By Dan Bethencourt, September 20, 2017

The U.S. Treasury Department should require financial institutions to provide more details on suspicious transactions and accountholders in response to requests made by law enforcement through a confidential data-sharing mechanism, government auditors recommend.

Under Section 314 of the Patriot Act, U.S. law enforcement agencies can “ping” financial institutions for the names, social security numbers and other personal details tied to accounts held by suspected money launderers or terrorist financiers, and financial institutions can voluntarily share similar details with one other without incurring civil liability.

But in a 29­-page report released Tuesday, the Treasury Department’s Office of Inspector General, or OIG, criticizes the Financial Crimes Enforcement Network, or FinCEN, for allegedly allowing lenders to respond to law enforcement requests with relatively few details through the bureau’s secure information­sharing portal.

“We noted that FinCEN did not require financial institutions to provide all information set forth by its regulations,” the OIG claims in the report, which covers the bureau’s operations from December 2012 to October 2013.

Guidance issued by FinCEN in November 2012 and still in effect instead cites an exemption in instructing financial institutions to respond only to those requests that match the name associated with the account or transfer in question, and provide the requesting agency with a point of contact at the financial institution.

In August 2016, “a FinCEN official stated that the exemption was utilized to expedite the response to LEAs, and FinCEN would consider whether requiring the additional information would be more beneficial, given the cost/benefit factors.”

Law enforcement agencies surveyed by the OIG said responses to their Section 314(a) requests were still helpful but would be more effective with the inclusion of any transactional details omitted as a result of the exemption.

Banks should also indicate in their responses whether the account in question was still open, and note which identifier led to the match, such as the name, social security number or both, investigators told the OIG.

While lenders are technically authorized to include those details if necessary, the OIG found that those additions were inconsistently formatted and sometimes even counterproductive. In at least one instance, a response spurred two subpoenas from law enforcement for near­identical data.

Other lenders have submitted duplicate responses to law enforcement even though FinCEN has prohibited the practice.

In total, law enforcement agencies sent 745 Section 314(a) requests to FinCEN from fiscal year 2010 through 2012, 95 percent of which were posted by the bureau, the report notes, adding that the Drug Enforcement Administration, the FBI and Immigration and Customs Enforcement submitted the most requests.

Despite its challenges, more than 22,000 financial institutions have responded to law enforcement through the Section 314(a) program, the OIG found.

The suggested increased reporting requirements would not be a significant burden for financial institutions since so few requests are filed overall, Jay Hack, a New York-­based banking attorney with Gallet Dreyer & Berkey said.

The report also notes that information sharing between banks through the Section 314(b) program increased as well: about 5,500 financial institutions had engaged in at least one such request by December 2015, or 1,500 more than had participated by December 2012.

However, the OIG found that fears of privacy violations and concerns that other lenders would not follow the statutes correctly had hindered greater information sharing.

Several institutions backed off sharing data on suspected money launderers and terrorist financiers after being criticized by regulators for the wording of their policies and procedures, and whether their efforts were governed by proper controls, said Hack, the New York­based attorney.

A FinCEN spokesman did not respond to a request for comment