The point of the confidentiality of SARs and tipping off gets us back to the FATF and FATF Recommendation 21 in particular.  According to Recommendation 21, which is even called “Tipping-off and confidentiality”, Financial institutions, their directors, officers, and employees should be prohibited by law from disclosing the fact that a suspicious transaction report or related information is being filed with the FIU.” 

Confidentiality Of SARs And Tipping Off

One of the main concerns related to sharing of SARs, or sharing the fact that a SAR has been filed or the underlying SAR information, is ensuring their confidentiality, which is critical to the effective functioning of the reporting regime.  The effectiveness of a SAR report is connected to the extreme confidentiality required for such reporting.  At no time is the person under investigation told about the pending report. 

Likewise, any discussion with outside groups such as media companies is considered an unauthorized disclosure and is a federal criminal offense.  When a financial institution or financial institution files a SAR, they must take significant steps to ensure the information provided is reviewed at multiple stages by financial investigators, company management, and attorneys before finalizing the SAR.  Maintaining a high level of confidentiality is vital. 

As a result, special privileges protect people who submit suspicious activity reports, whether as a part of a company or on their own.  The individual (or organization) is not required to disclose their name and is immune to the discovery process.  All reporters receive immunity for statements made in the SAR.

Simultaneously, tipping off or telling the SAR subject that a SAR has been filed is forbidden.  This prevents the SAR subject from being alerted that a law enforcement investigation action will start or is underway.  The concept of tipping-off differs from jurisdiction to jurisdiction and also within different institutions.  Tipping-off always includes the persons connected to a SAR. 

In some jurisdictions, the fact a SAR is filed can be shared on a need-to-know basis with colleagues within an institution like superiors or even with other financial institutions when a common transaction is part of the SAR.  The 4th EU AML Directive allows entities to share information within the EU and countries with comparable AML regimes like the US, Australia, or Japan.

Besides, the confidentiality of SARs is needed so that the subject of SAR and third parties are not tipped off, as this can adversely affect intelligence gathering and investigation and enable persons to abscond or dispose of assets.  Confidentiality also protects the reputation of the person who is the subject of a SAR.  Finally, confidentiality protects the safety and security of the person filing the report, and breaches of confidentiality can potentially undermine the entire suspicious transaction reporting regime.  

The confidentiality of SARs and tipping off can get more complex if such sharing occurs across borders, where different national laws come into play.  These may include, for example, national provisions relating to discoverability and production of available records, including STRs filed in the host country and shared with group-compliance in the home country in the home country’s judicial proceedings, access to databases of financial institutions by national authorities.  

Some jurisdictions have harsh tipping-off rules.  These can include a requirement that institutions avoid approaching a client for additional information about suspicious activity or transactions, even if this could explain the seemingly unusual behavior. Confidentiality of SARs and tipping off always has serious consequences.  

To make sure that you are on the safe side, make sure to check your local laws and regulations and your institution’s policies to be sure your actions do not count as tipping-off.

Guidance On Maintaining SAR Confidentiality

FinCEN reminds financial institutions to be cautious about keeping SARs confidential. The Confidentiality of SARs and tipping off. This includes informing all employees, agents, and individuals appropriately entrusted with SAR information of their individual obligation to maintain SAR confidentiality. This obligation extends not only to the SAR itself, but also to information that would reveal the existence (or lack thereof) of the SAR. Similarly, such individuals should be made aware of the consequences of failing to maintain such confidentiality, which may include civil and criminal penalties as described herein.

A financial institution may consider including such information as part of its ongoing employee training. Furthermore, financial institutions may want to remind their counsel of the strict confidentiality requirements for SARs. Additional risk-based measures to improve SAR confidentiality could include, among other appropriate security measures, limiting access on a “need-to-know” basis, restricting areas for reviewing SARs, logging of SAR access, using cover sheets for SARs or information that reveals the existence of a SAR, or providing electronic notices that highlight confidentiality concerns before a person may access or disseminate the information.

Is The Information contained in the SAR Held Securely?

To protect the confidentiality of SARs, all users must follow specific guidelines. When the NCA receives a SAR, it stores it in a secure database. Access to this database is strictly restricted to appropriate law enforcement and government agency personnel.

May I Inform A Client/Customer That I Have Made A Report?

You must not say anything to your client/customer that could sway an investigation. Once you have submitted your SAR, you must remember not to make any disclosures that could constitute a tipping off offense. This is covered by Section 333A of the POCA or Section 21D of the Terrorism Act of 2000. In such cases, the NCA does not provide or approve standard wording for you to use.

It is therefore advised that you carefully consider how you will handle your relationship with the subject after submitting the SAR. This is especially true if the subject is a client or customer of your company. If you are unsure, you should consult with your supervisor or a professional body.

What Is Obtaining A Defense Against Money Laundering Or Is Terrorist Property In Terms Of SARs?

Individuals and businesses in general, not just those in regulated sectors, may use a defense against a primary money laundering or terrorist financing offense for a specific future activity that they believe may involve criminal proceeds.

The NCA may provide a reporter with a defense to those charges, and the relevant power is found in sections 335 of the POCA (seeking ‘appropriate consent’) and s21ZA of the TACT (seeking ‘prior consent’).

A reporter can file a SAR in which they describe their suspicions about the activity or the individual, the actual activity for which they seek a defense, and the proceeds of crime. The NCA has seven working days to respond to the reporter, and if the decision is to provide a defense, the reporter will receive an email along with a letter informing them of the decision.

If the NCA decides to deny the reporter’s defense, the activity must be halted for a further 31 calendar days, or until further notified by the NCA. When the NCA decides to refuse, the reporter will be notified by phone and will receive an email with a letter informing them of the decision.

Final Thoughts

The Financial Crimes Enforcement Network (FinCEN) is issuing this Advisory to remind financial institutions, and particularly the lawyers who advise them, of the need to keep Suspicious Activity Reports confidential (SARs) and the confidentiality of SARs and tipping off. FinCEN is concerned that an increasing number of private parties seeking SARs from financial institutions for use in civil litigation and other matters are not authorized to know the existence of filed SARs. Financial institutions, as well as their current and former directors, officers, employees, agents, and contractors, are prohibited from disclosing SARs or any information that could lead to the discovery of a SAR.

FinCEN recognizes that a confidentiality of SARs and tipping off increase in the number of requests for SARs to be used in private litigation may increase the likelihood of unauthorized disclosure of a SAR. This is especially true when external counsel is unfamiliar with the SAR confidentiality regulations. For the unauthorized disclosure of a SAR, financial institutions and their current and former directors, officers, employees, agents, and contractors may face civil and criminal penalties.