On June 12, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued an updated fact sheet on § 314(b) of the USA PATRIOT Act, replacing its December 2020 version. The update clarifies the permissibility of real-time information sharing, expands guidance on fraud-related sharing, and addresses several questions about who can participate and how information can be used.

Background

Section 314(b) allows financial institutions and associations of financial institutions to share information with one another under a safe harbor that protects them from liability, for the purpose of identifying and reporting activities that may involve money laundering or terrorist financing. Participation is voluntary, but FinCEN strongly encourages it as a tool for managing illicit financing risks.

What’s New

The updated fact sheet addresses several key issues:

  • Fraud is expressly covered. FinCEN confirms that fraud offenses are specified unlawful activities (SUAs) for money laundering purposes under 18 U.S.C. § 1956. A financial institution does not need to identify specific fraud proceeds being laundered;  it need only suspect that activity may involve a fraud-related SUA to share information under the § 314(b) safe harbor.
  • Real-time sharing is permitted. Neither § 314(b) nor FinCEN’s implementing regulations specify the method or timing of information sharing. Financial institutions may share information verbally, in writing, or through electronic platforms, including in real time as activity is occurring.
  • Sharing need not be tied to a specific customer or transaction of the receiving institution. A registered financial institution may share information with another registered institution even if the receiving institution has no existing relationship with the individual or entity involved. The receiving institution may use such information, for example, to strengthen its anti-money laundering and countering the financing of terrorism (AML/CFT) program or to decide whether to establish or maintain an account.
  • Non-financial institution entities can form and operate associations. FinCEN confirms that the entity forming and operating an association of financial institutions for purposes of § 314(b) need not itself be a regulated financial institution or an affiliate of one, so long as the association otherwise complies with § 314(b) requirements.
  • Foreign sharing has limits. Information received under § 314(b) may be shared with a foreign affiliate or subsidiary solely for permitted purposes, but such sharing will not benefit from the § 314(b) safe harbor unless the foreign entity qualifies as a financial institution under FinCEN’s regulations. Financial institutions should also consider applicable obligations under other U.S. and foreign laws, including the Gramm-Leach-Bliley Act and the Right to Financial Privacy Act.
  • Joint SARs remain available. Financial institutions that identify suspicious activity through § 314(b) collaboration may file joint suspicious activity reports (SARs). However, § 314(b) does not relax SAR confidentiality rules. Financial institutions remain prohibited from disclosing a SAR or revealing its existence, except that institutions that have filed or are considering filing a joint SAR may discuss it among themselves.

What Can Be Shared

The fact sheet provides a broad, non-exhaustive list of information that may be shared under § 314(b), including transaction data, video surveillance footage, cyber-related data such as IP addresses and geolocations, device identification numbers, account-related decisions and supporting research, transaction monitoring alerts, and indicators of suspicious activity. The Bank Secrecy Act (BSA) imposes no limitations on sharing personally identifiable information where sharing is otherwise consistent with § 314(b), and imposes no restrictions on the types of information shared (with the exception of SARs).

Participation Requirements

To benefit from the § 314(b) safe harbor, financial institutions and associations of financial institutions must:

  1. Register through FinCEN’s Financial Industry Portal (FI Portal) at fincen.gov.
  2. Verify that any institution with which they share information is also a registered § 314(b) participant.
  3. Maintain procedures to safeguard the security and confidentiality of shared information and use it only for AML/CFT purposes, account decisions, or BSA compliance.

Eligible participants include banks, money services businesses, broker-dealers, mutual funds, insurance companies, loan and finance companies, and other financial institutions subject to an AML program requirement under FinCEN regulations, as well as associations of such institutions.

Our Take

The updated fact sheet reflects FinCEN’s continued effort to encourage broader use of the § 314(b) program as a tool for combating financial crime. The explicit confirmation that fraud sharing is covered, and that sharing need not be tied to a specific transaction of the receiving institution, removes two common points of uncertainty that have historically led some institutions to be overly cautious in their use of the program. Financial institutions should review their § 314(b) policies and procedures in light of this updated guidance to ensure they are taking full advantage of the safe harbor’s scope.