View PDF

The full text on this page is automatically extracted from the file linked above and may contain errors and inconsistencies.

l l★K

Federal Reserve Bank of Dallas
2200 N. PEARL ST.
DALLAS, TX 75201-2272

October 31, 2003

Notice 03-63
TO: The Chief Executive Officer of each
financial institution and others concerned
in the Eleventh Federal Reserve District
SUBJECT
New Bank Secrecy Act Examination Procedures
Relating to the USA PATRIOT Act
DETAILS
The USA PATRIOT Act established new and enhanced measures to prevent, detect, and
prosecute money laundering and terrorism. For the most part, the measures directly affecting banking
organizations are implemented through regulations issued by the U.S. Department of the Treasury
(31 CFR Part 103) and set forth as amendments to the Bank Secrecy Act (BSA). Since Treasury
issued the regulations to implement the requirements of Sections 313, 314, and 319 of the act, the
Federal Reserve and the other federal banking agencies have been working together to update their
BSA examination procedures.
The procedures are designed to help banking organizations implement the new BSA
requirements and to facilitate a consistent supervisory approach among the financial institutions
supervisory agencies.
ATTACHMENT
A copy of the Board’s SR Letter 03-17 is attached.
MORE INFORMATION
For more information, please contact Tom Atkins at (214) 922-6238, or Bill Overbeck, at
(214) 922-6268, Banking Supervision Department. Paper copies of this notice or previous Federal
Reserve Bank notices can be printed from our web site at www.dallasfed.org/banking/notices/
index.html.

For additional copies, bankers and others are encouraged to use one of the following toll-free numbers in contacting the Federal
Reserve Bank of Dallas: Dallas Office (800) 333-4460; El Paso Branch Intrastate (800) 592-1631, Interstate (800) 351-1012;
Houston Branch Intrastate (800) 392-4162, Interstate (800) 221-0363; San Antonio Branch Intrastate (800) 292-5810.

BOARD OF GOVERNORS
OF THE
FEDERAL RESERVE SYSTEM
WASHINGTON, D. C. 20551
DIVISION OF BANKING
SUPERVISION AND REGULATION

SR 03-17
October 20, 2003
TO THE OFFICER IN CHARGE OF SUPERVISION AND APPROPRIATE SUPERVISORY AND EXAMINATION STAFF AT
EACH FEDERAL RESERVE BANK AND TO EACH DOMESTIC AND FOREIGN BANKING ORGANIZATION
SUPERVISED BY THE FEDERAL RESERVE
SUBJECT:

New Bank Secrecy Act Examination Procedures Relating to the USA PATRIOT Act

The USA PATRIOT Act (Act) established new and enhanced measures to prevent, detect and prosecute
money laundering and terrorism. For the most part, the measures directly affecting banking organizations are
implemented through regulations issued by the U.S. Department of the Treasury (31 CFR Part 103) and set forth as
amendments to the Bank Secrecy Act (BSA).1 Since Treasury issued the regulations to implement the requirements
of sections 313, 314, and 319 of the Act, the Federal Reserve and the other federal banking agencies have been
working together to update their BSA examination procedures. This SR letter notifies supervisory staff and domestic
and foreign banking organizations supervised by the Federal Reserve that the new BSA examination procedures
have been developed.
As described in more detail in the attached examination procedures and in SR letter 01-29, section 313 of
the Act prohibits banking organizations from establishing, maintaining, administering, or managing correspondent
accounts with "shell" banks (e.g., foreign banks that have no physical presence in any jurisdiction). Section 314 of
the Act facilitates the sharing of information regarding suspected terrorist financing and money laundering activities
between banking organizations and law enforcement agencies and among banking organizations themselves.
Section 319 of the Act requires the maintenance of certain records, including records related to the ownership of
foreign banks.
Treasury's regulations implementing sections 313 and 319 of the Act became effective on
October 28, 2002 (31 CFR 103.177 and 31 CFR 103.185), and the regulation implementing section 314 of the Act
became effective on September 26, 2002 (31 CFR 103.100 and 31 CFR 103.110).
The Federal Reserve has developed the attached BSA examination procedures to evaluate the
compliance of banking organizations with these new regulations. The procedures were developed in consultation
with the Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, Office of Thrift
Supervision, and National Credit Union Administration. The procedures are designed to help banking organizations
implement the new BSA requirements and to facilitate a consistent supervisory approach among the financial
institutions supervisory agencies. 2 The examination procedures allow supervision staff to tailor the examination
scope according to the reliability of a banking organization's compliance management system and the level of risk
assumed by the organization.
The Federal Reserve is incorporating these procedures into an update to its overall Bank Secrecy
Act/Anti-Money Laundering examination procedures. As other provisions of the Act are implemented through new
regulations, additional procedures will be issued in a similar format.
Reserve Banks are asked to distribute this SR letter to the domestic and foreign banking organizations
supervised by the Federal Reserve and to their examination staff. Questions may be addressed to
Pamela J. Johnson, Senior Anti-Money Laundering Coordinator, at (202) 728-5829; Thomas M. McKay, Senior
Special Anti-Money Laundering Examiner, at (202) 452-2638; or Laurie A. Bender, Senior Special Anti-Money
Laundering Examiner, at (202) 452-3794.
Richard Spillenkothen
Director
Attachment (131 KB PDF)
Cross Reference: SR letter 01-29

Notes:
1. SR letter 01-29 , dated November 26, 2001, describes the provisions of the USA PATRIOT Act that affect

banking organizations.

2. The new BSA examination procedures are being shared with state bank regulatory authorities to assist their
evaluation of state chartered banking organizations.

October 2003

Bank Secrecy Act Examination Procedures
for
Correspondent Accounts for Foreign Shell Banks; Recordkeeping and
Termination of Correspondent Accounts for Foreign Banks
Introduction
On October 28, 2002, a final regulation implementing sections 313 and 319(b) of the
USA PATRIOT Act became effective (refer to 31 CFR 103.177 and 103.185). The regulation
implemented new provisions of the Bank Secrecy Act (BSA) that relate to foreign correspondent
accounts.
31 CFR 103.177 prohibits a covered financial institution (CFI) from establishing,
maintaining, administering, or managing a correspondent account1 in the United States for, or on
behalf of, a foreign shell bank. A foreign shell bank is defined as a foreign bank without a
physical presence in any country.2 An exception, however, permits a CFI to maintain a
correspondent account with a foreign shell bank that is a regulated affiliate.3 This section also
requires that a CFI take reasonable steps to ensure that a correspondent account for a foreign
bank is not being used indirectly to provide banking services to foreign shell banks.
A CFI that maintains a correspondent account in the United States for a foreign bank
must also maintain records in the United States identifying the owners of each foreign bank. 4 A
1

For purposes of this regulation, a correspondent account is an account established by a covered financial institution
for a foreign bank to receive deposits from, to make payments or other disbursement on behalf of a foreign bank, or
to handle other financial transactions related to the foreign bank. An account means any formal banking or business
relationship established to provide regular services, dealings, and other financial transactions, and includes a demand
deposit, savings deposit, or other transaction or asset account and a credit account or other extension of credit.
2

Physical presence means a place of business that:
• Is maintained by a foreign bank;
• Is located at a fixed address (other than solely an electronic address or a post-office box) in a country in
which the foreign bank is authorized to conduct banking activities, at which location the foreign bank:
−Employs one or more individuals on a full-time basis; and
−Maintains operating records related to its banking activities; and
• Is subject to inspection by the banking authority that licensed the foreign bank to conduct banking activities.

3

A regulated affiliate is a shell bank that is affiliated with a depository institution, credit union, or foreign bank that
maintains a physical presence in the United States or in another jurisdiction. The regulated affiliate shell bank must
also be subject to supervision by the banking authority that regulates the affiliated entity.

4

To minimize the recordkeeping burdens, ownership information is not required for foreign banks that file a form
FR-7 with the Federal Reserve or for those that are publicly traded. Publicly traded refers to shares that are traded
on an exchange or an organized over-the-counter market that is regulated by a foreign securities authority as defined
in section 3(a)(50) of the Securities Exchange Act of 1934.

1

October 2003
CFI must also record the name and street address of a person who resides in the United States
and who is authorized, and has agreed, to be an agent to accept service of legal process. The
Department of the Treasury, working with the industry and federal bank regulatory and law
enforcement agencies, developed a “certification process” to assist CFIs with compliance. This
process included developing certification and recertification forms. While the use of these forms
is not required, a CFI will be “deemed to be in compliance” with this regulation if it obtains at
least once every three years, a certification or recertification form from the foreign bank (see
http://www.treas.gov/press/releases/docs/appa.pdf).
The regulation also contains specific provisions as to when CFIs must obtain the required
information or close correspondent accounts. CFIs must obtain certifications (or recertifications)
or otherwise obtain the required information within 30 calendar days after the date an account is
established and at least once every three years thereafter. (For accounts in existence on October
28, 2002, initial certifications should have been obtained by March 31, 2003.) If the CFI is
unable to obtain the required information, it must close all correspondent accounts with the
foreign bank within a commercially reasonable time.
Should a CFI, at any time, know, suspect, or have reason to suspect that any information
contained in a certification (or recertification) or that any other information relied upon is no
longer correct, the CFI must request that the foreign bank verify or correct such information, or
take other appropriate measures to ascertain its accuracy. Therefore, financial institutions should
review certifications for potential problems that may warrant further review such as use of post
office boxes or forwarding addresses. If the CFI has not obtained the necessary or corrected
information within 90 days, it must also close the account within a commercially reasonable
time.
During this period, the CFI may not permit the foreign bank to establish any new
financial positions or execute any transactions through the account, other than those transactions
necessary to close the account. Also, a CFI may not establish any other correspondent account
for the foreign bank until it obtains the required information.
A CFI must also retain the original of any document provided by a foreign bank, and the
original or a copy of any document otherwise relied upon for the purposes of this regulation for
at least five years after the date that the CFI no longer maintains any correspondent account for
the foreign bank.
Under 31 CFR 103.185, the Secretary of the Treasury or the U.S. Attorney General may
issue a subpoena or summons to any foreign bank that maintains a correspondent account in the
United States and may request a CFI to produce records relating to that account, including
records maintained abroad, relating to the deposit of funds into the foreign bank. Upon receipt of
a written request from a federal law enforcement officer, a CFI must produce the required
records within seven days (refer to 31 CFR 103.177). The Secretary of the Treasury or the U.S.
Attorney General may also, by written notice, direct a CFI to terminate its relationship with a
foreign correspondent bank that has failed to comply with a subpoena or summons or that has
failed to initiate proceedings to contest a subpoena or summons. If a CFI fails to terminate the
correspondent relationship within ten days of receipt of notice, it could be subject to a civil

2

October 2003
money penalty of up to $10,000 per day until the correspondent relationship is terminated. Also,
upon request by the financial institution’s federal regulator, a financial institution must provide
or make available records related to anti-money laundering compliance within 120 hours.

Request Letter Items
It is suggested that examiners request the following items to facilitate the examination.
This should include items since the last BSA/AML examination or the regulation’s effective date
of October 28, 2002, such as:
•

A copy of the CFI’s policies and procedures, including the policies for any of its foreign
branches, regarding foreign correspondent accounts.

•

A copy of any audit reports covering foreign correspondent accounts, including any audit
regarding the CFI’s foreign branches.

•

A list of all foreign correspondent accounts, including a list of foreign banks, for which
the CFI provides or provided regular services, and the date on which the required
information was received (either by completion of a certification or by other means).

•

A list of the CFI’s foreign branches and the steps the CFI has taken to determine that its
accounts with its branches are not used to indirectly provide services to foreign shell
banks.

•

A list of all foreign correspondent accounts, and relationships with foreign banks, that
have been closed or terminated due to nonconformance with 31 CFR 103.177 (i.e.,
service to foreign shell banks; records of owners and agents).

•

Any request from a federal law enforcement officer for information regarding foreign
correspondent accounts and evidence of compliance.

•

Any notice to close foreign correspondent accounts from the Secretary of the Treasury or
the U.S. Attorney General and evidence of compliance.

•

A copy of any Suspicious Activity Reports (SARs) filed relating to the requirements of
31 CFR 103.177 (i.e., service to foreign shell banks; records of owners and agents).
Also, include the analysis or documentation where a SAR was considered, but where the
decision was made not to file a SAR.

Examination Procedures
In accordance with agency guidelines, examiners should determine which procedures
should be completed (if any) by focusing on the areas of particular risk. For CFIs that do not
have foreign branches and foreign correspondent accounts, the procedures would not apply.
3

October 2003
Otherwise, the selection of procedures to be employed will depend upon the adequacy of the
CFI’s compliance management system and level of risk identified. The procedures outlined
below are designed to help examiners determine whether a CFI has implemented adequate
policies and procedures to comply with this BSA regulation, including procedures to: prevent
maintenance of correspondent accounts for foreign shell banks; ensure that correspondent
accounts for foreign banks are not being used indirectly to provide banking services to foreign
shell banks; maintain records in the United States identifying the owners of foreign banks; record
the name and street address of a person who can accept service of legal process; and comply with
requests for records.
1. Evaluate the CFI’s policies and procedures for foreign correspondent accounts. The policies
and procedures should address, at a minimum, the responsible party for obtaining and
managing certifications/information; the process for identifying foreign correspondent
accounts, and sending, tracking, receiving, and reviewing certification requests/requests for
information; evaluating the quality of the responses/information; closing accounts;
maintaining and keeping records current; and procedures for determining if and when SARs
should be filed. The CFI should also maintain sufficient internal controls, provide ongoing
training, and independently test its compliance with the regulation.
2. Determine whether the CFI has on file a current certification or the required current
information on each foreign correspondent account. [31 CFR 103.177(a)]
3. Based on a risk assessment, previous examination reports, and/or a review of the CFI’s audit,
select a sample of certifications/information and obtain any customer due diligence or other
relevant information related to such accounts. Evaluate the certifications/information for
completeness and reasonableness. Also, review the information on the certification forms
and any due diligence information to determine whether the CFI has adequate documentation
to evidence that it does not maintain accounts for, or indirectly provide services to, foreign
shell banks. [31 CFR 103.177(a)]
4. If the CFI has foreign branches, review the requested information to determine that it has
taken reasonable steps to ensure that any correspondent accounts maintained for its foreign
branches are not used indirectly to provide banking services to a foreign shell bank.
5. Based on a risk assessment and/or a review of the CFI’s audit, select a sample of closed
accounts. Determine, if applicable, whether or not: that the account was closed in a
commercially reasonable time period, that no new financial positions were taken upon
notification of closing, and that no accounts were re-established without obtaining the
required information. [31 CFR 103.177(d)]
6. Review any written requests from a federal law enforcement officer for information
regarding foreign correspondent accounts and verify that the CFI responded within seven
days. Evaluate SARs and SAR documentation relating to these accounts and determine
whether the decision to file or not to file a SAR was well supported. [31 CFR 103.185(c)].

4

October 2003
7. Review any notifications to close a foreign correspondent account from the Secretary of the
Treasury or the U.S. Attorney General and verify that the account was closed within ten
business days. Evaluate SARs and SAR documentation relating to these accounts and
determine whether the decision to file or not to file a SAR was well supported. [31 CFR
103.185(d)].
8. Determine whether the CFI retains the original of any document (including electronic and
facsimile documents) provided by a foreign bank, and the original (or a copy) of any
document otherwise relied upon for the purposes of this regulation for at least five years after
the date that the financial institution no longer maintains any correspondent account for the
foreign bank.

5

October 2003

Bank Secrecy Act Examination Procedures
for
Special Information-Sharing Procedures to Deter Money-Laundering and
Terrorist Activity
Introduction
On September 26, 2002, a final regulation implementing section 314 of the USA
PATRIOT Act became effective (refer to 31 CFR 103.100 and 31 CFR 103.110). The regulation
established procedures for information sharing to deter money laundering and terrorist activity.
Section 314(a) of the USA PATRIOT Act (31 CFR 103.100)
Information sharing between law enforcement and financial institutions
A federal law enforcement agency investigating terrorist activity or money laundering
may request that the Treasury Department’s Financial Crimes Enforcement Network (FinCEN)
solicit, on its behalf, certain information from a financial institution or a group of financial
institutions. The law enforcement agency must provide a written certification to FinCEN
attesting that credible evidence exists. It must also provide specific identifiers such as date of
birth and address that would permit a financial institution to differentiate among common or
similar names. Upon receiving an adequate written certification from a law enforcement agency,
FinCEN may require a financial institution to search its records to determine whether it
maintains or has maintained accounts for or has engaged in transactions with any specified
individual, entity, or organization.
Upon receiving a request, a financial institution is required to conduct a one-time search
of its records (within a time period designated by FinCEN) to identify any current account, or
any account maintained in the last 12 months for a named suspect and to identify any transaction
conducted outside of an account by or on behalf of a named suspect (including funds transfers),
during the preceding six months. The records that must be searched are specified in the request.
If a financial institution identifies any such account or transaction, it must report back to
FinCEN that it has a match. No details should be provided to FinCEN other than the fact that the
financial institution has a match. A negative response is not required. A financial institution
may provide a list of named suspects to a third-party service provider or vendor to
perform/facilitate record searches so long as it takes the necessary steps to ensure that the third
party safeguards the information.
The regulation restricts the use of the information provided in a “314(a) request.” If the
request contains multiple suspects, it is often referred to as a “314(a) list.” A financial institution
may use the information only to report back the required information to FinCEN, to determine
whether to establish or maintain an account or engage in a transaction, or to assist in BSA
compliance. While the 314(a) list could be used to determine whether to establish or maintain an
account, FinCEN strongly discourages financial institutions from doing so unless the request
specifically states otherwise. This is because unlike the Office of Foreign Assets Control
6

October 2003
(OFAC) lists, 314(a) lists are not permanent “watch lists.” In fact, 314(a) lists generally relate to
one-time inquiries and are not updated or corrected if an investigation is dropped, a prosecution
is declined, or a subject is exonerated. Further, the names do not correspond to convicted or
indicted persons; rather a 314(a) subject need only be “reasonably suspected” based on credible
evidence of engaging in terrorist acts or money laundering. Therefore, FinCEN advises that
inclusion on a 314(a) list should not be the sole factor used to determine whether to open or
maintain an account for a subject named in a 314(a) request or the sole factor in determining
whether to file a SAR.
On the other hand, actions taken pursuant to information provided in a request from
FinCEN do not affect a financial institution’s obligations to comply with all of the rules and
regulations of OFAC nor do they affect a financial institution’s obligations to respond to any
legal process. Additionally, actions taken in response to a request do not relieve a financial
institution of its obligation to file a SAR and to notify immediately law enforcement, if
necessary, in accordance with applicable laws and regulations.
A financial institution cannot disclose to any person, other than to FinCEN, its primary
bank regulator, or the federal law enforcement agency on whose behalf FinCEN is requesting
information, the fact that FinCEN has requested or obtained information. FinCEN has stated that
an affiliated group of financial institutions may establish one point-of-contact to distribute the
314(a) list for the purpose of responding to requests. However, the 314(a) lists should not be
shared with foreign affiliates or foreign subsidiaries (unless the request specifically states
otherwise), and the lists cannot not be shared with affiliates, or subsidiaries of bank holding
companies, that are not financial institutions. This limits sharing to those financial institutions
subject to an anti-money laundering program rule (refer to 31 CFR 103.110(a)(2)). The
underlying information contained in a 314(a) request may be shared with other financial
institutions but the fact that FinCEN requested such information may not be disclosed. A
financial institution may choose to file a 314(b) notice to avail itself of the statutory safe harbor.
(Refer to the discussion on section 314(b) in these procedures.)
Each financial institution must maintain adequate procedures to protect the security and
confidentiality of requests from FinCEN. The procedures to ensure confidentiality will be
considered adequate if the financial institution applies procedures similar to those it established
to comply with section 501 of the Gramm-Leach-Bliley Act (15 U.S.C. 6801) with regard to the
protection of its customers’ nonpublic personal information.
FinCEN has provided financial institutions with General Instructions, Frequently Asked
Questions (FAQs), and additional guidance relating to the 314(a) process. Please note that these
documents may be revised periodically and other related documents may be found on FinCEN’s
Web site: http://www.fincen.gov/index.html.

7

October 2003
Section 314(b) of the USA PATRIOT Act (31 CFR 103.110)
Voluntary Information Sharing
Section 314(b) encourages financial institutions and associations of financial institutions
to share information for the purpose of identifying and reporting activities that may involve
terrorist activity or money laundering. Section 314(b) also describes a specific protection for
financial institutions from civil liability. However, in order to avail itself of this statutory safe
harbor from liability, a financial institution or an association must submit an annual notice to the
Treasury Department stating its intent to engage in information sharing and that it has established
and will maintain adequate procedures to protect the security and confidentiality of the
information. Failure to follow the section 314(b) procedures described below will not cause a
financial institution to violate the provisions of section 314(b), but will result in the loss of the
statutory safe harbor and could result in a violation of privacy laws or other laws and regulations.
The notice may be submitted electronically at FinCEN’s website or via mail to FinCEN at PO
Box 39, Mail Stop 100, Vienna, VA 22183.
If a financial institution receives such information from another financial institution, it
must also limit use of the information and maintain its security and confidentiality (refer to 31
CFR 103.110(b)(4)). Such information may be used only to identify and, where appropriate,
report on money-laundering and terrorist activities; to determine whether to establish or maintain
an account; to engage in a transaction; or to assist in BSA compliance. The procedures to ensure
confidentiality will be considered adequate if the financial institution applies procedures similar
to the ones it has established to comply with section 501 of the Gramm-Leach-Bliley Act (15
U.S.C. 6801) with regard to the protection of its customers’ nonpublic personal information.
Additionally, a financial institution must take reasonable steps to verify that the other
financial institution or association of financial institutions with which it intends to share
information (including any underlying information contained in section 314(a) request) has also
submitted the required notice to FinCEN. FinCEN routinely shares the names of financial
institutions that have filed section 314(b) notices.
Actions taken pursuant to shared information do not affect a financial institution’s
obligations to comply with all OFAC rules and regulations nor do they affect a financial
institution’s obligations to respond to any legal process. Additionally, actions taken in response
to a request do not relieve a financial institution of its obligation to file a SAR and to
immediately notify law enforcement, if necessary, in accordance with all applicable laws and
regulations.
Request Letter Items
It is suggested that examiners request the following items to facilitate the examination.
This should include items since the last BSA/AML examination or the regulation’s effective date
of September 26, 2002, such as:

8

October 2003
•

A copy of the financial institution’s policy and procedures for receiving and responding
to FinCEN” section 314(a) requests for information regarding terrorist activities or
money laundering and for sharing suspected terrorist activity or money laundering
information pursuant to section 314(b) and receiving such information and protecting its
confidentiality.

•

Documentation of any positive match with a section 314(a) request.

•

A copy of any vendor confidentiality agreements regarding section 314(a) services, if
applicable.

•

Copies of any SARs filed related to section 314(a) and section 314(b) requests for, or
sharing of, information. Also, include the analysis or documentation where a SAR was
considered, but where the decision was made not to file a SAR.

Examination Procedures
In accordance with agency guidelines, examiners should determine which procedures
should be completed (if any) by focusing on the areas of particular risk. The selection of
procedures to be employed will depend upon the adequacy of the financial institution’s
compliance management system and level of risk identified. The procedures outlined below are
designed to help examiners determine whether financial institutions have implemented adequate
policies and procedures to comply with this BSA regulation. Using the procedures, examiners
determine whether financial institutions have received and responded to requests from FinCEN
and whether financial institutions have used the new sharing protocols and, if so, taken the
proper steps to protect the confidentiality of any information that has been received or requested.
Section 314(a) of the USA PATRIOT Act (31 CFR 103.100)
1. Evaluate the financial institution’s policies and procedures for receiving and responding
to FinCEN requests. The policies and procedures should address, at a minimum, the
designation of a point of contact for receiving information requests; a process to ensure
that the confidentiality of the information requested is safeguarded; a process for
responding to FinCEN’s requests; and procedures for determining whether and when
SAR(s) should be filed. The financial institution should have a process to document
compliance, maintain sufficient internal controls, provide ongoing training, and
independently test its compliance with this regulation
2. Based on a risk assessment, previous examination reports, and/or a review of the
financial institution’s audit, select a sample of positive matches or recent requests to
determine whether:

9

October 2003
•

All of the required types of records and appropriate categories of accounts and
transactions were searched. [31 CFR 103.100(b)(2)(i)] Because of the difficulties
FinCEN encountered in developing and implementing an electronic distribution list,
examiners should focus their review on the time period after the financial institution
began receiving FinCEN requests.

•

For positive matches:
-Verify that a response was provided to FinCEN within the designated time
period. [31 CFR 103.100(b)(2)(ii)]
-Review the financial institution’s documentation (including account analysis) to
evaluate how the financial institution determined whether or not a SAR was
warranted. Financial institutions are not required to file SARs solely on the basis
of a match with a named subject, instead account activity should be considered in
determining whether or not a SAR is warranted.

3. Through discussions with management, determine whether the information was used only
in the manner and for the purposes allowed and was kept secure and confidential.
[31 CFR 103.100(b)(2)(iv)]
4. If the financial institution uses a third-party vendor to perform or facilitate searches,
determine that there is an agreement and/or procedures to ensure confidentiality.
5. Review the financial institution’s internal control process to determine that there is
adequate documentation to evidence compliance. Such documentation could include, for
example, copies of the 314(a) requests; a log that records the tracking numbers with a
sign-off column; or copies of the request cover page with a sign-off, indicating that the
records were checked, along with the date of the search and search results (e.g.,
positive/negative). For positive matches, copies of the form returned to FinCEN along
with supporting documentation should be retained. Failure to maintain records could be
indicative of weak internal controls.
Section 314(b) of the USA PATRIOT Act (31 CFR 103.110)
1. Through discussions with management, determine whether the financial institution
intends to share, or shares, information on transactions/activities that may involve
terrorist activity or money laundering with other financial institutions and associations.
(Note: This is a voluntary process.) If yes:
•

Evaluate the financial institution’s policies and procedures for sharing information
and receiving shared information. The policies and procedures should address, at a
minimum, the designation of a point of contact for receiving and providing
information; ensuring the safeguarding and confidentiality of the information
received and requested; a process for sending and responding to requests, which
ensures that the financial institution or associations of financial institutions with
whom the financial institution intends to share information have filed the proper

10

October 2003
notice; and procedures for determining whether and when SAR(s) should be filed.
The financial institution should have a process in place to document compliance,
should maintain sufficient internal controls, provide ongoing training, and
independently test its compliance with these regulations.
2. Notify the examiners reviewing the privacy rules if the financial institution is sharing
information with other entities and is not following the procedures outlined in [31 CFR
103.110(b)].
3. Through a review of the financial institution’s documentation (including account
analysis) on a sample of the information shared and received, evaluate how the financial
institution determined whether or not a SAR was warranted. Financial institutions are not
required to file SARs solely on the basis of a match with a named subject. Instead,
account activity should be considered in determining whether or not a SAR is warranted.

11

BOARD OF GOVERNORS
OF THE
FEDERAL RESERVE SYSTEM
WASHINGTON, D. C. 20551
DIVISION OF BANKING
SUPERVISION AND REGULATION

SR 01-29
November 26, 2001
TO THE OFFICER IN CHARGE OF SUPERVISION AND APPROPRIATE SUPERVISORY AND EXAMINATION STAFF AT
EACH FEDERAL RESERVE BANK AND TO EACH DOMESTIC AND FOREIGN BANKING ORGANIZATION
SUPERVISED BY THE FEDERAL RESERVE
SUBJECT:

The USA PATRIOT Act and the International Money Laundering Abatement and
Anti-Terrorist Financing Act of 2001

Background:
On October 26, 2001, the President signed into law H.R. 3162, the USA PATRIOT Act (Act), which
contains strong measures to prevent, detect, and prosecute terrorism and international money laundering. Title III of
the Act is the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001. It includes
numerous provisions for fighting international money laundering and blocking terrorist access to the U.S. financial
system. The Act is far-reaching in scope, covering a broad range of financial activities and institutions.
The provisions affecting banking organizations are generally set forth as amendments to the Bank
Secrecy Act (BSA). These provisions relate principally to U.S. banking organizations' relationships with foreign
banks and with persons who are resident outside the United States. The Act, which generally applies to insured
depository institutions as well as to the U.S. branches and agencies of foreign banks, does not immediately impose
any new filing or reporting obligations for banking organizations, but requires certain additional due diligence and
recordkeeping practices. Some requirements take effect without the issuance of regulations. Other provisions are to
be implemented through regulations that will be promulgated by the U.S. Department of the Treasury, in consultation
with the Federal Reserve Board and the other federal financial institutions regulators.
This SR letter briefly describes the provisions of the Act that should receive banking organizations' and
Federal Reserve supervisors' immediate attention. The letter also describes new rules that are required to be issued
or may be issued by Treasury under the Act. All banking organizations supervised by the Federal Reserve should
ensure that their compliance staffs carefully review the Act and prepare to implement its provisions within appropriate
timeframes.
At this time, there are several provisions of the Act that will require interpretation by Treasury. This
SR letter does not offer any interpretive guidance, but does identify some important areas where additional guidance
by Treasury will be required. In this regard, Federal Reserve staff is working closely with Treasury, other federal
regulators, financial institutions, and law enforcement in our joint efforts to implement Congressional goals.
Provisions Effective Without Issuance of Regulations
1. Prohibition on U.S. Correspondent Accounts with Shell Banks
(31 U.S.C. 5318(j); Act section 313)
Effective Date: December 25, 2001
The Act prohibits covered financial institutions from establishing, maintaining, administering, or
managing correspondent accounts with "shell banks," which are foreign banks that have no physical presence in any
jurisdiction.1 An exception, however, permits covered financial institutions to maintain correspondent accounts with
shell banks that meet certain criteria. Under the criteria, the shell bank must be affiliated with a depository institution,
credit union, or foreign bank that maintains a physical presence in the United States or in another jurisdiction, and
the shell bank must be subject to supervision by the banking authority that regulates the affiliated entity.2
The Act also provides that covered financial institutions must take "reasonable steps" to ensure that
accounts for foreign banks are not used to indirectly provide banking services to shell banks. The Act directs
Treasury to issue regulations to further define reasonable steps.
2. Availability of Bank Records (31 U.S.C. 5318(k); Act section 319(b))
Effective Date: December 25, 2001
The Act contains provisions to assist bank regulators and law enforcement authorities in obtaining
certain records from covered financial institutions.

Requests from regulators. One provision requires a covered financial institution, upon request of the
appropriate federal banking agency, to produce records relating to its anti-money laundering compliance or its
customers. Such records must be produced within 120 hours of the request.
Requests from law enforcement. The Act provides that Treasury or the U.S. Attorney General may issue
a subpoena or summons to any foreign bank with a correspondent account in the United States and request records
relating to that account, including records maintained abroad about deposits into the foreign bank. To facilitate this
process, a covered financial institution that has a correspondent account for a foreign bank must maintain in the
United States:
a. Records identifying the owners of the foreign bank, and
b. The name and address of a person in the United States who is authorized to accept service of
legal process on behalf of the foreign bank. This means that the foreign bank must designate
an agent for service of process.
The covered financial institution must produce the records described above in (a) and (b) within seven days of
receipt of a written request of a law enforcement officer.
Treasury worked with the banking industry, Federal Reserve staff and other federal regulators, and law
enforcement agencies to develop a "certification" process to assist covered financial institutions to comply with
sections 313 and 319(b) of the Act. Treasury publicly released a notice on the certification and related guidelines on
November 20, 2001. (See, Treasury's web site at http://www.treas.gov/press/releases/po813.htm.)
Termination of Accounts. Treasury or the U.S. Attorney General may, by written notice, direct a covered
financial institution to terminate its relationship with a foreign correspondent bank that has failed to comply with a
subpoena or summons or has failed to initiate proceedings to contest a subpoena or summons. If the covered
financial institution fails to terminate the correspondent relationship within 10 days of receipt of notice, it could be
subject to a civil money penalty of up to $10,000 per day.
3. Due Diligence for Private Banking and Correspondent Accounts
(31 U.S.C. 5318(i); Act section 312)
Effective Date: Regulations to be proposed by April 24, 2002; whether or not regulations are
issued, provision is effective on July 23, 2002
General Due Diligence. The Act requires due diligence by all financial institutions that maintain,
administer, or manage private banking accounts or correspondent accounts in the United States for
non-United States persons.3 With respect to all such accounts, U.S. institutions must have "appropriate, specific and,
where necessary, enhanced due diligence policies, procedures, and controls that are reasonably designed to detect
and report instances of money laundering through those accounts." Treasury, in consultation with the Federal
Reserve Board and the other federal financial institutions regulators, is directed to issue regulations clarifying this
general requirement.
Additional Standards for Certain Correspondent Accounts. The Act requires additional measures for
correspondent accounts of foreign banks that either are licensed by particular jurisdictions or operate under offshore
banking licenses.4 The particular jurisdictions specified by the Act are (1) jurisdictions designated by
intergovernmental groups (such as the Financial Action Task Force) as non-cooperative with international
anti-money laundering standards, and (2) jurisdictions designated by Treasury as warranting special measures due
to money laundering concerns.5
For correspondent accounts of foreign banks operating under the licenses described above, a
U.S. financial institution has the following additional obligations:
If shares of the correspondent foreign bank are not publicly traded, the U.S. financial institution
must take reasonable steps to identify each of the owners of the foreign bank and the nature
and extent of each owner's interest.
The U.S. financial institution must take reasonable steps to conduct enhanced scrutiny of the
correspondent account to identify suspicious transactions.
The U.S. financial institution must take reasonable steps to ascertain whether the
correspondent foreign bank has correspondent banking relationships with other foreign banks
and, if so, the U.S. financial institution must identify such other banks and conduct general due
diligence (as described above) with respect to them.
The Act does not specify whether this provision applies to all correspondent accounts maintained by
such foreign banks or only to certain types of correspondent accounts. The Act sets forth only minimum requirements
for the "enhanced scrutiny" required for these accounts, and does not define "reasonable steps." Future Treasury
regulations should provide additional guidance.
Private Banking Account Minimum Due Diligence Standards. The Act specifies minimum standards for
private banking accounts, defined as accounts with minimum deposits of $1 million that are assigned to or managed

by a person who acts as a liaison between a financial institution and the beneficial owner(s). For all private banking
accounts maintained by or on behalf of non-United States persons, the financial institution must report suspicious
transactions and keep records of: (1) the names of all nominal and beneficial owners, and (2) the source of funds
deposited in those accounts.
For any private banking account requested or maintained by or on behalf of a senior political figure or his
or her immediate family members or close associates, the financial institution must conduct enhanced scrutiny of the
account to detect any transactions that may involve proceeds of foreign corruption. These requirements are in
accordance with current Federal Reserve guidance, as set forth in SR letter 01-3, "Guidance on Enhanced Scrutiny
for Transactions That May Involve the Proceeds of Foreign Official Corruption." However, Treasury may in the future
impose additional or different requirements.
Areas to be Covered by Future Regulatory Action
1. Special Measures" for Certain Jurisdictions, Financial Institutions, International Transactions,
and Accounts (31 U.S.C. 5318A; Act section 311)
Effective Date: Determined by future regulation
Treasury has broad regulatory authority to require financial institutions to perform additional
recordkeeping and reporting with respect to particular financial institutions operating outside the United States,
institutions in particular jurisdictions, types of accounts, and types of transactions, if Treasury determines that such
institutions, jurisdictions, accounts, or transactions are of "primary money laundering concern."6 Treasury must
consult with the Federal Reserve Board and other agencies as appropriate in determining whether to impose specific
measures. The measures may be imposed by regulation or by order; however, any measure other than a regulation
must expire within 120 days.
In general, the types of measures contemplated by this provision are maintenance of records and filing of
reports with information about transactions, participants in transactions, and beneficial owners of funds involved in
transactions. In addition, special measures could require due diligence with respect to the ownership of
payable-through accounts and maintenance of information about correspondent bank customers that have access to
correspondent accounts.
The Act requires Treasury, in consultation with other regulators, to issue regulations on the application of
the term "account" to non-banks. Treasury is required to define "beneficial ownership" and other terms used in this
section, as appropriate.
2. Standards for Verification of Customer Identification (31 U.S.C. 5318(l); Act section 326)
Effective Date: Regulations to be effective by October 25, 2002
Treasury is required to issue regulations for financial institutions setting forth minimum standards for
customer identification at account opening. The regulations will require verification of customer identification,
maintenance of records of verification, and comparison of identification with government lists of known or suspected
terrorists. For financial institutions engaged in financial activities described in the Bank Holding Company Act, these
regulations are to be issued jointly by Treasury and the institutions' federal functional regulators.
3. Government and Financial Institution Information Sharing (Act section 314)
Effective Date: Regulations to be issued by February 23, 2002
Treasury must issue regulations to encourage further cooperation among financial institutions, regulatory
authorities, and law enforcement, for the purpose of sharing information about persons and entities engaged in or
suspected of terrorist acts or money laundering activities. The regulations may require financial institutions to
designate points of contact for information sharing and account monitoring, and to establish procedures for protecting
information.
Effective immediately, financial institutions may, after giving notice to Treasury, share among themselves
and with financial trade associations information about persons and entities engaged in or suspected of terrorist acts
or money laundering activities. The Act provides that such sharing generally will not constitute a privacy violation of
the applicable provisions of the Gramm-Leach-Bliley Act.
4. Restrictions on Concentration Accounts (31 U.S.C. 5318(h); Act section 325)
Effective Date: Determined by future regulation
The Act grants Treasury the authority to issue regulations relating to the maintenance and use of
concentration accounts (a term not defined in the Act), but Treasury is not required to do so. The purpose of the
regulations would be to prevent the use of such accounts to obscure the identity of an individual customer of a
financial institution. In general, the regulations would prohibit customer direction of transactions through
concentration accounts, prohibit financial institution staff from giving customers any information about the financial
institution's concentration accounts, and require written procedures governing documentation of transactions
involving concentration accounts.

Suspicious Activity Reporting
1. Clarification of Safe Harbor (31 U.S.C. 5318(g); Act section 351)
Effective immediately
Current law protects financial institutions from civil liability for reporting suspicious activity. The Act
provides that this protection does not apply if an action against the institution is brought by a government entity.
Current law prohibits financial institutions and their employees from disclosing that a suspicious activity
report has been filed. The Act amends current law to prohibit such disclosure by any federal, state, or local
government employee, except as necessary to fulfill that employee's official duties.
2. Disclosure in Employment References (31 U.S.C. 5318(g); 12 U.S.C. 1828(w);
Act sections 351 and 355)
Effective immediately
The Act amends the prohibition on disclosure of suspicious activity reports (SARs) and the safe harbor
for liability so that information that has been reported as suspicious may be disclosed by a financial institution in a
written employment reference or a written termination notice provided to a self-regulatory agency. However, while
the information may be disclosed in these circumstances, the financial institution may not disclose the fact that a SAR
was filed.
The Act also amends the Federal Deposit Insurance Act (12 U.S.C. 1828) to provide authority for insured
depository institutions and uninsured branches or agencies of foreign banks to disclose suspicions of illegal activity
(but not the fact that a SAR was filed) to other such institutions in written employment references for
institution-affiliated parties. The Act does not impose any affirmative duty to make such disclosures. This
amendment contains the limitation that an institution and its agents may be civilly liable for any disclosure that is
"made with malicious intent."
Other Areas Covered by the Act
1. Forfeiture of Funds in U.S. Interbank Accounts (18 U.S.C. 981(k); Act section 319)
Effective immediately
The Act expands the circumstances under which funds in a U.S. interbank account may be subject to
forfeiture.7 If a deposit of funds in a foreign bank outside of the United States is subject to forfeiture, and the foreign
bank maintains an interbank account at a covered financial institution, U.S. law enforcement can seize the funds in
the U.S. account as a substitute for the foreign deposit. Law enforcement is not required to trace the funds seized in
the United States to the deposit abroad.
2. Anti-Money Laundering Program Requirement (31 U.S.C. 5318(g); Act section 352)
Effective Date: April 24, 2002
Section 352 of the Act imposes on all financial institutions an anti-money laundering program
requirement. The program must include components similar to those found in the Federal Reserve Board's
Regulation H requirements at 12 CFR 208.63. Further guidance will be issued in the event that future Treasury
regulations result in any change in the application of Regulation H to banking organizations supervised by the
Federal Reserve.
3. Filing of SARs by Securities Brokers and Dealers (Act section 356)
Effective Date: Determined by future regulation
Section 356 of the Act requires Treasury, in consultation with the Federal Reserve Board and the
Securities and Exchange Commission, to issue regulations requiring registered securities brokers and dealers to
file SARs. These regulations are to be published in preliminary form by January 1, 2002, and in final form by
July 1, 2002.
4. Penalties (31 U.S.C. 5321, 5322, 5324; Act sections 353 and 363)
Effective for future violations
The Act amends the BSA to authorize Treasury to impose penalties of up to $1 million for violations of
new 5318(i) (due diligence for private banking and correspondent accounts) and new 5318(j) (accounts with shell
banks). The Act also provides for civil and criminal penalties for violations of geographic targeting orders issued by
Treasury.
5. Secure Filing Network (Act section 362)
Effective Date: Network to be operational by July 23, 2002

The Act directs Treasury to establish within its Financial Crimes Enforcement Network a highly secure
electronic network through which reports (including SARs) may be filed and information regarding suspicious
activities warranting immediate and enhanced scrutiny may be provided to financial institutions.
6. Anti-Money Laundering Record Considered in Applications (12 U.S.C. 1828(c) and 1842(c);
Act section 327)
Effective for applications submitted after December 31, 20018
The Act amends the Bank Holding Company Act and the Federal Deposit Insurance Act to require that,
with respect to any application submitted under the applicable provisions of those laws, the Federal Reserve Board
and the other federal banking regulators must take into consideration the effectiveness of the applicants' anti-money
laundering activities, including in overseas branches.
7. Efficient Use of Cash Transaction Reports (Act section 366)
Report required by October 25, 2002
The Act directs Treasury to review the cash transaction reporting system to make it more efficient,
possibly by expanding the use of exemptions to reduce the volume of reports.
Sunset Provision
The Act includes a mechanism for expedited repeal of the Act if Congress in the future determines that
the provisions of the Act are no longer necessary. After September 30, 2004, Congress may terminate the effect of all
provisions of the Act, and any regulations promulgated thereunder, by enacting a joint resolution to that effect.
Reserve Banks are asked to distribute this letter to banking organizations in their districts that they
supervise and to supervisory staff. Questions may be addressed to Carmina Hughes, Special Counsel,
(202) 452-5235; Pamela Johnson, Senior Anti-Money Laundering Coordinator, (202) 728-5829; Nina Nichols,
Senior Attorney, (202) 452-2961; Ann Misback, Assistant General Counsel, (202) 452-3788; or Janet Crossen,
Senior Counsel, (202) 452-3281.

Richard Spillenkothen
Director

Cross Reference: SR letter 01-3
cc: General Counsel at each Federal Reserve Bank

Note:
1. Some of the BSA-related provisions in the Act apply only to "covered financial institutions," which are defined
as institutions listed in 31 U.S.C. 5312(a)(2)(A) through (G). These are: insured banks under
12 U.S.C. 1813(h); commercial banks or trust companies; private bankers; agencies or branches of foreign
banks in the United States; insured institutions under 12 U.S.C. 1724(a); thrift institutions; and brokers or
dealers registered under the Securities Exchange Act of 1934. Other provisions in the Act apply to all
financial institutions, which includes covered financial institutions and other entities such as money services
businesses (for example, check cashers and currency exchanges); investment bankers or investment
companies; credit card systems; casinos; insurance companies; and any other business so designated by
Treasury.
2. The Act defines an "affiliate" as a foreign bank that is controlled by or under common control with another
institution. A bank has a "physical presence" in a jurisdiction if it maintains a place of business at a fixed
address (other than a solely electronic address), employs full-time staff, maintains operating records, and is
subject to inspection by the bank’s licensing authority.
3. The BSA and applicable regulations define "person" expansively to include any individual, corporation,
partnership, trust or estate, joint stock company, association, syndicate, joint venture or other unincorporated
organization or group, Indian Tribes, and all entities cognizable as legal personalities. "United States" is
defined to include the States, the District of Columbia, Indian lands, and the Territories and Insular
Possessions of the United States. "Non-United States Person" generally means an individual resident outside
the United States (even if a U.S. citizen) or an entity that is located outside the United States.

4. An offshore banking license is defined as a license to conduct banking activities, where a condition of the
license is that the bank may not offer banking services to citizens of, or in the local currency of, the jurisdiction
issuing the license.
5. For designations by intergovernmental groups, the United States must be a member of the group, and the
U.S. representative must concur in the designation. For designations made by Treasury, the designation must
be made in accordance with section 311 of the Act, as described later in this SR letter.
6. The Act provides that Treasury in consultation with the Department of State and the U.S. Attorney General
may make determinations as to whether particular institutions, types of accounts, classes of transactions, or
foreign jurisdictions are of primary money laundering concern.
7. The Act uses the definition of "interbank account" in 18 U.S.C. 984(c)(2)(B), "an account held by one financial
institution at another financial institution primarily for the purpose of facilitating customer
transactions."
8. There is a question whether this provision applies to applications submitted after December 31, 2000
(including applications now pending), or to applications submitted after December 31, 2001. Clarification of
that point is being sought.


Federal Reserve Bank of St. Louis, One Federal Reserve Bank Plaza, St. Louis, MO 63102