Bank Secrecy Act

FinCEN Needs to Further Develop Its Form Revision Process for Suspicious Activity Reports Gao ID: GAO-10-609T April 28, 2010

To assist law enforcement agencies in their efforts to combat money laundering, terrorist financing, and other financial crimes, the Bank Secrecy Act (BSA) requires financial institutions to file suspicious activity reports (SAR) to inform the federal government of transactions related to possible violations of law or regulation. Depository institutions have been concerned about the resources required to file SARs and the extent to which SARs are used. The Subcommittee asked GAO to discuss our February 2009 report on suspicious activity reporting. Specifically, this testimony discusses (1) factors affecting the number of SARs filed, (2) actions agencies have taken to improve the usefulness of SARs, (3) federal agencies' use of SARs, and (4) the effectiveness of the process used to revise SAR forms. To respond to the request, GAO relied primarily on the February 2009 report titled Bank Secrecy Act: Suspicious Activity Report Use Is Increasing, but FinCEN Needs to Further Develop and Document Its Form Revision Process (GAO-09-226), and updated it with additional information provided by FinCEN. In that report, GAO recommended that FinCEN work to further develop a strategy that fully incorporates certain GAO-identified practices to enhance and sustain collaboration among federal agencies into the forms-change process.

In 2000 through 2008, total SAR filings by depository institutions increased from about 163,000 to 732,000 per year; representatives from federal regulators, law enforcement, and depository institutions with whom GAO spoke attributed the increase mainly to two factors. First, automated monitoring systems can flag multiple indicators of suspicious activities and identify significantly more unusual activity than manual monitoring. Second, several public enforcement actions against a few depository institutions prompted other institutions to look more closely at client and account activities. Other factors include institutions' greater awareness of and training on BSA requirements after September 11, 2001 and more regulator guidance for BSA examinations. FinCEN and law enforcement agencies have taken actions to improve the quality of SAR filings and educate filers about their usefulness. Since 2000, FinCEN has issued written products with the purpose of making SAR filings more useful to law enforcement. FinCEN and federal law enforcement agency representatives regularly participate in outreach on BSA/anti-money laundering, including events focused on SARs. Law enforcement agency representatives said they also establish relationships with depository institutions to communicate with staff about crafting useful SAR narratives. FinCEN, law enforcement agencies, and financial regulators use SARs in investigations and financial institution examinations and have taken steps in recent years to make better use of them. FinCEN uses SARs to provide public and nonpublic analytical products to law enforcement agencies and depository institution regulators. Some federal law enforcement agencies have facilitated complex analyses by using SAR data with their own data sets. Federal, state, and local law enforcement agencies collaborate to review and start investigations based on SARs filed in their areas. Regulators use SARs in their examination process to assess compliance and take action against abuse by depository institution insiders. After revising a SAR form in 2006 that could not be used because of information technology limitations, in 2008, FinCEN developed a new process for revising BSA forms, including SARs, that may increase collaboration with some stakeholders, including some law enforcement groups concerned that certain of the 2006 revisions could be detrimental to investigations. Available documentation on the process did not detail the degree to which the new process would incorporate GAO-identified best practices for enhancing and sustaining federal agency collaboration. For example, it did not specify roles and responsibilities for stakeholders or depict monitoring, evaluating, and reporting mechanisms. According to FinCEN officials, it is taking some additional steps toward obtaining greater collaboration with law enforcement agency representatives, prosecutors, and multi-agency law enforcement teams and others to determine the contents of the form, but it is too soon to determine the effectiveness of the process.

GAO-10-609T, Bank Secrecy Act: FinCEN Needs to Further Develop Its Form Revision Process for Suspicious Activity Reports This is the accessible text file for GAO report number GAO-10-609T entitled 'Bank Secrecy Act: FinCEN Needs to Further Develop Its Form Revision Process For Suspicious Activity Reports' which was released on April 28, 2010. This text file was formatted by the U.S. Government Accountability Office (GAO) to be accessible to users with visual impairments, as part of a longer term project to improve GAO products' accessibility. Every attempt has been made to maintain the structural and data integrity of the original printed product. Accessibility features, such as text descriptions of tables, consecutively numbered footnotes placed at the end of the file, and the text of agency comment letters, are provided but may not exactly duplicate the presentation or format of the printed version. The portable document format (PDF) file is an exact electronic replica of the printed version. We welcome your feedback. Please E-mail your comments regarding the contents or accessibility features of this document to Webmaster@gao.gov. This is a work of the U.S. government and is not subject to copyright protection in the United States. It may be reproduced and distributed in its entirety without further permission from GAO. Because this work may contain copyrighted images or other material, permission from the copyright holder may be necessary if you wish to reproduce this material separately. Testimony: Before the Subcommittee on Oversight and Investigations, House of Representatives: United States Government Accountability Office: GAO: For Release on Delivery: Expected at 2:00 p.m. EDT: Wednesday, April 28, 2010: Bank Secrecy Act: FinCEN Needs to Further Develop Its Form Revision Process For Suspicious Activity Reports: Statement of Richard J. Hillman, Managing Director: Financial Markets and Community Investment: GAO-10-609T: GAO Highlights: Highlights of GAO-10-609T, a testimony before the Subcommittee on Oversight and Investigations, Committee on Financial Services, House of Representatives. Why GAO Did This Study: To assist law enforcement agencies in their efforts to combat money laundering, terrorist financing, and other financial crimes, the Bank Secrecy Act (BSA) requires financial institutions to file suspicious activity reports (SAR) to inform the federal government of transactions related to possible violations of law or regulation. Depository institutions have been concerned about the resources required to file SARs and the extent to which SARs are used. The Subcommittee asked GAO to discuss our February 2009 report on suspicious activity reporting. Specifically, this testimony discusses (1) factors affecting the number of SARs filed, (2) actions agencies have taken to improve the usefulness of SARs, (3) federal agencies‘ use of SARs, and (4) the effectiveness of the process used to revise SAR forms. To respond to the request, GAO relied primarily on the February 2009 report titled Bank Secrecy Act: Suspicious Activity Report Use Is Increasing, but FinCEN Needs to Further Develop and Document Its Form Revision Process (GAO-09-226), and updated it with additional information provided by FinCEN. In that report, GAO recommended that FinCEN work to further develop a strategy that fully incorporates certain GAO-identified practices to enhance and sustain collaboration among federal agencies into the forms-change process. What GAO Found: In 2000 through 2008, total SAR filings by depository institutions increased from about 163,000 to 732,000 per year; representatives from federal regulators, law enforcement, and depository institutions with whom GAO spoke attributed the increase mainly to two factors. First, automated monitoring systems can flag multiple indicators of suspicious activities and identify significantly more unusual activity than manual monitoring. Second, several public enforcement actions against a few depository institutions prompted other institutions to look more closely at client and account activities. Other factors include institutions‘ greater awareness of and training on BSA requirements after September 11, 2001 and more regulator guidance for BSA examinations. FinCEN and law enforcement agencies have taken actions to improve the quality of SAR filings and educate filers about their usefulness. Since 2000, FinCEN has issued written products with the purpose of making SAR filings more useful to law enforcement. FinCEN and federal law enforcement agency representatives regularly participate in outreach on BSA/anti-money laundering, including events focused on SARs. Law enforcement agency representatives said they also establish relationships with depository institutions to communicate with staff about crafting useful SAR narratives. FinCEN, law enforcement agencies, and financial regulators use SARs in investigations and financial institution examinations and have taken steps in recent years to make better use of them. FinCEN uses SARs to provide public and nonpublic analytical products to law enforcement agencies and depository institution regulators. Some federal law enforcement agencies have facilitated complex analyses by using SAR data with their own data sets. Federal, state, and local law enforcement agencies collaborate to review and start investigations based on SARs filed in their areas. Regulators use SARs in their examination process to assess compliance and take action against abuse by depository institution insiders. After revising a SAR form in 2006 that could not be used because of information technology limitations, in 2008, FinCEN developed a new process for revising BSA forms, including SARs, that may increase collaboration with some stakeholders, including some law enforcement groups concerned that certain of the 2006 revisions could be detrimental to investigations. Available documentation on the process did not detail the degree to which the new process would incorporate GAO-identified best practices for enhancing and sustaining federal agency collaboration. For example, it did not specify roles and responsibilities for stakeholders or depict monitoring, evaluating, and reporting mechanisms. According to FinCEN officials, it is taking some additional steps toward obtaining greater collaboration with law enforcement agency representatives, prosecutors, and multi-agency law enforcement teams and others to determine the contents of the form, but it is too soon to determine the effectiveness of the process. View [hyperlink, http://www.gao.gov/products/GAO-10-609T] or key components. For more information, contact Richard J. Hillman at (202) 512-8678 or hillmanr@gao.gov. [End of section] Mr. Chairman and Members of the Subcommittee: I am pleased to be here today to discuss our work on the use of suspicious activity (SAR) reports by federal law enforcement and regulatory agencies and the U.S. Department of the Treasury Financial Crimes Enforcement Network's (FinCEN) recent efforts to implement a new process to revise SARs and other Bank Secrecy Act (BSA) forms. [Footnote 1] FinCEN administers BSA and its implementing regulations. To assist law enforcement agencies in their efforts to combat money laundering, terrorist financing, and other financial crimes, BSA requires financial institutions to file SARs to inform the federal government of transactions related to possible violations of law or regulation.[Footnote 2] Depository institutions have had to submit SARs since 1996, longer than any other type of financial institutions, and they file the majority of these reports--in 2008, they filed 732,563 SARs. These institutions have expressed concerns in congressional testimony about resource challenges involved in complying with SAR-related requirements and the extent to which law enforcement agencies use SARs and other reports BSA requires. Federal law enforcement agency officials have testified that they review and use SARs proactively-- separately and in multiagency teams--to identify potential money laundering cases and trends, as well as using them in ongoing investigations of terrorism financing and other financial crimes. Depository institution officials have commented they lack clear guidance on what law enforcement looks for and finds useful in these reports. We reported in February 2009 that FinCEN revised the SAR form for depository institutions in 2006 but could not implement it because of information technology limitations.[Footnote 3] In 2008, FinCEN developed a new process for revising BSA forms (including SARs) that could increase collaboration with some stakeholders, including some law enforcement groups concerned that certain 2006 revisions could be detrimental to investigations. Law enforcement representatives' views on the revised form were mixed--some expressed concerns that changes on the revised form could diminish the utility of the form for investigative purposes. My statement today is based on our February 2009 report, and additional information provided by FinCEN related to recent developments in its efforts to further educate SAR filers and implement a new process to revise SARs and other forms in tandem with its strategy to modernize information technology. Specifically, this statement focuses on (1) underlying factors that affect the number of SAR filings by depository institutions, (2) actions federal and law enforcement agencies have taken to improve the usefulness of SARs, (3) ways in which federal agencies use SARs and actions they have taken to make better use of them, and (4) whether the process FinCEN uses to revise SAR forms is effective in assuring that information collected is appropriate for law enforcement needs. For our 2009 report, we reviewed relevant laws, regulations, agency documents and past GAO work. We interviewed representatives from federal banking regulators--the Board of Governors of the Federal Reserve System (Federal Reserve), the Office of the Comptroller of the Currency (OCC), the Federal Deposit Insurance Corporation (FDIC), the Office of Thrift Supervision (OTS), and the National Credit Union Administration (NCUA).[Footnote 4] We also interviewed representatives from federal law enforcement agencies, including the Secret Service, the Internal Revenue Service-Criminal Investigation (IRS-CI), Immigration and Customs Enforcement (ICE), the Federal Bureau of Investigation (FBI), the Drug Enforcement Administration (DEA), and the Department of Justice (DOJ). We also obtained and analyzed data from FinCEN on depository institutions' SAR filings for calendar years 2000-2007. We interviewed representatives of 15 randomly selected depository institutions that filed various levels of SARs during 2007 about their experiences with SAR filing. We interviewed representatives from randomly selected SAR review teams (multiagency teams with federal, state, and local law enforcement representation) and from High Intensity Financial Crime Areas (HIFCA) throughout the country. To update this information, we interviewed FinCEN officials and reviewed documents related to the new SAR form revision process. We also updated the number of SAR filings made by depository institutions. We conducted our work for the February 2009 report between July 2007 through February 2009 and updated information in April 2010 in accordance with generally accepted government auditing standards. Those standards require that we plan and perform the audit to obtain sufficient, appropriate evidence to provide a reasonable basis for our finding and conclusions based on our audit objectives. We believe that the evidence obtained provides a reasonable basis for our findings and conclusions based on our audit objectives. Background: The Secretary of the Treasury delegated overall authority for enforcement of, and compliance with, BSA and its implementing regulations to the Director of FinCEN. FinCEN develops policy and provides guidance to other agencies, analyzes BSA data for trends and patterns, and pursues enforcement actions when warranted. It also relies on other agencies in implementing the BSA framework. These activities include (1) ensuring compliance with BSA requirements to report suspicious activity, (2) collecting and storing reported information, and (3) taking enforcement actions or conducting investigations of criminal financial activity. The Secretary of the Treasury delegated BSA examination authority for depository institutions to five banking regulators--the Federal Reserve, OCC, OTS, FDIC, and NCUA.[Footnote 5] The regulators conduct periodic on-site safety and soundness and compliance examinations to assess an institution's financial condition, policies and procedures, adherence to BSA regulations (for example, filing of SARs and other BSA-related reports), and compliance with other laws and regulations. Financial institutions must report any suspicious transaction relevant to a possible violation of a law.[Footnote 6] In 1996, FinCEN required banks and other depository institutions to report, on a SAR form, certain suspicious transactions involving possible violations of law or regulation, including money laundering.[Footnote 7] In the same year, federal banking regulators required depository institutions to report suspected money laundering and other suspicious activities using the SAR form. IRS's Enterprise Computing Center-Detroit serves as the central point of collection and storage of these data.[Footnote 8] Figure 1 summarizes the process for filing and accessing SARs. Figure 1: The Process for Filing and Accessing SARs: [Refer to PDF for image: illustration] Conductor: Depository institutions are required to file a SAR no later than 30 days following the discovery of any known or suspected: * Violations aggregating to $5,000 or more where a suspect can be identified; * Violations of the BSA or potential money laundering aggregating $5,000 or more; * Insider abuse involving any amount. Bank staff and systems: Institution staff or automated monitoring systems identify unusual activity. Alerts of such activity are forwarded to the BSA compliance officer for review. Compliance officer: The compliance officer conducts research and decides to file, signs the SAR, and sends it electronically to FinCEN, or through the mail directly to IRS‘s Enterprise Computing Center. * Monitors for continuing suspicious activity and files additional SARs every 90 days if activity continues. * Maintains a copy of all filed SARs and supporting documentation for 5 years from the date of filing. Stop: Decides not to file and documents the reasons; or: Signed: Suspicious activity report; sent to: IRS/FinCEN: IRS WebCBRS: SARs and other BSA reports database; Feeds: IRS-CI; FinCEN: Web Portal: Enables non-IRS users to access BSA data: Federal, state, and local law enforcement agencies; Federal, and state regulators; Access to SARs. Sources: GAO analysis; Art Explosion (images). [End of figure] Federal regulators and FinCEN can bring formal enforcement actions, including civil money penalties, against institutions for violations of BSA. Formal enforcement actions generally are used to address cases involving systemic, repeated noncompliance; failure to respond to supervisory warnings; and other violations. However, most cases of BSA noncompliance are corrected within the examination framework through supervisory actions or letters that document the institution's commitment to take corrective action. In addition, DOJ may bring criminal actions against individuals and corporations, including depository and other financial institutions, for money laundering offenses and certain BSA violations. The actions may result in criminal fines, imprisonment, and forfeiture actions. Institutions and individuals willfully violating BSA and its implementing regulations, and structuring transactions to evade BSA reporting requirements, are subject to criminal fines, prison, or both.[Footnote 9] Law enforcement agencies housed in DOJ and the Department of Homeland Security use SARs for investigations of money laundering, terrorist financing, and other financial crimes. Agencies in DOJ involved in efforts to combat money laundering and terrorist financing include FBI; DEA; the Department's Criminal and National Security Divisions; the Bureau of Alcohol, Tobacco, Firearms, and Explosives; the Executive Office for U.S. Attorneys; and U.S. Attorneys Offices. The Secret Service and ICE (in Homeland Security) also investigate cases involving money laundering and terrorist activities. IRS-CI uses BSA information to investigate possible cases of money laundering and terrorist financing activities. Federal and multiagency law enforcement teams, which may include state and local law enforcement representatives, also use SAR data to provide additional information about subjects during ongoing investigations. Multiple Factors Contributed to Increases in Depository Institutions' SAR Filings: From 2000 through 2007, depository institutions filed an increasing number of SARs each year and representatives from federal regulators, law enforcement, and depository institutions with whom we spoke attributed the increase to a number of factors. According to FinCEN data, SAR filings by depository institutions increased from approximately 163,000 in 2000 to more than 732,000 in 2008. In our report, our analysis of SAR and banking data from 2004 through 2007 indicates that the growth rates in SAR filings varied over time among depository institutions of different asset sizes. For example, the greatest increase in SARs filed during this period by the largest depository institutions occurred from 2004 to 2005, and SARs filed by small credit unions nearly doubled from 2005 to 2006. Representatives of federal banking regulators, law enforcement agencies, and depository institutions most frequently attributed the increase to two factors: technological advances and the effect of public enforcement actions on institutions. According to the representatives, automated transaction monitoring systems can flag multiple indicators of suspicious activity and identify much more unusual activity than could be identified manually. At the largest depository institutions, these systems conduct complex analyses incorporating customer profiles. The representatives also said that issuance of several public enforcement actions in 2004 and 2005 with civil money penalties and forfeitures up to $40 million against a few depository institutions prompted many institutions to file more SARs. FinCEN and the federal banking regulators took the actions because of systemic BSA program noncompliance, which included failures to meet SAR filing requirements. More recently in March 2010, government actions taken against one depository institution for BSA violations, including SARs violations, included $160 million in penalties and fines. Depository institution representatives with whom we spoke cited a third factor for increases--concerns they would receive criticisms during examinations about decisions not to file SARs. To avoid such criticism, they said their institutions filed SARs even when they thought them unnecessary--a practice sometimes called "defensive SAR filing." However, according to the federal regulators and some law enforcement officials with whom we spoke, there is no means of determining what, if any, portion of the increase in filings could be attributed to defensive filing. The representatives suggested additional factors as contributing to the increase, including greater awareness of BSA requirements after September 11, 2001, more regulator guidance for BSA examinations, and more BSA-related training at the institutions. FinCEN and Law Enforcement Agencies Have Acted to Educate Filers about The Usefulness of SARs and Improve the Quality of Their Filings: FinCEN and law enforcement agencies have taken multiple actions to educate filers about SARs usefulness and improve the quality of SAR filings. Since 2000, FinCEN has issued written products with the purpose of educating filers and making filings more useful to law enforcement. These include (1) a regularly issued publication that gives tips on topics such as the preparation of SARs and (2) guidance for depository institutions and other SAR filers. For example, in its SAR Activity Review: Trends, Tips and Issues--FinCEN regularly provides information on suspicious activity reporting, trends, and data analyses, law enforcement cases assisted by BSA data, and other issues. In 2008 and in 2009, the publication included information on suspicious activity reviews by a state banking regulator and securities regulators, respectively. In 2009, FinCEN issued guidance on filing SARs for mortgage loan modification and foreclosure rescue scams and in 2010 began an effort to promote electronic filing of BSA forms targeted at current paper filers. FinCEN representatives regularly participate in outreach events on BSA and anti-money laundering issues, including events on SARs. FinCEN also chairs the Bank Secrecy Act Advisory Group--a forum for federal agencies and financial industry representatives to discuss BSA administration, including SAR-related issues. Federal law enforcement agency representatives said they improved SARs' usefulness by conducting outreach events and establishing relationships with depository institutions in their local areas to communicate with staff about crafting useful SAR narratives. Representatives from some multiagency law enforcement teams told us that they subsequently noticed improved SAR narratives from local depository institutions. Federal Agencies Use SARs in a Variety of Ways and Have Taken a Number of Actions in Recent Years to Make Better Use of Them: FinCEN, law enforcement agencies, and banking regulators use SARs in investigations and depository institution examinations and took steps in recent years to make better use of them. FinCEN uses SARs to provide a number of public and nonpublic analytical products to law enforcement agencies and depository institution regulators. In 2004 and 2005, several federal law enforcement agencies signed memorandums of understanding with FinCEN to receive bulk BSA data, including SARs. They combined these data with information from their law enforcement databases to facilitate more complex and comprehensive analyses. Different team structures have been established to better analyze SARs. For example, in 2000 and again in 2003, DOJ issued guidance that encouraged the formation of SAR review teams with federal, state, and local representation. Each month, these teams review SARs filed in their areas to determine which would merit additional investigation. In 2006, DOJ and IRS-CI collaborated on a pilot to create task forces and augment SAR review teams with federal prosecutors in selected districts. These task forces specifically investigate possible BSA violations with potential for seizures or forfeitures. The regulators also use SARs for scoping their depository institution examinations and review SARs relating to known or suspected unlawful activities by current and former institution-affiliated parties, including officers, directors, and employees. Although law enforcement agency representatives generally were satisfied with their ability to access BSA data, various agencies and multiagency teams we interviewed said that formatting and other issues related to the data system slowed their downloads and reviews. In 2009, FinCEN officials described how features of FinCEN's planned modernization effort for information technology could address these issues. FinCEN and IRS officials said that, when budgetary resources were available, these and other data management challenges would be addressed as part of FinCEN's modernization plan, developed in collaboration with IRS. FinCEN officials recently told us that they have begun the first phase of the information technology modernization, which they anticipate will last through fiscal year 2014. FinCEN's Initial Steps in New Form Revision Process Did Not Include Some Important Collaborative Practices and Mechanisms: We reported in 2009 that FinCEN encountered a number of problems in its 2006 revision of the SAR form and in 2008, developed a new process for form revisions. However, the available information on the process was limited and did not fully indicate how FinCEN would avoid or address some of the problems previously encountered. In 2006, FinCEN and the federal banking regulators issued proposed substantive and formatting revisions to the SAR form. The revisions were finalized but, because of technology limitations with IRS's data management system, the revised form has not been implemented. Law enforcement agency officials we interviewed had mixed views on the proposed revisions. They generally supported most of the proposed revisions, but some felt they had been insufficiently consulted and also expressed concerns that some revisions could affect their work negatively. For example, one change would replace the name and title of a person with personal knowledge about the suspicious activity reported on the form with a contact office, possibly increasing the time it would take law enforcement investigators to reach a person knowledgeable about the activity. However, banking regulators supported this change because of concerns that a SAR listing a named contact could jeopardize the safety and privacy of that person if it were inappropriately disclosed. In 2008, FinCEN developed a new process that it planned to use in future revisions of BSA forms, including SARs. Early documentation for the process suggested some greater stakeholder involvement at early stages, but subsequent documentation we reviewed did not indicate that FinCEN fully incorporated certain GAO-identified practices that can enhance and sustain collaboration among federal agencies.[Footnote 10] Such practices include defining a common outcome; agreeing on respective roles and responsibilities, including how the collaborative effort will be led; and creating the means to collect information on, monitor, evaluate, and report efforts. In our 2009 report, we determined that if FinCEN more fully incorporated some of these practices it might achieve some potential benefits--such as greater consensus from all stakeholders on proposed SAR form revisions. We recommended that the Secretary of the Treasury direct the Director of FinCEN to further develop and document its strategy to fully incorporate certain of these practices into the revision process and distribute that documentation to all stakeholders. In written comments on the report, the FinCEN Director generally agreed with our recommendation and noted that FinCEN recognized the need to work with a diverse range of stakeholders to revise BSA forms. Recent implementation of FinCEN's process suggests greater collaboration with stakeholders on defining a common outcome and establishing roles and responsibilities and planned steps, which could result in more sustained collaboration. According to FinCEN officials, FinCEN's implementation of the process generally would involve three phases. The initial phase has involved collaboration with a wider range of stakeholders than in the past. For example, in addition to collaboration with IRS information technology staff we previously identified, current documentation indicates that FinCEN has collaborated in more detail with federal law enforcement agency representatives, federal financial regulators, representatives from SAR review teams and other multiagency law enforcement teams, and prosecutors to determine the content of a revised SAR form. FinCEN also obtained and adopted input from other stakeholders, such as banking industry representatives, in the Bank Secrecy Act Advisory Group. FinCEN officials plan to obtain and adopt input from its Data Management Council (DMC), after providing its members the opportunity to consult with colleagues at their respective agencies.[Footnote 11] They also plan to conduct a focus group of DMC members to obtain feedback on how the new forms revision process is working and use that feedback to modify the process. However, because FinCEN has not yet completed implementation of its form revision process, it is too soon to determine the effectiveness of the process. Mr. Chairman and Members of the subcommittee, I appreciate this opportunity to discuss this important issue and would be happy to answer any questions you might have. Contact and Acknowledgments: For further information regarding this testimony, contact Richard J. Hillman at (202) 512-8678. Contact points at our Offices of Congressional Relations and Public Affairs may be found on the last page of this statement. Individuals making major contributions to this statement included Toni Gillich, Kay Kuhlman, Linda Rego, and Barbara Roesmann. [End of section] Footnotes: [1] 12 U.S.C. �� 1829b, 1951-1959, and 31 U.S.C. �� 5311 et seq. [2] 31 U.S.C. � 5318(g) provides for the reporting of suspicious activities. FinCEN's SAR regulations may be found at 31 C.F.R. �� 103.15 to 103.21. [3] GAO, Bank Secrecy Act: Suspicious Activity Report Use Is Increasing, but FinCEN Needs to Further Develop and Document Its Form Revision Process, [hyperlink, http://www.gao.gov/products/GAO-09-226] (Washington, D.C.: Feb. 27, 2009). [4] We use "federal banking regulators" to refer collectively to the regulators of depository institutions (banks, thrifts, and federally chartered credit unions). [5] 31 C.F.R. � 103.56(b)(1)-(5). Each examination of an insured depository institution also must include a review of the institution's BSA compliance procedures by the appropriate federal regulator, which has independent examination authority. 12 U.S.C. � 1818(s) and 12 U.S.C. �1786(q)(2). [6] Pub. L. No. 102-550, title XV, � 1517(b), 106 Stat. 3672 (Oct. 28, 1992). Before 1996, depository institutions reported suspicious activity on criminal referral forms filed with their respective primary federal financial regulator and federal law enforcement agencies. See 60 Fed. Reg. 46556, 46557 (Sept. 7, 1995). The USA PATRIOT Act of 2001, Pub. L. No. 107-56, 115 Stat. 272 (Oct. 26, 2001), expands SAR reporting requirements to nondepository institutions such as money services businesses, the securities and futures industries, and insurance companies. FinCEN developed a SAR form for money services businesses--68 Fed. Reg. 6613, 6615 (Feb. 10, 2003) and 67 Fed. Reg. 48704 (July 18, 2002)--and forms for other types of financial institutions. FinCEN has not issued a SAR form for insurance companies, which use the securities and futures form. Recently revised forms to facilitate joint filing by depository institutions, casinos and card clubs, insurance companies, and the securities and futures industries were postponed because of data quality initiatives. 72 Fed. Reg. 23891 (May 1, 2007). [7] 61 Fed. Reg. 4326 (Feb. 5, 1996). [8] IRS investigators and other authorized officials access the data system directly through IRS's Intranet site in what is known as WebCBRS. FinCEN controls non-IRS law enforcement users' access to BSA data in WebCBRS, through Secure Outreach, which functions as a portal. Agencies without direct access may visit FinCEN's offices and access BSA data directly; these users are referred to as "platform users." [9] 31 U.S.C. �� 5322 and 5324(d). [10] GAO, Results-Oriented Government: Practices That Can Help Enhance and Sustain Collaboration among Federal Agencies, [hyperlink, http://www.gao.gov/products/GAO-06-15] (Washington, D.C.: Oct. 21, 2005). [11] In fiscal year 2007, FinCEN established its Data Management Council as part of an initiative to maximize BSA data quality and value. The council is aimed at ensuring internal and external data users have clear means of identifying and communicating data issues, requirements, and business priorities, among other goals. Members of the council include approximately 35 representatives from FinCEN, law enforcement and regulatory agencies, and the Internal Revenue Service, which collects and processes BSA data and uses that data for compliance reviews and criminal investigations. [End of section] GAO's Mission: The Government Accountability Office, the audit, evaluation and investigative arm of Congress, exists to support Congress in meeting its constitutional responsibilities and to help improve the performance and accountability of the federal government for the American people. GAO examines the use of public funds; evaluates federal programs and policies; and provides analyses, recommendations, and other assistance to help Congress make informed oversight, policy, and funding decisions. GAO's commitment to good government is reflected in its core values of accountability, integrity, and reliability. Obtaining Copies of GAO Reports and Testimony: The fastest and easiest way to obtain copies of GAO documents at no cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each weekday, GAO posts newly released reports, testimony, and correspondence on its Web site. To have GAO e-mail you a list of newly posted products every afternoon, go to [hyperlink, http://www.gao.gov] and select "E-mail Updates." Order by Phone: The price of each GAO publication reflects GAO‘s actual cost of production and distribution and depends on the number of pages in the publication and whether the publication is printed in color or black and white. Pricing and ordering information is posted on GAO‘s Web site, [hyperlink, http://www.gao.gov/ordering.htm]. Place orders by calling (202) 512-6000, toll free (866) 801-7077, or TDD (202) 512-2537. Orders may be paid for using American Express, Discover Card, MasterCard, Visa, check, or money order. Call for additional information. To Report Fraud, Waste, and Abuse in Federal Programs: Contact: Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]: E-mail: fraudnet@gao.gov: Automated answering system: (800) 424-5454 or (202) 512-7470: Congressional Relations: Ralph Dawn, Managing Director, dawnr@gao.gov: (202) 512-4400: U.S. Government Accountability Office: 441 G Street NW, Room 7125: Washington, D.C. 20548: Public Affairs: Chuck Young, Managing Director, youngc1@gao.gov: (202) 512-4800: U.S. Government Accountability Office: 441 G Street NW, Room 7149: Washington, D.C. 20548: