OCC Issues Interpretive Guidance on Automation of Certain SAR Filings

In a recent Interpretive Letter,¹ the Office of the Comptroller of the Currency (OCC) addressed a proposal from an OCC-regulated bank to automate its process for filing suspicious activity reports (SARs) under the Bank Secrecy Act (BSA). The bank proposed to automate the filing of "structuring" SARs -- that is, SARs on transactions potentially structured to evade the Bank Secrecy Act's other reporting requirements (e.g., the requirement to file currency transaction reports for cash transactions in excess of $10,000).² According to a 2018 survey by the Bank Policy Institute, structuring SARs account for approximately 18% of SAR activity.³ The automation of structuring SARs could, therefore, materially streamline the processes banks use to review and report on this type of suspicious activity.

Under the bank's proposal, the bank's computer systems would generate automated alerts for defined types of structuring activity; for each alert, the bank's software would use data in the bank's systems to populate SAR form and narrative fields; and, subject to certain risk-based exceptions, the SAR would be filed based solely on the alert. Bank staff would conduct periodic sample testing on automatically filed SARs to ensure their quality and accuracy.

The Interpretive Letter determined that this proposed process is consistent with the OCC's rule on suspicious activity reporting.⁴ In reaching this conclusion, the OCC emphasized, among other things, that the bank would have risk-based "guardrails" to ensure that higher-risk transactions are routed to manual reviewers. The OCC indicated that it would review the effectiveness of the bank's guardrails and other controls during the development and implementation of the bank's automated solution.

While agreeing that the bank's proposal for automated filing of structuring SARs is consistent with applicable law, the OCC declined the bank's request for regulatory relief to conduct the initiative within a "regulatory sandbox." In this respect, the OCC emphasized its view that "a prerequisite for such innovation has always been compliance with all applicable laws and regulations at the time of implementation."

The OCC's letter did not interpret FinCEN's parallel rules on SAR filings.⁵ While FinCEN's approach to these issues clearly will be important, the OCC's guidance may indicate an openness to what the OCC described as an "agile and transparent supervisory approach" when it comes to deploying new technologies to improve the efficiency and effectiveness of BSA/AML compliance. The Interpretive Letter emphasized that the OCC "is open to engaging in regular discussions between the Bank and appropriate OCC personnel, including providing proactive and timely feedback relating to th[e] automation proposal." The same "transparent" and "proactive" approach could, in principle, also be extended to other areas of BSA/AML compliance that may benefit from greater automation and efficiency.