Publications

Strengthening Financial Privacy in the Digital Age to Protect Consumers from Sweeping Surveillance

February 4, 2025 • Publications

Strengthening Financial Privacy in the Digital Age to Protect Consumers from Sweeping Surveillance
Stopping the Next Expansion by Prohibiting the Creation of a Central Bank Digital Currency
Opening the Door to Cryptocurrency Innovation by Eliminating Unnecessary Regulatory Barriers
Policymakers’ Environmental, Social, and Governance Concerns Should Not Override the Market’s Allocation of Resources
Monetary Policy That Holds the Fed Accountable
Removing Barriers to Small Business Capital Formation and Expanding Investor Opportunities
Other Reforms to Boost Competition and Innovation in the Financial Sector

Financial privacy in the United States has been disappearing for more than 50 years. Although many Americans believe that financial information is protected by the Fourth Amendment, that hasn’t been the case for decades. Worse yet, much of the surveillance that takes place has been hidden in the weeds of old and complex policies. Recently, the Foreign Intelligence Surveillance Act, or FISA, appeared in headlines across the country as Congress debated whether to reauthorize the government’s ability to surveil foreign persons located outside the United States.¹ However, the sweeping surveillance under the Bank Secrecy Act has remained hidden and largely untouched.

Congress should restore financial privacy in the United States. To do so, Congress should establish stronger financial privacy protections by eliminating Bank Secrecy Act reporting requirements, enacting inflation‐adjusted reporting thresholds for remaining requirements as well as the Internal Revenue Code, eliminating the exceptions in the Right to Financial Privacy Act, and establishing better public oversight for the Financial Crime Enforcement Network (FinCEN).

The Problem

The enactment of the Bank Secrecy Act in 1970 was met almost immediately with objections from groups concerned about violations of financial privacy.² By forcing banks and other financial institutions to record and report the financial activity of Americans, the Bank Secrecy Act essentially deputized financial institutions as law enforcement investigators. Less than a decade later, Congress enacted the Right to Financial Privacy Act in response to complaints against the regime. Yet, while some progress was made, the Right to Financial Privacy Act was crafted with a list of exemptions to its protections in many situations.

Since then, the Bank Secrecy Act has been officially expanded numerous times as part of both the war on terror and the war on drugs. In addition to being required to file currency transaction reports (CTRs) whenever a customer makes a transaction over $10,000, financial institutions must file suspicious activity reports (SARs) any time a customer’s activity might be interpreted as unusual. As it stands, the reasons that SARs are filed appears to have little to do with terrorism and human trafficking. Most often, the issue seems to be suspicions concerning the source of funds or that someone approached the CTR threshold (Figure 2).

Moreover, inflation has effectively increased the scope of activity that banks must report under the Bank Secrecy Act. For instance, the $10,000 threshold for CTRs was set in the 1970s but has never been adjusted for inflation. If it had, the threshold today would be closer to $75,000.³ Considering that Supreme Court Justices Lewis Powell and Harry Blackmun held in 1974 that the Bank Secrecy Act was constitutional, noting that they felt it was not an undue burden because of its “high” threshold, it’s only natural to wonder how they would characterize that burden under today’s circumstances.⁴

With such a broad scope, it is little surprise that more than 27 million Bank Secrecy Act reports were filed with FinCEN in 2023.⁵ This mass surveillance is conducted without a warrant, and FinCEN has long resisted calls for statistical information that describes the use of the data it collects. Some information was published in 2024, but it largely showed that while more than 27 million reports were filed with FinCEN, those reports led to only 372 investigations by the IRS (Figure 3).

Worse yet, some government officials seek even larger collections of financial data. In early 2021, the Treasury Department introduced a proposal that, among other things, would require banks and other financial institutions to report on accounts in which $600 or more is moved over the course of a year.⁶ In late 2021, Congress largely removed the proposal from consideration after there was widespread backlash from both the general public and the financial industry. Yet an echo of the proposal remained—one that required payments services (e.g., PayPal, Venmo, CashApp) to report on accounts with more than $600 of annual activity—and was ultimately enacted in the American Rescue Plan.⁷

With all these problems in mind, it’s no wonder that financial privacy is a serious concern for Americans across the country and across the political spectrum. Both privacy and trust have been cited as top concerns for why millions of Americans are unbanked.⁸ Likewise, the Pew Research Center found that an average of 59 percent of Americans are against the government’s monitoring of American citizens.⁹ And Reuters found that 75 percent of Americans would not let investigators tap into their internet activity, even in order to combat terrorism.¹⁰ Finally, and most recently, the Cato Institute found that 79 percent of Americans believe it is unreasonable for banks to share their records and transactions with the federal government.¹¹ Likewise, when asked if the government should need to obtain a warrant to access their financial records, 83 percent of the Americans surveyed said yes.

Privacy may mean different things to different people, but the fact remains that most Americans are concerned about their financial privacy in the wake of this unchecked surveillance. Restoring Americans’ constitutional protections is long overdue.

Solutions

There are several reforms that would help restore financial privacy in the United States, including revising the Bank Secrecy Act; eliminating the exceptions in the Right to Financial Privacy Act; eliminating Section 6050I reporting requirements; requiring inflation adjustments for all Bank Secrecy Act and IRS reporting thresholds; requiring FinCEN to publicly report the number of SARs and CTRs that effectively curb financial crime; protecting peer-to-peer transactions; and prohibiting the Securities and Exchange Commission (SEC) from collecting personally identifiable information in the Consolidated Audit Trail.

Revise the Bank Secrecy Act. Congress should repeal the Bank Secrecy Act. Short of that, Congress should repeal sections of the Bank Secrecy Act that require financial institutions to report on their customers. If law enforcement needs an individual’s financial records, law enforcement should be required to show probable cause to obtain a warrant. The basic framework to balance the competing interests of an individual’s financial privacy and the government’s ability to gather evidence to enforce laws is already present in the Fourth Amendment, so restoring that balance should not be controversial. Congress should amend 12 U.S.C. Sections 3402, 3413, and 3414 as well as 31 U.S.C. Sections 5313–16, 5318(a)(2), 5318A, 5321, 5325, 5326, 5331–32, 5341–5342, and 5351–55.
Eliminate the exceptions in the Right to Financial Privacy Act. Although the Right to Financial Privacy Act was well‐intentioned, the list of exceptions included in the act eliminates the bulk of the protections it otherwise offers. For instance, customers are not notified that the government is seeking their financial data, and they are not given the opportunity to object if the information is for Bank Secrecy Act reporting. To offer the protections everywhere except where it really matters is tantamount to offering no protections at all. The Right to Financial Privacy Act should also be strengthened with respect to the formal written requests that it allows government authorities to issue when there is no warrant or subpoena authority available. Congress should strike 12 U.S.C. Section 3408(2), as regulations should not be considered an avenue for circumventing the Fourth Amendment protections this law sought to establish. Likewise, Congress should strike 12 U.S.C. Section 3408(4)(A)2, because Americans should not have to sue the government to have their rights respected when it has already been judged that the authority for a warrant or subpoena does not exist.
Eliminate Section 6050I reporting requirements. No American should be forced by law to report on the activity of another American—especially when that activity is between only two parties and is therefore not subject to the third-party doctrine. Yet for financial transactions using cash or cryptocurrency, the law requires exactly that. Congress should strike 26 U.S.C. Section 6050I.
Require inflation adjustments for all Bank Secrecy Act and IRS reporting thresholds. If financial reporting requirements remain in effect, they should be updated to reflect the current value of money. Whether it is a CTR or a 6050I report, all reporting thresholds should be adjusted annually for inflation.
Require FinCEN to publicly report the number of SARs and CTRs that effectively curb financial crime. If Congress does not remove the reporting requirements of the Bank Secrecy Act, then FinCEN should be required to publicly report how many reports are received, reviewed, and requested by other governmental agencies. In addition, FinCEN should report how many reports resulted in a conviction, settlement, or additional charges in other investigations. The reports should make a clear distinction between criminal investigations that originated with SARs or CTRs and criminal investigations that merely used existing SARs or CTRs to strengthen existing cases.
Protect peer-to-peer transactions. Congress should enact protections for two-party, or peer-to-peer, transactions. Holding cryptocurrency in a self-hosted wallet is merely the digital equivalent of holding physical cash in a traditional wallet, and it is one of the few ways to escape surveillance under the third-party doctrine. Congress should not allow financial surveillance to be expanded to cover self-hosted wallets and peer-to-peer exchanges.
Prohibit the Securities and Exchange Commission’s collection of personally identifiable information in the Consolidated Audit Trail. The Securities and Exchange Commission’s consolidated audit trail collects data on every stock and options trade made in the United States and the personally identifying information of the individual who made the trade. The system infringes upon both Fourth and Fifth Amendment rights of investors, whose financial information is collected by the system on the theory that the government might need the information for future law enforcement. Congress should prohibit the Securities and Exchange Commission from collecting investors’ personally identifiable information in the consolidated audit trail.

Suggested Readings

The SEC’s Market Surveillance System Implicates the Fourth and Fifth Amendment Rights of Investors by Brent Skorup, Anastasia P. Boden, and Jennifer J. Schulp, Cato at Liberty (blog), Cato Institute (February 22, 2024)

The Right to Financial Privacy: Crafting a Better Framework for Financial Privacy in the Digital Age by Nicholas Anthony, Cato Institute Policy Analysis no. 945 (May 2, 2023)

Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals by Norbert J. Michel and Jennifer J. Schulp, Cato Institute Policy Analysis no. 932 (July 26, 2022)

How Inflation Erodes Financial Privacy by Nicholas Anthony, Cato at Liberty (blog), Cato Institute (June 10, 2022)

Hearing on Oversight of the Financial Crimes Enforcement Network, 117th Cong., 2nd Sess. (April 28, 2022)(statement for the record, testimony of Nicholas Anthony, Cato Institute)

The Infrastructure Investment and Jobs Act’s Attack on Crypto: Questioning the Rationale for the Cryptocurrency Provisions by Nicholas Anthony, Cato Institute Briefing Paper no. 129 (November 15, 2021)

Why Don’t Americans Have Stronger Financial Privacy? by Nicholas Anthony, Cato at Liberty (blog), Cato Institute (October 28, 2021)

Notes

1. Patrick G. Eddington, “FISA Fight Final Score: Surveillance State 1, Bill of Rights 0,” Cato at Liberty (blog), Cato Institute, April 22, 2024; Alexandra Hutzler, “What Is FISA? Surveillance Law and Key Spy Program in Spotlight,” ABC News, April 12, 2024; and Zachary B. Wolf, “What Information Is the Government Actually Collecting Under FISA?,” CNN, April 11, 2024.

2. Nancy M. Kirschner, “The Right to Financial Privacy Act of 1978—The Congressional Response to United States v. Miller: A Procedural Right to Challenge Government Access to Financial Records,” University of Michigan Journal of Law Reform 13, no. 1 (1979): 10–52.

3. Nicholas Anthony, “How Inflation Erodes Financial Privacy,” Cato at Liberty (blog), Cato Institute, June 10, 2022.

4. California Bankers Association v. Shultz, 416 U.S. 21 (1974), at 78–79.

5. The breakdown of those reports is as follows: 20.8 million currency transaction reports (CTRs); 4.6 million suspicious activity reports (SARs); 1.6 million foreign bank and financial accounts (FBARs); 421,500 Form 8300 reports; and 143,200 currency and other monetary instrument reports (CMIRs). “Financial Crimes Enforcement Network (FinCEN): Year in Review for FY 2023,” Financial Crimes Enforcement Network, 2023.

6. “General Explanations of the Administration’s Fiscal Year 2022 Revenue Proposals,” Department of the Treasury, May 2021, p. 88.

7. Kristin Schwab, “IRS Tells Payment Apps to Report Business Transactions over $600,” Marketplace, January 7, 2022.

8. Federal Deposit Insurance Corporation, How America Banks: Household Use of Banking and Financial Services: 2019 FDIC Survey (FDIC, October 2020).

9. Lee Rainie and Mary Madden, “Americans’ Views on Government Surveillance Programs,” Pew Research Center, March 16, 2015.

10. Dustin Volz, “Most Americans Unwilling to Give Up Privacy to Thwart Attacks: Reuters/Ipsos Poll,” Reuters, April 4, 2017.

11. Nicholas Anthony, “The Right to Financial Privacy: Crafting a Better Framework for Financial Privacy in the Digital Age,” Cato Institute Policy Analysis no. 945, May 2, 2023.