Important SAR Confidentiality Reminder
By: Laura Pringle
March 12, 2012
On March 2, 2012, FinCEN released an Advisory, “SAR Confidentiality Reminder for Internal and External Counsel of Financial Institutions” to remind financial institutions, and in particular, the lawyers that advise them, of the requirement to maintain the confidentiality of Suspicious Activity Reports (“SARs”). FinCEN is concerned that an increasing number of private parties, who are not authorized to know of the existence of filed SARs, are seeking SARs from financial institutions for use in civil litigation and other matters. FinCEN is emphasizing that financial institutions, and their current and former directors, officers, employees, agents, and contractors, are prohibited from disclosing SARs, or any information that would reveal the existence of a SAR.
In this advisory FinCEN specifically reminds all financial institutions to be vigilant in maintaining the confidentiality of SARs and states that this includes ensuring all employees, agents, and individuals appropriately entrusted with information in a SAR are informed of the individual’s obligation to maintain SAR confidentiality. FinCEN explains that this obligation applies not only to the SAR itself, but also to information that would reveal the existence (or non-existence) of the SAR. FinCEN also explains that these same individuals should be informed of the consequences for failing to maintain such confidentiality, i.e., both civil and criminal penalties may be imposed for SAR disclosure violations. Violations may be enforced through civil penalties of up to $100,000 for each violation and criminal penalties of up to $250,000 and/or imprisonment up to five years. In addition, in some situations financial institutions could be liable for civil money penalties resulting from anti-money laundering program deficiencies (i.e., internal controls, training, etc.) that led to the SAR disclosure and those penalties could be up to $25,000 per day for each day the violation continues.
FinCEN also suggests that each financial institution may consider including this same information as part of its ongoing training of all employees and that it is also advisable for financial institutions to remind their counsel of the strict requirements of SAR confidentiality. FinCEN suggests that additional risk-based measures to enhance the confidentiality of SARs could include, among other appropriate security measures, limiting access on a “need-to-know” basis, restricting areas for reviewing SARs, logging of access to SARs, using cover sheets for SARs or information that reveals the existence of a SAR, or providing electronic notices that highlight confidentiality concerns before a person may access or disseminate the information.
FinCEN encourages calls to FinCEN’s Office of Chief Counsel and states that “If you or your institution becomes aware of an unauthorized disclosure of a SAR, or if your institution receives a subpoena or other request for a SAR from other than an authorized government authority or self-regulatory organization as defined in the applicable SAR regulations, you should immediately contact FinCEN’s Office of Chief Counsel at (703) 905-3590.” FinCEN also reminds that primary federal regulators also have requirements for notification. Procedures should be in place and reviewed to document your compliance efforts. Additionally, an institution may be required to contact its primary federal regulator, as may be applicable in a corresponding SAR rule.
This Article was also published at Wolters Kluwer’s Compliance Headquarters™ website: www.complianceheadquarters.com.