Bank Secrecy Act and Financial Privacy

Written By Victorianne C. Musonza, JD, CISA, CAMS, CIPP/US/E, CIPM,

The name of the 1970 U.S. Bank Secrecy Act (BSA) is a bit of a misnomer. The very purpose of the act is require financial institutions to disclose irregular financial patterns and or activities of their customers to the appropriate governmental agencies, in order to detect, prevent and combat fraud, terrorism and money laundering criminal activity.

Financial institutions subject to BSA

Financial institution under BSA is defined as the following:

·      insured domestic banks,

·      credit unions,

·      investment institutions,

·      broker dealers, foreign banks,

·      casinos,

·      pawnbrokers,

·      currency exchange service,

·      travel agency, loan or finance companies,

·      Jem/stone dealer,

·      credit card companies,

·      issuers of travelers checks and money orders,

·      dealers of motor vehicles,

·      check cashing etc. who do over $1,000 or more in financial transactions per day.

Agencies in Charge of BSA oversight

The Financial Crimes Enforcement Network (FinCEN), a bureau of the US treasury Department, is in charge of BSA monitoring and compliance. FinCEN is also responsible for bringing civil enforcement actions for violations of the BSA.

BSA criminal enforcement actions are carried out by the Department of Justice via the U.S. Attorneys Criminal Division (Federal Prosecutors).

The federal banking agencies are charged with chartering (National Credit Union Administration, and Office of the Comptroller of the Currency), insuring (Federal Deposit Insurance Corporation and National Credit Union Administration), regulating, and supervising banks. These banking agencies require compliance under BSA.

Office of foreign asset control (OFAC), also a bureau of U.S. treasury, imposes controls on transactions and freeze assets under U.S. jurisdiction. OFAC sanctions, though separate from BSA, work in conjunction with BSA compliance obligations. Banks are required to run a check of the SDN list (blacklist) of names, countries and organizations on the OFAC list.

Compliance Requirements

The U.S. Patriot Act of 2001 amended the BSA Act to require that financial institutions implement anti-money laundering compliance programs such as: designated compliance officers, policy and procedures, employee training, customer identification programs (CIP), etc.

Reporting requirements

In order to comply with BSA, financial institutions are required to file transactions that meet certain criteria with FinCEN.

Currency Transaction Reports (CTR)

CTR are filed under these conditions:

●     cash transactions (deposit and withdrawals) $10,000 or more.

●     travelers checks and money orders valuing $3,000 - $10,000 or more.

●     money transfers valued at $3,000 or more.

●     currency exchanges $1,000 or more.

Suspicious Activity Reports (SARs)

Financial institutions are required file SARs for transactions report known or suspected criminal offenses, at specified thresholds, or transactions over $5,000 that they suspect involve money laundering or violate the Bank Secrecy Act.

 Suspicious transaction are defined as one or more of the following :

●     Illegally obtained funds

●     Transaction has no appropriate purpose

●     No reasonable explanation for the transaction

●     For example, a customer structuring deposits to fall under the reporting thresholds is considered suspicious.

 

The test for filing a SAR is as follows :

●     Size of transactions

●     Bank’s Familiarity with customer (Customer transactional behavior)

●     Evaluating the transaction against others in the same line of business

Designation of exemption form

Transactions that would otherwise require filing but are not filed on SARs and or CTRs are recorded on designation of exemption forms.

Exemptions 

The following customers qualify for CTR exemptions filing under BSA reporting:

●     Bank to Bank Transactions

●     Government agencies

●     NYSE and NASDAQ

Document retention requirements

All BSA forms and supporting documentation must be kept for a period of 5 years, after they are filed.

What customer data is disclosed on the BSA forms

On the SAR the following personally identifiable information is disclosed:

●     Customer name

●     Address

●     SSN

●     Telephone

●     Occupation

●     DOB

●     Type and amount of transaction

●     A description of the event rising to the level of suspicion *

With respect to the CTR the following information is disclosed :

●     Customer name

●     Address

●     SSN

●     Telephone

●     Occupation

●     DOB

●     Type and amount of transaction

Individuals’ Privacy Rights under BSA

Financial institutions are strictly prohibited from disclosing a filing of a SAR to customers.

SARs are confidential and only disclosed to FINcen.

In United States v. Miller, 425 U.S. 435 (1976), the court held that individuals DO NOT have a "reasonable expectation of privacy" under the Fourth Amendment in financial records pertaining to them but maintained by a bank in the normal course of business.

In California Bankers Association v. Schultz, the U.S. Supreme Court held that the Constitution did not protect the privacy of personal information in records maintained by business and government. A confidential customer-bank relationship, does not mean that one has waived all right to the privacy of the papers. The maintenance of such financial transactions provided a "virtual current biography of the individual customers. BSA upheld against a 4th amendment challenge.

Additional Individual Rights

Generally, financial institutions can not disclose the financial records of their customers under the Right to Financial Privacy Act (RFPA). Financial institutions are required to follow certain protocol before making disclosures to 3rd parties. For example, individuals must be provided with ten (10) days’ notice that their financial records have been subpoenaed and an opportunity to object to that disclosure. The BSA is a loophole or an exception to the RFPA. Other exceptions to the notice requirements are criminal and or terrorist investigations.

In United States v. Bajakajian the court held that the government may not seize money from an individual for failure to report it on a Currency and Other Monetary Instruments Report (CMIR), “as such punishment would be "grossly disproportional to the gravity of [the] offense.”

Penalties for non-compliance

Violations include :

●     Failure to file SARs

●     Disclosing a SAR filing to a customer 

Fines and penalties include:

●     Losing bank charter or financial registration with state and federal agencies

●     Civil penalties of $500 -$50,000 per violation

●     Criminal prosecution and asset forfeiture

Purpose of the BSA

Generally, banks and financial institutions can not disclose the personally identifiable information of their customers and that of business, unless an exception Applies. The BSA was initially enacted to assist governmental agencies to detect and prevent money laundering. Because the nature of source of proceeds are illegal, money laundering can have devastating impact on the legitimate economy and can foster drug trafficking, fraud and corruption. The BSA was later amended in response to the 9/11 attacks in order to combat the financing of terrorism. Individuals do have some degree of financial privacy, but when weighed against the social/economic impact of money laundering and counter-terrorism, the later prevails.