[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FYI] (Fwd) FC: Know Your Customer -- the system behind it all
- To: debate@fitug.de
- Subject: [FYI] (Fwd) FC: Know Your Customer -- the system behind it all
- From: Horns@t-online.de (Axel H. Horns)
- Date: Thu, 17 Dec 1998 23:18:40 +0100
- Comment: This message comes from the debate mailing list.
- Organization: Private Site
- Priority: normal
- Reply-to: horns@t-online.de
- Sender: owner-debate@fitug.de
------- Forwarded Message Follows -------
Date: Thu, 17 Dec 1998 13:36:56 -0500
To: politech@vorlon.mit.edu
From: Declan McCullagh <declan@well.com>
Subject: FC: Know Your Customer -- the system behind it all
Reply-to: declan@well.com
My "Banking with Big Brother" article:
http://www.wired.com/news/news/politics/story/16749.html
This is the existing system that will keep track of "suspicious activities"
under the Know Your Customer proposed regulation. I described it in my
article.
This Department of Justice published this description today.
-Declan
System name:
Suspicious Activity Reporting System (the ``SAR System'').
System location:
The SAR System is housed at the Internal Revenue Service Computing
Center (``DCC'') in Detroit, Michigan and is managed by the Financial
Crimes Enforcement Network (``FinCEN''), 2070 Chain Bridge Road, Suite
200, Vienna, VA 22182, with the assistance of the staff of DCC.
Categories of individuals covered by the system:
The SAR System contains information about: (1) Individuals or
entities that are known perpetrators or suspected perpetrators of a
known or suspected federal criminal violation, or pattern of criminal
violations, committed or attempted against a financial institution, or
participants in a transaction or
[[Page 69745]]
transactions conducted through the financial institution, that has been
reported by the financial institution, either voluntarily or because
such a report is required under the rules of FinCEN, one or more of the
Federal Supervisory Agencies (the Board of Governors of the Federal
Reserve System (``the Board''), the Office of the Comptroller of the
Currency (``OCC''), the Federal Deposit Insurance Corporation
(``FDIC''), the Office of Thrift Supervision (``OTS''), and the
National Credit Union Administration (``NCUA'') (collectively, the
``Federal Supervisory Agencies'')), or both. (2) Individuals or
entities that are participants in transactions, conducted or attempted
by, at or through a financial institution, that have been reported
because the institution knows, suspects, or has reason to suspect that:
(a) The transaction involves funds derived from illegal activities, the
transaction is intended or conducted to hide or disguise funds or
assets derived from illegal activities as part of a plan to violate or
evade any law or regulation or to avoid any transaction reporting
requirement under Federal law; (b) the transaction is designed to evade
any regulations promulgated under the Bank Secrecy Act, Pub. L. 91-508,
as amended, codified at 12 U.S.C. 1829b, 12 U.S.C. 1951-1959, and 31
U.S.C. 5311-5330; or (c) the transaction has no business or apparent
lawful purpose or is not the sort in which the particular customer
would normally be expected to engage, and the financial institution
knows of no reasonable explanation for the transaction after examining
the available facts, including the background and possible purpose of
the transaction; (3) Individuals who are directors, officers,
employees, agents, or otherwise affiliated with a financial
institution; (4) Individuals or entities that are actual or potential
victims of a criminal violation or series of violations; (5)
Individuals who are named as possible witnesses in connection with
matters arising from any such report; (6) Individuals or entities named
as preparers of any such report; (7) Individuals or entities named as
persons to be contacted for assistance by government agencies in
connection with any such report; (8) Individuals or entities who have
or might have information about individuals or criminal violations
described above; and (9) Individuals or entities involved in evaluating
or investigating any matters arising from any such report.
Categories of records in the system:
The SAR System contains information reported to FinCEN by financial
institutions on a Suspicious Activity Report (``SAR'') required under
the authority of FinCEN or one or more of the Federal Supervisory
Agencies, or both. SARs contain information about the categories of
persons or entities specified in ``Categories of Individuals Covered by
the System.'' The SAR System may also contain records pertaining to
criminal prosecutions, civil actions, enforcement proceedings, and
investigations resulting from or relating to SARs. Additionally, it
will contain records pertaining to criminal prosecutions, civil
actions, enforcement proceedings, and investigations relating to
institutions required to file reports or under the supervision of one
or more of the Federal Supervisory agencies.
Authority for maintenance of the system:
The system is established and maintained in accordance with 31
U.S.C. 5318(g); 31 CFR part 103; 31 U.S.C. 321; and Department of the
Treasury Order 105-08.
Purpose(s):
The requirements of FinCEN and the Federal Supervisory Agencies
create an integrated process for reporting suspicious activity and
known or suspected crimes by, at, or through depository institutions
and certain of their affiliates. The process is based on a single
uniform SAR filed with FinCEN.
The SAR System has been created, as a key part of this integrated
reporting process, to permit coordinated and enhanced analysis and
tracking of such information, and rapid dissemination of SAR
information to appropriate law enforcement and supervisory agencies.
The provisions of 31 U.S.C. 5318(g)(4)(B) specifically require that the
agency designated as repository for SARs refer those reports to any
appropriate law enforcement or supervisory agency.
Data from the SAR System will be exchanged, retrieved, and
disseminated, both manually and electronically among FinCEN, the
Federal Supervisory Agencies, appropriate federal, state, and local law
enforcement agencies, and state banking supervisory agencies. Agencies
to which information will be referred electronically, which in certain
cases may involve electronic transfers of batch information, include
the Federal Supervisory Agencies, the Federal Bureau of Investigation
(FBI), the Criminal Investigation Division of the Internal Revenue
Service, the United States Secret Service, the United States Customs
Service, the Executive Office of the United States Attorneys and the
Offices of the 93 United States Attorneys, and state bank supervisory
agencies and certain state law enforcement agencies, which have entered
into appropriate agreements with FinCEN. (The FBI and Secret Service
may receive electronic transfers of batch information as forms are
filed to permit those agencies more efficiently to carry out their
investigative responsibilities.) Organizations to which information is
regularly disseminated are referred to as SAR System Users. It is
anticipated that information from the SAR system will also be
disseminated to other appropriate federal, state, or local law
enforcement organizations and regulatory agencies that enter into
appropriate agreements with FinCEN. In addition, information may be
disseminated to non-United States financial regulatory and law
enforcement agencies.
Routine uses of records maintained in the system, Including Categories
of Users and the Purposes of Such Uses:
These records and information in these records may be used to: (1)
Provide information or records, electronically or manually, to SAR
System Users relevant to the enforcement and supervisory programs and
operations of those Users; (2) Provide SAR System Users and their
Executive Departments with reports that indicate the number, amount,
individual identity, and other details concerning potential violations
of the law that have been the subject of Suspicious Activity Reports;
(3)Provide information or records to any appropriate domestic or non-
United States governmental agency or self-regulatory organization
charged with the responsibility of administering law or investigating
or prosecuting violations of law, or charged with the responsibility of
enforcing or implementing a statute, rule, regulation, order, or
policy, or charged with the responsibility of issuing a license,
security clearance, contract, grant, or benefit, when relevant to the
responsibilities of these agencies or organizations; (4) Provide
information or records, when appropriate, to international and foreign
governmental authorities in accordance with law and formal or informal
international agreement; (5) Disclose on behalf of a SAR System User,
the existence, but not necessarily the content, of information or
records to a third party, in cases where a SAR System User is a party
or has a direct interest and where the SAR System User has concluded
that such disclosure is necessary; (6)Provide information or records to
the Department of Justice, or in a
[[Page 69746]]
proceeding before a court, adjudicative body, or other administrative
body before which the SAR System User is authorized to appear, when (a)
the SAR System User, or any component thereof; or (b) any employee of
the SAR System User in his or her official capacity; or (c) any
employee of the SAR System User, where the Department of Justice or the
SAR System User has agreed to represent the employee; or (d) the United
States is a party to litigation or has an interest in such litigation,
when the SAR System User determines that litigation is likely to affect
the SAR System User or any of its components and the use of such
records by the Department of Justice or the SAR System User is deemed
by the SAR System User to be relevant and necessary to the litigation,
provided, however, that in each case it has been determined that the
disclosure is compatible with the purpose for which the records were
collected; (7) Disclose information or records to individuals or
entities to the extent necessary to elicit information pertinent to the
investigation, prosecution, or enforcement of civil or criminal
statutes, rules, regulations, or orders; (8) In accordance with
Executive Order 12968 (August 2, 1995), provide information or records
to any appropriate government authority in connection with
investigations and reinvestigations to determine eligibility for access
to classified information to the extent relevant for matters that are
by statute permissible subjects of inquiry; (9) Provide, when
appropriate, information or records to a bar association, or other
trade or professional organization performing similar functions, for
possible disciplinary action; (10) Provide information or records to
the Department of State and to the United States Intelligence
Community, within the meaning of Executive Order 12333 (December 4,
1981) to further those agencies' efforts with respect to national
security and international narcotics trafficking; (11) Furnish analytic
and statistical reports to government agencies and the public providing
information about trends and patterns derived from information
contained on Suspicious Activity Reports, in a form in which individual
identities are not revealed; and (12) Disclose information or records
to any person with whom FinCEN, the DCC or a SAR System User contracts
to provide consulting, data processing, clerical, or secretarial
functions relating to the official programs and operations of FinCEN,
DCC, or the SAR System User.
Policies and practices for storing, Retrieving, Accessing, Retaining,
and Disposing of Records in the System:
Storage:
Records are maintained in magnetic media and on hard paper copy.
Retrievability:
Data in the SAR System may be retrieved by sectionalized data
fields (i.e., name of financial institution or holding company, type of
suspected violation, individual suspect name, witness name, and name of
individual authorized to discuss the referral with government
officials) or by the use of search and selection criteria.
Safeguards:
The system is located in a guarded building that has restricted
access. Access to the computer facilities and any paper records is
subject to additional physical safeguards that restrict access. Access
to any electronic records in the system is restricted by means of
passwords and non-transferable identifiers issued to authorized SAR
System Users. The system complies with all applicable security
requirements of the Department of the Treasury.
Retention and Disposal:
Records in this system will be updated periodically to reflect
changes, and will be maintained in electronic form as long as needed
for the purpose for which the information was collected. Records will
then be disposed of in accordance with applicable law.
System Managers and Address:
Deputy Director, Financial Crimes Enforcement Network, United
States Department of the Treasury, 2070 Chain Bridge Road, Suite 200,
Vienna, Virginia 22182.
Notification Procedure:
This system is exempt from notification requirements, record access
requirements, and requirements that an individual be permitted to
contest its contents, pursuant to the provisions of 5 U.S.C. 552a(j)(2)
and (k)(2).
Record Access Procedures:
See ``Notification Procedure'' above.
Contesting Record Procedures:
See ``Notification Procedure'' above.
Record Source Categories:
Records in this system may be provided by or obtained from:
Individuals; financial institutions and certain of their affiliates;
Federal Supervisory Agencies; State financial institution supervisory
agencies; domestic or foreign governmental agencies; foreign or
international organizations; and commercial sources. Pursuant to the
provisions of 5 U.S.C. 552a(j)(2) and (k)(2), this system is exempt
from the requirement that the record source categories be disclosed.
Exemptions Claimed for the System:
This system is exempt from 5 U.S.C. 552a(c)(3), (c)(4), (d)(1),
(d)(2), (d)(3), (d)(4), (e)(1), (e)(2), (e)(3), (e)(4)(G), (e)(4)(H),
(e)(4)(I), (e)(5), (e)(8), (f) and (g) of the Privacy Act pursuant to 5
U.S.C. 552a(j)(2) and (k)(2).
TREASURY/DO .213.
--------------------------------------------------------------------------
POLITECH -- the moderated mailing list of politics and technology
To subscribe: send a message to majordomo@vorlon.mit.edu with this text:
subscribe politech
More information is at http://www.well.com/~declan/politech/
--------------------------------------------------------------------------