by Douglas Ankney

The U.S. House of Representatives’ Committee on the Judiciary (“Committee “) released a report on March 6, 2024, entitled “Financial Surveillance in the United States: How Federal Law Enforcement Commandeered Financial Institutions to Spy on Americans” (“Report”) that described in detail federal law enforcement agencies’ surveillance partnership with America’s largest financial firms to spy on Americans engaged in lawful conduct and without judicial oversight. This brief review of the Report examines the legislative history that gave rise to such egregious violations of the rights of Americans; the expansion of the partnership between the private financial industry and law enforcement for surveillance purposes; and the current abuses of the surveillance apparatus.

Legislative History

According to the Report, in United States v. Miller, 425 U.S. 435 (1976), the U.S. Supreme Court held that “customers of financial institutions have no reasonable expectation of privacy in documents voluntarily conveyed to a third party. In effect, that decision meant that law enforcement did not have to obtain a warrant in order to retrieve bank records held by financial institutions.” Congress responded by passing the Right to Financial Privacy Act of 1978 (“RFPA”), 12 U.S.C. §§ 3401 to 3423. 

Generally speaking, the RFPA protects customer information by limiting access to the “financial records of any customer from a financial institution unless the financial records are reasonably described” and the “government authority” receives customer consent, or the records are disclosed with certain notice requirements “pursuant to an administrative subpoena, search warrant, judicial subpoena, or formal written request.” Id. at § 3402. But there are 18 exceptions under the RFPA where financial records may be disclosed to the FBI and the Financial Crimes Enforcement Network (“FinCEN”), along with other government authorities, “without utilizing any legal process.” These exceptions include:

A financial institution’s “voluntary disclosure” to “any government authority” any information “which may be relevant to a possible violation of any statute or regulation,” and the customer “has no redress available against the institution for such a disclosure or for its failure to provide the customer with notice”;

Law enforcement may seek “the name, address, account number, and type of account of any customer or ascertainable group of customers associated with a financial transaction or class of financial transactions” when the disclosure is “pursuant to a legitimate law enforcement inquiry”; and

Records “sought for foreign intelligence purposes to protect against international terrorism or clandestine intelligence activities.”

Then in 2001, section 314(a) of the Patriot Act was enacted to require the Secretary of the Treasury to “adopt regulations to encourage regulatory and law enforcement authorities to share with financial institutions information regarding individuals, entities, and organizations engaged in or reasonably suspected, based on credible evidence, of engaging in terrorist acts or money laundering activities.” According to the Report, section 314(a) authorized “federal, state, local, and foreign (European Union) law enforcement agencies, through FinCEN, to reach out to more than 37,000 points of contact at more than 16,000 financial institutions to locate accounts and transactions of persons that may be involved in terrorism or money laundering.” This permits federal law enforcement “to direct more than 16,000 financial institutions to conduct a search of their financial records if law enforcement ‘reasonably suspects, based on credible evidence,’ that the suspected individual or entity is engaging in terrorist activity or money laundering. If the financial institution identifies a positive match, it reports to FinCEN the name, account and transaction, as well as the social security number, taxpayer identification, passport number or any other identifying information related to the individual. This is done without any judicial oversight.”

Additionally, the Bank Secrecy Act (“BSA”) “authorizes the Department of the Treasury to impose certain far-reaching reporting obligations on businesses and financial institutions.” These include:

Financial institutions’ obligation to file a Currency Transaction Report (“CTR”) with FinCEN containing the personal information of any individual involved in a transaction of more than $10,000 regardless of whether anything about the transaction is “suspicious” or related to criminal activity;

The requirement that financial institutions file a suspicious activity report (“SAR”) whenever the institution identifies a “suspicious transaction relevant to a possible violation of law or regulation”; and

Prohibiting financial institutions from revealing to the customer or any third party that the financial transaction was reported to FinCEN in the SAR.

The BSA grants broad immunity to “any financial institution that makes a voluntary disclosure of any possible violation of law or regulation to a government agency” but at the same time the BSA provides for large monetary penalties if the financial institution fails to file the SAR. This tilts the balance in favor of filing the SAR as a precautionary measure even when the financial institution has little reason to suspect illegal activity.

Expansion of Financial Industry’s Surveillance Partnership with Federal Law Enforcement

Due to the BSA’s reporting requirements, in 2019, FinCEN received over “20 million filings from more than 97,000 financial institutions.” FinCEN described those filings as “provid[ing] a wealth of potentially useful information to [government] agencies….” And in 2022, FinCEN acknowledged it had received over 4.3 million SARs—almost double the number received in 2019. The most commonly reported reason for the SARs was “Other Suspicious Activity,” while one of the least frequently reported reasons was “terrorist financing.” This is rather curious since the purported reason for enactment of the BSA and the Patriot Act was to combat terrorism and money laundering.

Also in 2022, FinCEN reported that it had received more than 20.6 million CTRs. That is an average of almost 56,500 CTRs each day. And that equates to a staggering amount of personal information reported to FinCEN of people who simply engaged in a transaction of more than $10,000. 

As a result, these institutions are sharing a tremendous amount of personal financial information with FinCEN. The information is then uploaded to a searchable BSA database by FinCEN where it is shared with other law enforcement agencies. In 2020, FinCEN reported that U.S. Department of Justice agencies conducted over half a million searches of just the SARs alone. Shockingly, neither the customers nor members of Congress are permitted to examine the SARs or the manner in which law enforcement used them.

Additionally, in 2005, the FBI’s Office of Private Sector and the Department of Homeland Security’s (“DHS”) Office of Intelligence Analysis created the Domestic Security Alliance Council (“DSAC”) to promote “timely and effective exchange of security and intelligence information between the federal government and the private sector.” The DSAC is a “corporate membership program.” These member corporations collectively comprise “two-thirds of the U.S. Gross Domestic Product” and “35 million employees.” Indeed, to qualify as a “corporate member” or “member company,” the entity must be “for profit” and must “generate a minimum of $1 billion in annual revenue.”

The DSAC’s mission includes facilitating “enduring relationships among its private sector member companies, across the FBI enterprise, with the [DHS] Headquarters … to detect, prevent, and deter criminal acts.” The number of member companies has grown to more than 650. Included among these member companies are the largest financial institutions in America: Barclays, U.S. Bank, Charles Schwab, HSBC, Bank of America, Paypal, Keybank, Standard Chartered, Western Union, Wells Fargo, Citibank, JP Morgan Chase, and MUFG.

Federal law enforcement officials and the member companies share information via an obscure government-run portal operated by the DSAC. The portal is accessible only by DSAC members. Through the DSAC portal (and other avenues), “the FBI, DHS, and other government agencies share non-public intelligence products, including Liaison Information Reports (“LIR”), with members of the private sector.”

The LIRs are security rated with a Traffic Light Protocol (“TLP”) based on the colors of Red, Amber, Green, and White. Red means the “information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused.”

Amber means the information “requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved.”

Green means the information “is useful for the awareness of all participating organizations as well as with peers within the broader community or sector.”

White means the information “carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.”

Current Abuses

An LIR titled “Domestic Violent Extremists Likely Emboldened in Aftermath of Capitol Breach” was prepared by the FBI, DHS, and the National Counterterrorism Center. The LIR was shared with DSAC members on January 18, 2021, to “alert private sector partners that the 6 January 2021 violent breach by suspected domestic violent extremists (“DVEs”) into the U.S. Capitol Building may serve as a driver for a diverse set of DVEs.” The LIR provided a list of reasons “that may mobilize DVEs to violence” that included:

“the belief in the existence of global or ‘deep state’ actors who work to manipulate various social, political, and/or economic conditions”;

people opposed to “firearm legislation,” “easing of immigration restrictions,” and “new limits on the use of public lands”;

belief that “the 2020 General Election was illegitimate”; and

“discontent with renewed measures to mitigate the spread of COVID-19, the ordered dissemination of COVID-19 vaccinations, and the efficacy and/or safety of COVID-19 vaccinations.” The LIR identified people with the above characteristics as DVEs “likely to pose an increasing threat at lawful protests, rallies, and demonstrations.”

A congressional Committee expressed outrage at the LIR, stating:

“In other words, according to the FBI, an American citizen’s opposition to firearm regulations, open borders, or COVID-19 lockdowns and vaccine mandates—all of which are viewpoints protected by the First Amendment to the Constitution—‘feed into’ an ‘existing narrative many DVEs subscribe to regarding the U.S. government’s exercise of power.’”

“Put another way, expressing a belief in the existence of the ‘deep state,’ support for typical conservative policies with respect to firearms or immigration, or doubt about the conventional narrative, may result in an individual being labeled by the FBI as a ‘DVE Actor’ and ‘likely to pose an increasing threat at lawful protests, rallies, and demonstrations.’ It is disturbing that the most powerful law enforcement agency in the country would consider views widely held by millions of Americans as the signs of domestic violent extremism. Worse yet, the federal government endorsed this determination with its partners by sharing the report with the largest and most powerful for-profit corporations in the world to alert them about potential ‘threats’ from the people it describes.” 

Under the guise of exercising its powers to investigate terrorism, on January 15, 2021, the FBI emailed Bank of America with a request for all financial records of persons using a debit card or credit card in the Washington, D.C. area between January 5, 2021, and January 7, 2021, purchasing: “hotel/airbnb RSVPs,” “any historical purchase [going back six months generally] for weapons related-vendor purchases,” “purchases made for returns to Washington, D.C.,” and “airline travel” to Washington, D.C. for Inauguration Day. The email was not sent pursuant to any legal process, search warrant, individualized criminal nexus, etc. Bank of America complied with the search parameters. Apparently, the records of everyone who used a debit or credit card to rent a room in Washington, D.C. between January 5 and January 7, 2021, were provided to the FBI. And if any of those same people had used their debit or credit card to purchase a firearm, ammunition, etc. within the previous six months or if they purchased an airline ticket to return to Washington, D.C. for the Presidential Inauguration, that information was supplied as well. The accounts of these people were flagged for further investigation by the FBI.

Also on January 15, 2021, FinCEN circulated instructions to financial institutions explaining how to search their respective databases and flag particular transactions using Merchant Category Codes (“MCCs”). Purportedly, these searches of the MCCs were to identify transactions that may be an indication “of involvement in riots or potential violence.” FinCEN provided a list of more than 30 terms for querying the MCCs, that included: MAGA, Patriot, America First, Antifa, Trump, Biden, Kamala, Pelosi, Pence, Schumer, Storm the Capitol, and White Power.

One bank’s submissions included a message that the bank had searched “Zelle payment messages” and “Storm the Capitol,” “white power,” and “Antifa” had yielded the best results. FinCEN also directed the financial institutions to flag records that suggested “potential Lone Actor/Homegrown Violent Extremism.” The criteria for these “threats” included such innocuous activities as “frequent ATM withdrawals and wire transfers with no apparent economic or business purpose,” “transportation charges, such as bus tickets, rental cars, or plane tickets, for travel to areas with no apparent purpose,” “purchases that appear excessive or unusual for hobbyist or other legitimate use,” “the purchase of books (including religious texts) and subscriptions to other media containing extremist views,” and “donations to organizations known to promote radicalism.”

As for “organizations known to promote radicalism,” FinCEN included links to websites such as the Anti-Defamation League (“ADL”); Southern Poverty Law Center (“SPLC”); and the Institute for Strategic Dialogue (“ISD”) that list a vast array of organizations that they unilaterally determine promote radicalism. According to the Report, the ADL, SPLC, and ISD are liberal groups that unfairly target conservative organizations, labeling those conservative organizations with disparaging terms such as “hate groups.” For example, the ADL categorizes the “Christian Celtic Cross,” the “okay gesture” made with the hand, “Pepe the Frog,” “Anti-Antifa Images,” and “White Lives Matter” as “symbols of hate.” The SPLC identifies Radical Traditionalist Catholics as a hate group.

And the ISD has a list of around 75 organizations identified as “Hate Groups” that includes: the Center for Immigration Studies, Numbers USA, American Family Association, Center for Family and Human Rights, Family Research Council, David Horowitz Freedom Center, and the Nation of Islam. Apparently, if a person has given money to any of those organizations or has displayed any of those symbols, his or her financial records have been handed over to FinCEN as a possible homegrown terrorist. There is an unmistakable viewpoint bias in the entire financial surveillance apparatus.

But perhaps most disturbing, the Report revealed that financial institutions sometimes take the initiative to supply records to law enforcement agencies without any request from those agencies and when not required by law. According to testimony from retired FBI Supervisory Intelligence Analyst George Hill, Bank of America not only provided a list of credit/debit card users in Washington, D.C. who had purchased a firearm, ammunition, or related products within the previous six months, but Bank of America also included records of card users who had ever purchased a firearm at any time. Steven Jensen, then-Section Chief of the FBI’s Domestic Terrorism Operations Section acted to remove that information from the FBI systems because the “leads lacked allegations of criminal conduct.”   

Source: U.S. House of Representatives - Committee on the Judiciary and the Select Subcommittee on the Weaponization of the Federal Government, “Financial Surveillance in the United States: How Federal Law Enforcement Commandeered Financial Institutions to Spy on Americans” (March 6, 2024)

Subscribe today

Already a subscriber? Login