CUNA Comment Letter
Proposed Revisions to the Filing Requirements for Suspicious Activity Reports
August 28, 2006
Ms. Mary Rupp
Secretary of the Board
National Credit Union Administration
1775 Duke Street
Alexandria, VA 22314-3428
Dear Ms. Rupp:
The Credit Union National Association (CUNA) appreciates the opportunity to provide comments on NCUAs proposed revisions to the agencys filing requirements for suspicious activity reports (SARs). The proposal would: clarify the definition of reportable activity; incorporate reporting and filing instructions required by the SAR form and Treasury Department Bank Secrecy Act (BSA) regulations; detail record retention requirements, especially as pertains to supporting documentation; mandate prompt notification of the board of directors of SAR filings; address the confidentiality of SARs; and include safe harbor liability protection for credit union officials and employees who file a SAR. By way of background, CUNA represents about 90 percent of our nations approximately 8,800 state and federal credit unions, which serve nearly 87 million members.
SUMMARY OF CUNAS COMMENTS
- We support NCUAs proposal to include fundamental SAR filing guidance directly in the agencys regulation. This may make it easier for some credit union staff to look up that information.
- However, we believe that NCUA should clarify several aspects of the provision on director notification in order to eliminate potential confusion. We think that provision should explain that notification is flexible in terms of format and timing and is dependant on the individual credit union situation.
- Given the number of issues that come up from time to time relating to SARs, we urge the agency to add an appendix to the rule enumerating reference materials that credit unions may find useful in answering some of their questions.
DISCUSSION OF CUNAS COMMENTS
CUNA appreciates NCUAs efforts to revise its rules to provide greater detail and clarity concerning the reporting requirements, filing procedures and other important aspects of SARs. As the Board acknowledged in voting to issue the proposed revisions for public comment, SAR filing requirements and the Bank Secrecy Act (BSA) generate a lot of comments and questions from credit unions. We believe that generally the revised rule would provide credit unions with basic information concerning SARs in a single location, the result being a useful reference tool. While the proposed rules in large part reiterate the Treasury Departments regulations at 31 CFR 103.18, Reports by Banks of Suspicious Transactions, and the guidance in the Instructions Section of the SAR form, it may be helpful and convenient for some credit unions to have them in one central spot in NCUAs regulations.
However, we have some concerns with the provision on notification to the board of directors. The proposal states:
The management of the credit union must promptly notify its board of directors, or a committee designated by the board of directors to receive such notice, of any SAR filed.
The provision as currently proposed does not provide sufficient direction to credit union management as to what is expected to meet compliance obligations.
We recommend NCUA clarify three specific aspects of this provision. First, there is no indication of the format in which these reports should be prepared. We recommend permitting reports in summary format containing only the nature and substance of the suspicious activity. We believe that a mandate for the reports to reference the names or confidential information of the suspected individuals in each SAR filing would be contrary to the intent behind BSA. Further, revealing such information in the reports could result in damage to the reputation of the named individuals and/or the credit union. We encourage NCUA to restate the Federal Financial Institutions Examination Council (FFIEC) Bank Secrecy Act/Anti-Money Laundering Manual section on notification to the board of SAR filings. In particular, the section indicates that institutions should have the flexibility in structuring their format. Therefore, [institutions] may, but are not required to, provide actual copies of SARs to the board of directors or a board committee. Alternatively, [institutions] may opt to provide summaries, tables of SARs filed for specific violation types, or other forms of notification.
Second, it is unclear what is intended in the director notification provision by the term promptly. Current practice at many credit unions is to provide a report quarterly or at the regular board meeting, normally held on a monthly basis. In a specific case it may not be prudent to wait that long. The rule should take into account that it may be necessary that in those limited situations to notify the board in a more timely manner. Since reporting to the board is contingent on the volume and frequency of SAR filings as well as the potential urgency of a specific SAR, the term promptly should be read flexibly.
Third, the proposal directs notification to be given to the board of directors, or a committee designated by the board of directors to receive such notice . It would be helpful to clarify the term designated committee. For instance, the SAR regulations of the Office of the Comptroller of the Currency and the Office of Thrift Supervision state, shall promptly notify its board of directors, or a committee of directors or executive officers designated by the board of directors to receive notice.
Our member credit unions have operational questions regarding various SAR compliance issues that arise, such as NCUAs expectations for systems required to be in place to identify suspicious transactions and to monitor accounts for suspicious activity, including structuring. Another example of a question we have heard from some of our members involves Financial Crimes Enforcement Network (FinCEN) guidelines suggesting that institutions report continuing suspicious activity by filing a report at least every 90 days. It is not clear how long credit unions must continue filing follow-up SARs if law enforcement does not act upon the information. Some credit unions also have concerns about the disclosure of SAR supporting documentation to police or other authorities as it seems to contradict the proposed provision on confidentiality of reports (Section 748.1(c)(5)). It also seems to conflict with the appropriate procedures when declining to produce information in response to a subpoena or court order, as required under the proposed confidentiality provision. Clarification of these issues would be extremely beneficial for credit unions.
We recommend that NCUA include an appendix to the rule which lists some of the principal materials and guidance relating to SARs that credit unions could consult to answer such questions. Some of the items could include: the BSA/AML Manual; citation to NCUAs web page entitled Suspicious Activity Report; NCUA Letter to Credit Unions re. BSA Frequently Asked Questions; the FinCEN Helpline as well as Financial Institutions Hotline to contact to report possible terrorist activity; and FinCENs SAR Activity Review.
Thank you for the opportunity to share our comments on NCUAs proposed revisions to its SAR rules. If you have any further questions, please contact me at firstname.lastname@example.org or at (202) 508-6743.
Senior Regulatory Counsel