Supporting Statement
OMB Control Number 1557-0180
Minimum Security Devices and Procedures, Reports of Suspicious Activities, and Bank Secrecy Act Compliance Program
A. Justification.
1. Circumstances that make the collection necessary:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 568.2 and 568.4): Under §§ 21.2 and 21.4; and §§ 568.2 and 568.4, national banks and savings associations are required to designate a security officer who must develop and administer a written security program. The security officer shall report at least annually to the institution’s board of directors on the effectiveness of the security program. The substance of the report shall be reflected in the Board’s minutes. These requirements ensure that the security officer is responsible for the security program and that institution management and the boards of directors are aware of the content and effectiveness of the program. These requirements ensure prudent institution management and institution safety and soundness.
SAR (12 CFR 21.11 and 12 CFR 163.180): The Financial Crimes Enforcement Network (FinCEN) and Federal financial institution supervisory agencies1 (bank regulators) adopted the SAR in 1996 to simplify the process through which depository institutions inform their regulators and law enforcement about suspected criminal activity. The SAR was updated in 1999, 2002, 2006, and 2009.
In 1992, the Department of the Treasury was granted broad authority to require suspicious transaction reporting under the Bank Secrecy Act. See 31 U.S.C. 5318(g). FinCEN, which has been delegated authority to administer the Bank Secrecy Act, joined with the bank regulators in 1996 in requiring, on a consolidated form (the SAR form), reports of suspicious transactions. See 31 CFR 1020.320(a) (formerly 31 CFR 103.18(a)). The filing of SARs is necessary to prevent and detect crimes involving depository institution funds, institution insiders, criminal transactions, and money laundering. These requirements are necessary to ensure institution safety and soundness.
Banks and savings associations are required to maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years. The documents are necessary for criminal investigations and prosecutions.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21; and 12 CFR 163.177): Under 12 CFR 21.21 and 12 CFR 163.177, national banks and savings associations are required to develop and provide for the continued administration of a program reasonably designed to assure and monitor their compliance with the Bank Secrecy Act (BSA) and applicable Treasury regulations. The compliance program shall be reduced to writing, approved by the board of directors and noted in the minutes. These requirements are necessary to ensure institution compliance with the BSA and applicable Treasury regulations.
2. Use of the information:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 568.2 and 568.4): The OCC uses the information to ensure that national banks and savings associations carefully review the effectiveness of their security systems and comply with Federal law. The information collection ensures that national banks and savings associations conduct their activities in accordance with safe and sound principles. The boards of directors of national banks and savings associations use the information to ensure that the institutions’ security systems are adequate.
SAR and Retention of Records (12 CFR 21.11 and 12 CFR 163.180): The OCC uses the SAR and the supporting documentation retained by national banks and savings associations for supervisory purposes. The information collection identifies suspicious transactions that could pose a threat to these institutions.
Effective December 31, 2012, FinCEN completed the development of a modernized IT computer system containing the information collected from national banks and savings associations. FinCEN provides on-line access to the information to representatives of bank regulators and appropriate law enforcement agencies.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21 and 12 CFR 163.177): National banks and savings associations use the compliance program to ensure compliance with the Bank Secrecy Act. Bank examiners review the written procedures and board approval in the examination process.
3. Consideration of the use of improved information technology:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 568.2 and 568.4): This is an internal institution record. Institutions may use any technology that permits review by OCC examiners.
SAR (12 CFR 21.11 and 12 CFR 163.180): -- The SAR system uses improved information technology to reduce burden on institutions. Whereas institutions previously filed multiple copies of different forms with their primary regulators, U.S. Attorneys’ offices, the FBI, and other law enforcement agencies, as necessary, they are now able to file one, consolidated form online with FinCEN through the BSA E-Filing System. By offering on-line access to appropriate users, FinCEN has eliminated the need for multiple filings. Because the various forms have been consolidated into one, the information collected is easier to collate, analyze, and use. FinCEN also provides improved access to the SAR database for law enforcement and state and federal regulators.
SAR Retention of Records (12 CFR 21.11 and 12 CFR 163.180): Original documents are needed for investigative and evidentiary purposes.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21 and 12 CFR 163.177): The OCC and the other bank regulators have imposed only the minimum requirements needed to satisfy the law. This is an internal institution record. National banks and savings associations may use any information technology that permits review by OCC examiners.
4. Efforts to identify duplication:
The required information is unique and is not duplicative of any other information already collected.
5. Methods used to minimize burden if the collection has a significant impact on a substantial number of small entities:
Not applicable. The collection does not have a significant impact on a substantial number of small entities.
6. Consequences to the Federal program if the collection were conducted less frequently:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; 12 CFR 568.2 and 568.4): A national bank and savings association must designate a security officer who must develop and administer a written security program and report on the effectiveness of the program on an annual basis. This annual review and reporting is a necessary part of a strong security program and less frequent review and reporting could impair an institution’s safety and soundness.
SAR (12 CFR 21.11 and 12 CFR 163.180): With the automated SAR system, the bank regulators, law enforcement, and industry benefit from improved detection of financial crime, analysis of trends, and coordination of investigative efforts. The SAR requirement provides law enforcement and regulatory agencies with the ability to fight financial crime and ensures the safety and soundness of institutions.
SAR Retention of Records (12 CFR 21.11 and 12 CFR 163.180): A national bank and savings association must maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21 and 12 CFR 163.177): Each national bank and savings association is required to develop and maintain a written compliance program.
7. Special circumstances that would cause an information collection to be conducted in a manner inconsistent with 5 CFR Part 1320:
With one exception, these recordkeeping and reporting requirements are conducted in a manner consistent with the requirements of 5 CFR 1320. The reporting of suspicious activity on a SAR may occur more frequently than quarterly, depending on the frequency of the activity. This information must be reported in a timely manner to enable law enforcement to take appropriate action. Records must be kept for five years because substantive violations of the law that may be indicated by the suspicious activity are generally subject to statutes of limitations of longer than three years. To ensure that documents are available for prosecutions, reporting institutions must retain original evidentiary documents for five years.
8. Efforts to consult with persons outside the agency:
In the Federal Register of January 7, 2013 (78 FR 981), the OCC published a 60-day notice soliciting comments concerning this information collection. The OCC received no comments.
9. Payment or gift to respondents:
None.
10. Any assurance of confidentiality:
Information provided to the government on the SARs is expressly prohibited from disclosure under 31 U.S.C. 5318(g) (2). Appropriate system security safeguards have been put in place to protect against unauthorized access.
11. Justification for questions of a sensitive nature:
There are no questions of a sensitive nature.
12. Burden estimate:
The OCC estimates that the time spent by each national bank and federal savings association to file a SAR will vary, depending on the size and type of institution involved and the number of reportable transactions. The OCC estimates that 1,869 national banks and savings associations will file approximately 386,883 SARS each year. The OCC estimates that the annual recordkeeping burden of 1,869 national banks and savings associations will vary, depending on the size and type of bank. The burden is calculated as follows:
Cite and Burden Type |
Information Collection Requirements
|
Number of Respondents/ Recordkeepers and Responses/Records |
Average Hours Per Response |
Estimated Burden Hours |
12 CFR 21.2 and 21.4; 12 CFR 568.2 and 568.4 Recordkeeping |
Minimum Security Devices and Procedures
§ 21.2and568.2 – Designation of security officer – The board of directors of each national bank and savings association shall designate a security officer who must develop and administer a written security program.
§ 21.4 and 568.4 – Report – The security officer for a national bank and savings association shall report at least annually to the institution’s board of directors on the effectiveness of the security program. The substance of such report shall be reflected in the Board minutes. |
1,869 recordkeepers 1,869 records |
.5 hour |
935 hours |
12 CFR 21.11(a) and 163.180(d)(1) Reporting
12 CFR 21.11(g) and 163.180(d)(8) Recordkeeping |
Reports of Suspicious Activities
§ 21.11(a) and 163.180(d)(1) – Suspicious Activity Report – Purpose and scope – National banks and savings associations are required to file a Suspicious Activity Report when they detect a known or suspected violation of Federal law or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act. This section applies to all national banks and savings associations as well as any Federal branches and agencies of foreign banks licensed or chartered by the OCC.
§ 21.11(g) and 163.180(d)(8) – Suspicious Activity Report – Retention of records – A national bank and savings association shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of the filing of the SAR. Supporting document shall be identified and maintained by the bank and savings association as such, and shall be deemed to have been filed with the SAR. |
1,869 respondents 386,883 responses
1,869 recordkeepers 1,869 records |
1 hour
1.5 hours |
386,883 hours
2,804 hours |
12 CFR 21.21 and 163.177 Recordkeeping |
Procedures for Monitoring Bank Secrecy Act Compliance
§ 21.21 & 163.177-- Bank Secrecy Act compliance – All national banks and savings associations are required to develop and provide for the continued administration of a program reasonably designed to assure and monitor their compliance with subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations promulgated thereunder by 31 CFR Chapter X (formerly Part 103). The compliance program shall be reduced to writing, approved by the board of directors, and noted in the minutes.
|
1,869 recordkeepers 1,869 records
Community Banks: 1,716
Mid-Size Banks: 56
Large Banks: 97 |
35 hours
250 hours
450 hours |
60,060 hours
14,000 hours
43,650 hours |
Total reporting |
|
1,869 respondents 386,883 responses
|
|
386,883 hours |
Total recordkeeping |
|
1,869 recordkeepers 5,607 records |
|
121,449 hours |
Totals |
|
392,490 Responses/Records |
|
508,332 hours |
13. Estimate of total annual costs to respondents (excluding cost of hour burden in Item #12):
The OCC estimates the cost of the hour burden to respondents (by wage rate categories) as follows:
Recordkeeping Burden:
Clerical ($20/hour): 70% x 121,449 hours @ $20 = $ 1,700,286
Managerial/technical ($40/hour): 20% x 121,449 hours @ $40 = $ 971,592
Senior Management ($80/hour): 10% x 121,449 hours @ $80 = $ 971,592
Total $ 3,643,470
Reporting Burden:
Clerical ($20/hour): 05% x 386,883 hours @ $20 = $ 386,883
Managerial/technical ($40/hour): 10% x 386,883 hours @ $40 = $ 1,547,532
Senior Management ($80/hour): 55% x 386,883 hours @ $80 = $17,022,852
Legal Counsel ($100/hour): 30% x 386,883 hours @ $100 = $11,606,490
Total $30,563,757
Total Hour Burden Cost (Recordkeeping and Reporting): $34,207,227
14. Estimate of annualized costs to the Federal government:
Not applicable.
15. Change in burden:
Former Burden:
2,021 respondents; 2,012 recordkeepers; 424,410 responses/records; 548,560 burden hours
New Burden:
1,869 respondents; 1,869 recordkeepers; 386,883 responses/records; 508,332 burden hours
Difference:
-152 respondents; -152 recordkeepers; -37,527 responses/records; -40,228 burden hours
The adjustment decrease (respondents/recordkeepers) is due to a decrease in the number of OCC regulated national banks and savings associations.
16. Information regarding collections whose results are to be published for statistical use:
The OCC has no plans to publish the information for statistical purposes.
17. Reasons for not displaying OMB approval expiration date:
To avoid having to reprint the form just to show a new date, FinCEN is requesting permission not to display the OMB expiration date on the SAR form.
18. Exceptions to the certification statement in Item 19 of OMB Form 83-I:
None.
B. Collections of Information Employing Statistical Methods.
Not applicable.
1 The Federal financial institution supervisory agencies are the Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), and National Credit Union Administration (NCUA).
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | Supporting Statement |
| Author | Administrator |
| File Modified | 0000-00-00 |
| File Created | 2021-01-29 |