amended as follows:

PART 21--MINIMUM SECURITY DEVICES AND PROCEDURES, REPORTS OF 
SUSPICIOUS ACTIVITIES; AND BANK SECRECY ACT COMPLIANCE PROGRAM

    1. The authority citation for part 21 continues to read as follows:

    Authority: 12 U.S.C. 93a, 1818, 1881-1884, and 3401-3422; and 31 
U.S.C. 5318.

    2. Section 21.11 is amended by revising paragraphs (b)(3), (c) 
introductory text, (k) and (l) to read as follows:


Sec.  21.11  Suspicious Activity Report.

* * * * *
    (b) * * *
    (3) SAR means a Suspicious Activity Report.
    (c) SARs required. A national bank shall file a SAR with the 
appropriate Federal law enforcement agencies and the Department of the 
Treasury on the form prescribed by the OCC and in accordance with the 
form's instructions. The bank should send the completed SAR to FinCEN 
in the following circumstances:
* * * * *
    (k) Confidentiality of SARs. A SAR, and any information that would 
reveal the existence of a SAR, are confidential, and shall not be 
disclosed except as authorized in this paragraph (k).
    (1) Prohibition on disclosure by national banks--(i) General rule. 
No national bank, and no director, officer, employee, or agent of a 
national bank, shall disclose a SAR or any information that would 
reveal the existence of a SAR. Any national bank, and any director, 
officer, employee, or agent of any national bank that is subpoenaed or 
otherwise requested to disclose a SAR, or any information that would 
reveal the existence of a SAR, shall decline to produce the SAR or such 
information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and 
shall notify the following of any such request and the response 
thereto:
    (A) Director, Litigation Division, Office of the Comptroller of the 
Currency; and
    (B) The Financial Crimes Enforcement Network (FinCEN).
    (ii) Rules of construction. Provided that no person involved in any 
reported suspicious transaction is notified that the transaction has 
been reported, this paragraph (k)(1) shall not be construed as 
prohibiting:
    (A) The disclosure by a national bank, or any director, officer, 
employee or agent of a national bank of:
    (1) A SAR, or any information that would reveal the existence of a 
SAR, to FinCEN or any Federal, State, or local law enforcement agency; 
or any Federal or state regulatory authority that examines the bank for 
compliance with the Bank Secrecy Act; or
    (2) The underlying facts, transactions, and documents upon which a 
SAR is based, including disclosures:
    (i) To another financial institution, or any director, officer, 
employee or agent of a financial institution, for the preparation of a 
joint SAR; or
    (ii) In connection with certain employment references or 
termination notices, to the full extent authorized in 31 U.S.C. 
5318(g)(2)(B); or
    (B) The sharing by a national bank, or any director, officer, 
employee, or agent of a national bank, of a SAR, or any information 
that would reveal the existence of a SAR, within the bank's corporate 
organizational structure, for purposes consistent with Title II of the 
Bank Secrecy Act as determined by regulation or in guidance.
    (2) Prohibition on disclosure by the OCC. The OCC will not, and no 
officer, employee or agent of the OCC, shall disclose a SAR, or any 
information that would reveal the existence of a SAR, except as 
necessary to fulfill official duties consistent with Title II of the 
Bank Secrecy Act. For purposes of this section, official duties shall 
not include the disclosure of a SAR, or any information that would 
reveal the existence of a SAR, in response to a request for use in a 
private legal proceeding or in response to a request for disclosure of 
non-public information under 12 CFR 4.33.
    (l) Limitation on liability. A national bank and any director, 
officer, employee or agent of a national bank that makes a voluntary 
disclosure of any possible violation of law or regulation to a 
government agency or makes a disclosure pursuant to this section or any 
other authority, including a disclosure made jointly with another 
financial institution, shall be protected from liability for any such 
disclosure, or for failure to provide notice of such disclosure to any 
person identified in the disclosure, or both, to the full extent 
provided by 31 U.S.C. 5318(g)(3).

    Dated: January 22, 2009.
John C. Dugan,
Comptroller of the Currency.
[FR Doc. E9-4703 Filed 3-6-09; 8:45 am]
BILLING CODE 4810-33-P