The Right to Financial Privacy

Crafting a Better Framework for Financial Privacy in the Digital Age

Financial privacy in the United States has been in disrepair for more than 50 years.

May 2, 2023 • Policy Analysis No. 945

By Nicholas Anthony

The Right to Financial Privacy

Crafting a Better Framework for Financial Privacy in the Digital Age

Financial privacy in the United States has been in disrepair for more than 50 years.

May 2, 2023 • Policy Analysis No. 945

By Nicholas Anthony

Policy Analysis

The Right to Financial Privacy Act of 1978 was enacted to protect Americans from warrantless surveillance. In theory, it was supposed to counter the financial surveillance born out of the Bank Secrecy Act of 1970 and the Supreme Court case United States v. Miller in 1976. In practice, however, the Right to Financial Privacy Act failed to live up to its name because it was enacted with a list of 20 different exceptions to its protections. From law enforcement inquiries to federal statutes, the exceptions covered nearly all forms of financial surveillance. Worse yet, these issues have only been compounded in the digital age. The prevalence of credit cards, mobile banking, and other app‐based financial tools has created an unprecedented supply of financial data. Government efforts like Operation Choke Point, the Treasury’s $600 reporting threshold proposal, and the constant increase of the scope of Bank Secrecy Act reporting have already made it evident how these financial data are being used. Such unrivaled access to the lives of all Americans makes it evident that now, more than ever, it is time to rethink how financial privacy is treated in the United States. Turning back the clock may not be possible, but removing the exceptions to the Right to Financial Privacy Act would establish the financial privacy protections that Americans should have had from the beginning.

#CatoEcon

Introduction

Financial privacy in the United States has been in disrepair for more than 50 years, and it’s getting worse. Not only are decades‐old beliefs (e.g., the third‐party doctrine) highly questionable, but they are also particularly dangerous in the digital age. Efforts, both new and old, to surveil and collect data on Americans’ financial activity show that now is the time for Congress to craft a better framework for financial privacy. But Congress may not need to look far for ideas on how to protect Americans’ financial privacy.

The Right to Financial Privacy Act, originally enacted in 1978 in response to how the Bank Secrecy Act and the third‐party doctrine weakened the protections of the Fourth Amendment to the U.S. Constitution, has already set a foundation for some of the protections needed today. However, it is largely due to a long list of exceptions in the Right to Financial Privacy Act that much of the financial surveillance over the past 50 years has been permitted to expand—hidden away from the public eye.

Part of the challenge is that the “right to financial privacy goes to the heart of the tension between an individual’s right to conduct [his or her] business without governmental intrusion and the government’s legitimate need for information in law enforcement.”¹ But striking this balance is not an insurmountable task. While critics point to curbing criminal activity to justify invading the public’s financial privacy,² there should be stronger protections so long as the U.S. justice system maintains that the public is innocent until proven guilty. Neither fishing expeditions nor thread pulling that may lead to investigations should be considered a sound justification when financial information can reveal a person’s relationships, profession, religion, political leanings, locations, and more.³ A revised legal and regulatory regime for the financial sector must protect citizens against warrantless searches and seizures—a protection guaranteed by the Fourth Amendment.

To restore Americans’ financial privacy, Congress should amend the Right to Financial Privacy Act to remove the exceptions to its protections. Removing the exceptions will not bar law enforcement and other government agencies from obtaining access to financial information. Instead, it will merely require that government agencies acquire a warrant or subpoena through the judicial process and notify Americans when they seek their records.⁴ During the past few years, Americans have seen time and time again how financial privacy can be violated by unchecked government authorities.⁵ Now is the time for Congress to establish the protections that should have remained in place since the beginning—especially amid the digital age.

Trouble in the Wake of the Bank Secrecy Act

The Bank Secrecy Act was signed into law by President Richard Nixon on October 26, 1970.⁶ At the time, the Bank Secrecy Act—a response to concerns over the use of secret foreign bank accounts⁷—made two major changes to the U.S. financial system: (1) requiring that U.S. financial institutions maintain records “where such records have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings” and (2) requiring that U.S. financial institutions report certain financial transactions to the U.S. Department of the Treasury (Treasury).⁸ In other words, the Bank Secrecy Act deputized American financial institutions as de facto law enforcement investigators. And although this initial form of the Bank Secrecy Act was only a fraction of what can be seen today, it did not take long for people to recognize how the law conflicted with the Fourth Amendment to the U.S. Constitution, considering it forced financial institutions to report information that the government would otherwise need a warrant to obtain.

By 1972, a group including the American Civil Liberties Union (ACLU), California Bankers Association, and Security National Bank applied for a temporary restraining order in the U.S. District Court for the Northern District of California in an effort to stop the enforcement of the Bank Secrecy Act.⁹ The group principally argued that the Bank Secrecy Act violated the Fourth Amendment’s protection from unreasonable search and seizure as well as the protections in the First and Fifth Amendments. In response, the district court issued a temporary restraining order to halt the Bank Secrecy Act’s enforcement while the complaint could be reviewed.¹⁰ However, the order was lifted after the district court held that most of the Bank Secrecy Act was constitutional. Yet efforts to stop the Bank Secrecy Act did not stop there.

In 1973, Rep. Fortney Stark (D‑CA) led a separate effort in Congress to enact legislation—a first draft of what would later be enacted as the Right to Financial Privacy Act—seeking to better protect financial privacy.¹¹ Representative Stark argued that the Bank Secrecy Act undermined the long‐held tradition of confidentiality between banks and customers,¹² and therefore, his bill was designed in part to protect and preserve that expectation of confidentiality.¹³

In 1974, Congress made a step forward with the passage of a separate piece of legislation, titled the Privacy Act.¹⁴ The Privacy Act established requirements for government agencies in disclosing, handling, accessing, and maintaining information. Moreover, should a federal agency fail to adhere to these standards, the Privacy Act gave American citizens grounds to sue the agency. Nonetheless, the Privacy Act included many exceptions, resulting in privacy protections that do not apply consistently with law enforcement or even at all under circumstances deemed “routine use.”¹⁵

Also in 1974, the question of financial privacy reached the Supreme Court after a series of appeals—from both the plaintiffs and the government—in California Bankers Association v. Schultz. After reviewing the case, the Supreme Court held at the time that the Bank Secrecy Act did not violate the First, Fourth, or Fifth Amendments. In the majority opinion, the Supreme Court held that the Bank Secrecy Act was not an undue burden, considering it applied to “abnormally large transactions,” those of $10,000 or more.¹⁶ For example, at the time, one could purchase two brand‐new Corvettes for that price.¹⁷ However, Justices Lewis Powell and Harry Blackmun warned in a concurring opinion, “A significant extension of the regulations’ reporting requirements … would pose substantial and difficult constitutional questions for me.… At some point, governmental intrusion upon these areas would implicate legitimate expectations of privacy.”¹⁸

In 1976, the question of financial privacy was again brought to the Supreme Court in United States v. Miller. When considering a case in which the Treasury Department’s Bureau of Alcohol, Tobacco, and Firearms presented grand jury subpoenas to collect the records of a suspected bootlegger’s financial activity, the Court held that Americans do not have a right to privacy when they share information with a third party (e.g., a bank or other financial institution). The Court wrote, “The depositor takes the risk, in revealing his [or her] affairs to another, that the information will be conveyed by that person to the Government”¹⁹—seemingly positing first that Americans must choose between a bank account and the Fourth Amendment, and second that Americans cannot expect the government to consider the Constitution when presented with information. From this decision (and other similar decisions) came what is now commonly known as the “third‐party doctrine.”²⁰ As described by the Electronic Privacy Information Center (EPIC), so long as the “records are developed or maintained during the course of an ordinary business relationship by a person other than the subject of those records, the subject has no expectation of privacy and thus, no constitutional protection.”²¹ With the creation of the third‐party doctrine, after years of citizens trying to push back against the Bank Secrecy Act, the Court seemingly made it stronger than ever before.

In 1977, the Privacy Protection Study Commission—a commission created by Congress with the passage of the Privacy Act of 1974—issued a report titled Personal Privacy in an Information Society.²² The commission argued that “as records continue to supplant face‐to‐face encounters in our society, there has been no compensating tendency to give the individual the kind of control over the collection, use, and disclosure of [his or her] information.”²³ The commission noted that many challenged the Bank Secrecy Act because of the questions it raises regarding not only the confidentiality between customers and financial institutions, but also the “relationship between government and citizens in a free society.”²⁴ The commission also argued that the 1974 Privacy Act “had not resulted in the general benefits of the public that either its legislative history or the prevailing opinion as to its accomplishments would lead one to expect.”²⁵ So while the 1974 Privacy Act may have been a step forward, it did not do enough to protect Americans’ privacy broadly, and it certainly did not protect Americans’ financial privacy.

The Right to Financial Privacy Act of 1978

Although financial privacy took many heavy hits from the Bank Secrecy Act, Congress did establish some early protections. Just two years after the Supreme Court established the third‐party doctrine,²⁶ Congress passed the Right to Financial Privacy Act—an act that was “essentially designed to reverse the [Supreme Court’s] decision [in United States v. Miller] in the context of financial records and provide standing for individuals to complain about the improper release of information about them in records maintained by financial institutions.”²⁷ Although well‐intentioned, the Right to Financial Privacy Act did not offer the privacy protections its name suggests.

At its core, the Right to Financial Privacy Act established a process for notifying the public when the government requests their financial information and providing the public the opportunity to challenge said requests.²⁸ This process begins with 12 U.S.C. Section 3402, which prohibits government authorities from accessing financial records—a direct response to United States v. Miller and the third‐party doctrine. The law then specifies that the government may only access financial records held at a financial institution if authorized by a customer’s agreement, an administrative subpoena or summons, a search warrant, a judicial subpoena, or a formal written request.²⁹ More so, customers must be notified that their records are sought by the government, unless the court agrees there is reason to delay the notice.³⁰ And in the case of a subpoena or formal written statement, customers must also be given at least 10 days to object to the disclosure of their information. The instructions provided in the notice for objecting are as follows:

Fill out the accompanying motion paper and sworn statement or write one of your own, stating that you are the customer whose records are being requested by the Government and either giving the reasons you believe that the records are not relevant to the legitimate law enforcement inquiry stated in this notice or any other legal basis for objecting to the release of the records.
File the motion and statement by mailing or delivering them to the clerk of any one of the following United States district courts: [to be determined]
Serve the Government authority requesting the records by mailing or delivering a copy of your motion and statement to [to be determined]
Be prepared to come to court and present your position in further detail.
You do not need to have a lawyer, although you may wish to employ one to represent you and protect your rights.³¹

The Right to Financial Privacy Act extends these protections and requirements to information held by depository institutions; money service businesses; money order issuers, sellers, and redeemers; travelers check issuers, sellers, and redeemers; the U.S. postal service; securities and futures industries; futures commission merchants; commodity trading advisers; and casinos and card clubs.

Unfortunately, the Right to Financial Privacy Act has a major weakness: 12 U.S.C. Sections 3413 and 3414, or the list of exceptions. Taken broadly, the exceptions provide particular situations or conditions in which the law does not apply.³² In practice, the exceptions that allow government access to financial records apply to some of the most routine instances of financial data collection. Each exception is broken down into more general terms in Appendix A, but the full list of exceptions as written in the law is as follows:

Disclosure of financial records not identified with particular customers;
Disclosure to, or examination by, supervisory agency pursuant to exercise of supervisory, regulatory, or monetary functions with respect to financial institutions, holding companies, subsidiaries, institution‐affiliated parties, or other persons;
Disclosure pursuant to Title 26 [or the Internal Revenue Code];
Disclosure pursuant to federal statute [e.g., the Bank Secrecy Act] or rule promulgated thereunder;
Disclosure pursuant to federal rules of criminal procedure or comparable rules of other courts;
Disclosure pursuant to administrative subpoena issued by administrative law judge;
Disclosure pursuant to legitimate law enforcement inquiry respecting name, address, account number, and type of account of particular customers;
Disclosure pursuant to lawful proceeding, investigation, etc., directed at financial institution or legal entity or consideration or administration respecting government loans, loan guarantees, etc.;
Disclosure pursuant to issuance of subpoena or court order respecting grand jury proceeding;
Disclosure pursuant to proceeding, investigation, etc., instituted by Government Accountability Office and directed at a government authority;
Disclosure necessary for proper administration of programs of certain government authorities;
Crimes against financial institutions by insiders;
Disclosure to, or examination by, employees or agents of Board of Governors of Federal Reserve System or Federal Reserve banks;
Disclosure to, or examination by, Resolution Trust Corporation or its employees or agents;
Disclosure to, or examination by, Federal Housing Finance Agency or Federal Home Loan Banks;
Access to information necessary for administration of certain veteran benefits laws;
Disclosure pursuant to federal contractor–issued travel charge card;
Disclosure to the Bureau of Consumer Financial Protection;
Access to financial records for certain intelligence and protective purposes; and
Emergency access to financial records.³³

Setting aside the subject of each exception for a moment, the shear scope of the list of exceptions opens the Right to Financial Privacy Act to the risk of being rendered ineffective.³⁴ However, matters are only made worse by the fact that the exceptions themselves provide broad authority to law enforcement and other government agencies that routinely act as the most common collectors of financial information. As noted by the Financial Crimes Enforcement Network (FinCEN),

The Right to Financial Privacy Act (RFPA) generally prohibits financial institutions from disclosing a customer’s financial records to a Government agency without service of legal process, notice to the customer, and an opportunity to challenge the disclosure. However, no such requirement applies when the financial institution provides the financial records or information to FinCEN or a supervisory agency in the exercise of its “supervisory, regulatory or monetary functions.”³⁵ (Emphasis added)

Other than FinCEN, the other supervisory agencies considered relevant and appropriate for these purposes include the criminal investigative services of the armed forces; the Bureau of Alcohol, Tobacco, and Firearms; the attorney general, district attorney, or state’s attorney at the state or local level; the Drug Enforcement Administration; the Federal Bureau of Investigation; the Internal Revenue Service or tax enforcement agencies at the state level; the Office of Foreign Assets Control; state or local police departments; the U.S. Attorney’s Office; Immigration and Customs Enforcement; the U.S. Postal Inspection Service; and the U.S. Secret Service.³⁶ Thus, given all the exceptions provided to so many government agencies, the Right to Financial Privacy Act does not strengthen Americans’ financial privacy as its authors initially sought (see Table 1).

Life After the Right to Financial Privacy Act

To understand how the Right to Financial Privacy Act has failed to live up to its name in practice, one need only look at how the past 50 years have been marked by a continued erosion of Americans’ financial privacy. Legislated expansions of financial surveillance, law enforcement investigations and regulatory pressure taking advantage of loopholes, and even often‐hidden factors like inflation have intruded on Americans’ financial privacy.

Legislative Expansions

The lack of financial privacy in the United States caught the attention of most Americans when the U.S. government considered surveilling all bank accounts with at least $600 of annual activity.³⁷ The saga began in the spring of 2021 when the Treasury released its annual revenue proposals.³⁸ Nestled on page 88 was a proposal to “introduce comprehensive financial account reporting to improve tax compliance.”³⁹ The plan was to require banks and other financial institutions to “report gross inflows and outflows with a breakdown for physical cash, transactions with a foreign account, and transfers to and from another bank account with the same owner” so long as the account in question had at least a gross flow threshold of $600.⁴⁰

Subscribe:

As the proposal gained favor in Congress and attention across the country, many Americans were left asking how such a proposal could be considered constitutional, and some members of Congress quickly responded with legislative proposals to stop what was a violation of the spirit of the Fourth Amendment.⁴¹ For example, Sen. Tim Scott (R‑SC) introduced the Prohibiting IRS Financial Surveillance Act with 49 cosponsors.⁴² Likewise, Rep. Ashley Hinson (R‑IA) introduced the Protecting Financial Privacy Act of 2021 with 65 cosponsors.⁴³ To address these criticisms and defend its position, the Treasury issued a press release, stating that

In reality, many financial accounts are already reported on to the IRS, including every bank account that earns at least $10 in interest. And for American workers, much more detailed information reporting exists on wage, salary, and investment income.⁴⁴

While true, the Treasury’s statement reveals the dismal state of financial privacy in the United States.⁴⁵ Because the Treasury is right: a great deal of financial surveillance is already taking place. Moreover, it has been steadily expanding for years, long after the Bank Secrecy Act was enacted.

In 1992, for example, the Annunzio‐Wylie Anti–Money Laundering Act was one of the first major expansions of the Bank Secrecy Act.⁴⁶ Much like when the Bank Secrecy Act gave the secretary of the Treasury the authority to require currency transaction reports, the Annunzio‐Wylie Anti–Money Laundering Act gave the secretary of the Treasury the authority to require financial institutions to “report any suspicious transaction relevant to a possible violation of law or regulation.”⁴⁷ In doing so, the law also barred financial institutions from notifying the public of when a report was filed. To oversee this new reporting regime, the Money Laundering Suppression Act of 1994 authorized the secretary of the Treasury to designate the Financial Crimes Enforcement Network (FinCEN) as the agency supervising suspicious activity reports (SARs).⁴⁸

In 2001, the Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act was enacted to deter terrorism. Although stopping terrorism is indeed a worthwhile endeavor, the law dramatically reduced financial privacy in the United States in its effort to identify and thwart terrorist financing.⁴⁹ For example, the law introduced “know your customer” requirements to force financial institutions to collect identifying information and run checks on potential customers. The law also expanded the requirements for financial institutions to file SARs—further turning financial institutions into de facto deputy law enforcement investigators.⁵⁰ And as mentioned earlier, although one would be correct to wonder why such news is not more widely reported, both employees from financial institutions and the government are prohibited under the law from notifying customers when a SAR is filed.⁵¹ So instead of protecting the privacy of their depositors, financial institutions are forced to protect the secrecy of government investigations into the financial activity of Americans, whether those investigations have a legitimate criminal predicate or not.⁵²

In 2021, Congress passed the Infrastructure Investment and Jobs Act, which not only established a de facto ban on legal cryptocurrency mining, but also mandated that individuals must report on one another when exchanging cryptocurrency worth $10,000 or more.⁵³ The reports must include the name, address, and taxpayer identification number of the payer, as well as the amount paid, the date, and the nature of the transaction. Failure to report, incorrect information, or missing information may result in a $25,000 fine or five years in prison.⁵⁴

In 2022, the Special Measures to Fight Modern Threats Act was introduced as an amendment to a larger bill to build off of the tools provided by the USA PATRIOT Act to expand the Treasury’s powers and authority by removing the checks and balances designed to protect American citizens.⁵⁵ The House Committee on Financial Services initially described the proposal as streamlining “the process by which special measures may be introduced and modernizes the authorities granted to the Financial Crimes Enforcement Network (FinCEN).”⁵⁶ In practice, said “streamlining” would have been achieved by removing the requirements to notify the public of when the Treasury uses special measures as part of its enforcement. For the Treasury to use its special measures authority, the current law requires a notice of proposed rulemaking as well as a 120‐day limit on the enforcement. However, as originally written, the bill would eliminate both the requirement to notify the public and the 120‐day limit on enforcement. As Jerry Brito and Peter Van Valkenburgh first described it in their analysis of the bill, “in other words, it is an attempt … to use the moral panic surrounding criminal usage of cryptocurrencies … to strip our surveillance laws of all public processes.”⁵⁷ Despite still seeking to expand the Treasury’s powers, the bill was later amended and reintroduced several times without the language that would have removed the checks on the Treasury’s power.⁵⁸

Similarly, another bill, the Transparency and Accountability in Service Providers Act, was introduced in 2022 to “expand the scope and authorities of anti–money laundering [procedures].”⁵⁹ To do so, the bill would require so‐called financial gatekeepers to adopt anti–money laundering procedures to actively monitor for potential criminal activity. The bill calls for the Treasury to require this of any person involved in the exchange of foreign currency, digital currency, or digital assets; managing, advising, or consulting with respect to money or other assets; the provision of cash vault services; the processing of payments; the wiring of money; the direct or indirect filing of any return on behalf of a foreign individual, trust, or fiduciary; the formation, registration, acquisition, or disposition of a corporation, limited liability company, trust, foundation, limited liability partnership, partnership, association, or arrangement; the sourcing, pooling, organization, or management of capital; and the process of acting as a trustee.

With Congress enacting such sweeping powers and attempting to go even further on many occasions, it should be little surprise that Americans have steadily become more wary of the government’s activities.⁶⁰ In 2017, a Reuters and Ipsos poll found that 75 percent of adults—up from 67 percent in 2013—would not voluntarily let investigators monitor their internet activity to combat terrorism.⁶¹ In fact, as Figure 1 shows, Americans are overwhelmingly unwilling to give up their privacy in the name of the war on terror.⁶² Yet it isn’t just the war on terror that the U.S. government has used to justify further encroaching on Americans’ financial privacy.

Law Enforcement Investigations and Regulatory Pressure

The wars on drugs, crime, and poverty have been used for decades as a justification to peer into the lives of Americans. Most infamously, Operation Choke Point was an initiative by the Department of Justice to go after so‐called controversial businesses (e.g., state‐licensed cannabis dispensaries, payday lenders, pawn shops, or gun shops) with the intent of, as one official described it, “choking them off from the very air they need to survive.”⁶³ In other words, as reported in the Wall Street Journal, “rather than just targeting individual firms, the government is now going after the infrastructure that enables companies to withdraw money from people’s bank accounts.”⁶⁴ After already having forced financial institutions to collect information on account holders, Operation Choke Point was the next step forward in terms of the government taking action on information that had otherwise been sitting idle.⁶⁵

But Operation Choke Point was not an anomaly. Just a few years after the full scope of Operation Choke Point was revealed,⁶⁶ Sen. Ron Wyden (D‑OR) helped bring to light that the U.S. Immigration and Customs Enforcement (ICE) had been collecting records on money transfers to or from Mexico greater than $500.⁶⁷ ICE had collected approximately 6 million transaction records between 2019 and 2022—all without a warrant. Instead, ICE issued eight administrative subpoenas, or court orders, instructing Western Union and Maxitransfers Corporation to turn over records for six months at a time.⁶⁸ As Matthew Guariglia, a policy analyst at the Electronic Frontier Foundation, explained, “this is a blatantly illegal exploitation of the government subpoena power—and an all too familiar one that must stop.”⁶⁹

In August 2022, attention shifted to the U.S. Department of Treasury when it declared Tornado Cash—a decentralized software protocol designed to enhance cryptocurrency privacy—a sanctioned entity and thus barred all Americans from using the service after it was found that a North Korean state‐sponsored hacking group had used the service.⁷⁰ Much like when the government used Operation Choke Point to target financial infrastructure instead of individual actors, it seems that the Treasury opted to go after an entire software protocol dedicated to improving financial privacy rather than the bad actors that it was after on paper.⁷¹ The blurring of lines was made abundantly clear when U.S. Secretary of State Antony Blinken tweeted (and then deleted) the claim that Tornado Cash was a North Korean state‐sponsored hacking group.⁷² It’s certainly possible that Treasury officials similarly did not recognize that Tornado Cash was a decentralized software protocol (i.e., there’s no person in control of it), but there is little excuse to shut down an entire service in pursuit of criminals when there are ample tools to go after the criminals themselves.⁷³

Looking just beyond America’s borders, the public was also confronted with how much financial privacy has deteriorated and how real the risk of financial oppression can be in other free nations when Canadian Prime Minister Justin Trudeau invoked the Emergencies Act for the first time in Canadian history.⁷⁴ In doing so, Trudeau froze the bank accounts of protestors and expanded the reach of existing anti–money laundering laws in Canada to stop the protests over COVID-19 restrictions. Although not in the United States, it’s important to recognize that freezing the accounts of political rivals is a tactic that is usually reserved for authoritarian countries like Russia or China—not the sixth‐freest nation in the world, as rated by the Cato Institute’s Human Freedom Index.⁷⁵ Mercatus Center scholar Brian Knight was correct to note that “the events in Canada should serve as a wake‐up call [for the United States] and prompt us to change the laws, regulations, and institutions that govern who controls [your financial activity].”⁷⁶ In light of these actions by an otherwise nonautocratic country, and the demonstrable willingness of Congress to expand the weaponization of the financial infrastructure, it’s reasonable to think the United States will do the same if presented with a similar emergency situation. Operation Choke Point, the mass collection of records on money transfers, the sanctioning of Tornado Cash, and similar intrusions by the U.S. government are already proof of how real that risk is.

Hidden Expansions

Were legislated expansions, law enforcement investigations, and regulatory pressures not enough on their own, each year that passes with a positive inflation rate offers another hidden increase in the level of financial surveillance, because the Bank Secrecy Act reporting thresholds were not crafted with an adjustment for inflation. The original reporting threshold for currency transaction reports (CTRs) was $10,000—a relatively large transaction in the 1970s.⁷⁷ If, for example, the threshold had been adjusted for inflation, then CTRs would now be required only for transactions of at least $72,000 (see Figure 2).⁷⁸

The erosion of financial privacy in the wake of ever‐expanding financial surveillance is especially important to consider given that Supreme Court Justices Lewis Powell and Harry Blackmun noted in their 1974 support of the Bank Secrecy Act that the $10,000 requirement was high enough to not create an undue burden.⁷⁹ It is unclear if Justices Powell and Blackmun would have believed that the current, inflation‐adjusted threshold was low enough to now be unduly burdensome, but their opinion suggests so:

The implementing regulations, however, require only that the financial institution “file a report on each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution, which involves a transaction in currency of more than $10,000.” 31 CFR § 103.22 (italics added).… A significant extension of the regulations’ reporting requirements, however, would pose substantial and difficult constitutional questions for me. In their full reach, the reports apparently authorized by the open‐ended language of the Act touch upon intimate areas of an individual’s personal affairs. Financial transactions can reveal much about a person’s activities, associations, and beliefs. At some point, governmental intrusion upon these areas would implicate legitimate expectations of privacy.⁸⁰

At a 2022 congressional hearing dedicated to the oversight of FinCEN, Reps. Barry Loudermilk (R‑GA), Joyce Beatty (D‑OH), French Hill (R‑AR), Bryan Steil (R‑WI), and Roger Williams (R‑TX) all expressed concern over inflation silently increasing the scope of financial surveillance.⁸¹ In particular, Representative Steil pointed out at the hearing that by increasing the range of financial surveillance, the “haystack” investigators must search has been ever increasing in size—effectively hiding the “needle,” or actual criminal activity, that investigators are looking for.⁸²

Over the years, other members of Congress have tried to rectify the issue with legislative amendments to add inflation adjustments to the reporting required by the Bank Secrecy Act. For example, Rep. Steven Pearce (R‑NM) and Rep. Blaine Luetkemeyer (R‑MO) introduced the Counter Terrorism and Illicit Finance Act in 2018 to increase the reporting thresholds for CTRs, SARs, and money service businesses. In addition, the bill would have also required FinCEN to conduct a formal review of the effectiveness of those reporting thresholds.⁸³ Ultimately, only the requirement for a formal review was passed in the National Defense Authorization Act for Fiscal Year 2021, in Sections 6204 and 6205.⁸⁴ In short, those sections required FinCEN to provide several reports regarding the possibility of raising the reporting thresholds to account for inflation. FinCEN Acting Director Himamauli Das testified before Congress in April 2022 that the reports should be ready by the end of 2022 (as of March 2023, the reports have not been made public).⁸⁵ The decision to increase the reporting thresholds per inflation should be a simple one considering that in 2016 FinCEN judged inflation as having been significant enough to warrant an increase for the monetary penalties that FinCEN charges to the public.⁸⁶

The “invisibility” with which financial surveillance is being expanded should concern all Americans. Howard Anglin, former deputy chief of staff for Canadian prime minister Stephen Harper, pointed out this reality when the Canadian government began to freeze the bank accounts of protestors in 2022, but his words were an eye‐opening description of both the limited consideration of inflation and the broader consideration of financial surveillance as a whole:

The government’s action is troubling enough, but what should really disturb us is the ease and invisibility with which it is being done. When we can’t see the consequences of government conduct, the risks of government misconduct increases. A government that sends in riot troops to dispel a crowd will rightly pay a price if the police commit abuses. But the diffuse and anonymous nature of financial enforcement mean that sweeping repression can easily go undetected. It is the political equivalent of using drone strikes instead of boots on the ground.⁸⁷

The relative invisibility of inflation is likely one contributing reason why the American people have not objected widely to the government’s increased financial surveillance. By relying on inflation—instead of the legislative process—to steadily increase the scope of surveillance, the Bank Secrecy Act regime has been allowed to proceed undetected and unquestioned. Employing such actions may be a favorable strategy for an authoritarian leader, but it should not be the strategy of representative governments—especially ones that are considered the freest nations in the world.⁸⁸

A Reasonable Expectation of Privacy

At the core of much of the financial surveillance taking place in the United States is the third‐party doctrine and a so‐called reasonable expectation of privacy. Soon after Congress enacted the Bank Secrecy Act, the Supreme Court held in United States v. Miller that a person cannot reasonably expect privacy when providing information to a third party (e.g., a financial institution). But is it so unreasonable to expect privacy, or confidentiality, with your banker? The Cato Institute surveyed Americans in August 2022 and found that the answer is decidedly no (Figure 3). When asked if it is unreasonable for your bank to share your records and transactions with the federal government, 79 percent of respondents said yes.⁸⁹ Likewise, when asked if the government should need to obtain a warrant to access their financial records, 83 percent of the respondents said yes.

In recent years, the Supreme Court appears to have recognized the need for change. In Kyllo v. United States (2001), the Supreme Court had to weigh the constitutionality of law enforcement using thermal imaging to surveil the inside of a home from afar.⁹⁰ Ultimately, the Court held that the right to be secure in one’s home under the Fourth Amendment was not limited to physical intrusions. In United States v. Jones (2012), the Supreme Court held that attaching and monitoring a tracking device on an individual’s vehicle “constitutes a search or seizure within the meaning of the Fourth Amendment.”⁹¹ In Carpenter v. United States (2018), the Supreme Court likewise held that the government’s acquisition of cellphone tracking data was a search under the Fourth Amendment.⁹² And across all of these cases, there were moments where the Supreme Court turned back to Katz v. United States (1967), in which the Supreme Court had held that the “Fourth Amendment protects people, not places.”⁹³ In Katz, Justice John Marshall Harlan wrote that

a person has a constitutionally protected reasonable expectation of privacy; [that] electronic, as well as physical, intrusion into a place that is in this sense private may constitute a violation of the Fourth Amendment, and [that] the invasion of a constitutionally protected area by federal authorities is, as the Court has long held, presumptively unreasonable in the absence of a search warrant.… My understanding of the rule that has emerged from prior decisions is that there is a twofold requirement, first that a person has exhibited an actual (subjective) expectation of privacy and, second, that the expectation be one that society is prepared to recognize as “reasonable.”⁹⁴

Between rolling passwords, security questions, multifactor authentication requirements, and closed‐door meetings, one can make the case that most people exhibit an actual expectation of privacy with respect to their financial records. Moreover, as the Cato Institute’s national survey demonstrates, a majority of Americans from across political ideologies do in fact find it reasonable to expect privacy with one’s financial records. These facts suggest that Congress should better protect Americans’ financial privacy.

The Elephant in the Room: Greater Financial Privacy Will Create a Greater Burden on Law Enforcement and Regulators

While financial privacy is in the interest of most Americans, it is not necessarily in the interest of law enforcement, regulators, or other government agencies.⁹⁵ Unsurprisingly, these government agencies have been more interested in expanding their investigations than expanding citizens’ privacy protections. As noted by the Electronic Privacy Information Center, “much of the opposition to the [Right to Financial Privacy Act] has been by federal law enforcement officials who are concerned that the proposed privacy protections would impede federal authorities in their investigation and prosecution of white‐collar and organized crime.”⁹⁶ In fact, the North American Securities Administration Association (NASAA) was quick to state its opposition in 1977 as the Right to Financial Privacy Act was gaining momentum:

Agencies assigned the monumental task of ensuring that consumer/investor losses occur only as a result of normal business‐market place risks shall be hard pressed by the policies and procedures set forth by this act. Persons will be tempted to commit such crimes so long as the chance of discovery and persecution are kept remote.⁹⁷

The NASAA went on to argue that obtaining warrants and subpoenas is sometimes too hard or takes too much time—an argument also made by U.S. attorney for the Southern District of New York Robert Morgenthau in his supportive testimony for the Bank Secrecy Act nearly 10 years earlier in 1967 and an argument made by the Department of Justice in support of expanding the Bank Secrecy Act 45 years later in 2022.⁹⁸ The NASAA also took issue with the Right to Financial Privacy Act’s requirement to seek permission from the account holder, stating that “to provide notice to a target that an agency is investigating certain business activity permits the person to effectively cover up or pull out of the jurisdiction.”⁹⁹

When an act is faced with such a critique, there are three questions worth considering. First, what limit should there be to what the government may seize in pursuit of combatting crime? In one of the more extreme examples, the walls around one’s home are sufficient to provide privacy for any number of possible crimes. Yet the Supreme Court has defended the home even from spying from afar.¹⁰⁰

Second, given that there is some established limit to what the government can seize, what amount of suspected illegal activity must there be to justify crossing that limit? Although some policymakers may be quick to respond that they would eliminate all illegal activity, that policy is simply untenable.¹⁰¹ The Bank Secrecy Act is already an example of this reality. With each expansion of the Bank Secrecy Act, it has become harder for financial institutions to stay in business and harder for consumers to have access to affordable services. It is estimated that complying with the Bank Secrecy Act in 2019 cost the U.S. financial industry $26.4 billion.¹⁰² Yet as it stands, despite the millions of Bank Secrecy Act reports filed each year, there is little to show for its attempts to eliminate illegal activity.¹⁰³ Instead, it is only the American public that is bearing the cost of this financial surveillance policy.

So, with it established that there exists some limit to government surveillance that may legally take place and that this surveillance puts a direct cost on Americans, the third question becomes: how can government agencies get the information they need without intruding on the rights of American citizens? The Fourth Amendment clearly provides the “framework to balance the competing interests of individuals’ financial privacy and the government’s ability to gather evidence to enforce laws.”¹⁰⁴ Yes, requiring that a warrant be obtained by showing probable cause will make it harder for law enforcement and other government agencies. However, the Constitution exists for a reason: it was designed to protect American citizens from unchecked state powers.

Recommendations for a Better Framework for Financial Privacy

To establish a stronger Right to Financial Privacy Act, Congress should remove the exceptions to its protections. Doing so would merely require that law enforcement and other government agencies seek a warrant for Americans’ financial records. Otherwise, offering protections everywhere except where they really matter offers no protections at all. To do so, Congress should strike 12 U.S.C. Section 3413(a)–(r) and 12 U.S.C. Section 3414(a)–(e). Removing these sections will not affect the exceptions provided for customer disclosures, subpoenas, or warrants in 12 U.S.C. Section 3402.

The Right to Financial Privacy Act should also be strengthened with respect to the formal written requests that it allows government authorities to issue when there is no warrant or subpoena authority available. Congress should strike 12 U.S.C. Section 3408(2), as regulations should not be considered an avenue for circumventing the Fourth Amendment protections this law sought to establish. Likewise, Congress should strike 12 U.S.C. Section 3408(4)(A)2, because Americans should not be forced to sue the government to have their rights respected when it has already been judged that the authority for a warrant or subpoena does not exist.

Congress should repeal the Bank Secrecy Act in its entirety. Short of that, it should, at the very least, repeal the sections of the Bank Secrecy Act that require financial institutions to report on their customers.¹⁰⁵ To do so, Congress should amend 12 U.S.C. Sections 3402, 3413, and 3414 as well as 31 U.S.C. Sections 5313–16, 5318(a)(2), 5318A, 5321, 5325, 5326, 5331–32, 5341–42, and 5351–55.

To the extent that reporting requirements may still exist after amending the Right to Financial Privacy Act and the Bank Secrecy Act, Congress should require annual inflation adjustments for all Bank Secrecy Act reporting thresholds. To do so, Congress could use the following language:¹⁰⁶

Not later than the end of the 180‐day period beginning on the date of the enactment of this Act, and annually thereafter, the Secretary of the Treasury shall revise regulations issued with respect to Section 5313 of Title 31, United States Code, to update each $10,000 threshold in such regulations to [insert inflation‐adjusted amount as of the current day].
Section 5331 of Title 31, United States Code, is amended by striking “10,000” each place such term appears in heading or text and inserting “[insert inflation‐adjusted amount as of the current day].”
Not later than the end of the 180‐day period beginning on the date of the enactment of this Act, and annually thereafter, each Federal department or agency that issues regulations with respect to reports on suspicious transactions described under Section 5318(g) of Title 31, United States Code, shall update each $5,000 threshold amount in such regulations to [insert inflation‐adjusted amount as of the current day] and each $2,000 threshold amount in such regulation to [insert inflation‐adjusted amount as of the current day].

Likewise, if such reporting requirements are permitted to continue, Congress should require FinCEN to publicly report the number of SARs and CTRs that effectively curb financial crime. The report should detail how many reports are received, reviewed, and requested by other governmental agencies. In addition, FinCEN should report how many reports resulted in conviction, settlement, or additional charges in investigations unrelated to money laundering. The reports should make a clear distinction between criminal investigations that originated with SARs or CTRs and criminal investigations that merely used existing SARs or CTRs to strengthen existing cases. To do so, Congress could use the following language:¹⁰⁷

Annual Report.—Not later than one year after the date of enactment of this Act, and annually thereafter, the Attorney General, in consultation with the Secretary of the Treasury, Federal law enforcement agencies, the Director of National Intelligence, Federal functional regulators, and the heads of other appropriate Federal agencies, shall publish a publicly available report that contains statistics, metrics, and other information on the use of data derived from financial institutions reporting under the Bank Secrecy Act, including the number of reports that—

have been received by the Financial Crimes Enforcement Network;

have been reviewed by the Financial Crimes Enforcement Network;

have been requested by other governmental agencies;

have led to a secondary investigation by the Financial Crimes Enforcement Network;

have led to further procedures by law enforcement agencies, including the use of a subpoena, warrant, or other legal process;

have resulted in a conviction or settlement; and

have resulted in additional charges in investigations unrelated to money laundering.

Congress should also eliminate 26 U.S.C. Section 6050I because no American should be forced by law to report on the activity of another American—especially when that activity is between only two parties. Yet, 26 U.S.C. Section 6050I requires exactly that when Americans choose to use cash or cryptocurrencies.¹⁰⁸ This section should be repealed in its entirety. Between blockchain forensics and traditional investigations, there already exist plenty of tools available to law enforcement; Americans should not and need not be forced to become informants on one another against their will.¹⁰⁹

Finally, Congress should turn its focus toward the future by enacting protections for two‐party, or peer‐to‐peer, transactions. Holding cryptocurrency in a “self‐hosted” wallet is merely the digital equivalent of holding physical cash in a traditional wallet. It gives the owner complete control over what’s held inside it and, to the extent that they want to do so, the ability to maintain their privacy. Congress should not let financial surveillance further encroach on Americans’ privacy by being expanded to cover self‐hosted wallets and peer‐to‐peer exchanges. To do so, Congress could use the following language:¹¹⁰

In General—No agency head may prohibit or otherwise restrict the ability of a covered user to—

use cryptocurrency or its equivalent for such user’s own purposes, such as to purchase goods and services for the user’s own use; or

conduct transactions through a self‐hosted wallet.

Conclusion

In a concurring opinion in United States v. Jones, Justice Sonia Sotomayor wrote,

More fundamentally, it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties. This approach is ill suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.¹¹¹

Considering how much has changed since the Bank Secrecy Act, United States v. Miller, and the Right to Financial Privacy Act took effect in the 1970s, Justice Sotomayor is right: it is time to reconsider the third‐party doctrine, the reasonable expectation of privacy, and financial privacy. “Having technology” in the 1970s meant having a television and an electric typewriter. Less than 20 percent of families had a credit card issued by a bank.¹¹² Today, technology is an integral part of modern life: Americans use credit or debit cards for nearly all purchases, acquire loans directly on their phones, and leave a digital trail nearly everywhere they go. So, while such financial records may have offered only limited insights into one’s life in the 1970s, these financial records now offer a full, detailed representation of one’s life.

Such unrivaled access to the lives of all Americans makes it evident that now, more than ever, it is time to rethink how financial privacy is treated in the United States. There will still be much to do in the long run, but the recommendations proposed here could help to significantly restore the financial privacy protections that have been eroded over the past 50 years.

Appendix A

To better understand the exceptions provided in the Right to Financial Privacy Act, this appendix breaks down and explains each of the 20 exceptions.¹¹³

Disclosure of financial records not identified with particular customers. The Right to Financial Privacy Act does not apply to financial records if the records do not identify particular customers. Examples could include benefit packages for employees, budgeting outlays, and similar high‐level records that might be maintained by a financial institution.

Disclosure to, or examination by, supervisory agency pursuant to exercise of supervisory, regulatory, or monetary functions with respect to financial institutions, holding companies, subsidiaries, institution‐affiliated parties, or other persons. The Right to Financial Privacy Act does not apply to financial records shared with any regulatory agency that has oversight over the institution in question. Examples could include records requested by the Federal Deposit Insurance Corporation or Federal Reserve during an audit.

Disclosure pursuant to Title 26 [or the Internal Revenue Code]. The Right to Financial Privacy Act does not apply to financial records shared in accordance with the Internal Revenue Code or tax system. Examples could include credit card statements, check records, invoices, and receipts.

Disclosure pursuant to federal statute [e.g., the Bank Secrecy Act] or rule promulgated thereunder. The Right to Financial Privacy Act does not apply to financial records sought in connection with federal statutes. For example, this exception means there are no protections regarding suspicious activity reports or currency transaction reports.

Disclosure pursuant to federal rules of criminal procedure or comparable rules of other courts. The Right to Financial Privacy Act does not apply to financial records sought under the rules and procedures that govern civil and criminal cases in the U.S. court system. Examples could include records sought during an ongoing court case.

Disclosure pursuant to administrative subpoena issued by administrative law judge. The Right to Financial Privacy Act does not apply to financial records if an administrative law judge issues a subpoena. Examples could include relevant papers, books, electronically stored information, or documents.

Disclosure pursuant to legitimate law enforcement inquiry respecting name, address, account number, and type of account of particular customers. The Right to Financial Privacy Act does not apply when law enforcement officials have a “legitimate inquiry” for only the name, address, account number, and account type of a particular customer.

Disclosure pursuant to lawful proceeding, investigation, etc., directed at financial institution or legal entity, or consideration or administration respecting government loans, loan guarantees, etc. The Right to Financial Privacy Act does not apply to financial records in connection to a government loan program on the condition that they are only used for their initial purpose with the government loan program. However, if a civil, criminal, or regulatory violation is suspected, the official overseeing the government loan program can instruct the relevant agency to independently seek out the records.

Disclosure pursuant to issuance of subpoena or court order respecting grand jury proceeding. The Right to Financial Privacy Act does not apply to financial records sought by a grand jury subpoena. Examples could include relevant papers, books, electronically stored information, or documents.

Disclosure pursuant to proceeding investigation, etc., instituted by Government Accountability Office and directed at a government authority. The Right to Financial Privacy Act does not apply to financial records requested by the Government Accountability Office as part of an ongoing proceeding, investigation, examination, or audit of another government authority.

Disclosure necessary for proper administration of programs of certain government authorities. The Right to Financial Privacy Act does not apply to financial records required to carry out the Social Security or Railroad Retirement Acts. Examples could include credit card statements, check records, invoices, and receipts.

Crimes against financial institutions by insiders. The Right to Financial Privacy Act does not apply to financial records concerning the possible commission of a crime by an executive, employee, or customer of a financial institution furnished to either the attorney general or the secretary of Treasury, or other enforcement agency. Examples could include credit card statements, check records, invoices, and receipts.

Disclosure to, or examination by, employees or agents of Board of Governors of Federal Reserve System or Federal Reserve banks. The Right to Financial Privacy Act does not apply to financial records sought by employees of the Federal Reserve System. Examples could include bank reserves, capital ratios, and balance sheets.

Disclosure to, or examination by, the Resolution Trust Corporation or its employees or agents. The Right to Financial Privacy Act does not apply to financial records sought by the Resolution Trust Corporation. Examples could include bank reserves, capital ratios, and balance sheets.

Disclosure to, or examination by, the Federal Housing Finance Agency or Federal Home Loan Banks. The Right to Financial Privacy Act does not apply to financial records sought by the Federal Housing Finance Agency or Federal Home Loan Banks. Examples could include bank reserves, capital ratios, and balance sheets.

Access to information necessary for administration of certain veteran benefits laws. The Right to Financial Privacy Act does not apply to financial records disclosed to the Department of Veterans Affairs solely for the purpose of properly carrying out benefits programs. Examples could include credit card statements, check records, invoices, and receipts.

Disclosure pursuant to federal contractor–issued travel charge card. The Right to Financial Privacy Act does not apply to financial records disclosed regarding a contractor‐issued travel card issued for official government travel. Examples could include receipts, invoices, and statements.

Disclosure to the Bureau of Consumer Financial Protection. The Right to Financial Privacy Act does not apply to financial records disclosed to the Bureau of Consumer Financial Protection. Examples could include bank reserves, capital ratios, and balance sheets.

Access to financial records for certain intelligence and protective purposes. The Right to Financial Privacy Act does not apply to financial records disclosed to a government authority authorized to conduct counterintelligence, foreign intelligence, or investigations of international terrorism. For example, this exception provides an open‐door policy for the Secret Service, Central Intelligence Agency, Federal Bureau of Investigation, and others.

Emergency access to financial records. The Right to Financial Privacy Act does not apply to financial records disclosed if the government determines that delaying access would lead to someone being physically injured, property being damaged, or a criminal going on the run.

Appendix B

To understand the erosion of financial privacy over time at a glance, this appendix provides a brief timeline of significant events between 1970 and 2022.

1970—Bank Secrecy Act
1972—Currency transaction report (CTR) is set at $10,000
1972—American Civil Liberties Union, California Bankers Association, and Security National Bank apply for a temporary restraining order in the U.S. District Court for the Northern District of California
1973—Rep. Fortney Stark (D‑CA) seeks to better protect financial privacy, arguing that the Bank Secrecy Act undermined the long‐held tradition of confidentiality between bankers and customers
1974—California Bankers Association v. Shultz
1974—Privacy Act
1976—United States v. Miller and the creation of the third‐party doctrine
1977—Privacy Protection Study Commission releases a report titled Personal Privacy in an Information Society, criticizing the 1974 Privacy Act for failing to deliver the protections one would expect
1978—Right to Financial Privacy Act
1980—Adjusting CTR threshold for inflation puts it at approximately $19,000
1990—Adjusting CTR threshold for inflation puts it at approximately $31,000
1990—Financial Crimes Enforcement Network (FinCEN) is created
1992—Annunzio-Wylie Anti–Money Laundering Act
1994—Money Laundering Suppression Act
1996—Suspicious activity report
2000—Adjusting CTR threshold for inflation puts it at approximately $41,000
2001—Kyllo v. United States
2001—Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act
2010—Adjusting CTR threshold for inflation puts it at approximately $53,000
2012—United States v. Jones
2013–2017—Operation Choke Point
2018—Carpenter v. United States
2020—Adjusting CTR threshold for inflation puts it at approximately $63,000
2021—U.S. Treasury seeks to monitor bank accounts with $600 of annual activity
2021—Infrastructure Investment and Jobs Act mandates citizens report on each other’s cryptocurrency use
2022—Adjusting CTR threshold for inflation puts it at approximately $68,000
2022—Canadian Prime Minister Justin Trudeau freezes more than 200 bank accounts in attempt to stop protestors
2022—Rep. Jim Himes (D‑CT) introduces bill to expand Treasury’s ability to censor financial transactions
2022—ICE revealed to have been collecting approximately 6 million records from 2019 to 2022 for money transfers greater than $500 to and from Mexico
2022—Treasury sanctions Tornado Cash

Acknowledgments

The author thanks Norbert Michel, Jordan Brewer, Ann Rulon, Jennifer Schulp, Laura Bondank, Patrick Eddington, Zachary Wong, JP Koning, Marta Belcher, Dante Disparte, Christian Kameir, and Nicholas Thielman for their suggestions. The author also thanks Emily Ekins for surveying the American public on questions regarding financial privacy. Any errors belong to the author alone.

Citation

Anthony, Nicholas. “The Right to Financial Privacy: Crafting a Better Framework for Financial Privacy in the Digital Age,” Policy Analysis no. 945, Cato Institute, Washington, DC, May 2, 2023.

Nicholas Anthony

Policy Analyst, Center for Monetary and Financial Alternatives

Notes

1. Nancy M. Kirschner, “The Right to Financial Privacy Act of 1978–The Congressional Response to United States v. Miller: A Procedural Right to Challenge Government Access to Financial Records,” University of Michigan Journal of Law Reform 13 (1979). For examples of the tension between privacy and security, see Dante Disparte, “Apple vs. FBI: Much Ado about Nothing or a Temporary Truce?,” Huffpost, March 31, 2016.

2. Chris Van Hollen, “Van Hollen, Whitehouse Ask GAO to Dig Deeper into Issue of Money Laundering and Real Estate,” Press Release, October 3, 2018.

3. Justice Thurgood Marshall argued, “By compelling an otherwise unwilling bank to photocopy the checks of its customers the Government has as much of a hand in seizing those checks as if it had forced a private person to break into the customer’s home or office and photocopy the checks there. Our Fourth Amendment jurisprudence should not be so wooden as to ignore the fact that through microfilming and other techniques of this electronic age, illegal searches and seizures can take place without the brute force of the general warrants which raised the ire of the Founding Fathers.” California Bankers Association v. Shultz, 416 U.S. 21 (1974). See also Cato Institute, “Financial Privacy in a Digital Era,” Live Online Policy Forum, April 21, 2022.

4. 12 U.S.C. § 3402 prohibits government authorities from accessing financial records unless they are able to obtain a customer’s consent, a warrant, a subpoena, or a formal written request.

5. Recent examples of governments violating financial freedom will be discussed at length later in this paper. However, those examples include the proposals to expand financial surveillance in the United States to all bank accounts with at least $600 in yearly activity, the decision by the Canadian government to freeze the bank accounts of protestors, the U.S. Department of Treasury’s decision to sanction a privacy service, and other similar events.

6. For a full discussion of the Bank Secrecy Act, see Norbert J. Michel and Jennifer J. Schulp, “Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals,” Cato Institute Policy Analysis no. 932, July 26, 2022.

7. Privacy Protection Study Commission, Personal Privacy in an Information Society (Washington: U.S. Government Printing Office, 1977).

8. Pub. L. No. 91–508 § 101 (1970); Norbert J. Michel and Jennifer J. Schulp, “Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals,” Cato Institute Policy Analysis no. 932, July 26, 2022.

9. California Bankers Association v. Shultz, 416 U.S. 21 (1974).

10. California Bankers Association v. Shultz, 416 U.S. 21 (1974).

11. Nancy M. Kirschner, “The Right to Financial Privacy Act of 1978–The Congressional Response to United States v. Miller: A Procedural Right to Challenge Government Access to Financial Records,” University of Michigan Journal of Law Reform 13 (1979).

12. Hearing on the Safe Banking Act, Before the Committee on Banking, Finance, and Urban Affairs, Subcommittee on Financial Institutions Supervision, Regulation, and Insurance, 95th Cong. 1st Sess. (October 3, 1977); Nancy M. Kirschner, “The Right to Financial Privacy Act of 1978–The Congressional Response to United States v. Miller: A Procedural Right to Challenge Government Access to Financial Records,” University of Michigan Journal of Law Reform 13 (1979).

13. Committee on Banking and Currency, Right to Financial Privacy Act of 1978, U.S. House, 93rd Cong., 1st Sess., Report no. 93–10181, 1973.

14. Privacy Act of 1974, 5 U.S.C. § 552a. For a background on the Privacy Act of 1974, see Electronic Privacy Information Center, “The Privacy Act of 1974.”

15. Privacy Act of 1974, 5 U.S.C. § 552a(b)(1)–(12).

16. California Bankers Association v. Shultz, 416 U.S. 21 (1974).

17. Scott Kolecki, “1970 C3 Chevrolet Corvette Model Guide,” Corvsport.

18. California Bankers Association v. Shultz, 416 U.S. 21 (1974).

19. United States v. Miller, 425 U.S. 435 (1976).

20. The third‐party doctrine was later reaffirmed in 1979 during Smith v. Maryland, 422 U.S. 735 (1979). Nicholas Anthony, “Why Don’t Americans Have Stronger Financial Privacy Rights?,” Cato at Liberty (blog), October 28, 2021; Marta Belcher, Jennifer J. Schulp, and Caleb O. Brown, “Marta Belcher and Jennifer Schulp on Financial Privacy in a Digital Era,” Cato Institute Audio, June 1, 2022.

21. Electronic Privacy Information Center, “Right to Financial Privacy Act.”

22. Privacy Protection Study Commission, Personal Privacy in an Information Society (Washington: U.S. Government Printing Office, 1977).

23. Privacy Protection Study Commission, Personal Privacy in an Information Society (Washington: U.S. Government Printing Office, 1977).

24. Privacy Protection Study Commission, Personal Privacy in an Information Society (Washington: U.S. Government Printing Office, 1977).

25. Privacy Protection Study Commission, Personal Privacy in an Information Society (Washington: U.S. Government Printing Office, 1977).

26. Nicholas Anthony, “Why Don’t Americans Have Stronger Financial Privacy Rights?,” Cato at Liberty (blog), October 28, 2021.

27. Electronic Privacy Information Center, “Right to Financial Privacy Act.” The Right to Financial Privacy Act was enacted in Title XI of the Financial Institutions Regulatory and Interest Rate Control Act. Committee on Banking, Finance, and Urban Affairs, Financial Institutions Regulatory and Interest Rate Control Act, U.S. House, 95th Cong., 2nd Sess., Report no. 95–14279, 1978.

28. See 12 U.S.C. §§ 3401–3423. Or, for a general overview, see Electronic Privacy Information Center, “Right to Financial Privacy Act.”

29. Right to Financial Privacy Act of 1978, 12 U.S.C. §§ 3404–3408.

30. For the process for delaying notice, see 12 U.S.C. § 3409.

31. For an example of the process for objecting to the release of one’s records, see 12 U.S.C. § 3405(2).

32. Notably, the exceptions included in the final version of the law were not part of the original 1973 proposal. Committee on Banking and Currency, Right to Financial Privacy Act of 1978, U.S. House, 93rd Cong., 1st Sess., Report no. 93–10181, 1973.

33. Right to Financial Privacy Act of 1978, 12 U.S.C. §§ 3413 and 3414.

34. For example, it was revealed in 2022 that millions of records were being collected by U.S. Immigration and Customs Enforcement (ICE) through the use of administrative subpoenas. These subpoenas are covered under the sixth exception. However, ICE could have just as easily skirted the Right to Financial Privacy Act through the fourth, eleventh, nineteenth, and twentieth exceptions. This subject will be discussed further in a later section, but for an introduction to the issue, see Matthew Guriglia, “Here’s How ICE Illegally Obtained Bulk Financial Records from Western Union,” Electric Frontier Foundation, March 10, 2022.

35. Financial Crimes Enforcement Network, “Suspicious Activity Report Supporting Documentation,” FIN-2007-G003, June 13, 2007; 12 U.S.C. § 3413(b).

36. Financial Crimes Enforcement Network, “SAR Activity Review: Trends, Tips & Issues,” Bank Secrecy Act Advisory Group, October 2005; Federal Financial Institutions Examination Council, “Suspicious Activity Reporting—Overview,” BSA/AML Manual.

37. Nicholas Anthony, “Why Don’t Americans Have Stronger Financial Privacy Rights?,” Cato at Liberty (blog), October 28, 2021.

38. U.S. Department of the Treasury, “General Explanations of the Administration’s Fiscal Year 2022 Revenue Proposals,” May 2021.

39. U.S. Department of the Treasury, “General Explanations of the Administration’s Fiscal Year 2022 Revenue Proposals,” May 2021.

40. U.S. Department of the Treasury, “General Explanations of the Administration’s Fiscal Year 2022 Revenue Proposals,” May 2021.

41. Nicholas Anthony, “Why Don’t Americans Have Stronger Financial Privacy Rights?,” Cato at Liberty (blog), October 28, 2021.

42. Tim Scott, “Scott, Colleagues Introduce Bill to Block Democrats’ IRS Snooping Proposal,” Press Release, October 21, 2021; Committee on Banking, Housing, and Urban Affairs, Prohibiting IRS Financial Surveillance Act, U.S. Senate, 117th Cong., 1st Sess., Report no. 117‑2056, 2021.

43. Committee on Financial Services, Protecting Financial Privacy Act of 2021, U.S. House, 117th Cong., 1st Sess., Report no. 117‑5451, 2021.

44. U.S. Department of the Treasury, “Fact Sheet: Tax Compliance Proposals Will Improve Tax Fairness While Protecting Taxpayer Privacy,” Featured Stories, October 19, 2021.

45. This defense brings Maya Angelou’s famous quote to mind: “When people show you who they are, believe them.” The defense may have been true, but that does not mean it was a defensible position.

46. Committee on Banking, Finance, and Urban Affairs, Housing and Community Development Act of 1992, U.S. Senate, 102nd Cong., 2nd Sess., Report no. 102‑5334, 1992.

47. Committee on Banking, Finance, and Urban Affairs, Housing and Community Development Act of 1992, U.S. Senate, 102nd Cong., 2nd Sess., Report no. 102‑5334, 1992.

48. For a larger discussion of the Bank Secrecy Act, see Norbert J. Michel and Jennifer J. Schulp, “Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals,” Cato Institute Policy Analysis no. 932, July 26, 2022.

49. For the relevant portions of the USA PATRIOT Act, see §§ 311, 314, 326, 352, 356, and 359. Committees on Judiciary, Intelligence, Financial Services, International Relations, Energy and Commerce, Education and the Workforce, Transportation and Infrastructure, and Armed Services, Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001, U.S. House, 107th Cong., 1st Sess., Report no. 107‑3162, 2001.

50. Bank Secrecy Act, 31 U.S.C. § 5318(g).

51. Bank Secrecy Act, 31 U.S.C. § 5318(g)(2)(A)(i)–(ii).

52. The law also established a formalized anti–money laundering program requirement where financial institutions are required to develop internal policies, employ a compliance officer, train employees, and conduct audits to guard against money laundering and terrorist financing. See 31 U.S.C. § 5318(h).

53. Nicholas Anthony, “The Infrastructure Investment and Jobs Act’s Attack on Crypto: Questioning the Rationale for the Cryptocurrency Provisions,” Cato Institute Briefing Paper no. 129, November 15, 2021; Abraham Sutherland, “Research Report on Tax Code Section 6050I and Digital Assets,” Proof of Stake Alliance, September 17, 2021; Marta Belcher, “Tucked Inside Biden Infrastructure Bill: Unconstitutional Crypto Surveillance,” Coin Desk, January 25, 2022.

54. Internal Revenue Service, “Reporting Cash Payments of over $10,000,” Publication 1544, revised September 2014; An Act Relating to the Administration of Certain Collected Taxes, 26 U.S.C. § 7203.

55. Committee on Financial Services, Special Measures to Fight Modern Threats Act, U.S. House, 117th Cong., 2nd Sess., Report no. 117‑7128, 2022; Nicholas Anthony, “America COMPETES Act Gives Treasury Unchecked Power,” Cato at Liberty (blog), January 27, 2022.

56. U.S. House Committee on Financial Services, “America COMPETES Act Contains Key Provisions Authored by Committee Democrats,” Press Release, January 25, 2022.

57. Jerry Brito and Peter Van Valkenburgh, “New Bill Would Hand Treasury Blank Check to Ban Crypto at Exchanges,” Coin Center, January 26, 2022.

58. U.S. House Committee on Financial Services, “Waters Announces Committee Victories in 2023 National Defense and Authorization Act,” Press Release, July 18, 2022; Committee on Armed Services, National Defense Authorization Act for Fiscal Year 2023, U.S. House, 117th Cong., 2nd Sess., Report no. 117‑7900, 2022; Nicholas Anthony, “The Treasury’s Special Enforcement Measures, Again,” Cato at Liberty (blog), May 4, 2022.

59. At the time of this writing, no member of Congress has claimed ownership of the Transparency and Accountability in Service Providers Act. Instead, in a moment of irony, the bill, one that seeks to further remove financial privacy, was published anonymously. Committee on Financial Services, Transparency and Accountability in Service Providers Act, U.S. House, 117th Cong., 2nd Sess., 2022.

60. To be clear, the Special Measures to Fight Modern Threats Act and the Transparency and Accountability in Service Providers Act have not yet been passed.

61. Dustin Volz, “Most Americans Unwilling to Give Up Privacy to Thwart Attacks: Reuters/Ipsos Poll,” Reuters, April 4, 2017.

62. Dustin Volz, “Most Americans Unwilling to Give Up Privacy to Thwart Attacks: Reuters/Ipsos Poll,” Reuters, April 4, 2017.

63. Alan Zibel and Brent Kendall, “Probe Turns Up Heat on Banks,” Wall Street Journal, August 7, 2013.

64. Alan Zibel and Brent Kendall, “Probe Turns Up Heat on Banks,” Wall Street Journal, August 7, 2013.

65. Brian Knight, “How Financial Regulatory Tools Are Used Against Law‐Abiding Americans—And How to Fix It,” The Hill, March 3, 2022.

66. Dennis Shaul, “There’s No Downplaying the Impact of Operation Choke Point,” American Banker, November 28, 2018.

67. Michelle Hackman and Dustin Volz, “Secret Surveillance Program Collects Americans’ Money‐Transfer Data, Senator Says,” Wall Street Journal, March 8, 2022.

68. Matthew Guriglia, “Here’s How ICE Illegally Obtained Bulk Financial Records from Western Union,” Electric Frontier Foundation, March 10, 2022.

69. Matthew Guriglia, “Here’s How ICE Illegally Obtained Bulk Financial Records from Western Union,” Electric Frontier Foundation, March 10, 2022.

70. U.S. Department of the Treasury, “U.S. Treasury Sanctions Notorious Virtual Currency Mixer Tornado Cash,” Press Release, August 8, 2022.

71. Alan Zibel and Brent Kendall, “Probe Turns Up Heat on Banks,” Wall Street Journal, August 7, 2013.

72. Nikhilesh De, “U.S. Secretary of State Tweets, Deletes Claim That Crypto Mixer Tornado Cash Is North Korea–Sponsored,” Coin Desk, August 8, 2022.

73. Nicholas Anthony and Ivane Nachkebia, “How the Market, Not Government, Regulates Cryptocurrency Crimes,” Cato at Liberty (blog), August 23, 2022; Nicholas Anthony, “Treasury’s Tornado Warning,” Cato at Liberty (blog), August 9, 2022; Jerry Brito and Peter Van Valkenburgh, “Analysis: What Is and What Is Not a Sanctionable Entity in the Tornado Cash Cast,” Coin Center, August 15, 2022.

74. Norbert Michel and Nicholas Anthony, “Keep Your Coins, Canada,” Cato at Liberty (blog), February 15, 2022; Ian Vásquez et al., Human Freedom Index 2021 (Washington: Cato Institute, 2021).

75. Sumeet Chatterjee and Clare Jim, “Hong Kong Bank Account Freezes Rekindle Asset Safety Fears,” Reuters, December 8, 2020; Andrew Osborn, “Russia Freezes Bank Accounts Linked to Opposition Politician Navalny,” Reuters, August 8, 2019.

76. Brian Knight, “If You Use a Bank Account, Don’t Get on the Wrong Side of the Government,” Discourse, April 1, 2022.

77. In 2016, Aaron Klein and Kristofer Readling highlighted how the price of a new car, a down payment on a home, and college tuition were all well below the $10,000 threshold in the 1970s. In 2015, however, nearly all those items had at least doubled in price. See Aaron Klein and Kristofer Readling, “Why Do 1970s Prices Dictate Anti–Money Laundering Rules?,” Bipartisan Policy Institute, March 17, 2016.

78. Nicholas Anthony, “How Inflation Erodes Financial Privacy,” Cato at Liberty (blog), June 10, 2022; Norbert Michel and Nicholas Anthony, “Review of Bank Secrecy Act Regulations and Guidance,” Cato Institute, February 7, 2022.

79. California Bankers Association v. Shultz, 416 U.S. 21 (1974).

80. The concern shared by Justices Powell and Blackmun was also shared in the decision in Burrows v. Superior Court. See California Bankers Association v. Shultz, 416 U.S. 21 (1974); Burrows v. Superior Court, 12 Cal. 3d 239 (1974).

81. Hearing on the Oversight of the Financial Crimes Enforcement Network, Before the Committee on Financial Services, 117th Cong. 1st Sess. (April 28, 2022).

82. “Finding a needle in the haystack is dependent on a number of things,” said Representative Steil at the hearing, “one of them being how big the haystack is. So if we can find a way to get the haystack down, I think it may actually put us in the position to more easily find the needle.” Hearing on the Oversight of the Financial Crimes Enforcement Network, Before the Committee on Financial Services, 117th Cong. 1st Sess. (April 28, 2022).

83. Committee on Financial Services, Counter Terrorism and Illicit Finance Act, U.S. House, 115th Cong., 2nd Sess., Report no. 115‑6068, 2018. Notably, Rep. Dina Titus (D‑NY) also had a bill to increase the threshold for reporting winnings from slot machines so that it would adjust according to inflation. Committee on Ways and Means, To Amend the Internal Revenue Code of 1986 to Increase the Information Reporting Threshold for Slot Winnings, U.S. House, 117th Cong., 2nd Sess., Report no. 117‑6937, 2022.

84. Committee on Armed Services, William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, U.S. House, 116th Cong., 2nd Sess., Report no. 116‑6395, 2021.

85. Hearing on the Oversight of the Financial Crimes Enforcement Network, Before the Committee on Financial Services, 117th Cong. 1st Sess. (April 28, 2022).

86. “Civil Monetary Penalty Adjustment and Table,” 81 Fed. Reg. 42503 (June 30, 2016).

87. Howard Anglin, “In Our Cashless Society, We Need to Take Digital Jail Seriously,” The Hub, February 22, 2022.

88. Ian Vásquez et al., Human Freedom Index 2021 (Washington: Cato Institute, 2021).

89. Justice Harlan described a two‐step test in which a person must exhibit an expectation of privacy and it must be one “that society is prepared to recognize as reasonable.” Katz v. United States, 389 U.S. 347 (1967).

90. Kyllo v. United States, 533 U.S. 27 (2001).

91. United States v. Jones, 565 U.S. 400 (2012).

92. Carpenter v. United States, 138 S. Ct. 2206 (2018). For additional context, see Patrick Eddington, “Needed: A Bill of Rights for the Digital Age,” The Hill, June 26, 2018.

93. Katz v. United States, 389 U.S. 347 (1967).

94. Katz v. United States, 389 U.S. 347 (1967).

95. Nicholas Anthony, “Update: Two Thirds of Commenters Concerned about CBDC,” Cato at Liberty (blog), July 27, 2022.

96. Electronic Privacy Information Center, “Right to Financial Privacy Act.”

97. Hearing on the Safe Banking Act, Before the Committee on Banking, Finance, and Urban Affairs, Subcommittee on Financial Institutions Supervision, Regulation, and Insurance, 95th Cong. 1st Sess. (October 3, 1977).

98. Hearing on the Safe Banking Act, Before the Committee on Banking, Finance, and Urban Affairs, Subcommittee on Financial Institutions Supervision, Regulation, and Insurance, 95th Cong. 1st Sess. (October 3, 1977).

99. Hearing on the Safe Banking Act, Before the Committee on Banking, Finance, and Urban Affairs, Subcommittee on Financial Institutions Supervision, Regulation, and Insurance, 95th Cong. 1st Sess. (October 3, 1977); Norbert J. Michel and Jennifer J. Schulp, “Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals,” Cato Institute Policy Analysis no. 932, July 26, 2022; U.S. Department of Justice, “The Role of Law Enforcement in Detecting, Investigating, and Prosecuting Criminal Activity Related to Digital Assets,” The Report of the Attorney General, September 6, 2022.

100. Carpenter v. United States, 138 S. Ct. 2206 (2018).

101. John Paul Koning (@jp_koning), “Policymakers choose a level of payments fraud they wish to tolerate, and that level is not zero; a zero‐fraud policy would also mean an unusable payments system,” Twitter post, September 5, 2022, 8:52 a.m.

102. LexisNexis Risk Solutions, “True Cost of AML Compliance Study,” 2019.

103. Nicholas Anthony, “Reporting FinCEN’s Suspicious Activity,” Cato at Liberty (blog), April 13, 2022. When considering FinCEN’s performance, Rep. John Rose (R‑TN) was right to express his concern about how “the federal government deputizes financial institutions,” considering the financial industry suffers costs in the billions for its role in the process and it is largely unknown what benefit has come out of it all. Nicholas Anthony, “Stop Deputizing Banks as Law Enforcement Agents,” Cato at Liberty (blog), May 3, 2022; Nicholas Anthony, “Oversight of the Financial Crimes Enforcement Network,” Cato Institute Statement for the Records, April 28, 2022.

104. Norbert J. Michel and Jennifer J. Schulp, “Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals,” Cato Institute Policy Analysis no. 932, July 26, 2022.

105. Norbert J. Michel and Jennifer J. Schulp, “Revising the Bank Secrecy Act to Protect Privacy and Deter Criminals,” Cato Institute Policy Analysis no. 932, July 26, 2022.

106. This language is slightly modified from the Counter Terrorism and Illicit Finance Act. Committee on Financial Services, Counter Terrorism and Illicit Finance Act, U.S. House, 115th Cong., 2nd Sess., Report no. 115‑6068, 2018.

107. This language is slightly modified from the Financial Crimes Enforcement Network Improvement Act and the National Defense Authorization Act for Fiscal Year 2021. Committee on Financial Services, Financial Crimes Enforcement Network Improvement Act, U.S. House, 117th Cong., 2nd Sess., Report no. 117‑7623, 2022; Committee on Armed Services, William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, U.S. House, 116th Cong., 2nd Sess., Report no. 116‑6395, 2021.

108. Nicholas Anthony, “The Infrastructure Investment and Jobs Act’s Attack on Crypto: Questioning the Rationale for the Cryptocurrency Provisions,” Cato Institute Briefing Paper no. 129, November 15, 2021; Abraham Sutherland, “Research Report on Tax Code Section 6050I and Digital Assets,” Proof of Stake Alliance, September 17, 2021.

109. Nicholas Anthony and Ivane Nachkebia, “How the Market, Not Government, Regulates Cryptocurrency Crimes,” Cato at Liberty (blog), August 23, 2022. For example, two Chinese intelligence officers attempted to bribe a U.S. government employee with Bitcoin, but the use of cryptocurrency did little to halt their identification. Department of Justice, “Two Chinese Intelligence Officers Charged with Obstruction of Justice in Scheme to Bribe U.S. Government Employee and Steal Documents Related to the Federal Prosecution of a PRC‐Based Company,” Press Release, October 24, 2022.

110. This language is slightly modified from the Keep Your Coins Act. Committee on Financial Services, Keep Your Coins Act, U.S. House, 117th Cong., 2nd Sess., Report no. 117‑6727, 2022.

111. United States v. Jones, 565 U.S. 400 (2012).

112. Thomas A. Durkin, “Credit Cards: Use and Consumer Attitudes, 1970–2000,” Federal Reserve Bulletin, September 2000.

113. Right to Financial Privacy Act of 1978, 12 U.S.C. §§ 3413 and 3414.

This work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.

The Right to Financial Privacy

Crafting a Better Framework for Financial Privacy in the Digital Age

The Right to Financial Privacy

Crafting a Better Framework for Financial Privacy in the Digital Age

Introduction

Trouble in the Wake of the Bank Secrecy Act

Related Media

The Right to Financial Privacy Act of 1978

Life After the Right to Financial Privacy Act

Legislative Expansions

Related Podcast

Law Enforcement Investigations and Regulatory Pressure

Hidden Expansions

Related Media

A Reasonable Expectation of Privacy

The Elephant in the Room: Greater Financial Privacy Will Create a Greater Burden on Law Enforcement and Regulators

Recommendations for a Better Framework for Financial Privacy

Related Event

Conclusion

Appendix A

Appendix B

Acknowledgments

Citation

About the Author

Nicholas Anthony

Notes

Introduction

Trouble in the Wake of the Bank Secrecy Act

Related Media

The Right to Financial Privacy Act of 1978

Life After the Right to Financial Privacy Act

Legislative Expansions

Related Podcast

Law Enforcement Investigations and Regulatory Pressure

Hidden Expansions

Related Media

A Reasonable Expectation of Privacy

The Elephant in the Room: Greater Financial Privacy Will Create a Greater Burden on Law Enforcement and Regulators

Recommendations for a Better Framework for Financial Privacy

Related Event

Conclusion

Appendix A

Appendix B

Acknowledgments

Citation

Download This Policy Analysis

The Right to Financial Privacy

About the Author

Nicholas Anthony

Notes