Taking comments from the financial industry into consideration, the U.S. Treasury has published its final rule on the information-sharing provisions in Section 314 of the USA PATRIOT Act.
Upon receiving the name of a suspect from a regulatory or law enforcement agency, financial institutions will have to search for that name in its current accounts, all accounts maintained during the past year, and all transactions and funds transfers during the past six months. Banks will not be held responsible for checking whether a named suspect was the payee of a check.
The 12- and six-month search windows, a reduction from the originally proposed rule, will make it easier for banks to comply within the mandated 120-hour window. However, a government agency can still request that a financial institution widen the search to include activities going farther back.
Also, by default, an information request will not require a financial institution to report on the future activity of named suspects. "FinCEN anticipates that the need to report on future activity will be infrequent, and, at least for the immediate future, will be limited to individuals, entities, or organizations reasonably suspected of engaging in terrorist activity," the rule states.
Additional categories of financial institutions, including operators of credit card systems and securities broker-dealers, will be eligible to share information within the industry.
The proposed certification requirement has been replaced by an annual notification requirement, after respondents noted, "the risk of liability for filing a technically-deficient certification might deter many financial institutions from sharing information."
Financial institutions have to ascertain that entities with which they share information have also notified FinCEN.