Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

[Federal Register: February 16, 1996 (Volume 61, Number 33)]

[Rules and Regulations]

[Page 6095-6100]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]



 

=======================================================================

-----------------------------------------------------------------------


 

FEDERAL DEPOSIT INSURANCE CORPORATION


 

12 CFR Part 353


 

RIN 3064-AB63


 

 

Suspicious Activity Reports


 

AGENCY: Federal Deposit Insurance Corporation.


 

ACTION: Final rule.


 

-----------------------------------------------------------------------


 

SUMMARY: The Federal Deposit Insurance Corporation (FDIC) is amending

its regulation on the reporting of known or suspected criminal and

suspicious activities by insured state nonmember banks. This final rule

streamlines reporting requirements by providing that a state nonmember

bank file a new Suspicious Activity Report (SAR) with the FDIC and the

appropriate federal law enforcement agencies by sending a single copy

of the SAR to the Financial Crimes Enforcement Network of the

Department of the Treasury (FinCEN) to report a known or suspected

criminal offense or a transaction that it suspects involves money

laundering or violates the Bank Secrecy Act.


 

EFFECTIVE DATE: April 1, 1996.


 

FOR FURTHER INFORMATION CONTACT: Carol A. Mesheske, Chief, Special

Activities Section, (202) 898-6750, or Gregory Gore, Counsel, (202)

898-7109.


 

SUPPLEMENTARY INFORMATION:


 

Background


 

The FDIC, FRB, OCC, and OTS have issued for public comment

substantially similar proposals to revise their regulations on the

reporting of known or suspected criminal conduct and suspicious

activities. The Department of the Treasury, through FinCEN, has issued

for public comment a substantially similar proposal to require the

reporting of suspicious transactions relating to money laundering

activities.


 

[[Page 6096]]


 

The FDIC's proposed regulation (60 FR 47719, September 14, 1995)

noted that the interagency Bank Fraud Working Group, consisting of

representatives from the Agencies, law enforcement agencies, and

FinCEN, has been working on the development of a single form, the SAR,

for the reporting of known or suspected federal criminal law violations

and suspicious activities. The FDIC's proposed regulation, as well as

those proposed by the FRB, OCC, OTS, and FinCEN, would simplify and

clarify the reporting requirements and reduce banks' reporting burdens

by raising mandatory reporting thresholds for criminal offenses and by

requiring the filing of only one report with FinCEN.

The final rule adopts the proposal with a few additional changes

that generally have been made in response to the comments received. The

changes will result in burden reductions even greater than those that

were proposed.


 

Section-by-Section Analysis


 

The title of the regulation has been changed to conform to the name

on the SAR.

Section 353.1 (Instruction No. 1 on the SAR) provides that a bank

must file a SAR when it detects a known or suspected criminal violation

of federal law or a suspicious activity pertinent to a money laundering

offense.

Section 353.2 provides pertinent definitions.

Sections 353.3(a) (1), (2), and (3) (Instructions 1. a., b., and c.

on the SAR) instruct a bank to file a SAR with FinCEN in order to

comply with the requirement to notify federal law enforcement agencies

and the Department of the Treasury if the bank detects any known or

suspected federal criminal violation, or pattern of violations,

committed or attempted against the bank, or involving one or more

transactions conducted through the bank, and the bank believes it was

an actual or potential victim of a crime, or was used to facilitate a

crime. If the bank has a substantial basis for identifying one of its

insiders or other institution-affiliated parties in connection with the

known or suspected crime, reporting is required, regardless of the

dollar amount involved. If the bank can identify a non-insider suspect,

the applicable transaction threshold is $5,000. In cases in which no

suspect can be identified, the applicable transaction threshold

increases to $25,000. These sections were not changed from the proposed

regulation published for public comment in September 1995.

Section 353.3(a)(4) (Instruction 1. d. on the SAR) instructs a bank

to file a SAR for transactions involving $5,000 or more in funds or

other assets when the bank knows, suspects or has reason to suspect

that the transaction: (i) Involves money laundering, or (ii) is

designed to evade any regulations promulgated under the Bank Secrecy

Act, or (iii) has no business or apparent lawful purpose or is not the

sort of transaction in which the particular customer normally engages,

and, after examining the available facts, the bank knows of no

reasonable explanation for the transaction. Section 353.3(a)(4) has

been modified in the final rule to reflect comments received on the

proposal. Most notably, the circumstances under which a transaction

should be reported under this section were clarified, and a reporting

threshold of $5,000 was added.

Section 353.3(a)(4) recognizes the emerging international consensus

that the efforts to deter, substantially reduce, and eventually

eradicate money laundering are greatly assisted by the reporting of

suspicious transactions by financial institutions. The requirements of

this section comply with the recommendations adopted by multi-country

organizations in which the United States is an active participant,

including the Financial Action Task Force of the G-7 nations and the

Organization of American States and are consistent with the European

Community's directive on preventing money laundering through financial

institutions.

Section 353.3(b) (Instruction 2 on the SAR) provides that SARs must

be filed within 30 calendar days of the initial detection of the

criminal or suspicious activity. An additional 30 days is permitted in

order to enable a bank to identify a suspect, but in no event may a SAR

be filed later than 60 days after the initial detection of the

reportable conduct. The FDIC and law enforcement must be notified in

the case of a violation requiring immediate action, such as an on-going

violation. These reporting requirements were not changed from the

September 1995 proposal.

Section 353.3(c) encourages a bank to file a SAR with state and

local law enforcement agencies. This section is unchanged from the

September 1995 proposal.

Section 353.3(d) (Instruction 3 on the SAR) provides that a bank

need not file a SAR for an attempted or committed burglary or robbery

reported to the appropriate law enforcement agencies. In addition, a

SAR need not be filed for missing or counterfeit securities that are

the subject of a report pursuant to Rule 17f-1 under the Securities

Exchange Act of 1934. The section of the final rule was modified to

require reporting of larcenies to be consistent with the interagency

SAR instructions.

Section 353.3(e) requires a bank to retain a copy of the SAR and

the original or business record equivalent of supporting documentation

for a period of five years. The section also requires that a bank

identify and maintain supporting documentation in its files and that

the bank make available such documentation to law enforcement agencies

upon their request. The FDIC made three changes to this section from

the version published for public comment in September 1995. First, the

record retention period was shortened from ten years to five. Second,

provision was made for the retention of business record equivalents of

original documents, such as microfiche and computer imaged record

systems, in recognition of modern record retention technology. The

third change involves the clarification of a bank's obligation to

provide supporting documentation upon request to law enforcement

officials. Supporting documentation is deemed filed with a SAR in

accordance with this section of the FDIC's final rule; as such, law

enforcement authorities need not make their access requests through

subpoena or other legal processes.

Section 353.3(f) requires the management of a bank to report the

filing of all SARs to the board of directors of the bank, or a

designated committee thereof. No change was made from the September

1995 proposal.

Section 353.3(g) provides that SARs are confidential. Requests for

SARS or the information contained therein should be declined. The final

rule also adds a requirement that a request for a SAR or the

information contained therein should be reported to the FDIC. With the

exception of the added requirement that requests for SARs be reported

to the FDIC, no changes were made to this section from the September

1995 proposal.

Section 353.3(h) sets forth the safe harbor provisions of 31 U.S.C.

5318(g). This new section, which was added to the final rule as the

result of many comments concerning this important statutory protection

for banking organizations, states that the safe harbor provisions of

the law are triggered by a report of known or suspected criminal

violations or suspicious activities to law enforcement authorities,

regardless of whether the report is made by the filing of a SAR in

accordance with the FDIC's


 

[[Page 6097]]

regulation or by different means for other reasons.


 

Comments Received


 

The FDIC received letters from 14 public commenters. Comments were

received from 4 community banks, 5 multinational or large regional

banks, 2 trade and industry research groups, 2 regulatory bodies, and

one consulting firm.

The large majority of commenters expressed general support for the

FDIC's proposal. None of the commenters opposed the proposed new

suspicious activity reporting rules. A number of suggestions and

requests for clarification were received. They are as follows.


 

Criminal Versus Suspicious Activities


 

Almost one half of the commenters expressed confusion over the

difference between the known or suspected criminal conduct that would

be subject to the dollar reporting thresholds (provided such conduct

does not involve an institution-affiliated party of the reporting

entity) and the suspicious activities that would be reported regardless

of dollar amount. Section 353.3(a)(4) has been revised to add a $5,000

reporting threshold and to clarify that the suspicious activity must

relate to money laundering or Bank Secrecy Act violations. A threshold

for the reporting of suspicious activities was added to reduce further

the reporting burdens on banks.


 

Reporting of Crimes Under State Law


 

Two commenters requested clarification of whether activities

constituting crimes under state law, but not under federal law, should

be reported on the SAR. The FDIC continues to encourage banks to refer

criminal and suspicious activities under both federal and state law by

filing a Suspicious Activity Report. Under the new reporting system

designed by the FDIC, the other Agencies, and FinCEN, state chartered,

nonmember banks should be able to fulfill their state reporting

obligations by filing a SAR with FinCEN.


 

Safe Harbor Protections; Potential Liability Under Federal and State

Laws


 

Some commenters expressed the concern that banks and their

institution-affiliated parties could be liable under federal and state

laws, such as the Right to Financial Privacy Act, for filing SARs with

respect to conduct that is later found not to have been criminal.

Another concern was that the filing of SARs with state and local law

enforcement agencies would subject filers to claims under state law.

Both of these concerns are addressed by the scope of the safe harbor

protection provided in 31 U.S.C. 5318(g).

The FDIC is of the opinion the safe harbor statute is broadly

defined to include the reporting of known or suspected criminal

offenses or suspicious activities, by filing a SAR or by reporting by

other means, with state and local law enforcement authorities, as well

as with the Agencies and FinCEN.

A few commenters requested that the FDIC make explicit the safe

harbor protections of 31 U.S.C. 5318(g) (2) and (3) on the SAR. The

safe harbor provisions are included in new Sec. 353.3(h) of this

regulation and on the form.


 

Record Retention


 

Half the commenters expressed the view that the proposed 10-year

period for the retention of records in Sec. 353.3(b) was excessive,

especially in light of a five year record retention requirement

contained in the Bank Secrecy Act. In recognition of the potential

burden of document retention on financial institutions, the FDIC has

limited the record retention period to five years.


 

Dollar Thresholds


 

A few comments encouraged the FDIC to raise the dollar thresholds

for known or suspected criminal conduct by non-insiders, or to

establish a dollar threshold for insiders. The FDIC has considered

these comments, but at this time, it believes the thresholds meet and

properly balance the dual concerns of prosecuting criminal activity

involving banks and minimizing the burden on banks. With respect to the

suggestion the FDIC adopt a dollar threshold for insider violations, it

is noted that insider abuse has long been a key concern and focus of

enforcement efforts at the FDIC. With the development of a new

sophisticated and automated database, the FDIC and law enforcement

agencies will have the benefit of a comprehensive and easily accessible

catalogue of known or suspected insider wrongdoing. The FDIC does not

wish to limit the information it receives regarding insider wrongdoing.

Some petty crimes, for example, repetitive thefts of small amounts of

cash by an employee who frequently transfers between banking

organizations, may warrant enforcement action or criminal prosecution.

One commenter suggested an indexed threshold, based on the regional

differences in the various dollar thresholds below which the federal,

state, and local prosecutors generally decline prosecution. While the

FDIC recognizes there may be regional variations in the dollar amount

of financial crimes generally prosecuted, the FDIC's concern is to

place the relevant information in the hands of the investigating and

prosecuting authorities. The prosecuting authorities then may consider

whether to pursue a particular matter. In the FDIC's view, the dollar

thresholds adopted in this final rule best balance the interests of law

enforcement and banks. The FDIC also believes indexed thresholds could

create more confusion than benefit to banks.

Commenters also suggested the creation of a dollar threshold for

the reporting of suspicious activities relating to money laundering

offenses. A $5,000 threshold has been established for reporting of such

suspicious activities.

Questions were raised regarding the permissibility of filing SARs

in situations in which the dollar thresholds for known or suspected

criminal conduct or suspicious activity are not met and the

applicability of the safe harbor provisions of 31 U.S.C. 5318(g) to

such non-mandatory filings. It is the opinion of the FDIC that the safe

harbor provisions of 31 U.S.C. 5318(g) cover all reports of suspected

or known criminal violations and suspicious activities to law

enforcement authorities, regardless of whether such reports are filed

pursuant to the mandatory requirements of the FDIC's regulations or are

voluntary.


 

Notification of On-Going Violations and of State and Local Law

Enforcement Authorities.


 

Proposed Sec. 353.3(b)(2) required a bank to notify the law

enforcement authorities immediately in the event of an on-going

violation. Section 353.3(c) encourages the filing of a copy of the SAR

with state and local law enforcement agencies, in appropriate cases.

This requirement and guidance were found by some commenters to be

unclear as to when immediate notification or the filing of the SAR with

state and local authorities would be required. The FDIC wishes to

clarify that immediate notification is limited to situations involving

on-going violations, for example, when a check kite or money laundering

has been detected and may be continuing. It is impossible for the FDIC

to contemplate all of the possible circumstances in which it might be

appropriate for a bank to advise state and local law enforcement

authorities. Banks should use their best judgment regarding when to

alert the


 

[[Page 6098]]

authorities regarding on-going criminal offenses or suspicious

activities.


 

Supporting Documentation


 

The proposed requirements that an institution maintain ``related''

documentation and make ``supporting'' documentation available to the

law enforcement agencies upon request were criticized as inconsistent

and vague. As no substantive difference is intended, the FDIC has

referred to ``supporting'' documentation in the final rule in reference

both to the maintenance and production requirements. The FDIC believes

the use of the word ``supporting'' is more precise and limits the scope

of the information which must be retained to that which would be useful

in proving that the crime has been committed and by whom it has been

committed. As to the criticism that the meaning of ``related'' or

``supporting'' documentation is vague, it is anticipated banks will use

their judgment in determining the information to be retained. It is

impossible for the FDIC to catalogue the precise types of information

covered by this requirement, as it necessarily depends upon the facts

of a particular case.


 

Scope of Confidentiality Requirement


 

Two commenters correctly noted the proposed regulation is unclear

as to whether the confidentiality requirement applies only to the

information contained on the SAR itself, or whether the requirement

extends to the ``supporting'' documentation. The FDIC takes the

position that only the existence of a SAR and its supporting

documentation are subject to the confidentiality requirements of 31

U.S.C. 5318(g). The supporting documentation itself is not subject to

the confidentiality provisions of 31 U.S.C. 5318(g). The safe harbor

provisions of 31 U.S.C. 5318(g), however, apply to the SAR and

supporting documentation, as set forth in Part 353.3(h).


 

Provisions of Supporting Documentation to Law Enforcement Authorities

Upon Request


 

Many commenters noted the guidance provided in the FDIC's proposed

regulation regarding the provision of supporting documentation to law

enforcement agencies upon their request after the filing of an SAR was

unclear or contrary to law. Some questioned whether law enforcement

agencies would still need to subpoena relevant documents from a bank.

The FDIC's regulation requires banks filing SARs to identify, maintain

and treat the documentation supporting the report as if it were

actually filed with the SAR. This means that subsequent requests from

law enforcement authorities for the supporting documentation relating

to a particular SAR do not require the service of a subpoena or other

legal processes normally associated with providing information to law

enforcement agencies.


 

Civil Litigation


 

The FDIC was encouraged to adopt regulations that would make SARs

undiscoverable in civil litigation, in order to avoid situations in

which a bank could be ordered by a court to produce a SAR in civil

litigation and could be confronted with the prospect of having to

choose between being found in contempt or violating the FDIC's rules.

In the opinion of the FDIC, 31 U.S.C. 5318(g) precludes the disclosure

of SARs. The final rule requires a bank that receives a subpoena or

other request for a SAR to notify the FDIC so that the FDIC may, if

appropriate, intervene in litigation or seek the assistance of the U.S.

Department of Justice.


 

Maintenance of Originals


 

Proposed Sec. 353.3(e) required the maintenance of supporting

documentation in its original form. A number of commenters noted

electronic storage of documents is becoming the rule rather than the

exception, and requiring the storage of paper originals would impose

undue burdens on financial institutions. Moreover, some records are

retained only in a computer database. The proposed regulation reflected

the concerns of the law enforcement agencies that the best evidence be

preserved. However, upon further consideration, the FDIC wishes to

clarify that the electronic storage of original documentation related

to the filing of a SAR is permissible. In addition, the FDIC recognizes

a bank will not always have custody of the originals of documents, and

some documents will not exist at the bank in paper form. In those

cases, preservation of the best available evidentiary documents, for

example, computer disks or photocopies, should be acceptable. This has

been reflected in the final rule by changing the reference to original

documents to original documents or ``business record equivalent''.


 

Investigation and Proof Burdens


 

Two commenters expressed the concern a bank would need to establish

probable cause before reporting crimes for which an essential element

of the proof of the crime was the intent of the actor. The FDIC does

not intend that banks assume the burden of proving illegal conduct;

rather, banks are required to report known or suspected crimes or

suspicious activities in accordance with this final rule.

Supplementary or Corrective Information; Reporting of Multiple Crimes

or Suspects

Material information that supplements or corrects an SAR should be

filed with FinCEN by means of a subsequent SAR. The first page of the

SAR provides boxes for the reporter to indicate whether the report is

an initial, a corrected, or a supplemental report.

Two commenters requested guidance on the reporting of multiple

crimes or related crimes committed by more than one individual. The

instructions to the SAR contemplate that additional suspects may be

reported by means of a supplemental page. Likewise, multiple crimes

committed by a suspect may be reported by means of multiple check-offs

on the SAR, or if needed, by a written addendum to the SAR. In the

event related crimes have been committed by more than one person, a

description of the related crimes may be made by addendum to the SAR.

The FDIC encourages filers to make a complete report of all known or

suspected criminal or suspicious activity. The SAR may be supplemented

in order to facilitate a complete disclosure.

Calculation of Time Frame for Reporting

A few commenters requested the FDIC clarify the application of the

deadline for filing SARs. The FDIC's proposed regulation used the

broadest possible language to set the time frames for the reporting of

known or suspected criminal offenses and suspicious activities in order

to best guide reporting institutions. Absolute deadlines for the filing

of SARs are important to the investigatory and prosecutorial efforts of

law enforcement authorities. It is expected banks will meet the filing

deadlines once conduct triggering the reporting requirements is

identified. Further clarification of the time frames is not needed in

the FDIC's view.

Board of Directors Notification Requirements

The commenters expressed general support for the modification of

the reporting requirement which permits reporting of SARs to a

committee of the board of directors. As a matter of clarification,

notification of a committee of the bank's board relieves the bank of

the obligation to disclose the SARs filed to the entire board. It would

be


 

[[Page 6099]]

expected, however, that the designated committee, for example, the

audit committee, would report to the full board of directors at regular

meetings with respect to routine matters in the same manner and to the

same extent as other committees report at regular board meetings. With

respect to serious crimes or insider malfeasance, the appointed

committee likely should consider it appropriate to make more immediate

disclosure to the full board of directors. Some larger banking

organizations expressed the view that prompt disclosure of SARs to the

board of directors or a committee would impose a serious burden since

larger organizations typically file a larger number of criminal

referral forms (now, SARs). While the FDIC acknowledges that larger

institutions may have more SARs to report to the board of directors or

a committee, this does not alter the directors' fiduciary obligation to

monitor the condition of the institution and to take action to prevent

losses. The final regulation does not dictate the content of the board

of directors or committee notification, and, in some cases, such as

when relatively minor non-insider crimes are to be reported, it may be

completely appropriate to provide only a summary listing of SARs filed.

The FDIC expects the management of banks to provide a more detailed

notification of SARs involving insiders or a potential material loss to

the institution to the board of directors or committees.


 

Information Sharing


 

It was suggested the final regulations should somehow facilitate

the sharing of information among banking organizations in order to

better detect new fraudulent schemes. It is anticipated that the

Treasury Department, through FinCEN, and the Agencies, will keep

reporting entities apprised of recent developments and trends in

banking-related crimes through periodic pronouncements, meetings, and

seminars.


 

Single Filing Requirement; Acknowledgment of Filings


 

The FDIC wishes to clarify that the filing of the SAR with FinCEN

is the only filing of the SAR that is required. Federal and state law

enforcement and bank supervisory agencies will have access to the

database created and maintained by FinCEN on behalf of the Agencies and

the Department of Treasury; thus, a single filing with FinCEN is all

that is required under the new reporting system.

Commenters also requested that the final rule permit the filing of

SARs via telecopier. Such filings are not compatible with the system

developed by the Agencies and FinCEN. Banks can file the SAR via

magnetic media using the computer software to be made available to all

banks by the FDIC and each of the other Agencies with respect to the

institutions they supervise. Larger banking organizations that

currently file currency transaction reports via magnetic tape with

FinCEN may also file SARs by magnetic tape.


 

Regulatory Flexibility Act


 

Pursuant to section 605(b) of the Regulatory Flexibility Act, the

FDIC hereby certifies that this final rule will not have a significant

economic impact on a substantial number of small entities. This final

rule primarily reorganizes the process for making criminal referrals

and has no material impact on banks, regardless of size. Accordingly, a

regulatory flexibility analysis is not required.


 

Paperwork Reduction Act


 

This final rule revises a collection of information that is

currently approved by the Office of Management and Budget (OMB) under

control number 3064-0077. The revisions raise the reporting thresholds

and permit reporting institutions to use a simplified, shorter form; to

file one form only; and to eliminate the submission of supporting

documentation with a report. These revisions have been reviewed and

approved by OMB in accordance with the requirements of the Paperwork

Reduction Act (44 U.S.C. 3501 et seq.).

The estimated average burden associated with the collection of

information contained in a SAR is approximately .6 hours per

respondent. The burden per respondent will vary depending on the nature

of the suspicious activity being reported.


 

Estimated Number of Respondents: 6,500.

Estimated Total Annual Burden Hours: 3,900


 

Comments concerning the accuracy of this burden estimate and

suggestions for reducing this burden should be directed to the

Assistant Executive Secretary (Regulatory Analysis), Room F-400,

Federal Deposit Insurance Corporation, Washington, DC 20429, and to the

Office of Management and Budget, Paperwork Reduction Project (3064-

0077), Washington, DC 20503.


 

List of Subjects in 12 CFR Part 353


 

Banks, Banking, Crime, Currency, Insider abuse, Money laundering,

Reporting and recordkeeping requirements.

For the reasons set forth in the preamble, 12 CFR part 353 of the

Code of Federal Regulations is revised to read as follows:


 

PART 353--SUSPICIOUS ACTIVITY REPORTS


 

Sec.

353.1 Purpose and scope.

353.2 Definitions.

353.3 Reports and records.


 

Authority: 12 U.S.C. 1818, 1819; 31 U.S.C. 5318.



 

Sec. 353.1 Purpose and scope.


 

The purpose of this part is to ensure that an insured state

nonmember bank files a Suspicious Activity Report when it detects a

known or suspected criminal violation of federal law or a suspicious

transaction related to a money laundering activity or a violation of

the Bank Secrecy Act. This part applies to all insured state nonmember

banks as well as any insured, state-licensed branches of foreign banks.



 

Sec. 353.2 Definitions.


 

For the purposes of this part:

(a) FinCEN means the Financial Crimes Enforcement Network of the

Department of the Treasury.

(b) Institution-affiliated party means any institution-affiliated

party as that term is defined in sections 3(u) and 8(b)(5) of the

Federal Deposit Insurance Act (12 U.S.C. 1813(u) and 1818(b)(5)).



 

Sec. 353.3 Reports and records.


 

(a) Suspicious activity reports required. A bank shall file a

suspicious activity report with the appropriate federal law enforcement

agencies and the Department of the Treasury, in accordance with the

form's instructions, by sending a completed suspicious activity report

to FinCEN in the following circumstances:

(1) Insider abuse involving any amount. Whenever the bank detects

any known or suspected federal criminal violation, or pattern of

criminal violations, committed or attempted against the bank or

involving a transaction or transactions conducted through the bank,

where the bank believes it was either an actual or potential victim of

a criminal violation, or series of criminal violations, or that the

bank was used to facilitate a criminal transaction, and the bank has a

substantial basis for identifying one of the bank's directors,

officers, employees, agents, or other institution-affiliated parties as

having committed or aided in the commission of the criminal violation,

regardless of the amount involved in the violation;


 

[[Page 6100]]


 

(2) Transactions aggregating $5,000 or more where a suspect can be

identified. Whenever the bank detects any known or suspected federal

criminal violation, or pattern of criminal violations, committed or

attempted against the bank or involving a transaction or transactions

conducted through the bank, and involving or aggregating $5,000 or more

in funds or other assets, where the bank believes it was either an

actual or potential victim of a criminal violation, or series of

criminal violations, or that the bank was used to facilitate a criminal

transaction, and the bank has a substantial basis for identifying a

possible suspect or group of suspects. If it is determined prior to

filing this report that the identified suspect or group of suspects has

used an ``alias'', then information regarding the true identity of the

suspect or group of suspects, as well as alias identifiers, such as

driver's license or social security numbers, addresses and telephone

numbers, must be reported;

(3) Transactions aggregating $25,000 or more regardless of

potential suspects. Whenever the bank detects any known or suspected

federal criminal violation, or pattern of criminal violations,

committed or attempted against the bank or involving a transaction or

transactions conducted through the bank, involving or aggregating

$25,000 or more in funds or other assets, where the bank believes it

was either an actual or potential victim of a criminal violation, or

series of criminal violations, or that the bank was used to facilitate

a criminal transaction, even though the bank has no substantial basis

for identifying a possible suspect or group of suspects; or

(4) Transactions aggregating $5,000 or more that involve potential

money laundering or violations of the Bank Secrecy Act. Any transaction

(which for purposes of this paragraph (a)(4) means a deposit,

withdrawal, transfer between accounts, exchange of currency, loan,

extension of credit, purchase or sale of any stock, bond, certificate

of deposit, or other monetary instrument or investment security, or any

other payment, transfer, or delivery by, through, or to a financial

institution, by whatever means effected) conducted or attempted by, at

or through the bank and involving or aggregating $5,000 or more in

funds or other assets, if the bank knows, suspects, or has reason to

suspect that:

(i) The transaction involves funds derived from illegal activities

or is intended or conducted in order to hide or disguise funds or

assets derived from illegal activities (including, without limitation,

the ownership, nature, source, location, or control of such funds or

assets) as part of a plan to violate or evade any federal law or

regulation or to avoid any transaction reporting requirement under

federal law;

(ii) The transaction is designed to evade any regulations

promulgated under the Bank Secrecy Act; or

(iii) The transaction has no business or apparent lawful purpose or

is not the sort of transaction in which the particular customer would

normally be expected to engage, and the bank knows of no reasonable

explanation for the transaction after examining the available facts,

including the background and possible purpose of the transaction.

(b) Time for reporting. (1) A bank shall file the suspicious

activity report no later than 30 calendar days after the date of

initial detection of facts that may constitute a basis for filing a

suspicious activity report. If no suspect was identified on the date of

detection of the incident requiring the filing, a bank may delay filing

a suspicious activity report for an additional 30 calendar days to

identify a suspect. In no case shall reporting be delayed more than 60

calendar days after the date of initial detection of a reportable

transaction.

(2) In situations involving violations requiring immediate

attention, such as when a reportable violation is ongoing, the bank

shall immediately notify, by telephone, an appropriate law enforcement

authority and the appropriate FDIC regional office (Division of

Supervision) in addition to filing a timely report.

(c) Reports to state and local authorities. A bank is encouraged to

file a copy of the suspicious activity report with state and local law

enforcement agencies where appropriate.

(d) Exemptions. (1) A bank need not file a suspicious activity

report for a robbery or burglary committed or attempted, that is

reported to appropriate law enforcement authorities.

(2) A bank need not file a suspicious activity report for lost,

missing, counterfeit, or stolen securities if it files a report

pursuant to the reporting requirements of 17 CFR 240.17f-1.

(e) Retention of records. A bank shall maintain a copy of any

suspicious activity report filed and the original or business record

equivalent of any supporting documentation for a period of five years

from the date of filing the suspicious activity report. Supporting

documentation shall be identified and maintained by the bank as such,

and shall be deemed to have been filed with the suspicious activity

report. A bank must make all supporting documentation available to

appropriate law enforcement authorities upon request.

(f) Notification to board of directors. The management of a bank

shall promptly notify its board of directors, or a committee thereof,

of any report filed pursuant to this section. The term ``board of

directors'' includes the managing official of an insured state-licensed

branch of a foreign bank for purposes of this part.

(g) Confidentiality of suspicious activity reports. Suspicious

activity reports are confidential. Any bank subpoenaed or otherwise

requested to disclose a suspicious activity report or the information

contained in a suspicious activity report shall decline to produce the

suspicious activity report or to provide any information that would

disclose that a suspicious activity report has been prepared or filed

citing this part, applicable law (e.g., 31 U.S.C. 5318(g)), or both,

and notify the appropriate FDIC regional office (Division of

Supervision).

(h) Safe Harbor. The safe harbor provisions of 31 U.S.C. 5318(g),

which exempts any bank that makes a disclosure of any possible

violation of law or regulation from liability under any law or

regulation of the United States, or any constitution, law or regulation

of any state or political subdivision, cover all reports of suspected

or known criminal violations and suspicious activities to law

enforcement and financial institution supervisory authorities,

including supporting documentation, regardless of whether such reports

are filed pursuant to this part or are filed on a voluntary basis.


 

By Order of the Board of Directors.


 

Dated at Washington, D.C., this 6th day of February 1996.


 

Federal Deposit Insurance Corporation.

Jerry L. Langley,

Executive Secretary.

[FR Doc. 96-3519 Filed 2-15-96; 8:45 am]

BILLING CODE 6714-01-P