Section 314(b): What It Requires and Who It Applies To

What is Section 314(b)?

Section 314(b) is a voluntary information-sharing program established under the USA PATRIOT Act (Public Law 107-56), signed on October 26, 2001. FinCEN, the bureau within the U.S. Department of the Treasury responsible for the Bank Secrecy Act, administers the program. The statutory authority sits in 31 U.S.C. § 5318(g)(3), with implementing regulations at 31 C.F.R. § 1010.540.

Congress designed 314(b) alongside the mandatory Section 314(a) provision as a direct response to the intelligence failures of September 11. The two serve different purposes. Section 314(a) lets federal law enforcement direct financial institutions to search their records for accounts tied to specific named subjects. Section 314(b) runs horizontally: institutions share information with each other, without waiting for a law enforcement trigger.

The underlying problem was the Gramm-Leach-Bliley Act. GLBA restricted customer information sharing between financial institutions, and this privacy wall was preventing banks from warning each other about suspicious patterns they were each seeing in isolation. Section 314(b) created a statutory safe harbor that overrides GLBA restrictions when sharing relates to suspected money laundering or terrorist financing under the Bank Secrecy Act.

As of FinCEN's published program data, approximately 6,500 financial institutions are registered (FinCEN Section 314(b) program). The safe harbor is what makes participation practical. An institution that shares customer information under 314(b) is protected from civil liability, including GLBA claims, provided it has a reasonable basis to believe the shared information relates to a possible violation and maintains required confidentiality safeguards. Without the safe harbor, a bank sharing customer data with a peer institution would be exposed to GLBA enforcement.

Who does Section 314(b) apply to?

Any financial institution covered by the Bank Secrecy Act is eligible. The list covers most of the regulated financial sector:

• Federally insured banks, savings associations, and credit unions of any size
• Broker-dealers registered with the SEC
• Futures commission merchants and introducing brokers regulated by the CFTC
• Mutual funds (registered investment companies)
• Insurance companies offering covered products
• Money services businesses, including money transmitters, check cashers, and currency dealers
• Casinos with annual gaming revenues above $1 million
• Dealers in precious metals, stones, or jewels
• Non-bank mortgage lenders and originators

There's no minimum asset threshold. A $200 million community bank participates on identical terms to a global bank with $2 trillion in assets. U.S. branches and agencies of foreign banking organizations are eligible, though sharing must concern U.S.-based activity.

One eligibility condition applies: an institution must be in compliance with its own BSA obligations. An institution that lacks an adequate AML program or proper customer identification controls is not positioned to share information responsibly under 314(b). Examiners have flagged cases where institutions used inbound 314(b) responses as a substitute for their own independent analysis. That's the wrong direction. Sharing is meant to augment, not replace, internal investigation.

Participation is entirely voluntary. Institutions register with FinCEN, can withdraw at any time, and are never required to respond to inbound requests from peer institutions. The decision whether to share in any specific case always belongs to the institution.

What does Section 314(b) require?

The program doesn't impose ongoing reporting obligations the way SAR filing does. It creates a structured framework for voluntary sharing. The core obligations are:

1. Annual FinCEN notification. Before sharing under 314(b), an institution must notify FinCEN through its secure web portal. This notification must be renewed each year. If registration lapses, the safe harbor doesn't apply to any sharing that occurs during the gap. Institutions that continue sharing with an expired registration are exposed retroactively.

2. Reasonable suspicion standard. Sharing is limited to information about accounts or transactions the institution suspects may involve money laundering or terrorist financing. This is a lower threshold than the SAR filing standard, but it's not unconditional. Sharing general customer data unrelated to a specific suspicion falls outside the safe harbor and exposes the institution to GLBA liability.

3. Designated contact person. Each registered institution must identify a specific point of contact for 314(b) communications. This person handles inbound requests from other institutions and initiates outbound sharing. Contact details must be kept current with FinCEN.

4. Confidentiality obligation. Information received under 314(b) must remain confidential. It can't be disclosed to the subject of the inquiry, to third parties outside the AML function, or to business lines with no investigative role.

5. Use restriction. Shared information can only be used to identify and report suspected money laundering or terrorist financing, to decide whether to establish or maintain an account, or to assist in BSA compliance. Using 314(b) data for credit decisions, marketing, or any other commercial purpose voids the safe harbor for that disclosure.

6. Adequate information security. FinCEN doesn't prescribe specific technical controls, but institutions must maintain safeguards for shared data. In practice, examiners look for access controls, audit trails, and documented procedures governing how incoming requests are handled and how received data is stored.

7. No obligation to respond. FinCEN's rules are explicit: institutions aren't required to respond to 314(b) inquiries from peers. Declining is never a violation. The obligation runs only to operating the program correctly when the institution chooses to use it.

What evidence do regulators expect?

Examiners from the OCC, FDIC, Federal Reserve, and FinCEN evaluate 314(b) as part of broader BSA/AML program reviews. They're looking for evidence the program is operational, not merely registered.

• Current FinCEN registration. Proof of the most recent annual notification, with confirmation the registration hasn't lapsed. Examiners verify this directly against FinCEN records.
• Written 314(b) policy. A standalone policy or a dedicated section within the institution's BSA/AML program documentation. The policy should name the designated contact, define the reasonable suspicion threshold the institution applies, and specify how confidentiality is maintained.
• Procedure for evaluating inbound requests. A documented workflow for how staff assess whether a request warrants a response, what information can legally be shared, and who approves outbound disclosures.
• Training records. Evidence that the designated contact and relevant AML staff have received 314(b)-specific training, not just generic AML program training. The training should cover safe harbor conditions, confidentiality rules, and use restrictions.
• Activity log. A record of all inbound and outbound 314(b) communications: dates, counterparty institution names, the nature of each inquiry, and the outcome. This is the document examiners scrutinize most closely on exam day.
• Access controls on shared data. Evidence that information received under 314(b) is stored with appropriate restrictions, separate from general customer data, with access limited to AML staff.
• Integration with the SAR workflow. Increasingly, examiners expect to see 314(b) sharing activity connected to the institution's SAR investigations. An institution that filed 50 SARs last year and made zero 314(b) inquiries will be asked to explain the gap.

Banks that maintain a live activity log, connected to actual investigations and reviewed periodically by the BSA officer, consistently pass this portion of exams with no findings.

Common failure modes

Most 314(b) exam findings trace back to operational gaps, not deliberate misconduct. Here's what shows up repeatedly:

• Lapsed registration. The annual FinCEN notification gets missed because no single person owns the calendar item. The institution continues sharing, without safe harbor protection. This surfaces in the next exam as a retroactive exposure covering months of disclosures.
• No activity log. The program is registered but no one maintains a record of requests made or received. Examiners treat this as a control deficiency serious enough to document in the examination report.
• Overly broad sharing. Information disclosed goes beyond what's reasonably connected to a specific suspicion. Individual disclosures made outside the safe harbor can expose the institution to GLBA claims.
• Inadequate confidentiality controls. 314(b) data stored in shared drives, forwarded to relationship managers, or discussed with staff outside the AML team. These are the scenarios that attract civil liability.
• Untrained designated contact. Staff turnover replaces the contact person and the replacement has received no 314(b) training. Inbound requests arrive and either aren't handled correctly or are ignored entirely.
• Zero usage despite an active SAR program. FinCEN's December 2020 statement on AML program effectiveness (FinCEN AML Program Effectiveness Statement, December 2020) explicitly identified underutilization of available information-sharing tools as a sign of program weakness. An institution filing 100 SARs annually but never initiating a 314(b) inquiry will be asked to justify that posture.
• Treating 314(b) responses as a substitute for independent analysis. Receiving a positive hit from a peer institution and closing the case without independent investigation. The program is an information input, not a substitute for the institution's own suspicious activity analysis.

Penalties for non-compliance

Section 314(b) itself carries no direct penalty for declining to participate. The risk runs through BSA/AML program enforcement, and that's where the numbers become significant.

Deficient 314(b) controls are cited as evidence of a broader AML program failure. Civil money penalties for BSA violations carry no statutory cap in practice, and large cases routinely run into nine figures. TD Bank's October 2024 plea agreement with the Department of Justice, totaling $1.3 billion in fines and $1.8 billion in additional payments, cited systemic failures across the bank's AML program, including inadequate information-sharing controls at scale (DOJ press release, October 2024). Broken information-sharing practices were one element of a program that failed across multiple dimensions.

HSBC's 2012 deferred prosecution agreement with the DOJ, worth $1.9 billion, included findings on the bank's failure to maintain adequate AML controls, with information-sharing and correspondent banking deficiencies explicitly cited (DOJ press release, December 2012).

The Anti-Money Laundering Act of 2020 explicitly directed FinCEN to encourage use of information-sharing tools and to consider the adequacy of institutions' 314(b) participation when assessing AML program effectiveness.

At the individual level, BSA compliance officers face personal liability under 31 U.S.C. § 5322. Civil penalties reach $25,000 per day per violation for negligent failures. Willful violations carry up to $250,000 in fines and five years' imprisonment. FinCEN's full enforcement record is publicly available at fincen.gov/resources/enforcement-actions.

Related regulations and frameworks

Section 314(b) is one tool within a larger BSA/AML architecture and connects directly to several other regulatory obligations.

Within U.S. law:

The Bank Secrecy Act is the parent statute. Section 314(b) sits alongside SAR obligations, Currency Transaction Reports, and the Section 314(a) request mechanism as part of the BSA's information framework. The FinCEN Customer Due Diligence Rule, which took effect May 2018, expanded beneficial ownership requirements and created more granular customer-level data that institutions now have concrete reason to share under 314(b) when suspicious patterns emerge. AMLA 2020 directed FinCEN to modernize AML information sharing and explicitly referenced voluntary peer-to-peer sharing as a tool institutions should deploy actively.

FATF international standards:

FATF Recommendation 13 addresses correspondent banking and encourages jurisdictions to create safe harbor mechanisms that permit voluntary information sharing between financial institutions. Section 314(b) is widely cited as the leading national implementation of that principle. FATF mutual evaluation reports for the United States have consistently identified the 314(b) program as a strength of the U.S. AML framework.

International equivalents:

The EU has no direct 314(b) counterpart. The 6th Anti-Money Laundering Directive and the 2024 EU AMLR framework both contemplate information-sharing mechanisms, but the EU has not established a statutory override of GDPR and national privacy laws equivalent to the BSA safe harbor. The UK's National Crime Agency operates collaborative financial intelligence mechanisms under the Proceeds of Crime Act, but the structure and safe harbor protections differ materially from the U.S. model. This divergence creates a practical gap for international institutions: U.S. operations can share under 314(b) domestically, but sharing with non-U.S. affiliates or foreign peer institutions requires a separate legal basis.

How FluxForce supports Section 314(b) compliance

FluxForce connects information-sharing workflows directly to existing investigation pipelines. When an AI agent flags a transaction for review, the platform can surface related patterns that warrant a 314(b) inquiry, document the outbound request, and log each exchange in a tamper-proof audit record with timestamps and decision context. Every action includes a complete explanation, so the AML team has exactly what examiners expect to see: an active activity log tied to real investigations. Request a demo to see how FluxForce handles 314(b) workflows end to end.