314(a) is super-confidential, so I wouldn't have just any employee do it. I think it is fine to have the Security Officer do it, but I would have it be a dual process.
Here's what we do. The Central Ops Manager (also the Security Officer) and I (BSA and Compliance Officer) receive the FinCEN emails. Central Ops Manager checks the list, then writes Positive/negative on the front page with his initials and the date. Then I get the list, doa spot check of some of the names, then initial and date the front page. We only retain the front page of the list as evidence. I personally walk the remaining pages to the shred bin.
_________________________
Dabbling in banking, law, accounting...the life of a trustee.