On January 24, 2022, the US Treasury Department’s Financial Crimes Enforcement Network (FinCEN) published proposed regulations to implement a pilot program that would allow financial institutions to report suspicious activity reports (SARs) and related information to foreign branches, subsidiaries and affiliates to pass on. The program, mandated by the Anti-Money Laundering Act of 2020 (AML Act), expands on FinCEN’s previous guidance, which allowed financial institutions to share suspicious activity reports or related information with foreign headquarters, controlling entities (whether domestic or foreign) and domestic Share affiliates Promote enterprise-wide risk management and compliance with applicable laws and regulations.
What is the pilot program?
As noted in the proposed regulations, a primary purpose of the AML Act was to “modernize anti-money laundering and counter-terrorist financing laws to better tailor government and private sector responses to new and emerging threats.” To that end, the AML Act added 31 USC § 5318(g)(8), which requires the Secretary of the Treasury to issue rules establishing a pilot program that would allow financial institutions with SAR reporting requirements to share SARs and related information with foreign entities share, subsidiaries and affiliated companies for the purpose of combating illegal financial risks. By law, the new rules must meet the needs of state and federal law enforcement agencies, address potential intelligence agency concerns, meet reasonable standards and requirements related to data security and confidentiality of personal information, and prohibit information sharing with companies in certain jurisdictions.
The pilot program ends on January 1, 2024, but the Secretary may request an extension of the program by up to two years after a report to the relevant committees of the US Senate and House of Representatives.
Who is eligible to participate in the pilot program?
Financial institutions that are required to report suspicious activity under 31 USC §5318(g) are eligible to participate in the pilot program. Eligible institutions include banks, casinos and card clubs, money service companies, securities brokers or dealers, mutual funds, insurance companies, futures and commodity introducing brokers, loan or finance companies, and government-sponsored housing companies.1
Under the proposed rules, financial institutions interested in participating in the pilot program must submit a written application to FinCEN that:
- identifies the institution’s point of contact for correspondence related to the pilot program
- identifies the overseas branches, subsidiaries and affiliates with which the financial institution intends to exchange reports and related information
- determines the specific purpose(s) for which the foreign branches, subsidiaries and affiliates intend to use reports and related information, including the operational jurisdictions of those entities and whether those entities will provide mutual information to the applicant financial institution will
- indicates an estimated start date for the pilot program
- describes internal controls to prevent unauthorized disclosure of suspicious activity reports and related information
When considering applications, FinCEN assesses the strength of the applicant financial institution’s internal controls and considers the institutions and entities with which the financial institution intends to share information. FinCEN will also consider the location of the institutions and entities that may receive information.
FinCEN would attempt to notify a financial institution of acceptance or rejection of the pilot program within 90 days of receipt of the application. Authorized financial institutions would have to provide FinCEN with written confirmation of the date on which they would start exchanging suspicious transaction reports and related information with their foreign counterparts.
Participant Requirements and Restrictions
Given the sensitive nature of the information contained in suspicious transaction reports, FinCEN is particularly concerned about financial institutions’ internal controls. Accordingly, the proposed rules would require participating financial institutions to conduct at least the following controls:
- written confidentiality agreements with all employees of foreign subsidiaries on how to maintain the confidentiality of SARs and related information, including the fact that a SAR has been filed
- Provisions for the secure transmission and storage of reports and related information between the participating financial institution and its foreign subsidiaries
- Procedures for US-based personnel to review SAR requests or related information from foreign entities (such as foreign law enforcement agencies or regulators)
Participating financial institutions would also be required to maintain sufficient records to identify the specific jurisdictions in which their foreign branches/subsidiaries/affiliates are located and with which they have shared SARs or related information.
In addition, financial institutions would have to notify FinCEN immediately of unauthorized disclosures. A financial institution could be subject to civil and criminal penalties for failing to prevent the unauthorized disclosure of reports or related information.
Finally, a participating financial institution could not change any of its previously listed internal controls without first obtaining approval from FinCEN.
Under the proposed rules, participating financial institutions would be required to submit quarterly reports to FinCEN containing the following information:
- Total number of SARs and related information disclosed
- the name and jurisdiction of each entity that received SARs and related information, the relationship between the entity and the participating financial institution, and the intended purposes and uses for which the SARs and related information were shared
- legal and compliance issues encountered
- technical difficulties and challenges
- Improvements to the financial institution’s anti-money laundering/countering the financing of terrorism (AML/CFT) program made possible by participation in the pilot program
- lessons learned
As required by law, the rules would prohibit participating financial institutions from disclosing SARs and related information to foreign branches, subsidiaries and affiliates in China, Russia and jurisdictions that are state sponsors of terrorism.2 are subject to sanctions imposed by the US government and those established by the Secretary of the Treasury cannot adequately protect the security and confidentiality of the information. The law allows FinCEN to make exceptions to this requirement on a case-by-case basis in certain circumstances.
Under the proposed rule, FinCEN would have the right to terminate a financial institution’s participation in the program at any time and for any reason. Reasons for termination include, but are not limited to, “actual or unreasonable risk of unauthorized disclosure of STRs and related information; significant internal control deficiencies identified during participation in the pilot program; failure to comply with the specific eligibility requirements; or other issues that indicate that a participating financial institution is unable to adequately protect itself against unauthorized disclosure of reports and related information or to ensure adequate data security and confidentiality of personal data.
Financial institutions that have concluded that their Bank Secrecy Act (BSA) and AML programs have been hampered by an inability to share STRs with overseas affiliates now have an opportunity to fill that gap. In addition to strengthening their own programs, participating financial institutions may be viewed more favorably by regulators and auditors when attempting to address enterprise-wide risk. Not surprisingly, however, the pilot imposes new reporting and internal control requirements, and participating financial institutions can be penalized if mistakes are made.
Comments on the proposed rule can be submitted to FinCEN until March 28, 2022.
1 See 31 CFR 1010.1000 for definitions specific to each institution.
2 “State sponsor of terrorism” is designated by the US Department of State.