Testimony on the Bank Secrecy Act and Privacy Policy
TESTIMONY of Solveig Singleton, Lawyer Cato Institute before the U.S. House of Representatives Committee on Banking and Financial Services Oversight hearing regarding the Bank Secrecy Act and reporting requirements April 20, 1999
Mr. Chairman, my name is Solveig Singleton and I am a lawyer at the Cato Institute. Thank you for this opportunity to comment on the Bank Secrecy Act. My testimony examines whether the Act’s reporting requirements are consistent with a coherent federal privacy policy. I will make the following points:
- Reporting requirements such as those created by the Bank Secrecy Act pose a unique threat, because government alone has the power or arrest and prosecution, and to demand asset forfeitures.
- The Bank Secrecy Act often conflicts with banker’s obligations to respect the financial privacy laws of other countries.
- Current informal regulatory practices under The Bank Secrecy Act are the same as or similar to the very proposals overwhelmingly rejected by the public in the recent inquiry into the FDIC’s “Know Your Customer” proposal.
- The Bank Secrecy Act does not make our streets safer.
- The Bank Secrecy Act’s reporting requirements do not belong in a free country, any more than a law requiring the reporting of purchases of “subversive” books and literature would belong.
Privacy Policy in the Big Picture
Since electronic commerce began to put on a growth spurt, headed for ungainly adolescence, various agencies and individuals in the executive branch and in various agencies have offered up many pronouncements on privacy. These announcements are inconsistent with policies developed under the Bank Secrecy Act, as if the right hand of government does not know what the left hand is doing.
Since 1996, the FTC has initiated a large number of workshops, reports, and proceedings on the importance of privacy. These have been directed at the private sector businesses that collect information from customers for marketing purposes. But what about reporting practices under the Bank Secrecy Act? Under the Act, about 85 percent of banks engage in some form of customer profiling, compiling suspicious activity reports to file with regulators enjoying unique powers to arrest citizens, bring them to trial or to seize their assets in forfeiture proceedings–powers the private sector lacks.
In privacy proceedings, the FTC and the Commerce Department have each emphasized that their view of privacy includes giving consumers a choice about privacy. The FTC explains that “choice means giving consumers options as to how any personal information collected from them may be used.” Under the Bank Secrecy Act, however, banks do not generally disclose to customers the extent of their customer profiling program, and if a suspicious activity report is filed, is statutorily barred from notifying the customer. Again, the private-sector, which poses no substantial dangers in its use of information, is the target, while the government–the real threat– is off the hook.
In 1998, Vice President Al Gore has proposed, with great fanfare, an Electronic Bill of Rights. In discussing privacy, he said:
Privacy is a basic American value – in the Information Age, and in every age. And it must be protected. We need an electronic bill of rights for this electronic age. You should have the right to choose whether your personal information is disclosed; you should have the right to know how, when, and how much of that information is being used; and you should have the right to see it yourself, to know if it’s accurate.
Why should government, with its unique law enforcement powers, be permitted to disregard “basic” privacy principles? The privacy rights affirmed by Congress in the Right to Financial Privacy Act are meaningless, because the Financial Privacy Act does not override the Bank Secrecy Act. Under the Financial Privacy Act, customers must be given notice when their information is transferred between federal agencies–but not when FinCEN transmits reports to law enforcement. In targeting the uses of information in the private sector and permitting government-sponsored information gathering to grow under the Bank Secrecy Act, federal privacy policy stands upside down.
From an international perspective, the United State’s Bank Secrecy Act brings U.S. banks into constant conflict with laws protecting financial privacy in many other countries, exposing bankers to the impossible problem of having to comply with two inconsistent legal regimes.
Public Accountability: The Bank Secrecy Act and Regulatory Practices
The FDIC’s proposed “Know Your Customer” rule was withdrawn in large part because thousands of angry letters filed in comment showed that the rule would undermine public trust in the banking system. John D. Hawke, comptroller of the currency, emphasized that “Know Your Customer” inadvertently undermined confidence in the banking system by violating the confidential relationship between banks and their customers.1
Yet many of the practices that would have been formally enacted into the law by “Know Your Customer” already exist under the Bank Secrecy Act, both directly required by the Act or required by regulations and guidelines under the Act.
To comply with the Bank Secrecy Act, about 48,000 suspicious activity reports were filed between April 1, 1996 and September 30, 1997. The Suspicious Activity Reports database is open to all U.S. Attorney’s Offices and to 59 law enforcement agencies, including the FBI, Secret Service, and Customs. No showing of probable cause is required to access the reports. Many agencies simply periodically download all of the files and keep them as a long as they want.
The suspicious activity reports must be filed under the Bank Secrecy Act if:
- The transaction involves funds derived from illegal activities or is intended to conceal such funds to evade any law or regulation, including reporting regulations;
- The transaction is designed to evade any Bank Secrecy Act regulation; or
- The transaction has no business or lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution has no reasonable explanation for the transaction after examining the available facts, including background and possible purposes of the transaction.2
The Federal Reserve’s “Know Your Customer” manual’s section 601 instructs banks as follows: An integral part of an effective “know your customer” policy is a comprehensive knowledge of the transactions carried out by the customers of the financial institution. There, it is necessary that the “know your customer” procedures established by the institution all for the collection of sufficient information to develop a “customer profile.”. . . The customer profile should allow the financial institution to understand all facets of the customer’s intended relationship with the institution, and, realistically, determine whether transactions are suspicious or potentially illegal. Internal systems should then be developed for monitoring transactions to determine if transactions occur which are inconsistent with the “customer profile.”3
This suggests two problems:
- The discretion of administrative agencies to require banks to engage in customer profiling without specific legislative mandates or even a rulemaking proceeding has caused an alarming failure of public accountability.
- The Bank Secrecy Act has the same potential to undermine public confidence in the banking system as did “Know Your Customer.” The difference is that the extent of profiling under the Bank Secrecy Act is not widely known to the public.
The Bank Secrecy Act Will Not Make Us Safer
Despite this, the Bank Secrecy Act’s reporting requirements will not make us safer. Swiss banks managed to respect their customers’ privacy for decades without starting a Swiss crime wave (indeed, Swiss banking privacy made it possible for refugees from and victims of the Nazi regime in Germany to safeguard their assets).
The Bank Secrecy Act sacrifices the privacy of all to catch a tiny number of alleged wrongdoers. Former bank regulator Lawrence Lindsey of the American Enterprise Institute reports that between 1987 and 1995 filed 77 million suspicious activity reports. Three thousand money laundering convictions were initiated, but 580 were convicted. For every 25,000 reports, one case was brought, and .2 convictions obtained. In 1993, 63,000 of 10.2 million currency transactions were reported as suspicious; more sophisticated filtering improved the ratio of reports to cases brought somewhat–but only to 1 percent.4 How could such a high ratio of filings to investigations possibly be supported against the Fourth Amendment’s requirement that the police are not to go shuffling through our papers without probable cause, and a warrant “particularly describing” the item or person they want to seize?
Money laundering is essentially a paperwork offense, the crime of trying to conceal the proceeds of a crime. Historically, it was not a crime at all. Money laundering convictions are obtained at enormous taxpayer expense, and the streets are no safer because of them. Only a desk-bound view of law enforcement would see more surveillance to catch money laundering as a meaningful way to protect the rights of crime victims.
Is the Bank Secrecy Act worth the expense? It is useful to law enforcement at some level. But so, too, would be a requirement that phone companies survey and record all telephone conversations and send “suspicious” recordings to the police. So would a requirement that all book purchases be recorded and “subversive” purchases reported. But such requirements have no place in a free country.
Government Abuses of Information
Government cannot be trusted with the power to collect complex and private facts about our lives without a showing of probable cause. History shows that government will not observe safeguards intended to prevent the abuse of the power to collect information:
During World War II, U.S. census data was used to identify Japanese-Americans and place them in internment camps.
When Social Security numbers were introduced in 1935, the public was repeatedly assured that they would be used only to ensure that workers were paying the payroll tax; they are now used throughout the federal government and private sector for many purposes entirely unrelated to social security.
In 1995 over 500 Internal Revenue Service agents were caught illegally snooping through tax records of thousands of Americans, including personal friends and celebrities. Only five employees were fired for this misconduct.
In response, the IRS developed new privacy protection measures. These measures were useless, with hundreds of IRS agents being caught in early 1997, again snooping through the tax records of acquaintances and celebrities.
The Clinton administration reportedly obtained hundreds of FBI files, including those of:
- Billy R. Dale: Fired Travel Office Director
- Marlin Fitzwater: Bush’s press secretary
- Ken Duberstein: Reagan’s chief of staff
- James Baker: Bush’s secretary of state
- Tony Blankley: Newt Gingrich’s spokesman
The complexity of our lives and the government’s lack of knowledge about them are a bulwark against authoritarianism as important as the Constitution. As James C. Scott noted in Seeing Like A State: How Certain Schemes to Improve the Human Condition Have Failed, all through history governments have struggled to collect more information about citizens. But the more they strive, the more unlikely it is that their goals can be compatible with the complex, fast-moving life in free society. No American citizen should be treated like a suspect unless and until he is one. The Bank Secrecy Act has no place in America.
NOTES:1. Patrice Hill, “Regulators for Bank Kill Rule on ‘Spying,'” The Washington Times, March 5, 1999, p. A1.
2. See 12 CFR Secs. 563.180, 21.11, and 208.20; see also Statement of Gregory T. Nojeim, Legislative Counsel, American Civil Liberties Union, “Financial Privacy and the Proposed “Know Your Customer” Regulations, before the Commercial and Administrative Law Subcommittee of the House of Representatives Committee on the Judiciary.
3. http://www.bog.frb.fed.us/boarddocs/SupManual/.
4. Lawrence Lindsey, “Invading Financial Privacy,” Financial Times, March 19, 1999, p. 20.