The United States Government controls a sprawling financial surveillance system that attracts little notice or mention outside of industry and policy circles. The roots of this surveillance infrastructure were seeded in the Bank Secrecy Act of 1970, which initially intended to clamp down on money laundering but has since expanded to encompass matters such as terrorist finance, tax evasion, and child exploitation. These shoots survived early constitutional challenge at the Supreme Court and were reinforced by later legislation such as the PATRIOT Act as well as administrative regulations.
Financial surveillance operates by compelling third-party service providers to compile dossiers on certain transactions and individuals to share with the government or other institutions either immediately or upon request. In America, this system is mostly coordinated by the Financial Crimes Enforcement Network (FinCEN) of the US Treasury Department, but other federal and state agencies have supporting roles. Other nations followed America’s lead, and the international system of financial surveillance is coordinated by a global multi-stakeholder organization called the Financial Action Task Force (FATF).
Policymakers are eager to update this infrastructure to keep up with developments in financial technology and citizen behavior. In some cases, this means simply lowering the thresholds that must be reached for reporting obligations to kick in. A more fundamental challenge is presented in the case of cryptocurrency technologies that do not require a third-party service provider for transfers to occur. Without a third party, there is no actor to comply with regulations. Policymakers therefore struggle to craft new categories or rules that could contain this growing class of financial technology that is resistant to such surveillance.
Being so systematically pervasive, American financial surveillance touches upon many facets of business, policy, and law enforcement. It can sometimes spill into public view, as was the case when a proposed expansion of reporting requirements on brokers for tax purposes threatened to blow up the Biden administration’s infrastructure bill. Another proposal from the Biden administration to expand tracking of all transactions relating to financial accounts containing at least $600 has likewise attracted controversy. These recent proposals must be viewed in the context of the history and operation of financial surveillance programs, as well as the stresses that are testing the limits of this aging infrastructure.
This fortified essay proposes these forecast questions to better structure this exploration of the future state of US Financial Surveillance:
The history of financial surveillance
The Currency and Foreign Transactions Reporting Act, commonly known as the Bank Secrecy Act, was passed into law in 1970 and became effective on July 1, 1972. The law’s stated purpose was to “require the maintenance of appropriate types of records…where such records have a high degree of usefulness in criminal, tax, or regulatory proceedings.” It responded to a perceived need for law enforcement to access financial data in the course of criminal investigations. Agents reported challenges stemming from 1) criminals using foreign financial institutions to hide ill-gotten or incriminating proceeds and 2) recent trends whereby financial institutions stopped regularly photocopying checks and other documents, drying up possible sources of evidence.
The BSA contained two major provisions. Title I of the Act authorized the Treasury Department to make rules compelling financial institutions to keep records of certain activities for several years. This was intended to get around the problem where investigators would attempt to collect financial evidence for which there was simply no physical record. Title II of the Act authorized the Treasury Department to create rules for financial institutions as well as other businesses and individuals to keep records or actively report certain domestic currency transactions, flows of monetary instruments, and foreign transactions involving US citizens or businesses.
The legislative record shows a large consensus behind the need for new surveillance powers for financial flows, opposed only by banking and civil rights groups who respectively feared the costs of record-keeping and privacy issues. These groups quickly sued to overturn the Act.
Cases were consolidated and reached the Supreme Court in the form of California Bankers Association v. Schultz in 1974 and United States v. Miller in 1976. The Court disagreed with petitioners’ challenges on First and Fourth Amendment grounds largely for procedural reasons and upheld the Act as legal. Specifically, the Court noted that the hypothetical government record-keeping had not yet occurred, so challenge was premature. Furthermore, the third-party doctrine, which limits Fourth Amendment rights to privacy based on the information that people voluntarily share with businesses, was found to apply to financial transactions. This position was criticized by legal commentators and privacy activists.
Originally, regulated entities mostly had to concern themselves with keeping customer records on hand and actively filing currency transaction reports (CTRs) with the authorities. Domestic transactions made by customers of regulated financial institutions needed to be recorded when checks were drawn over $100 or credit was extended exceeding $5,000 and the entity was to maintain identifying information on those customers and those with signing authority. Additionally, financial institutions were to file CTRs with the government whenever a customer moved money in excess of $10,000.
Note the distinction between merely keeping records on hand and actively providing information to the government with a CTR. Although passive record maintenance could create compliance costs and data exfiltration risks for companies, there is less of a direct privacy concern compared to CTR reports which actively flag and share information with government bodies. Legally, BSA-compelled financial records are subject to warrant approval by a judge. CTR reports are automatically shared without any kind of judicial oversight or approval.
Both passive monitoring and active reporting are legally unusual obligations for private businesses. Few other laws deputize private actors to proactively engage in fact gathering for law enforcement. What’s more, regulated entities are expected to cooperate with each other to build this web of data. For example, the “travel rule” established in 1996 requires that banks collect information on the parties of international funds transfers over $3,000 and send this data to the receiving institution to store for five years. Other surveillance or warrant operations merely specify how private actors should share information already collected in the course of normal business. Financial surveillance creates proactive information gathering obligations with which private actors must comply or face reprisal.
Financial surveillance has grown considerably since the 1970s. New legislation and administrative actions expanded financial reporting infrastructure to encompass new industries, for instance casinos and securities brokers, new concerns, such as terrorism and drug trafficking, and new government bodies. FinCEN was created in 1990 to corral “intelligence analysis and resources” to coordinate financial investigations, as well as issue new regulations to do the same. It is unclear if the resulting regulations are constitutional as currently situated.
How financial surveillance works
There are many reporting and record-keeping requirements that regulated entities are subject to pursuant to the BSA and related legislation and rulemaking, in addition to the CTR already mentioned. They are often referred to as “anti-money laundering/know your customer” (AML/KYC) regulations. State governments likewise have their own AML/KYC rules that can be more or less onerous and include fees and licensing, reporting, and record maintenance duties.
In general, the system of financial surveillance relies on third parties—usually banks and financial service providers, but also bank-like or bank-adjacent entities such as brokers, dealers, and gaming businesses—collecting certain information to either keep records on hand that could be subject to warrants or actively report transactions and identifying information to the authorities if certain conditions are met.
For example, in 1992, FinCEN began requiring what is called a “suspicious activity report” or SAR whenever a transaction or series of structured transactions over $5,000 (for banks) or $2,000 (otherwise) when that activity is suspected of: 1) involving funds derived from or attempting to cover up illegal activities, 2) attempting to evade BSA provisions, or 3) having no “business or apparent lawful purpose” that customer would be expected to engage. SARs constitute a considerable portion of financial surveillance. In 1996, 150,000 SARs were filed. By 2017, that number had ballooned to 3 million.
FinCEN requires other reporting and registration as well. Money services businesses, or MSBs, must register with FinCEN and comply with according regulations. MSBs are non-bank financial service businesses that engage in services relating to money orders, traveler’s checks, transmission, check cashing, currency exchange, currency dealing, and prepaid payment instruments. A United States person that has a financial interest of signature authority over foreign financial accounts with an aggregate value of more than $10,000 a year must file a Foreign Bank and Financial Account (FBAR) report. Businesses that receive more than $10,000 in cash in a single or batch of transactions, for instance car dealerships, must file a Form 8300 with FinCEN and the Internal Revenue Service (IRS). Entities that physically transport currency and monetary instruments in excess of $10,000 to or from the US, such as armored car services, must file a Report of International Transportation of Currency or Monetary Instruments (CMIR) with FinCEN.
There are exceptions to these requirements as well as other obligations under FinCEN and the IRS. But these examples should provide a look at the general contours of US financial surveillance under the Treasury Department. The genesis of the Bank Secrecy Act to require third parties to maintain records and issue reports on financial transactions has grown into a system where certain financial activities and actors are monitored and reported by default according to Treasury guidelines. An entire industry on compliance and best practices has blossomed around AML/KYC regulations and reporting. One study from the Government Accountability Office (GAO) estimates that compliance costs can exceed $21 million in a single year for one large bank. LexisNexis estimates some $35 billion each year in compliance costs in the US.
How effective is financial surveillance?
According to government reports, much of the data that is gathered is not utilized. The GAO study concluded that the Treasury Department could find better ways to “promote the greater use of BSA reports by law enforcement agencies.” This is because “relatively few local law enforcement agencies requested [BSA database] searches.”
And what of the federal and state agencies that do make use of available data? The GAO survey, perhaps unsurprisingly, reports that these agencies say that data is critical for their work. But surprisingly few studies examine the efficacy of global AML/KYC regulations with respect to what portion of global financial crime goes punished, weighed against the costs.
One study in the Journal of Policy Design and Practice estimates that AML/KYC regulations has “less than a 0.1 percent impact on criminal finances” and “compliance costs exceed recovered funds more than a hundred times over.” An older figure from the United Nations estimated that 99.8 percent of money laundering evades the global web that was created to capture it.
Another analysis uses the 2012 HSBC enforcement actions as a case study to determine strengths and weaknesses in the AML/KYC paradigm. It found that US regulations are both “very comprehensive and severely enforced,” meaning there is no major problem with implementation as such. Rather, there is a problem of over-compliance. Institutions fear reprisals from improper AML/KYC enforcement. There is therefore a tendency to inflate SAR enforcement which ends up unnecessarily excluding marginal populations.
More anecdotally, a breach of FinCEN reporting data suggests this overcompliance may not even be an effective deterrent or corrective. The so-called “FinCEN Files” of thousands of leaked SARs obtained by the International Consortium of Investigative Journalists shows many dodgy transactions are allowed to go through without investigation or reprisal by officials. The reporting on the FinCEN Files mostly criticized banks for “allowing the transactions to go through.”
But banks are not legal enforcers, the government is. Banks were very compliant, if not over compliant, with AML/KYC regulations. They filed the SARs as required. Journalists did not dig into why the government did not pursue these leads. But the problem was with enforcement rather than surveillance.
For whatever reason, authorities do not seem to be making good use of financial data they obtain. Meanwhile, significant costs are imposed in terms of compliance and financial exclusion, to say nothing of the fundamental violation of privacy that has become commonplace with little notice or note.
Contemporary financial surveillance challenges
Financial surveillance has not been significantly pared back throughout its history. The trend in financial surveillance is to create new categories or obligations for enhanced surveillance in response to perceived loopholes or new threats. Inaction is its own kind of expansion, as the dollar thresholds at which certain obligations are triggered have not increased in half a century despite considerable inflation meanwhile. Regulators propose lowering thresholds further, for instance with FinCEN’s attempt to lower the “travel rule” trigger to $250.
Cryptocurrency poses perhaps the greatest exogenous challenge to the current financial surveillance regime. Bitcoin, for instance, is a peer-to-peer digital cash system, analogous to in person dollar transactions. Because there is no third party managing a peer-to-peer transaction, there is no entity on which to impose reporting and surveillance requirements.
Note however that many cryptocurrency transactions are facilitated by third party service providers. Many cryptocurrency users may feel uncomfortable providing their own security, or simply like the convenience of a third-party service provider. FinCEN noted relatively quickly in 2013 that existing AML/KYC obligations would apply to third party service providers in the cryptocurrency space just as they would if those businesses were managing traditional transactions. It explicitly exempted peer-to-peer transactions and other non-custodial activities such as software development and mining from surveillance requirements.
Still, if peer-to-peer cryptocurrency transactions were to constitute bigger portions of general commerce, this would create a large blind spot in the existing financial surveillance infrastructure. It would be as if much of the economy converted to pure cash transactions, except with the aid of computer networking. It is possible to analyze the blockchain ledger of all cryptocurrency transactions to divine possible criminal acts, and law enforcement does regularly engage in blockchain analytics to some success. But this is a cat and mouse game between law enforcement surveillance and technological innovations to provide even more privacy.
The Department of Justice, for example, has examined privacy-preserving cryptocurrencies such as Zcash and Monero from a largely critical perspective. It concludes that the use of privacy-preserving cryptocurrencies is a “high-risk activity indicative of possible criminal conduct.”
The IRS, likewise, has taken a cool approach towards cryptocurrency. Despite inconsistent and vague guidelines on the proper tax treatment for cryptocurrency, the agency has made cryptocurrency tax evasion a key priority with its “Operation Hidden Treasure.” In addition to rooting out people who have underreported taxable cryptocurrency income and assets, the cryptocurrency crackdown seeks to identify people violating anti-money laundering and tax evasion efforts by “structuring” transactions below reporting thresholds.
It is against this backdrop that the rather arcane policy world concerned with the intersection of financial surveillance, cryptocurrency, and taxation burst into public view with the surprising legislative drama surrounding the Biden Administration’s high-dollar infrastructure bill and “Build Back Better” budget reconciliation bill, two key legislative priorities. In each case, measures intended to help “pay for the bill” by scrounging up underpaid tax revenues would have significantly expanded financial surveillance.
First, the $1.2 trillion Infrastructure Investment and Jobs Act would create a new provision stating that digital asset “brokers” would need to issue IRS forms to certain users to obtain underpaid taxes. But the definition of broker would have included “any person who…is responsible for regularly providing any service effectuating transfers of digital assets on behalf of another person.” This language would include not only third-party service providers analogous to BSA-regulated entities, but also passive network developers, miners, and node operators who have no access to the required data to issue the tax forms to begin with.
Surprisingly, the nascent cryptocurrency policy community quickly and effectively pushed back against the provisions. A series of dueling amendments that would have expanded and pared back which groups should qualify as “brokers” resulted in a rather arcane legislative discussion over the distinctions between proof of work and proof of stake consensus mechanisms. Reports emanated that high-ranking operatives such as Treasury Secretary Janet Yellen were lobbying aggressively in favor of the expansive broker language. Despite several days of textual back-and-forth, the parties did not reach a compromise and it was sent back to the House where it was unexpectedly passed over the unrelated objections of the progressive caucus when a small number of breakaway Republicans joined the rest of the Democrat party. The tax broker provisions of the bill are slated to take effect on January 1, 2024, which affords cryptocurrency advocates with a window to push legislative fixes or administrative appeal before that time.
Soon after, Congress turned to the second legislative priority of the Biden administration, the $3.5 trillion “Build Back Better” budget plan. Again, this bill proposed to raise revenues by tinkering with financial surveillance requirements in order to spot unpaid taxes. In this case, financial custodians would be obligated to turn over financial data on accounts with total annual deposits or withdrawals worth more than $600, purportedly to root out billionaires who are underpaying taxes. While Treasury Secretary Janet Yellen tried to calm nerves by claiming the Treasury Department would not have access to individual transactions but rather would only be able to determine whether there was a discrepancy between account information and individual tax reporting, critics pointed out that millions of Americans would be caught in this net intended to root out billionaire tax cheats. Responding to this pressure, the threshold was raised to annual withdrawals and deposits worth more than $10,000.
It is unusual that cryptocurrency and financial surveillance concerns were the sticking points holding up negotiations for both bills. Many increased financial surveillance rules have been proposed by regulatory agencies in recent years that have attracted little notice outside of specialized policy circles.
Because these events have made Americans more aware of financial surveillance, perhaps proposed administrative actions will receive more attention in the future. The growing cryptocurrency lobbying industry has proven itself capable to publicize their issues and engage with policymakers. At the same time, policymakers, particularly on the Left, have homed in on cryptocurrency as a key obstacle for their priorities, whether because it limits tax revenues, allows unauthorized capital formation, or simply undermines financial surveillance as such.