Money laundering and terrorist financing are serious problems, but there are several troubling aspects in the new rules proposed by the Financial Crimes Enforcement Network (FinCEN). FinCEN, a bureau of the Department of Treasury, proposed that the government should be told your name, address, bank account number, taxpayer ID, and other sensitive financial information if you electronically transfer any amount of money out of or into the country. Depending upon the type of transfer, these reports could also include passport numbers or alien ID numbers, the amount and currency of the funds transferred, and the name and address of the recipient.
If you are a bargain hunter or eBay shopping guru and you can find a great deal in another country, does the government really need to know that about you? Under proposed new rules, the government will know about it if you pay via PayPal. They will also know everyone who makes an online donation to the International Red Cross or who sends a Western Union transfer to family members living in another country. What if you donate to WikiLeaks? The proposed rules seem to be too invasive, prying into sensitive financial dealings of American citizens. Perhaps even more troubling is that FinCEN's proposal [PDF] doesn't cover how the agency could securely maintain millions upon millions of people's sensitive information.
The EFF sums up FinCEN proposed rules as, "The government wants reports on all electronic bank-to-bank transfers, regardless of whether the transfer is $1 or $1,000,000. For money transmitters, reports would be filed for transfers at or above $1,000. FinCEN estimates it will receive 750 million reports every year, and the agency wants to keep the data for ten years. Once the reports are filed with FinCEN, other federal law enforcement agencies - the FBI, IRS, ICE, and the DEA - would all have access to the data."
The EFF opposes FinCEN's proposal for three reasons:
1. The new reports are unlikely to be effective in preventing terrorism financing - the primary impetus behind the regulations in the first place.
2. While the agency sought the advice of financial institutions, other law enforcement agencies, and even foreign governments when developing the rule, FinCEN never solicited the opinions of privacy advocates during the drafting process.
3. The agency has not provided any evidence that the technological systems are in place to safely receive, transmit, and store the vast quantities of highly-sensitive information the rules would require.
Right now, for any transfer of $3,000 or more, current regulations such as the Funds Transfer Rule and Travel Rule require banks and nonbank financial institutions to collect and to make available to federal law enforcement: the name, address and account number of both the sender and the recipient, the transfer amount and any accompanying instructions. The Bank Secrecy Act requires financial institutions to report cash transactions exceeding $10,000 and to file suspicious activity reports (SARs) with FinCEN.
This is why it is important to understand current regulations: The Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA) was passed in response to the 9/11 findings of breakdowns in intelligence gathering and sharing. $400,000 - $500,000 was used to finance the 9/11 attacks. According to the EFF comments [PDF] opposing the Cross-Border Transmittal of Funds proposal, the attackers obtained their funds in many ways, such as cash deposits or travelers checks and by accessing foreign bank accounts through ATM and credit card transactions. FinCEN's proposed new rules would still not detect those types of funds transfers. There is no evidence that FinCEN's proposed regulations would have any effect on future terrorist financing methods.
In regard to the funding of the 9/11 attacks, some of the money transfers should have triggered scrutiny under the Bank Secrecy Act reporting requirements. Yet transfers of $10,000, $20,000 and $70,000 did not send up red flags. The EFF wrote, "If this evidence suggests any conclusions, it is that either, first, current reporting requirements were sufficient, but insufficiently implemented by financial institutions; or, second, that law enforcement was not adequately equipped to assess the data already available. This evidence does not necessarily suggest, however, that law enforcement could benefit from obtaining information on all CBETFs. To the contrary, it might suggest that receiving 750 million new CBETF reports annually would only further compound law enforcement's struggle to adequately utilize and analyze the data already available by statute."
You can choose to comment on FinCEN proposed rule, but only until Dec 29th. The EFF urges people to join them in opposing these "intrusive new regulations."