3-1877
The Financial Crimes Enforcement
Network (FinCEN), jointly with the Board of Governors of the Federal
Reserve System (Federal Reserve), the Federal Deposit Insurance Corporation
(FDIC), the National Credit Union Administration (NCUA), and the Office
of the Comptroller of the Currency (OCC) (collectively, “the
federal banking agencies”), and in consultation with the staff
of certain other federal functional regulators, is issuing answers
to frequently asked questions (FAQs) regarding suspicious activity
reports (SARs) and other anti-money laundering (AML) considerations
for financial institutions covered by SAR rules.
1 The answers to these FAQs clarify the regulatory requirements related
to SARs to assist such financial institutions with their compliance
obligations, while enabling financial institutions to focus resources
on activities that produce the greatest value to law enforcement agencies
and other government users of Bank Secrecy Act (BSA) reporting. The
answers to these FAQs neither alter existing BSA/AML legal or regulatory
requirements, nor establish new supervisory expectations; they were
developed in response to recent Bank Secrecy Act Advisory Group (BSAAG)
recommendations, as described in more detail in FinCEN’s advance
notice of proposed rulemaking (ANPRM) on anti-money laundering program
effectiveness, published in September 2020.
2 Q1.
Can a financial institution
maintain an account or customer relationship for which it has received
a written “keep open” request from law enforcement, even
though the financial institution has identified suspicious or potentially
illicit activity?3 A1. Yes. Law enforcement may have an interest in ensuring that
certain accounts and customer relationships remain open notwithstanding
suspicious or potential criminal activity in connection with the account.
A financial institution may decide to maintain an account based on
a written “keep open” request from a law enforcement agency,
however, it is not obligated to do so. The written request should
be specific and indicate both that the law enforcement agency has
requested that the financial institution maintain the account, as
well as the purpose and duration of the request.
4 Keeping such an account open as requested may be highly
useful to law enforcement and may further efforts to identify and
combat money laundering, terrorist financing, and other illicit financial
activities.
A financial institution should not be criticized solely
for its decision to maintain an account relationship at the request
of law enforcement or for its decision to close the account. Ultimately,
the decision to maintain or
close an account should be made by a financial
institution in accordance with its own policies, procedures, and processes.
It may be useful for financial institutions to maintain documentation
of “keep open” requests, including after a request has
expired. If financial institutions keep such an account open as requested
by law enforcement, they are still required to comply with all applicable
BSA requirements, including requirements to conduct ongoing risk-based
monitoring, and, as appropriate, file SARs,
5 including
continuing activity SARs consistent with FinCEN guidance.
6 Q2. Should a financial
institution file a SAR solely on the basis of receiving a grand jury
subpoena or other law enforcement inquiries?
A2. No. The receipt of a law enforcement inquiry, such as a
grand jury subpoena, does not by itself indicate that the criteria
requiring the filing of a SAR have been met. However, receipt of a
grand jury subpoena or other law enforcement inquiry is pertinent
information relevant to a financial institution’s overall assessment
of risk and the risk profile for the relevant customer(s) and account(s).
Generally, a financial institution will assess and review all relevant
information it has about a customer that is the subject of a grand
jury subpoena or other law enforcement inquiries, in accordance with
its risk-based AML program. For example, the receipt of a grand jury
subpoena should cause a financial institution to review relevant account
activity and transactions.
7
The financial institution should determine whether SAR
filing is necessary based on its assessment of all information available
and applicable regulatory requirements. If a financial institution
files a SAR on a customer or transaction following the receipt of
a grand jury subpoena or other law enforcement inquiry, the SAR should
focus on the facts and circumstances that support a finding of suspicious
activity rather than the subpoena or inquiry itself.
8 Q3. Is a financial
institution required to terminate a customer relationship following
the filing of a SAR or multiple SARs?
A3. No.
There is no BSA regulatory requirement to terminate a customer relationship
after the filing of a SAR or any number of SARs. The decision to maintain
or close a customer relationship as a result of the identification
of suspicious activity is a determination for a financial institution
to make based on the information available to it, its assessment of
money laundering or other illicit financial activity risks, and established
policies, procedures, and processes.
Financial institutions have the flexibility to develop
risk-based procedures and monitoring processes for the purpose of
updating the customer risk profile and determining when to maintain
or close accounts. Generally, financial institutions have policies,
procedures, and processes in place that establish an escalation process
for decisions to maintain or terminate customer relationships based
on relevant factors, including SAR filing(s). These processes establish
criteria, including when review by senior management and legal staff
is warranted, for the decision to maintain or terminate the customer
relationship in light of elevated risk factors. As indicated above,
there is no specific number of SAR filings that a financial institution
must consider to trigger any particular escalation step. Rather, the
number of SAR filings and other factors that trigger escalation steps
may vary based upon, among other things, the risk profile of the customer,
including the geographical locations involved, the volume and type
of transactions conducted by customers, the type of account,
and the
types of SARs filed by the financial institution in relation to the
customer.
9 Q4. Is a financial institution required
to file a SAR based solely on negative news?
A4. No. The existence of negative news related to a customer
or other activity at a financial institution does not by itself indicate
that the criteria requiring the filing of a SAR have been met, and
does not automatically require the filing of a SAR by a financial
institution. A financial institution may review media reports, news
articles and/or other references to assist in its performance of customer
due diligence, as well as its evaluation of any transactions or activity
it considers unusual or potentially suspicious. For example, negative
news may cause a financial institution to review customer activity
as well as other related information, such as that of third parties
with transactions involving the customer’s account. As with
other identified unusual or potentially suspicious activity, financial
institutions should comply with applicable regulatory requirements
and follow their established policies, procedures, and processes to
determine the extent to which it investigates and evaluates negative
news, in conjunction with its review of transactions occurring by,
at, or through the institution, to determine if a SAR filing is required.
Q5. If there are multiple negative news alerts
based on the same event, is a financial institution expected to independently
investigate each of those alerts?
A5. No.
In circumstances where there are multiple negative news alerts (as
identified through monitoring for unusual or suspicious activity)
based on the same underlying events, a financial institution does
not need to independently investigate each alert, but rather may consider
whether the alert contains new or different information that warrants
further investigation or whether the negative news otherwise assists
or informs the evaluation of the activity at issue. Many financial
institutions maintain a process for managing a high volume of alerts
generated by news. This type of process will allow the financial institution
to identify and evaluate new information and assess whether to update
customer information and risk profile, investigate transactions which
may result in the filing of a SAR, or escalate or terminate a customer
relationship, as appropriate consistent with its policies, procedures,
and processes. Financial institutions have flexibility in developing
risk-based procedures and monitoring processes for the purpose of
complying with customer due diligence requirements and, where appropriate,
consideration of negative news.
10 Q6. Do financial
institutions need to repeat information in the SAR narrative that
has already been included in other SAR data fields?
A6. No. As stated in the SAR instructions, information
provided in other sections of a SAR does not need to be repeated in
the narrative unless necessary to provide a clear and complete description
of the suspicious activity.
11 Consistent with FinCEN’s SAR instructions,
financial institutions should focus the SAR narrative on the information
necessary to enable the reader to understand the activity reported,
including what was unusual or irregular about the activity that caused
suspicion. For example, granular detail (such as
subject
identification data) that is reported in the appropriate SAR data
fields does not need to be repeated in the SAR narrative, unless such
information is necessary to clearly describe the activity reported.
Additionally, the SAR narrative may benefit from information about
the suspicious activity that may not be readily evident from SAR data
fields alone, such as an explanation about why the filer selected
different characterizations of suspicious activity in the SAR data
fields. Note, however, that FinCEN advisories may include requests
for financial institutions to incorporate certain terms in SAR field
2 (financial institution note to FinCEN) and in the narrative to indicate
a connection between the suspicious activity being reported and the
subject of an advisory.
12 Q7. Should financial institutions
file additional SARs on the same suspicious activity to accommodate
narratives that are longer than the SAR narrative character limits?
A7. No. Filers must provide a clear, complete,
and concise description of the suspicious activity that led to the
decision to file the SAR.
13 A financial institution that reaches the SAR
narrative character limit should not file an additional SAR to continue
a narrative in order to avoid duplicate filings on the same activity
in the database.
14 Instead, filers should focus the relevant information
in the narrative as much as possible, and may include additional,
relevant information as an attachment to the SAR, or note that it
is available as supporting documentation.
To keep narratives within the character limit and enable
efficient review of information (such as transaction records) that
is displayed most clearly in tabular format, filers can include a
single comma-separated values (CSV) file with no more than one megabyte
of data as an attachment to a SAR. If a filer wishes to include information
in a tabular format in a SAR, the CSV attachment should be used; filers
should not include tabular information within the SAR narrative.
Filers must retain all supporting documentation or a business
record equivalent for five years from the date of the report.
15 All supporting documentation (such
as copies of instruments; receipts; sale, transaction, or clearing
records; photographs; and surveillance audio or video recordings)
must be made available to appropriate authorities upon request.
16Interagency frequently
asked questions of Jan. 19, 2021 (SR-21-2).