FinCEN Issues NPRM on Pilot Program for SAR Sharing with Foreign Branches, Affiliates, and Subsidiaries

On January 24, 2022, the Financial Crimes Enforcement Network (FinCEN) issued a Notice of Proposed Rulemaking (NPRM) to solicit comment for a pilot program to permit a financial institution (FI) to share suspicious activity reports (SARs) with its foreign branches, subsidiaries, and affiliates^1,2. In accordance with the Anti-Money Laundering Act of 2020 (AMLA), this SAR sharing program is part of a modernization of the US anti-money laundering (AML) and counter-terrorist financing programs³. Program participants will work with regulators and the intelligence community in establishing best practices for record-keeping and maintaining SAR security and confidentiality. The NPRM seeks comments from the public by March 28, 2022, regarding security and confidentiality concerns, as well as the expected costs and benefits, technical challenges, and merits of quarterly reporting.

Summary

The pilot program expands financial institutions’ existing sharing programs to include the normally prohibited sharing of SARs with their foreign branches, affiliates, and subsidiaries⁴. Participants in the pilot will record what SAR information it shares, maintain the security and confidentiality of the program, and review requests from foreign regulators and law enforcement that seek SAR information⁵.

FinCEN lists details of the application process for the pilot program:

Who can apply?

• US institutions with designated foreign branches, affiliates, or subsidiaries
• Except with prior approval of the Secretary of the Treasury, foreign branches, affiliates, and subsidiaries in China, Russia, and jurisdictions with security concerns such as those with a US Sanctions program are excluded from the program⁶
• Program participants should conduct all compliance activities associated with the pilot program in the US. No offshoring of compliance duties is permitted⁷
• Program participants must submit the purpose and intended use of SAR information and whether the foreign branches, affiliates, and subsidiaries will share reciprocal information⁸
• Each program participant must implement controls, procedures, and record-keeping to track and maintain the security of SARs and SAR information

Reporting Requirements

• Program participants will submit quarterly reports⁹ to facilitate control over the security of SAR information and to monitor the effectiveness of the program¹⁰
• Program participants must notify FinCEN of all requests or demands for SARs or SAR information from foreign law enforcement, foreign regulators, or any other outside foreign party
• FinCEN will work with program participants and limit the sharing of SAR information based on the requirements of state and federal law enforcement, and concerns within the intelligence community

Duration of the Pilot Program

• The SAR sharing program will terminate on January 1, 2024, unless the Secretary of the Treasury extends the program for an additional two years
  

Quarterly Reporting Requirements

As noted above, program participants must submit quarterly reports to FinCEN. FinCEN will use the standardized data to monitor the progress of the program participants and to aggregate and report the information to law enforcement, the intelligence community, and Congress. These reports will inform decisions to extend the program and propose possible new legislation.

Program participants will submit quarterly reports to FinCEN, demonstrating:

• Compliance with the statutory requirements
• Statistics on the number of SARs and related information shared to each branch, affiliate, and subsidiary
• The purpose and use for the information disclosed
• Legal and compliance issues encountered
• Technical challenges
• Whether the program has enhanced compliance capabilities of the institutions involved
• Whether the pilot program has enhanced the institution’s ability to meet FinCEN’s AML and countering the financing of terrorism (CFT) national priorities
• Lessons learned or suggested best practices identified

Program participants should expect FinCEN to require changes to controls and data security. FinCEN will share quarterly report information with law enforcement and the intelligence community and the NPRM discloses that ongoing feedback is expected.  At the conclusion of the program, best practices in data security, and both US and cross-border suspicious activity investigations, will emerge. FinCEN, Congress, or both may act to codify these best practices.

What Does this Mean for Financial Institutions?

Financial institutions can expect an increased focus on international cooperation in AML and CFT compliance. The SAR sharing pilot program is one part of broader focus on modernizing the US counter-terrorist financing and AML regulatory regimes. For instance, the AMLA of 2020 provides the DOJ with enhanced subpoena powers. For US financial institutions providing correspondent account services, the DOJ may request “any records relating to the correspondent account or any account at the foreign bank, including records maintained outside of the United States¹².” As the pilot program will increase cooperation and sharing of suspicious activity with foreign institutions, regulators, and law enforcement, we can expect the DOJ to make use of this new subpoena power as it pursues cross border investigations and enhances international cooperation among governments and financial institutions.

How Guidehouse Can Help

International cooperation and enforcement bring new challenges and new risks. Guidehouse can help financial institutions stay ahead of the US transformation into a more modern and more globally focused regulatory regime. Our team has in-depth knowledge of regulatory environments across the globe, and strategically utilizing, managing, and securing data across borders. Our international teams of professionals can meet these emerging risks, as their areas of relevant expertise include the following:

• Assessment of your current AML/CFT and Sanctions program
• Definition of AML and CFT technology transformation strategy
• Cross-border data security and integrity
• Ongoing system testing and tuning
• Global risk management framework

Guidehouse’s financial crime consultants work with FIs of all sizes to build effective and efficient risk management and compliance frameworks to help clients protect against legal, fiduciary, shareholder, and reputational risk. Guidehouse experts include distinguished former prosecutors, regulators, compliance officers, and consultants, who leverage their combined experience to help clients conquer their compliance challenges.

Special thanks to Benjamin Trent for co-authoring this article.

1 The program defines affiliate as “an entity that controls, is controlled by, or is under common control with another entity.” See, 31 U.S.C. 5318(g)(11)(A).
2  See, 87 FR 3719, available at  https://www.federalregister.gov/documents/2022/01/25/2022-01331/pilot-program-on-sharing-of-suspicious-activity-reports-and-related-information-with-foreign, accessed on January 31, 2022.
3 Ibid.
4  See, 31 U.S.C. 5318(g)(8).
5 See, 87 FR 3722, note 1 supra.
6 See, 31 U.S.C. 5318(g)(8)(C).
7 See, 31 U.S.C. 5318(g)(10).
8 See, 87 FR 3722, note 1 supra.
9  See, “Quarterly Reporting Requirements” section for additional details.
10 See, 87 FR 3723, note 1 supra.
11  See, 87 FR 3722, note 1 supra.
12 See, 31 CFR 1010.670.