To: All Affiliated Credit Union CEOs
From: Matt Beard - Regulatory Specialist
Date: July 5, 2006
RE: NCUA Filing Requirements for Suspicious Activity Reports
The NCUA Board has published a proposed rule to provide greater detail and clarity concerning the reporting requirements, filing procedures and other important aspects of Suspicious Activity Reports (SARs). This proposal is intended to provide credit unions with basic information concerning SARs in a single location, the result being a quick reference tool.
The proposal covers: The definition of reportable activity; important filing procedures; record retention requirements; prompt notification of the board of directors of SAR filings; confidentiality of SARs; and liability protection. Comments are due to NCUA by August 28, 2006. Please send your comments to MCUL by August 18, 2006. I f you would like a copy of the draft SAR form, go to: http://a257.g.akamaitech.net/7/257/2422/01jan20061800/
DESCRIPTION OF THE PROPOSAL
- The heading of the rule (Part 748) would be changed from “ Security Program, Report of Crime and Catastrophic Act and Bank Secrecy Act Compliance” to “Security Program, Report of Suspected Crimes, Suspicious Transactions, Catastrophic Acts and Bank Secrecy Act Compliance” in order to more accurately describe the scope of the rule.
- The rule would clarify that reportable activity includes suspected crimes and suspicious transactions related to money laundering or other illegal activity, such as terrorism financing or a violation of the Bank Secrecy Act (BSA). A SAR should be filed when the credit union detects or suspects: (1) insider abuse involving any amount of money; (2) transactions involving federal criminal violation or pattern of violations aggregating $5,000 or more where a suspect can be identified; (3) transactions involving federal criminal violation or pattern of violations aggregating $25,000 or more regardless of whether a suspect can be identified; or (4) transactions aggregating $5,000 or more that involve potential money laundering or BSA violations.
- A credit union would not be obligated to file a SAR for a robbery or burglary (committed or attempted) or for lost, missing, counterfeit or stolen securities as long as the credit union makes a report to the appropriate law enforcement authorities.
- Under the proposal, a credit union must file a SAR with FinCEN no later than 30 calendar days from the date the suspicious activity is initially detected. If there is no suspect identified at that time, a credit union may have an additional 30 calendar days to file. If the violation requires immediate attention (such as a money laundering scheme), in addition to filing a SAR the credit union must immediately notify the appropriate law enforcement or supervisory authority. The rule would incorporate reporting and filing instructions required by the SAR form and Treasury Department BSA regulations.
- Failure to file a SAR as required may subject the credit union, its officials, and employees to administrative action, such as the assessment of civil monetary fines.
- The current provision on record retention would be revised to highlight the importance of retaining all supporting documentation for a SAR. Supporting documentation is considered a part of the SAR even if the documentation was not actually filed with the submitted SAR. The supporting documentation must be made available to appropriate law enforcement and regulatory authorities upon request.
- Because SARs are confidential, credit union officials and employees must not provide the SAR or provide any information that would disclose that a SAR was prepared, even if subpoenaed. The official or employee must notify NCUA of such a request or subpoena.
- A credit union must promptly notify its board of directors, or a committee designated by the board, of any SAR filed. If the suspect of the SAR is a director or member of the designated committee, the credit union must not notify the suspect, but must notify the other board or committee members.
- A safe harbor provision would be added to provide that credit union officials and employees who file a SAR (either voluntarily or pursuant to NCUA’s rules) are protected from liability for any disclosure in the report and/or for failure to disclose the existence of the SAR.
- Will having the information on SAR filing/reporting facilitate quick access to SAR reporting and filing requirements? Please explain. (If not, how could that information be provided to credit unions in a more helpful manner/format?)
- Do you feel it would be helpful for the definition of reportable activity to include clarification regarding whether or not fraud activity (such as check kiting) or cases where the suspected criminal activity falls below the established thresholds should be reported on the SAR? Please explain.
- The requirement to promptly notify the credit union’s board of directors is proposed to formalize a common practice and to maintain consistency with the other federal financial regulators. Do you believe having this requirement will prove useful for credit unions? Please explain.
- Do you agree with the proposed record retention requirements (which also track the Treasury Department BSA regulations and are also listed in the Instructions section on the SAR), in particular the information concerning supporting documentation. If not, why not?
Is the “safe harbor” provision providing immunity for credit unions and their officials/employees from civil liability for filing a SAR sufficiently robust? (This provision is also similar to the safe harbor notice in the SAR Instructions.) Please explain.
InfoSight - For further information on SARs go to www.mcul.org, click on Regulatory Compliance and InfoSight, enter your user name and password, click on Member Accounts and click on Bank Secrecy Act/Patriot Act. Or click on: Bank Secrecy Act/ Patriot Act.
If you have any further questions, or to submit a response, please contact:
Michigan Credit Union League
112 East Allegan St., Suite 800
Lansing, MI 48933
E-mail: email@example.com F ax: (517) 482-3762
We a ppreciate Your Response.