Skip to content

National Security Letters and Suspicious Activity Reporting

National Security Letters are written investigative demands, somewhat analogous to administrative subpoenas that can be issued by the Federal Bureau of Investigation in counterintelligence and counterterrorism investigations to obtain the following:

  • telephone and electronic communications records from telephone companies and Internet Service Providers (pursuant to the Electronic Communications Privacy Act, 18 USC 2709);
  • information from credit bureaus (pursuant to the Fair Credit Reporting Act, 15 USC 1681u); and
  • financial records33 from financial institutions34 (pursuant to the Right to Financial Privacy Act of 1978, 12 USC 3401 et seq.).35

National Security Letters can also be issued by other federal government authorities for purposes of conducting foreign counter or positive-intelligence activities,36 certain protective functions,37 or intelligence or counter intelligence analyses related to international terrorism38 to obtain financial records from financial institutions.39

National Security Letters are highly confidential investigative tools employed by the federal government. Financial institutions that receive National Security Letters must take appropriate measures to ensure the confidentiality of the letters. FinCEN encourages financial institutions to have procedures in place for processing and maintaining the confidentiality of National Security Letters.40

Mere receipt of a National Security Letter does not, by itself, require the filing of a Suspicious Activity Report by the financial institution receiving the letter. Nonetheless, the National Security Letter is a piece of information that may be relevant to a financial institution?s overall risk assessment of its customers and accounts. It is incumbent upon a financial institution to assess the information in accordance with its risk-based anti-money laundering program, policies and procedures, and to determine whether a Suspicious Activity Report should be filed based on the totality of information available to the institution. In any event, all regulatory suspicious activity triggers and dollar thresholds for filing Suspicious Activity Reports would apply. So, for instance, under FinCEN?s suspicious activity reporting requirements at 31 CFR 103.18, banks are required to file a Suspicious Activity Report for transactions conducted or attempted by, at, or through the bank involving or aggregating at least $5,000, and the bank knows, suspects, or has reason to suspect that (1) the transaction involves funds derived from illegal activity or is intended or conducted in order to hide or disguise funds or assets derived from illegal activities; (2) the transaction is designed to evade any requirements under the Bank Secrecy Act; or (3) the transaction has no business or apparent lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the bank knows of no reasonable explanation for the transaction after examining the available facts.41

If a financial institution does file a Suspicious Activity Report relating to information in a National Security Letter, no reference to the receipt or existence of the National Security Letter should be made in any part of the Suspicious Activity Report, including the narrative. Instead, the Suspicious Activity Report should reference only facts and activities underlying or derived from the information in the National Security Letter; only those facts and activities should be detailed in the report.

Because the range of financial institutions that may receive National Security Letters comprises all financial institutions referenced in the Bank Secrecy Act, and because there are a number of federal regulatory agencies responsible for examining and supervising many of these financial institutions, FinCEN is working with the other federal financial institution regulators to develop consistent policies on these issues on an interagency basis.42

If a financial institution has questions about Suspicious Activity Report filing relating to National Security Letters, or about Suspicious Activity Reporting in general, it should contact FinCEN?s Regulatory Helpline at (800) 949-2732. Financial institutions having a federal functional regulator may also wish to contact their federal functional regulator for questions relating to that regulator?s suspicious activity reporting requirements and to procedures and records that the institution should maintain. Questions regarding National Security Letters should be directed to the financial institution?s local Federal Bureau of Investigation field office. Contact information for Federal Bureau of Investigation field offices can be obtained from the FBI?s website at

36 Foreign counter- or positive-intelligence activities could include, for example, the audit of customer records of a financial institution related to the clandestine activities of an intelligence agency, pursuant to the RFPA, 12 U.S.C. ?314(a)(1)(A). See, e.g., Duncan v. Belcher, 813 F.2d 1335, 1339 and 1339 n. 1 (4th Cir. 1987).
37 The RFPA, 12 U.S.C. ?3414(a)(1)(B), permits certain disclosures of financial records to the United States Secret Service for the purposes of conducting its protective functions.
38 The RFPA, 12 U.S.C. ? 3414(a)(1)(C), permits certain disclosure of financial records pursuant to a request from a federal government agency authorized to conduct investigations or intelligence or counterintelligence analyses related to international terrorism.
39 In Doe v. Ashcroft, 334 F. Supp.2d 471 (S.D.N.Y. 2004), a federal district court held that 18 U.S.C. 2709, which authorizes the issuance of national security letters to Internet service providers, is unconstitutional on account of its nondisclosure provisions and lack of judicial review. The Federal Bureau of Investigation appealed the decision and obtained a stay pending appeal, so it is continuing to issue national security letters under that statute. That decision did not adjudicate the constitutionality of the statute authorizing the issuance of national security letters to financial institutions, 12 U.S.C. 3414. 40 Pursuant to 12 U.S.C. ? 3414(a)(3) and (5)(D), no financial institution, or officer, employee or agent of the institution, can disclose to any person that a government authority or the FBI has sought or obtained access to records through an RFPA National Security Letter.
41 Each Federal bank regulatory agency has adopted suspicious activity reporting requirements that contain additional factors and triggers, including (1) involvement of an insider (no dollar threshold); (2) over $5,000 is involved and the institution can identify a suspect; (3) over $25,000 is involved but the institution cannot identify a suspect; or (4) the transaction involves $5,000 or more and involves potential money laundering or violations of the Bank Secrecy Act. See, e.q., 12 CFR 21.11(c). Furthermore, under FinCEN?s suspicious activity reporting requirements, the dollar thresholds vary (e.g., for casinos and broker-dealers in securities, the dollar threshold is at least $5,000; for money services businesses, the dollar threshold is at least $2,000 or $5,000 if the identification of transactions is derived from a review of clearance records.)
42 See Office of the Comptroller of the Currency Interpretive Letter #1003, ?Suspicious Activity Reports? (Aug. 2004).Excerpt from the SAR Activity Review

Excerpted from SAR Activity Review Issue 8, page 35

First published on 04/01/2005

Banker Store View All

From training, policies, forms, and publications, to office products and occasional gifts, it’s available here:

Banker Store

hot right now

image description

Looking for effective, convenient training on a particular subject?

BOL Learning Connect offers more than 200 courses ON-DEMAND or on CD ROM from AML to Reg Z and every topic in between.

Search Topics