Oversight Hearing Regarding the Bank Secrecy Act and Reporting Requirements


Mr. Chairman, my name is Solveig Singleton and I am a lawyer atthe Cato Institute. Thank you for this opportunity to comment onthe Bank Secrecy Act. My testimony examines whether the Act'sreporting requirements are consistent with a coherent federalprivacy policy. I will make the following points:

  • Reporting requirements such as those created by the BankSecrecy Act pose a unique threat, because government alone has thepower or arrest and prosecution, and to demand assetforfeitures.
  • The Bank Secrecy Act often conflicts with banker's obligationsto respect the financial privacy laws of other countries.
  • Current informal regulatory practices under The Bank SecrecyAct are the same as or similar to the very proposals overwhelminglyrejected by the public in the recent inquiry into the FDIC's "KnowYour Customer" proposal.
  • The Bank Secrecy Act does not make our streets safer.
  • The Bank Secrecy Act's reporting requirements do not belong ina free country, any more than a law requiring the reporting ofpurchases of "subversive" books and literature would belong.

Privacy Policy in the Big Picture

Since electronic commerce began to put on a growth spurt, headedfor ungainly adolescence, various agencies and individuals in theexecutive branch and in various agencies have offered up manypronouncements on privacy. These announcements are inconsistentwith policies developed under the Bank Secrecy Act, as if the righthand of government does not know what the left hand is doing.

Since 1996, the FTC has initiated a large number of workshops,reports, and proceedings on the importance of privacy. These havebeen directed at the private sector businesses that collectinformation from customers for marketing purposes. But what aboutreporting practices under the Bank Secrecy Act? Under the Act,about 85 percent of banks engage in some form of customerprofiling, compiling suspicious activity reports to file withregulators enjoying unique powers to arrest citizens, bring them totrial or to seize their assets in forfeiture proceedings--powersthe private sector lacks.

In privacy proceedings, the FTC and the Commerce Department haveeach emphasized that their view of privacy includes givingconsumers a choice about privacy. The FTC explains that "choicemeans giving consumers options as to how any personal informationcollected from them may be used." Under the Bank Secrecy Act,however, banks do not generally disclose to customers the extent oftheir customer profiling program, and if a suspicious activityreport is filed, is statutorily barred from notifying the customer.Again, the private-sector, which poses no substantial dangers inits use of information, is the target, while the government--thereal threat-- is off the hook.

In 1998, Vice President Al Gore has proposed, with greatfanfare, an Electronic Bill of Rights. In discussing privacy, hesaid:

Privacy is a basic American value - in the Information Age, andin every age. And it must be protected. We need an electronic billof rights for this electronic age. You should have the right tochoose whether your personal information is disclosed; you shouldhave the right to know how, when, and how much of that informationis being used; and you should have the right to see it yourself, toknow if it's accurate.

Why should government, with its unique law enforcement powers,be permitted to disregard "basic" privacy principles? The privacyrights affirmed by Congress in the Right to Financial Privacy Actare meaningless, because the Financial Privacy Act does notoverride the Bank Secrecy Act. Under the Financial Privacy Act,customers must be given notice when their information istransferred between federal agencies--but not when FinCEN transmitsreports to law enforcement. In targeting the uses of information inthe private sector and permitting government-sponsored informationgathering to grow under the Bank Secrecy Act, federal privacypolicy stands upside down.

From an international perspective, the United State's BankSecrecy Act brings U.S. banks into constant conflict with lawsprotecting financial privacy in many other countries, exposingbankers to the impossible problem of having to comply with twoinconsistent legal regimes.

Public Accountability: The Bank Secrecy Act andRegulatory Practices

The FDIC's proposed "Know Your Customer" rule was withdrawn inlarge part because thousands of angry letters filed in commentshowed that the rule would undermine public trust in the bankingsystem. John D. Hawke, comptroller of the currency, emphasized that"Know Your Customer" inadvertently undermined confidence in thebanking system by violating the confidential relationship betweenbanks and their customers.1

Yet many of the practices that would have been formally enactedinto the law by "Know Your Customer" already exist under the BankSecrecy Act, both directly required by the Act or required byregulations and guidelines under the Act.

To comply with the Bank Secrecy Act, about 48,000 suspiciousactivity reports were filed between April 1, 1996 and September 30,1997. The Suspicious Activity Reports database is open to all U.S.Attorney's Offices and to 59 law enforcement agencies, includingthe FBI, Secret Service, and Customs. No showing of probable causeis required to access the reports. Many agencies simplyperiodically download all of the files and keep them as a long asthey want.

The suspicious activity reports must be filed under the BankSecrecy Act if:

  • The transaction involves funds derived from illegal activitiesor is intended to conceal such funds to evade any law orregulation, including reporting regulations;
  • The transaction is designed to evade any Bank Secrecy Actregulation; or
  • the transaction has no business or lawful purpose or is not thesort in which the particular customer would normally be expected toengage, and the financial institution has no reasonable explanationfor the transaction after examining the available facts, includingbackground and possible purposes of the transaction.2

The Federal Reserve's "Know Your Customer" manual's section 601instructs banks as follows:

An integral part of an effective "know your customer"policy is a comprehensive knowledge of the transactions carried outby the customers of the financial institution. There, it isnecessary that the "know your customer" procedures established bythe institution all for the collection of sufficient information todevelop a "customer profile."
. . . The customer profile should allow the financial institutionto understand all facets of the customer's intended relationshipwith the institution, and, realistically, determine whethertransactions are suspicious or potentially illegal. Internalsystems should then be developed for monitoring transactions todetermine if transactions occur which are inconsistent with the"customer profile."3

This suggests two problems:

  • The discretion of administrative agencies to require banks toengage in customer profiling without specific legislative mandatesor even a rulemaking proceeding has caused an alarming failure ofpublic accountability.
  • The Bank Secrecy Act has the same potential to undermine publicconfidence in the banking system as did "Know Your Customer." Thedifference is that the extent of profiling under the Bank SecrecyAct is not widely known to the public.

The Bank Secrecy Act Will Not Make Us Safer

Despite this, the Bank Secrecy Act's reporting requirements willnot make us safer. Swiss banks managed to respect their customers'privacy for decades without starting a Swiss crime wave (indeed,Swiss banking privacy made it possible for refugees from andvictims of the Nazi regime in Germany to safeguard theirassets).

The Bank Secrecy Act sacrifices the privacy of all to catch atiny number of alleged wrongdoers. Former bank regulator LawrenceLindsey of the American Enterprise Institute reports that between1987 and 1995 filed 77 million suspicious activity reports. Threethousand money laundering convictions were initiated, but 580 wereconvicted. For every 25,000 reports, one case was brought, and .2convictions obtained. In 1993, 63,000 of 10.2 million currencytransactions were reported as suspicious; more sophisticatedfiltering improved the ratio of reports to cases broughtsomewhat--but only to 1 percent.4 How could such a high ratio of filings toinvestigations possibly be supported against the Fourth Amendment'srequirement that the police are not to go shuffling through ourpapers without probable cause, and a warrant "particularlydescribing" the item or person they want to seize?

Money laundering is essentially a paperwork offense, the crimeof trying to conceal the proceeds of a crime. Historically, it wasnot a crime at all. Money laundering convictions are obtained atenormous taxpayer expense, and the streets are no safer because ofthem. Only a desk-bound view of law enforcement would see moresurveillance to catch money laundering as a meaningful way toprotect the rights of crime victims.

Is the Bank Secrecy Act worth the expense? It is useful to lawenforcement at some level. But so, too, would be a requirement thatphone companies survey and record all telephone conversations andsend "suspicious" recordings to the police. So would a requirementthat all book purchases be recorded and "subversive" purchasesreported. But such requirements have no place in a freecountry.

Government Abuses of Information

Government cannot be trusted with the power to collect complexand private facts about our lives without a showing of probablecause. History shows that government will not observe safeguardsintended to prevent the abuse of the power to collectinformation:

During World War II, U.S. census data was used to identifyJapanese-Americans and place them in internment camps.

When Social Security numbers were introduced in 1935, the publicwas repeatedly assured that they would be used only to ensure thatworkers were paying the payroll tax; they are now used throughoutthe federal government and private sector for many purposesentirely unrelated to social security.

In 1995 over 500 Internal Revenue Service agents were caughtillegally snooping through tax records of thousands of Americans,including personal friends and celebrities. Only five employeeswere fired for this misconduct.

In response, the IRS developed new privacy protection measures.These measures were useless, with hundreds of IRS agents beingcaught in early 1997, again snooping through the tax records ofacquaintances and celebrities.

The Clinton administration reportedly obtained hundreds of FBIfiles, including those of:

  • Billy R. Dale: Fired Travel Office Director
  • Marlin Fitzwater: Bush's press secretary
  • Ken Duberstein: Reagan's chief of staff
  • James Baker: Bush's secretary of state
  • Tony Blankley: Newt Gingrich's spokesman

The complexity of our lives and the government's lack ofknowledge about them are a bulwark against authoritarianism asimportant as the Constitution. As James C. Scott noted inSeeing Like A State: How Certain Schemes to Improve the HumanCondition Have Failed, all through history governments havestruggled to collect more information about citizens. But the morethey strive, the more unlikely it is that their goals can becompatible with the complex, fast-moving life in free society. NoAmerican citizen should be treated like a suspect unless and untilhe is one. The Bank Secrecy Act has no place in America.


1. Patrice Hill, "Regulators forBank Kill Rule on 'Spying,'" The Washington Times, March5, 1999, p. A1.

2. See 12 CFR Secs. 563.180, 21.11,and 208.20; see also Statement of Gregory T. Nojeim, LegislativeCounsel, American Civil Liberties Union, "Financial Privacy and theProposed "Know Your Customer" Regulations, before the Commercialand Administrative Law Subcommittee of the House of RepresentativesCommittee on the Judiciary.

3. http://www.bog.frb.fed.us/boarddocs/SupManual/.

4. Lawrence Lindsey, "InvadingFinancial Privacy," Financial Times, March 19, 1999, p.20.

Solveig Singleton

Committee on Banking and Financial Services
United States House of Representatives