Skip to content
BOL Conferences
Thread Options
#2137580 - 07/11/17 07:27 PM PCI Compliance Vs. SAR Narratives
luvflipflops Offline
100 Club
Joined: Nov 2005
Posts: 150
on a beach somewhere
I am working with a client that has an InfoSec dept who determined that no unmasked full PAN data will be available in the SAR narratives or in the form. They say it is a matter of PCI Compliance. However, attempting to explain the super-restricted nature of SARs to non-AML people is proving quite futile. I have looked throughout PCI publications as well as other guidance and cannot find a restriction to not put full PAN data in a SAR. Has anyone found anything different?

Thank you!

Return to Top
BSA/AML/CIP/OFAC Forum
#2137586 - 07/11/17 07:42 PM Re: PCI Compliance Vs. SAR Narratives luvflipflops
rlcarey Online
10K Club
rlcarey
Joined: Jul 2001
Posts: 83,227
Galveston, TX
Have them call the FinCEN help line
_________________________
The opinions expressed here should not be construed to be those of my employer: PPDocs.com

Return to Top
#2137784 - 07/12/17 07:43 PM Re: PCI Compliance Vs. SAR Narratives luvflipflops
Princess Romeo Offline

Power Poster
Princess Romeo
Joined: Jun 2001
Posts: 8,272
Where the heart is
You can tell them that SAR compliance trumps PCI compliance! PCI issues don't carry the threat of jail time.
_________________________
CRCM,CAMS
Regulations are a poor substitute for ethics.
Just sayin'

Return to Top
#2137791 - 07/12/17 07:58 PM Re: PCI Compliance Vs. SAR Narratives luvflipflops
BrianC Online
Power Poster
BrianC
Joined: Nov 2004
Posts: 6,694
Illinois
My other counter argument is that if a PAN is included in a SAR, it is likely connected to fraudulent activity and is no longer active so I do not see any PCI risk.
_________________________
Sola Gratia, Sola Fides, Sola Scriptura, Solus Christus, Soli Deo Gloria!
www.tcaregs.com

Return to Top
#2137841 - 07/13/17 10:42 AM Re: PCI Compliance Vs. SAR Narratives BrianC
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
I love a robust discussion revolving around acronyms! wink
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#2137938 - 07/13/17 04:19 PM Re: PCI Compliance Vs. SAR Narratives luvflipflops
P*Q Offline

Power Poster
P*Q
Joined: May 2001
Posts: 8,458
Somewhere
Ken, isn't that every Bank's compliance committee meetings agenda? laugh

Return to Top

Moderator:  Andy_Z