TBA Law Blog

Posted by: Kathryn Edge on Aug 1, 2018

Journal Issue Date: Aug 2018

Journal Name: August 2018 - Vol. 54, No. 8

The news is full of intrigue, innuendo, and perhaps even a few facts associated with certain financial transactions connected to a number of “politically exposed people” or “PEPs.” A PEP is an individual who, because of his or her prominent public functions or position, may present a higher risk for potential involvement in corruption, abuse of influence, or bribery because of the position he or she holds. A “PEFP” is a “politically exposed foreign person.” This column has discussed the Bank Secrecy Act in prior issues, but with increased focus on whether certain PEPs have engaged in activities that have come under scrutiny by the Department of Justice, it is important to understand just what may and may not be disclosed by a financial institution.

The Bank Secrecy Act (BSA) requires that a financial institution file a Suspicious Activity Report (SAR) when the financial institution suspects any of the following:

  • Criminal violations involving insider abuse in any amount;
  • Criminal violations aggregating $5,000 or more when a suspect can be identified;
  • Criminal violations aggregating $25,000 or more regardless of a potential suspect;
  • Transactions conducted or attempted by, at or through the financial institution or its affiliate and aggregating $5,000 or more, if the financial institution or affiliate knows, suspects or has reason to suspect that the transaction:
    • May involve potential money laundering or other illegal activity (e.g., financing of terrorism);
    • Is designed to evade the BSA or its implementing regulations;
    • Has no business or apparent lawful purpose or is not the type of transaction that the particular customer would normally be expected to engage and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or
    • Involves the use of the financial institution to facilitate criminal activity.

A “transaction” includes a deposit, including a withdrawal from a deposit account; a transfer between accounts; an exchange of currency; an extension of credit; a purchase or sale of any stock, bond, certificate of deposit or other monetary instrument or investment security; or any other payment, transfer or delivery by, to or through a financial institution.[1]

A financial institution may not notify the subject of a SAR that the report has been filed with the Federal Financial Institutions Examination Council (FinCEN). Financial institutions are required to establish internal policies and procedures that help ensure the confidentiality of SARs. The mere disclosure of the existence of a SAR is limited, and compliance personnel are often confounded by what may and may not be disclosed and to whom. FinCEN’s rules provide that any document or other information that affirmatively states that a SAR has been filed constitutes information that would reveal the existence of a SAR and is, therefore, also deemed confidential. In addition, a financial institution must also afford confidentiality to any document that states that a SAR has not been filed in a particular situation.

Not all documents related to a SAR are confidential. The underlying facts, transactions and documents upon which a SAR may be based are not confidential. For example, a financial institution may produce documents that say that suspicious activity has been detected as long as the documents do not say whether a SAR exists. FinCEN’s rules further provide that any financial institution or any director, officer, employee or agent of a financial institution who is subpoenaed or otherwise requested to produce a SAR or information that would reveal the existence of a SAR must decline to produce the information and must provide notice of the request to FinCEN. FinCEN has adopted several rules of construction to describe certain situations that are not covered by the prohibition against disclosure of SARs or information that would reveal the existence of a SAR. In summary, a financial institution may disclose a SAR:

  • To certain affiliates, provided that the affiliate is itself subject to the rules governing the submission of SARs;
  • To state financial institutions regulatory agencies if the state law permits the regulatory agency to examine the financial institution for compliance with state and federal laws and regulations;
  • To a self-regulatory organization (SRO) that examines the financial institution with the permission of the financial institution’s primary federal regulator; and
  • With the permission of FinCEN, to civil enforcement authorities such as the Securities and Exchange Commission.

In addition, financial institutions may disclose a SAR to “appropriate law enforcement agencies, including appropriate state and local law enforcement agencies.”[2] FinCEN’s guidance provides that “an appropriate law enforcement agency” is any agency that has jurisdiction under federal or state law to investigate or prosecute any person or entity involved in the transaction reported on the SAR. According to FinCEN, appropriate law enforcement agencies include, among others, the FBI, ATF, ICE, State Attorneys General and District Attorneys General, the Internal Revenue Service and State taxing authorities, and any United States Attorney.[3] Law enforcement agencies that do not have direct access to BSA data may make requests to FinCEN for both access and analytical support relating to their investigations. Law enforcement may reach out to financial institutions to locate accounts and transactions of persons who may be involved in terrorism or significant money laundering under Section 314(a) of the USA PATRIOT Act.

Good public policy dictates the confidentiality of SARs. In an excellent article published in the October 2007 issue of The Banking Law Journal, authors Alex C. Laktos and Mark G. Hanchet[4] discuss the policy underlying the confidentiality of SARs, particularly concerning civil litigation. They note that “non-disclosure advances important law enforcement interests and objectives. A policy of strict confidentiality encourages financial institutions to report fully even marginally suspicious activity without the fear of civil exposure for themselves or their customers. Routine disclosure of SARs on the other hand, would likely render banks more reluctant to prepare reports — which would have serious consequences. For example, law enforcement would lose the benefit of potentially important information or it could ‘tip off’ a criminal wishing to evade detection. More generally, liberal disclosure could reveal the methods by which banks are able to detect suspicious activity. Permitting the release of SARs through civil discovery could, thus, harm the very law enforcement interest that the SAR reporting requirement set forth in the Annunzio-Wylie Anti-Money Laundering Act, as embodied in the relevant parts of the BSA, was meant to promote.”[5]

Leak of Confidential Documents

In mid-May, according to a report by Ronan Farrow, a contributing writer to The New Yorker, news outlets obtained financial records that appear to show that Michael Cohen, one of President Trump’s personal attorneys, had used a shell company to receive certain payments. These records were apparently leaked to the media by a law enforcement official who had “grown alarmed after being unable to find two important reports on Cohen’s financial activity in a government database.”[6] The missing documents were apparently SARs that should have been maintained by FinCEN. Some have speculated that FinCEN may have restricted access to the reports because of the sensitive nature of the information at the request of Special Prosecutor Robert Mueller, the FBI or the Southern District of New York in order to keep a lid on various investigations. At this writing, the Treasury Department’s Inspector General has launched a probe into the leak. FinCEN has issued a statement which neither confirms nor denies the purported SARs.

This writer’s personal view is that the leaker may be in serious trouble regardless of his or her motives — there is no safe harbor in the law for a person who unlawfully discloses a SAR. Traditional whistleblower defenses are unlikely to apply. The unauthorized disclosure of a SAR carries civil penalties of up to $100,000 for each violation and criminal penalties of up to $250,000 and/or imprisonment not to exceed five years. Federal law enforcement will be hard pressed not to pursue charges against the law enforcement official given the notoriety of the matter.

Failure to enforce the confidential nature of SARs is likely to impair public confidence in the system (can we stand any more of that?) and most certainly will threaten financial institutions’ willingness to report suspicious activity except in the most black-and-white cases.


  1. Federal Financial Institutions Examination Council Bank Secrecy Act/Anti-Money Laundering Examination Manual, Suspicious Activity Reporting – Overview (www.ffiec.gov/bsa_aml_infobase/Pages_manual/OLM_015.htm).
  2. Vartanian and Pann, “Disclosure of Suspicious Activity Reports: Who Can Disclose It and Where Can It Go?”
  3. “Financial Crimes Enforcement Network SAR Activity Review: Trends, Tips & Issues,” available at http://www.fincen.gov.
  4. Messrs. Lakatos and Hanchet are partners in the firm of Mayer, Brown, Rowe & Maw LLP.
  5. Lakatos and Hanchet cite the following for support of these concerns: Cotton v. PrivateBank & Trust Co., 235 F. Supp. 2d 809, 815 (N.D. Ill 2002).
  6. Farrow, Ronan, “Missing Files Motivated the Leak of Michael Cohen’s Financial Records,” The New Yorker, May 16, 2018.

Kathryn Reed Edge KATHRYN REED EDGE is a member in the Nashville office of Butler Snow LLP with offices in Tennessee, Mississippi, Alabama, Colorado, Pennsylvania, Georgia, Louisiana, New York, Texas, New Mexico, North Carolina, Massachusetts, Virginia, Washington, D.C., Singapore, Hong Kong and London, England. She is a member of the firm’s Finance, Real Estate and Restructuring Group and concentrates her practice in representing regulated financial services companies. She is past president of the Tennessee Bar Association and a former member of the editorial board for the Tennessee Bar Journal.