Bank of America is at the center of an ongoing January 6 investigation. Yet not because it (or its leadership) was directly involved in the riot. Rather, there has been an ongoing investigation into whether Bank of America supplied the Federal Bureau of Investigation (FBI) with financial records of people in the DC area for January 5–7, 2021.

Brian Knight, director of innovation and governance at the Mercatus Center, has created an ongoing series to break down the facts as new updates come forward. The first installment of the series can be found here, but I want to highlight just a few of the key pieces that Knight has identified over the last few months.

In the first installment, Knight explores whether handing over this information was legal. He explains that the Right to Financial Privacy Act is meant to protect citizens from the government, but it provides immunity for private institutions sharing financial information with the government under certain circumstances (see 12 U.S.C. Section 3403(c)). Depending on how much information was shared, this provision could mean the process was legal.

In another installment, Knight walks through why Bank of America may have been so proactive in its effort to share its records with the FBI. There are many factors to consider, but let’s focus on two. First, financial institutions have long been required under the law to act as de facto law enforcement investigators. Therefore, it’s possible that sharing this information was seen as being a proactive measure under those requirements. Second, financial institutions must be mindful of the risk of regulatory retaliation. Knight points to a study by Nicholas Parrillo, a professor at Yale Law School, to explain:

[B]ecause banks are basically incapable of perfectly following the multitudinous and complex rules that govern banking, they rely on having a positive relationship with their regulators to prevent those regulators from going too hard on them when the inevitable mistake occurs.

So between the immunity provision for sharing information, banks being deputized as de facto law enforcement investigators, and the threat of regulatory retaliation, it’s easy to see why Bank of America may have handed this information over.

Yet, in the most recent installment, Knight shares the news that Representative Thomas Massie (R‑KY) announced he has evidence that it was the FBI that told Bank of America what records to give them. If true, this detail changes what legal questions need to be asked. And, as Knight explains, the Right to Financial Privacy Act might not be much help here either.

The Right to Financial Privacy Act has around 20 different exceptions to its protections and a few of them could easily apply in this situation. For example, there’s an exception when government authorities “only” request the name, address, account number, and account type of a customer or a group of customers. There’s also an exception for government authorities authorized to conduct investigations related to terrorism (e.g., the FBI). Likewise, there is another exception if government authorities determine there is a risk that delaying access would lead to people getting hurt, property being damaged, or people fleeing prosecution.

The story is still unfolding and it’s still unclear what exactly happened, so be sure to follow Knight’s series. However, one thing does seem clear: the Right to Financial Privacy Act does not live up to its name. This example is, unfortunately, another case in a long history of the Right to Financial Privacy Act failing to protect people’s privacy. As Congress continues to investigate what happened, it should also look to reforming the Act.