[Federal Register: March 26, 1997 (Volume 62, Number 58)]
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
DEPARTMENT OF THE TREASURY
Financial Crimes Enforcement Network
Privacy Act of 1974; System of Records
AGENCY:Departmental Offices, Treasury.
ACTION: Notice of a proposed New Privacy Act system of records.
SUMMARY: In accordance with the Privacy Act of 1974, as amended, 5
U.S.C. 552a, the Financial Crimes Enforcement Network (``FinCEN''),
Department of the Treasury (Treasury), gives notice of a proposed new
Treasury--wide system of records entitled the ``Suspicious Activity
Reporting System (the ``SAR System'')--Treasury/DO.212.''
DATES: Comments must be received no later than April 25, 1997. The
proposed system of records will become effective without further notice
April 25, 1997, unless comments are received that result in a contrary
determination and notice is published to that effect.
ADDRESSES: Written comments should be sent to Office of Legal Counsel,
FinCEN, 2070 Chain Bridge Road, Suite 200, Vienna, VA 22182-2536,
Attention: SAR System of Records. Comments will be made available for
inspection and copying by appointment. Persons wishing such an
opportunity should call Eileen Dolan, (703) 905-3590.
FOR FURTHER INFORMATION CONTACT: Cynthia A. Langwiser, Attorney-
Advisor, Office of Legal Counsel, FinCEN, (703) 905-3582.
This new Privacy Act system of records is proposed to be
established for the retention, retrieval, and dissemination of
information, reported by financial institutions or certain of their
affiliates to the Federal Government, concerning suspicious
transactions and known or suspected criminal violations occurring by,
at, or through such institutions. Suspicious transaction reporting is
required by rules issued by FinCEN and the five supervisory agencies
that examine and regulate the safety and soundness of financial
institutions, namely the Board of Governors of the Federal Reserve
System (the ``Board''), the Office of the Comptroller of the Currency
(``OCC''), the Federal Deposit Insurance Corporation (``FDIC''), the
Office of Thrift Supervision (``OTS''), and the National Credit Union
Administration (``NCUA'') (collectively, the ``Federal Supervisory
\1\ FinCEN and the Federal Supervisory Agencies have all
published rules requiring such reporting. See the rules publshed by
FinCEN, the Board, OCC, FDIC, OTS and NCUA, respectively, at: 61 FR
4326 (February 5, 1996); 61 FR 4338 (February 5, 1996); 61 FR 4332
(February 5, 1996); 61 FR 6095 (February 16, 1996); 61 FR 6100
February 16, 1996); 61 FR 11526 (March 21, 1996).
The requirements of FinCEN and the Federal Supervisory Agencies
create an integrated system for reporting suspicious activity and known
or suspected crimes. Under these requirements, financial institutions
file a single uniform Suspicious Activity Report (a ``SAR'') with
FinCEN. Previously, a financial institution reporting a known or
suspected violation of law was required to file multiple copies of
criminal referral forms with its Federal financial regulatory agency
and Federal law enforcement agencies. Each Federal financial regulatory
agency had promulgated a different form. Under the new system, a
financial institution meets its obligation to report a known or
suspected violation of law by filing one copy of a SAR with FinCEN.
SAR records are maintained in an automated database that is
operated by agreement among FinCEN and the Federal Supervisory
Agencies. FinCEN manages the automated SAR System, which is housed at
the Internal Revenue Service Computing Center in Detroit, Michigan. The
SAR System contains the suspicious activity information filed by
financial institutions and related information concerning criminal
prosecutions, civil actions, enforcement proceedings and investigations
of concern to FinCEN and the Federal Supervisory Agencies. Currently,
these categories of records are included in an existing Privacy Act
system of records, FinCEN Data Base, Treasury/DO .200.\2\ However, in
order to provide more current and detailed information about these
categories of records, a new and separate Privacy Act system of records
is being created.
\2\In addition, the Federal Supervisory Agencies have modified
their existing Privacy Act Systems of Records to reflect the new
interagency suspicious activity reporting process and the use of the
database maintained and managed by FinCEN pursuant to the agreement.
See the notices published by the Board, OCC, FDIC, OTS, and NCUA,
respectively, at 60 FR 44347 (August 25, 1995); 60 FR 64239
(December 14, 1995); 60 FR 52001 (October 4, 1995); 60 FR 64241
(December 14, 1995) and 61 FR 8689 (March 5, 1996).
This single information system for the use of such reports is a key
part of the integrated system. The SAR System will permit enhanced
analysis and tracking of the information contained in the reports, and
rapid dissemination to appropriate Federal and state law enforcement
and supervisory agencies. As a central repository for investigatory or
enforcement information, the SAR System will permit analysis,
retrieval, and dissemination of information by the Federal Supervisory
Agencies, by appropriate Federal, state, and local law enforcement
agencies, state banking supervisory agencies, and by FinCEN itself (SAR
Users).\3\ In addition, the SAR System will permit dissemination of
information, where appropriate, to non--United States financial
regulatory agencies and law enforcement authorities. The SAR System
will thereby improve efforts to prevent, identify, and enforce the laws
against financial wrongdoing.
\3\In accordance with 31 U.S.C. 5318(g), data from the SAR
System is exchanged, retrieved, and disseminated, both manually and
electronically among FinCEN, the Federal Supervisory Agencies,
appropriate Federal, state, and local law enforcement agencies, and
state banking supervisory agencies. Section 5318(g)(4)(B)
specifically require that the agency designated as the repository
for suspicious transaction reports refer those reports to any
appropriate law enforcement or supervisory agency.
Because records in this database are generated under 31 U.S.C.
5318(g)(4), which authorizes the Secretary of the Treasury to designate
a single agency to whom suspicious activity reports shall be made,
access to and use of these records will be governed by the routine uses
set forth in this notice. Accordingly, the routine uses reflect sharing
among Federal Supervisory Agencies and law enforcement authorities.
Additionally, the safeguards provide that on--line access to the
computerized database is limited to authorized individuals who have
been issued a password and nontransferable identifier.
Because information in the SAR System may be retrieved by personal
identifier, the Privacy Act of 1974 requires the Treasury Department to
give general notice and seek public comments about creation of this new
separate system of records. A new system of records report, as required
by 5 U.S.C. 552a(r), has been submitted to the Committee on Government
Reform and Oversight of the House of Representatives, the Committee on
Governmental Affairs of the Senate, and the Office of Management and
Budget (``OMB''). See Appendix I to OMB Circular A-130, ``Federal
Agency Responsibilities for Maintaining Records About Individuals,'' 61
FR 6428, 6435 (February 20, 1996). The proposed system of records,
Suspicious Activity Reporting System--Treasury/
DO 212, is published in its entirety below.
Dated: February 3, 1997.
Deputy Assistant Secretary (Administration).
Suspicious Activity Reporting System (the ``SAR System'').
The SAR System is housed at the Internal Revenue Service Computing
Center (``DCC'') in Detroit, Michigan and is managed by the Financial
Crimes Enforcement Network (``FinCEN''), 2070 Chain Bridge Road, Suite
200, Vienna, VA 22182, with the assistance of the staff of DCC.
Categories of Individuals Covered by the System:
The SAR System contains information about--(1) Individuals or
entities that are known perpetrators or suspected perpetrators of a
known or suspected Federal criminal violation, or pattern of criminal
violations, committed or attempted against a financial institution, or
participants in a transaction or transactions conducted through the
financial institution, that has been reported by the financial
institution, either voluntarily or because such a report is required
under the rules of FinCEN, one or more of the Federal Supervisory
Agencies (the Board of Governors of the Federal Reserve System (``the
Board''), the Office of the Comptroller of the Currency (``OCC''), the
Federal Deposit Insurance Corporation (``FDIC''), the Office of Thrift
Supervision (``OTS''), and the National Credit Union Administration
(``NCUA'') (collectively, the ``Federal Supervisory Agencies'')), or
(2) Individuals or entities that are participants in transactions,
conducted or attempted by, at or through a financial institution, that
have been reported because the institution knows, suspects, or has
reason to suspect that: (a) the transaction involves funds derived from
illegal activities, the transaction is intended or conducted to hide or
disguise funds or assets derived from illegal activities as part of a
plan to violate or evade any law or regulation or to avoid any
transaction reporting requirement under Federal law;(b) the transaction
is designed to evade any regulations promulgated under the Bank Secrecy
Act, Pub. L. 91-508, as amended, codified at 12 U.S.C. 1829b, 12 U.S.C.
1951-1959, and 31 U.S.C. 5311-5330; or (c) the transaction has no
business or apparent lawful purpose or is not the sort in which the
particular customer would normally be expected to engage, and the
financial institution knows of no reasonable explanation for the
transaction after examining the available facts, including the
background and possible purpose of the transaction;
(3) Individuals who are directors, officers, employees, agents, or
otherwise affiliated with a financial institution;
(4) Individuals or entities that are actual or potential victims of
a criminal violation or series of violations;
(5) Individuals who are named as possible witnesses in connection
with matters arising from any such report;
(6) Individuals or entities named as preparers of any such report;
(7) Individuals or entities named as persons to be contacted for
assistance by government agencies in connection with any such report;
(8) Individuals or entities who have or might have information
about individuals or criminal violations described above; and
(9) Individuals or entities involved in evaluating or investigating
any matters arising from any such report.
Categories of Records in the System:
The SAR System contains information reported to FinCEN by
financial institutions on a Suspicious Activity Report (``SAR'')
required under the authority of FinCEN or one or more of the Federal
Supervisory Agencies, or both. SARs contain information about the
categories of persons or entities specified in ``Categories of
Individuals Covered by the System.'' The SAR System may also contain
records pertaining to criminal prosecutions, civil actions, enforcement
proceedings, and investigations resulting from or relating to SARs.
Additionally, it will contain records pertaining to criminal
prosecutions, civil actions, enforcement proceedings, and
investigations relating to institutions required to file reports or
under the supervision of one or more of the Federal Supervisory
Authority for Maintenance of the System:
The system is established and maintained in accordance with 31
U.S.C. 5318(g); 31 CFR part 103; 31 U.S.C. 321; and Department of the
Treasury Order 105-08.
The requirements of FinCEN and the Federal Supervisory Agencies
create an integrated process for reporting suspicious activity and
known or suspected crimes by, at, or through depository institutions
and certain of their affiliates. The process is based on a single
uniform SAR filed with FinCEN.
The SAR System has been created, as a key part of this integrated
reporting process, to permit coordinated and enhanced analysis and
tracking of such information, and rapid dissemination of SAR
information to appropriate law enforcement and supervisory agencies.
The provisions of 31 U.S.C. 5318(g)(4)(B) specifically require that the
agency designated as repository for SARs refer those reports to any
appropriate law enforcement or supervisory agency.
Data from the SAR System will be exchanged, retrieved, and
disseminated, both manually and electronically among FinCEN, the
Federal Supervisory Agencies, appropriate Federal, state, and local law
enforcement agencies, and state banking supervisory agencies. Agencies
to which information will be referred electronically, which in certain
cases may involve electronic transfers of batch information, include
the Federal Supervisory Agencies, the Federal Bureau of Investigation
(FBI), the Criminal Investigation Division of the Internal Revenue
Service, the United States Secret Service, the United States Customs
Service, the Executive Office of the United States Attorneys and the
Offices of the 93 United States Attorneys, and state bank supervisory
agencies and certain state law enforcement agencies, which have entered
into appropriate agreements with FinCEN. (The FBI and Secret Service
may receive electronic transfers of batch information as forms are
filed to permit those agencies more efficiently to carry out their
investigative responsibilities.) Organizations to which information is
regularly disseminated are referred to as SAR System Users. It is
anticipated that information from the SAR system will also be
disseminated to other appropriate Federal, state, or local law
enforcement organizations and regulatory agencies that enter into
appropriate agreements with FinCEN. In addition, information may be
disseminated to non-United States financial regulatory and law
Routine Uses of Records Maintained in the System, Including Categories
of Users and the Purposes of Such Uses:
These records and information in these records may be used to:
(1) Provide information or records, electronically or manually, to
SAR System Users relevant to the enforcement and supervisory programs
and operations of those Users;
(2) Provide SAR System Users and their Executive Departments with
reports that indicate the number, amount, individual identity, and
other details concerning potential violations of the law that have been
the subject of Suspicious Activity Reports;
(3) Provide information or records to any appropriate domestic or
non-United States governmental agency or self-regulatory organization
charged with the responsibility of administering law or investigating
or prosecuting violations of law, or charged with the responsibility of
enforcing or implementing a statute, rule, regulation, order, or
policy, or charged with the responsibility of issuing a license,
security clearance, contract, grant, or benefit, when relevant to the
responsibilities of these agencies or organizations.
(4) Provide information or records, when appropriate, to
international and foreign governmental authorities in accordance with
law and formal or informal international agreement;
(5) Disclose on behalf of a SAR System User, the existence, but not
necessarily the content, of information or records to a third party, in
cases where a SAR System User is a party or has a direct interest and
where the SAR System User has concluded that such disclosure is
(6) Provide information or records to the Department of Justice, or
in a proceeding before a court, adjudicative body, or other
administrative body before which the SAR System User is authorized to
appear, when (a) the SAR System User, or any component thereof; or (b)
any employee of the SAR System User in his or her official capacity; or
(c) any employee of the SAR System User, where the Department of
Justice or the SAR System User has agreed to represent the employee; or
(d) the United States is a party to litigation or has an interest in
such litigation, when the SAR System User determines that litigation is
likely to affect the SAR System User or any of its components and the
use of such records by the Department of Justice or the SAR System User
is deemed by the SAR System User to be relevant and necessary to the
litigation, provided, however, that in each case it has been determined
that the disclosure is compatible with the purpose for which the
records were collected;
(7) Disclose information or records to individuals or entities to
the extent necessary to elicit information pertinent to the
investigation, prosecution, or enforcement of civil or criminal
statutes, rules, regulations, or orders;
(8) In accordance with Executive Order 12968 (August 2, 1995),
provide information or records to any appropriate government authority
in connection with investigations and reinvestigations to determine
eligibility for access to classified information to the extent relevant
for matters that are by statute permissible subjects of inquiry.
(9) Provide, when appropriate, information or records to a bar
association, or other trade or professional organization performing
similar functions, for possible disciplinary action;
(10) Provide information or records to the Department of State and
to the United States Intelligence Community, within the meaning of
Executive Order 12333 (December 4, 1981) to further those agencies'
efforts with respect to national security and international narcotics
(11) Furnish analytic and statistical reports to government
agencies and the public providing information about trends and patterns
derived from information contained on Suspicious Activity Reports, in a
form in which individual identities are not revealed; and
(12) Disclose information or records to any person with whom
FinCEN, the DCC or a SAR System User contracts to provide consulting,
data processing, clerical, or secretarial functions relating to the
official programs and operations of FinCEN, DCC, or the SAR System
Policies and Practices for Storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Records are maintained in magnetic media and on hard paper copy.
Data in the SAR System may be retrieved by sectionalized data
fields (i.e., name of financial institution or holding company, type of
suspected violation, individual suspect name, witness name, and name of
individual authorized to discuss the referral with government
officials) or by the use of search and selection criteria.
The system is located in a guarded building that has restricted
access. Access to the computer facilities and any paper records is
subject to additional physical safeguards that restrict access. Access
to any electronic records in the system is restricted by means of
passwords and non-transferable identifiers issued to authorized SAR
System Users. The system complies with all applicable security
requirements of the Department of the Treasury.
Retention and Disposal:
Records in this system will be updated periodically to reflect
changes, and will be maintained in electronic form as long as needed
for the purpose for which the information was collected. Records will
then be disposed of in accordance with applicable law.
System Manager and Address:
Deputy Director, Financial Crimes Enforcement Network, United
States Department of the Treasury, 2070 Chain Bridge Road, Suite 200,
Vienna, Virginia 22182.
This system is exempt from notification requirements, record
access requirements, and requirements that an individual be permitted
to contest its contents, pursuant to the provisions of 5 U.S.C.
Sec. 552a(j)(2) and (k)(2).
Record Access Procedures:
See ``Notification Procedure'' above.
Contesting Record Procedures:
See ``Notification Procedure'' above.
Record Source Categories:
Records in this system may be provided by or obtained from:
individuals; financial institutions and certain of their affiliates;
Federal Supervisory Agencies; State financial institution supervisory
agencies; domestic or foreign governmental agencies; foreign or
international organizations; and commercial sources. Pursuant to the
provisions of 5 U.S.C. 552a(j)(2) and (k)(2), this system is exempt
from the requirement that the record source categories be disclosed.
Exemptions Claimed for the System:
This system is exempt from 5 U.S.C. 552a(c)(3), (c)(4), (d)(1),
(d)(2), (d)(3), (d)(4), (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H),
(e)(4)(I), (e)(5), (e)(8), (f) and (g) of the Privacy Act pursuant to 5
U.S.C. 552a(j)(2) and (k)(2).
[FR Doc. 97-7559 Filed 3-25-97; 8:45 am]
BILLING CODE: 4820-03-F