FinCEN Issues Advisory To Financial Institutions Regarding SAR Confidentiality

Mar 08, 2012   

On March 2, 2012, the Financial Crimes Enforcement Network (“FinCEN”) of the U.S. Department of the Treasury issued an advisory to counsel of financial institutions advising them of the requirement to maintain the confidentiality of Suspicious Activity Reports (“SARs”). FinCEN issued the advisory because of a growing concern that private parties who are not authorized to know of the existence of a filed SAR are seeking information on SAR filings for a variety of purposes including civil litigation. FinCEN believes that unauthorized disclosure could undermine its investigations by tipping off suspects and threaten the safety and security of financial institutions and personnel who file such reports. A copy of FinCENs advisory can be read here.

Pursuant to the Bank Secrecy Act, codified partially at 31 U.S.C. §§ 5311-5332, the Secretary of the Treasury is authorized to require financial institutions to keep records and file reports that the Secretary determines to have a high degree of usefulness in criminal and tax matters as well as counter-terrorism and anti-money laundering compliance. One such report is the SAR. Generally speaking, a SAR is a report prepared by a financial institution regarding suspicious activity which may be indicative of a possible violation of law or regulation. See 31 U.S.C. § 5318 (g). Financial institutions submit completed SARs to FinCEN, the organization responsible for implementing the BSA. More information on FinCEN and its use of SARs can be found on its website here.

The unauthorized disclosure of a SAR is a violation of federal law. More specifically, financial institutions and their current and former directors, officers, employees, agents, and contractors are prohibited from disclosing: 1) that a SAR has been filed and 2) any information that would reveal the existence, or non-existence, of a SAR. Thus, financial institutions must be aware that the scope of potential unauthorized disclosures is broad. Violators can be subject to both civil and criminal liability.  31 U.S.C. § 5321 provides for civil penalties of up to $100,000 for each violation. See also 31 C.F.R. § 1010.820. Criminal penalties include fines of up to $250,000 and/or imprisonment of up to 5 years. See 31 U.S.C. § 5322; 31 C.F.R. § 1010.840. In addition, financial institutions can be subject to civil money penalties for anti-money laundering (“AML”) compliance program deficiencies that led to the unauthorized disclosure of up to $25,000 for each day the AML program deficiency existed or continues.

FinCEN advises that financial institutions provide information relating to the requirement and scope of confidentiality of SAR and SAR related information as part of the institutions employee training programs. In addition, FinCEN advises that financial institutions take other risk reducing measures to reduce the risk of unauthorized disclosure including: 1) limiting access to SARs, 2) logging access to SARs, 3) using cover sheets on SAR and SAR relating information, and 4) providing electronic notices that highlight confidentiality requires before a person can access or disseminate the information. FinCEN also advises that if a financial institution or its counsel receives a subpoena or other request for a SAR from anyone other than an authorized government authority or a self-regulatory organization, then counsel should contact FinCENs Office of Chief Counsel.

If you have questions pertaining to SAR confidentiality, the BSA, anti-money laundering compliance or how to ensure that your business maintains regulatory compliance at both the state and federal levels, contact Fuerst Ittleman PL at