Last week, in Part 1, we took a conceptual look at the issue of balancing financial privacy interests with catching criminals. This week we look closer at the subject, with an eye on the legal landscape of financial privacy laws and law enforcement's ability to access financial records under the existing laws.

The legal battle between law enforcement and personal privacy in the United States is as old as privacy law itself, and maintaining a balance between the two has for years required continuous maintenance of financial privacy laws. One of the most recent changes occurred in 2001, with the introduction of the Patriot Act. While the Patriot Act gives law enforcement agencies easier access to financial information so they can intercept terrorist financing and prevent money laundering, the Patriot Act has also been used routinely to combat nonterrorist criminals.

But have we struck the right balance yet? Or are stronger financial privacy parameters needed to tip the scales in favor of either the consumer or law enforcement?

The financial privacy law landscape prior to the Patriot Act
Historically, customers have expected their bank records to be held in confidence, relying largely on their right to financial privacy based on their contractual agreement with the bank. But in 1970, the Bank Secrecy Act (BSA) became law, and turned that expectation upside down. The BSA began requiring financial institutions to maintain certain records on their customers and authorized the Secretary of the Treasury to require financial institutions to report certain financial transactions. That same year, the Fair Credit Reporting Act (FCRA) was passed, whose goal was to safeguard consumer financial information by limiting the availability of consumer credit reports only for specific "permissible purposes."

In 1978, the Right to Financial Privacy Act was passed, which generally precluded the disclosure of a consumer's individual financial records to a government authority without the customer's consent, absent a subpoena or other judicial order. In 1999, Title V of the Gramm-Leach Bliley Act addressed several additional issues relating to the protection of nonpublic personal information maintained by financial institutions. Since their enactment, each of these statutes has undergone several amendments, mostly in response to the competing interests between a consumer's right to financial privacy and law enforcement's legitimate need to access consumers' financial records.

The Patriot Act, enhanced law enforcement provide access to customers' financial records
The Patriot Act allows law enforcement to develop a strategy for catching the bad guys by virtue of significant changes in the regulatory scheme of financial privacy, including new "Know Your Customer" rules, and allowing the sharing of information between law enforcement and financial institutions. Specifically, section 314(a) of the Patriot Act allows law enforcement agencies to gather financial data about a person being investigated.

Under section 314(a), a federal law enforcement agency investigating either terrorist activity or money laundering may request that FinCEN (the U.S. Department of the Treasury's Financial Crimes Enforcement Network) provide certain financial information from a financial institution or group of financial institutions. FinCEN then turns to the financial institutions and asks them to search their records to determine whether they maintain or have maintained accounts for, or conducted transactions with, the individual or entity specified by the law enforcement agency.

If a financial institution has a record of dealing with the subject of the inquiry, it must report back to FinCEN, which in turn shares the collected financial information with the law enforcement agency. Financial institutions may not disclose that FinCEN or the requesting agency made such an information request. No search warrant or subpoena is required.

Section 314(a): Beyond terrorist financing and money laundering
According to FinCEN, investigations incorporating section 314(a) requests have included a Hawala operation, cigarette smuggling, arms trafficking, investment fraud, and an international criminal network. Anonymity stifles the ability of law enforcement to combat criminal activity. Consequently, one of the biggest challenges confronting law enforcement officials is connecting the dots when trying to catch the bad guys. However, given the delicate and often strained balance between the privacy laws and law enforcement’s need to access financial records, can a sacrifice in financial privacy result in a balancing benefit in more effective law enforcement, or does law enforcement have adequate tools today to intercept criminal activity?

By Ana Cavazos-Wright, senior payments risk analyst in the Retail Payments Risk Forum at the Atlanta Fed