[Federal Register Volume 87, Number 16 (Tuesday, January 25, 2022)]
[Proposed Rules]
[Pages 3719-3729]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2022-01331]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF THE TREASURY

Financial Crimes Enforcement Network

31 CFR Part 1010

RIN 1506-AB51


Pilot Program on Sharing of Suspicious Activity Reports and 
Related Information With Foreign Branches, Subsidiaries, and Affiliates

AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury.

ACTION: Notice of proposed rulemaking.

-----------------------------------------------------------------------

SUMMARY: FinCEN is issuing this notice of proposed rulemaking to seek 
public comment on the proposed establishment of a limited-duration 
pilot program, subject to conditions set by FinCEN, to permit a 
financial institution with a suspicious activity report (SAR) reporting 
obligation to share SARs and information related to SARs with the 
institution's foreign branches, subsidiaries, and affiliates for the 
purpose of combating illicit finance risk, in accordance with Section 
6212(a) of the Anti-Money Laundering Act of 2020 (AML Act).

DATES: Written comments on this proposed rule must be received on or 
before March 28, 2022.

ADDRESSES: Comments may be submitted by any of the following methods:
     Federal E-rulemaking Portal: http://www.regulations.gov. 
Follow the instructions for submitting comments. Refer to Docket Number 
FINCEN-2022-0002 and RIN 1506-AB51.
     Mail: Policy Division, Financial Crimes Enforcement 
Network, P.O. Box 39, Vienna, VA 22183. Refer to Docket Number FINCEN-
2022-0002 and RIN 1506-AB51.

FOR FURTHER INFORMATION CONTACT: The FinCEN Regulatory Support Section 
at 1-800-767-2825 or electronically at https://fincen.gov/contact.

SUPPLEMENTARY INFORMATION:

I. Scope of Notice of Proposed Rulemaking (NPRM)

    FinCEN is issuing this NPRM pursuant to 31 U.S.C. 5318(g)(8), as 
added by section 6212 of the AML Act,\1\ which requires the Secretary 
of the Treasury (the Secretary) to issue rules establishing a pilot 
program that permits a financial institution subject to a SAR reporting 
requirement under 31 U.S.C. 5318(g) to share SARs and related 
information, including the fact that a SAR has been filed, with the 
institution's foreign branches, subsidiaries, and affiliates for the 
purpose of combating illicit finance risks.\2\
---------------------------------------------------------------------------

    \1\ The AML Act was enacted as Division F, sections 6001-6511, 
of the William M. (Mac) Thornberry National Defense Authorization 
Act for Fiscal Year 2021, Public Law 116-283, 134 Stat 3388 (2021).
    \2\ For purposes of this NPRM, ``SARs and related information'' 
means a report filed pursuant to 31 U.S.C. 5318(g) and any 
information that would reveal the existence of such a report. 
Because SARs filed on insider abuse are filed under Federal banking 
agency regulations (see, e.g., 12 CFR 21.11(c)(1)), and are not part 
of FinCEN's SAR regulations, they are not included in this 
definition and are not permitted to be shared under the pilot 
program FinCEN is proposing to establish by this NPRM.
---------------------------------------------------------------------------

II. Background

A. The Bank Secrecy Act (BSA)

    Enacted in 1970 and amended most recently by the AML Act, the BSA 
aids in the prevention of money laundering, terrorism financing, and 
other illicit financial activity, and the protection of U.S. national 
security.\3\ The purposes of the BSA include, among other things, 
``requir[ing] certain reports or records that are highly useful in--(A) 
criminal, tax, or regulatory investigations, risk assessments, or 
proceedings; or (B) intelligence or counterintelligence activities, 
including analysis, to protect against terrorism'' and ``establish[ing] 
appropriate frameworks for information sharing'' among financial 
institutions and government authorities, among others.\4\
---------------------------------------------------------------------------

    \3\ The BSA is codified at 12 U.S.C. 1829b, 1951-1959 and 31 
U.S.C. 5311-5314, 5316-5336. Implementing regulations are codified 
at 31 CFR Chapter X. Section 6212 of the AML Act amends 31 U.S.C. 
5318 by adding Section 5318(g)(8).
    \4\ 31 U.S.C. 5311(1), (5).
---------------------------------------------------------------------------

    The Secretary is authorized to require domestic financial 
institutions or nonfinancial trades or businesses to maintain 
appropriate procedures to ensure compliance with the BSA and the 
regulations promulgated thereunder or to guard against money 
laundering, the financing of terrorism, and other forms of illicit 
finance.\5\ The Secretary has delegated to the Director of FinCEN the 
authority to implement, administer, and enforce compliance with the BSA 
and associated regulations.\6\
---------------------------------------------------------------------------

    \5\ 31 U.S.C. 5318(a)(2).
    \6\ 31 U.S.C. 310(b)(2); Treasury Order 180-01, (Jan. 14, 2020).
---------------------------------------------------------------------------

    The BSA authorizes the Secretary to require the reporting of 
suspicious

[[Page 3720]]

transactions.\7\ FinCEN's implementing regulations require a financial 
institution to file a SAR if the financial institution knows, suspects, 
or has reason to suspect that a transaction conducted or attempted by, 
at, or through the financial institution: (i) Involves funds derived 
from illegal activity or is an attempt to disguise funds derived from 
illegal activity; (ii) is designed to evade regulations promulgated 
under the BSA; or (iii) lacks a business or apparent lawful purpose or 
is not the sort in which the particular customer would normally engage 
and the financial institution knows of no reasonable explanation for 
the transaction.\8\ Pursuant to FinCEN's regulations implementing the 
BSA, financial institutions obligated to file SARs include banks, 
casinos and card clubs, money services businesses, brokers or dealers 
in securities, mutual funds, insurance companies, futures commission 
merchants and introducing brokers in commodities, loan and finance 
companies, and housing government-sponsored enterprises.\9\
---------------------------------------------------------------------------

    \7\ 31 U.S.C. 5318(g)(1).
    \8\ See, e.g., 31 CFR 1020.320. Financial institutions must file 
with FinCEN, to the extent and in the manner required, a report of 
any suspicious transaction relevant to a possible violation of law 
or regulation. See, e.g., 31 CFR 1022.320(a)(2)(iv) (requiring a 
money services business to file a SAR if it knows, suspects, or has 
reason to suspect that the transaction involves use of the money 
services business to facilitate criminal activity). A financial 
institution may also file a SAR with respect to any suspicious 
transaction that it believes is relevant to a possible violation of 
law or regulation but whose reporting is not required by FinCEN 
regulations. See, e.g., 31 CFR 1020.320(a)(1).
    \9\ FinCEN has issued implementing regulations at 31 CFR 
1020.320 (SAR rule for banks); 1021.320 (SAR rule for casinos and 
card clubs); 1022.320 (SAR Rule for money services businesses); 
1023.320 (SAR rule for brokers or dealers in securities); 1024.320 
(SAR rule for mutual funds); 1025.320 (SAR rule for insurance 
companies); 1026.320 (SAR rule for futures commission merchants and 
introducing brokers in commodities); 1029.320 (SAR rule for loan or 
finance companies); 1030.320 (SAR rule for housing government-
sponsored enterprises).
---------------------------------------------------------------------------

B. SAR Confidentiality Regulations

    The BSA provides that a financial institution and its directors, 
officers, employees, and agents are prohibited from notifying any 
person involved in a suspicious transaction that the transaction was 
reported, or from otherwise revealing any information that would reveal 
that the transaction has been reported.\10\ FinCEN has issued 
implementing regulations that generally prohibit the disclosure of a 
SAR or information revealing the existence of a SAR by a financial 
institution and its directors, officers, employees, and agents.\11\ 
Provided that no person involved in a reported transaction is notified 
that the transaction has been reported, the regulation specifies that 
it is not to be construed as prohibiting disclosure to appropriate law 
enforcement agencies, regulatory authorities that examine the financial 
institution for compliance with the BSA, or FinCEN.\12\ The regulation 
further specifies that it is not to be construed as prohibiting a 
financial institution to share the underlying facts, transactions, and 
documents upon which a SAR is based, including sharing such materials 
with another financial institution for the preparation of a joint 
SAR.\13\ It also specifies that a financial institution can share a SAR 
within its corporate organizational structure for purposes consistent 
with Title II of the BSA as determined by regulation or in 
guidance.\14\
---------------------------------------------------------------------------

    \10\ 31 U.S.C. 5318(g)(2)(A), as amended by Section 6212(b) of 
the AML Act.
    \11\ See, e.g., 31 CFR 1020.320(e).
    \12\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(A)(1).
    \13\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(A)(2)(i).
    \14\ See, e.g., 31 CFR 1020.320(e)(1)(ii)(B).
---------------------------------------------------------------------------

C. FinCEN's Prior Guidance on Sharing SARs Within Corporate 
Organizational Structures

    In 2006, FinCEN and the Federal banking agencies issued guidance on 
the sharing of SARs with head offices and controlling companies (2006 
Guidance).\15\ The 2006 Guidance states that a U.S. branch of a foreign 
bank may share a SAR with its head office, and a U.S. bank or savings 
association may share a SAR with its controlling company, whether 
domestic or foreign.\16\ At the same time, FinCEN issued similar 
guidance permitting securities broker-dealers, futures commission 
merchants, and introducing brokers in commodities to share SARs with 
parent entities, both domestic and foreign, and later in 2006, FinCEN 
released related guidance to mutual funds.\17\ FinCEN permitted such 
sharing because a financial institution's head office or controlling 
entity may have a need to discharge oversight responsibilities with 
respect to enterprise-wide risk management and compliance with 
applicable laws and regulations.\18\
---------------------------------------------------------------------------

    \15\ See Financial Crimes Enforcement Network, Board of 
Governors of the Federal Reserve System, Office of the Comptroller 
of the Currency, Federal Depository Insurance Corporation, and the 
Office of Thrift Supervision Interagency Guidance on Sharing 
Suspicious Activity Reports with Head Offices and Controlling 
Companies, (Jan. 20, 2006), available at https://www.fincen.gov/resources/statutes-regulations/guidance/interagency-guidance-sharing-suspicious-activity-reports.
    \16\ Id. The 2006 Guidance states that depository institutions, 
as part of their AML programs, must have written confidentiality 
agreements or arrangements in place specifying that the head office 
or controlling company must protect the confidentiality of the SARs 
through appropriate internal controls. The Guidance states that the 
confidentiality agreements or arrangements must also address 
concerns about the ability of the foreign entity to protect the SAR 
in light of possible requests for disclosure abroad that may be 
subject to foreign law.
    \17\ See Financial Crimes Enforcement Network, Guidance on 
Sharing Suspicious Activity Reports by Securities Broker-Dealers, 
Futures Commission Merchants, and Introducing Brokers in 
Commodities, Jan. 20, 2006, available at https://www.fincen.gov/resources/statutes-regulations/guidance/guidance-sharing-suspicious-activity-reports-securities. On October 4, 2006, FinCEN also issued 
guidance permitting mutual funds to share SARs with the investment 
adviser that controls the fund, whether domestic or foreign. See 
Financial Crimes Enforcement Network, FIN-2006-G013, Frequently 
Asked Questions Suspicious Activity Reporting Requirements for 
Mutual Funds, (Oct. 4, 2006), available at https://www.fincen.gov/resources/statutes-regulations/guidance/frequently-asked-questions-suspicious-activity-reporting.
    \18\ See the 2006 Guidance; see also Financial Crimes 
Enforcement Network, Guidance on Sharing of Suspicious Activity 
Reports by Securities Broker-Dealers, Futures Commission Merchants, 
and Introducing Brokers in Commodities, (Jan. 20, 2006).
---------------------------------------------------------------------------

    In 2010, following an amendment to FinCEN's SAR regulations,\19\ 
FinCEN issued guidance on sharing SARs with certain U.S. affiliates of 
depository institutions (2010 Guidance).\20\ The 2010 Guidance 
generally permits the sharing of SARs and related information by 
depository institutions with their affiliates that are subject to a SAR 
regulation. U.S. affiliates of depository institutions that are subject 
to SAR filing obligations include brokers or dealers in securities, 
futures commission merchants and introducing brokers in commodities, 
money services businesses, and residential mortgage lenders or 
originators.\21\ At the same time, FinCEN issued similar guidance 
permitting securities broker-dealers, mutual funds, futures commission 
merchants, and introducing brokers in commodities to share SARs with 
certain affiliates.\22\ The 2010 Guidance also

[[Page 3721]]

explained that ``[b]ecause foreign branches of U.S. banks are regarded 
as foreign banks for purposes of the BSA, under this guidance, they are 
`affiliates' that are not subject to a SAR regulation'' and therefore a 
U.S. bank may not share SARs, or any information that would reveal the 
existence of the SAR, with its foreign branches. In 2017, FinCEN also 
issued guidance confirming that casinos and card clubs may share SARs 
with domestic parents and affiliates, subject to certain 
limitations.\23\
---------------------------------------------------------------------------

    \19\ Financial Crimes Enforcement Network, Confidentiality of 
Suspicious Activity Reports, 75 FR 75593, (Dec. 3, 2010).
    \20\ Financial Crimes Enforcement Network, FIN-2010-G006, 
Sharing Suspicious Activity Reports by Depository Institutions with 
Certain U.S. Affiliates, (Nov. 23, 2010) (the ``2010 Guidance''), 
available at https://www.fincen.gov/sites/default/files/shared/fin-2010-g006.pdf.
    \21\ See 31 CFR 1023.320 (brokers or dealers in securities); 
1026.320 (futures commission merchants and introducing brokers in 
commodities); 1022.320 (money services businesses); 1029.320 (loan 
or finance companies).
    \22\ Financial Crimes Enforcement Network, FIN-2010-G005, 
Sharing Suspicious Activity Reports by Securities Broker-Dealers, 
Mutual Funds, Futures Commission Merchants, and Introducing Brokers 
in Commodities with Certain U.S. Affiliates, (Nov. 23. 2010), 
available at https://www.fincen.gov/resources/statutes-regulations/guidance/sharing-suspicious-activity-reports-securities-broker.
    \23\ Financial Crimes Enforcement Network, FIN-2017-G001, 
Sharing Suspicious Activity Reports with U.S. Parents and Affiliates 
of Casinos, (Jan. 4, 2017), available at https://www.fincen.gov/sites/default/files/2017-01/FinCENGuidanceJan4_508FINAL.pdf.
---------------------------------------------------------------------------

    The 2006 and 2010 Guidance also made clear that there may be 
circumstances under which the financial institution, its affiliate, or 
both entities could be liable for direct or indirect disclosure of a 
SAR or any information that would reveal the existence of a SAR. 
Accordingly, the 2006 and 2010 Guidance stated that a financial 
institution, as part of its internal controls, should have policies and 
procedures in place to protect the confidentiality of the SAR.\24\
---------------------------------------------------------------------------

    \24\ See the 2006 Guidance, supra note 15, (stating that a 
depository institution must have written confidentiality agreements 
or arrangements in place specifying that the head office or 
controlling company must protect the confidentiality of the SAR 
through appropriate internal controls); see also the 2010 Guidance, 
supra note 20, (stating that a depositiory institution, as part of 
its internal controls, should have policies and procedures in place 
to ensure its affiliates protect the confidentiality of the SAR).
---------------------------------------------------------------------------

D. The AML Act

    On January 1, 2021, Congress enacted the AML Act to, among other 
things, improve coordination and information sharing among the agencies 
tasked with administering AML/countering the financing of terrorism 
(AML/CFT) requirements and to modernize the AML/CFT laws to better 
adapt the government and private sector response to new and emerging 
threats.\25\
---------------------------------------------------------------------------

    \25\ See AML Act Section 6002.
---------------------------------------------------------------------------

    Section 6212(a) of the AML Act amends the BSA by adding 31 U.S.C. 
5318(g)(8), which requires the Secretary to issue rules establishing a 
pilot program that permits a financial institution with a SAR reporting 
obligation to share SARs and related information with its foreign 
branches, subsidiaries, and affiliates for the purpose of combating 
illicit finance risks.\26\ In issuing the rules, the Secretary must 
ensure that the sharing of information is limited by the requirements 
of Federal and State law enforcement operations, takes into account 
potential concerns of the intelligence community, is subject to 
appropriate standards and requirements regarding data security and the 
confidentiality of personally identifiable information, and excludes 
sharing with foreign branches, subsidiaries, and affiliates in certain 
jurisdictions.\27\ Further, the pilot program permits the Secretary to 
consider, implement, and enforce provisions that would hold a foreign 
affiliate of a U.S. financial institution liable for the disclosure of 
SARs and related information shared under the pilot program.\28\
---------------------------------------------------------------------------

    \26\ See 31 U.S.C. 5318(g)(8).
    \27\ See 31 U.S.C. 5318(g)(8)(A)(ii).
    \28\ See 31 U.S.C. 5318(g)(8)(B)(ii).
---------------------------------------------------------------------------

    The pilot program must terminate three years after the date of the 
AML Act's enactment (i.e., January 1, 2024), unless the Secretary 
extends the pilot for not more than two years upon submitting a report 
to the Senate Committee on Banking, Housing, and Urban Affairs and the 
House Committee on Financial Services that includes: (1) A 
certification and a detailed explanation of the reasons that the 
extension is in the national interest of the United States; (2) an 
evaluation of the usefulness of the pilot program, including a detailed 
analysis of any illicit activity identified or prevented as a result of 
the program, after appropriate consultation by the Secretary with the 
participants in the pilot program; and (3) a detailed legislative 
proposal providing for a long-term extension of activities under the 
pilot program, measures to ensure data security, and confidentiality of 
personally identifiable information, including expected budgetary 
resources for those activities, if the Secretary determines that a 
long-term extension is appropriate.\29\
---------------------------------------------------------------------------

    \29\ See 31 U.S.C. 5318(g)(8)(B)(iii).
---------------------------------------------------------------------------

    Under the pilot program, a financial institution may not share SARs 
or related information with a foreign branch, subsidiary, or affiliate 
located in: (1) The People's Republic of China; (2) the Russian 
Federation; or (3) a jurisdiction that is a state sponsor of terrorism, 
that is subject to sanctions imposed by the Federal Government, or that 
the Secretary has determined cannot reasonably protect the security and 
confidentiality of such information.\30\ The Secretary may make 
exceptions, on a case-by-case basis, for a financial institution 
located in the People's Republic of China or the Russian Federation by 
notifying the Senate Committee on Banking, Housing, and Urban Affairs 
and the House Committee on Financial Services that such an exception is 
in the national security interest of the United States.\31\
---------------------------------------------------------------------------

    \30\ See 31 U.S.C. 5318(g)(8)(C)(i).
    \31\ See 31 U.S.C. 5318(g)(8)(C)(ii).
---------------------------------------------------------------------------

    Not later than 360 days after the pilot program rules are 
promulgated, and annually thereafter for three years, the Secretary, or 
the Secretary's designee, must brief the Senate Committee on Banking, 
Housing, and Urban Affairs and the House Committee on Financial 
Services on: (1) The degree of information sharing permitted under the 
pilot program and a description of criteria used by the Secretary to 
evaluate the appropriateness of the information sharing; (2) the 
effectiveness of the pilot program in identifying or preventing the 
violation of a United States law or regulation and mechanisms that may 
improve that effectiveness; and (3) any recommendations to amend the 
design of the pilot program.\32\
---------------------------------------------------------------------------

    \32\ See 31 U.S.C. 5318(g)(8)(D).
---------------------------------------------------------------------------

    Information related to reports of suspicious transactions received 
by a financial institution from a foreign affiliate with respect to a 
suspicious transaction relevant to a possible violation of law or 
regulation shall be subject to confidentiality requirements that are 
the same as those that apply to SARs filed under 31 U.S.C. 
5318(g)(1).\33\ No financial institution may establish or maintain any 
operation located outside of the United States the primary purpose of 
which is to ensure compliance with the BSA as a result of the sharing 
granted under the pilot program.\34\ Finally, an ``affiliate'' is 
defined for purposes of the pilot program as ``an entity that controls, 
is controlled by, or is under common control with another entity.'' 
\35\ The terms ``Bank Secrecy Act,'' ``State bank Supervisor,'' and 
``State credit union supervisor'' have the same meanings given in 
Section 6003 of the AML Act.
---------------------------------------------------------------------------

    \33\ See 31 U.S.C. 5318(g)(9).
    \34\ See 31 U.S.C. 5318(g)(10).
    \35\ See 31 U.S.C. 5318(g)(11)(A).
---------------------------------------------------------------------------

III. Section-by-Section Analysis

    This proposed rule would add a new section at 31 CFR 1010.240 
establishing a pilot program that permits financial institutions with a 
SAR reporting obligation under 31 U.S.C. 5318(g) and FinCEN's 
regulations to share SARs and related information with their foreign 
branches, subsidiaries, and affiliates for the purpose of combating 
illicit finance risks.
    Application process: In issuing the pilot program rules, FinCEN 
must take into account certain considerations to ensure that the 
sharing of information permitted under the pilot program is limited by 
the requirements of Federal

[[Page 3722]]

and State law enforcement operations, takes into account potential 
concerns of the intelligence community, and is subject to appropriate 
standards and requirements regarding data security and the 
confidentiality of personally identifiable information. Participant 
financial institutions must also comply with the applicable 
jurisdictional restrictions described above.
    To that end, the proposed rule requires a financial institution to 
submit a written application to FinCEN that: (1) Identifies the 
institution's point of contact for pilot program-related 
correspondence; (2) specifies the foreign branches, subsidiaries, and 
affiliates with which the financial institution intends to share SARs 
and related information; (3) specifies the particular purpose or 
purposes for which the foreign branches, subsidiaries, and affiliates 
intend to use SARs and related information, including the operational 
jurisdictions of such entities, as well as whether such entities will 
be providing reciprocal information to the applicant financial 
institution; (4) provides an estimated commencement date for the pilot 
program, and; (5) describes internal controls in place to prevent 
unauthorized disclosures of SARs and related information.\36\ Given the 
sensitive nature of the information contained in or relating to a SAR, 
including personally identifiable information of U.S. persons, and the 
jurisdictional limitations set out in the statute, FinCEN believes a 
formal application and approval process is necessary to ensure that 
adequate safeguards are in place before allowing a financial 
institution to share SARs and related information with its foreign 
branches, subsidiaries, and affiliates.
---------------------------------------------------------------------------

    \36\ See 31 CFR 1020.320(e), 1021.320(e), 1022.320(d), 
1023.320(e), 1024.320(d), 1025.320(e), and 1026.320(e). Filing 
institutions, and their current and former directors, officers, 
employees, and agents, are prohibited from disclosing SARs, or any 
information that would reveal the existence of a SAR.
---------------------------------------------------------------------------

    The proposed rule also specifies that applicant financial 
institutions should, at a minimum, implement certain controls, 
including confidentiality agreements and procedures for personnel 
located in the United States to review requests from foreign law 
enforcement, foreign regulators, or an outside foreign party for SARs 
and related information, and to immediately notify FinCEN of such 
requests. Given the sensitive nature of SAR information, participant 
financial institutions and their foreign branches, subsidiaries, or 
affiliates must direct the requesting authority to both contact FinCEN 
about obtaining the requested SAR or related information and to seek to 
obtain such records or information through a request to the United 
States pursuant to a mutual legal assistance treaty or another 
appropriate mechanism for obtaining records from the United States. 
Participant financial institutions shall also maintain records 
sufficient to identify the specific foreign jurisdictions in which 
branches, subsidiaries, or affiliates of financial institutions are 
located and that received any specific SAR or related information. Such 
records shall be maintained so as to enable the participant financial 
institution to readily report this information to FinCEN upon request. 
FinCEN is including this requirement because, in the event of an 
unauthorized disclosure, it will assist in FinCEN's efforts to identify 
those individuals and entities that were in possession of SARs and 
related information that were inappropriately disclosed.
    The proposed rule requires that an application specify those 
foreign branches, subsidiaries, and affiliates with which a financial 
institution intends to share SARs and related information pursuant to 
the proposed pilot program. Upon receipt of an application, FinCEN 
would determine a financial institution's suitability for participation 
in the pilot program based on FinCEN's assessment of the financial 
institution's internal controls, as well as the entities with which it 
intends to share information and corresponding jurisdictions in which 
the entities are located. FinCEN will notify the financial 
institution's relevant Federal functional regulator of the application. 
FinCEN will also consult with the relevant Federal functional regulator 
and other relevant agencies on the application, as needed. The proposed 
rule also states that FinCEN will share information received pursuant 
to the application process with relevant Federal functional regulators, 
or, as appropriate, other relevant agencies.\37\ The proposed rule also 
states that FinCEN will limit the sharing of SARs and related 
information based on the requirements of Federal and State law 
enforcement operations, and will take into account concerns of the 
intelligence community.
---------------------------------------------------------------------------

    \37\ While there is no consultation requirement in 31 U.S.C. 
5318(g)(8), FinCEN intends to consult with Federal functional 
regulators with respect to their assessment of the financial 
institution's suitability for participation in the pilot program. 
For example, the relevant Federal functional regulator may have 
particular expertise with respect to a financial institution's risk 
profile and supervisory history with respect to BSA.
---------------------------------------------------------------------------

    FinCEN expects that the resourcing and strengths of compliance 
programs and internal control frameworks will vary among applicant 
financial institutions. Consequently, the proposed rule permits FinCEN 
to require implementation of additional internal controls to ensure 
data security and confidentiality of SARs and related information, 
including the personally identifiable information contained therein, as 
a prerequisite to approving an application. As the pilot program 
matures, and best practices for ensuring data security and 
confidentiality are identified, FinCEN may require certain participant 
financial institutions to implement additional internal controls as a 
condition for continued participation in the pilot program. In response 
to concerns of the intelligence community, or to take into account 
requirements for State and Federal law enforcement operations, FinCEN 
may also require participant financial institutions to enhance or 
modify internal controls as a condition for continued participation in 
the pilot program.
    The proposed rule also provides a mechanism by which participant 
financial institutions may seek modifications to the internal controls 
specified in its FinCEN-approved application to address operational 
contingencies, resourcing challenges, or other circumstances. 
Specifically, the proposed rule would require participant financial 
institutions to submit a request to FinCEN that details the nature and 
extent of the requested changes to applicable internal controls before 
implementing any such modifications. FinCEN, in consultation with 
relevant Federal functional regulators, as needed, would approve or 
reject such requests for modification, or condition its approval on 
implementation of additional controls, as appropriate. FinCEN, in its 
sole discretion, may also modify a financial institution's 
participation in the pilot program based on the requirements of Federal 
and State law enforcement operations or concerns of the intelligence 
community.
    The proposed rule would permit FinCEN to terminate a financial 
institution's participation in the pilot program at any time. Grounds 
for termination could include, but are not limited to, actual, or 
unreasonable risk of, unauthorized disclosures of SARs and related 
information; significant internal control deficiencies identified while 
participating in the pilot program; failure to adhere to the specific 
requirements for participation; or any other issues that indicate that 
a participant financial institution is unable to adequately safeguard 
against unauthorized disclosures of SARs and

[[Page 3723]]

related information or to ensure adequate data security and 
confidentiality of personally identifiable information.
    Given the limited duration of the pilot program, FinCEN will make 
every effort to expeditiously review applications and provide responses 
to potential participant financial institutions in a timely manner. To 
that end, FinCEN will seek to provide responses within 90 days of 
receipt of an application to participate in the pilot program. FinCEN 
welcomes comments on whether this time period is sufficient to 
encourage participation in the pilot program during the timeframe 
allotted by Congress.
    Quarterly reporting requirement: The proposed rule would require 
participant financial institutions to report certain information to 
FinCEN on a quarterly basis, including: (1) The total number of SARs 
and related information shared; (2) the name and jurisdiction of each 
entity that received SARs and related information, the relationship 
between the entity and the participant financial institution, and the 
intended purposes and uses for which the SARs and related information 
were shared; (3) legal and compliance issues encountered; (4) technical 
difficulties and challenges; (5) enhancements to the financial 
institution's AML/CFT program enabled as a result of participating in 
the pilot program, to include reallocation of resources to higher-
priority AML/CFT risks, such as those described in FinCEN's National 
AML/CFT Priorities, issued pursuant to Section 5318(h)(4)(A) of the 
BSA; and, (6) lessons learned, to include any identified inefficiencies 
in the institution's AML/CFT program. The proposed rule's quarterly 
reporting requirement would provide a control to ensure that the 
sharing of information permitted under the pilot program is in 
compliance with the statutory requirements with regard to Federal and 
State law enforcement operations, concerns of the intelligence 
community, and ensuring appropriate standards and requirements are in 
place with respect to data security and confidentiality of personally 
identifiable information. FinCEN expects that quarterly reporting will 
yield critical information and data that should shed light on the 
effectiveness of the pilot program and inform best practices for 
information sharing and confidentiality of SARs and related 
information. FinCEN intends to use this information to satisfy specific 
statutory reporting requirements, including annual implementation 
updates to Congress, as well as the report and accompanying legislative 
proposal for any request to extend the pilot program.\38\
---------------------------------------------------------------------------

    \38\ As the pilot program matures, FinCEN may request additional 
data points from pilot program participants to fulfil these 
statutory obligations.
---------------------------------------------------------------------------

    Quarterly reporting should also enable FinCEN, and Federal 
functional regulators, as appropriate, to identify pilot program-
related internal control deficiencies at participant financial 
institutions that may need to be addressed as a condition for continued 
participation in the pilot program. For instance, a participant 
financial institution may report a legal and compliance issue under the 
rule, such as an internal audit finding of ineffective controls on SAR 
confidentiality. To ensure ongoing compliance with the requirements of 
the pilot program, and a financial institution's suitability to 
continue to participate, FinCEN intends to share these quarterly 
reports with relevant Federal functional regulators and consult with 
them as appropriate.
    Prohibition involving certain jurisdictions: The proposed rule 
would prohibit participant financial institutions from sharing SARs and 
related information with foreign branches, subsidiaries, and affiliates 
in specific jurisdictions, including the People's Republic of China, 
the Russian Federation, jurisdictions that are state sponsors of 
terrorism, jurisdictions subject to sanctions imposed by the Federal 
Government, and jurisdictions the Secretary has determined cannot 
reasonably protect the security and confidentiality of such 
information.
    For purposes of this section, a ``state sponsor of terrorism'' is a 
jurisdiction so determined by the U.S. Department of State. 
Jurisdictions ``subject to sanctions imposed by the Federal 
Government'' are jurisdictions with governments whose property and 
interests in property in U.S. jurisdiction are blocked pursuant to U.S. 
sanctions authorities, as well as jurisdictions subject to broad 
prohibitions on transactions by U.S. persons involving that 
jurisdiction, such as prohibitions on importing or exporting goods, 
services, or technology to the jurisdiction or dealing in goods or 
services originating from the jurisdiction, pursuant to U.S. sanctions 
authorities. FinCEN welcomes comments on this interpretation, and 
encourages financial institutions to monitor for sanctions issued by 
the U.S. Government to ensure compliance with this requirement.
    Under 31 U.S.C. 5318(g)(8)(C)(i)(III)(c), as added by Section 
6212(C)(i)(III)(cc) of the AML Act, FinCEN has determined that a 
jurisdiction that FinCEN has identified as a primary money laundering 
concern pursuant to Sections 311 of the USA PATRIOT Act (Pub. L. 107-
56) or 9714 of the Combating Russian Money Laundering Act (Pub. L. 116-
283) cannot reasonably protect the security and confidentiality of SARs 
and related information given the deficient AML/CFT controls in those 
jurisdictions as identified by FinCEN. The proposed rule, therefore, 
also prohibits financial institutions from sharing SARs and related 
information with foreign branches, subsidiaries, and affiliates in 
jurisdictions identified by FinCEN as such.\39\ FinCEN may further 
restrict sharing of SARs and related information, as authorized by 
statute, based on requirements of Federal or State law enforcement 
operations, the concerns of the intelligence community, or where FinCEN 
has otherwise determined that such information cannot reasonably be 
protected.
---------------------------------------------------------------------------

    \39\ See https://www.fincen.gov/resources/statutes-and-regulations/311-special-measures.
---------------------------------------------------------------------------

    The proposed rule would authorize the Secretary to grant narrow 
exceptions on a case-by-case basis for foreign branches, subsidiaries, 
and affiliates located in the People's Republic of China and the 
Russian Federation. Under the proposed rule, the Secretary would be 
required to notify the Committee on Banking, Housing, and Urban Affairs 
of the U.S. Senate and the Committee on Financial Services of the U.S. 
House of Representatives that such exceptions are in the national 
security interest of the United States.
    Treatment of foreign jurisdiction-originated reports. As required 
by 31 U.S.C. 5318(g)(9), as added by the AML Act, information related 
to a report received by a financial institution from a foreign 
affiliate with respect to a suspicious transaction relevant to a 
possible violation of law or regulation shall be subject to the same 
confidentiality requirements as reports filed under 31 U.S.C. 5318(g).
    Prohibition on offshoring compliance operations: As required by 31 
U.S.C. 5318(g)(10), as added by the AML Act, the proposed rule would 
expressly prohibit participant financial institutions from establishing 
or maintaining any operation located outside of the United States the 
primary purpose of which is to ensure compliance with the BSA as a 
result of the information sharing granted by this pilot program.
    Duration of the pilot program: The proposed rule implements the 
statutory requirement that the pilot program terminate three years 
after enactment of

[[Page 3724]]

the AML Act. The rule would permit the Secretaryto extend the pilot 
program for not longer than two years upon reporting to the Committee 
on Banking, Housing, and Urban Affairs of the Senate and the Committee 
on Financial Services of the House of Representatives, as required by 
the AML Act.
    Prohibition on Disclosure: Under 31 U.S.C. 5318(g)(8)(B)(ii), the 
pilot program shall ``permit the Secretary to consider, implement, and 
enforce provisions that would hold a foreign affiliate of a U.S. 
financial institution liable for the disclosure of SARs and related 
information.'' The proposed rule provides that, except to the extent 
authorized pursuant to the pilot program or in existing regulations or 
guidance, a participant financial institution, its foreign branches, 
subsidiaries and affiliates, and certain other associated individuals 
may not disclose a SAR or related information shared pursuant to the 
pilot program. The reference to ``existing regulations and guidance'' 
in the proposed rule accounts for exceptions to SAR confidentiality 
that apply to filing institutions located or doing business within the 
United States, and their directors, officers, employees, or agents.\40\
---------------------------------------------------------------------------

    \40\ See, e.g., 31 CFR 1020.320(e)(1)(ii) (banks).
---------------------------------------------------------------------------

    A participant financial institution must implement policies, 
procedures, and internal controls that are reasonably designed to 
ensure that its foreign branches, subsidiaries, or affiliates do not 
permit unauthorized disclosures of SARs or related information. FinCEN, 
in consultation with relevant Federal functional regulators, as needed, 
will assess the sufficiency of a financial institution's internal 
controls before approving an application to participate in the pilot 
program. SARs and related information contain highly sensitive 
information, including sensitive information about U.S. persons, and it 
is vital that they be protected. FinCEN encourages participant 
financial institutions to ensure that their foreign branches, 
subsidiaries, or affiliates have sufficient internal controls in place 
prior to sharing any SARs or related information.
    Under 31 U.S.C. 5321 and 31 U.S.C. 5322, civil penalties and 
criminal sanctions may be imposed on participant financial 
institutions, directors, officers, employees, or agents for violations 
of the prohibition on the disclosure of SARs and related information. 
The proposed rule makes clear that this prohibition also applies to 
foreign affiliates, and that foreign affiliates can be held liable for 
civil penalties and criminal sanctions pursuant to 31 U.S.C. 5321 and 
31 U.S.C. 5322. Civil money penalties under 31 U.S.C. 5321(a)(1) apply 
to a ``domestic financial institution or nonfinancial trade or 
business,'' and the term ``domestic financial institution'' is defined 
as referring to ``an action in the United States'' of the financial 
institution.\41\ However, 31 U.S.C. 5318(g)(8)(B)(ii) specifically 
authorizes the Secretary to implement and enforce ``provisions that 
would hold a foreign affiliate of a U.S. financial institution liable 
for the disclosure of SARs and related information.'' In light of that 
mandate, FinCEN would construe its authority to impose civil money 
penalties under 31 U.S.C. 5321(a)(1) as applying to foreign affiliates 
that disclose SARs and related information in violation of the proposed 
rule, without regard to whether the unauthorized disclosure occurs in 
the United States.
---------------------------------------------------------------------------

    \41\ 31 U.S.C. 5312(b)(1); see also 31 CFR 1010.100(o) (stating 
that ``domestic'' refers ``to the doing of business within the 
United States'' or ``the performance . . . of functions within the 
United States'').
---------------------------------------------------------------------------

    Definitions: 31 U.S.C. 5318(g)(11) defines an affiliate as ``an 
entity that controls, is controlled by, or is under common control with 
another entity.'' The broad nature of this definition would include 
branches and subsidiaries of participant financial institutions. 
Therefore, the proposed rule both adopts this definition and includes 
branches and subsidiaries within the term affiliate for the purpose of 
this proposed pilot program.

IV. Request for Comment

    FinCEN welcomes comment on all aspects of this proposed rule and 
encourages all interested parties to provide their views.
    With respect to the effect of establishing a pilot program to 
permit financial institutions to share SARs with foreign branches, 
subsidiaries, and affiliates, FinCEN in particular requests comment 
from financial institutions and members of the public on the following 
questions:
    (1) Describe the expected costs and associated burdens of complying 
with the proposed pilot program requirements, to the extent that a 
financial institution chooses to participate.
    (2) Describe the expected impact, including costs and/or associated 
burdens, of complying with the statutory prohibition on offshoring 
compliance operations within the context of the proposed pilot program.
    (3) Describe expected technical challenges to implementation that 
could make it harder or more expensive to participate in the pilot 
program.
    (4) Describe the expected benefits to a financial institution from 
being permitted to share SARs and related information with a foreign 
branch, subsidiary, or affiliate for the purpose of combating illicit 
finance risks. Would the proposed sharing of SARs and related 
information enable a financial institution to shift or allocate 
resources to higher-priority AML/CFT risks?
    (5) Has FinCEN struck a reasonable balance between facilitating 
information sharing of SARs and related information permitted under the 
pilot program and imposing conditions to protect the confidentiality 
and prevent unauthorized disclosures of SARs and related information? 
If not, how could FinCEN more reasonably balance these considerations?
    (6) Describe potential challenges in protecting the confidentiality 
of SARs and related information and preventing unauthorized disclosures 
in connection with participation in the pilot program. Are there 
additional provisions FinCEN could include in the pilot program that 
would better enable a financial institution to comply with the program 
confidentiality requirements and ensure accurate reporting? How does a 
financial institution expect to protect SAR confidentiality and prevent 
unauthorized SAR disclosures if foreign regulatory examinations of 
foreign affiliates of U.S. financial institutions requests access to 
such foreign institutions' files? Are there jurisdictions in which this 
information would be subject to disclosure to non-government parties by 
legal process?
    (7) For the quarterly reports FinCEN is proposing to require, are 
there any other particular metrics FinCEN should include in the current 
list for required feedback?
    (8) Is FinCEN's proposed timeline of 90 days to respond to 
application requests reasonable? Would such a timeline encourage 
financial institutions to participate in the pilot program?
    (9) Should FinCEN consider a broader, longer-term program that 
would enable financial institutions to share SARs and related 
information with their foreign branches, subsidiaries, and affiliates 
for the purpose of combating illicit finance risks?

V. Regulatory Analysis

A. Executive Orders 13563 and 12866

    Executive Orders 13563 and 12866 direct agencies to assess costs 
and

[[Page 3725]]

benefits of available regulatory alternatives and, if regulation is 
necessary, to select regulatory approaches that maximize net benefits 
(including potential economic, environmental, and public health and 
safety effects; distributive impacts; and equity). Executive Order 
13563 emphasizes the importance of quantifying both costs and benefits, 
of reducing costs, of harmonizing rules, and of promoting flexibility. 
It has determined that this proposed rule is not a significant 
regulatory action for purposes of Executive Order 12866. Accordingly, a 
regulatory impact analysis is not required.

B. Regulatory Flexibility Act

    The Regulatory Flexibility Act (RFA) (5 U.S.C. 601, et seq.) 
requires an agency either to provide an initial regulatory flexibility 
analysis with a proposed rule or certify that the proposed rule will 
not have a significant economic impact on a substantial number of small 
entities. This proposed regulation on its face would apply to all 
financial institutions with a SAR reporting obligation under 31 U.S.C. 
5318(g). However, because of the voluntary nature of the proposed rule, 
only financial institutions choosing to participate in the pilot 
program would be affected. FinCEN believes the proposed regulatory 
changes are unlikely to have a significant economic impact on a 
substantial number of small entities, as smaller entities are less 
likely to have foreign-based branches, subsidiaries, and affiliates. 
FinCEN, however, recognizes the limitations in readily available data 
about potential costs and benefits and has prepared an initial 
regulatory flexibility analysis pursuant to the RFA. FinCEN welcomes 
comments on all aspects of the initial regulatory flexibility analysis. 
A final regulatory flexibility analysis will be conducted after 
consideration of comments received during the comment period.
i. Statement on the Need for, and Objectives of, the Proposed 
Regulations
    The need for, and objectives of, the proposed regulations are 
established in 31 U.S.C. 5318(g), as amended by Section 6212 of the AML 
Act. The purpose of the proposed regulation is to establish a pilot 
program that permits a financial institution with a reporting 
obligation under 31 U.S.C. 5318(g) to share information related to 
SARs, including that such a report has been filed, with the 
institution's foreign branches, subsidiaries, and affiliates for the 
purpose of combating illicit finance risks.
ii. Small Entities Affected by the Proposed Regulation
    The proposed regulations would apply to financial institutions with 
a reporting obligation under 31 U.S.C. 5318(g). FinCEN most recently 
identified these institutions in the Paperwork Reduction Act of 1995 
(PRA) notice renewing information collection related to SARs.\42\ While 
the full list of financial institutions with a reporting obligation 
under 31 U.S.C. 5318(g) includes a substantial number of small 
entities, FinCEN does not believe that a substantial number of small 
entities would be affected by the proposed regulation. The proposed 
pilot program would apply only to those institutions that choose to 
participate, and it is unlikely that small entities would choose to 
participate in a SAR sharing pilot program, as they are less likely to 
have foreign branches, subsidiaries, and affiliates.
---------------------------------------------------------------------------

    \42\ Financial Crimes Enforcement Network, Agency Information 
Collection Activities; Proposed Renewal; Comment Request; Renewal 
Without Change of the Bank Secrecy Act Reports by Financial 
Institutions of Suspicious Transactions at 31 CFR 1020.320, 
1021.320, 1022.320, 1023.320, 1024.320, 1025.320, 1026.320, and 
1029.320, and FinCEN Report 111--Suspicious Activity Report, 85 FR 
31598 (May 26, 2020).
---------------------------------------------------------------------------

iii. Compliance Requirements
    The compliance costs for entities that choose to participate in the 
pilot program would include implementation and administrative costs. 
These would include costs to file an initial application with, and 
provide quarterly updates to, FinCEN, as well as costs associated with 
ensuring that adequate controls are in place to abide by the conditions 
imposed by FinCEN.
iv. Duplicative, Overlapping, or Conflicting Federal Rules
    FinCEN is not aware of any duplicative, overlapping, or conflicting 
Federal rules with respect to pilot programs that enable financial 
institutions to share SARs and related information with their foreign 
branches, subsidiaries, and affiliates. As discussed previously, 
existing guidance from FinCEN and Federal functional regulators 
prohibits U.S. financial institutions from sharing SARs with foreign 
branches, subsidiaries, and affiliates, and allows only for sharing 
SARs with head offices and controlling entities of U.S. financial 
institutions, consistent with the 2006 Guidance, and U.S. affiliates 
within a financial institution's corporate organizational structure, 
consistent with the 2010 Guidance.
v. Significant Alternatives to the Proposed Regulations
    FinCEN considered foregoing the requirement for financial 
institutions to submit an application and provide quarterly updates on 
the progress of the pilot program. Given the sensitive nature of the 
information contained in or relating to a SAR, including personally 
identifiable information of U.S. persons, and the jurisdictional 
limitations set out in the statute, FinCEN proposes requiring an 
application and approval process to ensure that adequate safeguards are 
in place before allowing a financial institution to share information 
with its foreign branches, subsidiaries, and affiliates. Additionally, 
as required by the AML Act, FinCEN must provide annual updates to the 
Committee on Banking, Housing, and Urban Affairs of the Senate and the 
Committee on Financial Services of the House of Representatives on the 
pilot program, and submit a detailed legislative proposal concerning 
the long-term extension of the pilot, if appropriate. FinCEN therefore 
proposes to require financial institutions to provide quarterly updates 
to ensure that FinCEN, in consultation with relevant Federal functional 
regulators, as needed, can meet these statutory requirements.

C. Unfunded Mandates Act

    Section 202 of the Unfunded Mandates Reform Act of 1995 (``Unfunded 
Mandates Act''), Public Law 104-4 (March 22, 1995), requires that an 
agency prepare a budgetary impact statement before promulgating a rule 
that may result in expenditure by the State, local, and tribal 
governments, in the aggregate, or by the private sector, of $100 
million or more in any one year. If a budgetary impact statement is 
required, Section 202 of the Unfunded Mandates Act also requires an 
agency to identify and consider a reasonable number of regulatory 
alternatives before promulgating a rule. Taking into account the 
factors noted above and using conservative estimates of average labor 
costs in evaluating the cost of the burden imposed by the proposed 
regulation, FinCEN has determined that it is not required to prepare a 
written statement under Section 202.

D. Paperwork Reduction Act of 1995

    The recordkeeping and reporting requirements contained in this 
proposed rule (31 CFR 1010.240) have been submitted by FinCEN to the 
Office of Management and Budget (``OMB'') for review in accordance with 
the PRA. Written comments and

[[Page 3726]]

recommendations for the proposed information collection can be 
submitted by visiting www.reginfo.gov/public/do/PRAMain. Find this 
particular document by selecting ``Currently Under Review--Open for 
Public Comments'' or by using the search function. Comments are welcome 
and must be received by March 28, 2022. In accordance with the 
requirements of the PRA and its implementing regulations, 5 CFR part 
1320, the following information concerning the collections of 
information is presented to assist those persons wishing to comment on 
the information collections. Currently, financial institutions subject 
to a SAR requirement must collect, retain, and report certain 
information related to suspicious activity that takes places by, at, or 
through the financial institution. This proposed rule would permit 
financial institutions to share this information with their foreign 
branches, subsidiaries, and affiliates, subject to the conditions and 
prohibitions described above. As part of the application process to 
request participation in the pilot program, FinCEN is proposing to 
require a written submission with quarterly updates. As there is no 
requirement to participate in the pilot program, FinCEN has calculated 
an hourly burden only for those financial institutions that voluntarily 
decide to participate.
    Description of Recordkeepers: Banks, casinos and card clubs, money 
services businesses, brokers or dealers in securities, mutual funds, 
insurance companies, futures commission merchants and introducing 
brokers in commodities, loan or finance companies, and housing 
government sponsored enterprises.
    Estimated Number of Affected Institutions: FinCEN estimates that 
approximately 100 financial institutions will decide to participate in 
the pilot program, which will permit the financial institutions to 
share SARs and related information with their foreign branches, 
subsidiaries, and affiliates. Because this is a new voluntary program, 
this is an estimate, and FinCEN is requesting comment from institutions 
that anticipate voluntarily participating in the pilot program.
    Estimated Average Annual Burden Hours per Recordkeeper: Fewer than 
59 hours per participant financial institution.
    FinCEN estimates that the recordkeeping burden per recordkeeper to 
submit a written application to FinCEN requesting participation in the 
pilot program, including a description of internal controls in place to 
limit unauthorized disclosures of SARs and related information, is 20 
hours per year. This includes filing an application to participate that 
includes notice that a person has been designated as a point-of-contact 
for ongoing correspondence with FinCEN during the pilot program, 
written pre-commencement notice that a participant financial 
institution has the appropriate agreements and internal controls in 
place to begin sharing SARs and related information, and written notice 
that a commencement date has been set. FinCEN estimates an additional 
one-hour-per-year burden in the event a participant financial 
institution needs to contact FinCEN in writing to request advance 
approval for any modifications to the commitments in the written 
application. FinCEN is requesting comment on how frequently a 
prospective participant financial institution anticipates that it may 
need to modify the commitments listed in its application.
    FinCEN estimates that the recordkeeping burden to draft and 
maintain written confidentiality agreements for personnel granted 
access to shared information, and to draft and maintain documented 
policies and procedures to account for any requests or demands for SARs 
and related information under foreign law, is 20 hours per year. FinCEN 
estimates that the recordkeeping burden to prepare and submit quarterly 
reports, to include technical difficulties encountered, legal issues 
uncovered, the outcome of requests or demands made for SARs shared 
pursuant to the pilot program, successes or lessons learned, is four 
hours per report, for a total of 16 hours per year (4 hours x 4 reports 
per year).
    FinCEN estimates one hour for the recordkeeping burden associated 
with the notice requirement, where a participant institution must 
notify FinCEN of any requests or demands from foreign law enforcement, 
foreign regulators, or other outside foreign party for SARs and related 
information shared with foreign branches, subsidiaries, and affiliates 
pursuant to the pilot program, and notify FinCEN of the outcome of such 
request and any further attempts to obtain such SARs and related 
information. FinCEN also estimates one hour for the burden associated 
with maintaining records sufficient to identify the specific foreign 
jurisdictions in which branches, subsidiaries, or affiliates of 
financial institutions are located and that received any specific SAR 
or related information.
    FinCEN understands that some participant financial institutions may 
have existing SAR sharing procedures and confidentiality agreements in 
place that could be leveraged for the pilot program, whereas other 
institutions may need to create them. For that reason, FinCEN estimates 
that the proposed rule would add roughly 59 burden hours per 
participant financial institution a year based on the above 
calculations.\43\
---------------------------------------------------------------------------

    \43\ FinCEN arrived at the estimate of 58 burden hours by 
calculating 20 hours (application) + 1 hour (material deviations 
from the written agreement) + 20 hours (confidentiality agreements) 
+ 16 hours (quarterly reports) + 1 hour (law enforcement referrals) 
= 58 hours annual per financial institution.
---------------------------------------------------------------------------

    Estimated Total Annual Reporting Burden: 5,900 hours (100 financial 
institutions multiplied by 59 hours). This is a new regulatory 
requirement that requires a new OMB control number. The OMB control 
number assigned to the recordkeeping and reporting requirements 
described in this notice is 1506-XXXX. 5,900 hours will be assigned to 
new OMB control number 1506-XXXX.
    Specific Questions for Comment:
    (1) FinCEN is requesting comment from financial institutions that 
anticipate voluntarily participating in the pilot program on whether 
the estimate of 100 financial institutions that might participate in a 
pilot program is accurate, so that FinCEN can further refine its 
estimate of expected participants.
    (2) Is FinCEN's burden estimate of 20 hours per year for a 
financial institution to draft and submit an application reasonable?
    (3) Is FinCEN's burden estimate of 20 hours per year for a 
financial institution to draft and maintain written confidentiality 
agreements and maintain policies and procedures related to disclosure 
requests reasonable?
    (4) Is FinCEN's burden estimate of 16 hours per year for a 
financial institution to submit four quarterly reports reasonable?
    (5) Is FinCEN's burden estimate of one hour per year for a 
financial institution to refer law enforcement, regulator, or outside 
party requests to FinCEN reasonable?
    (6) Is FinCEN's burden estimate of one hour per year for a 
financial institution to maintain records to sufficiently track SARs 
such that a participant financial institution can identify a specific 
SAR shared with a specific foreign branch, subsidiary, or affiliate?
    (7) How often does an institution receive requests or demands for 
SARs and related information from law enforcement, a regulator, or 
other outside party?
    General Questions for Comment: In addition to the questions listed 
above, FinCEN invites comment on: (a) Whether the proposed collection 
of

[[Page 3727]]

information is necessary for the proper performance of the functions of 
FinCEN, including whether the information will have practical utility; 
(b) the accuracy of the estimated burden associated with the proposed 
collection of information; (c) how the quality, utility, and clarity of 
the information to be collected may be enhanced; and (d) how the burden 
of complying with the proposed collection of information may be 
minimized, including through the application of automated collection 
techniques or other forms of information technology.

List of Subjects in 31 CFR Part 1010

    Administrative practice and procedure, Banks, Banking, Currency, 
Foreign banking, Foreign currencies, Investigations, Penalties, 
Reporting and recordkeeping requirements, Terrorism.

Authority and Issuance

    For the reasons set forth in the preamble, part 1010 of chapter X 
of title 31 of the Code of Federal Regulations is proposed to be 
amended as follows:

PART 1010--GENERAL PROVISIONS

0
1. The authority citation for part 1010 continues to read as follows:

    Authority:  12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5314, 
5316-5336; Title III, sec. 314, Pub. L. 107-56, 115 Stat. 307; sec. 
2006, Pub.L 114-41. Stat. 458-459; sec. 701, Pub. L. 114-74, 129 
Stat. 599; sec. 6403, Pub. L. 116-283, 134 Stat. 3388.

0
2. Add Sec.  1010.240 to subpart B to read as follows:


Sec.  1010.240  Pilot program authorizing SAR sharing with foreign 
branches, subsidiaries, and affiliates.

    (a) Definitions. For purposes of this section, the following terms 
have the following meanings:
    (1) Eligible financial institution. The term ``eligible financial 
institution'' means a financial institution as described in 31 U.S.C. 
5312(a)(2) that is obligated to report suspicious activity under 31 
U.S.C. 5318(g), including without limitation:
    (i) Banks, as defined at 31 CFR 1010.100(d);
    (ii) Casinos and card clubs, as defined at 31 CFR 1010.100(t)(5) 
and (6), respectively;
    (iii) Money services businesses, as defined at 31 CFR 1010.100(ff);
    (iv) Brokers or dealers in securities, as defined at 31 CFR 
1010.100(h);
    (v) Mutual funds, as defined at 31 CFR 1010.100(gg);
    (vi) Insurance companies, as defined at 31 CFR 1025.100(g);
    (vii) Futures commission merchants and introducing brokers in 
commodities, as defined at 31 CFR 1010.100(x) and (bb), respectively;
    (viii) Loan or finance companies, as defined at 31 CFR 
1010.100(lll); and
    (ix) Housing government sponsored enterprises, as defined at 31 CFR 
1010.100(mmm).
    (2) Participant financial institution. The term ``participant 
financial institution'' means an eligible financial institution that 
FinCEN has authorized to engage in the pilot program described in this 
section, in accordance with the requirements set forth in this section 
and any other conditions imposed by FinCEN.
    (3) Affiliate. The term ``affiliate'' means an entity that 
controls, is controlled by, or is under common control with another 
entity, including any branch or subsidiary.
    (4) Suspicious activity report (SAR) and related information. The 
term ``SAR and related information'' means a report filed pursuant to 
31 CFR 1020.320 (banks); 1021.320 (casinos and card clubs); 1022.320 
(money services businesses); 1023.320 (brokers or dealers in 
securities); 1024.320 (mutual funds); 1025.320 (insurance companies); 
1026.320 (futures commission merchants and introducing brokers in 
commodities); 1029.320 (loan or finance companies); 1030.320 (housing 
government-sponsored enterprises), and any information that would 
reveal the existence of such a report.
    (5) Commencement date. The term ``commencement date'' means the 
date on which a participant financial institution begins sharing SARs 
and related information with foreign affiliates pursuant to the 
requirements of the pilot program described in this section, in 
accordance with the requirements set forth in this section and any 
other conditions imposed by FinCEN.
    (b) Participation in the SAR pilot program. Notwithstanding any 
other provision of this chapter, and subject to the terms and 
conditions specified in this section or otherwise prescribed by FinCEN, 
a financial institution approved by FinCEN to participate in the SAR 
pilot program may share SARs and related information, including the 
fact that a SAR has been filed, with the institution's foreign 
affiliates for the purpose of combating illicit finance risks.
    (c) Obligations of a participant financial institution--(1) 
Application. Eligible financial institutions must obtain approval from 
FinCEN to participate in the pilot program. To obtain FinCEN approval, 
an eligible financial institution shall submit a written application to 
FinCEN. FinCEN will notify the financial institution's relevant Federal 
functional regulator of the application. FinCEN will share any 
materials submitted in connection with an application under this 
section with relevant Federal functional regulators, or, as 
appropriate, other relevant agencies. The written application must:
    (i) Identify the institution's point of contact(s) for pilot 
program-related correspondence with FinCEN, and, for entities located 
abroad, appoint agents for service of process in the United States;
    (ii) Specify the foreign affiliates with which the financial 
institution intends to share SARs and related information, including 
the operational jurisdictions of such entities, as well as whether such 
entities will be providing reciprocal information to the applicant 
institution;
    (iii) Specify the particular purpose or purposes for which the 
foreign affiliates intend to use SARs and related information;
    (iv) Include an estimated commencement date for the institution's 
pilot program; and
    (v) Provide a description of all internal controls in place to 
protect the confidentiality of and prevent unauthorized disclosures of 
SARs and related information and ensure data security and 
confidentiality of personally identifiable information.
    (2) Internal controls--(i) Implementation of internal controls. A 
participant financial institution must implement and maintain policies, 
procedures, and internal controls that are reasonably designed to 
ensure that its foreign affiliates do not permit unauthorized 
disclosures of SARs and related information shared pursuant to the 
pilot program. These controls should include:
    (A) Written confidentiality agreements or arrangements specifying 
that all personnel in foreign affiliates granted access to SARs and 
related information pursuant to the pilot program must safeguard the 
confidentiality of SARs and related information shared pursuant to the 
pilot program, including information indicating that a SAR has been 
filed;
    (B) Provisions for the secure transmission and storage of SARs and 
related information between the participant financial institution and 
its foreign affiliates; and
    (C) Processes and procedures for personnel located in the United 
States to review any request from foreign law enforcement, foreign 
regulators, or an outside foreign party for SARs and related 
information shared pursuant to the pilot program.

[[Page 3728]]

    (ii) Copies of internal controls. FinCEN may request copies of 
internal policies and procedures, including confidentiality agreements, 
designed to ensure compliance with the pilot program. FinCEN may share 
these documents with relevant Federal functional regulators or other 
relevant agencies.
    (3) Approval. In determining whether to approve an application, 
FinCEN will consider, in its sole discretion, the requirements of 
Federal and State law enforcement operations; any potential concerns of 
the intelligence community; appropriate standards and requirements 
regarding data security and the confidentiality of personally 
identifiable information, including the adequacy of the financial 
institution's internal controls; and, any other appropriate factors 
consistent with the purposes of the Bank Secrecy Act.
    (4) Additional requirements. As a condition of approving an 
application, FinCEN may impose additional requirements, including 
requiring a participant financial institution to adopt additional 
controls related to its participation in the pilot program. FinCEN may 
impose additional requirements on a participant financial institution 
at any time after the application is approved.
    (5) Modification. A participant financial institution shall not 
deviate in any material manner from the controls proposed in the 
application described in paragraph (1) or from any additional 
requirements imposed by FinCEN, except with FinCEN's written approval.
    (6) Termination. FinCEN may terminate a financial institution's 
participation in the pilot program at any time if, in its sole 
discretion, FinCEN determines that such termination is consistent with 
the considerations set forth in 31 U.S.C. 5318(g)(8)(A) or for other 
good cause.
    (7) Pre-commencement notice to FinCEN. After obtaining approval 
from FinCEN, a participant financial institution shall provide FinCEN 
with advance written confirmation of the commencement date of the 
financial institution's sharing of SARs and related information with 
its foreign affiliates.
    (8) Quarterly reporting requirement. A participant financial 
institution shall submit reports regarding its participation in the 
pilot program to FinCEN every three months after the commencement date 
of its pilot program. FinCEN intends to share quarterly reports with 
relevant Federal functional regulators or other relevant agencies. 
Quarterly reports shall include information concerning:
    (i) Total number of SARs and related information shared;
    (ii) The name and jurisdiction of each foreign affiliate that 
received SARs and related information, its relationship with the 
participant financial institution, and the intended purposes and uses 
for which the SAR and related information were shared;
    (iii) Any legal and compliance issues related to the financial 
institution's participation in the pilot program;
    (iv) Any technical difficulties and challenges encountered;
    (v) Any enhancements to the financial institution's AML/CFT 
program, including reallocation of resources to higher-priority AML/CFT 
risks enabled as a result of the financial institution's participation 
in the pilot program. Financial institutions may consult FinCEN's AML/
CFT National Priorities, issued pursuant to section 5318(h)(4)(A) of 
the BSA, to further describe successes in this area; and
    (vi) Lessons learned arising from the financial institution's 
participation in the pilot program, to include any identified 
deficiencies.
    (9) Requirement for personnel located in the United States. A 
participant financial institution shall maintain appropriate personnel 
located in the United States to review requests or demands of a foreign 
affiliate for SARs and related information pursuant to its 
participation in the pilot program.
    (10) Receipt of information requests, subpoenas, and other requests 
for SARs and related information. A participant financial institution 
shall immediately notify FinCEN of all requests or demands on the 
participant financial institution or its foreign affiliates for SARs or 
related information from foreign law enforcement, foreign regulators, 
or any other outside foreign party. Participant financial institutions 
and their foreign affiliates shall direct the requesting authority to 
both contact FinCEN about obtaining the requested SARs or related 
information, and seek to obtain such records or information through a 
request to the United States pursuant to a mutual legal assistance 
treaty or other appropriate mechanism for obtaining records from the 
United States.
    (11) Unauthorized disclosures. A participant financial institution 
must immediately notify FinCEN upon learning of or discovering any 
unauthorized disclosures of SARs or related information shared pursuant 
to the pilot program and provide all information to FinCEN relating to 
such unauthorized disclosure.
    (12) SAR tracking. A participant financial institution shall 
maintain records sufficient to identify the specific foreign 
jurisdictions in which affiliates of financial institutions are located 
and that received any specific SAR or related information. Such records 
shall be maintained so as to enable the participant financial 
institution to readily report this information to FinCEN upon request.
    (d) Prohibition involving certain jurisdictions. (1) A participant 
financial institution shall not share SARs or related information with 
a foreign affiliate located in:
    (i) The People's Republic of China;
    (ii) The Russian Federation; or
    (iii) A jurisdiction that:
    (A) Is a state sponsor of terrorism, as determined by the U.S. 
Department of State;
    (B) Is subject to financial and economic sanctions imposed by the 
Federal Government, i.e., jurisdictions with governments whose property 
and interests in property in U.S. jurisdictions are blocked pursuant to 
U.S. sanctions authorities and jurisdictions subject to broad 
prohibitions on transactions by U.S. persons involving that 
jurisdiction, such as prohibitions on importing or exporting goods, 
services, or technology to the jurisdiction or dealing in goods or 
services originating from the jurisdiction, pursuant to U.S. sanctions 
authorities;
    (C) Has been identified as a primary money laundering concern 
pursuant to Section 311 of the USA PATRIOT Act (Pub. L. 107-56) or 
section 9714 of the Combating Russian Money Laundering Act (Pub. L. 
116-283); or
    (D) The Secretary has determined cannot reasonably protect the 
security and confidentiality of suspicious activity reports and related 
information.
    (2) The Secretary may make an exception on a case-by-case basis for 
a financial institution located in jurisdictions listed in paragraphs 
(c)(1)(i) and (ii) of this section if the Secretary determines that 
such an exception is in the national security interest of the United 
States and provides appropriate notification to Congress. A financial 
institution seeking an exception to share SARs or related information 
with a foreign affiliate located in jurisdictions listed in paragraphs 
(c)(1)(i) and (ii) of this section must submit a written request to the 
Director of FinCEN setting forth its reasons for the exception.
    (e) Treatment of foreign jurisdiction-originated reports. 
Information related to a report received by a financial institution 
from a foreign affiliate with respect to a suspicious transaction 
relevant to a possible violation of law or

[[Page 3729]]

regulation shall be subject to the same confidentiality requirements as 
reports filed under 31 U.S.C. 5318(g).
    (f) Prohibition on offshoring compliance operations. Participant 
financial institutions are prohibited from establishing or maintaining 
any operation located outside of the United States the primary purpose 
of which is to ensure compliance with the Bank Secrecy Act as a result 
of the information sharing granted by this pilot program.
    (g) Duration of the pilot program. This pilot program shall 
terminate on January 1, 2024. The Secretary may extend the pilot 
program for not more than two years upon appropriate notification to 
Congress pursuant to 31 U.S.C. 5318(g)(8)(B)(iii).
    (h) Prohibition on disclosure. Except to the extent authorized 
pursuant to the pilot program or in existing regulations or guidance, 
no participant financial institution, director, officer, employee, or 
agent of or for a participant financial institution, and no foreign 
affiliate of a participant financial institution shall disclose to any 
person any SAR or related information shared pursuant to the pilot 
program.
    (i) SAR disclosures by a foreign affiliate. Civil money penalties 
and criminal sanctions may be imposed on any foreign affiliate under 31 
U.S.C. 5321 and 31 U.S.C. 5322 for any violation of the preceding 
paragraph (h) of this section, without regard to whether the 
unauthorized disclosure occurs in the United States. Civil money 
penalties shall be assessed and collected in the manner provided in 31 
U.S.C. 5321(b) and (d).

    By the Department of the Treasury.
Himamauli Das,
Acting Director, Financial Crimes Enforcement Network.
[FR Doc. 2022-01331 Filed 1-24-22; 8:45 am]
BILLING CODE 4810-02-P