Compliance Blog

Mar 15, 2012

FinCEN Issues Advisory on SAR Confidentiality

Written by Bernadette Clair, Regulatory Compliance Counsel

FinCEN released an advisory on March 2, 2012, reminding financial institutions, and the lawyers that advise them, of the requirement to maintain SAR confidentiality.  Apparently, there has been an uptick in the number of private parties seeking SARs from financial institutions – private parties who shouldn’t know a SAR exists.

FinCEN’s advisory is a stern reminder that financial institutions, and their current and former directors, officers, employees, agents, and contractors, are prohibited from disclosing SARs, or any information that would reveal the existence of a SAR.  In addition, civil and criminal penalties can be imposed for the unauthorized disclosure of a SAR.  From the advisory:

“FinCEN reminds financial institutions to be vigilant in maintaining the confidentiality of SARs. This includes ensuring all employees, agents, and individuals appropriately entrusted with information in a SAR are informed of the individual obligation to maintain SAR confidentiality. This obligation applies not only to the SAR itself, but also to information that would reveal the existence (or non-existence) of the SAR. Likewise, such persons should be informed of the consequences for failing to maintain such confidentiality, which could include civil and criminal penalties as explained herein.

A financial institution may consider including such information as part of its ongoing training of all employees. Furthermore, financial institutions may want to remind their counsel of the strict requirements of SAR confidentiality. Additional risk-based measures to enhance the confidentiality of SARs could include, among other appropriate security measures, limiting access on a "need-to-know" basis, restricting areas for reviewing SARs, logging of access to SARs, using cover sheets for SARs or information that reveals the existence of a SAR, or providing electronic notices that highlight confidentiality concerns before a person may access or disseminate the information.”

My takeaway:  It might be a good idea to review the internal controls you have in place to protect SAR confidentiality – you don’t want to be the weak link.

***

Tomorrow I’ll be speaking at compliance school on BSA/OFAC compliance.  For those of you taking the NCCO certification exams…study hard, the end is in sight!

With NAFCU staff at school this week, keep in mind that response times to compliance questions may be a little longer than usual.