The Financial Crimes Enforcement Network issued a final rule,
effective January 3, 2011, that amended the Bank Secrecy Act with
respect to the confidentiality of suspicious activity reports (“SARs”).
The regulations require broker-dealers to make the SARs and any
supporting documentation available to any self-regulatory
organization that examines the broker-dealer for compliance with the
requirements of the SAR rule upon the SEC’s request. On January 26,
2012, the Commission sent a
letter to FINRA CEO Richard Ketchum advising that it expects
FINRA to implement the SEC’s request in accordance with the SAR
rule. On the same date, Carlo di Florio, the director of the SEC’s
Office of Compliance Inspections and Examinations, sent a
letter to the CEOs of SEC-registered, FINRA member
broker-dealers advising them that the SEC has reminded FINRA of its
responsibilities under the Bank Secrecy Act and the SAR rule to
preserve the confidentiality of SAR materials.
In its letter to Ketchum, the SEC advised that,
in accordance with the SAR rule, it requests that all
SEC-registered, FINRA member broker-dealers that are subject to
examination by FINRA for compliance with the SAR rule make the
reports, any supporting documentation and any other information that
would reveal the existence of, or any decision not to file a SAR,
available to FINRA. The request also applies to FINRA examinations
and investigations, including FINRA’s risk assessment effort within
its examination program, provided that FINRA takes all appropriate
steps to ensure that the SAR, or the existence of a SAR, is kept
confidential throughout the enforcement and investigatory process.
Broker-dealers may contact the SEC’s SAR alert
message line at 202-551-7277 if they have any concerns about FINRA’s
implementation of the SEC’s request. FINRA is required to fulfill
its responsibilities under the Bank Secrecy Act and the SAR rule to
protect the confidentiality of SAR materials. The unauthorized
sharing of SAR materials is illegal and could result in criminal or
civil sanctions. Any SRO registered with the SEC, or any director,
officer, employee or agent must not disclose a SAR, or any
information that would reveal the existence of a SAR, except as
necessary to fulfill self-regulatory duties with the consent of the
SEC.