GAO-10-609T, Bank Secrecy Act: FinCEN Needs to Further Develop Its Form Revision Process for Suspicious Activity Reports


This is the accessible text file for GAO report number GAO-10-609T 
entitled 'Bank Secrecy Act: FinCEN Needs to Further Develop Its Form 
Revision Process For Suspicious Activity Reports' which was released 
on April 28, 2010. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as 
part of a longer term project to improve GAO products' accessibility. 
Every attempt has been made to maintain the structural and data 
integrity of the original printed product. Accessibility features, 
such as text descriptions of tables, consecutively numbered footnotes 
placed at the end of the file, and the text of agency comment letters, 
are provided but may not exactly duplicate the presentation or format 
of the printed version. The portable document format (PDF) file is an 
exact electronic replica of the printed version. We welcome your 
feedback. Please E-mail your comments regarding the contents or 
accessibility features of this document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony: 

Before the Subcommittee on Oversight and Investigations, House of 
Representatives: 

United States Government Accountability Office: 
GAO: 

For Release on Delivery: 
Expected at 2:00 p.m. EDT:
Wednesday, April 28, 2010: 

Bank Secrecy Act: 

FinCEN Needs to Further Develop Its Form Revision Process For 
Suspicious Activity Reports: 

Statement of Richard J. Hillman, Managing Director: 
Financial Markets and Community Investment: 

GAO-10-609T: 

GAO Highlights: 

Highlights of GAO-10-609T, a testimony before the Subcommittee on 
Oversight and Investigations, Committee on Financial Services, House 
of Representatives. 

Why GAO Did This Study: 

To assist law enforcement agencies in their efforts to combat money 
laundering, terrorist financing, and other financial crimes, the Bank 
Secrecy Act (BSA) requires financial institutions to file suspicious 
activity reports (SAR) to inform the federal government of 
transactions related to possible violations of law or regulation. 
Depository institutions have been concerned about the resources 
required to file SARs and the extent to which SARs are used. 

The Subcommittee asked GAO to discuss our February 2009 report on 
suspicious activity reporting. Specifically, this testimony discusses 
(1) factors affecting the number of SARs filed, (2) actions agencies 
have taken to improve the usefulness of SARs, (3) federal agencies’ 
use of SARs, and (4) the effectiveness of the process used to revise 
SAR forms. 

To respond to the request, GAO relied primarily on the February 2009 
report titled Bank Secrecy Act: Suspicious Activity Report Use Is 
Increasing, but FinCEN Needs to Further Develop and Document Its Form 
Revision Process (GAO-09-226), and updated it with additional 
information provided by FinCEN. In that report, GAO recommended that 
FinCEN work to further develop a strategy that fully incorporates 
certain GAO-identified practices to enhance and sustain collaboration 
among federal agencies into the forms-change process. 

What GAO Found: 

In 2000 through 2008, total SAR filings by depository institutions 
increased from about 163,000 to 732,000 per year; representatives from 
federal regulators, law enforcement, and depository institutions with 
whom GAO spoke attributed the increase mainly to two factors. First, 
automated monitoring systems can flag multiple indicators of 
suspicious activities and identify significantly more unusual activity 
than manual monitoring. Second, several public enforcement actions 
against a few depository institutions prompted other institutions to 
look more closely at client and account activities. Other factors 
include institutions’ greater awareness of and training on BSA 
requirements after September 11, 2001 and more regulator guidance for 
BSA examinations. 

FinCEN and law enforcement agencies have taken actions to improve the 
quality of SAR filings and educate filers about their usefulness. 
Since 2000, FinCEN has issued written products with the purpose of 
making SAR filings more useful to law enforcement. FinCEN and federal 
law enforcement agency representatives regularly participate in 
outreach on BSA/anti-money laundering, including events focused on 
SARs. Law enforcement agency representatives said they also establish 
relationships with depository institutions to communicate with staff 
about crafting useful SAR narratives. 

FinCEN, law enforcement agencies, and financial regulators use SARs in 
investigations and financial institution examinations and have taken 
steps in recent years to make better use of them. FinCEN uses SARs to 
provide public and nonpublic analytical products to law enforcement 
agencies and depository institution regulators. Some federal law 
enforcement agencies have facilitated complex analyses by using SAR 
data with their own data sets. Federal, state, and local law 
enforcement agencies collaborate to review and start investigations 
based on SARs filed in their areas. Regulators use SARs in their 
examination process to assess compliance and take action against abuse 
by depository institution insiders. 

After revising a SAR form in 2006 that could not be used because of 
information technology limitations, in 2008, FinCEN developed a new 
process for revising BSA forms, including SARs, that may increase 
collaboration with some stakeholders, including some law enforcement 
groups concerned that certain of the 2006 revisions could be 
detrimental to investigations. Available documentation on the process 
did not detail the degree to which the new process would incorporate 
GAO-identified best practices for enhancing and sustaining federal 
agency collaboration. For example, it did not specify roles and 
responsibilities for stakeholders or depict monitoring, evaluating, 
and reporting mechanisms. According to FinCEN officials, it is taking 
some additional steps toward obtaining greater collaboration with law 
enforcement agency representatives, prosecutors, and multi-agency law 
enforcement teams and others to determine the contents of the form, 
but it is too soon to determine the effectiveness of the process. 

View [hyperlink, http://www.gao.gov/products/GAO-10-609T] or key 
components. For more information, contact Richard J. Hillman at (202) 
512-8678 or hillmanr@gao.gov. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

I am pleased to be here today to discuss our work on the use of 
suspicious activity (SAR) reports by federal law enforcement and 
regulatory agencies and the U.S. Department of the Treasury Financial 
Crimes Enforcement Network's (FinCEN) recent efforts to implement a 
new process to revise SARs and other Bank Secrecy Act (BSA) forms. 
[Footnote 1] FinCEN administers BSA and its implementing regulations. 
To assist law enforcement agencies in their efforts to combat money 
laundering, terrorist financing, and other financial crimes, BSA 
requires financial institutions to file SARs to inform the federal 
government of transactions related to possible violations of law or 
regulation.[Footnote 2] 

Depository institutions have had to submit SARs since 1996, longer 
than any other type of financial institutions, and they file the 
majority of these reports--in 2008, they filed 732,563 SARs. These 
institutions have expressed concerns in congressional testimony about 
resource challenges involved in complying with SAR-related 
requirements and the extent to which law enforcement agencies use SARs 
and other reports BSA requires. Federal law enforcement agency 
officials have testified that they review and use SARs proactively--
separately and in multiagency teams--to identify potential money 
laundering cases and trends, as well as using them in ongoing 
investigations of terrorism financing and other financial crimes. 
Depository institution officials have commented they lack clear 
guidance on what law enforcement looks for and finds useful in these 
reports. 

We reported in February 2009 that FinCEN revised the SAR form for 
depository institutions in 2006 but could not implement it because of 
information technology limitations.[Footnote 3] In 2008, FinCEN 
developed a new process for revising BSA forms (including SARs) that 
could increase collaboration with some stakeholders, including some 
law enforcement groups concerned that certain 2006 revisions could be 
detrimental to investigations. Law enforcement representatives' views 
on the revised form were mixed--some expressed concerns that changes 
on the revised form could diminish the utility of the form for 
investigative purposes. 

My statement today is based on our February 2009 report, and 
additional information provided by FinCEN related to recent 
developments in its efforts to further educate SAR filers and 
implement a new process to revise SARs and other forms in tandem with 
its strategy to modernize information technology. Specifically, this 
statement focuses on (1) underlying factors that affect the number of 
SAR filings by depository institutions, (2) actions federal and law 
enforcement agencies have taken to improve the usefulness of SARs, (3) 
ways in which federal agencies use SARs and actions they have taken to 
make better use of them, and (4) whether the process FinCEN uses to 
revise SAR forms is effective in assuring that information collected 
is appropriate for law enforcement needs. 

For our 2009 report, we reviewed relevant laws, regulations, agency 
documents and past GAO work. We interviewed representatives from 
federal banking regulators--the Board of Governors of the Federal 
Reserve System (Federal Reserve), the Office of the Comptroller of the 
Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), the 
Office of Thrift Supervision (OTS), and the National Credit Union 
Administration (NCUA).[Footnote 4] We also interviewed representatives 
from federal law enforcement agencies, including the Secret Service, 
the Internal Revenue Service-Criminal Investigation (IRS-CI), 
Immigration and Customs Enforcement (ICE), the Federal Bureau of 
Investigation (FBI), the Drug Enforcement Administration (DEA), and 
the Department of Justice (DOJ). We also obtained and analyzed data 
from FinCEN on depository institutions' SAR filings for calendar years 
2000-2007. We interviewed representatives of 15 randomly selected 
depository institutions that filed various levels of SARs during 2007 
about their experiences with SAR filing. We interviewed 
representatives from randomly selected SAR review teams (multiagency 
teams with federal, state, and local law enforcement representation) 
and from High Intensity Financial Crime Areas (HIFCA) throughout the 
country. To update this information, we interviewed FinCEN officials 
and reviewed documents related to the new SAR form revision process. 
We also updated the number of SAR filings made by depository 
institutions. 

We conducted our work for the February 2009 report between July 2007 
through February 2009 and updated information in April 2010 in 
accordance with generally accepted government auditing standards. 
Those standards require that we plan and perform the audit to obtain 
sufficient, appropriate evidence to provide a reasonable basis for our 
finding and conclusions based on our audit objectives. We believe that 
the evidence obtained provides a reasonable basis for our findings and 
conclusions based on our audit objectives. 

Background: 

The Secretary of the Treasury delegated overall authority for 
enforcement of, and compliance with, BSA and its implementing 
regulations to the Director of FinCEN. FinCEN develops policy and 
provides guidance to other agencies, analyzes BSA data for trends and 
patterns, and pursues enforcement actions when warranted. It also 
relies on other agencies in implementing the BSA framework. These 
activities include (1) ensuring compliance with BSA requirements to 
report suspicious activity, (2) collecting and storing reported 
information, and (3) taking enforcement actions or conducting 
investigations of criminal financial activity. 

The Secretary of the Treasury delegated BSA examination authority for 
depository institutions to five banking regulators--the Federal 
Reserve, OCC, OTS, FDIC, and NCUA.[Footnote 5] The regulators conduct 
periodic on-site safety and soundness and compliance examinations to 
assess an institution's financial condition, policies and procedures, 
adherence to BSA regulations (for example, filing of SARs and other 
BSA-related reports), and compliance with other laws and regulations. 

Financial institutions must report any suspicious transaction relevant 
to a possible violation of a law.[Footnote 6] In 1996, FinCEN required 
banks and other depository institutions to report, on a SAR form, 
certain suspicious transactions involving possible violations of law 
or regulation, including money laundering.[Footnote 7] In the same 
year, federal banking regulators required depository institutions to 
report suspected money laundering and other suspicious activities 
using the SAR form. IRS's Enterprise Computing Center-Detroit serves 
as the central point of collection and storage of these data.[Footnote 
8] Figure 1 summarizes the process for filing and accessing SARs. 

Figure 1: The Process for Filing and Accessing SARs: 

[Refer to PDF for image: illustration] 

Conductor: 
Depository institutions are required to file a SAR no later than 30 
days following the discovery of any known or suspected: 
* Violations aggregating to $5,000 or more where a suspect can be 
identified; 
* Violations of the BSA or potential money laundering aggregating 
$5,000 or more; 
* Insider abuse involving any amount. 

Bank staff and systems: 
Institution staff or automated monitoring systems identify unusual 
activity. Alerts of such activity are forwarded to the BSA compliance 
officer for review. 

Compliance officer: 
The compliance officer conducts research and decides to file, signs 
the SAR, and sends it electronically to FinCEN, or through the mail 
directly to IRS’s Enterprise Computing Center. 
* Monitors for continuing suspicious activity and files additional 
SARs every 90 days if activity continues. 
* Maintains a copy of all filed SARs and supporting documentation for 
5 years from the date of filing. 

Stop: Decides not to file and documents the reasons; or: 
Signed: Suspicious activity report; sent to: 

IRS/FinCEN: 

IRS WebCBRS: 
SARs and other BSA reports database; 
Feeds: IRS-CI; 
FinCEN: 
Web Portal: Enables non-IRS users to access BSA data: 
Federal, state, and local law enforcement agencies; 
Federal, and state regulators; 
Access to SARs. 

Sources: GAO analysis; Art Explosion (images). 

[End of figure] 

Federal regulators and FinCEN can bring formal enforcement actions, 
including civil money penalties, against institutions for violations 
of BSA. Formal enforcement actions generally are used to address cases 
involving systemic, repeated noncompliance; failure to respond to 
supervisory warnings; and other violations. However, most cases of BSA 
noncompliance are corrected within the examination framework through 
supervisory actions or letters that document the institution's 
commitment to take corrective action. In addition, DOJ may bring 
criminal actions against individuals and corporations, including 
depository and other financial institutions, for money laundering 
offenses and certain BSA violations. The actions may result in 
criminal fines, imprisonment, and forfeiture actions. Institutions and 
individuals willfully violating BSA and its implementing regulations, 
and structuring transactions to evade BSA reporting requirements, are 
subject to criminal fines, prison, or both.[Footnote 9] 

Law enforcement agencies housed in DOJ and the Department of Homeland 
Security use SARs for investigations of money laundering, terrorist 
financing, and other financial crimes. Agencies in DOJ involved in 
efforts to combat money laundering and terrorist financing include 
FBI; DEA; the Department's Criminal and National Security Divisions; 
the Bureau of Alcohol, Tobacco, Firearms, and Explosives; the 
Executive Office for U.S. Attorneys; and U.S. Attorneys Offices. The 
Secret Service and ICE (in Homeland Security) also investigate cases 
involving money laundering and terrorist activities. IRS-CI uses BSA 
information to investigate possible cases of money laundering and 
terrorist financing activities. Federal and multiagency law 
enforcement teams, which may include state and local law enforcement 
representatives, also use SAR data to provide additional information 
about subjects during ongoing investigations. 

Multiple Factors Contributed to Increases in Depository Institutions' 
SAR Filings: 

From 2000 through 2007, depository institutions filed an increasing 
number of SARs each year and representatives from federal regulators, 
law enforcement, and depository institutions with whom we spoke 
attributed the increase to a number of factors. According to FinCEN 
data, SAR filings by depository institutions increased from 
approximately 163,000 in 2000 to more than 732,000 in 2008. In our 
report, our analysis of SAR and banking data from 2004 through 2007 
indicates that the growth rates in SAR filings varied over time among 
depository institutions of different asset sizes. For example, the 
greatest increase in SARs filed during this period by the largest 
depository institutions occurred from 2004 to 2005, and SARs filed by 
small credit unions nearly doubled from 2005 to 2006. 

Representatives of federal banking regulators, law enforcement 
agencies, and depository institutions most frequently attributed the 
increase to two factors: technological advances and the effect of 
public enforcement actions on institutions. According to the 
representatives, automated transaction monitoring systems can flag 
multiple indicators of suspicious activity and identify much more 
unusual activity than could be identified manually. At the largest 
depository institutions, these systems conduct complex analyses 
incorporating customer profiles. The representatives also said that 
issuance of several public enforcement actions in 2004 and 2005 with 
civil money penalties and forfeitures up to $40 million against a few 
depository institutions prompted many institutions to file more SARs. 
FinCEN and the federal banking regulators took the actions because of 
systemic BSA program noncompliance, which included failures to meet 
SAR filing requirements. More recently in March 2010, government 
actions taken against one depository institution for BSA violations, 
including SARs violations, included $160 million in penalties and 
fines. 

Depository institution representatives with whom we spoke cited a 
third factor for increases--concerns they would receive criticisms 
during examinations about decisions not to file SARs. To avoid such 
criticism, they said their institutions filed SARs even when they 
thought them unnecessary--a practice sometimes called "defensive SAR 
filing." However, according to the federal regulators and some law 
enforcement officials with whom we spoke, there is no means of 
determining what, if any, portion of the increase in filings could be 
attributed to defensive filing. The representatives suggested 
additional factors as contributing to the increase, including greater 
awareness of BSA requirements after September 11, 2001, more regulator 
guidance for BSA examinations, and more BSA-related training at the 
institutions. 

FinCEN and Law Enforcement Agencies Have Acted to Educate Filers about 
The Usefulness of SARs and Improve the Quality of Their Filings: 

FinCEN and law enforcement agencies have taken multiple actions to 
educate filers about SARs usefulness and improve the quality of SAR 
filings. Since 2000, FinCEN has issued written products with the 
purpose of educating filers and making filings more useful to law 
enforcement. These include (1) a regularly issued publication that 
gives tips on topics such as the preparation of SARs and (2) guidance 
for depository institutions and other SAR filers. For example, in its 
SAR Activity Review: Trends, Tips and Issues--FinCEN regularly 
provides information on suspicious activity reporting, trends, and 
data analyses, law enforcement cases assisted by BSA data, and other 
issues. In 2008 and in 2009, the publication included information on 
suspicious activity reviews by a state banking regulator and 
securities regulators, respectively. In 2009, FinCEN issued guidance 
on filing SARs for mortgage loan modification and foreclosure rescue 
scams and in 2010 began an effort to promote electronic filing of BSA 
forms targeted at current paper filers. FinCEN representatives 
regularly participate in outreach events on BSA and anti-money 
laundering issues, including events on SARs. FinCEN also chairs the 
Bank Secrecy Act Advisory Group--a forum for federal agencies and 
financial industry representatives to discuss BSA administration, 
including SAR-related issues. Federal law enforcement agency 
representatives said they improved SARs' usefulness by conducting 
outreach events and establishing relationships with depository 
institutions in their local areas to communicate with staff about 
crafting useful SAR narratives. Representatives from some multiagency 
law enforcement teams told us that they subsequently noticed improved 
SAR narratives from local depository institutions. 

Federal Agencies Use SARs in a Variety of Ways and Have Taken a Number 
of Actions in Recent Years to Make Better Use of Them: 

FinCEN, law enforcement agencies, and banking regulators use SARs in 
investigations and depository institution examinations and took steps 
in recent years to make better use of them. FinCEN uses SARs to 
provide a number of public and nonpublic analytical products to law 
enforcement agencies and depository institution regulators. In 2004 
and 2005, several federal law enforcement agencies signed memorandums 
of understanding with FinCEN to receive bulk BSA data, including SARs. 
They combined these data with information from their law enforcement 
databases to facilitate more complex and comprehensive analyses. 
Different team structures have been established to better analyze 
SARs. For example, in 2000 and again in 2003, DOJ issued guidance that 
encouraged the formation of SAR review teams with federal, state, and 
local representation. Each month, these teams review SARs filed in 
their areas to determine which would merit additional investigation. 
In 2006, DOJ and IRS-CI collaborated on a pilot to create task forces 
and augment SAR review teams with federal prosecutors in selected 
districts. These task forces specifically investigate possible BSA 
violations with potential for seizures or forfeitures. The regulators 
also use SARs for scoping their depository institution examinations 
and review SARs relating to known or suspected unlawful activities by 
current and former institution-affiliated parties, including officers, 
directors, and employees. 

Although law enforcement agency representatives generally were 
satisfied with their ability to access BSA data, various agencies and 
multiagency teams we interviewed said that formatting and other issues 
related to the data system slowed their downloads and reviews. In 
2009, FinCEN officials described how features of FinCEN's planned 
modernization effort for information technology could address these 
issues. FinCEN and IRS officials said that, when budgetary resources 
were available, these and other data management challenges would be 
addressed as part of FinCEN's modernization plan, developed in 
collaboration with IRS. FinCEN officials recently told us that they 
have begun the first phase of the information technology 
modernization, which they anticipate will last through fiscal year 
2014. 

FinCEN's Initial Steps in New Form Revision Process Did Not Include 
Some Important Collaborative Practices and Mechanisms: 

We reported in 2009 that FinCEN encountered a number of problems in 
its 2006 revision of the SAR form and in 2008, developed a new process 
for form revisions. However, the available information on the process 
was limited and did not fully indicate how FinCEN would avoid or 
address some of the problems previously encountered. In 2006, FinCEN 
and the federal banking regulators issued proposed substantive and 
formatting revisions to the SAR form. The revisions were finalized 
but, because of technology limitations with IRS's data management 
system, the revised form has not been implemented. Law enforcement 
agency officials we interviewed had mixed views on the proposed 
revisions. They generally supported most of the proposed revisions, 
but some felt they had been insufficiently consulted and also 
expressed concerns that some revisions could affect their work 
negatively. For example, one change would replace the name and title 
of a person with personal knowledge about the suspicious activity 
reported on the form with a contact office, possibly increasing the 
time it would take law enforcement investigators to reach a person 
knowledgeable about the activity. However, banking regulators 
supported this change because of concerns that a SAR listing a named 
contact could jeopardize the safety and privacy of that person if it 
were inappropriately disclosed. 

In 2008, FinCEN developed a new process that it planned to use in 
future revisions of BSA forms, including SARs. Early documentation for 
the process suggested some greater stakeholder involvement at early 
stages, but subsequent documentation we reviewed did not indicate that 
FinCEN fully incorporated certain GAO-identified practices that can 
enhance and sustain collaboration among federal agencies.[Footnote 10] 
Such practices include defining a common outcome; agreeing on 
respective roles and responsibilities, including how the collaborative 
effort will be led; and creating the means to collect information on, 
monitor, evaluate, and report efforts. 

In our 2009 report, we determined that if FinCEN more fully 
incorporated some of these practices it might achieve some potential 
benefits--such as greater consensus from all stakeholders on proposed 
SAR form revisions. We recommended that the Secretary of the Treasury 
direct the Director of FinCEN to further develop and document its 
strategy to fully incorporate certain of these practices into the 
revision process and distribute that documentation to all 
stakeholders. In written comments on the report, the FinCEN Director 
generally agreed with our recommendation and noted that FinCEN 
recognized the need to work with a diverse range of stakeholders to 
revise BSA forms. 

Recent implementation of FinCEN's process suggests greater 
collaboration with stakeholders on defining a common outcome and 
establishing roles and responsibilities and planned steps, which could 
result in more sustained collaboration. According to FinCEN officials, 
FinCEN's implementation of the process generally would involve three 
phases. The initial phase has involved collaboration with a wider 
range of stakeholders than in the past. For example, in addition to 
collaboration with IRS information technology staff we previously 
identified, current documentation indicates that FinCEN has 
collaborated in more detail with federal law enforcement agency 
representatives, federal financial regulators, representatives from 
SAR review teams and other multiagency law enforcement teams, and 
prosecutors to determine the content of a revised SAR form. FinCEN 
also obtained and adopted input from other stakeholders, such as 
banking industry representatives, in the Bank Secrecy Act Advisory 
Group. FinCEN officials plan to obtain and adopt input from its Data 
Management Council (DMC), after providing its members the opportunity 
to consult with colleagues at their respective agencies.[Footnote 11] 
They also plan to conduct a focus group of DMC members to obtain 
feedback on how the new forms revision process is working and use that 
feedback to modify the process. However, because FinCEN has not yet 
completed implementation of its form revision process, it is too soon 
to determine the effectiveness of the process. 

Mr. Chairman and Members of the subcommittee, I appreciate this 
opportunity to discuss this important issue and would be happy to 
answer any questions you might have. 

Contact and Acknowledgments: 

For further information regarding this testimony, contact Richard J. 
Hillman at (202) 512-8678. Contact points at our Offices of 
Congressional Relations and Public Affairs may be found on the last 
page of this statement. Individuals making major contributions to this 
statement included Toni Gillich, Kay Kuhlman, Linda Rego, and Barbara 
Roesmann. 

[End of section] 

Footnotes: 

[1] 12 U.S.C. §§ 1829b, 1951-1959, and 31 U.S.C. §§ 5311 et seq. 

[2] 31 U.S.C. § 5318(g) provides for the reporting of suspicious 
activities. FinCEN's SAR regulations may be found at 31 C.F.R. §§ 
103.15 to 103.21. 

[3] GAO, Bank Secrecy Act: Suspicious Activity Report Use Is 
Increasing, but FinCEN Needs to Further Develop and Document Its Form 
Revision Process, [hyperlink, http://www.gao.gov/products/GAO-09-226] 
(Washington, D.C.: Feb. 27, 2009). 

[4] We use "federal banking regulators" to refer collectively to the 
regulators of depository institutions (banks, thrifts, and federally 
chartered credit unions). 

[5] 31 C.F.R. § 103.56(b)(1)-(5). Each examination of an insured 
depository institution also must include a review of the institution's 
BSA compliance procedures by the appropriate federal regulator, which 
has independent examination authority. 12 U.S.C. § 1818(s) and 12 
U.S.C. §1786(q)(2). 

[6] Pub. L. No. 102-550, title XV, § 1517(b), 106 Stat. 3672 (Oct. 28, 
1992). Before 1996, depository institutions reported suspicious 
activity on criminal referral forms filed with their respective 
primary federal financial regulator and federal law enforcement 
agencies. See 60 Fed. Reg. 46556, 46557 (Sept. 7, 1995). The USA 
PATRIOT Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (Oct. 26, 
2001), expands SAR reporting requirements to nondepository 
institutions such as money services businesses, the securities and 
futures industries, and insurance companies. FinCEN developed a SAR 
form for money services businesses--68 Fed. Reg. 6613, 6615 (Feb. 10, 
2003) and 67 Fed. Reg. 48704 (July 18, 2002)--and forms for other 
types of financial institutions. FinCEN has not issued a SAR form for 
insurance companies, which use the securities and futures form. 
Recently revised forms to facilitate joint filing by depository 
institutions, casinos and card clubs, insurance companies, and the 
securities and futures industries were postponed because of data 
quality initiatives. 72 Fed. Reg. 23891 (May 1, 2007). 

[7] 61 Fed. Reg. 4326 (Feb. 5, 1996). 

[8] IRS investigators and other authorized officials access the data 
system directly through IRS's Intranet site in what is known as 
WebCBRS. FinCEN controls non-IRS law enforcement users' access to BSA 
data in WebCBRS, through Secure Outreach, which functions as a portal. 
Agencies without direct access may visit FinCEN's offices and access 
BSA data directly; these users are referred to as "platform users." 

[9] 31 U.S.C. §§ 5322 and 5324(d). 

[10] GAO, Results-Oriented Government: Practices That Can Help Enhance 
and Sustain Collaboration among Federal Agencies, [hyperlink, 
http://www.gao.gov/products/GAO-06-15] (Washington, D.C.: Oct. 21, 
2005). 

[11] In fiscal year 2007, FinCEN established its Data Management 
Council as part of an initiative to maximize BSA data quality and 
value. The council is aimed at ensuring internal and external data 
users have clear means of identifying and communicating data issues, 
requirements, and business priorities, among other goals. Members of 
the council include approximately 35 representatives from FinCEN, law 
enforcement and regulatory agencies, and the Internal Revenue Service, 
which collects and processes BSA data and uses that data for 
compliance reviews and criminal investigations. 

[End of section] 

GAO's Mission: 

The Government Accountability Office, the audit, evaluation and 
investigative arm of Congress, exists to support Congress in meeting 
its constitutional responsibilities and to help improve the performance 
and accountability of the federal government for the American people. 
GAO examines the use of public funds; evaluates federal programs and 
policies; and provides analyses, recommendations, and other assistance 
to help Congress make informed oversight, policy, and funding 
decisions. GAO's commitment to good government is reflected in its core 
values of accountability, integrity, and reliability. 

Obtaining Copies of GAO Reports and Testimony: 

The fastest and easiest way to obtain copies of GAO documents at no 
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each 
weekday, GAO posts newly released reports, testimony, and 
correspondence on its Web site. To have GAO e-mail you a list of newly 
posted products every afternoon, go to [hyperlink, http://www.gao.gov] 
and select "E-mail Updates." 

Order by Phone: 

The price of each GAO publication reflects GAO’s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO’s Web site, 
[hyperlink, http://www.gao.gov/ordering.htm]. 

Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537. 

Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional 
information. 

To Report Fraud, Waste, and Abuse in Federal Programs: 

Contact: 

Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: 
E-mail: fraudnet@gao.gov: 
Automated answering system: (800) 424-5454 or (202) 512-7470: 

Congressional Relations: 

Ralph Dawn, Managing Director, dawnr@gao.gov: 
(202) 512-4400: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7125: 
Washington, D.C. 20548: 

Public Affairs: 

Chuck Young, Managing Director, youngc1@gao.gov: 
(202) 512-4800: 
U.S. Government Accountability Office: 
441 G Street NW, Room 7149: 
Washington, D.C. 20548: