We do not recommend providing any information to the FDIC that is not “supporting documentation” for the original SAR, as the Bank Secrecy Act’s safe harbor from liability for disclosures of possible violations of law applies only to the SAR itself and the SAR’s supporting documentation.
The Bank Secrecy Act provides banks with a safe harbor from liability when reporting possible violations of law, including SARs and supporting documentation related to SARs to financial institution supervisory authorities, including the FDIC. FinCEN guidance has defined “supporting documentation” as “all documents or records that assisted a financial institution in making the determination that certain activity required a SAR filing.” Here, you did not use information from the employee’s employment file to make your determination to file a SAR. Consequently, we do not believe that the safe harbor from liability for SARs and their supporting documentation would apply to your disclosure of items in an employment file that did not constitute supporting documentation.
Without a safe harbor from liability, we do not recommend sharing information from the employee’s employment file with the FDIC. Of course, your bank may provide any supporting documentation that assisted you in making the determination to file the SAR.
For resources related to our guidance, please see:
- Bank Secrecy Act, 31 USC 5318(g)(3) (“Any financial institution that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this subsection or any other authority, and any director, officer, employee, or agent of such institution who makes, or requires another to make any such disclosure, shall not be liable to any person under any law or regulation of the United States, any constitution, law, or regulation of any State or political subdivision of any State, or under any contract or other legally enforceable agreement (including any arbitration agreement), for such disclosure or for any failure to provide notice of such disclosure to the person who is the subject of such disclosure or any other person identified in the disclosure.”)
- FDIC Regulations, 12 CFR 353.3(h) (“The safe harbor provisions of 31 U.S.C. 5318(g), which exempts an FDIC-supervised institution that makes a disclosure of any possible violation of law or regulation from liability under any law or regulation of the United States, or any constitution, law or regulation of any state or political subdivision, cover all reports of suspected or known criminal violations and suspicious activities to law enforcement and financial institution supervisory authorities, including supporting documentation, regardless of whether such reports are filed pursuant to this part or are filed on a voluntary basis.”)
- FinCEN Regulations, 31 CFR 1020.320(d) (“A bank shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of filing the SAR. Supporting documentation shall be identified, and maintained by the bank as such, and shall be deemed to have been filed with the SAR. A bank shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the bank for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the bank to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act, upon request.”)
- FinCEN Guidance, Suspicious Activity Report Supporting Documentation (June 13, 2007) (“Financial institutions must provide all documentation supporting the filing of a SAR upon request by FinCEN or an appropriate law enforcement or supervisory agency.”)
- FinCEN Guidance, Suspicious Activity Report Supporting Documentation (June 13, 2007) (“‘Supporting documentation’ refers to all documents or records that assisted a financial institution in making the determination that certain activity required a SAR filing. . . . What qualifies as supporting documentation depends on the facts and circumstances of each filing. As indicated in each of the SAR forms, financial institutions should identify in the SAR narrative the supporting documentation, which may include, for example, transaction records, new account information, tape recordings, e-mail messages, and correspondence. While items identified in the narrative of the SAR generally constitute supporting documentation, a document or record may qualify as supporting documentation even if not identified in the narrative.”)
- FinCEN Guidance, Suspicious Activity Report Supporting Documentation (June 13, 2007) (“Disclosure of SARs to appropriate law enforcement and supervisory agencies is protected by the safe harbor provisions applicable to both voluntary and mandatory suspicious activity reporting by financial institutions.”)
- FinCEN Guidance, Suspicious Activity Report Supporting Documentation footnote 7 (June 13, 2007) (“This guidance is only applicable to financial records or information that constitute supporting documentation pursuant to provisions in the Bank Secrecy Act that govern the reporting of suspicious transactions. Consequently, nothing in this guidance is intended to alter or modify the duties or obligations of financial institutions subject to the Right to Financial Privacy Act (12 U.S.C. § 3401, et seq.), 18 U.S.C. § 1510, or similar provisions of law. When responding to law enforcement requests for customer financial records or information other than SAR supporting documentation, financial institutions subject to the RFPA must still comply with that statute’s notice and challenge provisions in the absence of an applicable exception, e.g. service of a grand jury subpoena or a national security letter.”)