Information Sharing Across Borders to Combat Illicit Finance 

By Nancy DeGrandi, Federal Compliance Research and Analysis Manager | September 30, 2025

Recently, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) issued guidance on Cross Boarder Information Sharing by Financial Institutions and SAR Confidentiality. The guidance was issued in collaboration with the federal banking regulators – the Office of the Comptroller of the Currency, Federal Deposit Insurance Corporation, and National Credit Union Administration.

As the title of the guidance suggests, the purpose of the guidance is to encourage voluntary cross-border information sharing among financial institutions which may in turn strengthen existing efforts in combatting money laundering, terrorist financing, fraud, and other illicit financial activities:

“Financial institutions voluntarily sharing information with each other—including, but not limited to, their foreign affiliates and financial institutions to which they offer correspondent banking services—can make the U.S. and global financial systems more resilient by enabling individual financial institutions to form a more complete picture of threats, risks, and vulnerabilities posed by money laundering, terrorist financing, and other illicit finance activity. And, by providing that more complete picture, effective cross-border information sharing enables financial institutions to enhance their anti-money laundering/countering the financing of terrorism (AML/CFT) programs to better detect and prevent illicit finance activity and produce reports that are highly useful to law enforcement and national security agencies.”

The guidance makes it clear that the Bank Secrecy Act (BSA) doesn’t prevent financial institutions from sharing certain types of information across borders. While the BSA does prohibit the disclosure of suspicious activity reports (SAR) or any information that would reveal that a SAR has been filed -- you may be wondering what information can be shared with other financial institutions to help build a fuller picture of the threats emerging across borders?

Well, FinCEN’s guidance offers practical examples to help institutions understand what can be shared while still protecting the confidentiality of SARs. It provides a non-exhaustive list of data types in three main areas (transactional, customer/account information, investigative materials) that can be shared with U.S. or foreign financial institutions so long as the shared information is redacted and that the shared information does not indirectly disclose the existence of a SAR. Specifically, the transaction, customer/account information, and documentary materials include: 

1. Transaction Information: 

• Wire transfer/payment information associated with specific natural or legal persons, including information on counterparties, amounts, account numbers, dates, and times.

• Information on, and records of, the amounts and dates of cash deposits, withdrawals, transfers, and other related records. This may include, but is not limited to, monetary instrument logs and deposit and withdrawal slips.

• Transaction logs that indicate whether specific accountholders have transacted with individuals or entities in specific jurisdictions.

2. Customer/Account Information: 

• Specific customer/account owners, including beneficial ownership information, and information about those customer/account owners.

• A list of the types of products and services offered to specific customers/accountholders and information related to these products and services.

• Information on the types of businesses in which legal entity customers have told the financial institution that they engage.

• Information on occupation, sources of funds, and/or sources of wealth provided to U.S. financial institutions.

3. Investigative or other relevant materials: 

• Alerts (e.g., those generated by a transaction monitoring system) or specific information about the potential illicit finance typology identified.

• Transaction information and customer/account information, as described above, that is stored in an investigation file or system.

• Research conducted on a customer or transaction (e.g., due diligence research and information; adverse media).

• Analytic materials (e.g., those created in connection with a case or investigation)—or portions of analytic materials—that do not bear on the SAR decision process (e.g., those that do not opine on whether particular activity is or is not suspicious) or otherwise imply that a SAR decision has been made.

• Cyber-related data such as IP addresses, geolocations, and/or device identification numbers.”

It’s important to highlight that while analytic materials can be shared the information exchanged cannot include any reference to or imply that a SAR exists or was contemplated. Put simply, the information suitable for sharing should not be connected to the SAR decision process in any way.

The guidance also reinforces the procedures financial institutions must follow when responding to subpoenas or other requests that seek disclosure of a SAR or any information that could reveal the existence of a SAR. It directs readers to dated but still relevant FinCEN’s 2012 guidance on SAR confidentiality and also references, The SAR Activity Review: Trends Tips and Issues (Issue 7, August 2004) in the footnotes for further context.

In terms of the 314(b) Safe Harbor of the USA Patriot Act, it is not changed or expanded by the guidance and indicates that institutions sharing information under the cross-border sharing guidance are not automatically protected by 314(b).By way of a reminder, Section 314(b) permits U.S. financial institutions and associations of financial institutions to share information with one another to better identify and report activities that may involve money laundering or terrorist activities. There is a safe harbor from civil liability for institutions that share according to FinCEN’s regulations (i.e. complete notice to share with FinCEN, designate a point of contact to send/receive information, verify that the other financial institution has also submitted the required notice, ensure the security and confidentiality of shared information). This safe harbor does not extend to voluntary cross-border information sharing. FinCEN also reminds institutions that the information shared cannot reveal the existence of a SAR.

By issuing this guidance, FinCEN affirms its support for U.S. and foreign financial institutions to collaborate in sharing financial intelligence across borders to combat money laundering, terrorist financing, and fraud, as long as it is done responsibly and in compliance with applicable laws.

Questions? Suggestions? Contact the Compliance Team at compliance@americascreditunions.org