To access BOI, domestic agencies must satisfy several security and confidentiality requirements set out in the CTA and the Access Rule. The requirements include establishing standards and procedures to protect the security and confidentiality of BOI, entering into an agreement with FinCEN specifying those standards and procedures, establishing and maintaining a secure system for storing BOI, establishing and maintaining auditable BOI request records, restricting access to BOI, conducting audits, and providing FinCEN with reports and certifications.
Financial institutions that obtain BOI from FinCEN must develop and implement administrative, technical, and physical safeguards reasonably designed to protect the information. Financial institutions will be able to satisfy this requirement by applying to BOI the same security and information handling procedures they use to protect customers’ nonpublic personal information in compliance with section 501 of the Gramm-Leach-Bliley Act and its implementing regulations. For each BOI request that it makes, a financial institution will have to certify that the request satisfies applicable criteria. Certain geographic restrictions will also apply.
Foreign requesters who obtain BOI under an international treaty, agreement, or convention must comply with all applicable handling, disclosure, and use requirements of the international treaty, agreement, or convention under which the request was made. Foreign requesters who obtain BOI pursuant to a request from a “trusted foreign country” must establish standards and procedures to protect the security and confidentiality of BOI, maintain the BOI in a secure system, and restrict access to the information, among other requirements.
Source: www.fincen.gov
Copyright © BW&T Busiess Advisors, Inc. All Rights Reserved.
