4 March 2002 Source: http://www.access.gpo.gov/su_docs/aces/fr-cont.html ------------------------------------------------------------------------- [Federal Register: March 4, 2002 (Volume 67, Number 42)] [Rules and Regulations] [Page 9873-9878] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr04mr02-12] [[Page 9873]] ----------------------------------------------------------------------- Part III Department of the Treasury ----------------------------------------------------------------------- 31 CFR Part 103 Financial Crimes Enforcement Network; Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity; Final Rule and Proposed Rule [[Page 9874]] ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY 31 CFR Part 103 RIN 1506-AA26 Financial Crimes Enforcement Network; Special Information Sharing Procedures to Deter Money Laundering and Terrorist Activity AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury. ACTION: Interim rule. ----------------------------------------------------------------------- SUMMARY: FinCEN, a bureau of the Treasury Department, is issuing regulations to implement the provision in the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 that encourages information sharing among financial institutions for purposes of identifying and reporting activities that may involve terrorist acts or money laundering activities. DATES: This rule is effective March 4, 2002. FOR FURTHER INFORMATION CONTACT: Judith R. Starr, Chief Counsel (FinCEN), (703) 905-3590; William Langford, Senior Counsel for Financial Crimes, Office of the Assistant General Counsel (Enforcement), (202) 622-1932; or Gary W. Sutton, Senior Banking Counsel, Office of the Assistant General Counsel (Banking & Finance), (202) 622-1976 (not toll-free numbers). Financial institutions with questions about their coverage or compliance obligations under this rule should contact their appropriate federal regulator. SUPPLEMENTARY INFORMATION: I. Background On October 26, 2001, the President signed into law the USA PATRIOT Act of 2001 (Public Law 107-56) (the Act). Of the Act's many goals, the facilitation of information sharing among governmental entities and financial institutions for the purpose of combating terrorism and money laundering is of paramount importance. Section 314 of the Act furthers this goal by providing for the sharing of information between the government and financial institutions, and among financial institutions themselves. As with many other provisions of the Act, Congress has charged Treasury with developing regulations to implement these information-sharing provisions. Section 314(b) of the Act permits financial institutions, upon providing notice to Treasury, to share information with one another in order to better identify and report to the federal government concerning activities that may involve money laundering or terrorist activities. This interim rule implements section 314(b). The Congress authorized financial institutions to share information to assist in the identification of suspected terrorists and money launderers only after providing notice to Treasury. The notice provision outlined below--a yearly certification to FinCEN that information will be shared and protected from inappropriate disclosure--combined with the requirement that any money laundering or terrorist activities uncovered be reported to FinCEN or other law enforcement, will allow for the sharing of information while protecting the privacy interests of customers of financial institutions. Published elsewhere in this issue of the Federal Register is a notice of proposed rulemaking that solicits comments on proposed provisions that are identical to this interim rule, as well as proposed regulations to implement the provisions of section 314(a) the Act, which concerns enhanced cooperation between financial institutions and federal law enforcement agencies to detect terrorist and money laundering activities. Please refer to the notice of proposed rulemaking for instructions for submitting comments on the proposed provisions that are identical to this interim rule. II. Analysis of the Interim Rule A. General Definitions Section 103.90--Definitions As noted above, section 314(b) of the Act permits financial institutions, upon providing notice to Treasury, to share information with one another in order to identify and report to the federal government activities that may involve money laundering or terrorist activity. Although section 314 does not define ``money laundering'' or ``terrorist activity,'' each of these terms has well-established definitions. Accordingly, and consistent with the broad intent underlying section 314(b), section 103.90(a) defines ``money laundering'' to mean any activity described in section 1956 or 1957 of title 18, United States Code. Similarly, section 103.90(b) defines ``terrorist activity'' to mean an act of domestic terrorism or international terrorism as defined in section 2331 of title 18, United States Code. B. Information Sharing Among Financial Institutions Section 103.110--Voluntary Information Sharing Among Financial Institutions The Act does not define the term ``financial institution'' for purposes of the information sharing provisions of 314(b). Under the Bank Secrecy Act (BSA), which is concerned with information reporting to detect and prevent financial crimes, the term ``financial institution'' is defined broadly.\1\ Unlike section 314(a), which involves financial institutions responding to requests for information from federal law enforcement agencies,\2\ section 314(b) involves the sharing of information among financial institutions and raises issues concerning information privacy.\3\ For these reasons, Treasury and FinCEN believe that it is appropriate to define the term ``financial institution'' for purposes of section 314(b) in a manner that is most likely to further the identification of terrorist and money laundering activities while minimizing the likelihood that information sharing will inappropriately intrude on the privacy interests of the customers of those institutions. Accordingly, section 103.110(a)(2) defines ``financial institution'' for purposes of section 314(b) to mean (1) a financial institution that is subject to SAR reporting that is not a money services business, which includes banks, savings associations, and credit unions; (2) a broker or dealer registered with the Securities and Exchange Commission under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.); (3) an issuer of traveler's checks or money orders, (4) a registered money transmitter, or (5) an operator of a credit card system that is not a money services business. Treasury and FinCEN specifically request comment, in connection with the proposed rule published elsewhere in this issue of the Federal Register, concerning whether these entities should be included within the definition for purposes of section 314(b) of the Act and regulation section 103.110, and whether the definition should be expanded to include other categories of BSA financial institutions. --------------------------------------------------------------------------- \1\ See 31 U.S.C. 5312(a)(2). \2\ Treasury and FinCEN are proposing to apply section 314(a) to all BSA financial institutions. See the proposed rule implementing section 314(a) published elsewhere in this issue of the Federal Register. \3\ See Act sections 314(b) and (c), which provide protections from federal and State prohibitions on the disclosure of information to financial institutions that engage in information sharing consistent with the requirements of section 314(b) and its implementing regulations. --------------------------------------------------------------------------- [[Page 9875]] Section 103.110(b) provides that upon providing the appropriate certification to Treasury, as described below, a financial institution may share information with other financial institutions regarding individuals, entities, organizations, and countries for purposes of detecting, identifying, or reporting activities that the financial institution or association suspects may involve money laundering or terrorist activity. Because associations of such financial institutions can enhance the sharing of information among its members, this section also permits these associations to participate in the information sharing process. Prior to engaging in information sharing, a financial institution or association of financial institutions must submit to FinCEN a certification described in new Appendix B to 31 CFR part 103, that confirms: the name of the financial institution or association of financial institutions; that the financial institution is a financial institution as defined in section 103.110(a), or in the case of an association, that the association's members that intend to engage in information sharing are financial institutions as defined in section 103.110(a); that the institution or association will maintain adequate procedures to protect the security and confidentiality of such information; that the institution or association will not use any shared information for any purpose other than as authorized in section 103.110; and the identity of a contact person at the financial institution or association for matters pertaining to information sharing. To streamline the certification process, FinCEN has established a special page on its existing Internet website, http://www.treas.gov/ fincen, where financial institutions can enter the appropriate information. If a financial institution or association does not have access to the Internet, the certification may be mailed to FinCEN at the address specified in the rule. By requiring notice to Treasury before information is shared among financial institutions, Congress has injected Treasury into what would otherwise be a purely private communication. The statute did not indicate clearly whether prior notice to Treasury was required before each individual communication or whether a general notice would be sufficient. After considering both the need for flexibility for financial institutions as well as the need to ensure that the right to share information under this section is not being used improperly, Treasury and FinCEN determined that the certification should be effective for a one-year period beginning on the date of the certification. A re-certification, provided to FinCEN in the same manner, is required if a financial institution or association intends to continue to share information. An annual certification will help Treasury determine which financial institutions are sharing information, and it will reinforce the need for financial institutions to protect information shared under this section. Treasury and FinCEN balanced the minimal burden associated with completing the brief electronic or paper certification against its role in protecting the privacy interests of customers of financial institutions. Section 103.110(c) requires each financial institution or association of financial institutions that engages in the sharing of information to maintain adequate procedures to protect the security and confidentiality of such information. This section also provides that information received by a financial institution or association of financial institutions pursuant to this section shall only be used for identifying and reporting on activities that may involve terrorist or money laundering activities, or determining whether to close or maintain an account, or to engage in a transaction. A financial institution that fails to comply with these restrictions on the use of shared information may have its certification revoked or suspended. See 103.110(g). Section 103.110(d) provides that a financial institution or association of financial institutions that engages in the sharing of information and that complies with sections 103.110(b) and (c) shall not be liable to any person under any law or regulation of the United States, under any constitution, law, or regulation of any State or political subdivision thereof, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such sharing, or for any failure to provide notice of such sharing, to an individual, entity, or organization that is the subject of such sharing. Section 103.110(e) provides a means for financial institutions to voluntarily report information to law enforcement concerning suspicious transactions that may relate to money laundering or terrorist activity that may come to the financial institution's attention as a result of discussions with other financial institutions, or otherwise. In order to accord the highest priority to suspected terrorist activity, a financial institution should report such information to FinCEN by calling the Financial Institutions Hotline (1-866-556-3974). The purpose of the Financial Institutions Hotline is to facilitate the immediate transmittal of this information to law enforcement. Financial institutions identifying other suspicious transactions should report such transactions by promptly filing a SAR in accordance with applicable regulations, even if they provide information over the Financial Institutions Hotline. The Financial Institutions Hotline is intended to provide to law enforcement and other authorized recipients of SAR information the essence of the suspicious activity in an expedited fashion. Use of the Financial Institutions Hotline is voluntary and does not affect an institution's responsibility to file a SAR in accordance with applicable regulations. Section 103.110(f) clarifies that voluntary reporting under section 103.110 does not relieve a financial institution from any obligation it may have to file a Suspicious Activity Report pursuant to a regulatory requirement, or to otherwise directly contact a federal agency concerning individuals, entities, or organizations suspected of engaging in money laundering or terrorist activities. Section 103.110(g) provides that a federal regulator of a financial institution, or FinCEN in the case of a financial institution that does not have a federal regulator, may revoke or suspend a certification provided by a financial institution under this section if the regulator or FinCEN determines that the financial institution has failed to comply with the requirements of paragraph (c) of this section. Treasury and FinCEN believe this provision is necessary to preclude further participation in information sharing under the authority of section 103.110 by a financial information that fails to accord confidentiality to shared information, or uses that information for purposes other than as permitted by section 103.110(c). A financial institution with respect to which a certification has been revoked or suspended may not engage in information sharing under this section during the period of such revocation or suspension. III. Administrative Procedure Act In Executive Order 13224 (September 23, 2001), the President found that the continuing and immediate threat of further attacks on the United States constitutes an unusual and extraordinary threat to the national security, foreign policy, and economy of the United States. The interim rule implements statutory provisions intended to prevent terrorist activity by [[Page 9876]] uncovering and disrupting the financing of terrorist acts. In light of the exigent circumstances described in Executive Order 13224, Treasury has determined, pursuant to 5 U.S.C. 553(b), that it would be contrary to the public interest to delay the publication of this rule in final form during the pendency of an opportunity for public comment. For the same reason, pursuant to 5 U.S.C. 553(d), it has been determined that there is good cause for the interim rule to become effective immediately upon publication. IV. Regulatory Flexibility Act The provisions of the Regulatory Flexibility Act, 5 U.S.C. 601 et seq., do not apply to this interim rule because a notice of proposed rulemaking is not required under 5 U.S.C. 553 or any other law. V. Paperwork Reduction Act The requirement in section 103.110(b)(2), concerning notification to FinCEN that a financial institution that intends to engage in information sharing, and the accompanying certification in Appendix B to 31 CFR part 103, do not constitute a collection of information for purposes of the Paperwork Reduction Act. See 5 CFR 1320.3(h)(1). The collection of information contained in section 103.110(e), concerning reports to the federal government as a result of information sharing among financial institutions, will necessarily involve the reporting of a subset of information currently contained in a Suspicious Activity Report (SAR). SAR reporting has been previously reviewed and approved by the Office of Management and Budget (OMB) pursuant to the Paperwork Reduction Act and assigned OMB Control No. 1506-0001. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. VI. Executive Order 12866 This interim rule is not a ``significant regulatory action'' for purposes of Executive Order 12866. Accordingly, a regulatory assessment is not required. List of Subjects in 31 CFR Part 103 Authority delegations (Government agencies), Banks and banking, Currency, Investigations, Law enforcement, Reporting and recordkeeping requirements. Dated: February 26, 2002. James F. Sloan, Director, Financial Crimes Enforcement Network. Authority and Issuance For the reasons set forth in the preamble, 31 CFR part 103 is amended as follows: PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS 1. The authority citation for part 103 is revised to read as follows: Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5331; title III, sec. 314, Pub. L. 107-56, 115 Stat. 307. 2. Add new subpart H to part 103 to read as follows: Subpart H--Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity Sec. 103.90 Definitions. 103.100 Information sharing with federal law enforcement agencies. [Reserved] 103.110 Voluntary information sharing among financial institutions. Subpart H--Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity Sec. 103.90 Definitions. For purposes of this subpart, the following definitions apply: (a) Money laundering means an activity described in 18 U.S.C. 1956 or 1957. (b) Terrorist activity means an act of domestic terrorism or international terrorism as those terms are defined in 18 U.S.C. 2331. Sec. 103.100 Information sharing with federal law enforcement agencies. [Reserved] Sec. 103.110 Voluntary information sharing among financial institutions. (a) Definitions. For purposes of this section: (1) The definitions in Sec. 103.90 apply; (2) The term financial institution means any financial institution described in 31 U.S.C. 5312(a)(2) that: (i) Is subject to a suspicious activity reporting requirement of subpart B of this part and is not a money services business, as defined in Sec. 103.11(uu); (ii) Is a broker or dealer in securities, as defined in Sec. 103.11(f); (iii) Is an issuer of traveler's checks or money orders, as defined in Sec. 103.11(uu)(3); (iv) Is a money transmitter, as defined in Sec. 103.11(uu)(5), and is required to register as such pursuant to Sec. 103.41; or (v) Is an operator of a credit card system and is not a money services business, as defined in Sec. 103.11(uu); and (3) The term association of financial institutions means a group or organization the membership of which is comprised entirely of financial institutions as defined in paragraph (a)(2) of this section. (b) Information sharing among financial institutions--(1) In general. Subject to paragraphs (b)(2) and (g) of this section, a financial institution or an association of financial institutions may engage in the sharing of information with any other financial institution (as defined in paragraph (a)(2) of this section) or association of financial institutions (as defined in paragraph (a) (3) of this section) regarding individuals, entities, organizations, and countries for purposes of detecting, identifying, or reporting activities that the financial institution or association suspects may involve possible money laundering or terrorist activities. (2) Notice requirement--(i) Certification. A financial institution or association of financial institutions that intends to engage in the sharing of information as described in paragraph (b)(1) of this section shall submit to FinCEN a certification described in Appendix B of this part. (ii) Address. Completed certifications may be submitted to FinCEN: (A) By accessing FinCEN's Internet website, http://www.treas.gov/ fincen, and entering the appropriate information as directed; or (B) If a financial institution does not have Internet access, by mail to: FinCEN, PO Box 39, Mail Stop 100, Vienna, VA 22183. (iii) One year duration of certification. Each certification provided pursuant to paragraph (b)(2)(i) of this section shall be effective for the one year period beginning on the date of the certification. In order to continue to engage in the sharing of information after the end of the one year period, a financial institution or association of financial institutions must submit a new certification. (c) Security and confidentiality of information--(1) Procedures required. Each financial institution or association of financial institutions that engages in the sharing of information pursuant to this section shall maintain adequate procedures to protect the security and confidentiality of such information. (2) Use of information. Information received by a financial institution or association of financial institutions pursuant to this section shall not be used for any purpose other than: [[Page 9877]] (i) Detecting, identifying and reporting on activities that may involve terrorist or money laundering activities; or (ii) Determining whether to establish or maintain an account, or to engage in a transaction. (d) Safe harbor from certain liability--(1) In general. A financial institution or association of financial institutions that engages in the sharing of information pursuant to this section shall not be liable to any person under any law or regulation of the United States, under any constitution, law, or regulation of any State or political subdivision thereof, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such sharing, or for any failure to provide notice of such sharing, to an individual, entity, or organization that is identified in of such sharing. (2) Limitation. Paragraph (d)(1) of this section shall not apply to a financial institution or association of financial institutions to the extent such institution or association fails to comply with paragraph (b) or (c) of this section. (e) Information sharing between financial institutions and the federal government--(1) Terrorist activity. If, as a result of information sharing pursuant to this section, a financial institution suspects that an individual, entity, or organization is involved in, or may be involved in terrorist activity, such information should be reported to FinCEN: (i) By calling the toll-free Financial Institutions Hotline (1-866- 556-3974); and (ii) If appropriate, by filing a Suspicious Activity Report pursuant to subpart B of this part or other applicable regulations. (2) Money laundering. If as a result of information sharing pursuant to this section, a financial institution suspects that an individual, entity, or organization is involved in, or may be involved in money laundering, such information should generally be reported by filing a Suspicious Activity Report in accordance with subpart B of this part or other applicable regulations. If circumstances indicate a need for the expedited reporting of this information, a financial institution may use the Financial Institutions Hotline (1-866-556- 3974). (f) No limitation on financial institution reporting obligations. Nothing in this subpart affects the obligation of a financial institution to file a Suspicious Activity Report pursuant to subpart B of this part or any other applicable regulations, or to otherwise directly contact a federal agency concerning individuals or entities suspected of engaging in money laundering or terrorist activities. (g) Revocation or suspension of certification--(1) Authority of federal regulator or FinCEN. Notwithstanding any other provision of this section, a federal regulator of a financial institution, or FinCEN in the case of a financial institution that does not have a federal regulator, may revoke or suspend a certification provided by a financial institution pursuant to paragraph (b)(2) of this section if the concerned federal regulator or FinCEN, as appropriate, determines that the financial institution has failed to comply with the requirements of paragraph (c) of this section. Nothing in this paragraph (g)(1) shall be construed to affect the authority of any federal regulator with respect to any financial institution. (2) Effect of revocation or suspension. A financial institution with respect to which a certification has been revoked or suspended may not engage in information sharing under the authority of this section during the period of such revocation or suspension. 3. The Appendix to part 103 is redesignated as Appendix A to part 103 and the heading is revised to read as follows: Appendix A to Part 103--Administrative Rulings * * * * * 4. Appendix B is added to part 103 to read as follows: Appendix B to Part 103--Certification for Purposes of Section 314(b) of the USA Patriot Act and 31 CFR 103.110 BILLING CODE 4810-02-P [[Page 9878]] [GRAPHIC] [TIFF OMITTED] TR04MR02.026 [FR Doc. 02-5006 Filed 3-1-02; 8:45 am] BILLING CODE 4810-02-C ----------------------------------------------------------------- [Federal Register: March 4, 2002 (Volume 67, Number 42)] [Proposed Rules] [Page 9879-9887] From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr04mr02-27] [[Page 9879]] ----------------------------------------------------------------------- DEPARTMENT OF THE TREASURY 31 CFR Part 103 RIN 1506-AA26, 1506-AA27 Financial Crimes Enforcement Network; Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity AGENCY: Financial Crimes Enforcement Network (FinCEN), Treasury. ACTION: Notice of proposed rulemaking. ----------------------------------------------------------------------- SUMMARY: FinCEN, a bureau of the Treasury Department, is proposing regulations to implement provisions of the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001 that encourage information sharing among financial institutions and federal government law enforcement agencies to identify, prevent, and deter money laundering and terrorist activity. DATES: Written comments on all aspects of the proposed rule must be received on or before April 3, 2002. ADDRESSES: Written comments should be submitted to: Special Information Sharing--Section 314 Comments, PO Box 1618, Vienna, VA 22183-1618. Comments may also be submitted by electronic mail to the following Internet address: regcomments@fincen.treas.gov with the caption in the body of the text, ``Attention: Proposed Rule--Special Information Sharing--Section 314.'' For additional instructions on the submission of comments, see SUPPLEMENTARY INFORMATION under the heading ``Submission of Comments.'' Comments may be inspected at FinCEN between 10 a.m. and 4 p.m., in the FinCEN Reading Room in Washington, DC. Persons wishing to inspect the comments submitted must request an appointment by telephoning (202) 354-6400 (not a toll-free call). FOR FURTHER INFORMATION CONTACT: Judith R. Starr, Chief Counsel (FinCEN), (703) 905-3590; William Langford, Senior Counsel for Financial Crimes, Office of the Assistant General Counsel (Enforcement), (202) 622-1932; or Gary W. Sutton, Senior Banking Counsel, Office of the Assistant General Counsel (Banking & Finance), (202) 622-1976 (not toll-free numbers). Financial institutions with questions about their coverage or compliance obligations under this rule should contact their appropriate federal regulator. SUPPLEMENTARY INFORMATION: I. Background On October 26, 2001, the President signed into law the USA PATRIOT Act of 2001 (Public Law 107-56) (the Act). Of the Act's many goals, the facilitation of information sharing among governmental entities and financial institutions for the purpose of combating terrorism and money laundering is of paramount importance. Section 314 of the Act furthers this goal by providing for the sharing of information between the government and financial institutions, and among financial institutions themselves. As with many other provisions of the Act, Congress has charged Treasury with developing regulations to implement these information-sharing provisions. Section 314(a) of the Act requires regulations encouraging cooperation between financial institutions and the federal government through the exchange of information regarding individuals, entities, and organizations engaged in or reasonably suspected of engaging in terrorist acts or money laundering activities. Section 314(b), on the other hand, permits financial institutions, upon providing notice to Treasury, to share information with one another in order to better identify and report to the federal government concerning activities that may involve money laundering or terrorist activities. First, utilizing the existing and future communication resources of the Financial Crimes Enforcement Network (FinCEN), this proposed rule seeks to create a communication network linking federal law enforcement with the financial industry so that vital information relating to suspected terrorists and money launderers can be exchanged quickly and without compromising pending investigations. FinCEN, a bureau of Treasury, already maintains a government-wide data access service to assist federal, state, and local law enforcement agencies in the detection, prevention, and prosecution of terrorism, organized crime, money laundering, and other financial crimes. Under the proposed rule, federal law enforcement will have the ability to locate accounts of, and transactions conducted by, suspected terrorists or money launderers by providing their names and identifying information to FinCEN, which will then communicate that information to financial institutions so that a check of accounts and transactions can be made. If matches are found, law enforcement can then follow up with the financial institution directly. The rule is intended to formalize and streamline the information sharing and reporting process that the federal government undertook following the attacks of September 11, 2001, by permitting FinCEN to serve as a conduit for information sharing between federal law enforcement agencies and financial institutions. FinCEN is uniquely positioned to serve as the communication gateway under section 314(a). Indeed, it already provides considerable information relating to financial crimes to the financial community in a variety of ways. It issues Suspicious Activity Report (SAR) Bulletins, which digest information drawn from SARs to illustrate indicia of suspicious activity, and SAR Activity Reviews, which present trends, tips and issues in suspicious activity reporting. FinCEN issues advisories to alert the financial community to specific activities and areas that merit enhanced scrutiny, including countries with lax anti- money laundering controls. In addition, FinCEN provides industry guidance on its website. The financial services industry also makes substantial use of FinCEN's regulatory helpline. Second, Congress authorized the sharing of information among financial institutions relating to suspected terrorists and money launderers only after providing notice to Treasury, for the purpose of identifying and reporting to the federal government such activities. The notice provision outlined below--a yearly certification to FinCEN that information will be shared and protected from inappropriate disclosure--combined with the requirement that any money laundering or terrorist activities uncovered be reported to FinCEN or other law enforcement, will allow for the sharing of information while protecting the privacy interests of customers of financial institutions. Given the importance of this information sharing provision, Treasury is issuing simultaneously an interim rule implementing section 314(b), which is published elsewhere in this issue of the Federal Register. The regulatory text of the interim rule and this proposed rule are identical with respect to section 314(b). Nothing in this proposed rule affects the existing authority of federal agencies to obtain information directly from financial institutions, as authorized by law or regulation, pursuant to their own established and approved procedures. Moreover, nothing in the proposed rule affects a financial institution's obligation to file a SAR, or its duty to contact directly a federal agency concerning individuals or entities suspected of engaging in terrorist acts or money laundering activities. [[Page 9880]] II. Analysis of the Proposed Rule A. General Definitions Section 103.90--Definitions As noted above, section 314 authorizes the sharing of information between the federal government and financial institutions, and among financial institutions, for the purpose of identifying possible money laundering or terrorist activities. Although section 314 does not define ``money laundering'' or ``terrorist activity,'' each of these terms has well-established definitions. Accordingly, and consistent with the broad intent underlying section 314, section 103.90(a) defines ``money laundering'' to mean any activity described in section 1956 or 1957 of title 18, United States Code. Similarly, section 103.90(b) defines ``terrorist activity'' to mean an act of domestic terrorism or international terrorism as defined in section 2331 of title 18, United States Code. B. Information Sharing with Federal Law Enforcement Agencies Section 103.100--Information Sharing with Federal Law Enforcement Agencies Under section 314(a) of the Act, Treasury is required to establish procedures to encourage information sharing between financial institutions and federal government authorities concerning accounts and transactions that may be linked to terrorist activity or involve money laundering. Treasury also may require each financial institution to designate persons to serve as contact points to facilitate this information exchange. Section 103.100 is intended to fulfill Treasury's statutory mandate in section 314(a) in a way that will provide a streamlined method for federal law enforcement agencies to uncover money laundering and terrorist financing while minimizing burdens on financial institutions and intrusions on individual privacy. The Act does not define the term ``financial institution'' for purposes of the information sharing provisions of 314(a). Under the Bank Secrecy Act (BSA), which, like section 314(a), is concerned with information reporting to detect and prevent financial crimes, the term ``financial institution'' is defined broadly.\1\ The purpose of section 314(a) is to facilitate the exchange of information between federal law enforcement agencies and financial institutions concerning individuals, entities, and organizations that are engaged in, or reasonably suspected based on credible evidence of engaging in, terrorist acts or money laundering activities. Consistent with this purpose, section 103.100(a) defines ``financial institution'' as any financial institution described in 31 U.S.C. 5312(a)(2). --------------------------------------------------------------------------- \1\ See 31 U.S.C. 5312(a)(2). See also section 314(d)(2) of the Act (requiring the Secretary of the Treasury to distribute certain semiannual reports to financial institutions and incorporating the BSA definition of ``financial institution'') and 18 U.S.C. 2339B(g)(2) (criminal penalties for providing support or resources to foreign terrorists and incorporating by reference the BSA definition of ``financial institution''). --------------------------------------------------------------------------- Section 103.100(b) through (d) establish a mechanism for federal law enforcement agencies investigating money laundering and terrorist activity to use FinCEN as a means of exchanging information with financial institutions about suspected terrorists and persons engaged in money laundering. Section 103.100(b) provides that FinCEN, acting on behalf of a federal law enforcement agency investigating money laundering or terrorist activity, may request any financial institution to search its records to determine whether the financial institution maintains or has maintained accounts for, or has engaged in transactions with, specified individuals, entities, or organizations. FinCEN and the federal law enforcement agency seeking the information will determine the appropriate time period for the records search, depending on the circumstances of the underlying investigation, which will be communicated to financial institutions by FinCEN with the request. Treasury and FinCEN specifically solicit comments from financial institutions concerning the length of time they maintain and/or archive records concerning closed accounts and past transactions, and their ability to access these records for purposes of this section. Section 103.100(c) makes clear that the federal law enforcement agency for which FinCEN makes the request is responsible for determining that the request meets the statutory requirement that it relate to individuals, entities, or organizations engaged in or reasonably suspected based on credible evidence of engaging in terrorist or money laundering activities. Section 103.100(c) requires the requesting federal law enforcement agency to provide FinCEN with a written certification, in such manner and form as FinCEN may prescribe, that each individual, entity, or organization about which the agency is seeking information is engaged in, or reasonably suspected based on credible evidence of engaging in, money laundering or terrorist activity. FinCEN believes this certification requirement establishes sufficient accountability in the requesting federal law enforcement agencies to ensure that such agencies use the authority of the rule in the manner contemplated by the statute. Under the proposed rule, FinCEN has the authority to request information regarding suspected terrorists and money launderers from any financial institution as defined in the BSA notwithstanding that FinCEN has not yet extended BSA regulations to all such financial institutions. While all financial institutions should be on notice that FinCEN may contact them for information after this rules becomes effective, as a practical matter not all financial institutions will receive requests for information. First, because FinCEN does not currently regulate all BSA financial institutions, it does not have contact information effectively to reach large numbers of unregulated financial institutions. The BSA authorizes FinCEN to require financial institutions to file with FinCEN reports of suspicious financial transactions, known as Suspicious Activity Reports (SARs). To date, FinCEN has extended SAR reporting only to a subset of ``financial institutions'' as defined in the BSA. In addition, regulations issued by the federal regulator of certain financial institutions require SAR reporting to FinCEN. Currently, banks, savings associations, credit unions, certain money services businesses (MSBs),\2\ and certain registered securities brokers and dealers \3\ are required to file SARs. In addition, the Act requires Treasury to extend the SAR reporting requirement to all registered securities brokers and dealers by July 1, 2002.\4\ Accordingly, the initial implementation of section 103.100 generally will involve those financial institutions that are subject to SAR reporting. However, other financial institutions may also be requested to provide information to FinCEN on a case-by-case basis. Implementation of section 103.100 will in the future be expanded to include additional [[Page 9881]] categories of financial institutions as FinCEN develops an enhanced communication network with the larger financial community. Moreover, Treasury and FinCEN expect that many requests for information will be targeted to specific subsets of financial institutions based on information already known to law enforcement agencies. For example, if a law enforcement agency knows that an individual suspected of financing terrorism operates in a particular geographic area, or utilizes particular types of financial institutions, FinCEN would target its request for information accordingly. --------------------------------------------------------------------------- \2\ All money services businesses (MSBs) are required to register with the Treasury Department except persons that are MSBs solely because they serve as agents of another MSB; issuers, sellers, and redeemers of stored value; and the U.S. Postal Service. Issuers, sellers, and redeemers of traveler's checks and money orders and money transmitters are subject to the MSB SAR requirement; check cashers and currency dealers and exchangers are not subject to the MSB SAR requirement. \3\ Although FinCEN's existing BSA regulations requiring the filing of SARs do not apply generally to securities brokers and dealers, those securities brokers and dealers that are affiliates or subsidiaries of banks or bank holding companies have been required to report suspicious transactions by virtue of the application to them of rules issued by the federal bank supervisory agencies. \4\ See Act section 356. FinCEN has issued proposed amendments to the BSA regulations to cover all securities brokers and dealers 66 FR 67669 (Dec. 31, 2001). --------------------------------------------------------------------------- Section 103.100(d) sets forth the obligation of financial institutions to comply with a request from FinCEN. This section provides that upon receiving the request, a financial institution shall search its records to determine whether it maintains or has maintained any account for, or has engaged in any transaction with, any individual, entity, or organization named in FinCEN's request. The financial institution's search must cover accounts maintained and transactions engaged in during the time period specified in the request. If a financial institution identifies a matching account or transaction, it must report as soon as possible to FinCEN the identity of the relevant individual, entity, or organization, together with an identification of the account or the type of transaction (such as wire transfer), as well as all identifying information (such as date of birth, address, Social Security number, passport number, etc.) provided by the individual, entity, or organization in connection with the transaction or establishment of the account. This information should be sent to FinCEN via e-mail to patriot@fincen.treas.gov or, if the financial institution does not have access to e-mail, by calling the toll-free the Financial Institutions Hotline (1-866-556-3974), or as FinCEN may otherwise prescribe in the information request. Although the records search required by section 103.100(d) is retrospective, Treasury and FinCEN expect that financial institutions will use the information provided by FinCEN to report to FinCEN concerning any named individual, entity, or organization that subsequently establishes an account or engages in a transaction. Nothing in the rule requires a financial institution to take any action, or to decline to take any action, with respect to an existing account or past transaction with, or to decline to establish a new account for, or to engage in a transaction with, any individual, entity, or organization specified in a request from FinCEN. Indeed, in the interests of law enforcement, the proposed rule prohibits a financial institution from taking any action that could alert an individual, entity or organization that it has been identified by a federal law enforcement agency as engaged in, or suspected of engaging in, terrorist acts, the financing of terrorist acts, or money laundering. Treasury and FinCEN are acutely aware and are highly appreciative of the desire of financial institutions not to knowingly facilitate terrorism or money laundering, and recognize that this desire may at times be in tension with the need not to alert persons that have been identified in a request from FinCEN. If, for example, a financial institution believes that its failure to close an account in connection with an individual, entity, or organization named in a request from FinCEN could facilitate terrorism or money laundering, it may be appropriate for the financial institution to advise FinCEN, which will refer the matter to the concerned federal law enforcement agency. Ultimately, however, the decision whether to close an account or decline a transaction is solely that of the concerned financial institution. Section 314(a) clearly contemplates that information provided by the federal government to financial institutions will be used only for the purposes of that section. Accordingly, the rule also requires financial institutions to maintain adequate procedures to protect the security and confidentiality of information contained in requests from FinCEN. Maintaining the confidentiality of information sent from law enforcement is vital to the success of this information sharing provision and is important to maintaining the privacy interests of the customers of financial institutions. Section 103.100(e) requires a financial institution, upon a request from FinCEN, to designate one person who will receive requests for information from FinCEN and to provide FinCEN with that person's mailing address, e-mail address, telephone number, and facsimile number. When requested, a financial institution may provide this information through FinCEN's website, http://www.treas.gov/fincen, and enter the information as directed, or by sending the information on company letterhead to: FinCEN, PO Box 39, Mail Stop 500, Vienna, VA 22183. A financial institution is not required to provide this information to FinCEN until requested. Section 103.100(f) clarifies the relationship between a financial institution's obligations under the rule and the Right to Financial Privacy Act (RFPA). RFPA generally provides that ``no Government authority may have access to or obtain copies of, or the information contained in the financial records of any customer from a financial institution'' except with the customer's consent or through an administrative or judicial subpoena or a search warrant, or in response to a formal written request. 12 U.S.C. 3402. To obtain access to the records, there must be reason to believe that the records sought are relevant to a legitimate law enforcement inquiry. 12 U.S.C. 3407. There are several bases on which an information request and a responsive disclosure of information required by the rule are exempt from the requirements of RFPA. First, there is an express exception in RFPA for disclosure of financial records or information required to be reported in accordance with any Federal statute or rule promulgated thereunder. 12 U.S.C. 3413(d). As discussed above, section 314(a) of the Act requires Treasury to issue regulations to facilitate the exchange of information between financial institutions and the government regarding those engaged in or reasonably suspected of engaging in terrorist activity and money laundering, and the statute gives Treasury the authority to require a response from financial institutions. Accordingly, information required to be reported under the rule would fall under the statutory exception in RFPA for information required to be reported in accordance with a federal statute and its implementing regulations. In order to clarify that RFPA does not inhibit a financial institution from complying with a request from FinCEN under the rule, section 103.100(f) provides that information that a financial institution is required to report under the rule shall be considered to be information required to be reported in accordance with a federal statute or rule promulgated thereunder, for purposes of the statutory exception to the coverage of RFPA in 12 U.S.C. 3413(d). Second, RFPA applies only to financial records of individuals and to partnerships of five or fewer individuals. Therefore, to the extent an information request under the rule relates to entities and organizations that are not partnerships of five or fewer individuals, RFPA does not apply. Third, RFPA provides that it does not preclude a financial institution from notifying the government of the name or other identifying information [[Page 9882]] concerning any individual, corporation, or account involved in a possible violation of any statute or regulation and the nature of any suspected illegal act. 12 U.S.C. 3403(c). As discussed above, the rule requires only the disclosure of the identity of the concerned individual or entity, and an identification of the account or the type of transaction involved (such as a wire transfer), for which a financial institution has a match with FinCEN's request. In addition, because the disclosure would relate to individuals and entities engaged in or suspected of engaging in terrorist activity or money laundering, the disclosure would relate to a possible violation of statue or regulation. Fourth, section 358 of the Act amended RFPA to expressly provide that its disclosure restrictions do not apply to requests from ``a Government authority authorized to conduct investigations of, or intelligence or counterintelligence analyses related to international terrorism.'' 12 U.S.C. 3414(a)(1)(C). Therefore, to the extent that a request for information made under the rule is made on behalf of such an agency, RFPA's disclosure restrictions do not apply. As discussed above, only federal law enforcement agencies investigating terrorist activities or money laundering are authorized to submit a request to financial institutions through FinCEN. For those inquiries relating to terrorism, the new exception plainly applies. In addition, FinCEN itself is an agency authorized to conduct intelligence and counterintelligence analyses related to international terrorism. As discussed above, section 314 of the Act and the rule authorize new mechanisms to encourage information sharing among the federal government and financial institutions, in addition to those authorized by other laws. Section 103.100(g) clarifies that nothing in the rule affects the authority of a federal agency or officer to obtain information directly from a financial institution. Section 103.100(h) is intended to preserve the confidentiality of law enforcement investigations by prohibiting a financial institution from using information provided by FinCEN for any purpose other than responding to the information request or deciding whether to establish or maintain an account or to engage in a transaction. It also prohibits the disclosure of the fact that FinCEN has requested or obtained information under the rule, except to the extent necessary to comply with the request. Although nothing in this provision would preclude a financial institution from contracting with a third party to search its records on its behalf, Treasury and FinCEN expect that such a contract would include confidentiality and nondisclosure requirements consistent with this provision. In addition, this provision does not preclude a financial institution (as defined in section 103.110(a)(2)) from sharing information received from FinCEN with other such financial institutions in a manner consistent with applicable laws and regulations. Section 103.110--Voluntary Information Sharing Among Financial Institutions As with section 314(a), the Act does not define the term ``financial institution'' for purposes of the information sharing provisions of 314(b). Unlike section 314(a), which involves responding to requests for information from federal law enforcement agencies, section 314(b) involves the sharing of information among financial institutions and presents different issues concerning information privacy.\5\ For these reasons, Treasury and FinCEN believe that it is appropriate to define the term ``financial institution'' for purposes of section 314(b) in a manner that is most likely to further the identification of terrorist and money laundering activities while minimizing the likelihood that information sharing will inappropriately intrude on the privacy interests of the customers of those institutions. Accordingly, section 103.110(a)(2) defines ``financial institution'' for purposes of section 314(b) to mean (1) a financial institution that is subject to SAR reporting that is not a money services business, which includes banks, savings associations, and credit unions; (2) a broker or dealer registered with the Securities and Exchange Commission under the Securities Exchange Act of 1934 (15 U.S.C. 78a et seq.); (3) an issuer of traveler's checks or money orders; (4) a registered money transmitter, or (5) an operator of a credit card system that is not a money services business. Treasury and FinCEN specifically request comment concerning whether these entities should be included within the definition for purposes of section 314(b) of the Act and regulation section 103.110, and whether the definition should be expanded to include other categories of BSA financial institutions. --------------------------------------------------------------------------- \5\ See Act sections 314(b) and (c), which provide protections from federal and State prohibitions on the disclosure of information to financial institutions that engage in information sharing consistent with the requirements of section 314(b) and its implementing regulations. --------------------------------------------------------------------------- Section 103.110(a)(3) defines the term ``association of financial institutions'' to mean a group or organization comprised of financial institutions defined in section 103.110(a)(2). Because associations of such financial institutions can enhance the sharing of information among their members, the rule permits such associations to participate in the information sharing process. Section 103.110(b) provides that upon providing the appropriate certification to Treasury, as described below, a financial institution may share information with other financial institutions regarding individuals, entities, organizations, and countries for purposes of detecting, identifying, or reporting activities that the financial institution or association suspects may involve money laundering or terrorist activity. Prior to engaging in information sharing, a financial institution or association of financial institutions must submit to FinCEN a certification described in new Appendix B to 31 CFR part 103, that confirms: the name of the financial institution or association of financial institutions; that the financial institution is a financial institution as defined in section 103.110(a), or in the case of an association, that the association's members that intend to engage in information sharing are financial institutions as defined in section 103.110(a); that the institution or association will maintain adequate procedures to protect the security and confidentiality of such information; that the institution or association will not use any shared information for any purpose other than as authorized in section 103.110; and the identity of a contact person at the financial institution or association for matters pertaining to information sharing. To streamline the certification process, FinCEN has established a special page on its existing Internet website, http://www.treas.gov/ fincen, where financial institutions can enter the appropriate information. If a financial institution or association does not have access to the Internet, the certification may be mailed to FinCEN at the address specified in the rule. By requiring notice to Treasury before information is shared among financial institutions, Congress has injected Treasury into what would otherwise be a purely private communication. The statute did not indicate clearly whether prior notice to Treasury was required before each individual communication or whether a general notice would be sufficient. After considering both the need for flexibility for financial institutions as well as the need to ensure that the right to share [[Page 9883]] information under this section is not being used improperly, Treasury and FinCEN determined that the certification should be effective for a one-year period beginning on the date of the certification. A re- certification, provided to FinCEN in the same manner, is required if a financial institution or association intends to continue to share information. An annual certification will help Treasury determine which financial institutions are sharing information, and it will reinforce the need for financial institutions to protect information shared under this section. Treasury and FinCEN balanced the minimal burden associated with completing the brief electronic or paper certification against its role in protecting the privacy interests of customers of financial institutions. Section 103.110(c) requires each financial institution or association of financial institutions that engages in the sharing of information to maintain adequate procedures to protect the security and confidentiality of such information. This section also provides that information received by a financial institution or association of financial institutions pursuant to this section shall only be used for identifying and reporting on activities that may involve terrorist or money laundering activities, or determining whether to close or maintain an account, or to engage in a transaction. A financial institution that fails to comply with these restrictions on the use of shared information may have its certification revoked or suspended. See 103.110(g). Section 103.110(d) provides that a financial institution or association of financial institutions that engages in the sharing of information and that complies with sections 103.110(b) and (c) shall not be liable to any person under any law or regulation of the United States, under any constitution, law, or regulation of any State or political subdivision thereof, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such sharing, or for any failure to provide notice of such sharing, to an individual, entity, or organization that is the subject of such sharing. Section 103.110(e) provides a means for financial institutions to voluntarily report information to law enforcement concerning suspicious transactions that may relate to money laundering or terrorist activity that may come to the financial institution's attention as a result of discussions with other financial institutions, or otherwise. In order to accord the highest priority to suspected terrorist activity, a financial institution should report such information to FinCEN by calling the Financial Institutions Hotline (1-866-556-3974). The purpose of the Financial Institutions Hotline is to facilitate the immediate transmittal of this information to law enforcement. Financial institutions identifying other suspicious transactions should report such transactions by promptly filing a SAR in accordance with applicable regulations, even if they provide information over the Financial Institutions Hotline. The Financial Institutions Hotline is intended to provide to law enforcement and other authorized recipients of SAR information the essence of the suspicious activity in an expedited fashion. Use of the Financial Institutions Hotline is voluntary and does not affect an institution's responsibility to file a SAR in accordance with applicable regulations. Section 103.110(f) clarifies that voluntary reporting under section 103.110 does not relieve a financial institution from any obligation it may have to file a Suspicious Activity Report pursuant to a regulatory requirement, or to otherwise directly contact a federal agency concerning individuals, entities, or organizations suspected of engaging in money laundering or terrorist activities. Section 103.110(g) provides that a federal regulator of a financial institution, or FinCEN in the case of a financial institution that does not have a federal regulator, may revoke or suspend a certification provided by a financial institution under this section if the regulator or FinCEN determines that the financial institution has failed to comply with the requirements of paragraph (c). Treasury and FinCEN believe this provision is necessary to preclude further participation in information sharing under the authority of section 103.110 by a financial information that fails to accord confidentiality to shared information, or uses that information for purposes other than as permitted by section 103.110(c). A financial institution with respect to which a certification has been revoked or suspended may not engage in information sharing under this section during the period of such revocation or suspension. IV. Submission of Comments An original and four copies of any comments (other than one sent electronically) must be submitted. All comments will be available for public inspection and copying, and no material in any comment, including the name of any person submitting the comment, will be recognized as confidential. Accordingly, material not intended to be disclosed to the public should not be submitted. V. Regulatory Flexibility Act It is hereby certified that this proposed rule is not likely to have a significant economic impact on a substantial number of small entities. With respect to section 103.100, most financial institutions subject to SAR reporting are larger businesses. Moreover, the burden imposed by the requirement that financial institutions search their records for accounts for, or transactions with, individuals, entities, or organizations engaged in, or reasonably suspected based on credible evidence of engaging in, terrorist activity, is not expected to be significant. Section 103.110 is entirely voluntary on the part of financial institutions and no financial institution is required to share information with other financial institutions. Accordingly, the analysis requirements of the provisions of the Regulatory Flexibility Act (5 U.S.C. 601 et seq.) do not apply. VI. Paperwork Reduction Act The requirement in section 103.100(d)(2), concerning reports by financial institutions in response to a request from FinCEN on behalf of a federal law enforcement agency, is not a collection of information for purposes of the Paperwork Reduction Act. See 5 CFR 1320.4. The requirement in section 103.110(b)(2), concerning notification to FinCEN that a financial institution that intends to engage in information sharing, and the accompanying certification in Appendix B to 31 CFR part 103, do not constitute a collection of information for purposes of the Paperwork Reduction Act. See 5 CFR 1320.3(h)(1). The collection of information contained in section 103.110(e), concerning voluntary reports to the federal government as a result of information sharing among financial institutions, will necessarily involve the reporting of a subset of information currently contained in a Suspicious Activity Report (SAR). SAR reporting has been previously reviewed and approved by the Office of Management and Budget (OMB) pursuant to the Paperwork Reduction Act and assigned OMB Control No. 1506-0001. An agency may not conduct or sponsor, and a person is not required to respond to, a collection of information unless it displays a currently valid OMB control number. [[Page 9884]] VII. Executive Order 12866 This proposed rule is not a ``significant regulatory action'' for purposes of Executive Order 12866. Accordingly, a regulatory assessment is not required. List of Subjects in 31 CFR Part 103 Authority delegations (Government agencies), Banks and banking, Currency, Investigations, Law enforcement, Reporting and recordkeeping requirements. Dated: February 26, 2002. James F. Sloan, Director, Financial Crimes Enforcement Network. Proposed Amendments to the Regulations For the reasons set forth above, FinCEN proposes to amend 31 CFR part 103 as follows: PART 103--FINANCIAL RECORDKEEPING AND REPORTING OF CURRENCY AND FOREIGN TRANSACTIONS 1. The authority citation for part 103 is revised to read as follows: Authority: 12 U.S.C. 1829b and 1951-1959; 31 U.S.C. 5311-5331; title III, sec. 314, Pub. L. 107-56, 115 Stat. 307. 2. Add new subpart H to part 103 to read as follows: Subpart H--Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity Sec. 103.90 Definitions. 103.100 Information sharing with federal law enforcement agencies. 103.110 Voluntary information sharing among financial institutions. Subpart H--Special Information Sharing Procedures To Deter Money Laundering and Terrorist Activity Sec. 103.90 Definitions. For purposes of this subpart, the following definitions apply: (a) Money laundering means an activity described in 18 U.S.C. 1956 or 1957. (b) Terrorist activity means an act of domestic terrorism or international terrorism as those terms are defined in 18 U.S.C. 2331. Sec. 103.100 Information sharing with federal law enforcement agencies. (a) Definitions. For purposes of this section: (1) The definitions in Sec. 103.90 apply; and (2) The term financial institution means any financial institution described in 31 U.S.C. 5312(a)(2). (b) Requests for information relating to money laundering or terrorist activities. On behalf of a federal law enforcement agency investigating money laundering or terrorist activity, FinCEN may require any financial institution to search its records to determine whether the financial institution maintains or has maintained accounts for, or has engaged in transactions with, any specified individual, entity, or organization. (c) Certification requirement. Prior to FinCEN requesting information pursuant to paragraph (b) of this section, the federal law enforcement agency shall provide FinCEN with a written certification, in such form and manner as FinCEN may prescribe, that each individual, entity, or organization about which the agency is seeking information is engaged in, or reasonably suspected based on credible evidence of engaging in, money laundering or terrorist activity. (d) Reporting by financial institutions.--(1) Record search required. Upon receiving a request from FinCEN, a financial institution shall search its records to determine whether it maintains or has maintained any account for, or has engaged in any transaction with, each individual, entity, or organization named in FinCEN's request. The search shall cover the time period specified in FinCEN's request. (2) Report to FinCEN required.--(i) In general. If a financial institution identifies an account or transaction identified with any individual, entity, or organization named in a request from FinCEN, it shall report the information specified in paragraph (d)(2)(ii) of this section to FinCEN as soon as possible via e-mail to patriot@fincen.treas.gov or, if the financial institution does not have access to e-mail, by calling the toll-free the Financial Institutions Hotline (1-866-556-3974), or by such other means as FinCEN may specify in the request. (ii) Information required to be reported. A financial institution shall report the following information to FinCEN: (A) Account. If the financial institution identifies one or more accounts identified with any individual, entity, or organization named in a request from FinCEN, it shall report to FinCEN: (1) The identity of such individual, entity, or organization; (2) The number of each such account; and (3) All identifying information provided by the account holder in connection with the establishment of each such account (such as Social Security number, taxpayer identification number, passport number, date of birth, and address). (B) Transaction. If the financial institution identifies one or more transactions (not involving an account) identified with any individual, entity, or organization named in a request from FinCEN, it shall report to FinCEN: (1) The identity of such individual, entity, or organization; (2) The date and type of each such transaction; and (3) All identifying information provided by such individual, entity, or organization in connection with each such transaction (such as Social Security number, taxpayer identification number, passport number, date of birth, and address). (3) No other action required. Nothing in this section shall be construed to require a financial institution to take any action, or to decline to take any action, with respect to an account established for, or a transaction engaged in with, an individual, entity, or organization named in a request from FinCEN, or to decline to establish an account for, or to engage in a transaction with, any such individual, entity, or organization. (e) Designation of contact person. FinCEN may request a financial institution to identify one person to receive requests for information from FinCEN pursuant to paragraph (b) of this section. When requested by FinCEN, a financial institution shall provide to FinCEN the name, title, mailing address, e-mail address, telephone number, and facsimile number of such person, and such other information as FinCEN may request, in such manner as FinCEN shall specify. (f) Relation to the Right to Financial Privacy Act. The information that a financial institution is required to report pursuant to paragraph (d) of this section shall be considered to be information required to be reported in accordance with a federal statute or rule promulgated thereunder, for purposes of section 3413(d) of the Right to Financial Privacy Act (12 U.S.C. 3413(d)). (g) No effect on law enforcement or regulatory investigations. Nothing in this subpart affects the authority of a federal agency or officer to obtain information directly from a financial institution. (h) Use, disclosure, and security of information request. (1) A financial institution shall not use information provided by FinCEN pursuant to this section for any purpose other than: (i) Reporting to FinCEN as provided in this section; or [[Page 9885]] (ii) Determining whether to establish or maintain an account, or to engage in a transaction. (2)(i) A financial institution shall not disclose to any person, other than FinCEN or the federal law enforcement agency on whose behalf FinCEN is requesting information, the fact that FinCEN has requested or obtained information under this subpart H, except to the extent necessary to comply with such an information request. (ii) Notwithstanding paragraph (h)(2)(i) of this section, a financial institution authorized to share information under Sec. 103.110 may share information concerning an individual, entity, or organization named in a request from FinCEN in accordance with the requirements of such section. (3) Each financial institution shall maintain adequate procedures to protect the security and confidentiality of requests from FinCEN for information under this section. Sec. 103.110 Voluntary information sharing among financial institutions. (a) Definitions. For purposes of this section: (1) The definitions in Sec. 103.90 apply; (2) The term financial institution means any financial institution described in 31 U.S.C. 5312(a)(2) that: (i) Is subject to a suspicious activity reporting requirement of subpart B of this part and is not a money services business, as defined in Sec. 103.11(uu); (ii) Is a broker or dealer in securities, as defined in Sec. 103.11(f); (iii) Is an issuer of traveler's checks or money orders, as defined in Sec. 103.11(uu)(3); (iv) Is a money transmitter, as defined in Sec. 103.11(uu)(5), and is required to register as such pursuant to Sec. 103.41; or (v) Is an operator of a credit card system and is not a money services business, as defined in Sec. 103.11(uu); and (3) The term association of financial institutions means a group or organization the membership of which is comprised entirely of financial institutions as defined in paragraph (a)(2) of this section. (b) Information sharing among financial institutions.--(1) In general. Subject to paragraphs (b)(2) and (g) of this section, a financial institution or an association of financial institutions may engage in the sharing of information with any other financial institution (as defined in paragraph (a)(2) of this section) or association of financial institutions (as defined in paragraph (a)(3) of this section) regarding individuals, entities, organizations, and countries for purposes of detecting, identifying, or reporting activities that the financial institution or association suspects may involve possible money laundering or terrorist activities. (2) Notice requirement.--(i) Certification. A financial institution or association of financial institutions that intends to engage in the sharing of information as described in paragraph (b)(1) of this section shall submit to FinCEN a certification described in Appendix B of this part. (ii) Address. Completed certifications may be submitted to FinCEN: (A) By accessing FinCEN's Internet website, http://www.treas.gov/ fincen, and entering the appropriate information as directed; or (B) If a financial institution does not have Internet access, by mail to: FinCEN, PO Box 39, Mail Stop 100, Vienna, VA 22183. (iii) One year duration of certification. Each certification provided pursuant to paragraph (b)(2)(i) of this section shall be effective for the one year period beginning on the date of the certification. In order to continue to engage in the sharing of information after the end of the one year period, a financial institution or association of financial institutions must submit a new certification. (c) Security and confidentiality of information.--(1) Procedures required. Each financial institution or association of financial institutions that engages in the sharing of information pursuant to this section shall maintain adequate procedures to protect the security and confidentiality of such information. (2) Use of information. Information received by a financial institution or association of financial institutions pursuant to this section shall not be used for any purpose other than: (i) Detecting, identifying and reporting on activities that may involve terrorist or money laundering activities; or (ii) Determining whether to establish or maintain an account, or to engage in a transaction. (d) Safe harbor from certain liability.--(1) In general. A financial institution or association of financial institutions that engages in the sharing of information pursuant to this section shall not be liable to any person under any law or regulation of the United States, under any constitution, law, or regulation of any State or political subdivision thereof, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such sharing, or for any failure to provide notice of such sharing, to an individual, entity, or organization that is identified in such sharing. (2) Limitation. Paragraph (d)(1) of this section shall not apply to a financial institution or association of financial institutions to the extent such institution or association fails to comply with paragraph (b) or (c) of this section. (e) Information sharing between financial institutions and the federal government.--(1) Terrorist activity. If, as a result of information sharing pursuant to this section, a financial institution suspects that an individual, entity, or organization is involved in, or may be involved in terrorist activity, such information should be reported to FinCEN: (i) By calling the toll-free Financial Institutions Hotline (1-866- 556-3974); and (ii) If appropriate, by filing a Suspicious Activity Report pursuant to subpart B of this part or other applicable regulations. (2) Money laundering. If as a result of information sharing pursuant to of this section, a financial institution suspects that an individual, entity, or organization is involved in, or may be involved in money laundering, such information should generally be reported by filing a Suspicious Activity Report in accordance with subpart B of this part or other applicable regulations. If circumstances indicate a need for the expedited reporting of this information, a financial institution may use the Financial Institutions Hotline (1-866-556- 3974). (f) No limitation on financial institution reporting obligations. Nothing in this subpart affects the obligation of a financial institution to file a Suspicious Activity Report pursuant to subpart B of this part or any other applicable regulations, or to otherwise directly contact a federal agency concerning individuals or entities suspected of engaging in money laundering or terrorist activities. (g) Revocation or suspension of certification.--(1) Authority of federal regulator or FinCEN. Notwithstanding any other provision of this section, a federal regulator of a financial institution, or FinCEN in the case of a financial institution that does not have a federal regulator, may revoke or suspend a certification provided by a financial institution pursuant to paragraph (b)(2) of this section if the concerned federal regulator or FinCEN, as appropriate, determines that the financial institution has failed to comply with the requirements of paragraph (c) of this section. Nothing in this paragraph (g)(1) shall be construed to affect the authority of any federal regulator with respect to any financial institution. [[Page 9886]] (2) Effect of revocation or suspension. A financial institution with respect to which a certification has been revoked or suspended may not engage in information sharing under the authority of this section during the period of such revocation or suspension. 3. The Appendix to part 103 is redesignated as Appendix A to part 103 and the heading is revised to read as follows: Appendix A to Part 103--Administrative Rulings * * * * * 4. Appendix B is added to part 103 to read as follows: Appendix B to Part 103--Certification for Purposes of Section 314(b) of the USA PATRIOT Act and 31 CFR 103.110 BILLING CODE 4810-02-P [[Page 9887]] [GRAPHIC] [TIFF OMITTED] TP04MR02.027 [FR Doc. 02-5007 Filed 3-1-02; 8:45 am] BILLING CODE 4810-02-C ------------------------------------------------------------------