Hearing on the Weaponization of the Federal Government

As this Committee is aware, in the wake of the January 6th riot at the U.S. Capitol, federal investigators asked financial institutions to search customer transactions with terms like “MAGA,” “Trump,” and “Bass Pro Shops,” among others, and warned the institutions that purchases of “religious texts” could indicate “extremism.”¹The Treasury Department’s Office of Stakeholder Integration and Engagement in the Strategic Operations of the Financial Crimes Enforcement Network (FinCEN) also distributed materials to financial institutions describing “typologies” of “various persons of interest” and even provided the institutions with suggested merchant category codes for identifying customer transactions.²

The Committee’s own oversight work also suggests that “FinCEN warned financial institutions of ‘extremism’ indicators that include ‘transportation charges, such as bus tickets, rental cars, or plane tickets, for travel areas with no apparent purpose,’ or ‘the purchase of books (including religious texts) and subscriptions to other media containing extremist views.’”³ Finally, it appears that Bank of America “provided the FBI ‘voluntarily and without any legal process’ with a list of individuals who made transactions in the Washington, D.C., metropolitan area using a Bank of America credit or debit card between Jan. 5 and Jan. 7, 2021.”⁴

Interestingly, the Committee revealed the results of its oversight work just days before the U.S. 9th Circuit Court of Appeals ruled that the Federal Bureau of Investigations “violated people’s constitutional rights when it opened and “inventoried” the contents of hundreds of safe-deposit boxes during a raid on a Beverly Hills vault in 2021.”⁵ The case resulted from a 2021 raid (and closure) of U.S. Private Vaults, a company that allowed people to rent safe deposit boxes without providing the sort of personal information required of banks by the Bank Secrecy Act and the U.S. anti-money laundering (AML) regime.

Additionally, court records demonstrate that “the FBI also had developed a plan to permanently confiscate everything inside of the boxes worth at least $5,000 as part of a wholesale forfeiture,” but that the initial warrant request by the FBI and the U.S. Attorney’s Office did not ask “to seize the contents of the individual boxes in the vault and left out their plans to do so.”⁶ In a separate, concurring opinion that the other Circuit Court judges did not join, judge Milan D. Smith Jr. argued that “the contents of locked safe-deposit boxes should not be subject to government “inventory” at all when the government has no warrant to review their contents.”

Given the origins of the Bank Secrecy Act of 1970, and the regular expansion of the AML regime that has occurred during the last five decades, the only thing surprising about any of these recent incidents is that a federal judge still believes Americans should have such privacy. Indeed, because of Congress and the courts’ creation of the so-called third-party doctrine, Americans have very little financial privacy. Nor can they expect their financial records to enjoy the same protections from unreasonable searches and seizures that the 4th Amendment to the Constitution generally provides to their physical property.

The Controversial Bank Secrecy Act Has Always Endangered Americans’ Rights

Largely owing to the efforts of Rep. Wright Patman (D‑TX), the chairman of the House Committee on Banking and Currency in 1968, Congress passed a bill in 1970, several titles of which are now referred to as the Bank Secrecy Act (BSA).⁷ According to Patman, his intent was to create legislation that would “make it a criminal offense for any U.S. citizen to have financial dealings with a foreign financial institution that does not allow bona fide inspection of its records by our various regulatory agencies concerning the transactions involving the Americans,” and that would “merely extend the financial safeguards that we have in this country to foreign financial institutions dealing with Americans. It would go a long way toward protecting the interests of the vast majority of Americans who do not engage in any financial manipulations and would prevent the outflow of so-called hot money to foreign banking institutions.”⁸

Ultimately, the legislation that became the BSA went much further than merely extending existing “financial safeguards,” and it did not make it a crime to deal with foreign financial institutions. Nonetheless, the BSA remains the statutory foundation for the existing U.S. anti–money laundering (AML) framework. The BSA made two major changes to existing federal laws: one that required financial institutions to maintain records “where such records have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings” and one that required the reporting of certain financial transactions to the Treasury Department.

The BSA also specified that transactions of more than $5,000 in monetary instruments transferred either into the United States or out of the United States had to be reported, a provision that became the statutory basis for requiring the filing of a Report of International Transportation of Currency or Monetary Instruments. The BSA also required reporting on domestic transactions, which became the statutory basis for filing currency transaction reports (CTRs), but it left the details on what would be required in CTRs up to the Treasury.

As Patman was negotiating to pass his legislation, multiple members of Congress complained that the bill’s domestic transaction reporting requirements did not address the legislation’s stated purpose. In fact, a 1983 Department of Justice report noted, “many Congressmen argued that the reports regarding domestic transactions [in the BSA] were not relevant to the purpose of the legislation, which was to address the problems caused by the foreign bank secrecy laws” and that those portions of the bill should be severed and considered later.⁹Several members also objected that the domestic transaction reporting requirements would violate the privacy of bank customers, that they would “unduly burden legitimate commercial transactions,” and that they delegated “too much power” to the Treasury secretary.¹⁰ Nonetheless, Patman was able to overcome objections by “stressing the urgent need for the legislation and the need for uniform recordkeeping.”¹¹

In 1972, Treasury promulgated the first BSA rules. These rules required financial institutions to “file a report of each deposit, withdrawal, exchange of currency or other payment or transfer, by, through, or to such financial institution, which involves a transaction in currency of more than $10,000,” and this $10,000 reporting threshold remains unchanged.¹² (In inflation adjusted figures, this $10,000 threshold is equivalent to more than $70,000 in 1972.)

Perhaps the most consequential change to the BSA was made in 1992, when Congress added the statutory basis for requiring financial institutions to file what are now known as suspicious activity reports (SARs). Specifically, Section 1517 of the Annunzio-Wylie Anti–Money Laundering Act of 1992 authorized the Treasury secretary to “require any financial institution, and any director, officer, employee, or agent of any financial institution, to report any suspicious transaction relevant to a possible violation of law or regulation.”¹³ As a result, financial institutions were required to file “criminal referral forms,” with supporting documentation, with multiple federal agencies. (The Money Laundering Suppression Act of 1994 established the modern SAR reporting regime by authorizing the Treasury to designate a single officer or agency to “refer any report of a suspicious transaction to any appropriate law enforcement or supervisory agency.”)¹⁴

More recently, the Anti–Money Laundering Act of 2020 amended the BSA by establishing the Corporate Transparency Act (CTA), an act that creates “uniform beneficial ownership information reporting requirements.”¹⁵ Prior to the act, financial institutions were generally charged with obtaining information about the beneficial owners of a corporate customer as part of their customer identification programs and customer due diligence processes, but the act requires the company–instead of the financial institution–to report identifying information to a central database that FinCEN manages. Supposedly, these provisions are intended to prevent people from circumventing AML laws using shell corporations, one problem that the BSA was supposed to mitigate when originally enacted in 1970. On March 4, 2024, U.S. District Judge Liles C. Burke ruled that the CTA is unconstitutional.¹⁶

This ruling is not the first time that the BSA regime has been faced with serious legal questions over its constitutionality. In fact, from the very beginning the BSA was controversial enough to trigger multiple legal challenges, several of which went to the U.S. Supreme Court.¹⁷ The two major Supreme Court cases regarding the BSA were California Bankers Association v. Shultz (decided 6–3) in 1974 and United States v. Miller (decided 7–2) in 1976.¹⁸

In California Bankers Association v. Shultz, the Court addressed the constitutionality of both the recordkeeping and reporting provisions of the BSA, upholding those provisions. The Court held that the BSA recordkeeping provisions did not violate the Fourth Amendment, finding that nothing in the recordkeeping provisions require that any information be disclosed to the government. The Court also rejected the plaintiffs’ argument that the banks were themselves effecting a seizure of customer records acting as “agent[s] of the Government,” noting that banks, who are themselves a party to the transaction, “voluntarily kept records of this sort before they were required to do so by regulation.”

For the domestic reporting requirements, the Court held that the reporting requirements of the BSA did not violate any Fourth Amendment rights of the banks because they are parties to the transactions themselves. However, the Court found that the depositors lacked standing to assert a Fourth Amendment claim because they had not shown that their transactions were required to be reported.

Thus, while the Supreme Court upheld the BSA’s reporting provisions, it did not address the fundamental question of whether the reporting requirements violated the Fourth Amendment rights of bank customers to be free from the government’s search and seizure of their records. The lower court had found that this provision violated the Fourth Amendment, “insofar as it authorizes the Secretary to require virtually unlimited reporting from banks and their customers of domestic financial transactions as a surveillance device for the alleged purpose of discovering possible, but unspecified, wrongdoing among the citizenry.”

Although the Court upheld the BSA, the justices were divided over the BSA’s implications for constitutional protections. For instance, Justices Lewis Powell and Harry Blackmun, who joined the majority in upholding the law, wrote a concurring opinion explicitly cautioning against “a significant extension of the regulation’s [domestic] reporting requirements,” noting that “Financial transactions can reveal much about a person’s activities, associations, and beliefs. At some point, governmental intrusion upon these areas would implicate legitimate expectations of privacy. Moreover, the potential for abuse is particularly acute where, as here, the legislative scheme permits access to this information without invocation of the judicial process.” Additionally, Justices William Douglas, William Brennan Jr., and Thurgood Marshall filed separate dissents voicing similar concerns with the BSA and arguing that the law, as then conceived, violated the Constitution. Justice Douglas recognized that “customers have a constitutionally justifiable expectation of privacy in the documentary details of the financial transactions reflected in their bank accounts.” He acknowledged that the “wall is not impregnable” but found that both the recordkeeping and reporting provisions ran afoul of the Fourth Amendment. On the recordkeeping provision, Douglas argued:

Douglas contrasted the BSA with other compulsory recordkeeping that did not raise the same constitutional concerns, noting that prior to the BSA, the United States had “confined compulsory recordkeeping to that required to monitor either (1) the recordkeeper, or (2) his business” and that even then “they must be records that would ‘customarily’ be kept, have a ‘public’ rather than a private purpose, and arise out of an ‘essentially noncriminal and regulatory area of inquiry.’” Douglas returned to the characterization that a “checking account…may well record a citizen’s activities, opinion, and beliefs” to find that the reporting provisions violate the Constitution.

Douglas also argued that “The Fourth Amendment warrant requirements may be removed by constitutional amendment, but that they certainly cannot be replaced by the Secretary of the Treasury’s finding that certain information will be highly useful in “criminal, tax, or regulatory investigations or proceedings.” Justice Brennan joined Douglas’s concurrence as to the recordkeeping provisions but wrote separately on the reporting provisions, finding that those provisions violated the Constitution by delegating to the Treasury secretary “in broad and indefinite terms under a statute that lays down criminal sanctions and potentially affects fundamental rights.”

Justice Marshall also agreed with Douglas and Brennan but wrote a separate dissent to emphasize that he saw the BSA’s recordkeeping provisions themselves as an unlawful search and seizure. He argued that “By compelling an otherwise unwilling bank to photocopy the checks of its customers the Government has as much of a hand in seizing those checks as if it had forced a private person to break into the customer’s home or office and photocopy the checks there.” Justice Marshall also argued that the existence of these records might “chill the exercise of First Amendment rights of association on the part of [contributors to political organizations] who wish to have their contributions remain anonymous.”

Just two years later, in United States v. Miller, the Court addressed whether a person under criminal investigation had standing to challenge IRS subpoenas seeking information from the person’s bank collected pursuant to the BSA’s recordkeeping provisions. While the California Bankers Association case did not decide whether the reporting requirements were an unconstitutional seizure of a customer’s information because the majority found that the plaintiffs lacked standing to bring the claim, the Court’s decision in Miller essentially answered the question by holding that the Fourth Amendment does not protect information revealed to the bank.

Justice Powell, writing for seven members of the Court, stated “The depositor takes the risk, in revealing his affairs to another, that the information will be conveyed by that person to the Government. This Court has held repeatedly that the Fourth Amendment does not prohibit the obtaining of information revealed to a third party and conveyed by him to Government authorities, even if the information is revealed on the assumption that it will be used only for a limited purpose and the confidence placed in the third party will not be betrayed.” The Court rejected all arguments that the fact that the documents were compelled to be created by the BSA altered the analysis, but Justices Brennan and Marshall again dissented. Brennan largely quoted from the lower court opinion, with which he agreed, arguing that “A bank customer’s reasonable expectation is that, absent compulsion by legal process, the matters he reveals to the bank will be utilized by the bank only for internal banking purposes.” Brenan argued:

That opinion recognized the important fact that for all practical purposes, the disclosure by individuals or business firms of their financial affairs to a bank is not entirely volitional, since it is impossible to participate in the economic life of contemporary society without maintaining a bank account…To permit a police officer access to these records merely upon his request, without any judicial control as to relevancy or other traditional requirements of legal process, and to allow the evidence to be used in any subsequent criminal prosecution against a defendant, opens the door to a vast and unlimited range of very real abuses of police power.

Separately, Justice Marshall expressed his exasperation with the majority’s ruling, stating that “I wash my hands of today’s extended redundancy by the Court. Because the recordkeeping requirements of the Act order the seizure of customers’ bank records without a warrant and probable cause, I believe the Act is unconstitutional and that respondent has standing to raise the claim. Since the Act is unconstitutional, the Government cannot rely on records kept pursuant to it in prosecuting bank customers.”

The holding in Miller helped establish what is now known as the “third-party doctrine,” which has served as a serious limitation on the Fourth Amendment’s protections by stripping a person of an expectation of privacy over information that a person voluntarily provides to a third party. Regardless of the doctrine’s name, law enforcement has access to Americans’ financial records without obtaining a search warrant.

These Court decisions were controversial, and Congress passed the Right to Financial Privacy Act of 1978, in part, to better protect Americans from warrantless surveillance. However, in practice, the Right to Financial Privacy Act failed to deliver such protection because it was enacted with a list of 20 different exceptions to its protections.¹⁹ From law enforcement inquiries to federal statutes, the exceptions covered nearly all forms of financial surveillance, and law enforcement still had access to Americans’ financial records without obtaining a search warrant.

As a result of the ever-widening regulatory framework that Congress authorized the Treasury to implement, many of the same privacy rights concerns exist today—to an even larger degree in some ways. The type of information contained in a SAR, for example, is essentially an accusation by a financial institution, reported to the federal government, that someone has acted illegally. Even the collection of this information under strict confidentiality requirements is problematic for citizens’ constitutionally protected rights, likely more so in the digital age than in the 1970s.

Even though five justices in the California Bankers Association case—Powell, Blackmun, Douglas, Brennan, and Marshall—raised issues with the BSA’s sweep under the Fourth Amendment, Congress and Treasury has consistently expanded the scope and size of the BSA/AML regime. Moreover, the technology that gave Justice Marshall reason to find that the recordkeeping provisions constituted an unconstitutional seizure has only proliferated in later years, including by expanding the number of situations in which a customer interacts with an intermediary to conduct financial transactions.

While the constitutionality of the BSA may have been upheld in 1974, these are questions that can—and should—be revisited as both the law and society have changed. In fact, two current Supreme Court justices have signaled a willingness to revisit and revise the third-party doctrine. In the 2012 case United States v. Jones, Justice Sonia Sotomayor suggested that the idea that an individual waives privacy by sharing information with a third party might be “ill-suited to the digital age, in which people reveal a great deal of information about themselves to third parties in the course of carrying out mundane tasks.”²⁰ More explicitly, she wrote that “it may be necessary to reconsider the premise that an individual has no reasonable expectation of privacy in information voluntarily disclosed to third parties.”²¹

Separately, Justice Neil Gorsuch wrote an extensive critique of the third-party doctrine in his dissent in Carpenter v. United States in 2018, in which the majority found that the third-party doctrine is not applicable to cellphone location data. In his critique, Gorsuch took on the third-party doctrine directly, arguing that under the traditional understanding of the Fourth Amendment “protections for your papers and effects do not automatically disappear just because you share them with third parties.”²² Noting that “at least some of [the Supreme Court’s] decisions have already suggested that the use of technology is functionally compelled by the demands of modern life,” Gorsuch argued that “just because you have to entrust a third party with your data doesn’t necessarily mean that you should lose all Fourth Amendment protections in it.”²³

The BSA/AML Regime Has Been Ineffective

It is virtually impossible to argue that the BSA/AML regime has markedly deterred criminal activity and provided a net benefit. If judged by the standard of reducing predicate crimes, there is virtually no empirical evidence to suggest that the BSA/AML regime has worked.²⁴ The U.S. General Accounting Office (GAO), for instance, has made several unsuccessful attempts to study the effectiveness of SAR filings in terms of prosecutions and convictions. One problem is that prosecutions often involve simultaneously charging perpetrators with money laundering violations, thus obscuring whether law enforcement discovered, for example, a drug crime because of money laundering or vice versa. According to the GAO, as of 2002, FinCEN was unable to report whether any of its SAR-based referrals resulted in criminal prosecutions. In fact, as late as 2014, academic research affirmed that possible benefits from the existing AML framework had not yet been demonstrated.

In 2019, Rep. Patrick McHenry (R‑NC), (then) ranking member of the House Financial Services Committee, repeatedly asked the Treasury and FinCEN for evidence—not merely anecdotes about enforcement actions—that the AML regime provides a net benefit. According to McHenry, the information provided did “not justify the burden placed on small businesses.” In fact, in 2024, FinCEN’s director testified to the House Financial Services Committee that FinCEN could not yet provide data on how law enforcement uses SARs, despite the fact that FinCEN has been collecting SARs for multiple decades.²⁵ Overall, the evidence suggests that the BSA/AML framework has done little more than produce an information overload through excessive reporting. In 2015, for instance, the FinCEN director announced that the agency receives “approximately 55,000 electronically filed BSA reports from more than 80,000 financial institutions and 500,000 individual foreign bank account holders each day.” In 2020, FinCEN Director Kenneth Blanco caused a stir when he announced that since 2013, FinCEN had received nearly 70,000 SARs related to “cryptocurrency exploitation,” but he neglected to mention that the agency received almost 2.3 million total SARs in 2019 alone. Under the BSA, financial institutions were required to file over 26 million reports on customer activity to FinCEN in 2022.²⁶

While regulators levy heavy fines under the BSA, these fines are not necessarily indicative of a successful regulatory system. For instance, regulators levied more than $592 million in fines for AML violations in 2021 alone, and they have long cited AML enforcement as a top priority. Still, federal agencies have been unable to demonstrate that the BSA/AML regime provides a net benefit. Unsurprisingly, research suggests that compliance costs are high for financial companies, with a disproportionate burden falling on smaller firms.

Though few total compliance cost estimates exist, one based on Office of Management and Budget burden-hour estimates suggests that total BSA/AML costs are between $5 billion and $8 billion per year. This total cost can be used to estimate per-conviction figures, but because federal agencies’ money laundering statistics vary, these averages display a wide range. For instance, using IRS-initiated money laundering sentences, and assuming (generously) that all such sentences would not have occurred but for the AML statutes, the per-conviction cost is at least $7 million. Using, instead, the FBI’s money laundering conviction totals, the per-conviction cost is much higher, ranging between $107 million and $178 million.

Another cost, though difficult to measure, is that financial firms may be reluctant to take on customers or activities that make their regulatory compliance more difficult. In 2018, for instance, the GAO “determined that Bank Secrecy Act/anti–money laundering (BSA/AML) regulatory concerns have played a role in banks’ decisions to terminate and limit customer accounts and close bank branches.” Though not explicit, the AML regulatory framework imposes costs on would-be financial services customers, with firms simply refusing to provide some financial services to certain customers.

These rules have also likely contributed to financial firms’ hesitancy to work with emerging industries, such as cryptocurrency-related companies and blockchain based technologies. This hesitancy can hinder innovation and competition in financial markets, one of several difficult-to-quantify costs associated with this regulatory regime. Another such cost is that many law-abiding customers have had their accounts frozen, at least temporarily, and have been kept out of the banking system. For instance, long before 2022, many Russian Americans had their accounts closed by banks who feared being liable for AML violations simply due to these customers’ connections to Russia.

Separately, a recent World Bank survey demonstrated that firms providing foreign remittance services have been increasingly scrutinized under the AML regime since the early 2000s. And Federal Deposit Insurance Corporation surveys suggest that approximately one third of the “unbanked” have chosen to stay out of the banking system because they do not want to provide the personal information that AML regulations require.

Other incidents show how difficult it can be to detect criminal activity and that federal regulators are themselves vulnerable to criminals. For example, in 2016, North Korean hackers broke into the SWIFT messaging network, stealing almost $100 million from the Bank of Bangladesh by routing it into private accounts through the Federal Reserve Bank of New York. Had it not been for a fluke occurrence, the thieves would have tricked the New York Fed into routing them nearly $1 billion from the Bank of Bangladesh.

Broadly, the ineffectiveness of the BSA/AML framework is not surprising because most types of businesses—financial or otherwise—are generally ill-equipped to catch criminals, especially when those criminals go to great lengths to conceal their crimes. It makes very little sense, therefore, to penalize legitimate businesses for failing to know that their customers might have engaged in criminal activity. As a rule, prosecutors should prosecute criminals for their crimes irrespective of what payment methods they use.

Congress Should Reform the BSA and Reaffirm Americans’ Rights

Even without BSA/AML reporting requirements, financial institutions have incentives to avoid criminal activity, including cybercrimes. It is doubtful—based on experience—that holding these firms legally responsible for AML programs that fail to stop criminals can improve those incentives. Even if Congress fully repealed the BSA, for instance, it would remain illegal for financial institutions to knowingly facilitate criminal activity such as tax evasion or the sale of illegal drugs. Moreover, the risks for financial institutions found to be assisting criminals are high in terms of negative publicity.

Personal and financial privacy are key components of life in a free society, where individuals enjoy a private sphere free of government involvement, surveillance, and control. Unless there is a reasonable suspicion that they have committed a crime or conspired to commit a crime, people should generally be free to live their lives unmolested and unsurveilled by the government. Financial privacy is of deep and abiding importance to freedom, but many governments have shown themselves willing to routinely abuse private financial information. Financial privacy can let people protect their life savings when a government tries to confiscate its citizens’ wealth, whether for political, ethnic, religious, or “merely” economic reasons.

Aside from specific constitutional protections, financial privacy is vital because it can be the difference between survival and systematic suppression of an opposition group. Many businesses, dissidents, and human rights groups maintain accounts outside the countries where they are active for precisely this reason, and there are many legitimate reasons to operate anonymously owned “shell” companies. For example, individual business owners may want to remain anonymous to avoid political backlash because their industry is frequently protested, to avoid negative financial consequences due to racism, or to become financially self-sufficient without fear of being harassed by someone who previously perpetuated violent behavior. The current financial regulatory framework is inconsistent with these principles. 

Especially given the technological advances in payments during the past few decades—changes that produce more voluminous transaction data with personal information that can more easily be shared—it is more important than ever to reform the BSA to protect privacy rights. A reasonable way for Congress to reform the BSA would be to require financial institutions to maintain records but to ensure that the government can only access customers’ personal information with a valid search warrant. (Rep. John Rose (R‑TN) introduced a bill that would implement such a reform and restore the protections that the 4th Amendment was intended to provide Americans.²⁷)

In this way, Congress could affirm that the Bill of Rights is not, to paraphrase Justice Douglas, intended to aid the prosecution of criminal cases. Given the high costs and the poor performance of the BSA in deterring criminal activity, it should be easy for Congress to implement this type of reform. Moreover, when surveyed, 83 percent of the American people say that the government should need a warrant to access their financial records.²⁸It’s long past the time for Congress to fix the BSA.