Section 314(a): What It Requires and Who It Applies To

What is Section 314(a)?

Section 314(a) of the USA PATRIOT Act is a mandatory information-sharing program that requires U.S. financial institutions to search their records and respond to FinCEN requests connected to active money laundering and terrorist financing investigations. FinCEN published the implementing regulations at 31 CFR § 1010.520 in 2002, roughly one year after the PATRIOT Act became law on October 26, 2001.

The program was built to solve a specific bottleneck. Before it existed, federal investigators who wanted to know whether a terrorism or money laundering suspect held U.S. bank accounts had to issue individual subpoenas, institution by institution. For a financial network with millions of accounts spread across thousands of banks, that process took months or years and often stalled cases entirely. Section 314(a) bypassed that problem by creating a centralized, secure portal through which FinCEN could batch-push requests to every registered institution simultaneously.

The mechanics are straightforward. Law enforcement notifies FinCEN of an active investigation. FinCEN certifies the request meets the statutory threshold, then transmits it to all registered institutions. In fiscal year 2022, FinCEN processed 681 requests covering 8,077 named subjects and transmitted them to more than 44,000 registered institutions, according to FinCEN's published 314(a) program statistics.

It's a blunt instrument by design. Speed matters more than surgical precision when the goal is locating hidden accounts before suspects move funds. The tradeoff is false-positive burden on institutions, but FinCEN has concluded that burden is worth the investigative gain.

Who does Section 314(a) apply to?

The covered entity list comes directly from the Bank Secrecy Act's definition of "financial institution." Every U.S. financial institution required to maintain an AML program under 31 CFR Chapter X is covered by the BSA and, by extension, by 314(a). That list includes:

• Commercial banks and trust companies: national banks (OCC-regulated), state member banks (Fed-regulated), state non-member banks and thrifts (FDIC-regulated)
• Credit unions: federally and state-chartered
• Broker-dealers: registered with FINRA and the SEC
• Mutual funds: open-end investment companies registered under the Investment Company Act
• Futures commission merchants and introducing brokers: regulated by the CFTC
• Money services businesses (MSBs): money transmitters, currency exchangers, check cashers, prepaid access providers, and postal service money order issuers
• Insurance companies: life insurers and certain annuity providers with BSA obligations
• Casinos and card clubs: where gross annual gaming revenue exceeds $1 million
• Dealers in precious metals, stones, or jewels
• Loan and finance companies

There is no asset-size exemption. A community bank with $200 million in assets carries the identical 314(a) obligation as a global systemically important bank. That's intentional: the program's value depends on complete participation. A suspect who knows which small institutions don't participate has a map for hiding accounts.

Foreign branches of U.S. banks are generally not covered for their overseas operations, though FinCEN can include them when the requesting law enforcement agency has jurisdiction. Foreign banks operating U.S. branches are covered for those U.S. operations.

What does Section 314(a) require?

The core obligation sounds simple. The operational detail adds up fast.

1. Register with FinCEN's 314(a) Secure Information Sharing System. Every covered institution must maintain a current registration with FinCEN's secure portal. The registration must include a designated point of contact with current contact information. An outdated contact means missed requests, which is itself a violation.

2. Search records within 14 calendar days. When a 314(a) request arrives, the institution must search accounts and transactions for matches to the named subjects. The deadline is 14 calendar days, not business days. It doesn't stop for weekends, bank holidays, or system outages.

3. Cover five years of records. The search must reach back at least five years. This includes current accounts, closed accounts, and transaction history within that window.

4. Search all relevant systems. The search must cover every platform where accounts or transactions could exist: core banking, trust platforms, investment management systems, foreign correspondent accounts, and any recently acquired subsidiary systems.

5. Report positive matches only. If the search finds a match, the institution reports it through the portal with account information and transaction details sufficient for the requesting agency to act. Negative results require no response.

6. Maintain strict confidentiality. The institution cannot disclose to the named subject, or to anyone other than FinCEN and law enforcement, that a request was received or acted on. This prohibition has no time limit. Tipping off a subject is a separate federal offense.

7. Assess SAR obligation. A positive 314(a) match is a material red flag. If the account shows any suspicious activity, the institution must evaluate whether a Suspicious Activity Report is required under BSA rules. Skipping this step is an exam finding in its own right.

8. Document everything. Statute doesn't explicitly mandate search logs, but regulators expect them. The absence of documentation during an exam is functionally indistinguishable from the absence of compliance.

What evidence do regulators expect?

BSA examiners follow the FFIEC BSA/AML Examination Procedures when reviewing 314(a) compliance. On audit day, they're looking for five things.

Registration currency. Examiners pull the FinCEN portal record directly. If the institution's designated point of contact departed and the registration was never updated, that's an immediate finding. This is the easiest issue to prevent and, somehow, the most common one examiners find.

Search documentation. Examiners want a log showing every 314(a) request received, date it arrived, date the search was completed, systems queried, and result. Institutions that rely on informal email threads often can't produce an organized record. That silence reads as non-compliance.

Timeliness evidence. Examiners sample requests and check timestamps. Chronic lateness, even without formal citations, creates supervisory risk and accelerates the next examination cycle.

Scope completeness. Did the search cover every required system? Institutions with siloed platforms frequently miss accounts held in subsidiary or trust systems. Examiners specifically ask for a list of systems included and excluded.

SAR integration. Where a match was found, did the institution document its SAR decision? Examiners follow the thread from 314(a) response to SAR filing decision. A match with no documented SAR analysis is a gap.

Confidentiality controls. Who has access to incoming 314(a) requests? Is there a documented procedure preventing inadvertent disclosure? Training records should show that relevant employees understand the prohibition and its criminal implications.

Common failure modes

Most 314(a) deficiencies come from a short list of recurring problems.

• Stale registrations. The designated contact left the institution, and no one updated the FinCEN portal. Requests arrived in an unmonitored inbox for months. This is the single most common finding and usually signals broader AML governance decay.

• Incomplete system coverage. A bank's search covered the core banking platform but missed the investment management system, the trust department, or a subsidiary brought in through acquisition. Examiners know to ask what other systems exist.

• Manual process failures. Community banks often run 314(a) searches manually, which means individual employees can forget to log searches, miss requests, or fail to record results. Missing documentation during an exam looks like a missing search.

• Confidentiality breaches. Cases where bank employees tipped off subjects named in 314(a) requests have resulted in criminal referrals. This exposure is disproportionate to its frequency because the consequences extend beyond a regulatory fine to potential obstruction charges against individuals.

• No SAR follow-through. FinCEN's own program guidance states that a positive 314(a) match, combined with any suspicious activity in the account, should trigger a SAR analysis. Institutions that find matches but make no documented SAR decision create an obvious exam finding and a liability gap.

• Deadline misses during operational strain. The 14-day clock doesn't flex. Institutions without automated search workflows routinely miss the deadline during staff vacations, system migrations, or peak business periods. Capital One's 2021 consent order with FinCEN and the OCC, which resulted in a $390 million penalty, cited systemic failures across multiple BSA obligations, with information-sharing program weaknesses as a contributing component. The FinCEN enforcement notice details the breadth of those failures.

Penalties for non-compliance

Section 314(a) violations are charged under the Bank Secrecy Act's enforcement framework. FinCEN, the OCC, the Federal Reserve, the FDIC, and the NCUA all have jurisdiction depending on institution type.

Civil penalties under 31 U.S.C. § 5321 run up to $25,000 per day for negligent violations. Willful violations reach up to $100,000 per day. For pattern-of-practice willful violations, the ceiling is the greater of $1 million per violation or twice the amount involved in the underlying transaction.

Criminal penalties under 31 U.S.C. § 5322 for willful violations include fines up to $250,000 per count and imprisonment up to five years. Where the violation was committed in furtherance of another federal crime, the potential imprisonment term extends to ten years.

In practice, standalone 314(a) citations are rare. Regulators bundle information-sharing failures into broader BSA/AML consent orders, which inflates the penalty. USAA Federal Savings Bank paid $140 million in 2022 to settle findings from FinCEN and the OCC that included failures in its information-sharing program, transaction monitoring, and SAR filing. The enforcement action is available at FinCEN's website.

Repeat offenders face an additional supervisory premium. Institutions with prior BSA consent orders that subsequently fail on 314(a) face accelerated examination timelines and, in some cases, formal memoranda of understanding that restrict growth until remediation is confirmed. 12 CFR Part 21 spells out the OCC's standards for national bank BSA programs, which examiners use as the benchmark when assessing 314(a) gaps.

Related regulations and frameworks

Section 314(a) is one component inside a broader U.S. and international AML architecture.

The Bank Secrecy Act is the parent statute. The BSA requires AML programs, recordkeeping, Currency Transaction Reports, and SAR filings. Section 314(a) is an additional obligation layered on top of that existing infrastructure, which means weak BSA foundations undermine 314(a) execution.

Section 314(b) is the voluntary counterpart. Where 314(a) is mandatory and law enforcement-directed, 314(b) allows financial institutions to share information with each other, after notifying FinCEN, when they jointly suspect an account is linked to money laundering or terrorist financing. Many institutions use both in sequence: 314(a) for responding to regulators, 314(b) for building peer intelligence around a match.

Section 326 and the FinCEN CDD Rule govern customer identification and verification. A 314(a) search is only as good as the Know Your Customer records it queries. If CIP records are incomplete or inconsistent, searches produce false negatives. This dependency is why examiners review CIP and 314(a) in the same examination cycle.

The Anti-Money Laundering Act of 2020 modernized the BSA and strengthened FinCEN's authorities, including new requirements for AML program effectiveness. It put direct pressure on institutions to demonstrate that information-sharing workflows are actually functioning, rather than just documented.

Internationally, FATF Recommendation 20 is the closest analog for suspicious transaction reporting and cross-agency cooperation. Countries implementing FATF standards are expected to create similar law enforcement access mechanisms. The U.S. model under 314(a) is more operationally formalized than most national equivalents, but the underlying principle, giving investigators direct access to financial records tied to active cases, is a core FATF compliance expectation in every major jurisdiction.

How FluxForce supports Section 314(a) compliance

FluxForce's AI agents automate the record-search and response workflow that 314(a) demands. When a request arrives, Aiden Flux and Nova Sentinel cross-reference it against all connected data sources simultaneously, flag positive matches, and generate a timestamped audit trail within the 14-day window. Compliance teams get a documented record of every search, every result, and every SAR assessment decision. That's the package examiners ask for. Request a demo to see how the regulatory compliance automation workflow handles 314(a) at scale.