Breaking Down the New Interagency SAR FAQ
The regulatory agencies are back with yet another noteworthy development relating to Bank Secrecy Act (BSA) and Anti-Money Laundering (AML) compliance. This time, the development comes in the form of a Frequently Asked Questions (FAQ) document from FinCEN, the National Credit Union Administration (NCUA) and other financial regulators.
The FAQ focuses mostly on requirements relating to the filing of Suspicious Activity Reports (SARs). While the contents of the FAQ are not exactly groundbreaking, they do provide clarity regarding interpretation of BSA requirements. Several questions discuss situations in which a credit union is not required to file a SAR, which may be helpful to credit unions when dealing with examiners.
Let’s dive into the contents of this FAQ:
Filling Out a SAR. Questions Six and Seven both deal with the technical process for writing and filing a SAR. In Question Six, the agencies state a credit union does not need to repeat information in the SAR narrative if that information has already been provided in the SAR data fields. Instead, the SAR narrative should focus on the information needed to allow the reader to understand the suspicious activity described. Information may be repeated if it helps to more clearly describe the activity reported. The document also notes the SAR narrative may benefit from information that is not found in the data fields.
Question Seven discusses whether credit unions that reach the character limit for the SAR narrative should file additional SARs to continue the narrative. The agencies state credit unions should not do that. Instead, they say credit unions should focus their SAR narratives only on the relevant information and try to stay within the character limit. A credit union may include an attachment to a SAR or note that additional information is available in supporting documents. The document also notes a credit union may include a CSV file for information presented in a tabular format, but the SAR and its supporting documentation (including a CSV file) must be retained for five years under agency regulations.
Grand Jury Subpoenas and Law Enforcement Inquiries. The second question in the FAQ discusses whether receipt of a grand jury subpoena or law enforcement inquiry would require a credit union to file a SAR. The agencies respond that those events, by themselves, do not require a SAR. However, the document does note “receipt of a grand jury subpoena or other law enforcement inquiry is pertinent information relevant to a [credit union’s] overall assessment of risk and the risk profile for the relevant customer(s) and account(s).” A credit union that receives such a subpoena or inquiry may want to review the transactions or activities of the customers or accounts in question, and may decide a SAR is necessary after conducting such a review. According to the FAQ, SARs filed after such a review should focus on the facts and circumstances uncovered by the review; not on the subpoena or law enforcement inquiry itself.
Negative News Alerts. The fourth and fifth questions in the document focus on negative news about a member or other activity at the financial institution. Question Four states negative news about a member does not, by itself, require the credit union to file a SAR. Like the discussion of subpoenas and law enforcement inquiries (above), the document notes negative news may cause a credit union to take a closer look at the member, the member’s activities, and related information. A credit union may decide a SAR is necessary after such a review of the member and the account.
Question Five provides that a credit union is not required to investigate each individual negative news alert. Instead, the FAQ explains a credit union “may consider whether the alert contains new or different information that warrants further investigation or whether the negative news otherwise assists or informs the evaluation of the activity at issue.” The answer also discusses how credit unions have flexibility in developing procedures and processes for complying with customer due diligence requirements, and that some institutions have developed processes for handling a large volume of alerts.
Closing Accounts or Keeping Them Open. The first question discusses whether a credit union can maintain a relationship when the credit union has received a “keep open” request from law enforcement regarding the member or the account. The agencies state a credit union may maintain the relationship in such a situation, but that a credit union is not required to do so. Ultimately, the decision regarding whether to comply with such a request “should be made by the [credit union] in accordance with its own policies, procedures, and processes.” The FAQ also says that a credit union should not be criticized solely for its decision to comply – or not comply – with a “keep open” request.
The third questions discusses whether a credit union is required to terminate a customer relationship following the filing of one or more SARs. The answer provides that a credit union is not required to terminate a relationship with a member simply due to SAR filings. Instead, the document notes that credit unions may want to update a member’s risk profile based upon SARs filed, and may have an escalation process for decisions relating to maintaining or closing the account.
Notably, the document is addressed to all financial institutions, and is not specific to credit unions. The discussions around terminating the relationship apply differently for credit unions. The member relationship provides protections above and beyond those afforded to customers of banks, including the Federal Credit Union’s Act’s limits on a federal credit union’s ability to expel its members. Thus, terminating the entire member relationship may be more complicated for a federal credit union than it would be for other financial institutions When making the decision to close accounts or take other action, federal credit unions may need to determine if such action could amount to constructive expulsion of a member, as that could result in a violation of the FCU Act.
Any clarification regarding BSA requirements is welcome news for credit unions. 2021 is looking to be a busy year for BSA/AML regulatory activity. NAFCU will continue to watch for developments and update credit unions about their effects.
About the Author
Nick St. John, NCCO, NCBSO, Director of Regulatory Compliance, NAFCU
Nick St. John, was named Director of Regulatory Compliance in August 2022. In this role, Nick helps credit unions with a variety of compliance issues.