Keeping secrets: SAR confidentiality

Many credit union compliance professionals are familiar with Suspicious Activity Reports (SARs). Section 748.1(c) of the NCUA regulations, and section 1020.320 of the FinCEN regulations require a credit union to file a SAR in certain situations. However, even when a SAR is not required, a credit union may choose to file one voluntarily if it feels a transaction merits the attention of law enforcement.

Despite the fact many credit unions file SARs regularly, they are not allowed to talk about them – federal laws and regulations impose strict confidentiality rules relating to SARs. Section 1020.230(e) states that the SAR itself, as well as any information that would reveal the existence of a SAR, is confidential and may not be disclosed unless a specific exception applies. This means that, in most circumstances, a credit union is prohibited from disclosing whether a SAR has been filed, even when a member wants to know if he or she has been the subject of a SAR.

Let’s review some of the other aspects of this confidentiality:

  • Subpoenas. Section 1020.230(e)(i) specifically states that a credit union should not disclose a SAR, or information that would reveal the existence of a SAR, even if that information is requested in a subpoena. If a credit union receives such a subpoena, then the regulation instructs the credit union to decline to produce the SAR or information sought and to notify FinCEN of the request and the credit union’s response to it.


continue reading »