Hey, Wait A Minute

Account Overwrought

The protesters think they struck a blow for bank privacy. Boy, are they wrong.

Banking regulatory issues do not normally spark interest, let alone outrage. But more than a quarter of a million furious comments flooded the Federal Deposit Insurance Corp. to protest the “Know Your Customer” regulations proposed by banking agencies last December. The regs would have required that banks determine customers’ sources of funds, create client profiles based on transaction patterns, monitor accounts for deviations, investigate irregularities, and report unexplained activities to federal authorities.

“Tyrannical” and “Gestapo-like,” declared the nation’s editorial writers. Also fanning the public outrage were the Eagle Forum, the American Civil Liberties Union, and the Libertarian Party, which decried the invasion of privacy posed by the “KYC” regs, as they came to be known. Of all the correspondence, only about 100 positive comments were recorded, with “Go for it, and I’ll see you in the place where there is no darkness” counted as a laudatory sentiment by the FDIC.

Heeding the outcry, Congress introduced five measures by late March to kill the initiative. Also running for cover were the plan’s four sponsoring agencies–the FDIC, the Federal Reserve, the Office of Comptroller of the Currency, and the Office of Thrift Supervision–which withdrew the proposal. Today, as the bank regulators mop up the damage, two questions need to be asked: 1) What made the government think the public would stand for such gross intrusions into their privacy; and, more important, 2) doesn’t the public know that banks already have KYC powers?

By law, all U.S. banks snitch on their customers, reporting to federal regulators every currency transaction greater than $10,000. Between 10 million and 12 million such reports are filled each year. Against a backdrop of fines and sanctions, banks must also report all transactions greater than $5,000 whenever a financial institution believes that the information is “relevant to a possible violation of law or regulation.” This includes unexplained transactions that are “not the sort in which the particular customer would normally be expected to engage” or that have no “apparent lawful purpose.” About 50,000 of these reports are filed annually. The federal Financial Crimes Enforcement Network aggregates the reports and makes them available to 59 government agencies and to all U.S. attorneys. This databank of unsubstantiated allegations can be maintained indefinitely and is routinely accessed by law enforcement authorities, who often go fishing for financial data. The information, however, only flows one way: Banks are prohibited from disclosing to customers that they tattled to the government, and an act of Congress shields financial institutions from liability suits. There is no penalty for overreporting.

Law enforcement authorities describe these detailed reports as essential in their battle against drug traffickers, terrorists, Medicare crooks, and embezzlers, as well as international money launderers. The FBI reports that 98 percent of the 2,613 convictions for financial institution fraud won in 1998 were initiated or enhanced by suspicious activity reports.

Although Congress howled about KYC and damned the regulators for snooping, surely the fury was mock. Federal and state legislators have passed new bank surveillance laws with an almost biennial frequency since the Bank Secrecy Act of 1970. Legislators even boast about the new laws at election time to prove that they’re tough on crime. In late 1998, the House of Representatives prodded federal banking agencies to require more bank surveillance by overwhelmingly passing a bill that would have forced regulators to issue KYC rules for comment within 120 days

Taking the hint, the Fed composed the model KYC regulations on its own initiative last fall after two years of research. One of the Fed’s KYC innovations would have required banks to develop programs to verify the identities of new customers. It suggested that banks make visual checks of businesses and corroborate phone numbers by calling new clients under the guise of thanking them for their business.

After completing a preliminary draft of KYC, the Fed rallied the three other sponsoring agencies to follow its lead. The FDIC now says that it had serious reservations about the proposal, the very proposal that it nearly shepherded into law. The agency insists that it published the KYC in the Federal Register for comment–which is the way of all new federal regulations–to accommodate the Fed and to standardize the banking regulations.

Ordinarily, new financial regulations generate a few comments from members of the financial community, the odd professor or attorney, and the occasional think tank. But KYC touched off protests across the board. The American Bankers Association complained about “a new, vastly more expansive burden of investigating all customers to determine if anything illegal has taken place.” The California Banking Association argued KYC would deter millions of Americans from opening bank accounts. Privacy groups protested that they had not been invited to help design the new regs.

But it was the grass-roots opposition to KYC, sparked in part by the Libertarian Party, whose protest Web site steered 171,268 e-mail complaints from netizens to the FDIC, that elevated the subject to the national agenda. Acknowledging that they had lost the KYC battle but won the regulatory war, the sponsoring agencies made this joint statement when they withdrew the KYC regulations at the House’s March hearings: “Over the past 15 years banking organizations and law enforcement authorities have forged a vital partnership to fight financial crime.”

To be sure, KYC would have encroached on financial privacy just as sensitivities about the Internet and other new technologies have increased demands for privacy. Now that financial data are compiled and stored digitally, it is cheap, easy, and tempting for the government to cast a wider and wider financial dragnet to build increasingly intrusive computer profiles of citizens. Attention must be paid lest the government further encroach on the privacy of our data streams.

But the KYC flap is less about the loss of financial privacy than it is about the public’s loss of naiveté regarding the myth of financial privacy. People want to believe that checking accounts are sacrosanct, even though they haven’t been for a long time. This spring, the government bolstered the myth of financial privacy by cynically folding its KYC hand when its regulatory methods and practices were noisily scrutinized.

In fact, while KYC was dying a very public death it was thriving in the shadows. Thanks to current banking regulations, more than 85 percent of U.S. banks currently maintain KYC programs. The Fed’s Bank Secrecy Act Examination Manual all but requires the adoption of “Know Your Customer” programs. Banks not heeding this “imperative” are subject to cease and desist orders and to financial penalties of thousands or millions of dollars.