(a) Authority. Subpart F of Regulation H (12 CFR part 208, subpart F) is issued by the Board of Governors of the Federal Reserve System under sections 9, 11, 21, 25 and 25A of the Federal Reserve Act (12 U.S.C. 321-338a, 248(a), 248(c), 481-486, 601 and 611), section 7 of the International Banking Act (12 U.S.C. 3105), section 3 of the Bank Protection Act of 1968 (12 U.S.C. 1882), sections 1814, 1816, 1818, 1831o, 1831p-1 and 1831r-1 of the FDI Act (12 U.S.C. 1814, 1816, 1818, 1831o, 1831p-1 and 1831r-1), and the Bank Secrecy Act (31 U.S.C. 5318).

(b) Purpose and scope. This subpart F describes a member bank's obligation to implement security procedures to discourage certain crimes, to file suspicious activity reports, and to comply with the Bank Secrecy Act's requirements for reporting and recordkeeping of currency and foreign transactions. It also describes the examination schedule for certain small insured member banks.

(a) Authority, purpose, and scope. Pursuant to section 3 of the Bank Protection Act of 1968 (12 U.S.C. 1882), member banks are required to adopt appropriate security procedures to discourage robberies, burglaries, and larcenies, and to assist in the identification and prosecution of persons who commit such acts. It is the responsibility of the member bank's board of directors to comply with the provisions of this section and ensure that a written security program for the bank's main office and branches is developed and implemented.

(b) Designation of security officer. Upon becoming a member of the Federal Reserve System, a member bank's board of directors shall designate a security officer who shall have the authority, subject to the approval of the board of directors, to develop, within a reasonable time, but no later than 180 days, and to administer a written security program for each banking office.

(c) Security program. (1) The security program shall:

(i) Establish procedures for opening and closing for business and for the safekeeping of all currency, negotiable securities, and similar valuables at all times;

(ii) Establish procedures that will assist in identifying persons committing crimes against the institution and that will preserve evidence that may aid in their identification and prosecution. Such procedures may include, but are not limited to: maintaining a camera that records activity in the banking office; using identification devices, such as prerecorded serial-numbered bills, or chemical and electronic devices; and retaining a record of any robbery, burglary, or larceny committed against the bank;

(iii) Provide for initial and periodic training of officers and employees in their responsibilities under the security program and in proper employee conduct during and after a burglary, robbery, or larceny; and

(iv) Provide for selecting, testing, operating, and maintaining appropriate security devices, as specified in paragraph (c)(2) of this section.

(2) Security devices. Each member bank shall have, at a minimum, the following security devices:

(i) A means of protecting cash and other liquid assets, such as a vault, safe, or other secure space;

(ii) A lighting system for illuminating, during the hours of darkness, the area around the vault, if the vault is visible from outside the banking office;

(iii) Tamper-resistant locks on exterior doors and exterior windows that may be opened;

(iv) An alarm system or other appropriate device for promptly notifying the nearest responsible law enforcement officers of an attempted or perpetrated robbery or burglary; and

(v) Such other devices as the security officer determines to be appropriate, taking into consideration: the incidence of crimes against financial institutions in the area; the amount of currency and other valuables exposed to robbery, burglary, or larceny; the distance of the banking office from the nearest responsible law enforcement officers; the cost of the security devices; other security measures in effect at the banking office; and the physical characteristics of the structure of the banking office and its surroundings.

(d) Annual reports. The security officer for each member bank shall report at least annually to the bank's board of directors on the implementation, administration, and effectiveness of the security program.

(e) Reserve Banks. Each Reserve Bank shall develop and maintain a written security program for its main office and branches subject to review and approval of the Board.

(a) Purpose. This section ensures that a member bank files a Suspicious Activity Report when it detects a known or suspected violation of Federal law, or a suspicious transaction related to a money laundering activity or a violation of the Bank Secrecy Act. This section applies to all member banks.

(b) Definitions. For the purposes of this section:

(1) FinCEN means the Financial Crimes Enforcement Network of the Department of the Treasury.

(2) Institution-affiliated party means any institution-affiliated party as that term is defined in 12 U.S.C. 1786(r), or 1813(u) and 1818(b) (3), (4) or (5).

(3) SAR means a Suspicious Activity Report on the form prescribed by the Board.

(c) SARs required. A member bank shall file a SAR with the appropriate Federal law enforcement agencies and the Department of the Treasury in accordance with the form's instructions by sending a completed SAR to FinCEN in the following circumstances:

(1) Insider abuse involving any amount. Whenever the member bank detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank, where the bank believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the bank was used to facilitate a criminal transaction, and the bank has a substantial basis for identifying one of its directors, officers, employees, agents or other institution-affiliated parties as having committed or aided in the commission of a criminal act regardless of the amount involved in the violation.

(2) Violations aggregating $5,000 or more where a suspect can be identified. Whenever the member bank detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank and involving or aggregating $5,000 or more in funds or other assets, where the bank believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the bank was used to facilitate a criminal transaction, and the bank has a substantial basis for identifying a possible suspect or group of suspects. If it is determined prior to filing this report that the identified suspect or group of suspects has used an “alias,” then information regarding the true identity of the suspect or group of suspects, as well as alias identifiers, such as drivers' licenses or social security numbers, addresses and telephone numbers, must be reported.

(3) Violations aggregating $25,000 or more regardless of a potential suspect. Whenever the member bank detects any known or suspected Federal criminal violation, or pattern of criminal violations, committed or attempted against the bank or involving a transaction or transactions conducted through the bank and involving or aggregating $25,000 or more in funds or other assets, where the bank believes that it was either an actual or potential victim of a criminal violation, or series of criminal violations, or that the bank was used to facilitate a criminal transaction, even though there is no substantial basis for identifying a possible suspect or group of suspects.

(4) Transactions aggregating $5,000 or more that involve potential money laundering or violations of the Bank Secrecy Act. Any transaction (which for purposes of this paragraph (c)(4) means a deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond, certificate of deposit, or other monetary instrument or investment security, or any other payment, transfer, or delivery by, through, or to a financial institution, by whatever means effected) conducted or attempted by, at or through the member bank and involving or aggregating $5,000 or more in funds or other assets, if the bank knows, suspects, or has reason to suspect that:

(i) The transaction involves funds derived from illegal activities or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any law or regulation or to avoid any transaction reporting requirement under federal law;

(ii) The transaction is designed to evade any regulations promulgated under the Bank Secrecy Act; or

(iii) The transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction.

(d) Time for reporting. A member bank is required to file a SAR no later than 30 calendar days after the date of initial detection of facts that may constitute a basis for filing a SAR. If no suspect was identified on the date of detection of the incident requiring the filing, a member bank may delay filing a SAR for an additional 30 calendar days to identify a suspect. In no case shall reporting be delayed more than 60 calendar days after the date of initial detection of a reportable transaction. In situations involving violations requiring immediate attention, such as when a reportable violation is on-going, the financial institution shall immediately notify, by telephone, an appropriate law enforcement authority and the Board in addition to filing a timely SAR.

(e) Reports to state and local authorities. Member banks are encouraged to file a copy of the SAR with state and local law enforcement agencies where appropriate.

(f) Exceptions. (1) A member bank need not file a SAR for a robbery or burglary committed or attempted that is reported to appropriate law enforcement authorities.

(2) A member bank need not file a SAR for lost, missing, counterfeit, or stolen securities if it files a report pursuant to the reporting requirements of 17 CFR 240.17f-1.

(g) Retention of records. A member bank shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of the filing of the SAR. Supporting documentation shall be identified and maintained by the bank as such, and shall be deemed to have been filed with the SAR. A member bank must make all supporting documentation available to appropriate law enforcement agencies upon request.

(h) Notification to board of directors. The management of a member bank shall promptly notify its board of directors, or a committee thereof, of any report filed pursuant to this section.

(i) Compliance. Failure to file a SAR in accordance with this section and the instructions may subject the member bank, its directors, officers, employees, agents, or other institution affiliated parties to supervisory action.

(j) Confidentiality of SARs. SARs are confidential. Any member bank subpoenaed or otherwise requested to disclose a SAR or the information contained in a SAR shall decline to produce the SAR or to provide any information that would disclose that a SAR has been prepared or filed citing this section, applicable law (e.g., 31 U.S.C. 5318(g)), or both, and notify the Board.

(k) Safe harbor. The safe harbor provisions of 31 U.S.C. 5318(g), which exempts any member bank that makes a disclosure of any possible violation of law or regulation from liability under any law or regulation of the United States, or any constitution, law or regulation of any state or political subdivision, covers all reports of suspected or known criminal violations and suspicious activities to law enforcement and financial institution supervisory authorities, including supporting documentation, regardless of whether such reports are filed pursuant to this section or are filed on a voluntary basis.

(a) Purpose. This section is issued to assure that all state member banks establish and maintain procedures reasonably designed to assure and monitor their compliance with the provisions of the Bank Secrecy Act (31 U.S.C. 5311, et seq.) and the implementing regulations promulgated thereunder by the Department of Treasury at 31 CFR part 103, requiring recordkeeping and reporting of currency transactions.

(b) Establishment of BSA compliance program—(1) Program requirement. Each bank shall develop and provide for the continued administration of a program reasonably designed to ensure and monitor compliance with the recordkeeping and reporting requirements set forth in subchapter II of chapter 53 of title 31, United States Code, the Bank Secrecy Act, and the implementing regulations promulgated thereunder by the Department of the Treasury at 31 CFR part 103. The compliance program shall be reduced to writing, approved by the board of directors, and noted in the minutes.

(2) Customer identification program. Each bank is subject to the requirements of 31 U.S.C. 5318(l) and the implementing regulation jointly promulgated by the Board and the Department of the Treasury at 31 CFR 103.121, which require a customer identification program to be implemented as part of the BSA compliance program required under this section.

(c) Contents of compliance program. The compliance program shall, at a minimum:

(1) Provide for a system of internal controls to assure ongoing compliance;

(2) Provide for independent testing for compliance to be conducted by bank personnel or by an outside party;

(3) Designate an individual or individuals responsible for coordinating and monitoring day-to-day compliance; and

(4) Provide training for appropriate personnel.

[63 FR 37655, July 13, 1998, as amended at 68 FR 25111, May 9, 2003]

(a) General. The Federal Reserve examines insured member banks pursuant to authority conferred by 12 U.S.C. 325 and the requirements of 12 U.S.C. 1820(d). The Federal Reserve is required to conduct a full-scope, on-site examination of every insured member bank at least once during each 12-month period.

(b) 18-month rule for certain small institutions. The Federal Reserve may conduct a full-scope, on-site examination of an insured member bank at least once during each 18-month period, rather than each 12-month period as provided in paragraph (a) of this section, if the following conditions are satisfied:

(1) The bank has total assets of less than $3 billion;

(2) The bank is well capitalized as defined in subpart D of this part (§ 208.43);

(3) At the most recent examination conducted by either the Federal Reserve or applicable State banking agency, the Federal Reserve—

(i) Assigned the bank a rating of 1 or 2 for management as part of the bank's rating under the Uniform Financial Institutions Rating System (commonly referred to as CAMELS); and

(ii) Assigned the bank a composite CAMELS rating of 1 or 2 under the Uniform Financial Institutions Rating System;

(4) The bank currently is not subject to a formal enforcement proceeding or order by the Federal Reserve or the FDIC; and

(5) No person acquired control of the bank during the preceding 12-month period in which a full-scope examination would have been required but for this paragraph (b).

(c) Authority to conduct more frequent examinations. This section does not limit the authority of the Federal Reserve to examine any member bank as frequently as the agency deems necessary.

(d)(1) Except as provided in paragraph (c) of this section, from December 2, 2020, through December 31, 2021, for purposes of determining eligibility for the extended examination cycle described in paragraph (b) of this section, the total assets of a member bank shall be determined based on the lesser of:

(i) The assets of the member bank as of December 31, 2019; and

(ii) The assets of the member bank as of the end of the most recent calendar quarter.

(2) Nothing in paragraph (d)(1) of this section limits the authority of the Federal Reserve to examine any member bank as frequently as the agency deems necessary pursuant to paragraph (c) of this section.

[63 FR 37655, July 13, 1998, as amended at 72 FR 17802, Apr. 10, 2007; 81 FR 10069, Feb. 29, 2016; 83 FR 43965, Aug. 29, 2018; 85 FR 77360, Dec. 2, 2020]