[Federal Register: February 5, 1996 (Volume 61, Number 24)] [Rules and Regulations ] [Page 4332-4338] From the Federal Register Online via GPO Access [wais.access.gpo.gov] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY Office of the Comptroller of the Currency 12 CFR Part 21 [Docket No. 96-02] RIN 1557-AB19 Minimum Security Devices and Procedures, Reports of Suspicious Activities, and Bank Secrecy Act Compliance Program AGENCY: Office of the Comptroller of the Currency, Treasury. ACTION: Final rule. ----------------------------------------------------------------------- SUMMARY: The Office of the Comptroller of the Currency (OCC) is amending its regulations that require national banks to file criminal referral and suspicious transaction reports. This final rule streamlines reporting requirements by providing that national banks file a new Suspicious Activity Report (SAR) with the OCC and the appropriate Federal law enforcement agencies by sending SARs to the Financial Crimes Enforcement Network of the Department of the Treasury (FinCEN) to report a known or suspected criminal offense or a transaction that a bank suspects involves money laundering or violates the Bank Secrecy Act (BSA). EFFECTIVE DATE: April 1, 1996. FOR FURTHER INFORMATION CONTACT: Robert S. Pasley, Assistant Director, or Neil M. Robinson, Senior Attorney, Enforcement and Compliance Division, (202-874-4800), or Daniel L. Cooke, Attorney, Legislative and Regulatory Activities Division (202-874-5090). SUPPLEMENTARY INFORMATION: Background The OCC, the Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), and the Office of Thrift Supervision (OTS) (collectively, the Agencies) issued for public comment substantially similar proposals to revise their rules that require the institutions under their supervision to report known or suspected criminal conduct and suspicious transactions. See 60 FR 34476 (July 3, 1995) (OCC); 60 FR 34481 (July 3, 1995) (Board); 60 FR 36366 (July 17, 1995) (OTS); 60 FR 47719 (September 14, 1995) (FDIC). The Department of the Treasury, through FinCEN, has issued for public comment a substantially similar proposal to require the reporting of suspicious activities. See 60 FR 46556 (September 7, 1995). [[Page 4333]] As noted in the OCC's proposed regulation, the interagency Bank Fraud Working Group, consisting of representatives from the Agencies, law enforcement agencies, and FinCEN, has been working on the development of a single form, the SAR, for the reporting of known or suspected Federal criminal law violations and transactions that an institution suspects involve money laundering or violate the BSA. The SAR will be available to national banks both in paper form and as a computer software shell. SARs can be obtained from the appropriate OCC District Office listed in 12 CFR part 4.1 \1\ The OCC recently revised Part 4. See 60 FR 57315 (November 15, 1995). The geographical composition of each OCC District Office is listed at 12 CFR 4.5. See 60 FR at 57322. --------------------------------------------------------------------------- The new SAR reporting system will: (1) Combine the current criminal referral rules of the Federal financial institutions regulatory agencies with the Department of the Treasury's suspicious activity reporting requirements; (2) create a uniform reporting form, the new SAR, for use by financial institutions in reporting known or suspected criminal offenses and transactions that an institution suspects involve money laundering or violate the BSA; (3) provide a system whereby a financial institution need only refer to the SAR and its instructions in order to complete and file the form in conformance with the Agencies' and FinCEN's reporting regulations; (4) require the filing of only one form with FinCEN; (5) eliminate the need to file supporting documentation with a SAR; (6) enable a filer, through computer software that the OCC will provide to all national banks, to prepare a SAR on a computer and file it by mailing a computer disc or tape; (7) establish a database that will be accessible to Federal and state financial institution regulators and law enforcement agencies; (8) raise the thresholds for mandatory reporting in two categories and create a threshold for the reporting of transactions that an institution suspects involve money laundering or violate the BSA in order to reduce unnecessary reporting burdens on banking organizations; and (9) emphasize recent changes in the law that provide (a) a safe harbor from civil liability to financial institutions and their employees when they report known or suspected criminal offenses or suspicious activities, by filing a SAR or by reporting by other means, and (b) criminal sanctions for the disclosure of such a report to any party involved in the reported transaction. Comments Received The OCC received letters from 33 public commenters, including 26 banks, five trade and industry research groups, and two law firms. The large majority of commenters expressed general support for the proposal. None of the commenters opposed the proposed new suspicious activity reporting rules although, as discussed below, a number of commenters made suggestions for improving the rule and requests for clarification. Description of the Final Rule and Responses to Comments Received After consideration of the public comments received, the Agencies are each promulgating a substantially identical final rule on the filing of SARs. Under the OCC's final rule, national banks need only follow SAR instructions for completing and filing the SAR to be in compliance with the OCC's and FinCEN's reporting requirements. The final rule adopts the proposal with a few additional changes that are made in response to the comments received. The final rule makes several changes that reduce unnecessary regulatory burden in addition to those that were proposed. In particular, the final rule further reduces burden by: (1) Adding a $5,000 threshold for reporting transactions that an institution suspects involve money laundering or violate the BSA; (2) eliminating the requirement that banks report a transaction that is ``suspicious for any reason'' by modifying the description of the types of suspicious activity that must be reported; (3) reducing the record retention period from ten years to five; and (4) permitting banks to maintain the business record equivalent of a document rather than requiring the bank to maintain the original. Purpose and Scope (Sec. 21.11(a)) The proposal clarified the scope of the current rule. The OCC received no comments on this section, and it is adopted as proposed. Definitions (Sec. 21.11(b)) The proposal added definitions for several terms used in the operative provisions of the rule. The OCC received one comment on this section. The commenter stated that the definition of ``known or suspected violation'' was too broad because it included violations that have been attempted or may occur. The OCC has concluded, however, that attempted and potential crimes must be reported in order to maintain effective law enforcement. The definition has been incorporated into each of the reporting requirement provisions in Sec. 21.11(c). This definitions section is otherwise adopted as proposed, with minor technical changes. SARs Required (Sec. 21.11(c)) The proposal clarified and revised the provision in the former rule that requires a bank to file a criminal referral report. The proposal raised the dollar thresholds that trigger filing requirements and modified the scope of events that a national bank must report. Most of the comments received by the OCC addressed this section. Approximately one-third of the commenters encouraged the OCC to change proposed Sec. 21.11(c)(4), which required banks to report all financial transactions that are suspicious ``for any reason.'' The commenters stated that this language was too broad and made meaningless the $5,000 reporting threshold of Sec. 21.11(c)(2) (requiring banks to report suspected crimes committed by an identifiable suspect) and the $25,000 reporting threshold of Sec. 21.11(c)(3) (requiring banks to report suspected crimes for which no suspect is identified). These commenters asserted that requiring banks to report all financial transactions that are suspicious for any reason required banks to report transactions that would otherwise fall under the appropriate threshold and would therefore be exempt from mandatory reporting. Several commenters also encouraged the Agencies to adopt a threshold for reporting transactions that are suspicious. The OCC and the other Agencies agree with the concerns expressed by these commenters. Accordingly, the OCC has substantially revised Sec. 21.11(c)(4) to add a $5,000 reporting threshold for transactions that are suspicious and to clarify that this section of the rule requires banks to report only transactions that a bank suspects involve money laundering or violate the BSA. Under the final rule, a national bank must file a SAR for any transaction of $5,000 or more if the bank knows, suspects, or has reason to suspect that the transaction: (i) Involves funds derived from illicit activities or is intended to hide or disguise funds derived from illicit activities; (ii) is part of a plan to evade any reporting requirement, including those under the BSA, or (iii) has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the institution knows of no reasonable explanation for the transaction after [[Page 4334]] examining the available facts, including the background and possible purpose of the transaction. For purposes of the subsection, the term ``transaction'' means a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, or purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected. The text of Sec. 21.11(c)(4) in the final rule recognizes that efforts to deter, substantially reduce, and eventually eradicate money laundering are greatly assisted when financial institutions report transactions that they suspect may involve money laundering or violate the BSA. The requirements of this section comply with the recommendations adopted by multi-country organizations in which the United States is an active participant, including the Financial Action Task Force of the G-7 nations and the Organization of American States, and are consistent with European Community's directive on preventing money laundering through financial institutions. A few commenters encouraged the Agencies to raise the dollar thresholds for known or suspected criminal conduct by non-insiders, and several commenters urged the Agencies to establish a dollar threshold for insiders. The Agencies considered these comments, but concluded that the thresholds, as proposed, properly balance the dual concerns of prosecuting criminal activity involving national banks and minimizing the burden on national banks. With respect to the suggestion that the OCC adopt a dollar threshold for insider violations, the OCC notes that insider abuse has long been a key concern and focus of enforcement efforts at the OCC. With the development of a new sophisticated and automated database, the OCC and law enforcement agencies will have the benefit of a comprehensive and easily accessible catalogue of known or suspected insider wrongdoing. When insiders are involved, even small- scale offenses--for example, repetitive thefts of small amounts of cash by an employee who frequently moves between banking organizations--may undermine the integrity of banking institutions and warrant enforcement action or criminal prosecution. Therefore, the OCC does not wish to limit the information it receives regarding insider wrongdoing. One commenter suggested an indexed threshold, based on the regional differences in the various dollar thresholds below which the Federal, state, and local prosecutors generally decline criminal prosecution. Any regional variations in the dollar amount of financial crimes generally prosecuted involve issues pertaining to the exercise of prosecutorial discretion that are not within the OCC's province to resolve. The OCC's objective is to ensure that banks place the relevant information in the hands of the investigating and prosecuting authorities. In the OCC's view, the dollar thresholds proposed and adopted in this final rule best balance the interests of law enforcement authorities and national banks. The OCC also believes that indexed thresholds could generate additional burden for banks by creating a standard that is unclear and confusing. One commenter noted that the OCC and OTS proposals keyed the reporting thresholds to the amount of loss or potential loss to the institution, while the Board keyed its reporting thresholds to events that ``involve or aggregate'' more than the appropriate threshold. The commenter urged all agencies to use the OCC and OTS standard. The OCC observes that its former provision used the same language that the Board used in its proposal and required reporting of all events that ``involve or aggregate'' more than the appropriate threshold. The OCC has concluded that this language provides greater predictability in determining when to file a SAR because the amount of loss or potential loss may differ from the actual sum involved and may be difficult to calculate in many instances. The OCC believes that, were the Agencies to rely on the amount of loss or potential loss, a national bank might consider the potential for recovery of funds to estimate loss. To avoid potential uncertainty, the OCC's final rule conforms to the OCC's former rule by requiring national banks to file SARs whenever a bank detects a known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank that involves or aggregates more than the appropriate threshold. One commenter expressed the concern that a banking organization would need to establish probable cause before reporting crimes for which an essential element of the proof of the crime was the intent of the actor. This is not the case, however. Nothing in the rule requires that national banks assume the burden of proving illegal conduct; rather, banks are required only to report actual or suspected crimes or suspicious activities for possible action by the appropriate authorities. A few commenters requested clarification of whether the proposal required a national bank to file multiple SARs for a crime committed by several individuals or multiple related crimes by the same individual. Financial institutions should complete one SAR to describe a suspected or known criminal offense committed by several individuals. The instructions to the SAR permit banks to report additional suspects by means of a supplemental page. A financial institution should file a separate SAR whenever an individual commits a suspected or known crime. If the same individual commits multiple or related crimes within the same reporting period, the financial institution may consider reporting the crimes on one SAR, but only if doing so will present clearly what has occurred. National banks are encouraged to file the SAR via magnetic media using the computer software to be provided to all national banks by the OCC. National banks that currently file currency transaction reports via magnetic tape with FinCEN may also file SARs by magnetic tape. FinCEN has advised the Agencies that it will be unable to accept filings via telecopier/FAX. Time for Reporting (Sec. 21.11(d)) Proposed section 21.11(d) did not substantively change the current requirements with respect to the timing of the reporting of known or suspected criminal offenses and transactions that a bank suspects involve money laundering or violate the BSA. Several commenters requested that the OCC clarify the application of the filing deadline for SARs when no suspect is identified at the initial detection of the suspicious activity, the amount of the transaction is less than the applicable $25,000 mandatory reporting threshold, and the institution later identifies a suspect. For example, some commenters wondered if they would be in violation of the rule if a suspect were identified after 60 days had past. These comments reflect a misunderstanding of how the filing requirements operate. The time period for reporting commences only when a bank identifies a known or potential violation that fits within the thresholds. Therefore, if a bank uncovers a transaction involving less than $25,000 (but more than $5,000), but does not identify a potential suspect until after the passage of 60 days, the 30-day [[Page 4335]] period for filing a SAR would begin to run only as of the time the suspect is identified. To make this point clear, the final rule inserts the word ``reportable'' and states that in no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction. Section 21.11(d) also requires a bank to notify law enforcement authorities immediately in the event of an on-going violation. The OCC wishes to clarify that immediate notification is limited to situations involving on-going violations, for example, when a check kite or money laundering has been detected and may be continuing. It is not feasible, however, for the OCC to contemplate all of the circumstances in which it might be appropriate for a financial institution immediately to advise state and local law enforcement authorities. National banks should use their best judgment regarding when to alert these authorities regarding on-going criminal offenses or suspicious activities that involve money laundering or violate the BSA. Reports to State and Local Authorities (Sec. 21.11(e)) The proposal encouraged national banks to file SARs with state and local law enforcement agencies when appropriate. Some commenters expressed the concern that national banks and their institution- affiliated parties could be liable under Federal and state laws, such as the Right to Financial Privacy Act (12 U.S.C. Sec. 3401 et seq.) (RFPA), for filing SARs with respect to conduct that is later found not to have been criminal. Another concern was that the filing of SARs with state and local law enforcement agencies would subject filers to claims under state law. Both of these concerns are addressed by the scope of the safe harbor protection provided in 31 U.S.C. 5318(g) and, as discussed below, stated in new paragraph 21.11(l) of this section. Exceptions (Sec. 21.11(f)) Proposed Sec. 21.11(g) set forth two exceptions to the SAR filing requirement, which did not substantively change its predecessor provision. Under the proposal, a national bank was not required to file a SAR for a robbery or burglary that the bank reported to appropriate law enforcement authorities or to file a SAR for lost, missing, counterfeit, or stolen securities for which the bank filed a report pursuant to 17 CFR 240.17f-l. The OCC received no comments on this section and adopts it as proposed. The final rule, however, reverses the order of proposed paragraphs (g) and (f) to conform with the other Agencies' rules. Retention of Records (Sec. 21.11(g)) The proposal required a bank to retain a copy of the SAR and the original of any underlying documentation relating to the SAR for ten years. Approximately one-third of the commenters expressed the view that the ten-year period for the retention of records in proposed 21.11(f) was excessive, especially in light of the five-year record retention requirement that is contained in the BSA. Several commenters recommended that the Agencies adopt a five-year requirement. The Agencies agree, and the OCC's final rule reduces the required record retention period to five years. Many commenters asserted that the provision that required banks to disclose supporting documentation to law enforcement agencies upon their request was either unclear or posed potential RFPA liability. Some therefore questioned whether law enforcement agencies would still need to subpoena relevant documents from a financial institution. The final rule requires national banks filing SARs to identify, maintain, and treat the documentation supporting the report as if it were actually filed with the SAR. This means that subsequent requests from law enforcement authorities for the supporting documentation relating to a particular SAR do not require the service of a subpoena or other legal processes normally associated with providing information to law enforcement agencies. This treatment of supporting documentation is not a substantive change from the current rule's requirement that supporting documentation be filed with each referral, since it only changes the timing of when an agency will have access to the supporting documentation, not the fact that the information needs to be assembled and made available for law enforcement purposes. The Agencies are therefore of the opinion that the final rule's treatment does not give rise to RFPA liability. Proposed section 21.11(f) required the maintenance of supporting documentation in its original form. A number of commenters noted that electronic storage of documents is becoming the rule rather than the exception, and that requiring the storage of paper originals would impose undue burdens on financial institutions. Moreover, some records are retained only in a computer database. The proposal reflected the concerns of the law enforcement agencies that the best evidence be preserved. However, this can include electronic storage of original documentation related to the filing of an SAR. The OCC recognizes that a banking organization will not always have custody of the originals of documents and that some documents will not exist at the organization in paper form. In those cases, preservation of the best available evidentiary documents, for example, computer disks or photocopies, will be acceptable. The final rule reflects these changes by allowing banks to retain business record equivalents of supporting documentation. Several commenters criticized as inconsistent and vague the proposed requirements that an institution maintain ``related'' documentation and make ``supporting'' documentation available to the law enforcement agencies upon request. One commenter questioned whether the OCC intended a substantive difference in meaning between ``related'' and ``supporting.'' Because a substantive difference is not intended, the OCC has referred to ``supporting'' documentation in the final rule in stating both the maintenance and production requirements. The OCC believes that the use of the word ``supporting'' is more precise and limits the scope of the information that must be segregated and retained to information that would be relevant in proving the crime and the individuals who committed the crime. The OCC anticipates that banks will use their best judgment in determining the scope of the information to be retained. It is not feasible for the OCC to catalogue the precise types of information covered by this requirement because the scope necessarily depends upon the facts of a particular case. Notification to Board of Directors (Sec. 21.11(h)) The proposal reduced the burden on boards of directors to review criminal referrals by allowing the management of a bank promptly to notify either the board of directors or a committee of directors or executive officers designated by the board to receive notice of the filing of an SAR. The proposal prohibited a bank from giving notice of an SAR filing to any director or officer who is a suspect in the known or suspected violation. The proposal also required management to notify the entire board of directors, except the suspect, when an executive officer or director is a suspect. Most commenters supported this provision of the proposal. One commenter, however, questioned whether the provision that required [[Page 4336]] prompt notification of the board of directors required notice prior to the next board meeting. This commenter said that a requirement to provide notice between board meetings would be more burdensome than the former rule, which required notification not later than the next board meeting. The OCC did not intend for the rule as proposed to be more burdensome than the former rule and does not construe the requirement for prompt notification to mean that notice must be provided before the next board meeting. The final rule is intended to be flexible. For example, the OCC expects that, with respect to serious crimes, the appointed committee may consider it appropriate to make more immediate disclosure to the full board. The final rule does not dictate the content of the board or committee notification, and, in some cases, such as when relatively minor non-insider crimes are to be reported, it may be completely appropriate to provide only a summary listing of SARs filed. Compliance (Sec. 21.11(i)) The proposal clarified that the OCC treats a national bank's failure to comply with reporting requirements like any other violation of law or regulation, which may result in supervisory actions, including enforcement action. The proposal also conformed the OCC's penalty standard with the rules of the Board and the FDIC by removing the requirement that the failure to file had to be the result of a willful failure or careless disregard of applicable filing obligations. The OCC received no comments on this section and adopts it as proposed. Obtaining SARs (Sec. 21.11(j)) The proposal added section 21.11(j), which provides national banks with information on how to obtain SARs. The OCC received no comments on this section and adopts it as proposed. Confidentiality of SARs (Sec. 21.11(k)) The proposal preserved the confidential nature of criminal referral reports by stating that a SAR and the information contained in a SAR are confidential. One commenter correctly noted that the proposed regulation is unclear as to whether the confidential treatment applies only to the information contained on the SAR itself or also extends to the ``supporting'' documentation. The OCC takes the position that only the SAR and the information on the SAR are confidential under 31 U.S.C. 5318(g). However, as stated below in the discussion of new Sec. 21.11(l), the safe harbor provisions of 31 U.S.C. 5318(g) for disclosure of information to law enforcement agencies apply to both SARs and the supporting documentation. Several commenters urged the OCC to adopt regulations that would make SARs undiscoverable in civil litigation, in order to avoid situations in which a financial institution could be ordered by a court to produce a SAR in civil litigation and could be confronted with the prospect of having to choose between being found in contempt or violating the OCC's rules. In the opinion of the OCC, 31 U.S.C. 5318(g) precludes the disclosure of SARs in discovery.2 However, the final rule requires a bank that receives a subpoena or other request for a SAR to notify the OCC so that the OCC may intervene in litigation if appropriate. \2\ Section 5318(g)(2) prohibits financial institutions and directors, officers, employees, or agents of financial institutions from notifying any person involved in a suspicious transaction that the transaction has been reported. --------------------------------------------------------------------------- This notification requirement is consistent with the approach the OCC has recently taken in the final revisions to part 4 of its regulations. In part 4, the OCC requires that a person or entity served in civil litigation with a subpoena provide non-public OCC information notify the OCC so that the OCC can determine whether it should intervene in the proceedings. See 60 FR 57315 (November 15, 1995). Right to Financial Privacy Act Safe Harbor (Sec. 21.11(l)) Several commenters expressed concern that disclosure of SARs and supporting documentation to law enforcement agencies could give rise to potential RFPA liability. In particular, the commenters questioned the permissibility of voluntarily filing SARs with state agencies or in situations in which the amount of a transaction falls below the appropriate minimum threshold for the known or suspected criminal conduct, or when a transaction involving money laundering or the BSA does not meet the requisite standards or thresholds. The Agencies are of the opinion that the broad safe harbor protection of 31 U.S.C. 5318(g)(3) includes any reporting of known or suspected criminal offenses or suspicious activities with state and local law enforcement authorities or with the Agencies and FinCEN, regardless of whether such reports are filed pursuant to the mandatory requirements of the OCC's regulations or are filed on a voluntary basis.3 The OCC takes the same position with regard to the disclosure of documentation supporting a report. \3\ Section 5318(g)(3) states that a financial institution will not be held liable to any person under any law or regulation of the United States or any constitution, law, or regulation of any state for making a disclosure of any possible violation of law or regulation. --------------------------------------------------------------------------- The OCC's final rule adds new paragraph 21.11(l), which states this position. Comments on Information Sharing Several commenters suggested that the final rule should facilitate the sharing of information among banking organizations in order to better detect new fraudulent schemes. It is anticipated that the Treasury Department, through FinCEN, and the Agencies, will keep reporting entities apprised of recent developments and trends in banking-related crimes through periodic pronouncements, meetings, and seminars. Effective Date Section 302 of the Riegle Community Development and Regulatory Improvement Act of 1994 delays the effective date of regulations promulgated by the Federal banking agencies that impose additional reporting, disclosure, or other new requirements to the first day of the first calendar quarter following publication of the final rule. The OCC believes that Section 302 is not applicable to this final rule, because the effect of the regulation is to reduce reporting burdens on national banks. The final regulation does not impose any additional reporting or other requirements not already contained in the current version of the OCC's criminal referral regulations. The effective date of this final rule is April 1, 1996. Derivation Table for 12 CFR Part 21 [This table directs readers to the provisions of the current 12 CFR part 21.11 on which the revised 12 CFR part 21.11 is based] ------------------------------------------------------------------------ Revised provision Current provision Comments ------------------------------------------------------------------------ Sec. 21.11(a)............ Sec. 21.11(a)........ Modified. Sec. 21.11(b)(1)......... ...................... Added. Sec. 21.11(b)(2)......... ...................... Added. Sec. 21.11(b)(3)......... ...................... Added. Sec. 21.11(c)(1)......... Sec. 21.11(b)(2)..... Modified. Sec. 21.11(c)(2)......... Sec. 21.11(b)(3)..... Modified. Sec. 21.11(c)(3)......... Sec. 21.11(b) (1) & Modified. (4). [[Page 4337]] Sec. 21.11(c)(4)......... Derived in part from Added. the OCC's current criminal referral forms. Sec. 21.11(d)(1)......... Sec. 21.11(c) (1) & Modified. (3). Sec. 21.11(d)(2)......... Sec. 21.11(c)(2)..... Modified. Sec. 21.11(e)............ Sec. 21.11(d)........ Modified. Sec. 21.11(f)(1)......... Sec. 21.11(f)(1)..... Modified. Sec. 21.11(f)(2)......... Sec. 21.11(f)(2)..... Modified. Sec. 21.11(g)............ ...................... Added. Sec. 21.11(h)(1)......... Sec. 21.11(g)........ Modified. Sec. 21.11(h)(2)......... ...................... Added. Sec. 21.11(i)............ Sec. 21.11(h)........ Modified. Sec. 21.11(j)............ ...................... Added. Sec. 21.11(k)............ ...................... Added. Sec. 21.11(l)............ ...................... Added. ------------------------------------------------------------------------ Regulatory Flexibility Act Pursuant to section 605(b) of the Regulatory Flexibility Act, the OCC hereby certifies that this final rule will not have a significant economic impact on a substantial number of small entities. This rule primarily reorganizes the process for making criminal referrals and reduces administrative and cost burdens on national banks. It has no material economic impact on national banks, regardless of size. Accordingly, a regulatory flexibility analysis is not required. Executive Order 12866 The OCC has determined that this document is not a significant regulatory action under Executive Order 12866. Unfunded Mandates Act of 1995 Statement Section 202 of the Unfunded Mandates Reform Act of 1995, Pub. L. 104-4 (Unfunded Mandates Act) (signed into law on March 22, 1995) requires that an agency prepare a budgetary impact statement before promulgating a rule that includes a Federal mandate that may result in expenditure by state, local, and tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. If a budgetary impact statement is required, section 202 of the Unfunded Mandates Act also requires an agency to identify and consider a reasonable number of regulatory alternatives before promulgating a rule. The OCC has determined that this final rule will not result in an expenditure by national banks of $100 million or more and has concluded that, on balance, this final rule provides the most cost-effective and least burdensome alternative to achieve the objectives of the rule. The OCC has therefore determined that it is not required to prepare a written statement under section 202. List of Subjects in 12 CFR Part 21 Bank Secrecy Act, Crime, Currency, National banks, Reporting and recordkeeping requirements, Security measures. Authority and Issuance For the reasons set out in the preamble, part 21 of chapter I of title 12 of the Code of Federal Regulations is amended as follows: PART 21--MINIMUM SECURITY DEVICES AND PROCEDURES, REPORTS OF SUSPICIOUS ACTIVITIES, AND BANK SECRECY ACT COMPLIANCE PROGRAM 1. The heading of part 21 is revised to read as set forth above. 2. The authority citation for part 21 is revised to read as follows: Authority: 12 U.S.C. 93a, 1818, 1881-1884, and 3401-3422; 31 U.S.C. 5318. 3. Subpart B, consisting of Sec. 21.11, is revised to read as follows: Subpart B--Reports of Suspicious Activities Sec. 21.11 Suspicious Activity Report. (a) Purpose and scope. This section ensures that national banks file a Suspicious Activity Report when they detect a known or suspected violation of Federal law or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act. This section applies to all national banks as well as any Federal branches and agencies of foreign banks licensed or chartered by the OCC. (b) Definitions. For the purposes of this section: (1) FinCEN means the Financial Crimes Enforcement Network of the Department of the Treasury. (2) Institution-affiliated party means any institution-affiliated party as that term is defined in sections 3(u) and 8(b)(5) of the Federal Deposit Insurance Act (12 U.S.C. 1813(u) and 1818(b)(5)). (3) SAR means a Suspicious Activity Report on the form prescribed by the OCC. (c) SARs required. A national bank shall file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury in accordance with the form's instructions, by sending a completed SAR to FinCEN in the following circumstances: (1) Insider abuse involving any amount. Whenever the national bank detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank, where the bank believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the bank was used to facilitate a criminal transaction, and the bank has a substantial basis for identifying one of its directors, officers, employees, agents or other institution-affiliated parties as having committed or aided in the commission of a criminal act, regardless of the amount involved in the violation. (2) Violations aggregating $5,000 or more where a suspect can be identified. Whenever the national bank detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank and involving or aggregating $5,000 or more in funds or other assets where the bank believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations or that it was used to facilitate a criminal transaction, and the bank has a substantial basis for identifying a possible suspect or group of suspects. If it is determined prior to filing this report that the identified suspect or group of suspects has used an alias, then information regarding the true identity of the suspect or group of suspects, as well as alias identifiers, such as drivers' license or social security numbers, addresses and telephone numbers, must be reported. (3) Violations aggregating $25,000 or more regardless of potential suspects. Whenever the national bank detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank and involving or aggregating $25,000 or more in funds or other assets where the bank believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the bank was used to facilitate a criminal transaction, even though there is no substantial basis for identifying a possible suspect or group of suspects. (4) Transactions aggregating $5,000 or more that involve potential money laundering or violate the Bank Secrecy Act. Any transaction (which for purposes of this paragraph (c)(4) means a deposit, withdrawal, transfer between [[Page 4338]] accounts, exchange of currency, loan, extension of credit, or purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected) conducted or attempted by, at or through the national bank and involving or aggregating $5,000 or more in funds or other assets, if the bank knows, suspects, or has reason to suspect that: (i) The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any law or regulation or to avoid any transaction reporting requirement under Federal law; (ii) The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or (iii) The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction. (d) Time for reporting. A national bank is required to file a SAR no later than 30 calendar days after the date of the initial detection of facts that may constitute a basis for filing a SAR. If no suspect was identified on the date of detection of the incident requiring the filing, a national bank may delay filing a SAR for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction. In situations involving violations requiring immediate attention, such as when a reportable violation is ongoing, the financial institution shall immediately notify, by telephone, an appropriate law enforcement authority and the OCC in addition to filing a timely SAR. (e) Reports to state and local authorities. National banks are encouraged to file a copy of the SAR with state and local law enforcement agencies where appropriate. (f) Exceptions. (1) A national bank need not file a SAR for a robbery or burglary committed or attempted that is reported to appropriate law enforcement authorities. (2) A national bank need not file a SAR for lost, missing, counterfeit, or stolen securities if it files a report pursuant to the reporting requirements of 17 CFR 240.17f-1. (g) Retention of records. A national bank shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of the filing of the SAR. Supporting documentation shall be identified and maintained by the bank as such, and shall be deemed to have been filed with the SAR. A national bank shall make all supporting documentation available to appropriate law enforcement agencies upon request. (h) Notification to board of directors--(1) Generally. Whenever a national bank files a SAR pursuant to this section, the management of the bank shall promptly notify its board of directors, or a committee of directors or executive officers designated by the board of directors to receive notice. (2) Suspect is a director or executive officer. If the bank files a SAR pursuant to paragraph (c) of this section and the suspect is a director or executive officer, the bank may not notify the suspect, pursuant to 31 U.S.C. 5318(g)(2), but shall notify all directors who are not suspects. (i) Compliance. Failure to file a SAR in accordance with this section and the instructions may subject the national bank, its directors, officers, employees, agents, or other institution-affiliated parties to supervisory action. (j) Obtaining SARs. A national bank may obtain SARs and the Instructions from the appropriate OCC District Office listed in 12 CFR part 4. (k) Confidentiality of SARs. SARs are confidential. Any national bank or person subpoenaed or otherwise requested to disclose a SAR or the information contained in a SAR shall decline to produce the SAR or to provide any information that would disclose that a SAR has been prepared or filed, citing this section, applicable law (e.g., 31 U.S.C. 5318(g)), or both, and shall notify the OCC. (l) Safe harbor. The safe harbor provision of 31 U.S.C. 5318(g), which exempts any financial institution that makes a disclosure of any possible violation of law or regulation from liability under any law or regulation of the United States, or any constitution, law, or regulation of any state or political subdivision, covers all reports of suspected or known criminal violations and suspicious activities to law enforcement and financial institution supervisory authorities, including supporting documentation, regardless of whether such reports are required to be filed pursuant to this section or are filed on a voluntary basis. Dated: January 30, 1996. Eugene A. Ludwig, Comptroller of the Currency. [FR Doc. 96-2246 Filed 2-2-96; 8:45 am] BILLING CODE 4810-33-P