Section 314(a): What It Requires and Who It Applies To

What is Section 314(a)?

Section 314(a) is a provision of the USA PATRIOT Act (Pub. L. 107-56), signed into law on October 26, 2001. The Financial Crimes Enforcement Network (FinCEN), a bureau of the U.S. Department of the Treasury, administers it under 31 CFR § 1010.520.

The provision creates a rapid information-sharing channel between federal law enforcement and the financial system. When an agency such as the FBI, DEA, or Secret Service is investigating money laundering or terrorist financing, it submits a request to FinCEN. FinCEN batches those requests and transmits them to participating financial institutions through its Secure Information Sharing System (FISS), typically on a two-week cycle.

Institutions that receive a 314(a) request must search their records for any accounts or transactions matching the named subjects, then report any matches back to FinCEN within 14 calendar days. The entire process is confidential. Institutions cannot disclose to the subject that a search was conducted, and they cannot use the information for any purpose other than reporting the match and filing a Suspicious Activity Report (SAR) if the underlying facts support one.

The provision is narrow. It does not require institutions to block accounts or take adverse action against a subject. It is a search-and-report obligation only. That distinction matters: getting the response wrong in either direction, missing a match or freezing accounts without separate legal authority, creates regulatory and liability exposure.

FinCEN published detailed guidance and FAQs on the 314(a) process. That resource is the primary reference for compliance teams building or updating their programs.

Who does Section 314(a) apply to?

The obligation covers a broad set of federally regulated financial institutions. Specifically, 31 CFR § 1010.520 reaches:

• Banks and thrifts, including national banks, state-chartered banks, and federal and state savings associations, regardless of asset size
• Credit unions, including federally insured credit unions of any charter type
• Broker-dealers registered with the SEC
• Mutual funds registered with the SEC
• Futures commission merchants and introducing brokers registered with the CFTC
• Money services businesses (MSBs), including money transmitters, check cashers, and currency dealers
• Insurance companies that issue or underwrite certain products, such as life insurance with a cash value component and annuities
• Loan and finance companies as defined under the Bank Secrecy Act (BSA)

There is no asset-size exemption. A $180 million community bank faces the same 314(a) obligations as a $2 trillion global institution. What differs is operational capacity: larger institutions are expected to run automated, multi-system searches; smaller institutions may do so manually. The 14-day deadline applies equally to both.

U.S. branches and agencies of foreign banks licensed to operate in the United States are covered. They must search their U.S.-held records; there is no requirement to query foreign systems.

Pawnbrokers, casinos, and dealers in precious metals are exempt from 314(a) specifically, though they carry separate BSA obligations.

What does Section 314(a) require?

The core obligations under 31 CFR § 1010.520 are:

1. Designate an active 314(a) point of contact. Each institution must register a person or function as its contact in the FinCEN FISS portal. That account must remain active and current. Requests go to the registered contact; an inactive account means requests go unread, and that gap will appear in any examination.

2. Search records on every request. When a request arrives, the institution must search all account records and transaction records for the subjects named. FinCEN expects the search to cover accounts maintained and transactions conducted during the past 12 months, consistent with the FFIEC BSA/AML Examination Manual.

3. Respond within 14 calendar days. The clock starts from FinCEN's transmittal date, not from when the institution opens the request. A "no match" result does not require a response; only positive matches trigger reporting.

4. Report matches through FISS. The report includes account type, account number, branch location, and dates of activity. It does not require a full transaction narrative; that detail follows if law enforcement issues a subpoena.

5. Maintain confidentiality. The institution cannot tell the subject that a 314(a) search was run against their name. This prohibition applies to all employees who might interact with customers: branch tellers, relationship managers, and call center staff. Training records must document that these employees received specific instruction on the prohibition.

6. Retain all 314(a) records for five years. Institutions must retain both the requests received and their own responses. This five-year period matches the standard set by FATF Recommendation 11 for customer and transaction records.

7. Escalate matches for SAR review. A 314(a) match alone does not automatically require a SAR. But if the match, combined with account activity or other red flags, indicates suspicious activity, the institution must follow its standard SAR process. Treating a match as a closed checkbox rather than a trigger for enhanced review is a documented examination finding.

What evidence do regulators expect?

On an examination day, BSA/AML examiners from the OCC, FDIC, Federal Reserve, NCUA, or state regulators expect the following:

• An active FISS registration. Examiners verify this directly with FinCEN. An expired account is cited on the spot.
• Written policies and procedures describing the 314(a) search workflow: who runs the search, which systems are queried, the timeline from receipt to response, and what triggers SAR escalation.
• Annual training records showing that all relevant staff received specific 314(a) instruction. One-time onboarding training is not sufficient; examiners look for annual refreshers with dated attendance records.
• A request log documenting every 314(a) request received, the date searched, the date any match was reported, and whether a SAR was filed as a result.
• System test documentation. Examiners want evidence that the institution has tested its query logic against known accounts. A mock 314(a) run, documented with results, is the standard. Institutions that have never run a test often discover on exam day that their search doesn't cover all platforms.
• Multi-system search evidence. Institutions with separate platforms for retail, commercial, trust, and brokerage must document that 314(a) searches covered all of them. Searching only the primary core is a common gap.
• SAR documentation tied to matches. For any match that generated a SAR, examiners want to see the connection between the 314(a) match, the enhanced review, and the filing decision.

The FFIEC BSA/AML Examination Manual's 314(a) section is the definitive examiner checklist. Compliance teams should use it as their internal audit template, line by line.

Common failure modes

Most 314(a) citations come from a short list of recurring problems:

• Inactive FISS accounts. When the registered contact leaves without the portal being updated, the institution receives no requests. FinCEN records every transmittal date; a gap in responses is immediately visible in examination.
• Incomplete system coverage. Banks with separate platforms for retail, commercial, and wealth management often search only the core. The OCC cited this pattern in multiple BSA enforcement actions between 2018 and 2022. A match sitting in a trust sub-system that was never queried is treated as a missed match.
• No SAR follow-through. Finding a 314(a) match and not escalating it for SAR review is a direct finding. Examiners expect every match to trigger a formal enhanced review, documented with a disposition, under the FinCEN Customer Due Diligence Rule.
• Confidentiality breaches. Branch staff who tell customers that a government inquiry was received violate 314(a) directly. This has appeared in examination findings and, in more serious cases, contributed to obstruction referrals to the DOJ.
• Late responses. Missing the 14-day window by even one day is cited. This is most common when requests arrive around holidays or during staff transitions.
• No testing. Institutions that have never run a mock search regularly discover that their query logic misses records. Annual testing is not optional; it is an examiner expectation.

Penalties for non-compliance

FinCEN and the prudential regulators, OCC, Federal Reserve, FDIC, and NCUA, enforce 314(a) through BSA penalty authority. The maximum civil monetary penalty under 31 U.S.C. § 5321 is $1,000,000 per day per violation. In practice, penalties scale to the severity and duration of the failure.

The most prominent example of BSA program failures inclusive of information-sharing deficiencies is the December 2012 action against HSBC. The DOJ announced a $1.92 billion settlement, with FinCEN's assessment covering BSA program deficiencies including inadequate information-sharing controls. That case set the benchmark for enterprise-level BSA enforcement.

For smaller institutions, enforcement typically results in a formal agreement, consent order, or cease-and-desist, requiring independent testing and program remediation rather than immediate monetary penalties.

The OCC also holds individual accountability authority under 12 U.S.C. § 1818. Officers who deliberately ignored compliance requirements can be removed and barred from future banking work.

Criminal exposure specific to 314(a) arises when a confidentiality breach is paired with tipping off a money laundering target. That is a separate criminal offense under 31 U.S.C. § 5318(g)(2), and it is prosecuted independently of any BSA civil action.

Related regulations and frameworks

Section 314(a) sits inside the broader BSA compliance program and does not operate in isolation.

The most direct companion is Section 314(b), the voluntary information-sharing program that lets financial institutions share information with each other about suspected money laundering without violating privacy laws. Where 314(a) is mandatory and law-enforcement-initiated, 314(b) is voluntary and institution-initiated. Many BSA officers treat the two as linked tools: 314(a) tells you what law enforcement already knows; 314(b) lets you compare notes with peers on what you suspect.

Section 314(a) connects directly to SAR obligations. A match that reveals suspicious activity must flow into the SAR process. Treating the two as separate workflows is a recurring exam failure.

The Anti-Money Laundering Act of 2020 (AMLA 2020) strengthened 314(a) by requiring FinCEN to modernize information-sharing mechanisms and provide feedback to financial institutions on how their 314(a) data was used. That feedback loop was largely absent before 2020.

At the international level, FATF Recommendation 20 establishes the global SAR/STR reporting standard that 314(a) implements domestically. FATF mutual evaluations of the United States assess 314(a) compliance as part of the broader AML program review. The U.S. was last mutually evaluated in 2016, with a follow-up progress report in 2020; 314(a) participation rates were cited as a positive indicator.

International equivalents include the UK's information-sharing provisions under the Money Laundering Regulations 2017 and the EU's public-private partnership frameworks in the EU AML Regulation (AMLR 2024), though neither matches 314(a)'s operational specificity or mandatory timelines.

How FluxForce supports Section 314(a) compliance

FluxForce's AI agents automate the record search triggered by 314(a) requests. When a request arrives, the system queries across all connected data sources in minutes, flags any matches with a full evidence trail, and routes confirmed hits to the compliance team for SAR review. Nova Sentinel monitors for confidentiality policy breaches in customer-facing channels. The complete audit log, covering every request received, every search run, and every disposition, satisfies the five-year retention requirement without manual effort. Request a demo to see the workflow in practice.