United States: Federal Banking Agencies Seek Greater Flexibility In Granting Exemptions From SAR Requirements

Last week, the Office of the Comptroller of the Currency (OCC) and the Federal Deposit Insurance Corporation (FDIC) invited comment on proposed rules that would permit the banking agencies greater leeway in issuing exemptions to supervised financial institutions from suspicious activity report (SAR) filing, confidentiality, and recordkeeping requirements.¹ The proposed rules have two primary objectives: (1) to further encourage and permit financial institutions to develop innovative technological solutions to satisfy their Bank Secrecy Act (BSA) obligations with greater efficiency and effectiveness; and (2) to cure a disparity in which the Financial Crimes Enforcement Network (FinCEN) might exempt a financial institution that is testing innovative anti-money laundering (AML) solutions from complying with certain of FinCEN's SAR regulations, where the federal banking agencies currently lack the authority to grant the financial institution a similar exemption under their corresponding SAR regulations, thus impeding the first objective. Below we summarize how the proposed rules would permit the federal banking agencies to provide more meaningful safe harbors for financial institutions to develop innovative SAR reporting technology. We also discuss the practical considerations financial institutions should keep in mind, notwithstanding this regulatory development.

FinCEN, as the administrator of the BSA, has implemented a number of regulations for financial institutions pertaining to, among other things, the reporting of suspected illegal transactions and maintaining the confidentiality of such reporting. The federal banking agencies have implemented their own SAR regulations that are largely identical to those implemented by FinCEN. The federal banking agency regulations, however, include additional requirements, such as the reporting of insider abuse regardless of dollar amount.² One other key difference-which the proposed rules seek to address-is that FinCEN has the general authority to grant exemptions from the requirements of the BSA and its own SAR regulations.³ The OCC and FDIC, on the other hand, have the authority to grant exemptions only in limited, specific circumstances pertaining to physical crimes (robberies and burglaries), and lost, missing, counterfeit, or stolen securities.⁴

The OCC's and FDIC's proposed rules would explicitly empower each agency with the general authority to grant exemptions from the requirements of their respective SAR regulations. Upon receiving a written request from a supervised financial institution, the agency would determine whether the request is consistent with safe and sound banking principles. To the extent a requirement falls under both FinCEN's and the banking agency's SAR regulation-e.g., filing a SAR within 30 calendar days of the initial detection of facts that may constitute a basis for filing a SAR-the FDIC would seek FinCEN's determination whether the exemption is consistent with the purposes of the BSA (as well as seek FinCEN's concurrence in granting the exemption), whereas the OCC would be permitted to make its own determination as to consistency with the purposes of the BSA. In any event, if an exemption request also requires an exemption from FinCEN's SAR regulation, the requesting institution would need to obtain exemptions from both the appropriate banking agency and from FinCEN. For a requested exemption from the requirements of a banking agency-only SAR regulation-e.g., reporting of insider abuse regardless of amount-the proposed rules would allow the appropriate banking agency to grant the exemption independently. Under the proposed rules, the exemptions may be conditional or unconditional, apply to limited persons or classes of persons, and apply to limited transactions or classes of transactions. The agencies would have the authority to extend or revoke previously granted exemptions.

Although the proposed rules may appear to be fairly mundane, process-oriented regulatory amendments, they are another strong indicator that the federal banking agencies are serious about fostering the development of innovative tools to gather information about potential money laundering and illegal activity and getting that information into the hands of law enforcement in a more efficient manner. In December 2018, the federal banking agencies and FinCEN issued a Joint Statement on Innovative Efforts to Combat Money Laundering and Terrorist Financing (the 2018 Joint Statement).⁵ As we wrote in our December 10, 2018, client Advisory, the 2018 Joint Statement intended to encourage financial institutions to experiment with innovative BSA compliance solutions.⁶ Among other things, the banking agencies stated that they would not necessarily criticize a financial institution if new solutions identified gaps in the institution's existing BSA compliance program.

Since the 2018 Joint Statement, the banking agencies have recognized the promise that financial institution-developed innovations may have in improving the efficiency of BSA/AML compliance programs and strengthening the overall law enforcement objectives of the BSA. For example, the FDIC notes in its notice of proposed rulemaking the positive developments in transaction monitoring using artificial intelligence and machine learning, as well as in the practices of shared investigation utilities and data. The banking agencies recognize that as these technological advancements are being piloted and fine-tuned, financial institutions may need to expand their investigations, perhaps requiring an extension of the 30-day SAR filing deadline, or, in some cases, requiring the sharing of information otherwise prohibited by SAR confidentiality regulations. With the rules proposed last week, the banking agencies are demonstrating their willingness to make the regulatory amendments necessary to foster these continued advancements.

Although the proposed rules are a welcome development for financial institutions seeking to increase the efficiency and lessen the burden of effective BSA/AML compliance programs, those in the industry should not let their guard down. First, the banking agencies have repeatedly reiterated that while they support innovative AML solutions, financial institutions must continue to meet their BSA and regulatory obligations. This means that financial institutions should test new AML technology in parallel with existing controls. Even after financial institutions have assured themselves of the propriety of any new AML solution, they should obtain the feedback of their supervisors before launching a replacement compliance process or program. Second, financial institutions should not assume leniency from their supervisors for failing to abide by SAR regulations as they test new compliance technology. Although the banking agencies have expressed a willingness to grant exemptive relief in certain situations, the proposed rules underscore that financial institutions will have to seek and receive permission first. Until a written exemption is in hand-in most cases from the appropriate banking agency and FinCEN-there should be no expectation of anything short of full compliance with the requirements of all applicable SAR regulations.

Comments to the proposed rules will be accepted up to 30 days after publication in the Federal Register.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.