In March 2012, the United States Department of Treasury, Financial Crimes Enforcement Network (FinCEN), issued Advisory Fin-2012-A002 cautioning financial institutions, including their attorneys, of their obligation to keep Suspicious Activity Reports (SARs) strictly confidential.  FinCEN noted its concern from the increasing demand by litigants for financial institutions to disclose SARs in civil cases.  FinCEN reminded banks, including their current and former directors, officers, employees, agents and contractors, of the prohibition on disclosing SARs or any information that reveals even the existence or nonexistence of a SAR.  An unauthorized SAR disclosure violates federal law.  31 U.S.C. §§ 5318(g)(2), 5312 and 5322.

The Bank Secrecy Act, 31 U.S.C. § 5318(g), the Office of the Comptroller of the Currency (“OCC”) Regulation 12 C.F.R. § 21.11(k) and case law support the position that disclosure of SARs is prohibited.  The Federal Regulations require “national banks as well as federal branches and agencies of foreign banks licensed or chartered by the OCC” to file an SAR “when they detect a known or suspected violation of Federal law or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act.”  The OCC considers the SAR procedure an essential tool in investigating and prosecuting money laundering and terrorist financing.  For a discussion on court’s holding that financial institutions are generally immune from suit and are not required to possess a good faith basis for making the SAR disclosure, see Martinez-Rodriguez v. Bank of America, 2012 WL 967030 (N.D. Cal 2012).  See also 124 Banking Law Journal 794, October 2007, Confidentiality of Suspicious Activity Reports.

The 2012 Advisory suggests financial institutions consider including information regarding SARs disclosure in employee training, and issue reminders to legal counsel regarding the strict requirements of SAR confidentiality.  Further safeguards might include limiting access to “need to know” personnel, restricting areas to review SAR and logging access thereto, use of coversheets to protect SAR reports and the information that reveals the existence of a SAR, and notices, including electronic notices, that highlight confidentiality concerns before the person accesses or disseminates any related information. 

The 2012 Advisory posits that if the financial institution is aware of an unauthorized disclosure or receives a subpoena or other request for a SAR from someone other than an authorized government authority or self-regulatory organization as defined by the SAR regulations, FinCEN’s chief counsel should be contacted at 703-905-3590.  The authorized government authorities or self-regulatory agencies are outlined in 31 C.F.R. §§ 1020.320(e), 1021.320(e), 1022.320(d), 1023.320(e), 1024.320(d), 1025.320(z) and 1026.320(e).