- Reporting requirements such as those created by the Bank Secrecy Act pose a unique threat, because government alone has the power or arrest and prosecution, and to demand asset forfeitures.
- The Bank Secrecy Act often conflicts with banker’s obligations to respect the financial privacy laws of other countries.
- Current informal regulatory practices under The Bank Secrecy Act are the same as or similar to the very proposals overwhelmingly rejected by the public in the recent inquiry into the FDIC’s “Know Your Customer” proposal.
- The Bank Secrecy Act does not make our streets safer.
- The Bank Secrecy Act’s reporting requirements do not belong in a free country, any more than a law requiring the reporting of purchases of “subversive” books and literature would belong.
Privacy Policy in the Big Picture
Since electronic commerce began to put on a growth spurt, headed for ungainly adolescence, various agencies and individuals in the executive branch and in various agencies have offered up many pronouncements on privacy. These announcements are inconsistent with policies developed under the Bank Secrecy Act, as if the right hand of government does not know what the left hand is doing.
Since 1996, the FTC has initiated a large number of workshops, reports, and proceedings on the importance of privacy. These have been directed at the private sector businesses that collect information from customers for marketing purposes. But what about reporting practices under the Bank Secrecy Act? Under the Act, about 85 percent of banks engage in some form of customer profiling, compiling suspicious activity reports to file with regulators enjoying unique powers to arrest citizens, bring them to trial or to seize their assets in forfeiture proceedings–powers the private sector lacks.
In privacy proceedings, the FTC and the Commerce Department have each emphasized that their view of privacy includes giving consumers a choice about privacy. The FTC explains that “choice means giving consumers options as to how any personal information collected from them may be used.” Under the Bank Secrecy Act, however, banks do not generally disclose to customers the extent of their customer profiling program, and if a suspicious activity report is filed, is statutorily barred from notifying the customer. Again, the private‐sector, which poses no substantial dangers in its use of information, is the target, while the government–the real threat– is off the hook.
In 1998, Vice President Al Gore has proposed, with great fanfare, an Electronic Bill of Rights. In discussing privacy, he said:
Privacy is a basic American value — in the Information Age, and in every age. And it must be protected. We need an electronic bill of rights for this electronic age. You should have the right to choose whether your personal information is disclosed; you should have the right to know how, when, and how much of that information is being used; and you should have the right to see it yourself, to know if it’s accurate.
Why should government, with its unique law enforcement powers, be permitted to disregard “basic” privacy principles? The privacy rights affirmed by Congress in the Right to Financial Privacy Act are meaningless, because the Financial Privacy Act does not override the Bank Secrecy Act. Under the Financial Privacy Act, customers must be given notice when their information is transferred between federal agencies–but not when FinCEN transmits reports to law enforcement. In targeting the uses of information in the private sector and permitting government‐sponsored information gathering to grow under the Bank Secrecy Act, federal privacy policy stands upside down.
From an international perspective, the United State’s Bank Secrecy Act brings U.S. banks into constant conflict with laws protecting financial privacy in many other countries, exposing bankers to the impossible problem of having to comply with two inconsistent legal regimes.
Public Accountability: The Bank Secrecy Act and Regulatory Practices
The FDIC’s proposed “Know Your Customer” rule was withdrawn in large part because thousands of angry letters filed in comment showed that the rule would undermine public trust in the banking system. John D. Hawke, comptroller of the currency, emphasized that “Know Your Customer” inadvertently undermined confidence in the banking system by violating the confidential relationship between banks and their customers.1
Yet many of the practices that would have been formally enacted into the law by “Know Your Customer” already exist under the Bank Secrecy Act, both directly required by the Act or required by regulations and guidelines under the Act.
To comply with the Bank Secrecy Act, about 48,000 suspicious activity reports were filed between April 1, 1996 and September 30, 1997. The Suspicious Activity Reports database is open to all U.S. Attorney’s Offices and to 59 law enforcement agencies, including the FBI, Secret Service, and Customs. No showing of probable cause is required to access the reports. Many agencies simply periodically download all of the files and keep them as a long as they want.
The suspicious activity reports must be filed under the Bank Secrecy Act if:
- The transaction involves funds derived from illegal activities or is intended to conceal such funds to evade any law or regulation, including reporting regulations;
- The transaction is designed to evade any Bank Secrecy Act regulation; or
- the transaction has no business or lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution has no reasonable explanation for the transaction after examining the available facts, including background and possible purposes of the transaction.2
The Federal Reserve’s “Know Your Customer” manual’s section 601 instructs banks as follows: