Skip to content
Back

What FinCEN's new fraud safe harbor guidance means

Image of U.S. banks in today's economy
Compliance

FinCEN's June guidance puts fraud under the 314(b) safe harbor, letting banks share fraud signals without proving money laundering. What it means, explained.

Authors

Inti Pacheco

Inti Pacheco

Data Insights at Middesk

01

Overview

Fraud teams have historically hesitated to use 314(b) when fraud did not map cleanly onto money laundering. FinCEN's June guidance changes that.

FinCEN's June guidance brings fraud under the safe harbor, the legal protection that shields financial institutions from liability when sharing fraud signals. The guidance followed a proposed rule issued in April to reform programs that fight illicit finance, which received both industry support and criticism.

Trade associations, financial institutions, and individuals largely backed FinCEN's direction but said the proposal lacked clarity, with some calling key terms too vague to be useful. As iKinetiq Innovation Solutions president Stuart Brock noted, a bank can satisfy every element of the proposed definition and still run a program that produces nothing useful.

In brief:

  • FinCEN's June guidance places fraud under the 314(b) safe harbor, the first update to those rules since 2020.
  • Fraud now counts as a "specified unlawful activity," so banks can share fraud signals like transaction data, IP addresses, and device IDs on suspicion alone.
  • The change opens up fraud information-sharing infrastructure — long used by networks like Early Warning Services and Nasdaq's FRAMLxchange — to the broader market.
  • For businesses, a fraud flag can now move between institutions faster, and the untested safe harbor has industry groups pushing Congress to codify it.
02

What does the FinCEN 314(b) update say?

Financial institutions can now share more information because fraud offenses qualify as specified unlawful activities, which is the legal threshold required to trigger safe harbor protection. That includes transaction data, IP addresses, and device identifiers, among others.

This change does not solve fraud outright, and financial institutions expressed only partial satisfaction with it. Still, compliance experts and industry organizations that have pushed for this change for years characterized it as a step in the right direction.

Guidance for the 314(b) safe harbor requirements had not been updated since 2020. Industry groups had long urged FinCEN to explicitly cover fraud under the safe harbor, and Congress had broadly called for AML modernization.

The update is expected to make it easier for participants to combat fraud, particularly benefiting large fraud information-sharing networks owned by companies such as Nasdaq and JPMorgan Chase. It is also expected to make it easier for banks and other financial institutions to protect themselves and each other.

The Bank Policy Institute described the update as a critical step in helping banks disrupt fraud and scams in real time. BPI also said it encouraged Congress and other agencies to remove legal uncertainty and establish a clear safe harbor for banks.

03

How did banks share fraud data before the update?

Large banks have maintained their own information-sharing infrastructure for some time.

U.S. banking giants and other institutions own a data consortium called Early Warning Services (EWS). The platform counts 5,000 banks, credit unions, payment companies, merchants, and government agencies as members. EWS has said it screened $11 trillion in payments and stopped $3.7 billion in potential fraud.

Separately, roughly 2,800 organizations use Nasdaq's FRAMLxchange platform, which allows them to share data on suspicious activity under the 314(b) safe harbor.

Both Nasdaq and BPI/Clearing House, which represents EWS's owners, stated in their comments that FinCEN's rule proposal did not adequately address the sharing mechanics needed for cross-institutional collaboration.

04

What does the 314(b) update mean for business?

Overall, the guidance represents an effort by FinCEN to extend to the broader market the kind of information-sharing infrastructure that large banks had already built for themselves outside the formal program.

A suspicion of fraud alone is now sufficient to trigger information sharing. Banks do not need to identify specific proceeds of fraud being laundered. Bank A can alert Bank B about the invoice scam the moment they suspect it, without needing to prove a money laundering connection first.

For business owners, it means that a suspicion of fraud attached to their account can now move between institutions faster than before. An incorrectly flagged business in one place could be denied at another without a word of explanation.

Financial institutions could worry about legal protections for sharing fraud signals because the safe harbor hasn’t been legally tested. Industry groups are pushing for Congress to codify the fraud safe harbor so that it can’t easily be modified.

More from Middesk

Say yes with confidence