News 05 Dec. 2024
Partner Dr. Alexandra G. Maier Recognized Again in Lexology Client Choice Award 2025, Mining Experts Category 2025
more
Event 23 Oct. 2024
Counsel Mohannad El Murtadi Suleiman to Speak at the 2nd Annual Africa Arbitration Day in New York
Event 18 Aug. 2023
Partner Borzu Sabahi Speaks at FDI Moot Shenzhen
News 25 Jul. 2023
Partner Eric Gilioli Ranked in Top 10 Influential Energy & Natural Resources Lawyers in Kazakhstan in Business Today
Client Alert 20 Apr. 2026
Italy Implements the EU's “Breakfast Directive”: New Rules for honey, Juices, Jams and Milk
News 09 Apr. 2024
Curtis Announces New Partners and Counsels Across Offices in Spring 2024
News 22 Oct. 2025
Curtis Named Leading Firm in Legal 500: Latin America 2026
News 21 Oct. 2025
Elisa Botero Recognized as Top 100 Female Lawyer in Latin America 2025
News 17 Jun. 2025
Curtis Announces Dual Promotion to Partner and Counsel in Dubai
News 02 Jun. 2025
Curtis advises Al Ain Farms on two strategic acquisitions, making it the largest integrated dairy and poultry producer in United Arab Emirates
Client Alert 28 Dec. 2023
U.S. to Impose Secondary Sanctions on Non-U.S. Banks For Financing Russia’s Defense Industry
News 24 Aug. 2023
Curtis Attorneys Quoted in CoinDesk on FTX Founder Sam Bankman-Fried’s Strategy Ahead of His Criminal Trial
Client Alert 10 Jul. 2024
EU Adopts New Restrictive Measures Against Belarus
Client Alert 26 Jun. 2024
The EU Adopts its 14th Sanctions Package Against Russia
client alert
FinCEN’s updated information sharing rules and the growing complexity of international AML compliance
OFAC Launches Reconsideration Portal and Publishes New Guidance to Streamline Delisting Petitions
Client Alert 14 Jul. 2026
On June 12, 2026, the U.S. Financial Crimes Enforcement Network (FinCEN) issued a landmark update to the operational guidance on Section 314(b) of the USA PATRIOT Act – the voluntary mechanism allowing financial institutions to share information with one another in the fight against money laundering, fraud, and financial crime. As Secretary of the Treasury Scott Bessent put it, financial institutions “need the tools to act quickly and share information that can help stop fraud before it spreads.” This alert sets out the principal features of the updated framework, places them in the context of parallel regulatory developments in Europe, and highlights the legal consequences of non-compliance.
Section 314(b) provides a voluntary, safe-harbor mechanism allowing financial institutions – and associations of financial institutions – to share information about suspicious customers, transactions, and activities without incurring liability for such sharing, subject to compliance with applicable notice, verification, and data security requirements. Participation requires only registration with FinCEN through its online portal. The June 2026 update brings three headline clarifications about the programme’s operational scope, taking the form of a revised fact sheet and an interpretative guidance document issued by FinCEN.
The June 2026 update has also attracted the support of the principal federal banking regulators. On July 9, 2026, the Federal Deposit Insurance Corporation (FDIC) and the Office of the Comptroller of the Currency (OCC) issued guidance encouraging financial institutions to participate in the 314(b) programme and to avail themselves of the expanded safe harbor for fraud-related information sharing. Both agencies underscored the programme’s role in strengthening institutions’ ability to identify criminal activity and protect clients in real time. The Bank Policy Institute (BPI) welcomed the guidance and called on the other financial regulators to issue equivalent encouragement, as well as on Congress to further expand statutory safe harbors for fraud information sharing between banks and across sectors.
The Section 314(b) update does not occur in isolation. Across the Atlantic, Regulation (EU) 2024/1624 (the “AMLR”), fully applicable from July 10, 2027, will introduce a structurally comparable instrument: partnerships for information sharing under Article 75 AMLR (the “Partnership for Information Sharing”), enabling direct, peer-to-peer exchange of information between obliged entities, including on a cross-border basis.
The reporting obligations arising from the activities of a Partnership for Information Sharing are governed by Article 69 AMLR, which establishes a structured and tiered regime for the submission of suspicious transaction reports (STRs) to the competent Financial Intelligence Unit (“FIU”). While the framework encompasses distinct scenarios, the two aspects of greatest operational significance for institutions participating in a Partnership for Information Sharing are the single-report mechanism and the cross-border reporting obligation.
The single-report mechanism: the central operational mechanism introduced by Article 69(8) AMLR allows obliged entities that identified the suspicious transaction to designate one among them to submit a single report to the FIU on behalf of the group, in lieu of multiple parallel filings. This mechanism is available where the activities of a Partnership for Information Sharing give rise to knowledge, suspicion, or reasonable grounds to suspect that funds are the proceeds of criminal activity or are related to terrorist financing. Designation is voluntary: the entities may elect to use it, but are not required to do so. Where a designation is made, the single report must ensure full transparency to the FIU as to the identity of each participant, notwithstanding the consolidation of the filing.
Cross-border reporting obligations: where the participating obliged entities are established in more than one Member State, the single-report mechanism does not permit centralisation of all filings in a single jurisdiction. Instead, the report must be submitted to each relevant FIU: the participating entities must ensure that a report is filed by an obliged entity established within the territory of each Member State in which a competent FIU operates.
Two further scenarios complete the framework. First, where the participating entities elect not to avail themselves of the single-report mechanism – whether because no designation is made or the entities prefer individual filings – each entity submitting its own report must include a reference to the fact that the suspicion arose from the activities of a Partnership for Information Sharing. Second, pursuant to Article 69(9) AMLR, all obliged entities participating in a partnership that has submitted reports under Article 69(8) AMLR must retain a copy of those reports in accordance with the document retention obligations set out in Article 77 AMLR.
The development of the EU AML framework has not, however, proceeded without friction. The intersection of AML requirements with EU data protection law – in particular the General Data Protection Regulation (the “GDPR”) – has presented a recurring and material challenge to the full implementation of AML measures across the Union. A notable illustration is the judgment of the Court of Justice of the European Union of 22 November 2022 (Joined Cases C-37/20 and C-601/20), which invalidated the provision of the Fifth Anti-Money Laundering Directive requiring unconditional public access to beneficial ownership registers, on the grounds that it constituted an unjustified interference with the fundamental rights to privacy and data protection. As a direct consequence, the implementation of beneficial ownership transparency across the EU was significantly delayed and recalibrated. The same structural tension between effective AML cooperation and the protection of personal data arises in the context of the Partnership for Information Sharing: the mandatory data protection impact assessment prior to the sharing activity, and the required involvement of data protection authorities in the supervisory verification process, both reflect the imperative to reconcile financial crime prevention with fundamental rights. It is precisely this complexity that has prompted AMLA and the European Data Protection Board (“EDPB”) to adopt a coordinated approach.
A significant development in this regard arose on July 1, 2026. The EDPB and AMLA announced that they will jointly develop Guidelines on the Partnership for Information Sharing. The initiative reflects the recognition that AML information sharing necessarily involves the processing of personal data, and that the intersection of the AMLR and the GDPR requires dedicated regulatory guidance to be workable in practice. A stakeholder event is planned for later in 2026 to gather early input on the key elements requiring clarification, followed by a public consultation on the draft Guidelines in the first half of 2027 – just months before the AMLR becomes fully applicable. For institutions planning ahead, this means that the detailed operational framework governing how the Partnership for Information Sharing may lawfully function will not be fully settled until after the consultation process has concluded. Early monitoring of the Guidelines development process is therefore strongly advisable for any institution considering participation.
Both the US and EU frameworks have moved to facilitate structured information sharing between financial institutions as a tool for addressing financial crime. The implementation models differ in several significant respects that institutions operating across both jurisdictions should bear in mind:
As both frameworks continue to evolve – the AMLR is subject to progressive implementation through 2027 and beyond – institutions subject to AML obligations in both jurisdictions shall comply with two materially distinct regimes. Coordinated, ongoing monitoring of regulatory developments across both systems will therefore be essential to ensure continued compliance.
Participation in Section 314(b) is voluntary and carries no sanction for non-participation. Its value lies in its role as a compliance enabler: structured information sharing supports the more effective identification and assessment of suspicious activity, directly assisting institutions in meeting the mandatory obligation under the Bank Secrecy Act (“BSA”), 31 U.S.C. § 5318(g), to file Suspicious Activity Reports (SARs). It is this mandatory SAR obligation – not Section 314(b) itself – that carries severe legal consequences for non-compliance:
Civil and criminal penalties are not mutually exclusive and may both be imposed concurrently for the same violation (31 U.S.C. § 5321(d)).
The EU enforcement landscape presents a more varied picture. Sanctions for breaches of the AMLR – including the mandatory reporting obligations under Chapter V – are governed not by the AMLR itself, but by Directive (EU) 2024/1640 (the “AMLD6”). Under Articles 53 and 55 AMLD6, Member States must ensure that obliged entities are subject to effective, proportionate, and dissuasive pecuniary sanctions for serious, repeated, or systematic breaches. Supervisors may also apply a range of administrative measures, including suspension or withdrawal of authorisation and temporary bans on managerial functions (Article 56 AMLD6).
However, an harmonization policy at EU level is underway. Under AMLD6, AMLA was required to prepare and publish its draft regulatory technical standards on sanctioning criteria and methodology – covering gravity indicators, criteria for setting penalty levels, and methodology for periodic penalty payments – together with guidelines on base amounts for pecuniary sanctions broken down by type of breach and category of obliged entity, and to submit the final report to the European Commission for adoption (Article 53(10) AMLD6). The final report has been published, laying the foundation for a consistent European AML enforcement regime; the draft RTS is being submitted to the European Commission for adoption and subsequent publication in the Official Journal of the EU.
Furthermore, the European Commission was required to adopt delegated acts defining penalty categories and criteria for breaches of the beneficial ownership transparency requirements under Article 68(2) AMLR. The Commission announced in February 2026 its intention to adopt the delegated regulation in Q3 2026; however, as of July 10, 2026, the text has not yet been published.
If your institution operates in the United States and has not yet registered under Section 314(b), the June 2026 update provides a compelling basis to assess whether participation in information sharing would strengthen your AML/CFT compliance framework. For EU-based institutions subject to AML/CFT reporting obligations under the AMLR, engaging with the evolving regulatory architecture now – including active monitoring of the EDPB/AMLA Joint Guidelines process and the AMLA supervisory framework – is essential to ensure readiness well ahead of the July 2027 application date. In both jurisdictions, timely and accurate SAR filing is a mandatory, non-delegable obligation. Institutions that have not yet assessed the adequacy of their reporting frameworks should do so without delay.
Corporate
Giovanni Sagramoso
Partner
Maria Elena Sarvia
Associate
Jonathan J. Walsh
New York
+1 212 696 6000
Milan
+39 02 7623 2001
news
SCOTUS Decision Upholding Birthright Citizenship Favors Amici Represented by Curtis Pro Bono