William J. Showalter, CRCM, CRP, is a Senior Consultant with Young & Associates, Inc. (younginc.com), with over 35 years of experience in compliance consulting, advising and assisting financial institutions on consumer compliance and compliance management issues. He also develops and conducts compliance training programs for individual banks and their trade associations and has authored or co-authored numerous compliance publications and articles. Bill can be reached at wshowalter@younginc.com. In situations involving violations that require immediate attention, such as when a reportable violation involves terrorist activity or is ongoing, the financial institution must immediately notify, by telephone, an appropriate law enforcement authority and financial institution supervisory authorities, as well as filing a timely SAR. than one financial institution may provide a more detailed and complete narrative of a particular set of transactions. • Facilitates more efficient SAR reporting decisions by participating financial institutions by providing them with a more complete picture of activity and informing the decision to file or not file a SAR. • Benefits law enforcement and the financial industry by identifying and aiding in detecting money laundering and terrorist financing methods and schemes. How to participate Sharing of information between financial institutions is entirely voluntary. A “financial institution” or “association of financial institutions” must take action to participate in 314(b) information sharing. A participating institution or association may “transmit, receive, or otherwise share information with any other financial institution or association of financial institutions regarding individuals, entities, organizations, and countries for purposes of identifying and, where appropriate, reporting activities that the financial institution or association suspects may involve possible terrorist activity or money laundering.” There are four main requirements a participating financial institution or association must fulfill to take advantage of the safe harbor from civil liability for sharing covered information. These requirements are: • A financial institution or association that intends to share information must submit to FinCEN a notice described on FinCEN’s website, fincen.gov. Each such notice to FinCEN is effective for the one-year period beginning on the date of the notice. To continue to engage in the sharing of information after the end of the one-year period, a financial institution or association must submit a new notice. Completed notices may be submitted to FinCEN by accessing FinCEN’s website and entering the appropriate information as directed. If a financial institution does not have internet access, the notice may be submitted by mail. • Before sharing such information, a financial institution or an association of financial institutions must take reasonable steps to verify that the other financial institution or association with which it intends to share information has submitted to FinCEN the required notice. A financial institution or association may satisfy this verification requirement by confirming that the other financial institution or association appears on a list that FinCEN will periodically make available to financial institutions or associations of financial institutions that have filed a notice with it or by confirming directly with the other financial institution or association that the requisite notice has been filed with FinCEN. • Information received by a financial institution or association under this process must not be used for any purpose other than identifying and, where appropriate, reporting on money laundering or terrorist activities; determining whether to establish or maintain an account or to engage in a transaction; or assisting the financial institution in complying with any requirement of the Bank Secrecy Act (BSA) regulation. • Each financial institution or association that shares information under this process must maintain adequate procedures to protect the security and confidentiality of such shared information. These security requirements will be considered satisfied to the extent that a financial institution applies to such information procedures that it has established to satisfy the requirements of section 501 of the Gramm-Leach-Bliley Act (GLBA) and applicable information security regulations issued under the GLBA concerning the protection of its own customers’ nonpublic personal information. If information sharing under this process causes a financial institution to know, suspect, or have reason to suspect that an individual, entity, or organization is involved in or may be involved in terrorist activity or money laundering, the institution must file a SAR (assuming the institution is subject to SAR requirements). In situations involving violations that require immediate attention, such as when a reportable violation involves terrorist activity or is ongoing, the financial institution must immediately notify, by telephone, an appropriate law enforcement authority and financial institution supervisory authorities, as well as filing a timely SAR. If a financial institution is interested in taking advantage of the benefits of 314(b) information sharing with other financial institutions to help its BSA/AML compliance, it should be sure that its BSA/AML policies and procedures have appropriate provisions covering this sharing. The bank also needs to designate a point of contact for the sharing and ensure that its affected staff is given relevant training. cbak.com 9 In Touch
RkJQdWJsaXNoZXIy ODQxMjUw