OCC, FDIC encourage banks to share data on fraud

Img

  • Key insight: Fincen's guidance expands the types of information banks can share about suspected fraud and illicit activity while protecting participating institutions from liability.
  • Supporting data: Banks can share information including transaction records, video footage, IP addresses, device identifiers and fraud indicators.
  • Forward look: The guidance comes as the Treasury pushes to overhaul anti-money-laundering rules and focus resources on higher-risk threats.

The Office of the Comptroller of the Currency and the Federal Deposit Insurance Corp. Thursday afternoon issued dual bulletins encouraging banks to opt into voluntarily sharing information about suspected illicit activity under recent Treasury guidance.In a fact sheet issued last month by the Treasury's Financial Crimes Enforcement Network, the agency clarified the scope of Section 314(b) of the PATRIOT Act, which provides participating financial institutions immunity when they opt to share information between participating firms. Except for suspicious activity reports, which are confidential, there's a wide range of what institutions can swap before illicit activity has actually occurred. 

Processing Content

"Fincen strongly encourages financial institutions to participate in the program as information sharing between and among financial institutions can assist financial institutions in managing illicit financing risks," the guidance states. "And can ultimately provide the government with highly useful information to identify and prevent financial crime."

Neither the OCC nor the FDIC guidance imposed new regulatory requirements, but the Fincen guidance they refer to made a number of updates. Among the most significant of these is a directive explicitly allowing banks to use the safe harbor to share information involving suspected fraud, even if they have not identified specific purposes for the proceeds of the fraud. 

"The financial institution or association of financial institutions need not have identified specific proceeds of fraud being laundered to trigger the protections of the section 314(b) safe harbor, which extends to sharing information where a financial institution 'suspect[s] possible terrorist or money laundering activities,' including fraud activity that may be a [specified unlawful activity] for money laundering purposes," the updated Fincen guidance said. 

The guidance also clarifies that banks may share information even when suspicious activity does not result in a completed transaction. Institutions can exchange information about "attempts to engage in transactions" they suspect involve money laundering or terrorist financing, as well as attempts to recruit participants into money mule schemes.

The guidance also allows banks to share information with other participating firms even when they do not know whether it relates to a specific customer or incident at the receiving bank, including for purposes such as strengthening fraud detection or deciding whether to open or maintain an account in the future. 

The Bank Policy Institute applauded the FDIC and OCC's move and called for congressional action to enshrine the safe harbors in the law. 

"Today's FDIC and OCC guidance encouraging participation in the program will strengthen financial institutions' ability to identify criminal activity and protect consumers. We encourage the other financial regulators to follow suit," they said in a statement. "We also call on Congress to further expand safe harbors for fraud information sharing between banks and to establish safe harbors for information sharing across sectors."

Former Fincen Director Himamauli "Him" Das noted last month that the Fincen guidance gives banks more certainty about sharing potentially sensitive information without running into legal liability. 

"The fact sheet should provide greater clarity to banks that information that can be shared pursuant to the 314(b) safe harbor is expansive, short of the requirement that SARs must remain confidential," Das wrote in an email. "Financial institutions have asked questions about the scope of information that can be shared, and may have been reluctant to share information drawn from more innovative technologies, and the fact sheet should help assuage some of these concerns."