The goal of my article is to help BSA staff have a clearer understanding of the differences between mandatory and voluntary information sharing. TCA’s BSA Action Team (BAT) wants to point out some key observations based on our BSA audits.
In BSA, information requests are commonly referred to as sections 314(a) and 314(b) of the USA Patriot Act. Section 314(a) requires financial institutions to react to mandatory information sharing requests issued by FinCEN compiled by various law enforcement agencies. Section 314(b) enables financial institutions to voluntarily share potentially critical BSA information with others under a safe harbor that offers protections from privacy liabilities.
Voluntary information sharing lowers a financial institution’s accountholder risks at banks that participate. The concept is to allow for an exchange of information between financial institutions to identify and thwart potential money laundering or terrorist activities.
The chart below illustrates some key differences between 314(a) and 314(b):
|Key Elements||Section 314(a)||Section 314(b)|
|Point of Contact||Designated through the federal or state regulator||Registration through the FinCEN website|
|Permitted number of contacts at financial institution||Four||Unlimited FinCEN|
|Registration Requirements||Update as contacts are changed||Annual registration required|
|Information sharing||Provided to FinCEN, subsequently to other law enforcement agencies||Other participating financial institutions|
|Record-keeping Requirements||Documentation of responses to search requests||Documentation of information requests made and received|
|Written Policies and Procedures||Yes||Yes|
314(a) Mandatory Sharing Searches
Typically, 314(a) electronic files come from FinCEN through the Secure Information Sharing System (SISS) on a bi-weekly basis. Registered users use the individual and business names to search their records immediately upon receipt of the list. If the search yields no true match, financial institutions document the search and maintain this record for five years.
Periodically, we see institutions delaying and not beginning its searches immediately. The regulation requires that the searches timely report true matches within 14 days of the request date using the SISS site.
A match does not automatically trigger filing a SAR. A financial institution should follow internal investigation procedures and treat this as a red flag, prompting an investigation that possibly results in a SAR filing. Often, we see a 314(a) match reported to FinCEN, but no investigation. This is one of the red flags that should warrant further review. Based on the investigation, the analysis needs to be thoroughly documented to support the conclusion to file or not to file a SAR. Examiners will need to be convinced that a SAR filing is unnecessary.
Also, make sure you have included all applicable business lines. TCA finds institutions unintentionally skipping business areas in our Independent Audits. Ask yourself these questions:
- Do you have a trust or wealth management area? Are they subject to 314(a) searches?
- Do you have a mortgage company or are loans in a separate core database?
- Do you have non-customer transactions that would be subject to 314(a)?
It is important to know whether these databases need to be included for 314(a) searches and may require manual review or searches using a different system than the bank’s primary core system.
There can be special requests occurring outside of the typical bi-weekly timeframe. Often, financial institutions are accustomed to bi-weekly requests and can easily overlook these unexpected additional requests. As a result, make sure staff is monitoring the e-mails for special notifications.
Searching Beneficial Owners under Section 314(a) is another area often not referenced in BSA policy and procedures. FinCEN issued guidance on individuals who are beneficial owners and not considered customers. The 2016 FinCEN CDD FAQs address 314(a) in FAQ 24:
Q: Do covered financial institutions now have additional obligations under Section 314(a) for beneficial ownership information?
A: FinCEN does not expect the information obtained under the CDD Rule to add additional 314(a) requirements for financial institutions. The regulation implementing section 314(a) does not require the reporting of beneficial ownership information associated with an account or transaction matching a named subject in a 314(a) request. Covered financial institutions are required to search their records for accounts or transactions matching a named subject and report whether a match exists using the identifying information provided in the request.
A key point – Ensure your 314(a) procedures include beneficial ownership procedures. Although FinCEN states you do not need to report a match, at a minimum this constitutes a red flag to investigate.
314(b) Voluntary Information Sharing Participation Often Overlooked
Voluntary information sharing under Section 314(b) is designed to assist in identifying, investigating and reporting suspicious activity that may involve money laundering or terrorist financing. As stated in the summary chart above, participating financial institutions must register with FinCEN. Most bigger institutions have enrolled while smaller institutions have elected not to participate. FinCEN says this is an underused due diligence tool, which is a surprise since institutions urged Congress to allow inter-institution sharing when the USA Patriot Act was being written. Most institutions believe the requirements to maintain appropriate written policies and procedures for making a sharing request, responding to other requests, safeguarding the confidentiality of the shared information, and annual re-enrollment are too burdensome to justify participating – especially when sharing requests may be infrequent.
However, FinCEN published a Section 314(b) Fact Sheet, which extols the benefits of participating and “strongly encourages” enrollment. According to FinCEN, participation can assist the BSA researcher in obtaining additional information to support SAR narratives. FinCEN’s Resource Center Insights acknowledges an increase of 44% in SAR references to 314(b) from 2015 to 2016. This increase in usage may suggest that more financial institutions are realizing the value in the 314(b) voluntary sharing as a due diligence tool.
As an enrollee, a financial institution receiving an information request would be prompted to determine whether any transactions occurring at its bank were also suspicious; this may aid in the detection of unusual activity at the bank which may not have been previously identified. Reaching out to another financial institution for explanation or clarification of activity may allow a researcher to determine whether activity previously thought to be unusual is easily explainable. This could avoid a string of “defensive” SAR filings.
If your institution is considering broadening its search for due diligence information, it needs internal controls that include:
- Establish policies, procedures and processes.
- Create a tickler or designate an employee to be responsible for renewing the annual employee(s) registration. (Lack of annual registrations is a common audit finding.)
- Have processes to verify the other financial institution is registered before initiating/responding to a 314(b) request.
- Maintain logs of the information requests made and received. Consider including the financial institution’s name, date, and contact name, and perhaps a general description of the type of activity being considered.
- Ensure the nonpublic personal information of customers is protected. The procedures to ensure confidentiality will be considered adequate if the financial institution applies procedures like the ones it has established to comply with section 501 of the Gramm-Leach-Bliley Act (15 USC 6801) for the protection of its customers’ nonpublic personal information.
- Only use 314(b) channels to determine whether to establish or maintain an account, to engage in a transaction, or to assist in BSA compliance.
- Consider receipt of an information request as a red flag, prompting your financial institution to conduct its own investigation of the mentioned account(s) to access any internal unusual activity at your institution and document results.
- Indicate if information sharing assisted in identifying activity in the SAR narrative.
- Understand that the sharing of transaction and customer information is protected by a safe harbor; the fact that a SAR is or was filed, or the SAR itself must not be shared. Discuss the activity, not the filing.
- Be aware of activity that requires immediate attention from law enforcement (such as terrorist activity). Pick up the phone and contact law enforcement, then continue with your investigation and file a SAR, if warranted. Don’t assume a SAR filing will come to anyone’s immediate attention.
While there may be some enhanced documentation and recordkeeping requirements involved in participating in 314(b) information sharing, many institutions find it helpful to have another resource to consult when trying to determine whether an activity is suspicious.
If you are already registered to participate in 314(b), don’t be afraid to take advantage of it. The information you receive could be extremely helpful in enhancing your understanding of your customer’s activity. Don’t forget to review your processes and procedures annually to include the items listed above.
There are differences between 314(a) and 314(b), but the common thread is more communication. Sections 314(a) and 314(b) are just two information sharing rules that give BSA staff more knowledge about activity that is normal or consistent with an account.
TCA’s BAT has the resources to mentor new BSA employees, conduct training, evaluate programs and make enhancements. Also, we stress test internal controls and conduct Independent Audits. Call TCA’s BAT to discuss how we customize services to keep BSA programs running smoothly.