We believe that an internal memorandum prepared as part of your process for filing a SAR should be treated as confidential and not produced in response to a subpoena.
SARs and “any information that would reveal the existence of a SAR” are confidential and should not be disclosed to third parties, even in response to a subpoena. However, this prohibition on disclosure does not extend to the “underlying facts, transactions, and documents upon which a SAR is based.”
A federal court in Illinois has interpreted these SAR rules as creating two categories of documents: (1) “factual documents,” which should be produced in response to a subpoena, as they are business records that reveal only the underlying facts of a SAR, and (2) “documents representing drafts of SARs or other work product or privileged communications,” which should not be produced, as “they would disclose whether a SAR has been prepared or filed.” FinCEN also adopted this reasoning when amending its SAR confidentiality rules in 2010, stating in the preamble that “material prepared by the financial institution as part of its process to detect and report suspicious activity” should be treated as confidential.
We believe that a memorandum prepared by an employee as part of your bank’s SAR filing process should be treated as falling into the second category of documents, which must be treated as confidential. Because your bank has received a subpoena requesting confidential documents, the SAR rules promulgated by FinCEN and the FDIC (your primary federal regulator) require you to decline to produce the information.
Additionally, the FinCEN rules require you to “immediately contact FinCEN's Office of Chief Counsel at (703) 905-3590 as well as your primary federal regulator, as may be applicable in a corresponding SAR rule.” The FDIC rules require a bank in this situation to cite 12 CFR 353.3(g) and 31 USC 5318(g)(2)(A)(i) and to notify the Division of Supervision and Consumer Protection of the appropriate FDIC regional office.
For resources related to our guidance, please see:
- FinCEN Regulations, 31 CFR 1020.320(e)(1)(i) (“Prohibition on disclosures by banks — (i) General rule. No bank, and no director, officer, employee, or agent of any bank, shall disclose a SAR or any information that would reveal the existence of a SAR. Any bank, and any director, officer, employee, or agent of any bank that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.”)
- FinCEN Regulations, (“Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (e)(1) shall not be construed as prohibiting: (A) The disclosure by a bank, or any director, officer, employee, or agent of a bank, of: . . . (2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures . . . .”)
- Cotton v. PrivateBank and Trust Co., 235 F.Supp.2d 809, 815 (N.D. Ill. 2002) (“There are two types of supporting documents. The first category represents the factual documents which give rise to suspicious conduct. These are to be produced in the ordinary course of discovery because they are business records made in the ordinary course of business. The second category is documents representing drafts of SARs or other work product or privileged communications that relate to the SAR itself. These are not to be produced because they would disclose whether a SAR has been prepared or filed.”)
- U.S. v. LaCost, 2011 WL 1542072 at *8 (C.D. Ill. April 22, 2011) (“In this case, MainSource Bank has stated that it has already provided to Defendants the Defendants' deposit slips and CTRs, which are the factual, transactional documents made in the ordinary course of business that fall into the first category identified in Cotton and further explained in Regions Bank. Nevertheless, Defendants have requested additional documents, including incident reports that led to the filing of an SAR and other documents related to the filing of SARs. Defendants have asked this court to compel MainSource Bank to produce these documents. This court agrees with MainSource Bank, however, that these documents fall squarely within the second category of documents which relate to the SAR itself and fall within the scope of the SAR privilege based on Cotton and Regions Bank. These documents cannot be produced because they would disclose whether an SAR has been prepared or filed.”)
- FinCEN Final Rule, 75 Fed. Reg. 75593, 75595 (December 3, 2010) (“[T]he strong public policy that underlies the SAR system as a whole—namely, the creation of an environment that encourages financial institutions to report suspicious activity without fear of reprisal—leans heavily in favor of applying SAR confidentiality not only to a SAR itself, but also in appropriate circumstances to material prepared by the financial institution as part of its process to detect and report suspicious activity, regardless of whether a SAR ultimately was filed or not. This interpretation also reflects relevant case law [including the Cotton case].”)
- FinCEN Final Rule, 75 Fed. Reg. 75593, 75595 (December 3, 2010) (“Documents that may identify suspicious activity but that do not reveal whether a SAR exists (e.g., a document memorializing a customer transaction, such as an account statement indicating a cash deposit or a record of a funds transfer), should be treated as falling within the underlying facts, transactions, and documents upon which a SAR may be based, and should not be afforded confidentiality. This distinction is set forth in the final rule’s second rule of construction and reflects relevant case law.”)
- FDIC Suspicious Activity Report Rules, 12 CFR 353.3(g) (“Suspicious activity reports are confidential. Any bank subpoenaed or otherwise requested to disclose a suspicious activity report or the information contained in a suspicious activity report shall decline to produce the suspicious activity report or to provide any information that would disclose that a suspicious activity report has been prepared or filed citing this part, applicable law (e.g., 31 U.S.C. 5318(g)), or both, and notify the appropriate FDIC regional office (Division of Supervision and Consumer Protection (DSC)).”)
- FinCEN Advisory, FIN-2019-A014 (November 23, 2010) (“If you or your institution becomes aware of an unauthorized disclosure of a SAR or if your institution receives a subpoena for a SAR, you should immediately contact FinCEN’s Office of Chief Counsel at (703) 905-3590 as well as your primary federal regulator, as may be applicable in a corresponding SAR rule.”)