FinCEN Clarifies USA PATRIOT Act Rules to Bolster Information Sharing on Fraud

Executive Summary

The U.S. Department of the Treasury's Financial Crimes Enforcement Network (FinCEN) has issued new guidance on June 12, 2026, to promote greater information sharing among financial institutions to combat fraud. The guidance clarifies that the safe harbor provided under Section 314(b) of the USA PATRIOT Act, which protects institutions from liability when sharing information, explicitly covers suspected fraudulent activities. Previously, there was ambiguity, with some institutions believing the provision was limited to money laundering and terrorist financing. This update is a significant step to empower banks to collaboratively fight fraud by sharing specific indicators, including cyber-related intelligence, to disrupt criminal activity in real-time.

Regulatory Details

• Issuing Body: Financial Crimes Enforcement Network (FinCEN)
• Legal Framework: Section 314(b) of the USA PATRIOT Act
• Subject: Voluntary information sharing among financial institutions.
• Key Clarification: The safe harbor for information sharing explicitly extends to activities suspected of being fraudulent. This is in addition to the previously well-understood coverage for money laundering and terrorist financing.
• Goal: To encourage and enable a more rapid, collaborative response to fraud schemes that often target multiple institutions simultaneously.

Affected Organizations

This guidance primarily affects U.S. financial institutions, including:

• Banks
• Credit unions
• Broker-dealers
• Money services businesses (MSBs)
• Other institutions eligible to participate in the 314(b) program.

Compliance Requirements

While the 314(b) program is voluntary, this guidance clarifies what is permissible for participating institutions.

• Permissible Information Sharing: Institutions can share a wide range of information related to suspected fraud. The guidance provides concrete examples:
  • Transactional data (amounts, timing, destinations).
  • Cyber-related indicators such as IP addresses, device identifiers, and malicious email addresses.
  • Video surveillance footage.
  • Descriptions of fraud schemes (e.g., business email compromise, romance scams).
  • Indicators like sudden changes in account behavior or logins from disparate locations.
• Safe Harbor: As long as participating institutions follow the rules of the 314(b) program (e.g., filing a notice with FinCEN, maintaining security), they are protected from liability for sharing this information in good faith.

Implementation Timeline

The guidance is effective immediately. Financial institutions can and should begin reviewing their internal policies and procedures to ensure they are taking full advantage of these clarifications.

Impact Assessment

• For Financial Institutions: This is a positive development. It provides legal clarity and reduces the perceived risk of sharing fraud-related information. This enables them to move from a reactive, institution-siloed approach to a more proactive, collaborative defense against fraud. Industry groups like the Bank Policy Institute (BPI) have welcomed the move.
• For Consumers: A more collaborative approach among banks can lead to earlier detection of large-scale fraud rings, potentially stopping scams before they affect more people and leading to faster recovery of stolen funds.
• For Law Enforcement: The increased flow of information between private sector entities can enrich the data available to law enforcement for investigating and prosecuting financial crimes.

Compliance Guidance

Financial institutions should take the following steps:

1. Review and Update Policies: Review internal anti-fraud and information-sharing policies to align with the new FinCEN guidance. Ensure legal and compliance teams are aware of the explicit coverage for fraud under Section 314(b).
2. Join the 314(b) Program: If not already a member, evaluate the benefits of joining the voluntary information-sharing program.
3. Train Staff: Train fraud prevention, cybersecurity, and compliance teams on what information can be shared and the procedures for doing so under the 314(b) safe harbor.
4. Integrate Cyber and Fraud Teams: This guidance blurs the line between traditional fraud and cybercrime. Institutions should foster closer collaboration between these teams to share indicators. An IP address associated with a fraudulent transaction is a key piece of cyber threat intelligence.