edit: As I re-read the thread I see that I am thinking more of onboarding KYC, as opposed to this case which would be ongoing-activity investigation. So that would explain the difference in expectations here. Still interested in learning more about the regs for ongoing investigations if you have time to share!
The bit at 31 USC § 5318(g)(2)(A) under the title “Notification prohibited.” FinCEN has also promulgated confidentiality rules thereunder. I don’t have a pincite for that but I believe it’s tucked amongst their record keeping rules.
edit: As I re-read the thread I see that I am thinking more of onboarding KYC, as opposed to this case which would be ongoing-activity investigation. So that would explain the difference in expectations here. Still interested in learning more about the regs for ongoing investigations if you have time to share!