Compliance Blog

It’s been a while since we’ve blogged about information sharing under section 314(b) of the USA PATRIOT Act, so let’s review some frequently asked questions and recent guidance on that topic:

What is Section 314(b) information sharing and who can participate?

As discussed in the FFIEC’s BSA/AML Examination Manual, section 314(b) of the USA PATRIOT Act allows financial  institutions to share information with each other “to identify and report activities that may involve terrorist activity or money laundering.”

According to FinCEN’s December 2020 “Section 314(b) Fact Sheet,” eligible institutions include “financial institutions subject to an anti-money laundering program requirement.” The fact sheet provides a list of institutions that may participate, including: banks (a term which includes credit unions under the FinCEN regulations), casinos, money services businesses, brokers or dealers in securities, mutual funds, operators of credit card systems and even insurance companies. Additionally, “associations” of financial institutions may also participate in 314(b) information sharing.

What are the requirements to receive the safe harbor?

Institutions that comply with the requirements of section 1010.540(b) of the FinCEN regulations will receive a safe harbor from civil liability that could otherwise arise from sharing the information. There are three basic requirements to receive the safe harbor, which are found in section 1010.540(b) of the FinCEN regulations.

First, the credit union must provide notice to FinCEN of their intent to participate. The notice is good for one year. Credit unions can register through the Secure Information Sharing System (SISS).

Secondly, before a credit union can share information with another institution, section 1010.540(b)(3) requires the credit union to “take reasonable steps” to verify that the other institution has also submitted notice to FinCEN of its intent to participate in 314(b) information sharing.

Finally, credit unions are required to use information received under 314(b) sharing only for permissible purposes (more on that below) and must maintain adequate procedures to protect the “security and confidentiality” of the information. The regulation notes that the “security and confidentiality” requirement can be satisfied by protecting the information received in the same manner it would protect information under the Gramm-Leach-Bliley Act and Regulation P.  

What policies or procedures should a credit union adopt for 314(b) sharing?

The FFIEC recommends that participating credit unions develop policies, procedures, and processes “for sharing and receiving of information.” In particular, the FFIEC manual states credit unions should “designate a point of contact for receiving and providing information,” and “should establish a process for sending and receiving information sharing requests.” As discussed above, FinCEN regulations require a credit union to verify the other institution’s 314(b) registration, so credit unions may want to have specific procedures in place for that step of the process, such as checking the list of participants on the SISS.

What kind of information can a credit union share under section 314(b)?

We blogged on this topic a few years ago, but FinCEN’s guidance has changed since then. In that previous blog, we explained that – based on 2009 FinCEN guidance and a 2012 administrative ruling -  credit unions could only share information under 314(b) if three conditions were met:

1. The credit union suspects a “specified unlawful activity” (such as those listed in 18 U.S.C. 1956(c)(7)) has occurred;
2. A transaction involving the proceeds from that “specified unlawful activity” has taken place; and
3. The transaction is suspected to be part of a terrorist or money laundering scheme.

In December 2020, however, FinCEN published the Section 314(b) Fact Sheet, which revoked the 2009 guidance and 2012 administrative ruling referenced in our previous blog post. The new fact sheet still limits the scope of information that can be shared under 314(b) to activities the credit union suspects may involve possible terrorist financing or money laundering. However, with regards to “specified unlawful activities” (SUAs), the fact sheet says:

“[T]o rely on the Section 314(b) safe harbor, a financial institution or an association of financial institutions need not have specific information indicating that the activity in regards to which it proposes to share information directly relates to proceeds of an SUA or to transactions involving the proceeds of money laundering, nor must a financial institution or association have reached a conclusive determination that the activity is suspicious. Instead, it is sufficient that the financial institution or association has a reasonable basis to believe that the information shared relates to activities that may involve money laundering or terrorist activity, and it is sharing the information for an appropriate purpose under Section 314(b) and its implementing regulations. Therefore a financial institution or association can share information in reliance on the Section 314(b) safe harbor relating to activities it suspects may involve money laundering or terrorist activity, even if the financial institution or association cannot identify specific proceeds of an SUA being laundered.”

(emphasis added).

Thus, a credit union can share information about suspected terrorist financing or money laundering, even if the credit union cannot directly tie the activity to proceeds of a SUA. Additionally, the fact sheet notes that credit unions may share information about attempts to engage in transactions that the credit union suspects may involve money laundering or terrorist financing, including “attempts to induce others to engage in transactions, such as in a money mule scheme…” The information shared, however, must still relate to suspected money laundering or terrorist financing, so sharing information about any suspected criminal activity – such as fraudulent checks transactions – may be inappropriate unless the credit union suspects the activity could be related to possible money laundering or terrorism.

What about suspicious activity reports?

Section 1020.320(e) still applies and prohibits credit unions from sharing suspicious activity reports (SARs) or information that would reveal the existence of a SAR. The FFIEC manual notes that credit unions may share the underlying factual information that formed the basis for a SAR but cannot share the fact that a SAR was filed. The fact sheet notes, however, that institutions may use the information received to determine if a joint SAR is appropriate. If a joint SAR is filed, then the institutions involved may share information with each other regarding that SAR.

What format can be used for information sharing?

As for the format of the information, the fact sheet states a credit union may share information orally or in writing, and in any type of medium, such as providing video surveillance footage or “cyber-related data such as IP addresses.”

How can a credit union use information received under section 314(b)?

Section 1010.540(b)(4)(i) provides the permissible uses of information received under section 314(b):

• “Identifying and, where appropriate, reporting on money laundering or terrorist activities;
• Determining whether to establish or maintain an account, or to engage in a transaction; or
• Assisting the financial institution in complying with any requirement of [the FinCEN regulations].”

The fact sheet instructs credit unions which use information obtained under section 314(b) when determining whether to file a SAR to note that fact in the SAR narrative if one is eventually filed.

Programming Note: NAFCU's office will be closed at noon today, and all day Monday for the federal holiday. We will be back to blogging on Wednesday. Enjoy the long weekend!