Government spying on your bank accounts
Financial institutions pass along personal information if there's a hint of suspicious activity.
NEW YORK (CNNMoney.com) -- Think you're immune from government scrutiny into your private bank accounts? Think again.
Consumers who deviate from their normal pattern of banking with a transaction worth $5,000 or more could find themselves under the microscope by federal regulators as possible terrorists or money launderers - even if their action was as innocent as suddenly paying off a credit card bill or receiving a sudden inflow of cash to buy a car.
While September 11 put the spotlight on terrorist financing and prompted calls by law enforcement for more power in investigating questionable financial transactions, banks have been handing over personal customer information to the government for years.
Since 1996, banks have been required to file a Suspicious Activity Report (SAR) whenever they detect a suspicious transaction of $5,000 or more that could involve potential money laundering or terrorist financing, said Candice Pratsch, a spokeswoman for the Financial Crimes Enforcement Network (FinCEN), the arm of the Treasury Department in charge of aggregating reports.
Personal data passed to government
SARs provide the government with addresses, names, dates of birth, Social Security numbers or passport information, along with a brief description of the financial activities that raised red flags.
Between April 1996 and December 2005, 2.19 million SARs were filed by depository institutions, according to a recent report by FinCEN. The government touts the law as an effective tool in helping law enforcement track leads for new investigations and in identifying and linking intelligence for ongoing investigations by the FBI.
But privacy advocates say the law crosses the line by making the definition of "suspicious activity" deliberately vague. That forces banks to use their own subjective discretion in filing SARs, paving the way for racial profiling and creating mountains of expensive paperwork.
"Under this law, banking regulators are starting with the premise that every American is a terrorist, and anything that they do is capable of being a terrorist act," said James Rockett, co-head of the financial institutions corporate and regulatory group at San Francisco-based law firm Bingham McCutchen.
"The definition of unusual is so broad under the current construct ... anything that happens in any single account in the U.S., even if it's negligibly different, is going to be reported to the government," he said.
Rockett said the overbroad guidelines violate consumers' privacy - especially since it's illegal for banks to inform customers when SARs are filed on them.
A privacy violation or banking duty?
John Hall, spokesman for American Bankers Association, said the banking industry is sensitive to the privacy concerns of its consumers - but that banks have to balance that with their reporting requirements.
"Banks have a trusted relationship with their customers, but we also have a legal responsibility placed on us by regulators," he said. And failure to comply to the satisfaction of the government could lead to some massive fines and penalties.
In 2004, Riggs Bank - now owned by PNC Financial Services Group (Charts) - was fined $25 million for failing to report suspicious transactions within the account of the former Chilean dictator Augusto Pinochet.
That same year, AmSouth (Charts) was fined $50 million and barred from branch expansion until 2006 for violating the Bank Secrecy Act. The company was accused of not reporting activities that were later found to be related to a Ponzi scheme.
AmSouth spokesman Rick Swagler said the bank, which will soon merge with Regions Financial (Charts), has taken active measures to improve compliance by installing software to help identify suspicious activity and by requiring all employees to undergo compliance training.
He declined to reveal the costs of the compliance measures but indicated that it is a labor-intensive program, with employees completing 200,000 hours of compliance training last year.
Experts estimate that complying with the Bank Secrecy Act is costing the banking industry billions of dollars to purchase complex software systems and hire and train the employees that are needed to analyze the transactions to determine suspicious activities.
A burden on banks
That's a significant burden on budgets and earnings for financial institutions, said David Caruso, chief executive office of Dominion Advisory Group, a provider of anti-money-laundering programs.
And some critics say the law simply propels banks to file a mountain of useless reports to avoid the possibility of fines - a practice that could make discovering an actual terrorist or money-laundering plot as difficult as finding a needle in a haystack.
But Caruso, who also served as chief compliance officer for Riggs Bank after it was investigated for violating the Bank Secrecy Act, said that while most SARs don't actually result in criminal investigations, the data can be used alongside data from the FBI or overseas intelligence to create a more meaningful case.
"It's easy for critics to say that you filed 1,000 SARs and there was only one prosecution so it's not effective," he said. "You've got to broaden the definition of effectiveness."
Some of the cases prosecuted in 2005 using SAR data included a Ponzi scheme, real estate fraud and an insurance fraud case, according to a report by FinCEN. Drug traffickers were also convicted as a result of information provided by financial institutions.
Effective on terrorism?
But how effective are SARs when it comes to the fight on terror?
Rockett, of Bingham McCutchen, said the government has used the public's fear of terrorism to try to convince consumers that it's worth giving up some of their privacy in order to catch a greater evil.
FinCEN spokeswoman Pratsch said depository institutions filed 958 SARs based on suspicions of terrorist financing in 2005.
But she added that "it is inappropriate for FinCEN to report direct links between the filing of a SAR and an investigation into terrorist financing."
And critics say that's because SARs have little impact in stopping terrorism.
Bradley Jansen, director at the Center for Financial Privacy and Human Rights, said SARs would have been unable to track the 9/11 terrorists because their financial transactions weren't particularly suspicious or out of the ordinary.
He added that the vehemence surrounding SARs creates racial profiling but isn't effective in predicting a terrorist act.
"Once something happens, investigators can go back to database and find information quickly," he said. "But the suspicious profiling is not designed to prevent anything."