§1010.540 Voluntary information sharing among financial institutions.
(a) Definitions. For purposes of this section:
(1) Financial institution. (i) Except as provided in paragraph (a)(1)(ii) of this section, the term “financial institution” means any financial institution described in 31 U.S.C. 5312(a)(2) that is required under this chapter to establish and maintain an anti-money laundering program, or is treated under this chapter as having satisfied the requirements of 31 U.S.C. 5318(h)(1).
(ii) For purposes of this section, a financial institution shall not mean any institution included within a class of financial institutions that FinCEN has designated as ineligible to share information under this section.
(2) Association of financial institutions means a group or organization the membership of which is comprised entirely of financial institutions as defined in paragraph (a)(1) of this section.
(b) Voluntary information sharing among financial institutions—(1) In general. Subject to paragraphs (b)(2), (b)(3), and (b)(4) of this section, a financial institution or an association of financial institutions may, under the protection of the safe harbor from liability described in paragraph (b)(5) of this section, transmit, receive, or otherwise share information with any other financial institution or association of financial institutions regarding individuals, entities, organizations, and countries for purposes of identifying and, where appropriate, reporting activities that the financial institution or association suspects may involve possible terrorist activity or money laundering.
(2) Notice requirement. A financial institution or association of financial institutions that intends to share information as described in paragraph (b)(1) of this section shall submit to FinCEN a notice described on FinCEN's Internet Web site, http://www.fincen.gov. Each notice provided pursuant to this paragraph (b)(2) shall be effective for the one year period beginning on the date of the notice. In order to continue to engage in the sharing of information after the end of the one year period, a financial institution or association of financial institutions must submit a new notice. Completed notices may be submitted to FinCEN by accessing FinCEN's Internet Web site, http://www.fincen.gov., and entering the appropriate information as directed, or, if a financial institution does not have Internet access, by mail to: FinCEN, P.O. Box 39, Vienna, VA 22183.
(3) Verification requirement. Prior to sharing information as described in paragraph (b)(1) of this section, a financial institution or an association of financial institutions must take reasonable steps to verify that the other financial institution or association of financial institutions with which it intends to share information has submitted to FinCEN the notice required by paragraph (b)(2) of this section. A financial institution or an association of financial institutions may satisfy this paragraph (b)(3) by confirming that the other financial institution or association of financial institutions appears on a list that FinCEN will periodically make available to financial institutions or associations of financial institutions that have filed a notice with it, or by confirming directly with the other financial institution or association of financial institutions that the requisite notice has been filed.
(4) Use and security of information. (i) Information received by a financial institution or an association of financial institutions pursuant to this section shall not be used for any purpose other than:
(A) Identifying and, where appropriate, reporting on money laundering or terrorist activities;
(B) Determining whether to establish or maintain an account, or to engage in a transaction; or
(C) Assisting the financial institution in complying with any requirement of this chapter.
(ii) Each financial institution or association of financial institutions that engages in the sharing of information pursuant to this section shall maintain adequate procedures to protect the security and confidentiality of such information. The requirements of this paragraph (b)(4)(ii) shall be deemed satisfied to the extent that a financial institution applies to such information procedures that the institution has established to satisfy the requirements of section 501 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801), and applicable regulations issued thereunder, with regard to the protection of its customers' nonpublic personal information.
(5) Safe harbor from certain liability—(i) In general. A financial institution or association of financial institutions that shares information pursuant to paragraph (b) of this section shall be protected from liability for such sharing, or for any failure to provide notice of such sharing, to an individual, entity, or organization that is identified in such sharing, to the full extent provided in subsection 314(b) of Public Law 107-56.
(ii) Limitation. Paragraph (b)(5)(i) of this section shall not apply to a financial institution or association of financial institutions to the extent such institution or association fails to comply with paragraphs (b)(2), (b)(3), or (b)(4) of this section.
(c) Information sharing between financial institutions and the Federal Government. If, as a result of information shared pursuant to this section, a financial institution knows, suspects, or has reason to suspect that an individual, entity, or organization is involved in, or may be involved in terrorist activity or money laundering, and such institution is subject to a suspicious activity reporting requirement under this chapter or other applicable regulations, the institution shall file a Suspicious Activity Report in accordance with those regulations. In situations involving violations requiring immediate attention, such as when a reportable violation involves terrorist activity or is ongoing, the financial institution shall immediately notify, by telephone, an appropriate law enforcement authority and financial institution supervisory authorities in addition to filing timely a Suspicious Activity Report. A financial institution that is not subject to a suspicious activity reporting requirement is not required to file a Suspicious Activity Report or otherwise to notify law enforcement of suspicious activity that is detected as a result of information shared pursuant to this section. Such a financial institution is encouraged, however, to voluntarily report such activity to FinCEN.
(d) No effect on financial institution reporting obligations. Nothing in this subpart affects the obligation of a financial institution to file a Suspicious Activity Report pursuant to this chapter or any other applicable regulations, or to otherwise contact directly a Federal agency concerning individuals or entities suspected of engaging in terrorist activity or money laundering.
(a) Definitions. For purposes of this section:
(1) Financial institution. (i) Except as provided in paragraph (a)(1)(ii) of this section, the term “financial institution” means any financial institution described in 31 U.S.C. 5312(a)(2) that is required under this chapter to establish and maintain an anti-money laundering program, or is treated under this chapter as having satisfied the requirements of 31 U.S.C. 5318(h)(1).
(ii) For purposes of this section, a financial institution shall not mean any institution included within a class of financial institutions that FinCEN has designated as ineligible to share information under this section.
(2) Association of financial institutions means a group or organization the membership of which is comprised entirely of financial institutions as defined in paragraph (a)(1) of this section.
(b) Voluntary information sharing among financial institutions—(1) In general. Subject to paragraphs (b)(2), (b)(3), and (b)(4) of this section, a financial institution or an association of financial institutions may, under the protection of the safe harbor from liability described in paragraph (b)(5) of this section, transmit, receive, or otherwise share information with any other financial institution or association of financial institutions regarding individuals, entities, organizations, and countries for purposes of identifying and, where appropriate, reporting activities that the financial institution or association suspects may involve possible terrorist activity or money laundering.
(2) Notice requirement. A financial institution or association of financial institutions that intends to share information as described in paragraph (b)(1) of this section shall submit to FinCEN a notice described on FinCEN's Internet Web site, http://www.fincen.gov. Each notice provided pursuant to this paragraph (b)(2) shall be effective for the one year period beginning on the date of the notice. In order to continue to engage in the sharing of information after the end of the one year period, a financial institution or association of financial institutions must submit a new notice. Completed notices may be submitted to FinCEN by accessing FinCEN's Internet Web site, http://www.fincen.gov., and entering the appropriate information as directed, or, if a financial institution does not have Internet access, by mail to: FinCEN, P.O. Box 39, Vienna, VA 22183.
(3) Verification requirement. Prior to sharing information as described in paragraph (b)(1) of this section, a financial institution or an association of financial institutions must take reasonable steps to verify that the other financial institution or association of financial institutions with which it intends to share information has submitted to FinCEN the notice required by paragraph (b)(2) of this section. A financial institution or an association of financial institutions may satisfy this paragraph (b)(3) by confirming that the other financial institution or association of financial institutions appears on a list that FinCEN will periodically make available to financial institutions or associations of financial institutions that have filed a notice with it, or by confirming directly with the other financial institution or association of financial institutions that the requisite notice has been filed.
(4) Use and security of information. (i) Information received by a financial institution or an association of financial institutions pursuant to this section shall not be used for any purpose other than:
(A) Identifying and, where appropriate, reporting on money laundering or terrorist activities;
(B) Determining whether to establish or maintain an account, or to engage in a transaction; or
(C) Assisting the financial institution in complying with any requirement of this chapter.
(ii) Each financial institution or association of financial institutions that engages in the sharing of information pursuant to this section shall maintain adequate procedures to protect the security and confidentiality of such information. The requirements of this paragraph (b)(4)(ii) shall be deemed satisfied to the extent that a financial institution applies to such information procedures that the institution has established to satisfy the requirements of section 501 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801), and applicable regulations issued thereunder, with regard to the protection of its customers' nonpublic personal information.
(5) Safe harbor from certain liability—(i) In general. A financial institution or association of financial institutions that shares information pursuant to paragraph (b) of this section shall be protected from liability for such sharing, or for any failure to provide notice of such sharing, to an individual, entity, or organization that is identified in such sharing, to the full extent provided in subsection 314(b) of Public Law 107-56.
(ii) Limitation. Paragraph (b)(5)(i) of this section shall not apply to a financial institution or association of financial institutions to the extent such institution or association fails to comply with paragraphs (b)(2), (b)(3), or (b)(4) of this section.
(c) Information sharing between financial institutions and the Federal Government. If, as a result of information shared pursuant to this section, a financial institution knows, suspects, or has reason to suspect that an individual, entity, or organization is involved in, or may be involved in terrorist activity or money laundering, and such institution is subject to a suspicious activity reporting requirement under this chapter or other applicable regulations, the institution shall file a Suspicious Activity Report in accordance with those regulations. In situations involving violations requiring immediate attention, such as when a reportable violation involves terrorist activity or is ongoing, the financial institution shall immediately notify, by telephone, an appropriate law enforcement authority and financial institution supervisory authorities in addition to filing timely a Suspicious Activity Report. A financial institution that is not subject to a suspicious activity reporting requirement is not required to file a Suspicious Activity Report or otherwise to notify law enforcement of suspicious activity that is detected as a result of information shared pursuant to this section. Such a financial institution is encouraged, however, to voluntarily report such activity to FinCEN.
(d) No effect on financial institution reporting obligations. Nothing in this subpart affects the obligation of a financial institution to file a Suspicious Activity Report pursuant to this chapter or any other applicable regulations, or to otherwise contact directly a Federal agency concerning individuals or entities suspected of engaging in terrorist activity or money laundering.