Is This a Crime?

We recently discovered that an employee "shared" some nonpublic personal customer information via e-mail. The event was related to an acquisition where an employee of the acquired bank e-mailed customer information to be used at another institution where the individual was going to work following the merger. My question is whether this constitutes a crime that would require a SAR?

Example: Soon to be ex-Loan Officer emails customer loan trial or loan file data to new bank?

IMO this is illegal big time, and a huge info security risk. In fact, I remember reading an enforcement action a while back about someone who did this and they were barred from ever working again in a financial institution. I believe it was the OCC who levied the penalty.

It is also most likely a violation of their employment agreement as a theft of information. Lastly, it could (and should) be a violation of your info security policy just by virtue of the fact that this person used email, which is not secure, to transmit protected customer info.

As far as a SAR filing, You can certainly do so if you wish. Even though it may not meet the minimum amount where you have to report, you always have the option of reporting under that amount if you determine it to be appropriate in good faith. FWIW, I would.

As far as the SAR filing.. you do not need a minimum amount to file since it involves an insider.

Thanks to all. The enforcement action was from the OCC in 2003. It's worth looking at: http://www.occ.treas.gov/toolkit/newsrelease.aspx?doc=lir2fvq3.xml