Supporting Statement
OMB Control Number 1557-0180
Minimum Security Devices and Procedures, Reports of Suspicious Activities, and Bank Secrecy Act Compliance Program
A. Justification.
1. Circumstances that make the collection necessary:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 168.2 and 168.4): Under 12 CFR 21.2 and 21.4; and 12 CFR 168.2 and 168.4, national banks and Federal savings associations are required to designate a security officer who must develop and administer a written security program. The security officer shall report at least annually to the institution’s board of directors on the effectiveness of the security program. The substance of the report shall be reflected in the board’s minutes. These requirements ensure that each institution has a security officer who is responsible for the security program and that the institution’s management and board of directors are aware of the content and effectiveness of the program. These requirements are necessary to ensure prudent institution management and safety and soundness.
Suspicious Activity Report (SAR) (12 CFR 21.11 and 12 CFR 163.180): The Financial Crimes Enforcement Network (FinCEN) and Federal financial institution supervisory agencies1 (bank regulators) adopted the SAR in 1996 to simplify the process through which depository institutions inform their regulators and law enforcement about suspected criminal activity. The SAR was updated in 1999, 2002, 2006, 2009, and 2012.
In 1992, the Department of the Treasury was granted broad authority to require suspicious transaction reporting under the Bank Secrecy Act (BSA). See 31 U.S.C. 5318(g). FinCEN, which has delegated authority to administer the BSA, joined with the Federal financial institution supervisory agencies in requiring, on a consolidated form, reports of suspicious transactions. See 31 CFR 1020.320(a) (formerly 31 CFR 103.18(a)). The filing of SARs is necessary to prevent and detect crimes involving depository institution funds, institution insiders, criminal transactions, and money laundering. These requirements are necessary to ensure an institution’s safety and soundness.
Banks and savings associations are required to maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years. The documents are necessary for criminal investigations and prosecutions.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21): Under 12 CFR 21.21, national banks and savings associations are required to develop and provide for the continued administration of a program reasonably designed to assure and monitor their compliance with the BSA and applicable Treasury regulations. The compliance program must be in writing, approved by the board of directors, and the approval noted in the minutes. These requirements are necessary to ensure institution compliance with the BSA and applicable Treasury regulations.
2. Use of the information:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 168.2 and 568.4): The OCC uses the information to ensure that national banks and Federal savings associations carefully review the effectiveness of their security systems and comply with Federal law. The information collection ensures that national banks and Federal savings associations conduct their activities in accordance with safe and sound principles. The boards of directors of national banks and Federal savings associations use the information to ensure that the institutions’ security systems are adequate.
SAR and Retention of Records (12 CFR 21.11 and 12 CFR 163.180): The OCC uses the SAR and the supporting documentation retained by national banks and savings associations for supervisory purposes. The information collection identifies suspicious transactions that could pose a threat to these institutions.
Effective December 31, 2012, FinCEN completed the development of a modernized information technology system containing the information collected from all filing institutions. FinCEN provides on-line access to the information to representatives of bank regulators and appropriate law enforcement agencies.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21): National banks and savings associations use the compliance program to ensure compliance with the BSA. Bank examiners review the written procedures and board approval in the examination process.
3. Consideration of the use of improved information technology:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; and 12 CFR 168.2 and 168.4): This is an internal institution record. Institutions may use any technology that permits review by OCC examiners.
SAR (12 CFR 21.11 and 12 CFR 163.180): The SAR system uses improved information technology to reduce burden on institutions. Whereas institutions previously filed multiple copies of different forms with their primary regulators, U.S. Attorneys’ offices, the Federal Bureau of Investigation, and other law enforcement agencies, as necessary, they are now able to file one, consolidated form online with FinCEN through the BSA E-Filing System. By offering on-line access to authorized users, FinCEN has eliminated the need for multiple filings. Because the system consolidates various forms into one, the information collected is easier to collate, analyze, and use. FinCEN also provides improved access to the SAR database for law enforcement and state and Federal regulators.
SAR Retention of Records (12 CFR 21.11 and 12 CFR 163.180): Original documents are needed for investigative and evidentiary purposes.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21): The OCC and the other bank regulators have imposed only the minimum requirements needed to satisfy the law. This is an internal institution record. National banks and savings associations may use any information technology that permits review by OCC examiners.
4. Efforts to identify duplication:
The required information is unique and is not duplicative of any other information already collected.
5. If the collection of information impacts small businesses or other small entities, describe any methods used to minimize burden.
The rule applies to all OCC-supervised institutions regardless of asset size. The rule requires that institutions report known or suspected violation of Federal law, or a suspicious transaction related to money laundering or a violation of the Bank Secrecy Act. The rule expects institutions to report criminal matters to law enforcement authorities. The OCC minimized the impact of the rule by setting the threshold for suspicious activities at $5,000, with the exception of insider-affiliated parties. There are no alternatives that would result in further lowering the burden on small institutions, while still accomplishing the purpose of the rule.
6. Consequences to the Federal program if the collection were conducted less frequently:
Minimum Security Devices and Procedures (12 CFR 21.2 and 21.4; 12 CFR 168.2 and 168.4): A national bank and Federal savings association must designate a security officer to develop and administer a written security program and report on the effectiveness of the program on an annual basis. This annual review and reporting is a necessary part of a strong security program and less frequent review and reporting could impair an institution’s safety and soundness.
SAR (12 CFR 21.11 and 12 CFR 163.180): With the automated SAR system, the bank regulators, law enforcement, and industry benefit from improved detection of financial crime, analysis of trends, and coordination of investigative efforts. The SAR requirement provides law enforcement and regulatory agencies with the ability to fight financial crime and ensures the safety and soundness of institutions.
SAR Retention of Records (12 CFR 21.11 and 12 CFR 163.180): A national bank and savings association must maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years.
Procedures for Monitoring Bank Secrecy Act Compliance (12 CFR 21.21): Each national bank and savings association is required to develop and maintain a written BSA compliance program.
7. Special circumstances that would cause an information collection to be conducted in a manner inconsistent with 5 CFR Part 1320:
With one exception, these recordkeeping and reporting requirements are conducted in a manner consistent with the requirements of 5 CFR part 1320. The reporting of suspicious activity on a SAR may occur more frequently than quarterly, depending on the frequency of the activity. This information must be reported in a timely manner to enable law enforcement to take appropriate action. Records must be kept for five years because substantive violations of the law that may be indicated by the suspicious activity are generally subject to statutes of limitations of longer than three years. To ensure that documents are available for prosecutions, reporting institutions must retain original evidentiary documents for five years.
8. Efforts to consult with persons outside the agency:
In the Federal Register of March 25, 2016, 81 FR 16277, the OCC published a 60-day notice soliciting comments concerning this information collection. The OCC received no comments.
9. Payment or gift to respondents:
None.
10. Any assurance of confidentiality:
Information provided to the government on the SARs is expressly prohibited from disclosure under 31 U.S.C. 5318(g) (2). Appropriate system security safeguards have been put in place to protect against unauthorized access.
11. Justification for questions of a sensitive nature:
There are no questions of a sensitive nature.
12. Burden estimate:
The OCC estimates that the time spent by each national bank and savings association to file a SAR will vary, depending on the size and type of institution involved and the number of reportable transactions. The OCC estimates that 1,485 (as of 1-31-2016) national banks and savings associations will file approximately 613,294 SARs each year. The OCC estimates that the annual recordkeeping burden of 1,485 national banks and savings associations will vary, depending on the size and type of bank. The burden is calculated as follows:
Citation and Burden Type |
Information Collection Requirements
|
Number of Respondents and Responses or Records |
Average Hours Per Response |
Estimated Burden Hours |
12 CFR 21.2 and 21.4; 12 CFR 168.2 and 168.4 Recordkeeping |
Minimum Security Devices and Procedures
§ 21.2 and 168.2 – Designation of security officer – The board of directors of each national bank and Federal savings association shall designate a security officer who must develop and administer a written security program.
§ 21.4 and 168.4 – Report – The security officer for a national bank and Federal savings association shall report at least annually to the institution’s board of directors on the effectiveness of the security program. The substance of such report shall be reflected in the board minutes. |
1,485 recordkeepers 1,485 records |
.5 hour |
743 hours |
12 CFR 21.11(a) and 163.180(d)(1) Reporting
12 CFR 21.11(g) and 163.180(d)(8) Recordkeeping |
Reports of Suspicious Activities
§ 21.11(a) and 163.180(d)(1) – Suspicious Activity Report – Purpose and scope – National banks and savings associations are required to file a SAR when they detect a known or suspected violation of Federal law or a suspicious transaction related to a money laundering activity or a violation of the BSA. This section applies to all national banks and savings associations as well as any Federal branches and agencies of foreign banks licensed or chartered by the OCC.
§ 21.11(g) and 163.180(d)(8) – Suspicious Activity Report – Retention of records – A national bank and savings association shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of the filing of the SAR. Supporting document shall be identified and maintained by the bank or savings association as such, and shall be deemed to have been filed with the SAR. |
1,485 respondents 613,294 responses
1,485 recordkeepers 1,485 records |
1 hour
1.5 hours |
613,294 hours
2,228 hours |
12 CFR 21.21 Recordkeeping |
Procedures for Monitoring Bank Secrecy Act Compliance
§ 21.21-- Bank Secrecy Act compliance – All national banks and savings associations are required to develop and provide for the continued administration of a program reasonably designed to assure and monitor their compliance with subchapter II of chapter 53 of title 31, United States Code, and the implementing regulations promulgated thereunder by 31 CFR Chapter X (formerly Part 103). The compliance program shall be reduced to writing, approved by the board of directors, and noted in the minutes.
|
1,485 recordkeepers 1,485 records
Community Banks: 1,354
Mid-Size Banks: 42
Large Banks: 89 |
35 hours
250 hours
450 hours |
47,390 hours
10,500 hours
40,050 hours |
Total |
|
|
|
714,205 hours |
Cost of Hour Burden
714,205 x $101 = $72,134,705
To estimate average hourly wages we reviewed data from May 2015 for wages (by industry and occupation) from the U.S. Bureau of Labor Statistics for depository credit intermediation (NAICS 522100). To estimate compensation costs associated with the rule, we use $101 per hour, which is based on the average of the 90th percentile for seven occupations adjusted for inflation (2 percent), plus an additional 30 percent to cover private sector benefits. Thirty percent represents the average private sector costs of employee benefits.
13. Estimate of total annual costs to respondents (excluding cost of hour burden in Item #12):
None.
14. Estimate of annualized costs to the Federal government:
Not applicable.
15. Change in burden:
Former Burden:
508,333 burden hours.
New Burden:
714,205 burden hours.
Difference:
+205,872 burden hours.
The increase is due to an increase in SAR filings.
16. Information regarding collections whose results are to be published for statistical use:
The OCC has no plans to publish the information for statistical purposes.
17. Reasons for not displaying OMB approval expiration date:
Not applicable.
18. Exceptions to the certification statement in Item 19 of OMB Form 83-I:
None.
B. Collections of Information Employing Statistical Methods.
Not applicable.
1 The Federal financial institution supervisory agencies are the Office of the Comptroller of the Currency (OCC), Board of Governors of the Federal Reserve System (Board), Federal Deposit Insurance Corporation (FDIC), and National Credit Union Administration (NCUA).
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| File Title | Supporting Statement |
| Author | Administrator |
| File Modified | 0000-00-00 |
| File Created | 2021-01-23 |