EEK! It’s A Law Enforcement Subpoena, What Do I Do Now? – Programming Note
Written by Shari R. Pogach, Regulatory Paralegal
From time to time, the Regulatory Compliance team gets questions on what to do when a credit union receives a law enforcement request for a Suspicious Activity Report (SAR) or supporting documentation as part of an investigation. In its regulatory requirements section on SARs, the Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act/Anti-Money Laundering (BSA/AML) Examination Manual indicates it is permissible to respond to appropriate law enforcement inquiries and requests. The manual states these can include grand jury subpoenas, National Security Letters and section 314(a) requests. Although a SAR and information that would reveal its existence is required to be confidential, it can be disclosed when requested by the Financial Crimes Enforcement Network (FinCEN), appropriate law enforcement or a federal banking agency.
FinCEN issued guidance in 2007 (FIN-2007-G003) offering more clarity on the BSA requirement that financial institutions provide SAR supporting documentation in response to requests by FinCEN and appropriate law enforcement or supervisory agencies. The guidance covers appropriate requestors, what constitutes supporting documentation and legal process. It states that a credit union should “take special care to verify that a requestor of information is, in fact, a representative of FinCEN or an appropriate law enforcement or supervisory agency.” In disclosing a SAR in such instances, there are safe harbor provisions pertinent to both voluntary and mandatory suspicious activity reporting by credit unions.
The BSA provides protection from civil liability for all reports of suspicious transactions made to appropriate authorities, including supporting documentation, regardless of whether such reports are mandatory. Specifically, it provides that a credit union, or a director, officer, employee, or agent of a credit union, that makes a “voluntary disclosure of any possible violation of law or regulation to a government agency” shall not be liable to any person under “any law or regulation of the United States, any constitution, law, or regulation of any State or political subdivision of any State, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such disclosure or for any failure to provide notice of such disclosure to the person who is the subject of such disclosure or any other person identified in the disclosure.” (Emphasis added) See,
In general, credit unions must provide copies of FinCEN SAR supporting documents to appropriate law enforcement or supervisory agencies upon request. However, a credit union must make certain it is dealing with the appropriate “law enforcement or supervisory agency.” Referenced in FIN-2007-G003, FinCEN’s The SAR Activity Review: Trends, Tips & Issues, Issue 9 (October 2005), further discusses providing SARs and gives examples of appropriate law enforcement agencies:
“In addition, financial institutions may share a Suspicious Activity Report, or the information contained therein, with an appropriate federal, state, or local law enforcement agency. Generally, an “appropriate law enforcement agency” is any agency that has jurisdiction under federal or state law to investigate or prosecute any person or entity involved in the transaction reported on the Suspicious Activity Report.
Examples of agencies to which a Suspicious Activity Report or the information contained therein could be provided include: the criminal investigative services of the armed forces; the Bureau of Alcohol, Tobacco, and Firearms; an attorney general, district attorney, or state’s attorney at the state or local level; the Drug Enforcement Administration; the Federal Bureau of Investigation; the Internal Revenue Service or tax enforcement agencies at the state level; the Office of Foreign Assets Control; a state or local police department; a United States Attorney’s Office; Immigration and Customs Enforcement; the U.S. Postal Inspection Service; and the U.S. Secret Service.” See, Section 5, pp. 43-46.
Note a credit union must ensure that it is only providing supporting documentation as anything beyond this requires a subpoena. See, FIN-2007-G003.
I recently attended a panel discussion on best practices for subpoena and document production. The panelists included financial institution and law enforcement representatives. It was interesting to hear that there is also frustration on the law enforcement side in this process as well, due to communication and document production issues. The panel noted that communication with the issuer is key to a thoughtful and proper response to a subpoena. Law enforcement is often frustrated when no financial institution contact information is provided to help translate and interpret data, examples given included: identifying if an item is a transaction versus a posting date, the time zone of a time stamp and unable to determine the venue of a transaction when a branch number is used rather than a physical address. The panelists recommended communicating with law enforcement about deadlines and the potential for rolling productions. The financial institution panelists noted the importance of knowing your institution’s data and the availability. Be transparent about what is being produced, indexes are helpful as well as perhaps using an internal standardized form to explain the data provided in the records. Moreover, if the SAR narrative states the credit union has documentation, it must be produced when requested. Lastly, just a thought, does someone in the credit union perform a review to determine whether anti-money laundering/counter terrorist financing subpoena requests it receives are complete and accurate?
Programming Note. NAFCU is closing at noon today in honor of Labor Day weekend. There will be no Monday blog but never fear; we will be back to blogging on Wednesday, September 4th. Stay safe and enjoy!