Skip to main content

This is archived content from the U.S. Department of Justice website. The information here may be outdated and links may no longer function. Please contact webmaster@usdoj.gov if you have any questions about the archive site.

Criminal Resource Manual

430. Exceptions Permitting Disclosures by Financial Institutions When the Institution Suspects Criminal Activity

Not withstanding the restrictions upon disclosure of financial records by financial institutions or state law, institutions are permitted to notify government authorities of possible violations of law reflected in records within the custody of the institution. 12 U.S.C. § 3403(c). This is interpreted to permit financial institutions to disclose the nature of the offense suspected, the identity of the customer involved, the identifying numbers of the accounts in which records reflecting the offense are contained, the dates of the transactions in question, and other information as is necessary to enable law enforcement authorities to initiate an investigation of the suspected offense. The section 3403(c) exception does not permit financial institutions to turn over or to verbally disclose the contents of financial records; rather, it is intended that the financial institution will provide information of the nature described above so that the law enforcement agency can then obtain access to the financial records through a form of legal process authorized by the Act (administrative process, grand jury subpoena, formal written request, etc.).

Financial institutions may also disclose financial records necessary to collect debts owed to the institutions (see 12 U.S.C. §  3403(d)(1)) or to process and administer government loans (12 U.S.C. § 3403(d)(2)).

Because the Act contemplates that law enforcement authorities must proceed under the Act to obtain actual financial records required in the investigation and prosecution of suspected offenses reported by financial institutions, the information provided in the financial institution's report of a crime must be sufficient to allow the government authority to meet the requirements that the Act sets out for access to records. Specifically, the government must be able to "reasonably describe" (12 U.S.C. § 3402) the records sought and to issue a certificate of compliance with the Act (required in connection with all access mechanisms except grand jury subpoenas). Moreover, in issuing a certificate of compliance, the government authority must have "reason to believe that the records sought are relevant to a legitimate law enforcement inquiry." 12 U.S.C. §§ 3405(l), 3407(l), and 3408(3). Such a description and determination can hardly be made and certified on the strength of a financial institution's unelaborated and unevaluated suspicions alone. Finally, because access to financial records may be sought by customer authorization pursuant to 12 U.S.C. § 3404, particularly where access to records of victims is required, names and addresses of all protected customers whose records contain evidence of the suspected offense must be supplied so that law enforcement authorities can seek customer authorization of disclosure.

In reporting that a suspected criminal violation has occurred, is occurring, or will occur, a financial institution may disclose the following information to a federal law enforcement agency:

  1. the name(s) and address(es) of the person(s) suspected and his (their) relationship with the financial institution, if any;
  2. the identity of the financial institution(s) or office(s) thereof involved;
  3. the specific offense(s) suspected;
  4. the name(s) and address(es) of the account holder(s) and the account number(s) and type(s) of account(s) in which evidence of the suspected offense(s) is located; and
  5. a general description (dates and any suspicious circumstances) of the transaction(s) involved in the suspected offense(s).

Of course, any information not derived from records protected by the Act which will assist the law enforcement agency may be freely disclosed.

To illustrate the extent of information which may be disclosed in connection with a financial institution's notification to federal law enforcement authorities of a suspected criminal offense, the following example is provided:

Example: The employing institution, First Financial, suspects one of its tellers, Steve Jones, of taking advantage of his position at First Financial's State Street branch office to embezzle funds from the accounts of six customers, one of which is a corporation, and of depositing the proceeds of these embezzlements in Jones' own account at the State Street office. Under the Act, First Financial may report the crime to federal law enforcement authorities providing all pertinent information not covered by the Act. In this case, such non-protected information might include records of Jones' shortages and overages as a teller, complete records relating to the corporate account which has been victimized, information from First Financial's employment records pertaining to Jones including such items as his employment application and salary level, and information obtained from interviews with other employees of First Financial [if such information is not derived from financial records pertaining to Jones' personal account] which indicates that Jones is living in a style not in keeping with his income as a teller or that Jones engages in suspicious activities while performing his job as teller.

Of course, financial records relating to Jones' personal account are protected, as are records pertaining to the five accounts of private individuals who are being victimized by Jones' embezzlement. The victims' records may, however, be obtained pursuant to the non-target exception. 12 U.S.C. §  3413(h)(1)(A). Even if derived from such protected records, however, the following information may be reported to federal law enforcement authorities:

  1. Jones' full name and address, the fact that he is employed as a teller at the State Street office, and the fact that he is suspected of embezzlement;
  2. the fact that the suspected offenses all involve transactions occurring at First Financial's State Street office;
  3. the fact that the offenses appear to involve violations of federal criminal law (i.e., 18 U.S.C. § 656);
  4. the names and addresses of the customers who are suspected victims of the embezzlements, the fact that they are believed to be victims, the fact that they have accounts at the State Street office, the account numbers of the victims' and Jones' accounts, and the fact that Jones is suspected of depositing embezzled funds in his account [again records pertaining to accounts of victims may be obtained pursuant to 12 U.S.C. § 3413(h)(1)(A)];
  5. the dates of the suspicious transactions involving each victim's account and Jones' account together with a description of any circumstances leading to the belief that the withdrawals and deposits in question were part of an embezzlement scheme (for example, inquiries by customer victims as to specific unexplained debits to their accounts).

The notification of a crime may also include the financial institution's analysis of the information described above together with an analysis of the significance of the suspected offense. While the general description and analysis of suspicious transactions may not be so detailed as to eliminate any need for law enforcement access to actual records, it should be sufficient to enable federal authorities (1) to reasonably describe records needed in the investigation and (2) to determine that there is reason to believe such records are relevant to a legitimate law enforcement inquiry. Once provided with sufficient information to comply with these two requirements of the Act, federal authorities can proceed to obtain access to records pursuant to the procedures set out by the Act.

Finally, while reports of crimes by financial institutions must be entirely voluntary, federal agents are free to advise officers and employees of financial institutions that they are authorized by 12 U.S.C. § 3403(c) to report suspected crimes to federal law enforcement authorities.

The intent of the Congress is clear that financial institutions and their officers, employees and agents should report crimes as authorized by 12 U.S.C. § 3403(c):

A bank could and should, report to the appropriate officials information pertaining to the cashing of a forged check, the passing of counterfeit currency or bonds, or the use of its services to facilitate a fraudulent scheme... Once information is received by government authorities, they must obtain any pertinent records that they seek in accordance with the procedures of the bill. [Emphasis added.]

H.R. Rep. No. 95-1383 at 218, 7 U.S. Code Cong. & Ad.News, 95th Cong., 2nd Sess., at 9348-9349.