314(b): Beware of Oversharing
Under section 314(b) of the Patriot Act, credit unions, and other financial institutions, are permitted to share information with one another regarding individuals they suspect may be involved in terrorist or money laundering activities. Those institutions who elect to share information under 314(b) are provided with a safe harbor from liability if they notify FinCEN of their intent to share, verify that the institution with whom it will share information with has also notified FinCEN of its intent to share, use the shared information only for the permissible purposes and have procedures in place to protect the shared information. See, 31 C.F.R. § 1010.540(b).
One question that often comes up for 314(b) sharing is what type of information can be shared under the safe harbor. Of course, any information directly related to possible terrorist and money laundering activities may be shared, but what about other types of suspected criminal activities, such as fraud? Information about these types of activities can be shared under the 314(b) safe harbor, but only in certain circumstances. FinCEN guidance in this area can be a bit confusing so it's helpful to break it down into a few steps to determine when credit unions are permitted to share information about these types of activities:
- Whether the credit union suspects a specified unlawful activity has occurred;
- Whether a transaction involving the proceeds from that activity has taken place; and
- Whether that transaction is part of a terrorist or money laundering scheme.
First, what types of activities are considered "specified unlawful activities" (SUAs)? FinCEN guidance points to the Patriot Act to determine which activities are SUAs. The Act defines a "specified unlawful activity" rather broadly to include financial transactions resulting from the distribution of controlled substances or extortion, fraud, bribery, trafficking and counterfeiting, as well as many other federal criminal offenses. See, 18 U.S.C. § 1956(c)(7). So, the first step in determining whether information can be shared under 314(b)'s safe harbor is to review the activity involved and establish that a SUA has occurred or that the credit union suspects a SUA has occurred.
Second, has a transaction involving the proceeds from a SUA taken place? FinCEN 2009-G002 explains that a credit union may share information if it "suspects that the transaction may involve the proceeds of one or more SUAs." This phrasing is important because it establishes the fact that the credit union must first suspect that a SUA has occurred. Additionally, FinCEN 2012-R006 explains that a credit union may not share information solely to determine whether a SUA has occurred. This means that sharing in order to establish suspicion that a SUA has occurred is not permissible; sharing is only permitted once the credit union has already established that it suspects a specified unlawful activity has occurred.
For example, suppose John Doe is a pusher for Jane Doe's international drug operation. John sells the drugs then deposits the proceeds at ABC credit union. Under FinCEN guidance, ABC may not share information in order to determine whether the proceeds came from drug sales. However, ABC may share information once it suspects that the proceeds are from drug sales.
Finally, is the transaction part of a terrorist or money laundering scheme? FinCEN 2009-G002 explains that the purpose of 314(b) sharing is "to identify and report activities that the financial institution 'suspects may involve possible terrorist financing or money laundering'". Even if the credit union suspects that a transaction involved the proceeds from a SUA, it may only share information if it also suspects that the SUA relates to terrorist or money laundering activities. In the fraud context, this means that even if the credit union suspects a fraud has occurred and there is a transaction involving the proceeds from that fraud, the credit union may only share information about that fraud if the credit union also suspects the fraud is part of a terrorist or money laundering scheme.
When it comes to sharing information about SUAs, a credit union would need to review all the facts involved and ensure that all three elements have been satisfied: the credit union knows or suspects a SUA has occurred, a transaction involving the proceeds from that SUA has occurred and that transaction is part of terrorist or money laundering activities. It is important that all three of these elements are present in order to stay within the 314(b) safe harbor. Sharing information about fraud may be important to help prevent further harm, but if the fraud does not relate to terrorist or money laundering activities, a credit union may lose its safe harbor protection by oversharing. This of course does not mean that the credit union cannot do anything, rather state law may allow the credit union to report the fraud to the local police and depending on the circumstances, a SAR may be appropriate.
About the Author
Jennifer Aguilar, NCCO, was named regulatory compliance counsel in February 2017. In this role, Aguilar helps credit unions with a variety of compliance issues.