IBA Compliance Connection

Your go to source for compliance!

Our bank has a separate trust department. When an individual has both trust accounts and deposit accounts at our bank, can our trust department share information about that customer’s trust transactions with our BSA officer? Would we be required to inform our trust customers about this information sharing? Does it create any privacy concerns?

by

admin

Yes, your bank’s trust department may share information about customer accounts and transactions with your bank’s BSA officer without notifying the customers or raising privacy issues. Illinois and federal financial privacy laws limit the sharing of customer information with third parties, but they do not prohibit the sharing of customer information with other bank employees when necessary.

Sharing trust account information with the BSA officer should be considered to be part of your bank’s enterprise-wide risk management. Your bank’s BSA/AML obligations include the ongoing monitoring of customer accounts, including trust accounts, in accordance with risk-based procedures. Your BSA officer is integral to this process.  Moreover, your bank generally is prohibited from notifying customers when information is compiled or shared for the purposes of complying with your BSA/AML reporting obligations.

For resources related to our guidance, please see:

  • Regulation P, 12 CFR 1016.10 (Limitations on sharing financial information with nonaffiliated third parties.)

  • Illinois Banking Act, 205 ILCS 5/48.1(b) (“This Section does not prohibit: (1) The preparation, examination, handling or maintenance of any financial records by any officer, employee or agent of a bank having custody of the records . . . .”)

  • FinCEN Rules, 31 CFR 1020.210(b)(5)(ii) (A bank’s anti-money laundering program must include “[a]ppropriate risk-based procedures for conducting ongoing customer due diligence, to include, but not be limited to: . . . Conducting ongoing monitoring to identify and report suspicious transactions and, on a risk basis, to maintain and update customer information. . . .”)

  • FFIEC Examination Manual, Trust and Asset Management Services (“Management should develop policies, procedures, and processes that enable the bank to identify unusual account relationships and circumstances, questionable assets and sources of assets, and other potential areas of risk (e.g., offshore accounts, PICs, asset protection trusts (APT), agency accounts, and unidentified beneficiaries). While the majority of traditional trust and asset management accounts will not need EDD, management should be alert to those situations that need additional review or research.”)

  • FFIEC Examination Manual, Trust and Asset Management Services (“Determine how the bank includes trust and asset management relationships in a bank-wide or, if appropriate, firm-wide BSA/AML aggregation systems.”)

  • FinCEN SAR Rules, 31 CFR 1020.320(e) (“No bank, and no director, officer, employee, or agent of any bank, shall disclose a SAR or any information that would reveal the existence of a SAR. . . .”)