Since the Bank Secrecy Act (BSA) came into force in 1970, banks and other financial institutions have been subject to extensive reporting requirements on the transactions they perform on customers’ behalf. In subsequent years, notably after 9/11 with passage of the USA PATRIOT Act, Congress has expanded the range of firms subject to these rules and the information that they must collect. In the nearly half-century since the BSA’s passage, so-called anti-money laundering/know your customer (AML/ KYC) reporting duties have also expanded fortuitously, as the dollar thresholds – typically, $5,000 or $10,000 – for reporting transactions have not been adjusted with inflation.
Law enforcement agencies have encouraged this expansion, warning that, without copious access to transaction activity, they cannot effectively prosecute criminal networks and terrorist groups. National security and the fight against crime are major public policy concerns, so it’s no surprise that politicians from both sides of the aisle tend to support financial regulation aimed at making it harder for the bad guys to engage in nefarious activities. Just last week, the House of Representatives passed a resolution affirming its resolve to “close loopholes that allow corruption, terrorism, and money laundering to infiltrate our country’s financial system.”
Whether AML/ KYC rules are cost-effective, or even just effective, is a different question. A 2016 study by David Burton and Norbert Michel of the Heritage Foundation showed an inverse relationship between the number of BSA-related reports from financial institutions, on one hand, and money-laundering investigations and convictions by the FBI and IRS, on the other. Indeed, of the 5,241,847 suspicious activity reports (SARs) that financial institutions filed with the Treasury’s Financial Crimes Enforcement Network (FinCEN) in 2018, just 1,044,495 are tagged “cyber event,” “money laundering,” or “terrorist financing” – the kind of security threats that BSA regulations are meant to tackle.