Supporting Statement
Minimum Security Devices and Procedures,
Reports of Suspicious Activities, and
Bank Secrecy Act Compliance Program
OMB Control No. 1557-0180
A. Justification.
This supporting statement is submitted in connection with a notice of proposed rulemaking that would allow national banks and federal savings associations to submit written requests for exemptions from the requirements of the OCC’s Suspicious Activity Report regulations.
1. Circumstances that make the collection necessary:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 168.2 and 168.4): Under 12 CFR 21.2 and 21.4; and 12 CFR 168.2 and 168.4, national banks and federal savings associations are required to designate a security officer who must develop and administer a written security program. The security officer shall report at least annually to the institution’s board of directors on the effectiveness of the security program. The substance of the report shall be reflected in the board’s minutes. These requirements ensure that each institution has a security officer who is responsible for the security program and that the institution’s management and board of directors are aware of the content and effectiveness of the program. These requirements are necessary to ensure prudent institution management and safety and soundness.
Suspicious Activity Report (SAR) (12 CFR 21.11 and 12 CFR 163.180): The Financial Crimes Enforcement Network (FinCEN) and federal financial institution supervisory agencies1 adopted the SAR in 1996 to simplify the process through which depository institutions inform their regulators and law enforcement about suspected criminal activity. The SAR was updated in 1998, 2000, 2003, 2006, 2011, 2012, 2015, and 2018.
In 1992, the Department of the Treasury was granted broad authority to require suspicious transaction reporting under the Bank Secrecy Act (BSA). See 31 U.S.C. 5318(g). FinCEN, which has delegated authority to administer the BSA, joined with the federal financial institution supervisory agencies in requiring, on a consolidated form, reports of suspicious transactions. See 31 CFR 1020.320(a) (formerly 31 CFR 103.18(a)). The filing of SARs is necessary to prevent and detect crimes involving depository institution funds, institution insiders, criminal transactions, and money laundering. These requirements are necessary to ensure an institution’s safety and soundness.
Banks and savings associations are required to maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years. The documents are necessary for criminal investigations and prosecutions.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21): Under 12 CFR 21.21, national banks and savings associations are required to develop and provide for the continued administration of a program reasonably designed to assure and monitor their compliance with the BSA and applicable Treasury regulations. The compliance program must be in writing, approved by the board of directors, and the approval reflected in the minutes. These requirements are necessary to ensure institution compliance with the BSA and applicable Treasury regulations.
2. Use of the information:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 168.2 and 168.4): The OCC uses the information to ensure that national banks and savings associations carefully review the effectiveness of their security systems and comply with federal law. The information collection ensures that national banks and savings associations conduct their activities in accordance with safe and sound principles. The boards of directors of national banks and savings associations use the information to ensure that the institutions’ security systems are adequate.
SAR and Retention of Records (12 CFR 21.11 and 12 CFR 163.180): The OCC uses the SAR and the supporting documentation retained by national banks and savings associations for supervisory purposes. The information collection identifies suspicious transactions that could pose a threat to these institutions.
Effective December 31, 2012, FinCEN completed the development of a modernized information technology system containing the information collected from all filing institutions. FinCEN provides on-line access to the information to representatives of bank regulators and appropriate law enforcement agencies.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21): National banks and savings associations use the compliance program to ensure compliance with the BSA. Bank examiners review the written procedures and board approval in the examination process.
Request for Exemption from the Requirements of Suspicious Activity Report (12 CFR 21.11(m) and 12 CFR 163.180(f): Upon receiving a written request from a national bank, savings association, or service corporation, the OCC will consider whether the exemption is consistent with the purposes of the Bank Secrecy Act, if applicable, and with safe and sound banking, and may consider other appropriate factors. Such exemptions shall be applicable only as expressly stated in the exemption, may be conditional or unconditional, may apply to particular persons or to classes of persons, and may apply to transactions or classes of transactions. The OCC will notify FinCEN and consider comments with regard to any exemptions that may involve the SAR provisions relating to potential money laundering or violations of the Bank Secrecy Act and may notify FinCEN and consider comments regarding other exemption requests. The OCC will provide a written response to the national bank, savings association, or service corporation that submitted the exemption request after notifying appropriate agencies as set forth above. A national bank, savings association, or service corporation that has received an exemption may rely on the exemption for a period of time to be communicated by the OCC in its granting of the exemption. The OCC may extend the period of time or may revoke an exemption. Exemptions may be revoked at the discretion of the OCC. The OCC will provide written notice to the national bank, savings association, or service corporation of the OCC’s intention to revoke an exemption. Such notice will include the basis for the revocation and will provide an opportunity for the national bank, savings association, or service corporation to submit a response to the OCC. The OCC will consider the response prior to deciding whether or not to revoke an exemption and will notify the national bank, savings association, or service corporation of the OCC’s decision to revoke an exemption in writing.
3. Consideration of the use of improved information technology:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 168.2 and 168.4): This is an internal institution record. Institutions may use any technology that permits review by OCC examiners.
SAR (12 CFR 21.11 and 12 CFR 163.180): The SAR system uses improved information technology to reduce burden on institutions. In 2013, financial institutions transitioned to the BSA E-Filing System, which enabled the electronic filing of reports on-line with FinCEN. By offering on-line access to authorized users, FinCEN has eliminated the need for multiple filings. Because the system consolidates various forms into one, the information collected is easier to collate, analyze, and use. FinCEN also provides improved access to the SAR database for law enforcement and state and Federal regulators.
SAR Retention of Records (12 CFR 21.11 and 12 CFR 163.180): Original documents are needed for investigative and evidentiary purposes.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21): The OCC and the other bank regulators have imposed only the minimum requirements needed to satisfy the law. While the BSA/AML program must be written, national banks and savings associations may use any information technology that permits review by OCC examiners.
4. Efforts to identify duplication:
The required information is unique and is not duplicative of any other information already collected.
5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.
The rules apply to all OCC-supervised institutions regardless of asset size. The rules require that institutions report known or suspected violation of federal law or a suspicious transaction related to money laundering or a violation of the Bank Secrecy Act. The rules require institutions to report criminal matters to law enforcement authorities. The impact of the rules was minimized by setting the threshold for suspicious activities at $5,000, with the exception of insider-affiliated parties. There are no currently viable alternatives that would result in further lowering the burden on small institutions, while still accomplishing the purpose of the rule.
6. Consequences to the federal program if the collection were conducted less frequently:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; 12 CFR 168.2 and 168.4): A national bank and savings association must designate a security officer to develop and administer a written security program and report on the effectiveness of the program on an annual basis. This annual review and reporting is a necessary part of a strong security program and less frequent review and reporting could impair an institution’s safety and soundness.
SAR (12 CFR 21.11 and 12 CFR 163.180): A national bank and savings association is required to file a SAR with the appropriate federal law enforcement agencies and the Department of the Treasury on the form prescribed by the OCC and in accordance with the form's instructions. The failure to file timely SARs could be detrimental to law enforcement investigations and impede regulatory agencies’ ability to ensure the safety and soundness of institutions.
SAR Retention of Records (12 CFR 21.11 and 12 CFR 163.180): A national bank and savings association must maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21): Each national bank and savings association is required to develop and maintain a written BSA compliance program.
7. Special circumstances that would cause an information collection to be conducted in a manner inconsistent with 5 CFR part 1320:
With one exception, these recordkeeping and reporting requirements are conducted in a manner consistent with the requirements of 5 CFR part 1320. The reporting of suspicious activity on a SAR may occur more frequently than quarterly, depending on the frequency of the activity. This information must be reported in a timely manner to enable law enforcement to take appropriate action. Records must be kept for five years because substantive violations of the law that may be indicated by the suspicious activity are generally subject to statutes of limitations of longer than three years. To ensure that documents are available for prosecutions, reporting institutions must retain original evidentiary documents for five years.
8. Efforts to consult with persons outside the agency:
The OCC published a notice for 60 days of comment concerning the collection on May 6, 2019, 84 FR 19825. No comments were received.
9. Payment or gift to respondents:
None.
10. Any assurance of confidentiality:
The information is kept private to the extent permitted by law.
11. Justification for questions of a sensitive nature:
There are no questions of a sensitive nature.
12. Burden estimate:
Citation and Burden Type |
Information Collection Requirements
|
Number of Respondents and Responses or Records |
Average Hours Per Response |
Estimated Burden Hours |
12 CFR 21.2 and 21.4; 12 CFR 168.2 and 168.4 Recordkeeping |
Minimum Security Devices and Procedures
§ 21.2 and 168.2 – Designation of security officer – The board of directors of each national bank and savings association shall designate a security officer who must develop and administer a written security program.
§ 21.4 and 168.4 – Report – The security officer for a national bank and savings association shall report at least annually to the institution’s board of directors on the effectiveness of the security program. The substance of such report must be reflected in the board minutes. |
1,233 recordkeepers 1,233 records |
.5 hour |
617 hours |
12 CFR 21.11(a) and 163.180(d)(1) Reporting
12 CFR 21.11(g) and 163.180(d)(8) Recordkeeping |
Reports of Suspicious Activities
§ 21.11(a) and 163.180(d)(1) – Suspicious Activity Report – Purpose and scope – National banks and savings associations are required to file a SAR when they detect a known or suspected violation of federal law or a suspicious transaction related to a money laundering activity or a violation of the BSA. This section applies to all national banks and savings associations as well as any branches and agencies of foreign banks licensed or chartered by the OCC.
§ 21.11(g) and 163.180(d)(8) – Suspicious Activity Report – Retention of records – A national bank and savings association shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of the filing of the SAR. Supporting documents shall be identified and maintained by the bank or savings association as such, and shall be deemed to have been filed with the SAR. |
1,233 respondents 518,103 responses
1,233 recordkeepers 1,233 records |
1 hour
1.5 hours |
518,103 hours
1,850 hours |
12 CFR 21.21 Recordkeeping |
Procedures for Monitoring Bank Secrecy Act Compliance
§ 21.21-- Bank Secrecy Act compliance – All national banks and savings associations are required to develop and provide for the continued administration of a program reasonably designed to assure and monitor their compliance with subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations promulgated thereunder by 31 CFR Chapter X (formerly Part 103). The compliance program must be written, approved by the board of directors, and reflected in the minutes. |
1,233 recordkeepers 1,233 records
Community Banks: 1,086
Mid-Size Banks: 48
Large Banks: 99 |
35 hours
250 hours
450 hours |
38,010 hours
12,000 hours
44,550 hours |
12 CFR 21.11(m) and 163.180(f) |
Request for Exemption from the Requirements of Suspicious Activity Report
National banks, savings associations, and service corporations may request exemption from the requirements of the Suspicious Activity Report. |
5 |
50 hours |
250 hours |
Total |
|
|
|
615,380 hours |
Cost of Hour Burden
615,380 x $115.19 = $70,885,622.20
To estimate wages the OCC reviewed May 2019 data for wages (by industry and occupation) from the U.S. Bureau of Labor Statistics (BLS) for credit intermediation and related activities excluding nondepository credit intermediaries (NAICS 5220A1). To estimate compensation costs associated with the rule, the OCC uses $115.19 per hour, which is based on the average of the 90th percentile for six occupations adjusted for inflation (3.1 percent as of Q1 2020 according to the BLS), plus an additional 33.4 percent for benefits (based on the percent of total compensation allocated to benefits as of Q4 2019 for NAICS 522: credit intermediation and related activities).
13. Estimate of total annual costs to respondents (excluding cost of hour burden in Item #12):
None.
14. Estimate of annualized costs to the federal government:
Not applicable.
15. Change in burden:
Former Burden:
615,130 burden hours.
New Burden:
615,380 burden hours.
Difference:
+ 250 hours.
The increase in the burden is due to the proposed regulation.
16. Information regarding collections whose results are to be published for statistical use:
The OCC has no plans to publish the information for statistical purposes.
17. Reasons for not displaying OMB approval expiration date:
Not applicable.
18. Exceptions to the certification statement:
None.
B. Collections of Information Employing Statistical Methods.
Not applicable.
1 The federal financial institution supervisory agencies are the Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), and National Credit Union Administration (NCUA). The Office of Thrift Supervision, which was in existence at the time the SAR was adopted, was integrated into the OCC in 2011.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | Supporting Statement |
| Author | OCC |
| File Modified | 0000-00-00 |
| File Created | 2021-03-10 |