Title 12--Banks and Banking CHAPTER
I--COMPTROLLER OF THE CURRENCY, PART 21--MINIMUM
SECURITY DEVICES AND PROCEDURES, |
|||||||||||||||||||
|
|||||||||||||||||||
(a) This subpart is issued by the Comptroller of the Currency
pursuant to section 3 of the Bank Protection Act of 1968 (12 U.S.C.
1882) and is applicable to all national banking associations and all
banks located in the District of Columbia subject to the supervision of
the Office of the Comptroller of the Currency. It requires each bank to
adopt appropriate security procedures to discourage robberies,
burglaries, and larcenies and to assist in identifying and apprehending
persons who commit such acts.
(b) It is the responsibility of a bank's board of directors to
comply with this regulation and ensure that a security program which
equals or exceeds the standards prescribed by this part is developed and
implemented for the bank's main office and branches (as the term
``branch'' is used in 12 U.S.C. 36).
|
|||||||||||||||||||
Within 30 days after the opening of a new bank, the Bank's board of directors shall designate a security officer who shall have the authority, subject to the approval of the board of directors, for immediately developing and administering a written security program to protect each banking office from robberies, burglaries, and larcenies and to assist in identifying and apprehending persons who commit such acts. (Approval by the Office of Management and Budget under control number 1557-0180) |
|||||||||||||||||||
(a) Contents of security program. The security program shall:
(1) Establish procedures for opening and closing for business and
for the safekeeping of all currency, negotiable securities, and similar
valuables at all times;
(2) Establish procedures that will assist in identifying persons
committing crimes against the institution and that will preserve
evidence that may aid in their identification or conviction; such
procedures may include, but are not limited to:
(i) Using identification devices, such as prerecorded serial-
numbered bills, or chemical and electronic devices;
(ii) Maintaining a camera that records activity in the banking
office; and
(iii) Retaining a record of any robbery, burglary or larceny
committed or attempted against a banking office;
(3) Provide for initial and periodic training of employees in their
responsibilities under the security program and in proper employee
conduct during and after a robbery; and
(4) Provide for selecting, testing, operating and maintaining
appropriate security devices, as specified in paragraph (b) of this
section.
(b) Security devices. Each national bank shall have, at a minimum,
the following security devices:
(1) A means of protecting cash or other liquid assets, such as a
vault, safe, or other secure space;
(2) A lighting system for illuminating, during the hours of
darkness, the area around the vault, if the vault is visible from
outside the banking office;
(3) Tamper-resistant locks on exterior doors and exterior windows
designed to be opened;
(4) An alarm system or other appropriate device for promptly
notifying the nearest responsible law enforcement officers of an
attempted or perpetrated robbery, burglary or larceny; and
(5) Such other devices as the security officer determines to be
appropriate, taking into consideration:
(i) The incidence of crimes against financial institutions in the
area;
[[Page 206]]
(ii) The amount of currency or other valuables exposed to robbery,
burglary, or larceny;
(iii) The distance of the banking office from the nearest
responsible law enforcement officers and the time required for such law
enforcement officers ordinarily to arrive at the banking office;
(iv) The cost of the security devices;
(v) Other security measures in effect at the banking office; and
(vi) The physical characteristics of the banking office structure
and its surroundings. |
|||||||||||||||||||
|
Sec. 21.4 Report. |
|||||||||||||||||||
The security officer for a national bank shall report at least annually to the bank's board of directors on the effectiveness of the security program. The substance of such report shall be reflected in the minutes of the Board meeting in which it is given. (Approved by the Office of Management and Budget under control number 1557-0180) |
|||||||||||||||||||
|
Sec. 21.11 Suspicious Activity Report. |
|||||||||||||||||||
(a) Purpose and scope. This section ensures that national banks file
a Suspicious Activity Report when they detect a known or suspected
violation of Federal law or a suspicious transaction related to a money
laundering activity or a violation of the Bank Secrecy Act. This section
applies to all national banks as well as any Federal branches and
agencies of foreign banks licensed or chartered by the OCC.
(b) Definitions. For the purposes of this section:
(1) FinCEN means the Financial Crimes Enforcement Network of the
Department of the Treasury.
(2) Institution-affiliated party means any institution-affiliated
party as that term is defined in sections 3(u) and 8(b)(5) of the
Federal Deposit Insurance Act (12 U.S.C. 1813(u) and 1818(b)(5)).
(3) SAR means a Suspicious Activity Report on the form prescribed by
the OCC.
(c) SARs required. A national bank shall file a SAR with the
appropriate Federal law enforcement agencies and the Department of the
Treasury in accordance with the form's instructions, by sending a
completed SAR to FinCEN in the following circumstances:
(1) Insider abuse involving any amount. Whenever the national bank
detects any known or suspected Federal criminal violation, or pattern of
criminal violations, committed or attempted against the bank or
involving a transaction or transactions conducted through the bank,
where the bank believes that it was either an actual or potential victim
of a criminal violation, or series of criminal violations, or that the
bank was used to facilitate a criminal transaction, and the bank has a
substantial basis for identifying one of its directors, officers,
employees, agents or other institution-affiliated parties as having
committed or aided in the commission of a criminal act, regardless of
the amount involved in the violation.
(2) Violations aggregating $5,000 or more where a suspect can be
identified. Whenever the national bank detects any known or suspected
Federal criminal violation, or pattern of criminal violations, committed
or attempted against the bank or involving a transaction or transactions
conducted through the bank and involving or aggregating $5,000 or more
in funds or other assets where the bank believes that it was either an
actual or potential victim of a criminal violation, or series of
criminal violations or that it was used to facilitate a criminal
transaction, and the bank has a substantial basis for identifying a
possible suspect or group of suspects. If it is determined prior to
filing this report that the identified suspect or group of suspects has
used an alias, then information regarding the true identity of the
suspect or group of suspects, as well as alias identifiers, such as
drivers' license or social security numbers, addresses and telephone
numbers, must be reported.
(3) Violations aggregating $25,000 or more regardless of potential
suspects. Whenever the national bank detects any known or suspected
Federal criminal violation, or pattern of criminal violations, committed
or attempted against the bank or involving a transaction or transactions
conducted
[[Page 207]]
through the bank and involving or aggregating $25,000 or more in funds
or other assets where the bank believes that it was either an actual or
potential victim of a criminal violation, or series of criminal
violations, or that the bank was used to facilitate a criminal
transaction, even though there is no substantial basis for identifying a
possible suspect or group of suspects.
(4) Transactions aggregating $5,000 or more that involve potential
money laundering or violate the Bank Secrecy Act. Any transaction (which
for purposes of this paragraph (c)(4) means a deposit, withdrawal,
transfer between accounts, exchange of currency, loan, extension of
credit, or purchase or sale of any stock, bond, certificate of deposit,
or other monetary instrument or investment security, or any other
payment, transfer, or delivery by, through, or to a financial
institution, by whatever means effected) conducted or attempted by, at
or through the national bank and involving or aggregating $5,000 or more
in funds or other assets, if the bank knows, suspects, or has reason to
suspect that:
(i) The transaction involves funds derived from illegal activities
or is intended or conducted in order to hide or disguise funds or assets
derived from illegal activities (including, without limitation, the
ownership, nature, source, location, or control of such funds or assets)
as part of a plan to violate or evade any law or regulation or to avoid
any transaction reporting requirement under Federal law;
(ii) The transaction is designed to evade any regulations
promulgated under the Bank Secrecy Act; or
(iii) The transaction has no business or apparent lawful purpose or
is not the sort in which the particular customer would normally be
expected to engage, and the institution knows of no reasonable
explanation for the transaction after examining the available facts,
including the background and possible purpose of the transaction.
(d) Time for reporting. A national bank is required to file a SAR no
later than 30 calendar days after the date of the initial detection of
facts that may constitute a basis for filing a SAR. If no suspect was
identified on the date of detection of the incident requiring the
filing, a national bank may delay filing a SAR for an additional 30
calendar days to identify a suspect. In no case shall reporting be
delayed more than 60 calendar days after the date of initial detection
of a reportable transaction. In situations involving violations
requiring immediate attention, such as when a reportable violation is
ongoing, the financial institution shall immediately notify, by
telephone, an appropriate law enforcement authority and the OCC in
addition to filing a timely SAR.
(e) Reports to state and local authorities. National banks are
encouraged to file a copy of the SAR with state and local law
enforcement agencies where appropriate.
(f) Exceptions. (1) A national bank need not file a SAR for a
robbery or burglary committed or attempted that is reported to
appropriate law enforcement authorities.
(2) A national bank need not file a SAR for lost, missing,
counterfeit, or stolen securities if it files a report pursuant to the
reporting requirements of 17 CFR 240.17f-1.
(g) Retention of records. A national bank shall maintain a copy of
any SAR filed and the original or business record equivalent of any
supporting documentation for a period of five years from the date of the
filing of the SAR. Supporting documentation shall be identified and
maintained by the bank as such, and shall be deemed to have been filed
with the SAR. A national bank shall make all supporting documentation
available to appropriate law enforcement agencies upon request.
(h) Notification to board of directors--(1) Generally. Whenever a
national bank files a SAR pursuant to this section, the management of
the bank shall promptly notify its board of directors, or a committee of
directors or executive officers designated by the board of directors to
receive notice.
(2) Suspect is a director or executive officer. If the bank files a
SAR pursuant to paragraph (c) of this section and the suspect is a
director or executive officer, the bank may not notify the suspect,
pursuant to 31 U.S.C. 5318(g)(2),
[[Page 208]]
but shall notify all directors who are not suspects.
(i) Compliance. Failure to file a SAR in accordance with this
section and the instructions may subject the national bank, its
directors, officers, employees, agents, or other institution-affiliated
parties to supervisory action.
(j) Obtaining SARs. A national bank may obtain SARs and the
Instructions from the appropriate OCC District Office listed in 12 CFR
part 4.
(k) Confidentiality of SARs. SARs are confidential. Any national
bank or person subpoenaed or otherwise requested to disclose a SAR or
the information contained in a SAR shall decline to produce the SAR or
to provide any information that would disclose that a SAR has been
prepared or filed, citing this section, applicable law (e.g., 31 U.S.C.
5318(g)), or both, and shall notify the OCC.
(l) Safe harbor. The safe harbor provision of 31 U.S.C. 5318(g),
which exempts any financial institution that makes a disclosure of any
possible violation of law or regulation from liability under any law or
regulation of the United States, or any constitution, law, or regulation
of any state or political subdivision, covers all reports of suspected
or known criminal violations and suspicious activities to law
enforcement and financial institution supervisory authorities, including
supporting documentation, regardless of whether such reports are
required to be filed pursuant to this section or are filed on a
voluntary basis.
[61 FR 4337, Feb. 5, 1996]
|
|||||||||||||||||||
| Sec. 21.21 Bank Secrecy Act Compliance. | |||||||||||||||||||
(a) Purpose. This subpart is issued to assure that all national
banks establish and maintain procedures reasonably designed to assure
and monitor their compliance with the requirements of subchapter II of
chapter 53 of title 31, United States Code, and the implementing
regulations promulgated thereunder by the Department of Treasury at 31
CFR part 103.
(b) Compliance procedures. On or before April 27, 1987, each bank
shall develop and provide for the continued administration of a program
reasonably designed to assure and monitor compliance with the
recordkeeping and reporting requirements set forth in subchapter II of
chapter 53 of title 31, United States Code, and the implementing
regulations promulgated thereunder by the Department of Treasury at 31
CFR part 103. The compliance program shall be reduced to writing,
approved by the board of directors and noted in the minutes.
(c) Contents of compliance program. The compliance program shall, at
a minimum:
(1) Provide for a system of internal controls to assure ongoing
compliance;
(2) Provide for independent testing for compliance to be conducted
by bank personnel or by an outside party;
(3) Designate an individual or individuals responsible for
coordinating and monitoring day-to-day compliance; and
(4) Provide training for appropriate personnel.
(Approved by the Office of Management and Budget under control number
1557-0180)
[52 FR 2859, Jan. 27, 1987]
|
|||||||||||||||||||