The Bank Secrecy Act: Are There Still Secrets In Banking? Richard D. Horn and Shelby J. Kelley In the 30 years since the Bank Secrecy Act (BSA) 1 was enacted, the notion that we could keep information about our bank relationships and financial transactions secret has gradually, but steadily, eroded. Today, bank secrecy is a misnomer. The record keeping and reporting requirements of the BSA have spawned a vast regulatory and law enforcement network with unprecedented access to what most of us would consider our private financial information. All financial institutions, as the term is broadly defined, 2 are required to maintain records of certain types of financial transactions and to file detailed reports describing activity judged to be suspicious. The data in these reports are accessible electronically, without notice, warrant, or probable cause by every U.S. Attorneys Office and some 60 law enforcement agencies including the FBI, Secret Service, and the Customs Service. 3 Critics of the BSA have complained that the reporting requirements turn bankers into law enforcement agents and give government officials access to personal financial information without a warrant or subpoena. 4 For customers, the scope of the intrusion can be disconcerting; for financial institutions, the consequences of non-compliance can be staggering. 5 The BSA places enormous responsibilities on financial institutions, management and their boards of directors, to know who their customers are, the sources of their customers funds, and the ways in which those funds Richard D. Horn, a partner in the Washington, D.C., office of Bracewell & Giuliani, LLP, represents clients in all types of civil litigation and dispute resolution arising from business relationships and commercial transactions. He can be reached at richard.horn@bracewellgiuliani.com. ShelbyJ. Kelley, an associate in the Trial section of the firm s Washington office, can be reached at shelby.kelley@bracewellgiuliani.com. 781
Privacy& Data Security Law Journal are used. On the other hand, a safe, reliable, and well-governed financial system is essential to support the free flow of commercial activity and overall economic development. Clearly, we must do all that we can to prevent the flow of funds through our financial system into the hands of terrorists. Likewise, if the profits from illegal activities can easily be laundered and re-introduced into the financial markets, it can erode the integrity of the system, foster further illicit conduct, and discourage legitimate investments into the economy. Accordingly, unless the world becomes a radically safer place to live, the trend of the past three decades is likely to continue. The obligation to comply with the requirements of the BSA, and the consequences for failure to do so, will be extended further to more and more sectors of the financial community deemed vulnerable to money laundering and terrorist financing. Likewise, consumers of financial services will simply have to adjust their expectations of privacy in the context of their financial transactions. Like it or not, the BSA is here to stay. MONEY LAUNDERING AND TERRORIST FINANCING The principal drivers behind the BSA are the detection and prevention of money laundering and terrorist financing. Depriving the criminal of his ability to conceal the sources of his ill gotten gains undermines the very objective of the criminal activity. Staunching the flow of money to terrorists and their organizations drastically reduces their ability to do harm. The concept is simple: in the absence of a usable profit or funding, the criminal activity will subside. The BSA shifts responsibility to financial institutions to develop and implement procedures for monitoring customer transactions, identifying suspicious activity and then reporting it to law enforcement. Thus, a starting point for BSA compliance is an understanding of the criminal activity to be prevented. Laundering money is the process of disguising the illegal origin of criminal proceeds and making them appear legitimate. An estimated $500 billion to $1 trillion dollars are laundered annually. 6 Terrorist financing, as the name implies, is the raising or collecting of money to fund terrorist 782
The Bank Secrecy Act: Are There Still Secrets In Banking? activity. The term actually describes two types of activities: the funding of terrorist cells that carry out attacks, and fundraising for terrorist organizations. At their core, the processes and methods used to launder money derived from criminal activity are substantially similar to those used to disguise the source of terrorist funding. 7 Money can be laundered in a variety of ways, but the basic structure is the same. The first step in the process is the physical placement of currency derived from criminal activity into the financial system. Unlike traditional money laundering of criminal proceeds, funds used to finance terrorism may be derived from legitimate sources, such as social, religious, or charitable organizations. 8 In either case, however, funds can be deposited into bank accounts; they can be used to purchase financial instruments such as money orders, cashier s checks, or stored value cards; and they can be used to make purchases of items of value such as precious metals, jewelry, automobiles, etc. During the next stage, the layering stage, the money launderer tries to obscure the trail left behind by the money. This can be accomplished through one or more financial transactions that shift the money away from its origins or sources. For example, once funds are placed in a bank account, they can then be transferred to other accounts controlled by the launderer, either domestically or across international borders; or they can be used to pay for goods and services, which may or may not be real, but which nonetheless give the funds added indicia of legitimacy. Finally, the funds re-enter the legitimate economy during the integration stage where the path of laundered money generally diverges from terrorist funding. With terrorist financing, integrated funds are forwarded to terrorists and their organizations. Laundered funds, however, are integrated into the financial system through the purchase of legal assets. The launderer or beneficiary of the process may invest these funds in real estate, corporate ventures, or other assets. Once funds have been invested into the legitimate financial system, it is very difficult to trace them back to their unlawful origin unless an audit trail was established back during the placement and integration stages. 783
Privacy& Data Security Law Journal THE HISTORY OF THE BSA While the tasks of combating money laundering and preventing terror financing have justifiably assumed greater importance since the attacks of September 11, 2001, it is important to remember that the BSA is not new. It was originally passed in 1970 as the Currency and Foreign Transaction Reporting Act, 9 to assist in identifying the source, volume and movement of currency and other monetary instruments domestically and across the country s borders. The framework of the BSA then was much as it is today: it contemplated the creation of a paper trail by requiring banks and other financial institutions to monitor and report certain types of financial transactions, giving law enforcement access to information that could be useful in investigating and prosecuting criminal activity. Over a decade later, looking for new weapons to combat drug trafficking, Congress enacted the Money Laundering Control Act of 1986, 10 imposing criminal liability on persons and financial institutions who knowingly launder money, or who structure financial transactions to avoid the reporting requirements of the BSA. 11 In 1990, Congress created FinCEN, the Financial Crimes Enforcement Network, whose stated mission is to safeguard the financial system from the abuses of financial crime, including terrorist financing, money laundering, and other illicit activity. 12 FinCEN administers the BSA and supports law enforcement, intelligence, and regulatory agencies through the sharing and analysis of financial intelligence. In response to a perceived need for even more information to support law enforcement investigations of suspicious financial transactions, Congress passes the Annunzio-Wylie Money Laundering Suppression Act in 1992, strengthening the sanctions for BSA violations and requiring financial institutions to file Suspicious Activity Reports (SARs). Two years later, the Money Laundering Suppression Act of 1994 was enacted, requiring regulators to develop enhanced examination procedures and to increase examiner training to improve the detection of money laundering schemes. 13 In 1996, the SAR reporting requirement was modified and strengthened, requiring all banking organizations within the United States to file a SAR upon detection of a known or suspected criminal violation 784
The Bank Secrecy Act: Are There Still Secrets In Banking? of federal law, or a suspicious transaction related to money laundering activity or a violation of the BSA. Prior to 9/11, the BSA and its implementing regulations were loudly criticized as legislating an unjustified and unreasonable level of federal government intrusion into the private financial affairs of its citizens. Assailed as a massive financial surveillance system that fails to properly balance the needs of law enforcement agents, financial institutions, and customer privacy requests consumer and privacy rights groups called for its repeal or at least a much narrower application. 14 Detractors agreed that the BSA and its invasive reporting requirements results in a tremendous loss of personal privacy without a measurable increase in government s ability to detect and deter criminal activity. 15 Some critical of the BSA argued, almost presciently, that the BSA did not make us any safer. 16 After the September 11, 2001 attacks, Congress responded swiftly, enacting The Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism Act of 2001, known as the USA PATRIOT Act. A key objective of the USA PATRIOT Act was to address the inconsistent and uneven flow of information among regulatory and law enforcement agencies of the federal government. Prior to 9/11, the Cold War model of information gathering and analysis emphasized the security of the information obtained. It was disclosed only on a need to know basis. The risk of inadvertent disclosure was viewed as outweighing any benefits to be gained from wider access. 17 Post 9/11, Congress felt this information system had to be transformed to provide incentive for the sharing of information and to bring to bear the full weight of technology to the task of gathering, organizing and analyzing this information. 18 BSA COMPLIANCE The USA PATRIOT Act is arguably the single most significant antimoney laundering law that Congress has enacted since the BSA itself. Among other things, the USA PATRIOT Act criminalized the financing of terrorism and augmented the existing BSA framework by strengthen- 785
Privacy& Data Security Law Journal ing customer identification procedures; prohibiting financial institutions from engaging in business with foreign shell banks; improving information sharing between financial institutions and the U.S. government, and requiring financial institutions to have due diligence procedures, and, in some cases, enhanced due diligence procedures for foreign correspondent and private banking accounts. Financial institutions must now develop, administer and maintain a written compliance program, approved by the board of directors, and noted in the board minutes. At a minimum, a compliance program must include: (i) a customer identification program (CIP); (ii) a system of internal controls to ensure compliance with the BSA s record-keeping and reporting requirements on an ongoing basis; (iii) independent testing; (iv) the designation of one or more persons as BSA compliance officer; and (v) training for appropriate bank personnel. In June 2005, the Federal Financial Institutions Examination Council (FFIEC) 19 issued its Bank Secrecy Act/Anti-Money Laundering Examination Manual (BSA/AML Manual), and the FFIEC recently released a revised version of the BSA/AML Manual on July 28, 2006. 20 The BSA/AML Manual promises to be an invaluable tool to assist financial institutions comply with their statutory and regulatory obligations under the BSA. It was developed collaboratively by the five Federal banking agencies: The Board of Governors of the Federal Reserve System, The Federal Deposit Insurance Corporation, National Credit Union Administration, Office of The Comptroller of the Currency, and The Office of Thrift Supervision, together with FinCEN to better ensure the uniform application of the BSA. But it offers more than just examination procedures. The BSA/AML Manual is a comprehensive resource of BSA and anti-money laundering guidance for banking organizations, 786
The Bank Secrecy Act: Are There Still Secrets In Banking? including commercial banks, savings associations and credit unions. BSA/AML compliance begins with the proposition that a financial institution must be able to form a reasonable belief that it knows the true identity of each of its customers. Accordingly, a financial institution s CIP must include account opening procedures specifying the kind of information required to confirm the customer s identity. For individual customers, the financial institution must obtain the customer s name, date of birth, address, and identification number, generally a taxpayer identification number where the customer is a U.S. citizen. In the case of a foreign customer, a passport number, alien ID card, or any other nonexpired, government-issued photo ID evidencing nationality or residence will generally suffice. Customers that are not individuals must provide documentation confirming the legal existence of the entity such as certified copies of articles of incorporation, government-issued business license, or partnership or trust agreement. In addition, non-individual customers must provide identifying information for those individuals who will have authority and control over the account. The financial institution is also required to give its customers adequate notice that it is collecting this information. 21 In addition to knowing the identity of each customer, the BSA mandates that financial institutions understand the nature of their customers banking needs and be able to predict with relative certainty the kinds of financial transactions the customer is likely to make. This is referred to as customer due diligence (CDD). Financial institutions can better detect potentially suspicious activity if they know in advance the typical or ordinary banking transactions to be expected from each customer. Obviously, some customers pose greater risk than others. A check cashing business deserves greater scrutiny than a retired individual living on a fixed income. Accordingly, the level of diligence is to be commensurate with the degree of risk. For customers defined as high-risk because of business activity, ownership structure, volume of activity or location, financial institutions must obtain more detailed information. The BSA/AML Manual suggests that financial institutions obtain a statement from the customer explaining the purpose of the account and the source of funding, financial statements, banking references, a description of the 787
Privacy& Data Security Law Journal business operations and anticipated volume and type of transactions, the identities of major customers and suppliers, and explanations for any significant changes in account activity. 22 Beyond customer identification and customer due diligence, the BSA imposes a variety of reporting and record-keeping requirements on financial institutions. One of the fundamental reporting requirements under the BSA is the obligation to report large currency transactions. Financial institutions are required to file a Currency Transaction Report (CTR) for each transaction in which they are involved that exceeds $10,000.00. 23 Multiple transactions by or on behalf of the same customer or party are treated as a single, reportable transaction if they total more than $10,000.00 and occur during the course of a single day. 24 CTRs must be filed with FinCEN within 15 days of the transaction, and financial institutions must retain copies of CTRs for five years. 25 In addition, financial institutions must create and maintain records relating to the purchase and sale of monetary instruments in amounts between $3,000 and $10,000, inclusive. 26 Financial institutions sell a variety of monetary instruments for cash, including money orders, cashier s checks, bank checks or drafts, and traveler s checks. Buying these types of instruments in amounts below the $10,000 CTR reporting threshold is one way criminals attempt to launder money. Accordingly, the BSA requires financial institutions to first verify the identity of the customer or person seeking to purchase the financial instrument. If that person has a deposit relationship with the financial institution, the regulations require the financial institution to make a record of the name of the purchaser, date of purchase, type, serial number, and dollar amount of each instrument, and verify the customer s identity. 27 If the purchaser does not have an account, the financial institution is required to obtain additional information, including the address and social security number of the purchaser, and presentation of valid photo identification. 28 Financial institutions are also required to create and maintain records relating to funds transfers. 29 Banks are required to collect and retain certain information, the type and amount of which depends on whether it acts as the originator s bank, an intermediary bank, or the beneficiary s bank, and whether an originator or beneficiary is an established customer 788
The Bank Secrecy Act: Are There Still Secrets In Banking? of the bank. 30 Non-bank financial institutions are also required to include certain information in transmittal orders for funds transfers of $3,000 or more, commonly referred to as the Travel Rule. 31 Another integral component of the BSA regime is its procedure for information sharing. In 2002 FinCEN adopted final regulations that established procedures for information sharing between and among financial institutions and law enforcement to deter money laundering and terrorist activity. 32 Under Section 314(a) of the USA PATRIOT Act (31 C.F.R. 103.100), a federal law enforcement agency may request that FinCEN solicit, on its behalf, information from one or more financial institutions to locate accounts and transactions of persons that are suspected of being involved in money laundering or terrorism. For each person or entity for which information is sought, the agency must certify to FinCEN in writing that it has credible evidence of engagement, or reasonably suspected engagement, in money laundering or terrorist activity. FinCEN may then require the financial institution to search its records to determine whether it has, or has had, accounts or engaged in transactions with the specific person or entity. The financial institution is required to search its records through the 12 months preceding the request and report to FinCEN within 14 days if it has a match. No further information needs to be provided in response to a 314(a) request, and a negative response is not required. Financial institutions are prohibited from disclosing the fact that FinCEN has requested or obtained information. The 314(a) process enables federal law enforcement agencies, through FinCEN, to reach more than 44,000 points of contact at more than 27,000 financial institutions to link suspected terrorists and/or money launderers with the individual institutions with which they have done business. 33 Section 314(a) is not, however, a substitute for a subpoena or other legal process. 314(a) requests provide lead information only. In order to obtain access to documents from a financial institution that has reported a positive match, the agency must comply with the legal standards applicable to the particular investigative tool it chooses to use. 34 Under Section 314(b) of the USA PATRIOT Act (31 U.S.C. 103.110), financial institutions may, after notification to FinCEN, elect 789
Privacy& Data Security Law Journal to share information with other participating financial institutions. 35 This information must be kept confidential and may only be used for limited purposes, including: to identify and report on money laundering and terrorist activities; to determine whether to establish or maintain an account; to engage in a transaction; and to otherwise assist in BSA compliance. 36 Section 314(b) also provides specific protection from civil liability as long as the financial institution maintains adequate procedures to protect the security and confidentiality of the information. 37 The single most important reporting requirement imposed by the BSA is the obligation to report suspicious activity. From the perspective of law enforcement, the filing of timely, complete and accurate SARs is critical to their efforts to combat money laundering and terrorist financing. 38 Banks, certain money service businesses (MSBs), securities broker/dealers, casinos, and insurance companies 39 must file a SAR with respect to any of the following: Criminal violations involving insider abuse in any amount. Criminal violations aggregating $5,000 or more when a suspect can be identified. Criminal violations aggregating $25,000 or more regardless of a potential suspect. Transactions conducted or attempted by, at, or through the financial institution and aggregating $5,000 or more, if the financial institution knows, suspects, or has reason to suspect that the transaction: s May involve potential money laundering or other illegal activity (e.g., terrorist financing). s Is designed to evade the BSA or its implementing regulations. s Has no business or apparent lawful purpose or is not the type of transaction that the particular customer would normally be expected to engage in, and the financial institution knows of no reasonable explanation for the transaction after examining the available facts, including the background and possible pur- 790
The Bank Secrecy Act: Are There Still Secrets In Banking? pose of the transaction. 40 Quite obviously, suspicious activity reporting requires financial institution personnel to review financial transactions and identify those that may be reportable under the BSA. Financial institutions are required to have policies, procedures and processes in place to effectively monitor, detect and report suspicious activity. Transaction monitoring can be done manually, by reviewing the various types of reports generated either by the bank s information service providers or by its own purchased software system. These reports can typically flag transactions above a certain dollar threshold and can be helpful in detecting unusual activity. When such activity is identified, personnel are then required to review the customer s due diligence file to determine whether the particular activity is suspicious. Fully automated systems are also available using either rule-based monitoring systems that can apply multiple or complex filters, or intelligent systems that can change analyses over time based on account activity, trends, and other relevant data. Fully-automated systems are typically much more expensive and can be appropriate for large banks with many locations, or a large volume of high risk customers. The SAR itself contains five parts: (i) information concerning the financial institution filing the SAR, (ii) information concerning the suspicious person(s), (iii) general information concerning the suspicious activity, (iv) contact information, and (v) the suspicious activity explanation/description the narrative portion of the SAR. It is this narrative portion that can be of the most value. Tips on preparing and filing SARs can be found at FinCEN s Web site at www. fincen.gov/pub_reports.html. 41 The BSA does not require financial institutions to investigate or confirm the crime underlying the suspicious activity; that is a matter for law enforcement. The decision to file or not to file a SAR is principally a subjective decision, and once a financial 791
Privacy& Data Security Law Journal institution files a SAR, it may not disclose to its customer that a SAR has been prepared or filed.42 Financial institutions are strongly encouraged to document the decision whether to file a SAR, and are required to have policies and procedures in place to guide and implement the decision making process. Examiners will review individual SAR filing decisions to assist in evaluating the effectiveness of the suspicious activity monitoring and reporting process. An important feature of the suspicious activity reporting system is the safe harbor rule. The financial institution, and its officers, directors and employees, are protected against civil liability for reporting suspicious activity. 43 In light of the consequences for failing to report suspicious activity, this safe harbor provision has had the unintended effect of increasing the volume of defensive SAR filings. 44 Since the filing of SARs was mandated in 1996, over 2.6 million SARs have been filed with FinCEN. 45 Currently, banks, money service businesses, insurance companies, securities broker dealers, futures commission merchants and casinos must have anti-money laundering programs in place and must file suspicious activity reports. Rules have been proposed or are in the process of being prepared that could add travel agencies, investment advisors, pawn brokers, unregistered investment companies, mutual fund companies, loan and finance companies, automobile dealers, persons involved in real estate closings and settlements, and commodity trading advisors to this list. 46 BSA NON-COMPLIANCE The consequences for failing to comply with the record-keeping and reporting requirements of the BSA can be severe, and not just for the financial institution. The failure, or refusal, to fully and actively participate in the national effort to combat money laundering and terrorist financing is the sentry asleep at his post. It allows profits from criminal activity to evade detection and to be integrated into the marketplace. It allows terrorist organizations to acquire the funding to support their radical agendas and deadly operations. The BSA/AML objectives can only 792
The Bank Secrecy Act: Are There Still Secrets In Banking? be fully achieved if all affected institutions comply with the statutory and regulatory obligations. Here are just a few recent examples of the consequences of non-compliance: In November 2005, one of the largest state-chartered banks in Florida agreed to forfeit $10 million to the U.S. government to avoid criminal charges that it permitted millions of dollars in suspected drug money to be laundered through its accounts over a period of almost seven years. 47 Despite numerous red flags such as a high volume of both incoming and outgoing wire transfers to apparently unrelated people and corporations, the bank failed to identify more than $50 million in suspicious transactions between July 1997 and April 2004. Under an agreement with the U.S. Department of Justice, prosecution against the bank was deferred for 12 months in return for the $10 million payment, and will be dismissed entirely if the bank continues to take appropriate corrective action to remedy the BSA violations. In December 2005, the New York Branch of ABN AMRO N.V. 48 entered into a Consent to the Assessment of Civil Money Penalty as a result of FinCEN s determination that ABN AMRO failed to establish and implement an adequate BSA/AML program. FinCEN found that the absence of effective internal controls, training and designated personnel at the New York Branch of ABN AMRO resulted in extensive violations of the requirement to timely report suspicious transactions. 49 Based on the seriousness of the violations, FinCEN imposed a civil money penalty in the amount of $30 million. As of June 30, 2005, the New York Branch of ABN AMRO had assets of approximately $35 million. Also in November 2005, following two lengthy investigations by the U.S. Attorneys Offices for the Southern and Eastern Districts of New York, the Bank of New York agreed to pay $38 million in penalties and victim compensation to avoid criminal prosecution for its failure to comply with the reporting requirements of the BSA. In one of the largest financial settlements ever for a 793
Privacy& Data Security Law Journal financial institution, Bank of New York acknowledged That it failed to have an effective anti-money laundering program, that it intentionally failed to take steps to report known evidence of suspected criminal conduct by a bank customer and [Bank of New York] employees as required under the mandatory reporting obligations of the Bank Secrecy Act and that both the bank's general counsel, managing counsel, and other senior executives repeatedly ignored the bank's legal obligations to file the required Suspicious Activity Report (SAR), doing so only after the principals of a [Bank of New York] customer were arrested months later by federal authorities. 50 BSA SUCCESS, SO FAR In December 2005, an interagency working group comprised of 16 federal bureaus from law enforcement, regulatory and policy arenas published the U.S. Money Laundering Threat Assessment. The purposes of The Threat Assessment was to describe exactly how money is being laundered, to point up key vulnerabilities in connection with various money-laundering methods, and to identify the existing regulatory and policy framework. On April 4, 2006, Stuart Levey, Under Secretary of the Department of The Treasury s Office of Terrorism and Financial Intelligence, testified before the Senate Committee on Banking, Housing and Urban Affairs on the Department s progress in combating terrorist financing and money laundering. 51 Under-Secretary Levey described a number of the key findings of The Threat Assessment: With the advent of Internet and remote banking, financial institutions face increased challenges in ascertaining the identity of customers and the sources of funds. Criminals and money launderers have successfully exploited state laws imposing only minimal information requirements on registration of corporate entities. The money laundering threat posed by casinos has grown substantially with the expansion of tribal gaming. 794
The Bank Secrecy Act: Are There Still Secrets In Banking? The emergence of new investment products from the insurance industry has created new opportunities for money laundering. Increased efforts to detect and prevent money laundering domestically has forced criminals to resort to older, simpler forms of money laundering; smuggling US currency out of the United States already are one of the most common forms of money laundering appears to be on the rise. 52 The data suggests that efforts to address money laundering have accomplished some positive results, but there is still much more to do. As Under Secretary Levey s testimony makes clear, the federal government plans to continue extending the BSA to financial sectors deemed to be the most vulnerable to money laundering and/or terrorist financing. 53 The measure of success against terrorist financing is more elusive. A fundamental premise of the BSA regime is that the underlying criminal activity will generate large sums of money which then needs to be laundered through the financial system. Yet, as the 9/11 attacks and the more recent terrorist attacks demonstrate, the financing of operational terrorist cells requires relatively modest sums. It is estimated that the 9/11 hijackers were bankrolled with $400,000 - $500,000, with only $300,000 of that passing through the hijackers bank accounts in the United States. 54 The BSA requires financial institutions to identify and report suspicious activities and unusual financial transactions, but even the strictest adherence to the BSA would not have produced a suspicious activity report for any of the 9/11 hijackers. 55 After 9/11, the FBI found distinguishing characteristics of the hijackers financial transactions for 9/11, such as arriving at banks in groups, listing occupations as students, spending large portions of their income on flight schools and first class airfare. While those actions might raise flags for another 9/11-type attack, it is less helpful for any other terrorist plot. Unfortunately, as the Staff Report to the 9/11 Commission noted, no valid financial profile of terrorist financing exists (despite efforts to create one) and the ability of financial institutions to detect terrorist financing without receiving more information from the government remains limited. 56 795
Privacy& Data Security Law Journal Certainly, one simple measure of the BSA s success in battling terrorist financing is the absence of similar, domestic terror attacks since 9/11. There is no question that the events of 9/11 irrevocably altered our perceptions about safety and vulnerability. Many of us believed we would be attacked again. The fact that we have not means, at least to some extent, that the government s efforts to combat the funding of terrorist activities have been successful. CONCLUSION Twenty-first century technology has given law enforcement the means to gather, store and analyze vast amounts of data describing our banking and other financial activities. Within this financial data, money launderers and terrorists can leave trails of evidence that are often the only tangible links to their criminal activities. Thus, by conscripting financial institutions to record, report and share this data, the BSA and the USA PATRIOT Act provide law enforcement with full access to information that can be useful, sometimes essential, in the detection, prevention and prosecution of money laundering and terrorist financing. These requirements of record-keeping, suspicious activity reporting, and information sharing are now firmly embedded in the infrastructure of our financial system. In time, they are likely to be extended to other vulnerable sectors of the financial community. Financial institutions, their management, officers and directors, can expect greater responsibility, not less; the battle to prevent money laundering and terrorist financing is one that we cannot afford to lose. notes 1 31 U.S.C. 5311 et seq. 2 31 U.S.C. 5312(a)(2). 3 See FinCEN, 1 st Review of the Suspicious Activity Reporting System (SARS) at 1 (April 1998) (reprinted electronically at http:// www.fincen.gov/sarptfin.html). 4 Julie Wakefield, Following The Money, GovExec.com (October 1, 796
The Bank Secrecy Act: Are There Still Secrets In Banking? 2000) (reprinted electronically at http://www.govexec.com/features/ 1000/1000s5.htm). 5 See discussion of Non-Compliance, infra. 6 United Nations Office on Drugs and Crime, Global Programme Against Money Laundering,(2006) (http://www.unodc.org/unodc/en/ money_laundering.html). 7 See Paul Allan Schott, Reference Guide to Anti-Money Laundering and Combating the Financing of Terrorism, (The International Bank for Reconstruction and Development/The World Bank/The International Monetary Fund 2006) at I-5 (reprinted electronically at http://www1.worldbank.org/finance/html/amlcft/referenceguide. htm). Likewise, the purpose for concealing the source of funds for both general criminal activities and terrorist activities is identical: maintaining the secrecy of the funding allows for the source to be used for future financing activities. Id. 8 See, e.g., National Commission on Terrorist Attacks Upon the United States, Monograph on Terrorist Financing, Staff Report to the Commission at 4, 10-12 (reprinted electronically at http://www.9-11commission.gov/staff_statements/911_terrfin_ Monograph.pdf); David B. Ottaway, The World After 9/11: U.S. Follows Money Trails of Charities: U.S. Eyes Money Trails of Saudi-Backed Charities, The Washington Post, Thursday, August 19, 2004, Page A01. 9 See 31 U.S.C. 5311 et seq., 12 U.S.C. 1829b, and 1951-59. 10 Pub. L. No. 99-570, Title I, Subtitle H 1351-67, 100 Stat. 3207-18 & 3207-39 (1986) (codified as amended at 18 U.S.C. 1956-1957 (1988 & Supp. V 1993)). 11 Office of the Comptroller of the Currency, Money Laundering: a Banker s Guide to Avoiding Problems ( OCC Banker s Guide ) at 4 (December 2002) (reprinted electronically at http://www.occ.treas. gov/moneylaundering2002.pdf). 12 See http://www.fincen.gov/af_mission.html. 13 OCC Banker s Guide at 5. 797
Privacy& Data Security Law Journal 14 Statement of Gregory T. Nojeim, Legislative Counsel, American Civil Liberties Union, on Financial Privacy, Reporting Requirements under The Bank Secrecy Act and the Know Your Customer Regulations, Before the House Banking Committee Subcommittees on General Oversight and Investigations, and Financial Institutions and Consumer Credit (April 20, 1999), (reprinted electronically at http://financialservices.house.gov/ banking/42099noj.htm). 15 See Singleton Testimony ( The Bank Secrecy Act sacrifices the privacy of all to catch a tiny number of alleged wrongdoers. ); Nojeim Testimony (citing a survey conducted by The American Bankers Association, only seven percent of the 548 responding banks could identify even one prosecution that resulted from their filing either a Suspicious Activity Report or a Currency Transaction Report. ). 16 Testimony of Solveig Singleton, Cato Institute, Before the U.S. House of Representatives Committee on Banking and Financial Services, Oversight Hearing on Bank Secrecy Act and Reporting Requirements (April 20, 1999), http://www.cato.org/testimony/ctss042099.html. 17 National Commission on Terrorist Attacks Upon the United States, The 9-11 Commission Report at 417 (July 22, 2004) (reprinted electronically at http://www.9-11commission.gov/report/911report. pdf). 18 Id. at 418-19. 19 The FFIEC is a formal interagency body that was formed in 1979 to prescribe uniform principles, standards, and report forms for the federal examination of financial institutions and to make recommendations to promote uniformity in the supervision of financial institutions. See http://www.ffiec.gov/bsa_aml_infobase/documents/bsa_aml_man.pdf. 20 The BSA/AML Manual is reprinted electronically at http://www. ffiec.gov/pdf/bsa_aml_examination_manual2006.pdf. 21 The BSA s implementing regulations contain sample customer noti- 798
The Bank Secrecy Act: Are There Still Secrets In Banking? fication language: IMPORTANT INFORMATION ABOUT PROCEDURES FOR OPENING A NEW ACCOUNT To help the government fight the funding of terrorism and money laundering activities, Federal law requires all financial institutions to obtain, verify, and record information that identifies each person who opens an account. What this means for you: When you open an account, we will ask for your name, address, date of birth, and other information that will allow us to identify you. We may also ask to see your driver s license or other identifying information. 31 C.F.R. 103.121(b)(5)(i). 22 BSA/AML Manual at 57-58. 23 31 C.F.R. 103.22. 24 31 C.F.R. 103.22(c)(2). 25 31 C.F.R. 103.27(a). 26 31 C.F.R. 103.29. 27 31 C.F.R. 103.29(a)(1). 28 31 C.F.R. 103.29(a)(2). 29 Funds transfer is defined as: [t]he series of transactions, beginning with the originator s payment order, made for the purpose of making payment to the beneficiary of the order. The term includes any payment order issued by the originator s bank or an intermediary bank intended to carry out the originator s payment order. A funds transfer is completed by acceptance by the beneficiary s bank of a payment order for the benefit of the beneficiary of the originator s payment order. Funds transfers governed by the Electronic Fund Transfer Act of 1978 (Title XX, Pub. L. 95-630, 92 Stat. 799
Privacy& Data Security Law Journal 3728, 15 U.S.C. 1693, et seq.), as well as any other funds transfers that are made through an automated clearing house, an automated teller machine, or a point-of-sale system, are excluded from this definition. 31 C.F.R. 103.11(q). 30 See 31 C.F.R. 103.33(e). 31 31 C.F.R. 103.33(f). 32 See 31 C.F.R. 103.100 ( Information sharing between Federal law enforcement agencies and financial institutions. ) and 103.110 ( Voluntary information sharing among financial institutions. ). 33 Financial Crimes Enforcement Network, Department of the Treasury, FinCEN s 314(a) Fact Sheet (May 9, 2006) (reprinted electronically at http://www.fincen.gov/314afactsheet.pdf). 34 Id. 35 31 C.F.R. 103.110. 36 31 C.F.R. 103.110(b)(4). 37 31 C.F.R. 103.110(b)(5). 38 BSA/AML Manual at 60 ( [t]he quality of SAR data is paramount to the effective implementation of the suspicious activity reporting system. ). 39 Proposed Rules may add other industry types to this list, including travel agencies, investment advisors, pawn brokers, investment companies, mutual funds, loan and finance companies, car dealerships, persons involved in real estate closings or settlements, and commodity trading advisors. See 2005 U.S. Money Laundering Threat Assessment, App. D (reprinted electronically at http://www. treasury.gov/press/releases/reports/js3077_01112005_mlta.pdf). 40 BSA/AML Manual at 60-61. 41 See also BSA/AML Manual App. L. 42 31 C.F.R. 103.18(e); 31 U.S.C. 5318(g)(2). 43 31 U.S.C. 5218(g). 44 Vol. 8 The SAR Activity Review. Trends, Tips & Issues, at 3 (April 2005) ( While the volume of [SAR] filings alone may not reveal a 800
The Bank Secrecy Act: Are There Still Secrets In Banking? problem, it fuels our concern that financial institutions are becoming increasingly convinced that the key to avoiding regulatory and criminal scrutiny under the Bank Secrecy Act is to file more reports, regardless of whether the conduct or transaction identified is suspicious. ) (reprinted electronically at http://www.fincen.gov/ sarreviewissue8.pdf). 45 See Vol. 5 The SAR Activity Review, By the Numbers, February 2006 (reprinted electronically at http://www.fincen.gov/sars/sars_ by_numb_issue5.pdf). 46 See U.S. Money Laundering Threat Assessment, App. D. 47 See Deferred Prosecution Agreement between the U.S. Department of Justice and BankAtlantic Corp. (reprinted electronically at http://www.usdoj.gov/usao/fls/pressreleases/attachments/060426-02.bankatlanticdpa.pdf). 48 See Assessment of Civil Money Penalty, In the Matter of the New York Branch of ABN AMRO Bank, N.V., New York, NY, U.S. Dept. of the Treasury, FinCEN, No. 2005-5 (reprinted electronically at http://www.federalreserve.gov/boarddocs/press/enforcement/2005/ 20051219/121905attachment3.pdf). ABN AMRO N.V. is a banking institution organized under the laws of the Netherlands with more than 3,000 branches, agencies, offices and subsidiaries in more than 60 countries. It is a wholly-owned subsidiary of ABN AMRO Holding N.V., a public limited liability company incorporated under the laws of the Netherlands. As of December 31, 2004 ABN AMRO Holding N.V. had consolidated total assets of approximately $830 billion. 49 Id. at 7. 50 Department of Justice, Federal Bureau of Investigation Press Release, The Bank of New York Resolves Parallel Criminal Investigations through Non-prosecution Agreement with the United States (Nov. 8, 2005) (reprinted electronically at http://www.usdoj. gov/usao/nye/pr/2005/2005nov08.htm). 51 Testimony of Stuart Levey, Under Secretary of the Department 801
Privacy& Data Security Law Journal of The Treasury s Office of Terrorism and Financial Intelligence, Before the Senate Committee on Banking, Housing and Urban Affairs (April 4, 2006) (reprinted electronically at http://banking. senate.gov/_files/acffe06.pdf). 52 Id. 53 Id. 54 National Commission on Terrorist Attacks Upon the United States, Monograph on Terrorist Financing, Staff Report to the Commission at 3 (reprinted electronically at http://www.9-11commission.gov/ staff_statements/911_terrfin_monograph.pdf). 55 Id. at 53. 56 Id. at 50. 802