Federal Deposit Insurance Corporation
National Credit Union Administration
Office of the Comptroller of the Currency
Office of Thrift Supervision
March 31, 1998
Interagency Advisory
A SAFE HARBOR AND THE FILING OF
SUSPICIOUS ACTIVITY REPORTS
As a result of two recent court cases, some concerns have been raised as to the breadth of the "safe harbor" protection afforded to financial institutions, and their employees, for referring suspicious or potentially criminal activity to the appropriate authorities. The guidance set forth herein is intended to explain the concerns that have been raised and clarify any confusion that may exist. Despite these decisions, we believe that the "safe harbor" provides complete immunity to any financial institution that reports a potential crime by filing a Suspicious Activity Report ("SAR") in accordance with the instructions on the SAR form, or by reporting through other means in accordance with applicable agency regulations.
In 1992, the Annunzio-Wylie Anti-Money Laundering Act, which contained a specific provision that provided a "safe harbor" for financial institutions and their employees, was passed by Congress. The "safe harbor" provision, which was codified in 31 U.S.C. 5318(g)(3), provided for complete immunity from civil liability for the reporting of known or suspected criminal offenses or suspicious activity by the use of a Criminal Referral Form, and then its replacement, a SAR, or by reporting through other means.
In the current cases, involving two separate banks, bank customers from each bank claimed that the banks improperly disclosed customer account information to federal law enforcement authorities. In both cases, the courts' opinions stated that the banks had not made a good faith determination as to whether suspicious activity had occurred, which would warrant the disclosures made by the banks. It is important to note that, while these court opinions are troubling, in neither case has there been a final decision. All that has happened to date is a determination by the court that there are claims that merit further review. It is entirely possible that, as the cases proceed, the banks will introduce evidence that brings them within the "safe harbor."
In one of the cases, based on an oral request from federal law enforcement authorities, the bank provided access to the contents of two wire transfers. The court, in ruling that the "safe harbor" would not apply, found that there was no evidence that the bank had a "good faith suspicion that a law or regulation may have been violated." The court's opinion was that the "safe harbor" was not intended to protect disclosures made in response to "government officials" unexplained request or unvarnished instructions for financial records." In other words, the court found that the bank relied solely on the oral request of law enforcement, rather than making its own determination that there was some reason to be suspicious and, therefore, make a disclosure to law enforcement.
In the other case, the bank notified federal law enforcement authorities of "unusual amounts" and "unusual movements" of money in some accounts at the bank. Subsequently, federal agents were given access to the "detailed contents" of the funds transfers related to nearly 1,100 accounts. The court, in ruling that the "safe harbor" was not applicable stated that the bank had not shown that it had determined in good faith that there was any nexus between the suspicious activity it detected and the information it subsequently disclosed from the almost 1,100 accounts.
The facts of both cases in question predate the existence of the new SAR process, which became effective on April 1, 1996. These cases in no way affect a financial institution's obligation to report known or suspected crimes and suspicious transactions. We remain confident that the "safe harbor" will protect financial institutions, and their employees, who file a SAR in accordance with the instructions on the SAR form, or report through other means in accordance with applicable agency regulations, because even under the "good faith" standard enunciated in the two cases, the "safe harbor" would apply to financial institutions that report known or suspected criminal violations and suspicious transactions in this manner. In addition, once a bank has filed a SAR and has identified and maintained related documentation, such documentation is deemed filed with the SAR and may then be made available to law enforcement agencies upon request without the need for a grand jury subpoena.
It is vitally important that banks set up an internal process to handle the filing of SARs and any requests from law enforcement agencies. When a law enforcement agency requests customer records from a financial institution, and the financial institution has not previously filed a SAR, the bank should either ask to be served with a grand jury subpoena, or else obtain enough information from the agency to form a sufficient basis for filing a SAR.
We are confident that financial institutions, and their employees, that follow the prescribed agency regulations and SAR filing instructions are fully protected by the "safe harbor," and we will assist any institution that has a question concerning its scope or application, or which seeks guidance on establishing a process for providing information to law enforcement agencies. Any institution that has a question or a problem in this area should contact its appropriate federal regulatory agency.