31 CFR § 1020.320 - Reports by banks of suspicious transactions.
(1) Every bank shall file with the Treasury Department, to the extent and in the manner required by this section, a report of any suspicious transaction relevant to a possible violation of law or regulation. A bank may also file with the Treasury Department by using the Suspicious Activity Report specified in paragraph (b)(1) of this section or otherwise, a report of any suspicious transaction that it believes is relevant to the possible violation of any law or regulation but whose reporting is not required by this section.
(2) A transaction requires reporting under the terms of this section if it is conducted or attempted by, at, or through the bank, it involves or aggregates at least $5,000 in funds or other assets, and the bank knows, suspects, or has reason to suspect that:
(i) The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation;
(ii) The transaction is designed to evade any requirements of this chapter or of any other regulations promulgated under the Bank Secrecy Act; or
(iii) The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.
(b) Filing procedures -
(1) What to file. A suspicious transaction shall be reported by completing a Suspicious Activity Report (“SAR”), and collecting and maintaining supporting documentation as required by paragraph (d) of this section.
(2) Where to file. The SAR shall be filed with FinCEN in a central location, to be determined by FinCEN, as indicated in the instructions to the SAR.
(3) When to file. A bank is required to file a SAR no later than 30 calendar days after the date of initial detection by the bank of facts that may constitute a basis for filing a SAR. If no suspect was identified on the date of the detection of the incident requiring the filing, a bank may delay filing a SAR for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction. In situations involving violations that require immediate attention, such as, for example, ongoing money laundering schemes, the bank shall immediately notify, by telephone, an appropriate law enforcement authority in addition to filing timely a SAR.
(c) Exceptions. A bank is not required to file a SAR for a robbery or burglary committed or attempted that is reported to appropriate law enforcement authorities, or for lost, missing, counterfeit, or stolen securities with respect to which the bank files a report pursuant to the reporting requirements of 17 CFR 240.17f-1.
(d) Retention of records. A bank shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of filing the SAR. Supporting documentation shall be identified, and maintained by the bank as such, and shall be deemed to have been filed with the SAR. A bank shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the bank for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the bank to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act, upon request.
(e) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (e). For purposes of this paragraph (e) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this chapter.
(1) Prohibition on disclosures by banks -
(i) General rule. No bank, and no director, officer, employee, or agent of any bank, shall disclose a SAR or any information that would reveal the existence of a SAR. Any bank, and any director, officer, employee, or agent of any bank that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.
(ii) Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (e)(1) shall not be construed as prohibiting:
(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the bank for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the bank to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the bank complies with the Bank Secrecy Act; or
(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures:
(ii) In connection with certain employment references or termination notices, to the full extent authorized in 31 U.S.C. 5318(g)(2)(B); or
(B) The sharing by a bank, or any director, officer, employee, or agent of the bank, of a SAR, or any information that would reveal the existence of a SAR, within the bank's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.
(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.
(f) Limitation on liability. A bank, and any director, officer, employee, or agent of any bank, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).
(g) Compliance. Banks shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this chapter. Such failure may also violate provisions of title 12 of the Code of Federal Regulations.