U.S. Code of Federal Regulations
Regulations most recently checked for updates: Jun 09, 2023
(a) General. (1) Each insurance company shall file with the Financial Crimes Enforcement Network, to the extent and in the manner required by this section, a report of any suspicious transaction involving a covered product that is relevant to a possible violation of law or regulation. An insurance company may also file with the Financial Crimes Enforcement Network by using the form specified in paragraph (b)(1) of this section or otherwise, a report of any suspicious transaction that it believes is relevant to the possible violation of any law or regulation but the reporting of which is not required by this section.
(2) A transaction requires reporting under this section if it is conducted or attempted by, at, or through an insurance company, and involves or aggregates at least $5,000 in funds or other assets, and the insurance company knows, suspects, or has reason to suspect that the transaction (or a pattern of transactions of which the transaction is a part):
(i) Involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activity (including, without limitation, the ownership, nature, source, location, or control of such funds or assets) as part of a plan to violate or evade any Federal law or regulation or to avoid any transaction reporting requirement under Federal law or regulation;
(ii) Is designed, whether through structuring or other means, to evade any requirements of this chapter or of any other regulations promulgated under the Bank Secrecy Act;
(iii) Has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the insurance company knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible purpose of the transaction; or
(iv) Involves use of the insurance company to facilitate criminal activity.
(3)(i) An insurance company is responsible for reporting suspicious transactions conducted through its insurance agents and insurance brokers. Accordingly, an insurance company shall establish and implement policies and procedures reasonably designed to obtain customer-related information necessary to detect suspicious activity from all relevant sources, including from its insurance agents and insurance brokers, and shall report suspicious activity based on such information.
(ii) Certain insurance agents may have a separate obligation to report suspicious activity pursuant to other provisions of this chapter. In those instances, no more than one report is required to be filed by the financial institutions involved in the transaction, as long as the report filed contains all relevant facts, including the names of both institutions and the words “joint filing” in the narrative section, and both institutions maintain a copy of the report filed, along with any supporting documentation.
(iii) An insurance company that issues variable insurance products funded by separate accounts that meet the definition of a mutual fund in § 1024.320(a)(1) of this chapter shall file reports of suspicious transactions pursuant to § 1024.320 of this chapter.
(b) Filing procedures—(1) What to file. A suspicious transaction shall be reported by completing a Suspicious Activity Report (“SAR”), and collecting and maintaining supporting documentation as required by paragraph (d) of this section.
(2) Where to file. The SAR shall be filed with the Financial Crimes Enforcement Network as indicated in the instructions to the SAR.
(3) When to file. A SAR shall be filed no later than 30 calendar days after the date of the initial detection by the insurance company of facts that may constitute a basis for filing a SAR under this section. If no suspect is identified on the date of such initial detection, an insurance company may delay filing a SAR for an additional 30 calendar days to identify a suspect, but in no case shall reporting be delayed more than 60 calendar days after the date of such initial detection. In situations that require immediate attention, such as terrorist financing or ongoing money laundering schemes, the insurance company shall immediately notify by telephone an appropriate law enforcement authority in addition to filing timely a SAR. Insurance companies wishing voluntarily to report suspicious transactions that may relate to terrorist activity may call the Financial Crimes Enforcement Network's Financial Institutions Hotline at 1–866–556–3974 in addition to filing timely a SAR if required by this section.
(c) Exception. An insurance company is not required to file a SAR to report the submission to it of false or fraudulent information to obtain a policy or make a claim, unless the company has reason to believe that the false or fraudulent submission relates to money laundering or terrorist financing.
(d) Retention of records. An insurance company shall maintain a copy of any SAR filed and the original or business record equivalent of any supporting documentation for a period of five years from the date of filing the SAR. Supporting documentation shall be identified as such and maintained by the insurance company and shall be deemed to have been filed with the SAR. When an insurance company has filed or is identified as a filer in a joint Suspicious Activity Report, the insurance company shall maintain a copy of such joint report (together with copies of any supporting documentation) for a period of five years from the date of filing. An insurance company shall make all supporting documentation available to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the insurance company for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the insurance company to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act, upon request.
(e) Confidentiality of SARs. A SAR, and any information that would reveal the existence of a SAR, are confidential and shall not be disclosed except as authorized in this paragraph (e). For purposes of this paragraph (e) only, a SAR shall include any suspicious activity report filed with FinCEN pursuant to any regulation in this chapter.
(1) Prohibition on disclosures by insurance companies—(i) General rule. No insurance company, and no director, officer, employee, or agent of any insurance company, shall disclose a SAR or any information that would reveal the existence of a SAR. Any insurance company, and any director, officer, employee, or agent of any insurance company that is subpoenaed or otherwise requested to disclose a SAR or any information that would reveal the existence of a SAR, shall decline to produce the SAR or such information, citing this section and 31 U.S.C. 5318(g)(2)(A)(i), and shall notify FinCEN of any such request and the response thereto.
(ii) Rules of Construction. Provided that no person involved in any reported suspicious transaction is notified that the transaction has been reported, this paragraph (e)(1) shall not be construed as prohibiting:
(A) The disclosure by an insurance company, or any director, officer, employee, or agent of an insurance company, of:
(1) A SAR, or any information that would reveal the existence of a SAR, to FinCEN or any Federal, State, or local law enforcement agency, or any Federal regulatory authority that examines the insurance company for compliance with the Bank Secrecy Act, or any State regulatory authority administering a State law that requires the insurance company to comply with the Bank Secrecy Act or otherwise authorizes the State authority to ensure that the institution complies with the Bank Secrecy Act; or
(2) The underlying facts, transactions, and documents upon which a SAR is based, including but not limited to, disclosures to another financial institution, or any director, officer, employee, or agent of a financial institution, for the preparation of a joint SAR.
(B) The sharing by an insurance company, or any director, officer, employee, or agent of the insurance company, of a SAR, or any information that would reveal the existence of a SAR, within the insurance company's corporate organizational structure for purposes consistent with Title II of the Bank Secrecy Act as determined by regulation or in guidance.
(2) Prohibition on disclosures by government authorities. A Federal, State, local, territorial, or Tribal government authority, or any director, officer, employee, or agent of any of the foregoing, shall not disclose a SAR, or any information that would reveal the existence of a SAR, except as necessary to fulfill official duties consistent with Title II of the Bank Secrecy Act. For purposes of this section, “official duties” shall not include the disclosure of a SAR, or any information that would reveal the existence of a SAR, in response to a request for disclosure of non-public information or a request for use in a private legal proceeding, including a request pursuant to 31 CFR 1.11.
(f) Limitation on liability. An insurance company, and any director, officer, employee, or agent of any insurance company, that makes a voluntary disclosure of any possible violation of law or regulation to a government agency or makes a disclosure pursuant to this section or any other authority, including a disclosure made jointly with another institution, shall be protected from liability to any person for any such disclosure, or for failure to provide notice of such disclosure to any person identified in the disclosure, or both, to the full extent provided by 31 U.S.C. 5318(g)(3).
(g) Compliance. Insurance companies shall be examined by FinCEN or its delegatees for compliance with this section. Failure to satisfy the requirements of this section may be a violation of the Bank Secrecy Act and of this chapter.
(h) Suspicious transaction reporting requirements for insurance companies registered or required to register with the Securities and Exchange Commission as broker-dealers in securities. An insurance company that is registered or required to register with the Securities and Exchange Commission as a broker-dealer in securities shall be deemed to have satisfied the requirements of this section for its broker-dealer activities to the extent that the company complies with the reporting requirements applicable to such activities pursuant to § 1023.320 of this chapter.
(i) Applicability date. This section applies to transactions occurring after May 2, 2006.