Schrader National Bank (a fictitious institution) initiates foreclosure proceedings against customer Walter White after he defaults on a mortgage loan. Mr. White files a counterclaim against the bank for violation of the Federal Truth in Lending Act. During discovery White’s attorneys ask for all records relating to him in the bank’s possession. As those records are gathered, a bank employee notices Mr. White, an out of work high school chemistry teacher, routinely made weekly cash deposits of approximately $15,000 consisting mostly of $20 bills. The bank begins an internal investigation concerning account activity, which leads Schrader officers to conclude that Mr. White is engaged in criminal activity. Schrader’s attorney cannot wait to use those records at trial. Now the interesting part — and the potential pitfall — for the bank.
Banks understand that federal law requires them to submit “Suspicious Activity Reports” (or “SARs”) to the Financial Crimes Enforcement Network (“FinCEN”) of the Department of the Treasury under certain circumstances within thirty days of the detection of facts that support the SAR. However, Schrader and its employees are prohibited from disclosing the SAR or “any information that would reveal the existence of the SAR.” 12 C.F.R. § 21.11. FinCEN owns that confidentiality protection, and banks cannot elect to waive it. Breaching confidentiality can lead to civil penalties of up to $100,000 for each violation and criminal penalties of up to $250,000 and/or imprisonment not to exceed five years.
Mr. White’s attorney continues to push the issue and wants all Schrader records relating to Mr. White. Yet, even if Schrader’s counsel wanted to provide the SAR and information or documents that mention the SAR — which she may want to do — she cannot make such a disclosure in the lawsuit. While defeating Mr. White’s counterclaim is important and appealing, the confidentiality requirement ensures the integrity of the investigation by FinCEN and avoids tipping off suspects.
Banks and financial institutions must train officers and employees about the confidential nature of both the SAR and the information that could reveal the existence of a SAR. Enacting policies that limit access to that information to those with “need to know” should keep to a minimum the number of employees who could disclose that information. Failure to safeguard SAR information and to ensure that employees understand the need safeguard that information could lead to significant penalties and, worst case, having a bank employee share a cell with Mr. White. And we’ve seen how resourceful he can be.