Do you remember that children’s game called “Telephone” that you played long ago at birthday parties, on car trips or around campfires? You know — the game where one person passes a message to the next, and then to the next? The message evolves as it travels, inevitably surprising and confounding everyone by the time it reaches the end of the circle.
We have been similarly surprised and confounded by a message we repeatedly hear from clients relating to board reporting of Suspicious Activity Reports (“SARs”). After researching the origins and accuracy of this message, we found that, as in the game “Telephone,” this message may have originated with regulatory agencies, but it has been passed on and has since evolved into an instruction that is wholly incorrect.
Here is the incorrect message:
Members of a bank’s board of directors (for their own protection) should not be permitted to see specific information included in SARs, such as the subject’s names and the substantive narrative.
Here is the correct message:
Members of a bank’s board of directors should be provided, and should always have access to all information included in SARs filed by their bank. That being said, board reports including specific information about the SARs (e.g., names and narratives) should not be maintained by the bank in any sort of formal board record that might become the subject of a court subpoena.
Banks are generally prohibited from disclosing SARs, or information related to the existence of SARs, to “any person involved in the transaction” that is reported within the SAR. FinCEN has issued guidance clarifying that this prohibition effectively precludes the disclosure of the SAR to anyone, but the prohibition does not prevent the disclosure of the information underlying the SAR so long as the secrecy of the SAR’s existence is in no way implicated. In the context of litigation, FinCen has advised banks that they should not admit or deny the existence of a SAR and that they should not disclose a SAR in response to discovery requests or certain subpoenas. The unauthorized disclosure of a SAR can be a federal criminal offense.
Because board records are frequently the subject of subpoenas in civil lawsuits (e.g., shareholder lawsuits), the regulatory agencies have informally advised banks not to maintain actual copies of the SARs that are reported to directors (or at least redact names and narratives) with official board records. If the confidential information is not kept with board records, the bank will be less likely to get caught in-between an official judicial order to produce documents on the one hand and a possible criminal violation on the other.
We have always understood that, despite the above-described obligation of confidentiality, a bank’s board of directors should always have access to all information in SARs filed by their institution. In response to all of the confusion, we have informally confirmed this conclusion with the applicable regulatory agencies. Based upon those conversations, below are our recommendations regarding board reporting for SARs.
- The Bank Secrecy Act (“BSA”) Officer should present all information relating to SARs (including names and narratives) to the board of directors on a regular basis.
- The board should review and approve that information, and then the information should be collected by the BSA Officer and retained in a confidential file at the financial institution (after proper filing with FINCen).
- The bank’s official board records should not include specific information about the SARs reviewed by the board, but they should document the fact that the board reviewed and approved the SARs. For example, the board minutes might indicate only that “the board reviewed and approved six SARs at its January meeting.”
Remember, a bank’s board of directors is ultimately responsible for all aspects of the institution’s compliance with law, including the Bank Secrecy Act. The only time that information regarding SARs should be withheld from any board member would be if the SAR related to the actions of that particular board member. In such case, the board should review the applicable SAR in a confidential meeting where the subject board member was not present.