Skip to main content
U.S. flag
An official website of the United States government
Dot gov
The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.
Https
The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

[Federal Register: September 26, 2002 (Volume 67, Number 187)]

[Rules and Regulations]

[Page 60579-60588]

From the Federal Register Online via GPO Access [wais.access.gpo.gov]

[DOCID:fr26se02-10]


 

-----------------------------------------------------------------------


 

DEPARTMENT OF THE TREASURY


 

31 CFR Part 103


 

RIN 1506-AA27


 

 

Financial Crimes Enforcement Network; Special Information Sharing

Procedures To Deter Money Laundering and Terrorist Activity


 

AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury.


 

ACTION: Final rule.


 

-----------------------------------------------------------------------


 

SUMMARY: FinCEN is issuing this final rule to encourage information

sharing among financial institutions and Federal government law

enforcement agencies for the purpose of identifying, preventing, and

deterring money laundering and terrorist activity.


 

DATES: This final rule is effective September 26, 2002.


 

FOR FURTHER INFORMATION CONTACT: Office of Chief Counsel, FinCEN, (703)

905-3590; Office of the Assistant General Counsel (Enforcement), (202)

622-1927; or the Office of the Assistant General Counsel (Banking and

Finance), (202) 622-0480 (not toll-free numbers).


 

SUPPLEMENTARY INFORMATION:


 

I. Statutory Provisions


 

On October 26, 2001, the President signed into law the Uniting and

Strengthening America by Providing Appropriate Tools Required to

Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001, Public

Law 107-56 (the Act). Of the Act's many goals, the facilitation of

information sharing among governmental entities and financial

institutions, for the purpose of combating terrorism and money

laundering, is of paramount importance. Section 314 of the Act furthers

this goal by providing for the sharing of information between the

government and financial institutions, and among financial institutions

themselves. As with many other provisions of the Act, Congress has

charged the U.S. Department of the Treasury (``Treasury'') with

developing regulations to implement these information-sharing

provisions.\1\

---------------------------------------------------------------------------


 

\1\ Section 314 of the Act is an uncodified provision that

appears in the Historical and Statutory Notes to 31 U.S.C. 5311.

Section 5311 is one of a number of statutory sections comprising the

body of law commonly referred to as the Bank Secrecy Act (BSA), Pub.

L. 91-508, codified, as amended, at 12 U.S.C. 1829b, 12 U.S.C. 1951-

1959, and 31 U.S.C. 5311-5332. Regulations implementing the BSA

appear at 31 CFR part 103. The authority of the Secretary to

administer the BSA and its implementing regulations has been

delegated to the Director of FinCEN.

---------------------------------------------------------------------------


 

Subsection 314(a) of the Act states in part that:


 

[t]he Secretary shall * * * adopt regulations to encourage further

cooperation among financial institutions, their regulatory

authorities, and law enforcement authorities, with the specific

purpose of encouraging regulatory authorities and law enforcement

authorities to share with financial institutions information

regarding individuals, entities, and organizations engaged in or

reasonably suspected based on


 

[[Page 60580]]


 

credible evidence of engaging in terrorist acts or money laundering

activities.


 

Subsection 314(a)(2)(C) further states that the regulations adopted

under section 314(a) may:


 

include or create procedures for cooperation and information sharing

focusing on * * * means of facilitating the identification of

accounts and transactions involving terrorist groups and

facilitating the exchange of information concerning such accounts

and transactions between financial institutions and law enforcement

organizations.\2\

---------------------------------------------------------------------------


 

\2\ The Secretary also has the broad authority to require

financial institutions ``to maintain appropriate procedures to

ensure compliance with this subchapter and regulations prescribed

under this subchapter or to guard against money laundering.'' 31

U.S.C. 5318(a)(2).


 

---------------------------------------------------------------------------

Subsection 314(b) of the Act states in part that:


 

[u]pon notice provided to the Secretary, 2 or more financial

institutions and any association of financial institutions may share

information with one another regarding individuals, entities,

organizations, and countries suspected of possible terrorist or

money laundering activities. A financial institution or association

that transmits, receives, or shares such information for the

purposes of identifying and reporting activities shall not be liable

to any person under any law or regulation of the United States, any

constitution, law, or regulation of any State or political

subdivision thereof, or under any contract or other legally

enforceable agreement (including any arbitration agreement), for

such disclosure or for any failure to provide notice of such

disclosure, or any other person identified in the disclosure, except

where such transmission, receipt, or sharing violates this section

or regulations promulgated pursuant to this section.


 

II. Notice of Proposed Rulemaking


 

On March 4, 2002, FinCEN published for comment in the Federal

Register a notice of proposed rulemaking (the NPRM), 67 FR 9879, that

would implement the authority contained in section 314 of the Act. The

proposed rule that would implement the authority contained in

subsection 314(a) of the Act is set forth in proposed 31 CFR 103.100;

the proposed rule that would implement section 314(b) of the Act is set

forth in proposed 31 CFR 103.110.\3\ On the same day it published the

NPRM, FinCEN also published an interim rule implementing only the

authority contained in subsection 314(b) of the Act. The interim and

proposed rules relating to subsection 314(b) are substantively

identical to one another, and the final rule contained in this document

will supersede the interim rule.

---------------------------------------------------------------------------


 

\3\ Although there is no statutory requirement for regulations

to be issued implementing subsection 314(b) of the Act, FinCEN

determined that such rules were needed to specify the kinds of

financial institutions that would be permitted to share information

under subsection 314(b) and to clarify how such financial

institutions could provide FinCEN with the requisite notice of their

intent to share information under that subsection.

---------------------------------------------------------------------------


 

The comment period on the NPRM closed on April 3, 2002. FinCEN

received approximately 180 comments letters on the NPRM. Of these, more

than half were submitted by individuals. The remainder of the comment

letters were submitted by depository institutions, brokers and dealers

in securities, insurance companies, other financial institutions,

financial institution trade associations, law firms, and private

consultants.


 

III. Summary of Comments and Revisions


 

A. Introduction


 

The format of the final rule is generally consistent with the NPRM.

The terms of the final rule, however, differ from the terms of the NPRM

in the following significant respects:

[sbull] The provisions of sections 103.100 and 103.110 have been

reorganized for clarity (e.g., the obligations of a financial

institution that receives a request under section 103.100 to search its

records have been grouped together under one paragraph);

[sbull] Language has been added to section 103.100, clarifying that

unless an information request states otherwise, a financial institution

need only search its records for current accounts maintained for a

named suspect, accounts maintained for a named suspect during the

preceding twelve months, and transactions conducted by, and funds

transfers involving, a named suspect during the preceding six months;

[sbull] Language also has been added to section 103.100, clarifying

that unless an information request states differently, such a request

will not require a financial institution to report on future customer

activity;

[sbull] The universe of financial institutions that may share

information under section 103.110 has been expanded to generally

include all financial institutions that are required under 31 CFR part

103 to establish and maintain an anti-money laundering program, unless

FinCEN specifically determines that a particular category of financial

institution should not be eligible to share information under this

provision;

[sbull] The requirement for a financial institution to provide

FinCEN with a certification prior to sharing information under section

103.110 has been replaced with a requirement to provide notice;

[sbull] Language has been added indicating that a financial

institution, prior to sharing information with another financial

institution under section 103.110, must take reasonable steps to verify

that its counterpart has filed its own notice with FinCEN; and

[sbull] Language relating to revocation of a certification has been

deleted from section 103.110.


 

B. Comments--General Issues


 

Comments on the Notice focused on the following matters: (1) The

extent of information sharing between law enforcement and financial

institutions; (2) the burden associated with the requirement that a

financial institution search its records for accounts or transactions

relating to individuals, entities, or organizations suspected of

engaging in terrorist activity or money laundering; (3) the kinds of

financial institutions that may share information under the protection

of the safe harbor from liability contained in subsection 314(b) of the

Act; and (4) the requirement that a financial institution provide a

certification to FinCEN prior to sharing information with another

financial institution.

1. Information sharing between law enforcement and financial

institutions. Proposed section 103.100 would require a financial

institution to search its records to determine whether it maintains or

has maintained accounts for, or has engaged in transactions with, any

individual, entity, or organization listed in a request submitted by

FinCEN on behalf of a Federal law enforcement agency. Several

commenters criticized proposed section 103.100 for creating a ``one-

way'' flow of information from financial institutions to law

enforcement, and for not adequately addressing how law enforcement can

better provide useful information to financial institutions.

It is beyond dispute that the information sharing provisions in the

rule, by providing law enforcement with the means to locate quickly

account and transactions associated with suspected terrorists and money

launderers, will be a critical tool in the fight against terrorism.

FinCEN believes that such provisions fulfill the intent of section 314

to facilitate the flow of information between governmental agencies and

financial institutions. In fact, the rule establishes a mechanism for

law enforcement to provide financial institutions with the names of

specific suspects, something that would not have likely have occurred

on the same magnitude without such a mechanism. Because financial

institutions will be required to report back to FinCEN any matches

based on such suspect information, law enforcement will have


 

[[Page 60581]]


 

an added incentive to share information with the financial community.

FinCEN recognizes the importance of providing the financial

community with more than just suspect information in order to assist

financial institutions in identifying and reporting suspected terrorist

activity or money laundering. FinCEN already issues a semi-annual

report about suspicious trends and patterns derived from its review of

suspicious activity reports, and regularly issues reports about money

laundering activity both in various financial sectors and with respect

to certain financial products. All of this information is posted on

FinCEN's Web site.

The overarching policy directive of the Act generally, and section

314 in particular, is that more information sharing will better enable

the Federal Government and financial institutions to guard against

money laundering and terrorist financing. Moreover, as additional kinds

of financial institutions are made subject to BSA requirements, the

need for additional feedback and guidance increases. As a result,

FinCEN anticipates making additional information available to financial

institutions in the form of advisories and guidance documents once the

immediate implementation of the Act has been completed. Working with

the financial community, FinCEN will be able to assess the kind of

information that will prove most useful. In addition, FinCEN will work

with law enforcement and financial institution regulators to take

advantage of FinCEN's ability to reach out to a broad array of

financial institutions as a means of providing additional information

and enhancing further cooperation among governmental authorities and

financial institutions. The final rule does not preclude law

enforcement, when submitting a list of suspects to FinCEN, from

providing additional information relating to suspicious trends and

patterns, and FinCEN specifically will encourage law enforcement to

share such information with the financial community.

2. Burden associated with information requests. A number of

commenters argued that complying with an information request under

proposed section 103.100 would be too burdensome on financial

institutions unless FinCEN were to restrict narrowly the scope of such

requests.

FinCEN agrees that the breadth of information requests under

section 103.100 requires some limitation to avoid unnecessary burden on

financial institutions and unnecessary delay in receiving matching

information from such institutions that can be forwarded quickly to

Federal law enforcement agencies. The unique benefits of the

information sharing provisions under section 103.100 stem from the

ability of law enforcement, using FinCEN's relationship with the

financial community, to locate quickly accounts and transactions of

suspected terrorists and money launderers. This goal would be

frustrated if each request for information were met with a flood of

questions about the scope of the search required and complaints about

the burden imposed. Therefore, FinCEN has struck a balance to maximize

the value to law enforcement while minimizing the burden on financial

institutions.

Except as otherwise provided in the information request, a

financial institution is only required under the final rule to search

its records for: (1) Any current account maintained for a named

suspect; (2) any account maintained for a named suspect during the

preceding twelve months; and (3) any transaction conducted by or on

behalf of a named suspect, or any transmittal of funds conducted in

which a named suspect was either the transmittor or the recipient,

during the preceding six months that is required under law or

regulation to be recorded by the financial institution or is recorded

and maintained electronically by the institution. The limiting of

searches to accounts maintained during the preceding twelve months and

transactions and funds transfers conducted during the preceding six

months is intended to narrow the scope of an information request to

those records that can be searched quickly for responsive information.

Similarly, FinCEN believes that a financial institution should be able

to locate quickly any matching transaction that is required to be

recorded under law or regulation or is recorded and maintained in a

format that can be searched electronically. FinCEN reserves the right

to require a more comprehensive search as circumstances warrant; in

such cases, the information request will clearly delineate those

broader terms.

As a general matter, a financial institution will not be required

under the final rule to search its account holders' processed checks to

determine whether a named suspect was a payee of a check because the

payee, except in situations in which a person makes out a check to

himself, is neither the person who conducted the transaction nor the

person on whose behalf the transaction was conducted. In contrast, a

financial institution will be required to search its records that are

kept in accordance with the recordkeeping requirements of 31 CFR part

103, to determine whether a named suspect was a transmittor or a

recipient to a funds transfer in the amount of $3,000 or more conducted

during the preceding six months.

Several commenters also requested that FinCEN clarify whether

financial institutions would be obligated under section 103.100 to

report on future account opening activity or future transactions

involving any individual, entity, or organization listed in a request

submitted by FinCEN on behalf of a Federal law enforcement agency.

Unless otherwise indicated in the information request from FinCEN, a

financial institution will not be required to report on future account

opening activity or future transactions. FinCEN anticipates that the

need to report on future activity will be infrequent, and, at least for

the immediate future, will be limited to individuals, entities, or

organizations reasonably suspected of engaging in terrorist activity.

In the event that a financial institution will be obligated to report

on future activity, the terms of the information request will clearly

so state. In such cases, FinCEN also will explicitly indicate whether

the list of suspects included with an information request has been

designated as a ``government list'' for purposes of any account opening

requirements imposed under the authority of section 326 of the Act.

Unless so designated, a list of suspects provided via section 103.100

is not required to be treated as a government list for purposes of

section 326 of the Act.

3. Kinds of financial institutions that may share information with

each other. Proposed section 103.110 generally would have limited the

kinds of financial institutions eligible to share information for the

purpose of detecting and reporting terrorist and money laundering

activities to those institutions that have an obligation to report

suspicious activity to Treasury-e.g., depository institutions, certain

money services businesses, and brokers or dealers in securities.

Several commenters argued that the universe of eligible financial

institutions should be expanded to include other kinds of financial

institutions, such as insurance companies, investment companies, and

futures commission merchants. According to these commenters, these

other kinds of financial institutions may possess useful information

related to terrorist activity and money laundering, and therefore

should be permitted to share information under the protection of the

safe harbor from liability afforded by subsection 314(b) of the Act and

section 103.110.


 

[[Page 60582]]


 

FinCEN agrees that the universe of eligible financial institutions

under section 103.110 should be expanded. When enacting subsection

314(b) of the Act, the Congress recognized that the flow of information

among financial institutions is a key component in combating terrorism

and money laundering. FinCEN believes that expanding the universe of

financial institutions that may share information would help effectuate

that flow of information. FinCEN also believes that those financial

institutions that are required to establish and maintain an anti-money

laundering program generally may have a need to share information when

implementing such a program. Consequently, under the final rule, any

financial institution described in 31 U.S.C. 5312(a)(2) that is

required under 31 CFR part 103 to establish and maintain an anti-money

laundering program, or is treated under 31 CFR part 103 as having

satisfied the requirements of 31 U.S.C. 5318(h)(1), is eligible to

share information under section 103.110, unless FinCEN specifically

determines that a particular class of financial institution should not

be eligible to share information under that section. For example,

operators of credit card systems, because they are required under 31

CFR 103.135 to establish and maintain an anti-money laundering program,

are eligible to share information under section 103.110. Registered

brokers and dealers in securities also are eligible to share

information under section 103.110, because they are treated under 31

CFR 103.120 as having satisfied the anti-money laundering program

requirements of 31 U.S.C. 5318(h)(1). FinCEN reserves the right to

designate a class of financial institutions as ineligible to share

information under section 103.110 when, for example, it issues an anti-

money laundering program rule applicable to such a class.

4. Certification requirement. Proposed section 103.110 would

require a financial institution, in order to avail itself of the

statutory safe harbor from liability when sharing information with

another financial institution, to certify to FinCEN that it, among

other things, has established adequate procedures to safeguard any

information it receives under that section. A number of commenters

argued that FinCEN replace the certification requirement with a

requirement simply to provide notice. According to these commenters,

the risk of liability for filing a technically-deficient certification

might deter many financial institutions from sharing information. In

addition, these commenters cited the explicit language of subsection

314(b) of the Act, which uses the term ``notice,'' rather than

``certification.''

FinCEN is mindful of the need to encourage financial institutions

to share information for the purpose of better identifying and

reporting terrorist or money laundering activities. At the same time,

FinCEN recognizes the need to ensure that the right to share

information under subsection 314(b) of the Act is not being used

improperly. After weighing these competing concerns, FinCEN has decided

that a financial institution or an association of financial

institutions need only provide notice of its intent to share

information, rather than a written certification. The final rule

retains, however, the requirement for a financial institution to submit

a new notice every year if it intends to continue sharing information.

FinCEN believes that the minimal burden that an annual notice imposes

is significantly outweighed by the need to remind financial

institutions of their need to safeguard information shared under

section 103.110.

A financial institution or association of financial institutions,

prior to sharing information, also must take reasonable steps to verify

that the institution or association with which it intends to share

information has filed the requisite notice with FinCEN. The

verification process is intended to help protect the privacy interests

of customers of financial institutions by requiring financial

institutions to take reasonable steps to ensure that such sharing is

authorized. Under the final rule, a financial institution or an

association of financial institutions may satisfy the verification

requirement by confirming that the other institution or association

appears on a list of financial institutions or associations that have

filed the requisite notice. FinCEN will make such a list available to

financial institutions and associations of financial institutions that

have filed notice with it. FinCEN anticipates that the list will be

updated on a quarterly basis. In the alternative, a financial

institution or association may directly contact its counterpart to

determine whether the requisite notice has been filed. A financial

institution may confirm that notice has been filed by obtaining a copy

of the other institution's or association's notice, or by other

reasonable means, including accepting the representations of the other

institution that a notice was filed after the most recent list has been

distributed by FinCEN.

The terms of the final rule are prospective only. Thus, financial

institutions that previously have filed certifications with FinCEN

under the terms of the interim rule will not be required to file

notices to replace those certifications. Such financial institutions,

however, will be required to use the notice described in the Appendix

to subpart H of 31 CFR part 103 when renewing the notice on an annual

basis.


 

IV. Section-by-Section Analysis of Final Rule


 

A. 103.90--Definitions


 

Section 103.90 continues to define certain key terms used

throughout subpart H. The definition of ``money laundering'' has been

revised to mean an activity criminalized by 18 U.S.C. 1956 or 1957.

Thus, a transaction conducted with the proceeds of any specified

unlawful activity listed in section 1956 may constitute money

laundering for purposes of subpart H. The definition of ``terrorist

activity'' remains unchanged. Several commenters sought specific

definitions for the terms ``account'' and ``transaction.'' The term

``account'' has been defined, based on the meaning given that term by

section 311 of the Act. The term ``transaction'' has been defined by

reference to 31 CFR 103.11(ii), with the following exception--a

transaction for purposes of section 103.100 shall not be a transaction

conducted through an account. Thus, a financial institution receiving

an information request under section 103.100 is not required to search

for and report on transactions through an account.


 

B. 103.100--Information Sharing Between Federal Law Enforcement

Agencies and Financial Institutions


 

1. Definitions. Paragraph 103.100(a) continues to define the term

``financial institution,'' for purposes of section 103.100, as any

financial institution described in 31 U.S.C. 5312(a)(2). Thus, under

the final rule, FinCEN has the authority to request information

regarding suspected terrorists or money launderers from any financial

institution defined in the BSA, notwithstanding that FinCEN has not yet

extended BSA regulations to all such financial institutions. Although

all financial institutions should be on notice that FinCEN may contact

them for information under section 103.100, the initial implementation

of section 103.100 will involve, as a practical matter, only those

financial institutions for which FinCEN possesses contact information--

generally speaking, financial institutions that already are subject to

BSA reporting obligations


 

[[Page 60583]]


 

such as the requirement to file suspicious activity reports.

2. Information requests based on credible evidence concerning

terrorist activity or money laundering. Paragraph 103.100(b)(1)

generally states that FinCEN, on behalf of a requesting Federal law

enforcement agency, may require a financial institution to search its

records to determine whether the financial institution maintains or has

maintained accounts for, or has engaged in transactions with, any

specified individual, entity, or organization. Any request submitted by

a Federal law enforcement agency to FinCEN must be accompanied by a

written certification. Such certification must, at a minimum, state

that each individual, entity, or organization about which the

requesting agency is seeking information is engaged in, or is

reasonably suspected based on credible evidence of engaging in,

terrorist activity or money laundering. The certification also must

include enough specific identifying information, such as date of birth,

address, and social security number, that would permit a financial

institution to differentiate between common or similar names, and must

further identify an individual at the requesting law enforcement agency

who will act as a point of contact concerning the request.

Paragraph 103.100(b)(2) lists all the obligations of a financial

institution that receives an information request under section 103.100.

Those obligations are described in subparagraphs 103.100(b)(2)(i)-(v).

Subparagraph (b)(2)(i) states that upon receiving an information

request from FinCEN, a financial institution must expeditiously search

its records to determine whether it maintains or has maintained any

account for, or has engaged in any transaction with, each individual,

entity, or organization named in FinCEN's request. An information

request under section 103.100 is intended to provide law enforcement

with the means to locate quickly accounts or transactions involving

suspected terrorists or money launderers; such a request is not

intended to substitute for a subpoena. Thus, unless the information

request states otherwise, a financial institution is only required to

search its records for: (1) Any current account maintained for a named

suspect; (2) any account maintained for a named suspect during the

preceding twelve months; and (3) any transaction, other than a

transaction conducted through an account, conducted by or on behalf of

a named suspect, or any transmittal of funds conducted in which a named

suspect was either the transmittor or the recipient, during the

preceding six months that is required under law or regulation to be

recorded by the financial institution or is recorded and maintained

electronically by the institution. The phrase ``on behalf of'' is

intended to capture transactions that may be conducted by persons

acting as agents for any named suspect.

To help ensure that searches are conducted as quickly as possible,

the final rule directs a financial institution to contact directly the

requesting Federal law enforcement agency (whose contact information

will be included in the information request) with any questions

relating to the scope or terms of the request. However, any matches

found as a result of information provided to a financial institution

must be reported back to FinCEN, rather than the requesting law

enforcement agency, so that FinCEN may provide law enforcement with a

comprehensive product that may include matching BSA report information.

Subparagraph (b)(2)(ii) states that a financial institution must

report to FinCEN the fact of any account or transaction matching the

information listed on the information request. The information to be

reported is limited to the name or account number of each individual,

entity, or organization for which a match was found, as well as any

Social Security number, date of birth, or other similar identifying

information that was provided by the individual, entity, or

organization when an account was opened or a transaction conducted.

FinCEN anticipates that the conveyance of both information requests

and responses thereto under section 103.100 will be accomplished, at

least in the short term, through a combination of conventional

electronic mail and facsimile transmission. Section 362 of the Act

requires that FinCEN develop a secure network (the Patriot Act

Communication System or PACS) for sending and receiving sensitive

information. As the PACS is further developed, FinCEN will assess

whether the PACS can and should be applied to section 103.100 requests

and responses.

Subparagraph (b)(2)(iii) requires a financial institution to

designate one person to be the point of contact at the institution

regarding the request and to receive similar requests for information

from FinCEN in the future. When requested by FinCEN, a financial

institution must provide FinCEN with the name, title, mailing address,

e-mail address, telephone number, and facsimile number of such person,

in such manner as FinCEN may prescribe. A financial institution that

has provided FinCEN with contact information must promptly notify

FinCEN of any changes to such information.

Subparagraph (b)(2)(iv) contains provisions relating to the use,

disclosure, and security of an information request. Subparagraph

(b)(2)(iv)(A) states that a financial institution shall not use an

information request for any purpose other than to report matching

information to FinCEN, to determine whether to establish or maintain an

account, or to engage in a transaction, or to assist the financial

institution in complying with any requirement of part 103. Thus, for

example, a financial institution that is required to establish and

maintain an anti-money laundering program under part 103 may use an

information request to assist in that effort. In addition, a financial

institution may share a list of suspects included with an information

request with a commercial contractor to assist the financial

institution in complying with the request; in such circumstances, the

financial institution must take those steps necessary to safeguard the

confidentiality of the information shared.

Subparagraph (b)(2)(iv)(B) states that a financial institution may

not disclose the fact that FinCEN has requested or obtained information

under section 103.100. As a general matter, Treasury will not treat the

closing of an account for, or the refusal to open an account for or to

conduct a transaction with, any individual, entity, or organization

listed in an information request as a disclosure that is prohibited

under the terms of subparagraph (b)(2)(iv)(B).

Subparagraph (c)(2)(iv)(C) states that a financial institution must

adequately safeguard the confidentiality of information requested from

FinCEN under section 103.100. A few commenters asked that, in applying

this provision, FinCEN consider the steps that a financial institution

currently takes to safeguard customer information in order to comply

with the relevant provisions of the Gramm-Leach-Bliley Act. In light of

these comments, the final rule states that its safeguarding

requirements shall be deemed satisfied to the extent that a financial

institution applies to information requests those procedures that the

institution has established to satisfy the requirements of section 501

of the Gramm-Leach-Bliley Act, codified at 15 U.S.C. 6801, regarding

the protection of customers' nonpublic personal information.

Subparagraph (b)(2)(v) states that nothing in section 103.100 shall

be interpreted to require a financial institution to take, or decline

to take, any action with respect to an account


 

[[Page 60584]]


 

established for, or a transaction engaged in with, a suspected

terrorist or money launderer. Language also has been added indicating

that a financial institution is not required to treat an information

request as continuing in nature (so as to report on future activity),

unless and to the extent otherwise indicated on the information

request. Further language has been added to make clear that, unless

otherwise indicated in the information request, a financial institution

will not be required to treat the request as a list for purposes of the

customer identification and verification requirements promulgated under

section 326 of the Act.

3. Relation to the Right to Financial Privacy Act and the Gramm-

Leach-Bliley Act. Paragraph 103.100(b)(3) states that the information

required to be reported to FinCEN in response to an information request

shall be treated as information required to be reported under Federal

law, for purposes of the relevant exceptions contained in section

3413(d) of the Right to Financial Privacy Act, 12 U.S.C. 3413(d), and

section 502(e)(8) of the Gramm-Leach-Bliley Act, 15 U.S.C. 6802(e)(8).

4. No effect on law enforcement or regulatory investigations.

Paragraph 103.100(b)(4) states that nothing in subpart H affects the

authority of a Federal agency or officer to obtain information directly

from a financial institution. The information sharing provisions of

section 103.100 are intended, in part, to provide Federal law

enforcement with an additional tool to locate quickly on a broad scale

financial accounts and transactions associated with suspected

terrorists or money launderers. Such provisions are not intended to

substitute for or replace any other tool that a Federal law enforcement

agency may seek to use, including, but not limited to, a direct request

from a Federal law enforcement agency to a financial institution for

information.


 

C. 103.110--Voluntary Information Sharing Among Financial Institutions


 

1. Definitions. Paragraph 103.110(a) continues to define key terms

that are used in section 103.110. The definition of a ``financial

institution'' for purposes of section 103.110 has been revised to mean

any financial institution described in 31 U.S.C. 5312(a)(2) that is

required under 31 CFR part 103 to establish and maintain an anti-money

laundering program, or is treated under 31 CFR part 103 as having

satisfied the requirements of 31 U.S.C. 5318(h)(1), unless FinCEN

specifically determines that a particular class of financial

institution should not be eligible to share under section 103.110. The

term ``association of financial institutions'' continues to mean a

group or organization the membership of which is comprised entirely of

financial institutions. A few commenters requested that this definition

be expanded to include groups consisting of both financial institutions

and non-financial institution affiliates. FinCEN believes that

Congress's use of the terms ``financial institutions'' and

``association of financial institutions'' in subsection 314(b) of the

Act demonstrates its intent to limit that section's information sharing

provisions to financial institutions. In addition, the expansion of the

definition of a financial institution for purposes of section 103.110

should help alleviate any concern that the section is being applied too

narrowly. Thus, the definition of an association of financial

associations has not been changed.

2. Voluntary information sharing among financial institutions.

Paragraph 103.110(b)(1) continues to state generally that a financial

institution or an association of financial institutions that complies

with section 103.110's provisions-specifically, the provisions relating

to notice, verification, use, disclosure, and security of information-

may share information for the purpose of detecting, identifying, or

reporting activities involving possible money laundering or terrorist

activities under the protection of the statutory safe harbor from

liability.

Paragraph 103.110(b)(2) continues to describe the manner in which a

financial institution or association of financial institutions must

provide notice to FinCEN before sharing information. As explained

above, the term ``certification'' has been replaced by the term

``notice'' in the final rule. In addition, several commenters requested

that FinCEN clarify the application of the notice requirement to

information sharing among financial institution affiliates and

subsidiaries. Some commenters requested that the notice requirement not

apply to information sharing among financial institution affiliates.

The terms of subsection 314(b) of the Act do not permit FinCEN to waive

the notice requirement for any group of financial institutions. Thus,

any financial institution seeking the protection of the statutory safe

harbor from liability must notify FinCEN of its intent to share

information with another financial institution, even when sharing

information with an affiliated financial institution. It should be

noted that the final rule does not in any way prohibit the sharing of

information between financial institutions; rather, the rule makes

clear that if a financial institution wants to share information with

another financial institution and avail itself of the statutory safe

harbor from liability, then it must abide by the conditions set forth

in section 103.110, including providing notice to FinCEN.

Paragraph 103.110(b)(3) contains new language concerning the

requirement that a financial institution or an association of financial

institutions, prior to sharing information, verify that its counterpart

has filed the requisite notice with FinCEN. As explained above, the

verification process is intended to help protect the privacy interests

of customers of financial institutions.

Paragraph 103.110(b)(4) sets forth the terms for the use,

disclosure, and security of information shared under section 103.110.

These terms are, for the most part, identical to the relevant terms

laid out in the NPRM. One of the changes made in the final rule

provides that a financial institution or an association of financial

institutions may use information received under section 103.110, among

other things, to assist the financial institution in complying with any

requirement of 31 CFR part 103. Thus, a financial institution that

receives information under section 103.110 may use such information to

help establish and maintain a required anti-money laundering program.

The final rule also contains new language stating that its safeguarding

requirements shall be deemed satisfied to the extent that a financial

institution applies to information it receives under section 103.110

those procedures that the institution has established to satisfy the

requirements of section 501 of the Gramm-Leach-Bliley Act, codified at

15 U.S.C. 6801, regarding the protection of customers' nonpublic

personal information. This latter change is similar to the change made

to section 103.100 relating to the safeguarding of information requests

under that section.

Paragraph 103.110(b)(5) restates the broad protection from

liability for sharing information under section 103.110 contained in

subsection 314(b) of the Act. The regulatory restatement does not

extend the scope of the statutory protection; however, because FinCEN

recognizes the importance of this statutory protection in the overall

effort to encourage financial institutions to share information with

each other, the statutory protection is repeated in the final rule to

remind financial institutions of its existence. Paragraph 103.110(5)

also continues to state that the broad protection from liability

afforded by the statute shall not apply


 

[[Page 60585]]


 

to the extent that a financial institution or an association of

financial institutions fails to comply with the provisions of section

103.110 relating to notice, verification, and use and security of

information.

3. Information sharing between financial institutions and the

Federal government. Paragraph 103.110(c) provides the procedures that a

financial institution should follow if, as a result of information

shared under section 103.110, the institution knows, suspects, or has

reason to suspect terrorist activity or money laundering. The rule does

not, however, create a de facto suspicious activity reporting rule for

all financial institutions that do not currently have such an

obligation.

4. No effect on financial institution reporting obligations.

Paragraph 103.110(d) clarifies that nothing in subpart I of Title 31 of

the CFR, including, but not limited to, voluntary reporting under

section 103.110, relieves a financial institution of any obligation it

may have to file a suspicious activity report pursuant to a regulatory

requirement, or to otherwise directly contact a Federal agency

concerning suspected terrorist activity or money laundering.


 

V. Administrative Matters


 

A. Regulatory Flexibility Act


 

It is hereby certified that this final rule is not likely to have a

significant economic impact on a substantial number of small entities.

The initial implementation of section 103.100 generally will involve

those financial institutions that are subject to suspicious activity

reporting; most financial institutions subject to suspicious activity

reporting are larger businesses. Moreover, the burden imposed by the

requirement that financial institutions search their records for

accounts for, or transactions with, individuals, entities, or

organizations engaged in, or reasonably suspected based on credible

evidence of engaging in, terrorist activity, is not expected to be

significant, particularly given the changes contained in this final

rule. Section 103.110 is entirely voluntary on the part of financial

institutions and no financial institution is required to share

information with other financial institutions. Accordingly, the

analysis requirements of the provisions of the Regulatory Flexibility

Act (5 U.S.C. 601 et seq.) do not apply.


 

B. Paperwork Reduction Act


 

The requirement in section 103.100(c)(2)(ii), concerning reports by

financial institutions in response to a request from FinCEN on behalf

of a Federal law enforcement agency, is not a collection of information

for purposes of the Paperwork Reduction Act. See 5 CFR 1320.4.

The requirement in section 103.110(b)(2), concerning notice to

FinCEN that a financial institution intends to engage in information

sharing, and the accompanying form in the Appendix to subpart H of 31

CFR part 103 that a financial institution must use to provide such

notice, do not constitute a collection of information for purposes of

the Paperwork Reduction Act. See 5 CFR 1320.3(h)(1).

The collection of information contained in section 103.110(c),

concerning voluntary reports to the Federal government as a result of

information sharing among financial institutions, will necessarily

involve the reporting of a subset of information currently contained in

a suspicious activity report. The filing of such reports has been

previously reviewed and approved by the Office of Management and Budget

(OMB) pursuant to the Paperwork Reduction Act and assigned OMB Control

No. 1506-0001. An agency may not conduct or sponsor, and a person is

not required to respond to, a collection of information unless it

displays a currently valid OMB control number.


 

C. Executive Order 12866


 

This final rule is not a ``significant regulatory action'' for

purposes of Executive Order 12866. Accordingly, a regulatory assessment

is not required.


 

D. Unfunded Mandates Act of 1995 Statement


 

Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L.

104-4 (Unfunded Mandates Act), March 22, 1995, requires an agency to

prepare a budgetary impact statement before promulgating a rule that

includes a Federal mandate that may result in expenditure by state,

local, and tribal governments, in the aggregate, or by the private

sector, of $100 million or more in any one year. If a budgetary impact

statement is required, section 202 of the Unfunded Mandates Act also

requires an agency to identify and consider a reasonable number of

regulatory alternatives before promulgating a rule. FinCEN has

determined that it is not required to prepare a written statement under

section 202 and has concluded that on balance this notice provides the

most cost-effective and least burdensome alternative to achieve the

objectives of the rule.


 

List of Subjects in 31 CFR Part 103


 

Administrative practice and procedure, Authority delegations

(Government agencies), Banks and banking, Currency, Investigations, Law

enforcement, Reporting and recordkeeping requirements.


 

Dated: September 18, 2002.

James F. Sloan,

Director, Financial Crimes Enforcement Network.


 

Amendments to the Regulations


 

For the reasons set forth above in the preamble, 31 CFR part 103 is

amended as follows:


 

PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND

FINANCIAL TRANSACTIONS


 

1. The authority citation for part 103 continues to read as

follows:


 

Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5332;

title III, sec. 312, 314, 352, Pub. L. 107-56, 115 Stat. 307.


 

2. Section 103.90 is revised to read as follows:



 

Sec. 103.90 Definitions.


 

For purposes of this subpart, the following definitions apply:

(a) Money laundering means an activity criminalized by 18 U.S.C.

1956 or 1957.

(b) Terrorist activity means an act of domestic terrorism or

international terrorism as those terms are defined in 18 U.S.C. 2331.

(c) Account means a formal banking or business relationship

established to provide regular services, dealings, and other financial

transactions, and includes, but is not limited to, a demand deposit,

savings deposit, or other transaction or asset account and a credit

account or other extension of credit.

(d) Transaction. (1) Except as provided in paragraph (d)(2) of this

section, the term ``transaction'' shall have the same meaning as

provided in Sec. 103.11(ii).

(2) For purposes of Sec. 103.100, a transaction shall not mean any

transaction conducted through an account.


 

3. Section 103.100 is added to read as follows:



 

Sec. 103.100 Information sharing between Federal law enforcement

agencies and financial institutions.


 

(a) Definitions. For purposes of this section:

(1) The definitions in Sec. 103.90 apply.

(2) Financial institution means any financial institution described

in 31 U.S.C. 5312(a)(2).


 

[[Page 60586]]


 

(3) Transmittal of funds has the same meaning as provided in Sec.

103.11(jj).

(b) Information requests based on credible evidence concerning

terrorist activity or money laundering.--(1) In general. A Federal law

enforcement agency investigating terrorist activity or money laundering

may request that FinCEN solicit, on the investigating agency's behalf,

certain information from a financial institution or a group of

financial institutions. When submitting such a request to FinCEN, the

Federal law enforcement agency shall provide FinCEN with a written

certification, in such form and manner as FinCEN may prescribe. At a

minimum, such certification must: state that each individual, entity,

or organization about which the Federal law enforcement agency is

seeking information is engaged in, or is reasonably suspected based on

credible evidence of engaging in, terrorist activity or money

laundering; include enough specific identifiers, such as date of birth,

address, and social security number, that would permit a financial

institution to differentiate between common or similar names; and

identify one person at the agency who can be contacted with any

questions relating to its request. Upon receiving the requisite

certification from the requesting Federal law enforcement agency,

FinCEN may require any financial institution to search its records to

determine whether the financial institution maintains or has maintained

accounts for, or has engaged in transactions with, any specified

individual, entity, or organization.

(2) Obligations of a financial institution receiving an information

request.--(i) Record search. Upon receiving an information request from

FinCEN under this section, a financial institution shall expeditiously

search its records to determine whether it maintains or has maintained

any account for, or has engaged in any transaction with, each

individual, entity, or organization named in FinCEN's request. A

financial institution may contact the Federal law enforcement agency

named in the information request provided to the institution by FinCEN

with any questions relating to the scope or terms of the request.

Except as otherwise provided in the information request, a financial

institution shall only be required to search its records for:

(A) Any current account maintained for a named suspect;

(B) Any account maintained for a named suspect during the preceding

twelve months; and

(C) Any transaction, as defined by Sec. 103.90(d), conducted by or

on behalf of a named suspect, or any transmittal of funds conducted in

which a named suspect was either the transmittor or the recipient,

during the preceding six months that is required under law or

regulation to be recorded by the financial institution or is recorded

and maintained electronically by the institution.

(ii) Report to FinCEN. If a financial institution identifies an

account or transaction identified with any individual, entity, or

organization named in a request from FinCEN, it shall report to FinCEN,

in the manner and in the time frame specified in FinCEN's request, the

following information:

(A) The name of such individual, entity, or organization;

(B) The number of each such account, or in the case of a

transaction, the date and type of each such transaction; and

(C) Any Social Security number, taxpayer identification number,

passport number, date of birth, address, or other similar identifying

information provided by the individual, entity, or organization when

each such account was opened or each such transaction was conducted.

(iii) Designation of contact person. Upon receiving an information

request under this section, a financial institution shall designate one

person to be the point of contact at the institution regarding the

request and to receive similar requests for information from FinCEN in

the future. When requested by FinCEN, a financial institution shall

provide FinCEN with the name, title, mailing address, e-mail address,

telephone number, and facsimile number of such person, in such manner

as FinCEN may prescribe. A financial institution that has provided

FinCEN with contact information must promptly notify FinCEN of any

changes to such information.

(iv) Use and security of information request. (A) A financial

institution shall not use information provided by FinCEN pursuant to

this section for any purpose other than:

(1) Reporting to FinCEN as provided in this section;

(2) Determining whether to establish or maintain an account, or to

engage in a transaction; or

(3) Assisting the financial institution in complying with any

requirement of this part.

(B)(1) A financial institution shall not disclose to any person,

other than FinCEN or the Federal law enforcement agency on whose behalf

FinCEN is requesting information, the fact that FinCEN has requested or

has obtained information under this section, except to the extent

necessary to comply with such an information request.

(2) Notwithstanding paragraph (b)(2)(iv)(B)(1) of this section, a

financial institution authorized to share information under Sec.

103.110 may share information concerning an individual, entity, or

organization named in a request from FinCEN in accordance with the

requirements of such section. However, such sharing shall not disclose

the fact that FinCEN has requested information concerning such

individual, entity, or organization.

(C) Each financial institution shall maintain adequate procedures

to protect the security and confidentiality of requests from FinCEN for

information under this section. The requirements of this paragraph

(b)(2)(iv)(C) shall be deemed satisfied to the extent that a financial

institution applies to such information procedures that the institution

has established to satisfy the requirements of section 501 of the

Gramm-Leach-Bliley Act (15 U.S.C. 6801), and applicable regulations

issued thereunder, with regard to the protection of its customers'

nonpublic personal information.

(v) No other action required. Nothing in this section shall be

construed to require a financial institution to take any action, or to

decline to take any action, with respect to an account established for,

or a transaction engaged in with, an individual, entity, or

organization named in a request from FinCEN, or to decline to establish

an account for, or to engage in a transaction with, any such

individual, entity, or organization. Except as otherwise provided in an

information request under this section, such a request shall not

require a financial institution to report on future account opening

activity or transactions or to treat a suspect list received under this

section as a government list for purposes of section 326 of Public Law

107-56.

(3) Relation to the Right to Financial Privacy Act and the Gramm-

Leach-Bliley Act. The information that a financial institution is

required to report pursuant to paragraph (b)(2)(ii) of this section is

information required to be reported in accordance with a Federal

statute or rule promulgated thereunder, for purposes of subsection

3413(d) of the Right to Financial Privacy Act (12 U.S.C. 3413(d)) and

subsection 502(e)(8) of the Gramm-Leach-Bliley Act (15 U.S.C.

6802(e)(8)).

(4) No effect on law enforcement or regulatory investigations.

Nothing in this subpart affects the authority of a Federal agency or

officer to obtain


 

[[Page 60587]]


 

information directly from a financial institution.


 

4. Section 103.110 is revised to read as follows:



 

Sec. 103.110 Voluntary information sharing among financial

institutions.


 

(a) Definitions. For purposes of this section:

(1) The definitions in Sec. 103.90 apply.

(2) Financial institution. (i) Except as provided in paragraph

(a)(2)(ii) of this section, the term ``financial institution'' means

any financial institution described in 31 U.S.C. 5312(a)(2) that is

required under this part to establish and maintain an anti-money

laundering program, or is treated under this part as having satisfied

the requirements of 31 U.S.C. 5318(h)(1).

(ii) For purposes of this section, a financial institution shall

not mean any institution included within a class of financial

institutions that FinCEN has designated as ineligible to share

information under this section.

(3) Association of financial institutions means a group or

organization the membership of which is comprised entirely of financial

institutions as defined in paragraph (a)(2) of this section.

(b) Voluntary information sharing among financial institutions.--

(1) In general. Subject to paragraphs (b)(2), (b)(3), and (b)(4) of

this section, a financial institution or an association of financial

institutions may, under the protection of the safe harbor from

liability described in paragraph (b)(5) of this section, transmit,

receive, or otherwise share information with any other financial

institution or association of financial institutions regarding

individuals, entities, organizations, and countries for purposes of

identifying and, where appropriate, reporting activities that the

financial institution or association suspects may involve possible

terrorist activity or money laundering.

(2) Notice requirement. A financial institution or association of

financial institutions that intends to share information as described

in paragraph (b)(1) of this section shall submit to FinCEN a notice

described in Appendix A to this subpart H. Each notice provided

pursuant to this paragraph (b)(2) shall be effective for the one year

period beginning on the date of the notice. In order to continue to

engage in the sharing of information after the end of the one year

period, a financial institution or association of financial

institutions must submit a new notice. Completed notices may be

submitted to FinCEN by accessing FinCEN's Internet Web site, http://

www.treas.gov/fincen, and entering the appropriate information as

directed, or, if a financial institution does not have Internet access,

by mail to: FinCEN, P.O. Box 39, Mail Stop 100, Vienna, VA 22183.

(3) Verification requirement. Prior to sharing information as

described in paragraph (b)(1) of this section, a financial institution

or an association of financial institutions must take reasonable steps

to verify that the other financial institution or association of

financial institutions with which it intends to share information has

submitted to FinCEN the notice required by paragraph (b)(2) of this

section. A financial institution or an association of financial

institutions may satisfy this paragraph (b)(3) by confirming that the

other financial institution or association of financial institutions

appears on a list that FinCEN will periodically make available to

financial institutions or associations of financial institutions that

have filed a notice with it, or by confirming directly with the other

financial institution or association of financial institutions that the

requisite notice has been filed.

(4) Use and security of information. (i) Information received by a

financial institution or an association of financial institutions

pursuant to this section shall not be used for any purpose other than:

(A) Identifying and, where appropriate, reporting on money

laundering or terrorist activities;

(B) Determining whether to establish or maintain an account, or to

engage in a transaction; or

(C) Assisting the financial institution in complying with any

requirement of this part.

(ii) Each financial institution or association of financial

institutions that engages in the sharing of information pursuant to

this section shall maintain adequate procedures to protect the security

and confidentiality of such information. The requirements of this

paragraph (b)(4)(ii) shall be deemed satisfied to the extent that a

financial institution applies to such information procedures that the

institution has established to satisfy the requirements of section 501

of the Gramm-Leach-Bliley Act (15 U.S.C. 6801), and applicable

regulations issued thereunder, with regard to the protection of its

customers' nonpublic personal information.

(5) Safe harbor from certain liability.--(i) In general. A

financial institution or association of financial institutions that

shares information pursuant to paragraph (b) of this section shall be

protected from liability for such sharing, or for any failure to

provide notice of such sharing, to an individual, entity, or

organization that is identified in such sharing, to the full extent

provided in subsection 314(b) of Public Law 107-56.

(ii) Limitation. Paragraph (b)(5)(i) of this section shall not

apply to a financial institution or association of financial

institutions to the extent such institution or association fails to

comply with paragraphs (b)(2), (b)(3), or (b)(4) of this section.

(c) Information sharing between financial institutions and the

Federal Government. If, as a result of information shared pursuant to

this section, a financial institution knows, suspects, or has reason to

suspect that an individual, entity, or organization is involved in, or

may be involved in terrorist activity or money laundering, and such

institution is subject to a suspicious activity reporting requirement

under this part or other applicable regulations, the institution shall

file a Suspicious Activity Report in accordance with those regulations.

In situations involving violations requiring immediate attention, such

as when a reportable violation involves terrorist activity or is

ongoing, the financial institution shall immediately notify, by

telephone, an appropriate law enforcement authority and financial

institution supervisory authorities in addition to filing timely a

Suspicious Activity Report. A financial institution that is not subject

to a suspicious activity reporting requirement is not required to file

a Suspicious Activity Report or otherwise to notify law enforcement of

suspicious activity that is detected as a result of information shared

pursuant to this section. Such a financial institution is encouraged,

however, to voluntarily report such activity to FinCEN.

(d) No effect on financial institution reporting obligations.

Nothing in this subpart affects the obligation of a financial

institution to file a Suspicious Activity Report pursuant to subpart B

of this part or any other applicable regulations, or to otherwise

contact directly a Federal agency concerning individuals or entities

suspected of engaging in terrorist activity or money laundering.


 

5. Appendix A is added to subpart H to read as follows:


 

Appendix A to subpart H--Notice for Purposes of Subsection 314(b) of

the USA Patriot Act and 31 CFR 103.110


 

BILLING CODE 4810-02-P


 

[[Page 60588]]


 

[GRAPHIC] [TIFF OMITTED] TR26SE02.014


 

[FR Doc. 02-24143 Filed 9-25-02; 8:45 am]

BILLING CODE 4810-02-C?