314(a)/(b) Information Sharing & Law-Enforcement Liaison *(OUTLINE + BULLET BODY)*

Money laundering doesn't respect the walls between institutions. A launderer banks at three different firms precisely because no single firm sees the whole picture. The USA PATRIOT Act answered that with two information-sharing channels that look almost identical on the page — Section 314(a) and Section 314(b) — and the CAMS® exam will hand you a scenario and ask which one applies. Get the direction of the arrow right and these are free points; get it backwards and you'll pick a confident wrong answer. So let's establish three things: who's asking, who's sharing, and what legal protection you get for doing it.

- **Section 314(a)** of the USA PATRIOT Act (implemented at **31 CFR 1010.520**) lets **federal, state, local, and certain foreign law enforcement** — routed **through FinCEN** — query financial institutions about persons **reasonably suspected of money laundering or terrorist financing**. - Mechanics: FinCEN distributes a **314(a) list** of subjects to participating institutions (typically on a recurring schedule). The institution **searches its records** for any **current account** or any **account or transaction within the prior 12 months / wire transfers within the prior 6 months** (per the request instructions) matching a named subject. - The institution reports a **match (a "hit")** back to FinCEN — pointing law enforcement to where the records are. It does **not** turn over the underlying records on the 314(a) match alone; law enforcement follows up with **legal process** (subpoena, warrant, court order). - **Confidentiality:** the institution must **not disclose** to anyone (including the subject) that a name appeared on a 314(a) list. The search itself is secret. - 314(a) is a **mandatory search** when you receive the list — it is not voluntary. Direction of arrow: **government → FI**, asking "do you have this person?"

- **Section 314(b)** (implemented at **31 CFR 1010.540**) lets **financial institutions share information with one another** to identify and report **money laundering or terrorist financing**. - It is **voluntary** — institutions opt in by filing a **notice with FinCEN** and re-certifying (annually). Only registered participants may share under the provision. - Sharing must be **for the purpose of identifying/reporting ML or TF** (and underlying specified unlawful activity). It is **not** a general fraud or marketing data exchange — purpose matters. - Before sharing, a participant must take **reasonable steps to verify** that the other institution has also filed the 314(b) notice and is a registered participant. - Direction of arrow: **FI ↔ FI**, voluntarily comparing notes to see the fuller picture across institutions.

- Congress gave 314(b) a **safe harbor from civil liability**: an institution that shares in good faith under 314(b) (and within the rule's bounds) is **protected from being sued** for that disclosure — for example, by the customer for breach of privacy. - The safe harbor is **why** institutions are willing to share — without it, privacy/defamation exposure would chill cooperation. (Parallel idea: the BSA also gives a **SAR safe harbor** for filing in good faith, under **31 USC 5318(g)(3)**.) - The safe harbor is **conditional**: it covers sharing **for the permitted AML/CFT purpose**, by **registered participants**, kept **confidential**. Step outside those bounds and the protection can fall away.

- **Subpoenas / legal process:** when law enforcement serves a grand-jury subpoena, court order, or warrant, the institution complies through legal/compliance channels — and the existence of the process is typically **confidential**; do **not** tip off the customer. - **"Keep-open" letters:** law enforcement may ask an institution **in writing** to keep a suspicious account **open** so it can be monitored during an active investigation. FinCEN guidance: honor such requests only when made **in writing, by an authorized law-enforcement official, for a specified time period** — and the institution still **files SARs** as required and retains the letter. The institution makes its own business decision; a verbal request alone isn't sufficient. - **Do not stop filing SARs** just because law enforcement is involved — investigation by police does not relieve the institution of its independent BSA reporting duties. - **Privacy limits:** all of this operates within confidentiality rules — 314(a)/(b) and SAR information cannot be misused, sold, or disclosed to the subject. Sharing is **scoped to AML/CFT purposes**, not open-ended surveillance.

- Request comes **from FinCEN on behalf of law enforcement**, naming a suspect, asking you to search → **314(a)** (mandatory, government→FI, report a match). - You **voluntarily compare notes with another bank** about a shared suspicious customer → **314(b)** (voluntary, FI↔FI, requires registration, has a safe harbor). - A **subpoena or keep-open letter** → law-enforcement liaison: comply through legal process, keep it confidential, keep filing SARs.

Two channels, one distinction that wins the points: 314(a) is the government, through FinCEN, asking you whether you hold a named suspect — mandatory, secret, you report a match. 314(b) is you and another financial institution voluntarily comparing notes to spot laundering — opt-in, registered, and protected by a civil-liability safe harbor that exists precisely so institutions will cooperate. And when law enforcement serves a subpoena or sends a keep-open letter, you comply through proper channels, keep it confidential, and you never stop filing SARs. That completes our Domain 5 reporting toolkit. Next, we step into the fastest-moving corner of the exam: Domain 6, virtual assets — starting with what crypto actually is, who the VASPs are, hosted versus unhosted wallets, and the FATF Recommendation 16 crypto Travel Rule.