Supporting Statement
OMB Control Number 1506-0066
Reporting Obligations on Foreign Bank Relationships with Iranian-Linked Financial Institutions Designated under IEEPA and IRGC-Linked Persons Designated under IEEPA
1. Circumstances necessitating collection of information.
The legislative framework generally referred to as the Bank Secrecy Act (BSA) consists of the Currency and Foreign Transactions Reporting Act of 1970, as amended by the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001 (USA PATRIOT Act),1 and other legislation, including the Anti-Money Laundering Act of 2020 (AML Act).2 The BSA is codified at 12 U.S.C. 1829b, 12 U.S.C. 1951–1960, and 31 U.S.C. 5311–5314 and 5316–5336, including notes thereto, with implementing regulations at 31 CFR chapter X.
The BSA authorizes the Secretary of the Treasury (Secretary) to, inter alia, require financial institutions to keep records and file reports that are determined to have a high degree of usefulness in criminal, tax, or regulatory investigations, risk assessments or proceedings, or in intelligence or counter-intelligence activities, including analysis, to protect against terrorism, and to implement anti-money laundering/countering the financing of terrorism (AML/CFT) programs and compliance procedures.3 The Secretary has delegated to the Director of FinCEN (Director) the authority to administer the BSA.4
Separately, the Comprehensive Iran Sanctions, Accountability, and Divestment Act of 20105 (CISADA) amended the Iran Sanctions Act of 19966 by expanding economic sanctions against Iran, and required the Secretary to prescribe regulations to establish one or more specific requirements for U.S. financial institutions maintaining correspondent accounts for foreign financial institutions, in connection with certain statutory sanctionable activities.7 On October 11, 2011, pursuant to section 104(e) of CISADA, FinCEN issued a final rule8 requiring a bank9 operating within the United States (U.S. bank) that maintains a correspondent account10 for a specified foreign bank11 to make certain inquiries and report certain information about transactions or other financial services provided by that foreign bank. U.S. banks are only required to report this information upon receiving a specific written request from FinCEN (CISADA Request).
Upon receiving a CISADA Request, a U.S. bank that maintains a correspondent account for a specified foreign bank is required to make certain inquiries and provide a report to FinCEN (CISADA Report) of: (i) any correspondent account maintained by such foreign bank for an Iranian-linked financial institution designated under the International Emergency Economic Powers Act (IEEPA) (“Iranian-linked Financial Institution”);12 (ii) any direct or indirect transfer of funds for or on behalf of an Iranian-linked financial institution processed by such foreign bank within the preceding 90 calendar days, other than through a correspondent account; (iii) and any direct or indirect transfer of funds for or on behalf of an Islamic Revolutionary Guard Corps (IRGC)-linked person designated under IEEPA (“IRGC-linked Person”)13 processed by such foreign bank within the preceding 90 calendar days.
There is an optional CISADA certification form U.S. banks may use to obtain the necessary information from specified foreign banks.14
A U.S. bank must maintain a copy of any CISADA Report and the original or any business record equivalent of any supporting documentation for a CISADA Report, including a foreign bank certification or other responses to an inquiry for a period five years.15
2. Method of collection and use of data.
FinCEN may specify the format and manner in which information is collected in response to a CISADA Request.16 The format and manner of collection is otherwise not guided by any requirements setting forth specific methods U.S. banks must use to report the information. Historically, FinCEN required that CISADA Reports be submitted via the Secure Information Sharing System (SISS). As noted above, FinCEN developed an optional certification form that U.S. banks can use to obtain required information. In addition, FinCEN may specifically request confirmation that the U.S. bank does not maintain a correspondent account for the foreign bank(s).
The information collected and retained assists Federal, state and local law enforcement in tracing the proceeds of criminal or illegal activity and in identifying, investigating, and prosecuting individuals and entities involved in a variety of financial crimes.
Any information received will be used to provide FinCEN with information from U.S. banks regarding the nature of foreign bank activities that may be relevant to CISADA. Based on the reports, immediate action may be taken under section 104(c) of CISADA or there may be consultation with foreign banks that maintain correspondent accounts for Iranian-linked Financial Institutions; that have processed one or more transfers of funds for or on behalf of, directly or indirectly, an Iranian-linked Financial Institution or an IRGC-linked Person; or that have been unwilling to respond to inquiries from the banks at which the foreign banks maintain correspondent accounts.
3. Use of improved information technology to reduce burden.
As noted above, there are no specific methods required to collect information in response to CISADA Requests. FinCEN will specify the format and manner to report the information. Typically, FinCEN has required that CISADA responses be submitted via the SISS.
4. Efforts to identify duplication.
There is no similar information available; thus there is no duplication.
5. Methods to minimize burden on small businesses or other small entities.
FinCEN developed an optional certification form that includes a request to the foreign bank for information required under 31 CFR 1060.300. U.S. banks may use the certification form to obtain the necessary information from the foreign bank. In addition, U.S. banks that maintain correspondent accounts with foreign banks are generally large financial institutions. Therefore, FinCEN believes that any associated regulatory burdens would largely impact highly-resourced entities and would not impose undue burdens on small businesses or other small entities.
6. Consequences to the Federal government of not collecting the information.
The Federal government requires reporting of this information only upon request. FinCEN requires reports from those banks that maintain correspondent accounts for the specific foreign banks that are of interest for purposes of CISADA implementation. A failure to collect the required information could hamper FinCEN and law enforcement efforts to detect and deter illegal activity while it is still ongoing and discernible. The timely reporting of this information provides law enforcement with important investigative leads to take appropriate action, including tracing criminal proceeds, gathering additional evidence, seizing funds, and stopping the movement of funds before criminal elements can change their schemes for disposing of the profits of illegal activity.
7. Special circumstances requiring data collection inconsistent with guidelines.
Pursuant to 31 CFR 1010.430(d), all records that are required to be retained by 31 CFR chapter X must be retained for a period of five years. In addition, pursuant to 31 CFR 1060.300(d) a bank shall maintain for a period of five years a copy of any report filed and the original or any business record equivalent of any supporting documentation for a report, including a foreign bank certification or other responses to an inquiry under this section. The retention period is necessary because such records may relate to substantive violations of law that are subject to statutes of limitation longer than three years. The five-year retention period ensures that law enforcement will have access to records for a reasonable period of time and allows for verification of compliance with specific requirements.
8. Consultation with individuals outside of the agency on availability of data, frequency of collection, clarity of instructions and forms, and data elements.
On March 28, 2025, FinCEN published in the Federal Register a notice and request for comments of its intention to renew, without change, information requirements related to reporting obligations on foreign bank relationships with Iranian-linked Financial Institutions and IRGC-linked Person.17 The comment period closed on May 27, 2025. In response to the notice, FinCEN received three comments; two of which were supportive of renewing the regulations without change. None of the comments made recommendations regarding changing the regulations or the estimated burden.
9. Explanation of decision to provide any payment or gift to respondents.
No payments or gifts were made to respondents.
10. Assurance of confidentiality of responses.
The information collected will be made available to Treasury, its designee, and other authorized agencies, as are other reports required to be reported under the BSA. All such information collections under the BSA must be used by such agencies consistent with the purposes set forth in 31 U.S.C. 5311, including but not limited to furthering a criminal, tax, or regulatory investigation, risk assessment, or proceeding, or use in intelligence or counterintelligence activities, including analysis, to protect against terrorism.
11. Justification of sensitive questions.
There are no questions of a sensitive nature in the collection of information, such as sexual behavior and attitudes, religious beliefs, and other matters that are commonly considered private. Any personally identifiable information collected under the relevant CISADA authority that FinCEN administers is strictly controlled as outlined in FinCEN’s applicable Privacy Act Systems of Records Notice.18
12. Estimated annual hourly burden.
Frequency: As required.
Estimated Number of Potential Respondents: 9,384 banks.19
Table 1. Distribution of U.S. banks required to comply with this notice |
|
Type of U.S. bank |
Number of U.S. banks |
Banks with a Federal functional regulator (FFR) |
8,989a |
Banks lacking an FFR |
395b |
Total |
9,384 |
a This includes 4,490 Federal Deposit Insurance Corporation (FDIC)-insured depository institutions (i.e. federally regulated banks) according to the FDIC’s quarterly data summary for Q4 2024, and 4,499 National Credit Union Administration (NCUA)-chartered credit unions (i.e. federally regulated credit unions) according to NCUA’s quarterly credit union data summary for Q4 2024. b The Board of Governors of the Federal Reserve System Master Account and Services Database contains data on financial institutions that utilize Federal Reserve Bank financial services, including those with no Federal functional regulator. FinCEN used this data to identify 395 banks and credit unions utilizing Reserve Bank financial services with no federal regulator. |
|
Table 2 presents an estimate of this subpopulation of U.S. banks below based on available data from the third quarter of the most recently ended calendar year (2024).
Table 2. Distribution of potentially affected financial institutions that maintain correspondent accounts for foreign banks |
|
Type of financial institution |
Number of financial institutions |
Banks with an FFR |
60a |
Banks lacking an FFR |
12b |
Total |
72 |
a Data are from the Federal Financial Institution Examination Council Central Data Repository for Reports of Condition and Income (Call Reports) and Uniform Bank Performance Reports (UBPRs), available for most FDIC-insured institutions. Using this source of data, FinCEN determines that as of third quarter (Q3) in 2024, approximately 60 banking organizations (national and state banks, trusts, thrifts and savings and loans, branches and agencies of foreign banking organizations, representative offices, Edge Act corporations, and agreement corporations) will be affected by this rule on any given year. Specifically, we determine that there are approximately 60 entities (U.S. banks; national and state chartered, trusts, savings and loans, thrifts; branches and agencies of foreign banks; Edge Act corporations; and agreement corporations) that report values for deposit liabilities of banks in foreign countries. Deposit liabilities in a foreign country is an indication that a bank maintains correspondent accounts with a foreign financial institution. Credit unions, due to chartering restrictions, do not typically maintain foreign correspondent accounts. b The Board of Governors of the Federal Reserve System Master Account and Services Database contains data on financial institutions that utilize Reserve Bank financial services, including those with no federal regulator. FinCEN used this data to identify an additional 12 international banking entities with no federal regulator and who do not file Call Reports, but who are also likely to maintain correspondent accounts with a foreign financial institution. |
|
Estimated Number of Expected Respondents: 24 U.S. banks, annually.20
Estimated Number of Responses: 72 CISADA Reports.21
Of the 72 CISADA Reports estimated to be submitted annually, approximately 48 CISADA Reports would pertain to a U.S. bank that maintains a correspondent account for a specified foreign bank and 24 CISADA Reports would come from a U.S. bank that does not maintain a correspondent account for a specified foreign bank.22
Table 3 – Estimated hourly burden associated with the reporting and recordkeeping activities of 31 CFR 1060.300
CISADA Report type |
Annual number of responses |
Burden hours per response |
Annual burden hours |
CISADA Reports submitted by a U.S. bank that maintains a correspondent account for a specified foreign bank |
48 |
3 hoursa |
144 |
CISADA Reports submitted by a U.S. bank that does not maintain a correspondent account for a specified foreign bank |
24 |
30 minutesb |
12 |
Total |
72 |
|
156 |
a Three burden hours per U.S. bank with respect to each CISADA Report is the summation of one hour each to comply with 31 CFR 1060.300(b), 31 CFR 1060.300(c), and 31 CFR 1060.300(d). b FinCEN has historically estimated that the average reporting burden for a U.S. bank that does not maintain a correspondent account for a specified foreign bank will be approximately 30 minutes per report responsive to a CISADA Request. This estimate is based on the ease of electronically filing CISADA Reports with FinCEN. |
|||
Estimated Total Annual Burden Hours: 156 hours, as set out in table 3 above.
13. Estimated annual cost burden.
To estimate the costs associated with the annual PRA burden hours, FinCEN is utilizing a fully loaded composite hourly wage rate of $120.07, or, rounded to the nearest dollar, $120.00.23 The total estimated cost of the annual PRA burden is $18,720, as reflected in table 4 below.
Table 4. Total cost of annual PRA burden
CISADA Report type |
Burden hours |
Wage rate |
Total cost |
CISADA Reports submitted by a U.S. bank that maintains a correspondent accounts for a specified foreign bank |
144 |
$120.00 |
$17,280 |
CISADA Reports submitted by a U.S. bank that does not maintain a correspondent account for a specified foreign bank |
12 |
$120.00 |
$1,440 |
Total |
156 |
|
$18,720 |
Estimated Total Annual Cost: $18,720, as set out in table 4 above.
FinCEN has not separately estimated, or assigned a dollar value to, the non-labor costs associated with the covered reporting and recordkeeping requirements.
14. Estimated annualized cost to the government.
The cost to the Federal government is de minimis. The responses are submitted to FinCEN electronically via the SISS.
15. Reasons for change in burden.
The estimated total annual burden hours decreased by 1,664 hours from 1,820 hours in 2022 to 156 hours in 2025. The burden per CISADA-related report from U.S. banks that maintain correspondent accounts for specified foreign banks remained at 3 hours per response. The burden per CISADA-related report from U.S. banks that do not maintain correspondent accounts for specified foreign banks remained at 30 minutes per response. The decrease in burden is a result of a decrease in the estimated number of responses per potential respondent from 1,040 in 2022 to 72 in 2025, although the estimate of the number of entities that maintain correspondent accounts for foreign banks increased from 52 in 2022 to 72 in 2025. FinCEN believes that the estimate for the number of responses per entity for 2025 is a more accurate figure, as each U.S. bank will only provide one response to each request, and not every U.S. bank maintaining a foreign correspondent account will be required to respond to a request every year. Furthermore, FinCEN has exercised this authority on an infrequent basis, and believes that the updated burden estimate, now divided over the three-year renewal period, is a better reflection of the actual anticipated burden stemming from these requests.
16. Plans for tabulation, statistical analysis and publication.
This collection of information will not be tabulated or compiled for publication.
17. Request not to display the expiration date of the OMB control number.
FinCEN requests that it not be required to display the expiration date so that the regulations and form will not have to be amended for the new expiration date every three years.
18. Exceptions to the certification statement.
There are no exceptions to the certification statement.
1 Pub. L. 107–56, 115 Stat. 272 (Oct. 26, 2001).
2 The AML Act was enacted as Division F, sections 6001-6511, of the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, Pub. L. 116-283, 134 Stat. 3388 (Jan. 1, 2021).
3 See 31 U.S.C. 5311(1) – (2).
4 Treasury Order 180-01 (Reaffirmed Jan. 14, 2020); see also 31 U.S.C. 310(b)(2)(I) (providing that the Director of FinCEN “[a]dminister the requirements of subchapter II of chapter 53 of this title, chapter 2 of title I of Public Law 91–508, and section 21 of the Federal Deposit Insurance Act, to the extent delegated such authority by the Secretary.”).
5 Pub. L. 111-195, 124 Stat. 1312 (July 1, 2010), codified at 22 U.S.C. 8501-8551. While the BSA and CISADA are distinct statutory authorities, the implementing regulations for section 104(e) of CISADA are located at 31 CFR Chapter X Part 1060. These regulations use certain terms that are defined in the BSA and its implementing regulations, including but not limited to bank (as defined in 31 CFR 1010.100(d)), foreign bank (as defined in 31 CFR 1010.100(u), and correspondent account (as defined in 31 CFR 1010.605(c)(1)(ii)). See FinCEN, Comprehensive Iran Sanctions, Accountability, and Divestment Reporting Requirements Final Rule, 76 FR 62607, 62617 (Oct. 11, 2011).
6 Pub. L. 104-172, 110 Stat. 1541 (Aug. 5, 1996) (as amended), codified at 50 U.S.C. 1701 note.
7 See CISADA, sections 104(e) and 104(c)(2)(describing sanctionable activities).
8 See supra note 5.
9 “Bank” is defined in the regulation (31 CFR 1060.300(a)(1)) by way of 31 CFR 1010.100(d).
10 “Correspondent account” is defined in the regulation (31 CFR 1060.300(a)(1)) by way of 31 CFR 1010.605(c)(1)(ii).
11 “Foreign bank” is defined in the regulation (31 CFR 1060.300(a)(1)) by way of 31 CFR 1010.100(u).
12 The International Emergency Economic Powers Act of 1977 (IEEPA), Pub. L. 95-2223, 91 Stat. 1626 (Dec. 28, 1977), codified at 50 U.S.C. 1701 et seq. For purposes of 31 CFR 1060.300, “Iranian-linked financial institution designated under IEEPA” means a financial institution designated by the U.S. Government pursuant to IEEPA (or listed in an annex to an Executive order issued pursuant to IEEPA) in connection with Iran's proliferation of weapons of mass destruction or delivery systems for weapons of mass destruction, or in connection with Iran's support for international terrorism.
13 For purposes of 31 CFR 1060.300, an “IRGC-linked person designated under IEEPA” means the IRGC or any of its agents or affiliates designated by the United States Government pursuant to IEEPA (or listed in an annex to an Executive order issued pursuant to IEEPA).
14 See Optional CISADA Certification Form, available at https://www.fincen.gov/sites/default/files/federal_register_notice/CISADA_Certification.pdf.
15 Id.
16 See 31 CFR 1060.300(c)(1).
17 See FinCEN, Agency Information Collection Activities; Proposed Renewal; Comment Request; Renewal Without Change of Reporting Obligations on Foreign Bank Relationships With Iranian-Linked Financial Institutions Designated Under IEEPA and IRGC-Linked Persons Designated Under IEEPA, 90 FR 14183 (Mar. 28, 2025).
18 See FinCEN, Privacy Act of 1974, as Amended; System of Records Notice (Treasury/FinCEN .001 – FinCEN Investigations and Examinations System—Treasury/FinCEN), 79 FR 20969, 20970 (Apr. 14, 2014).
19 Table 1 below sets forth a breakdown of the number of U.S. banks, as defined in 31 CFR 1010.100 and as grouped in 31 CFR 1020.210, that are required to comply with 31 CFR 1060.300. However, note that not all U.S. banks maintain correspondent accounts for foreign banks. As a result, in practice, the regulations are not likely to require responses from U.S. banks that do not maintain correspondent accounts for foreign banks. For that reason, FinCEN also estimates the number of U.S. banks that maintain correspondent accounts for foreign banks in table 2 below.
20 FinCEN finds it unlikely that many of the 72 banks identified in table 2 would receive a CISADA Request. Thus, FinCEN assumes that each of the maximum number of U.S. banks estimated to receive a CISADA Request (expected respondents) would not receive more than one CISADA Request every three years, which is a time frame based on the PRA requirement to renew this OMB control number (1506-0066) every three years. This approach equates to an average maximum of 24 expected respondents per year. If 72 U.S. banks each receive one request over the course of a three-year period, that equates to 24 U.S. banks receiving a CISADA Request each year (72 banks/3 years).
21 Because FinCEN has used its authority to make CISADA Requests in limited circumstances and given its data from previous CISADA Requests, FinCEN estimates that it will make CISADA Requests to U.S. banks that include no more than approximately three foreign banks per year, on average, in each CISADA Request. Thus, if up to 24 U.S. banks, which may maintain correspondent accounts for specified foreign banks are required to respond to CISADA Requests that identify on average three specified foreign banks annually, FinCEN would expect to receive up to 72 CISADA Reports per year, on average.
22 Two thirds of 72 CISADA Reports equates to 48 CISADA Reports submitted by U.S. banks that maintain a correspondent account for a specified foreign bank. One third of 72 CISADA Reports equates to 24 CISADA Reports submitted by U.S. banks that do not maintain a correspondent account for a specified foreign bank.
23 The wage rate applied here is a general composite hourly wage ($85.55), scaled by a private-sector benefits factor of 1.42 ($120.07 = $85.55 x 1.42), that incorporates the mean wage data (available for download at https://www.bls.gov/oes/tables.htm, “May 2023 - National industry-specific and by ownership”) associated with the six occupational codes (11-1010: Chief Executives; 11-3021: Computer and Information Systems Managers; 11-3031: Financial Managers; 13-1041: Compliance Officers; 23-1010: Lawyers and Judicial Law Clerks; 43-3099: Financial Clerks, All Other) for each of the nine groupings of NAICS industry codes that FinCEN determined are most directly comparable to its eleven categories of covered financial institutions as delineated in 31 CFR chapter X parts 1020 to 1030. The benefit factor is 1 plus the benefit/wages ratio, where, as of June 2023, Total Benefits = 29.4 and Wages and salaries = 70.6 (29.4/70.6= 0.42) based on the private industry workers series data downloaded from https://www.bls.gov/news.release/archives/ecec_09122023.pdf, accessed December 22, 2024. Given that many occupations provide benefits beyond cash wages (e.g., insurance, paid leave, etc.), the private sector benefit is applied to reflect the total cost to the employer.
| File Type | application/vnd.openxmlformats-officedocument.wordprocessingml.document |
| Author | Information Technology |
| File Modified | 0000-00-00 |
| File Created | 2025-08-01 |