Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Friday, January 20, 2006

BANK SECRECY ACT Sharing Suspicious Activity Reports With Controlling Companies

The Financial Crimes Enforcement Network (FinCEN) and the federal banking agencies (FDIC, FINCEN, OCC, OTS) are providing guidance to confirm that sharing a Suspicious Activities Reports (SAR) with a controlling company in accordance with specified procedures is acceptable.

* A controlling company includes a bank or savings association holding company, or a company having the power directly or indirectly to direct the management or policies of an industrial loan company or a parent company, or to vote 25 percent or more of any class of voting shares of an industrial loan company or a parent company.

* Sharing a SAR within an organization is allowable for the head office, or for the controlling entity or party to discharge its oversight responsibilities with respect to enterprise-wide risk management and compliance with applicable laws and regulations.

* Accordingly, a bank or savings association (depository institution) may disclose a SAR to its controlling company(ies), whether domestic or foreign; and a U.S. branch or agency of a foreign bank may disclose a SAR to its head office outside the United States.

* Depository institutions, as part of their anti-money laundering program, must have written confidentiality agreements or arrangements, and proper internal controls in place to protect the confidentiality of the SAR.

Posted on 01/20