FinCEN seeking input on SARs-sharing program with foreign branches

Financial institutions can currently share SARs within their corporation organizational structure with “foreign head offices, controlling companies (whether domestic or foreign), and domestic affiliates,” according to a FinCEN press release. The pilot program proposal, set to be published in the Federal Register on Tuesday, would expand the number of affiliated entities with which financial institutions can share SARs.

The sharing of SARs would still be “limited by the requirements of federal and state law enforcement,” account for “potential concerns of the intelligence community,” and would be “subject to appropriate standards and requirements regarding data security and the confidentiality of personally identifiable information,” the agency said.

The goal for the pilot program is to provide “valuable feedback about the value of such SAR sharing for participating financial institutions and for FinCEN and law enforcement,” the agency said in its press release.

The pilot program would run through Jan. 1, 2024, according to the proposal, and could be extended by up to two additional years. To be extended, the U.S. Treasury Department must submit a report to the Senate Banking Committee justifying its reasoning. The committee must then approve the extension.

The terms of the pilot program would prohibit financial institutions from sharing SARs with foreign branches, subsidiaries, or affiliates located in China, Russia, or any jurisdiction judged to be a state sponsor of terrorism. Exceptions for specific institutions located within China and Russia can be granted by the Secretary of the Treasury, who must notify the Senate Banking Committee why such a determination is in the national security interest of the United States, according to the proposal.

Financial institutions seeking to participate in the pilot program will have to apply to FinCEN and show they have “adequate safeguards” to protect information contained in the reports shared with foreign branches from being compromised. Those safeguards must also include adequate internal controls to protect the privacy of U.S.-based customers.

In applying, financial institutions would have to specifically name which foreign branches, subsidiaries, and affiliates they intend to share SARs with; why they chose those entities; and whether those entities will provide reciprocal information to the parent bank.

Participating institutions would be required to file quarterly reports to FinCEN regarding the SARs that were shared; name and jurisdiction of the entity with which the SARs were shared; any legal or compliance issues encountered; technical difficulties and challenges; and any enhancements to the bank’s anti-money laundering/countering the financing of terrorism programs that result from the organization’s participation in the pilot program.

There would also be certain recordkeeping procedures put in place, to ensure that in the event of an unauthorized disclosure, FinCEN could determine how the information in a SAR was improperly disclosed.

Approval for participation in the pilot program could be withdrawn at any time.

“Grounds for termination could include, but are not limited to, actual, or unreasonable risk of, unauthorized disclosures of SARs and related information; significant internal control deficiencies identified while participating in the pilot program; failure to adhere to the specific requirements for participation; or any other issues that indicate that a participant financial institution is unable to adequately safeguard against unauthorized disclosures of SARs and related information or to ensure adequate data security and confidentiality of personally identifiable information,” according to the proposal.

Comments on the proposal should be submitted to FinCEN by March 28.