• Key insight: The guidance makes explicit that fraud qualifies for the 314(b) safe harbor, and that a bank need not first identify laundered fraud proceeds to be covered.
• Expert quote: Daniel Stipano, a former longtime OCC official now at Davis Polk, cautioned that the statute's safe harbor covers money laundering, not fraud, and that "the safe harbor has never been tested judicially, so it is not clear whether a court would agree with FinCEN's interpretation."
• Forward look: The protection rests on guidance a later administration could rewrite; the industry wants the safe harbor written into statute.

Overview bullets generated by AI with editorial review.

The Treasury Department issued guidance to banks last week saying they may share information about suspected fraud with one another in real time and that the law protects them if they do so.

On Friday, the Financial Crimes Enforcement Network, or Fincen, updated its fact sheet on Section 314(b) of the USA PATRIOT Act. That provision lets banks trade information to catch money laundering and related crimes without getting sued for alleged privacy violations.

The new version says suspected fraud falls under that protection. It also named the specific kinds of data they can pass along.

Many banks have been wary of comparing notes about suspected fraud with other institutions over a lack of confidence that the law shields them when they do.

The update asserts that it does. But the guidance represents Fincen's reading of the law, not the statute's text. No court has tested whether Section 314(b) actually covers fraud, and some experts argue that Congress needs to address the matter, not just the executive branch.

What's newly spelled out

The fact sheet "expands upon and replaces" Fincen's December 2020 version, according to the document, clearly counting suspected fraud as allowable grounds for sharing data.

Specifically, the fact sheet adds fraud to the category of "specified unlawful activities" that underlie many money-laundering charges.

Under the new guidance, a bank that suspects fraud may share what it knows under the safe harbor. The bank does not first have to find specific fraud proceeds being laundered to qualify; it need only suspect that the activity involves fraud.

The guidance also lists what banks can exchange. It includes transaction records, video surveillance footage, cyber data such as IP addresses and the geographic location of a device, device identification numbers and behavioral red flags.

One situation in which a bank should see a red flag, per the guidance, is when a customer adds a new payee, then soon thereafter initiates a large transfer to it. Other examples include accounts sharing identifying details and a bank seeing logins to the same account from far-apart places.

Many older limits hold. For example, a bank still cannot share a suspicious activity report or reveal that one exists.

Any bank wishing to share or receive information under the updated guidance, as before the update, must register with Fincen.

Also, banks may only use the info they receive under this sharing regime to fight money laundering, including the underlying fraud, not for other purposes.

Fraud rides bank rails

Consumers reported losing $15.9 billion to fraud last year, the Federal Trade Commission told a congressional committee in March. That is the total across 3 million reports and is up from about $12 billion in 2024.

Counting the losses people never report, the commission estimated the real cost of fraud in 2024 (the most recent year it modeled) could have reached $195.9 billion. That squares with the "hundreds of billions" Treasury Secretary Scott Bessent cited when he announced the guidance.

These losses run through banks. The commission said consumers' largest losses last year came not from cryptocurrency but from money sent to scammers through bank payments.

Additionally, a mule account (one a scammer uses to move stolen money) at one bank is often tied to victims at another. That gap is what real-time sharing is meant to close.

Changes welcome, but banks want it in statute

Treasury said the guidance is part of a broader anti-fraud campaign by the administration.

Bessent sits on the White House Task Force to Eliminate Fraud, led by Vice President JD Vance. Treasury tied the update to overhauling the anti-money-laundering system "in partnership with the Federal banking agencies."

That task force, which President Trump created by executive order in March, is targeting fraud in federal benefit programs such as Medicaid and food assistance, not the comparatively much larger volume of consumer scams the guidance issued last week addresses.

Banks welcomed the clarification and asked for more. The Bank Policy Institute, which represents large, regional and foreign banks, called the guidance "a critical step in helping banks to disrupt fraud and scams in real-time" in a statement released Friday.

The group in its reaction then pressed Congress and other agencies to "remove legal uncertainty" and "establish clear safe harbor protection for banks."

Himamauli Das, a former acting director of Fincen now at the financial-crimes advisory firm K2 Integrity, said the fact sheet gives banks much of the clarity they have sought. It "unambiguously states that fraud is covered by the 314(b) safe harbor and provides legal reasoning to justify its conclusion," he said.

But guidance does not bind the way a law or regulation does, Das said. Rather, he said the fact sheet's reasoning "should provide the clarity needed for financial institutions to proactively share information connected to fraud," leaving banks "fewer reasons not to participate" as fraud and identity theft climb.

Banks have also been unsure which kinds of data the safe harbor lets them share, Das said, and have hesitated over information drawn from "more innovative technologies." The fact sheet's explicit list of what they can exchange, from IP addresses to behavioral red flags, should help ease that concern.

Other lawyers see less novelty in the move. Daniel Stipano, a partner at Davis Polk & Wardwell who spent more than 30 years at the Office of the Comptroller of the Currency, said banks have reason to want more than a fact sheet.

The law's safe harbor covers suspected money laundering and terrorist financing, not fraud itself, he said. Fincen's interpretation that fraud is covered has not been tested in court.

"The safe harbor has never been tested judicially, so it is not clear whether a court would agree with Fincen's interpretation," Stipano told American Banker.

He also doubted the update breaks much new ground, calling it "largely consistent with Fincen's prior interpretation."

Even where the safe harbor applies, banks "can always be sued if a customer believes that their personal information was wrongfully disclosed," Stipano said, and regulators will still check that any sharing followed the rules.

So the info sharing protection currently rests solely on guidance, which a later administration could rewrite.