FinCEN Files Shows Regulatory and Privacy Concerns with the Bank Secrecy Act and the Necessity for Reform or Repeal

Last month, BuzzFeed News published an investigative report that alleged that banks sat on their hands while criminals laundered trillions of dollars over the past two decades. The FinCEN Files report and its conclusions are based on over 2,600 leaked documents that cover 200,000 suspicious financial transactions valued at $2 trillion between 1999 and 2017. In the wake of the scandal, commentators have contended that reform is needed. Sen. Elizabeth Warren (D-MA) responded with calls for further regulation of the banking industry.

While it is true that reform is needed, Warren and the others advocating to go after the banks fundamentally misunderstand the problem. Although the FinCEN Files leak has framed banks as enablers who allowed criminals to carry out illegal money laundering, the report’s findings seem to suggest that the banks involved did little to nothing wrong and followed the letter of the law—that law being the Bank Secrecy Act (BSA) and its respective regulations.

Under the BSA, financial institutions report to the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) and are charged with carrying out anti-money laundering operations. The BSA requires financial institutions to provide information to law enforcement agencies by filing currency transaction reports (CTRs) for transactions over $10,000 and suspicious activity reports (SARs) for suspected incidents of money laundering or fraud. In the words of Thomas Wade of the American Action Forum, the BSA “deputizes firms to prevent, identify, investigate, and report criminal activity.” In practice, the BSA has essentially made banks the snitches and “Karens” of the financial services industry.

As noted by the International Consortium of Investigative Journalists (which contributed to FinCEN Files): “A suspicious activity report (SAR) is not an accusation, it’s a way to alert government regulators and law enforcement to irregular activity and possible crimes.” Since nothing in the FinCEN Files report suggests that banks purposefully avoided filing SARs when needed, it is logical to conclude that any and all fault lies with the government regulators and law enforcement authorities who failed to utilize the SARs and act. In fact, a newly published report from the Government Accountability Office says that SARs are underused and recommend that “FinCEN develop policies and procedures to promote greater law enforcement use of Bank Secrecy Act reports.”

Clearly, some sort of reform is needed. Sen. Warren’s idea for reform calls for the creation of a new unit in the Treasury Department, separate from FinCEN, to investigate these types of financial crimes. Her proposal assumes that the problem with SARs is that there are not enough government resources or employees to investigate each filing.

In reality, the real problem with SARs is their sheer volume. According to Dynamic Securities Analytics, over 2.3 million SARs were filed in 2019, a 6 percent increase from 2018. As Brian Reardon of the S Corporation Association recently points out, FinCEN Files show that FinCEN SAR data is not being effectively used by regulators to stop crime. Reardon notes: “Despite the fact that SARs reports are limited to reports of ‘suspicious’ activity reported by financial institutions engaged in the transactions, the volume of information transmitted to the Treasury Department clearly is overwhelming and not effectively analyzed or managed.” Reardon also argues that the very nature of the report shows that FinCEN data is not secure.

Beyond that, in 2018, the Bank Policy Institute (BPI) conducted a comprehensive study to help determine if the resources banks put towards anti-money laundering compliance were providing law enforcement with useful data. BPI found that participating banks spent $2.4 billion and employed 14,000 individuals for anti-money laundering regulatory compliance. Despite these high costs, however, BPI found that only 4 percent of SARs and 0.44 percent of CTRs warranted follow-up by law enforcement.

Rather than throwing more money and people at the problem, Warren should be looking to modernize our anti-money laundering framework. Rep. Blaine Luetkemeyer’s (R-MO) Counter Terrorism and Illicit Finance Act would do just that. Luetkemeyer’s legislation would ease the BSA burden on banks and law enforcement by raising the threshold to require a CTR or SAR. While the bill preserves the criteria that financial institutions use to report suspicious activity, it directs the Treasury Secretary to conduct a formal review of reporting requirements to ensure that the information banks provide to law enforcement is of a “high degree of usefulness.” The bill also directs the Treasury Secretary to encourage the use of technological innovations to improve financial institutions’ anti-money laundering programs, providing safe harbor protection to banks.

While Luetkemeyer’s legislation would certainly be a step in the right direction, it would be even better to outright repeal the BSA. Unprecedented? No, the Competitive Enterprise Institute has argued this for over 20 years and Rep. Ron Paul supported the idea when he was in Congress.

In 1999, then-CEI senior policy analyst Solveig Singleton testified before the House Committee on Banking and Financial Services Oversight and made this pitch. In her written testimony on the Bank Secrecy Act and the law’s reporting requirements, Singleton argued that the BSA’s SAR requirement forces banks to “engage in some form of customer profiling” and “sacrifices the privacy of all to catch a tiny number of alleged wrongdoers.” Singleton cited research from the American Enterprise Institute that found that between 1987 and 1995 there were 77 million SARs filed, yet only 3,000 alleged money laundering suits, and a mere 580 convictions. Singleton asked: “How could such a high ratio of filings to investigations possibly be supported against the Fourth Amendment’s requirement that the police are not to go shuffling through our papers without probable cause, and a warrant ‘particularly describing’ the item or person they want to seize?” She concluded that “No American citizen should be treated like a suspect unless and until he is one. The Bank Secrecy Act has no place in America.”

In 2001, Dr. Richard Rahn, former chairman of Novecon Financial, contributed to CEI’s The Future of Financial Privacy and called for an edn to the war on money laundering due to privacy concerns.

Later in 2003, CEI scholar John Berlau wrote in Reason magazine about the PATRIOT Act and how it expanded the BSA to force businesses to spy on their customers:

In the debate over the PATRIOT Act and other broad surveillance measures, the Bank Secrecy Act should be thought of as a 30-year experiment in subverting the Fourth Amendment. The experiment has imposed tremendous costs on individual privacy and the economy (even before 9/11, the banking industry was estimating compliance costs of $10 billion a year), with few tangible results in stopping crime and even fewer in preventing terrorism. Getting back to the standards of the Fourth Amendment is a good idea, not just for securing privacy but for making law enforcement and intelligence agencies more focused and effective at stopping criminals and catching terrorists.

While BuzzFeed often, and rightly, complains about threats to our privacy (examples here, here, and here), the framing of its FinCEN Files report is fueling the calls by some to increase the extent to which private businesses are forced to violate the Fourth Amendment and their customers’ privacy.

Considering the threat that the BSA poses to privacy rights, coupled with the law’s regulatory burden and hampering of law enforcement activity, lawmakers should reform or repeal it.

CEI research associate Seth Carter contributed to this post.