March 01, 2002

The USA PATRIOT Act gave financial institutions and government agencies unprecedented leeway to share information. Following up with the details, the Treasury published its proposed regulations for information-sharing in the Federal Register on Feb. 26th, which marks the start of a 30-day comment period before the groundbreaking regulations take effect.

The regulations describe how information will be shared between law enforcement agencies and financial institutions, and how financial institutions and associations can share information amongst themselves.

The new rules will create significant opportunities for financial technology firms to create linkages between the customer databases spanning the financial services industry, if only for the purpose of sharing suspicions held about their customers. It's an open question as to which industry associations or networks will take the lead in developing the communications networks permitted under the new regulations.

Under the proposed regulations, Federal law enforcement agencies would supply FinCEN with the names of individuals, entities or organizations "reasonably suspected based on credible evidence" of engaging in money laundering or terrorist activities.

In turn, FinCEN would pass those names onto financial institutions, which would be required to search their records for matching accounts or transactions, going back as far as FinCEN requests.


If a match was found, the financial institution would have to provide information about the account or transaction, including "all identifying information provided by the account holder in connection with the establishment of each such account." FinCEN can request the information via e-mail or other designated means. Then, FinCEN would notify law enforcement, which would be able to follow up with the financial institution directly if necessary.

No other action would be required of the financial institution under the proposed regulations, meaning that the bank could continue to do business as usual with the suspected terrorist or suspected money launderer. However, that's not likely.

Banks would have explicit permission to use FinCEN's information to determine whether to establish or maintain an account, or to engage in a transaction. That means a bank could close an account based on FinCEN's information - as long as the former account holder wasn't told that FinCEN was involved.


Banks would also be able to close accounts based on information from other financial institutions or from industry associations, based on their own research and analysis outside of that received from FinCEN.

Financial institutions would be able to obtain an annual certification enabling them to share information with other certified entities. The Treasury chose to offer an annual certification instead of requiring case-by-case permission for each individual communication. "After considering both the need for flexibility for financial institutions as well as the need to ensure that the right to share information under this section is not being used improperly, Treasury and FinCEN determined that the certification should be effective for a one-year period on the date of the certification."

Shared information could only be used for "detecting, identifying or reporting on activities that the financial institution or association suspects may involve possible money laundering or terrorist activities," or for "determining whether to establish or maintain an account, or to engage in a transaction."

If a financial institution was found to have misused shared information by using it in any other fashion, its certification would be revoked. That would cut off the institution from the flow of information with its peers, which may have damaging consequences to its reputation and to its ability to ferret out illegal activity.

Read the regs!