Contributors: Norbert Michel and David Burton
In general, individuals should have control over who has access to information about their personal and financial lives. Individuals should be free to lead their lives unmolested and unsurveilled by government unless there is a reasonable suspicion that they have committed a crime or conspired to commit a crime. Any information-sharing regime must include serious safeguards to protect the privacy of individuals and businesses. Financial privacy is especially vital because it can be the difference between survival and systematic suppression of an opposition group in a country with an authoritarian government. Many businesses, dissidents, and human rights groups maintain accounts outside the countries where they are active for precisely this reason.
Financial privacy can allow people to protect their life savings when a government tries to confiscate its citizens’ wealth, whether for political, ethnic, religious, or “merely” economic reasons. Businesses need to protect their private financial information, intellectual property, and trade secrets from competitors in order to remain profitable. Financial privacy is of deep and abiding importance to freedom, and many governments have shown themselves willing to routinely abuse private financial information.
Many government agencies, in both the U.S. and other countries, are currently involved in collecting and disseminating private individuals’ information for the purpose of conducting their national security, law enforcement, and tax administration functions. The unique requirements for fulfilling each of these purposes dictate certain policy choices for designing an optimal financial-privacy regime. The current U.S. framework is overly complex and burdensome, and its ad hoc nature has likely impeded efforts to combat terrorism, enforce laws, and collect taxes. Efforts to improve the existing framework must focus on protecting individuals’ privacy rights while improving law enforcement’s ability to apprehend and prosecute criminals and terrorists.
Reform efforts also need to focus on costs versus benefits. The current framework, particularly the anti-money laundering (AML) rules, is clearly not cost-effective. As demonstrated below, the AML regime costs an estimated $4.8 billion to $8 billion annually. Yet, this AML system results in fewer than 700 convictions annually, a proportion of which are simply additional counts against persons charged with other predicate crimes. Thus, each conviction costs approximately $7 million, potentially much more. This Backgrounder recommends several major reforms for fixing the U.S. financial privacy framework, such as eliminating burdensome reporting requirements, raising certain reporting thresholds, exempting crowdfunding from AML rules, and instituting federal pre-emption of state regulation of money-transmission businesses. In addition, the Senate should not ratify the Protocol Amending the Multilateral Convention on Mutual Administrative Assistance in Tax Matters.
The Current System: Complex, Costly, Overlapping, and DuplicativeThe list of national and international agencies, and national laws and international agreements, governing financial information exchange and reporting has grown preposterously long. For instance, there are more than 100 foreign financial intelligence units (FIUs) around the world, a role filled in the United States by the Treasury Department’s Financial Crimes Enforcement Network (FinCEN). FIUs typically exchange financial information with their international counterparts based on national legislation and regulations. Private entities are required to collect and report voluminous information under the Bank Secrecy Act reporting provisions designed to enforce the AML laws and the know-your-customer (KYC) requirements.
Over 90 countries participate in either the original or amended Multilateral Convention on Mutual Administrative Assistance in Tax Matters. The U.S. has bilateral income tax treaties, protocols, and tax-information-exchange agreements with approximately 70 countries. In addition, private entities must provide a wide variety of information to the Internal Revenue Service (IRS) with respect to both domestic and foreign operations. In fiscal year (FY) 2015, more than 2.6 billion information returns were filed with the IRS. Both U.S. and foreign financial institutions must report on the financial activities of their U.S. customers under both the Foreign Account Tax Compliance Act (FATCA) and the qualified intermediary rules.
In addition, the terrorism-related Information Sharing Environment, a center within the Office of the Director of National Intelligence, involves approximately 18,000 federal, state, local, and tribal government agencies. The Federal Bureau of Investigation Criminal Justice Information Services Division operates a National Data Exchange and other programs. Interpol maintains various information-sharing databases that are made available to its 190 members.
The current system’s mind-numbing complexity and ad hoc nature impedes the effectiveness of governments’ efforts to combat terrorism, enforce the laws, and collect taxes, and it imposes substantial costs on the private sector. For instance, the current framework requires financial firms to file millions of reports each year even though records show that there are only approximately 2,000 AML investigations per year. Similarly, the wide discretion given to FinCEN to change reporting thresholds and requirements predisposes financial institutions to err on the side of filing too many reports rather than risk legal liability. The current approach, essentially focused on collecting as much information as possible, has led to the creation of multiple, expensive, and overlapping national and international bureaucracies. There is little doubt that the current system pays inadequate attention to the core values that underpin all free societies or to the cost-effectiveness of ever-increasing demands for more information reporting.
Re-Evaluating Uncritical Information ExchangeThe first business of government is to protect the life, liberty, and property of its citizens. Accordingly, international information sharing directed at preventing terrorism, crime, and fraud is an important and appropriate function of government. However, all governments cannot be trusted to share the goals of protecting life, liberty, and property and upholding the rule of law, so U.S. policymakers must be careful about deciding with whom to share information. Corruption and ideology make information sharing with some governments highly problematic. Shared information can be used to oppress political opponents, to support terrorism, to identify kidnapping targets, to facilitate financial fraud, to enable identity theft, to further industrial espionage, or for other nefarious purposes. The ongoing abuse of Interpol Red Notices for political purposes by authoritarian governments provides a stark lesson in the dangers of the uncritical reliance on institutions created to promote information sharing.
Information sharing for law enforcement purposes should be limited to actions that a liberal democratic state would regard as criminal. Terrorism, violent crime, and fraud would clearly meet this test, while speaking out against one’s government, peaceful political or labor organizing, gambling, homosexual behavior, and tax evasion would not. No liberal democratic government should share, or be required to share, information for the purposes of enforcing laws that criminalize behavior that is not illegal under the laws of the government from which the information is being requested. This is sometimes known as the principle of dual criminality, and it should be adhered to in any information-sharing arrangement.
It is also true that many governments exploit (or are complicit in exploiting) information-sharing arrangements for inappropriate commercial purposes, such as industrial espionage or to further government confiscation or extortion. Therefore, any information-exchange regime must limit this risk and protect the commercial interests of participating countries. Any information-sharing regime needs to include serious safeguards to protect the privacy of both individuals and businesses. Currently, these safeguards are lax at best, and the U.S. should take the lead internationally to strengthen protections rather than succumb to international bureaucracies’ efforts to weaken privacy rights. A separate type of information sharing deals with cross-country agreements to share tax information.
Tax Information SharingOne reason that tax-sharing agreements pose a unique set of challenges is that tax evasion is not a crime in many liberal democratic states. Instead, tax evasion is often treated as a civil violation. Naturally, the public benefit of preventing terrorist attacks or violent crime is greater than the benefit of preventing a civil violation, such as tax evasion. Therefore, the willingness to impose costs on the private sector and to violate the privacy interests of ordinary people should be less in the case of information sharing for tax purposes than for the purposes of preventing terrorism or crime.
Moreover, tax-information-sharing programs are quite often a veiled attempt to stifle tax competition from low-tax jurisdictions. Tax competition is salutary and limits the degree to which governments can impose unwarranted taxation. Furthermore, poorly constructed tax-sharing agreements put Americans’ private financial information at risk, and the risk is highest for internationally active American businesses.
To safeguard citizens’ rights, U.S. tax-return information under current law may only be lawfully disclosed to a foreign government pursuant to a ratified treaty authorizing the information exchange. The U.S. is currently party to a network of bilateral tax treaties and tax-information-exchange agreements, and the Multilateral Convention on Mutual Administrative Assistance in Tax Matters, a treaty agreed to on January 25, 1988, and entered into force in 1995.
Article 4 of the original convention states: “The Parties shall exchange any information, in particular as provided in this section, that is foreseeably relevant to…the assessment and collection of tax, and the recovery and enforcement of tax claims.” However, Article 5 provides that this obligation must be fulfilled only upon request by a government “for information referred to in Article 4 which concerns particular persons or transactions.” (Emphasis added.) Article 6 permits but does not require automatic exchange of information. Article 22 contains provisions designed to protect the privacy of the information exchanged by the contracting states.
Separately, countries around the world have entered into more than 500 bilateral tax-information-exchange agreements modeled on the Organization for Economic Co-operation and Development’s (OECD’s) model Agreement on Exchange of Information on Tax Matters. This model agreement, released in 2002, is a nonbinding instrument meant to serve as a standard of “effective exchange of information for the purposes of the OECD’s initiative on harmful tax practices.” Article 5 of the model agreement makes it clear that the information must be provided only upon request and that automatic provision of the information is not required. Article 8 of the OECD model contains privacy protections.
Recent Sharing Proposals Endanger Financial Privacy. The U.S. Senate is currently considering the “Protocol Amending the Multilateral Convention on Mutual Administrative Assistance in Tax Matters,” which would impose a wide variety of new information-reporting requirements on financial institutions to help foreign governments collect their taxes. A second treaty—worse than this protocol—is the follow-on OECD treaty known as the “Multilateral Competent Authority Agreement on Automatic Exchange of Financial Account Information.” This follow-on treaty implements both the protocol and the 311-page OECD “Standard for Automatic Exchange of Financial Account Information in Tax Matters.” Together, the protocol, the Multilateral Competent Authority Agreement, and the OECD Standard constitute the three main parts of a new automatic information-exchange regime being promoted by the OECD and international tax bureaucrats.
If the U.S. ratifies the protocol and implements the new OECD standard, Washington would automatically, and in bulk, ship private financial and tax information—including Social Security and other tax identification numbers—to Argentina, China, Colombia, Indonesia, Kazakhstan, Nigeria, Russia, and nearly 70 other countries. In other words, foreign governments that are hostile to the U.S., corrupt, or have inadequate data safeguards, would automatically have access to private financial (and other) information of some U.S. taxpayers and most foreigners with accounts in the U.S. This new regime would also add yet another layer to the voluminous compliance requirements imposed on financial institutions, hitting small banks and broker-dealers especially hard.
Compliance Burden for Banks and Financial InstitutionsFinancial privacy necessarily deals with financial transaction data, so many federal rules deal with firms transferring money. These rules, which often impose heavy compliance costs on companies, are spread throughout several sections of the U.S. code but they generally apply to financial institutions as defined by Title 31 U.S. Code § 5312. Most of these regulations are AML and KYC rules, and they are primarily enforced by FinCEN. Other than banks (broadly defined), securities dealers, and insurance companies, the U.S. Code now identifies many non-financial firms as “financial institutions,” including government agencies, casinos, pawnbrokers, jewelry shops, travel agencies, car dealers, and real estate companies. Broker-dealers must also comply with the Financial Industry Regulatory Authority Rule 3310, which sets forth minimum standards for a firm’s written AML compliance program.
Title 18 of the U.S. code prohibits the operation of an unlicensed money-transmitting business, and also prohibits the knowing transfer of funds derived from (or intended for) criminal activity. Title 18 considers a business unlicensed if it fails to comply with federal “money transmitting business registration requirements,” or if it operates without a state license if one is required. Additionally, Title 31 of the U.S. Code requires money-transmitting businesses to register with the U.S. Secretary of the Treasury. Banks and other financial institutions are also required to comply with a complex set of tax information-reporting requirements administered by the IRS. According to a search of the Legal Information Institute’s version of the U.S. Code and the Code of Federal Regulations (CFR), the term “money laundering” occurs 72 times in the code and 185 times in the CFR.
Many of these rules have their genesis in the Bank Secrecy Act (BSA) of 1970, an act originally aimed at deterring foreign banks from laundering criminal proceeds and helping people evade federal income taxes. The BSA was little used until it was amended by the Money Laundering Control Act of 1986, an explicit component of the federal war on drugs and organized crime. In the wake of 9/11, the USA PATRIOT Act levied new rules on an expanded list of “financial institutions,” and also imposed stricter due-diligence and AML requirements. Essentially, the BSA/AML rules ensure that firms cannot legally transfer any money without knowing who the customer is and having some idea of where the money came from.
The BSA gave banks an affirmative duty to report to the Department of the Treasury cash transactions of more than $10,000, and it criminalized the failure to report such transactions. Adjusted for inflation to 2015 dollars, this amount represents more than $60,000, but the threshold has never been adjusted for inflation. Banks must electronically file a currency transaction report (CTR) for any “deposit, withdrawal, exchange, or other payment or transfer of more than $10,000 by, through, or to the bank.” Financial institutions are also required to report multiple currency transactions conducted “by, or on behalf of, one person” that aggregate to more than $10,000 in any single day.
Aside from the fact that FinCEN has the discretion to lower the $10,000 threshold, the regulations go well beyond the basic $10,000 threshold CTRs. Banks, for instance, have a $5,000 threshold for filing suspicious activity reports (SARs). Other financial institutions, such as casinos, also have the $5,000 SAR threshold, and most money-service businesses (MSBs) have a $2,000 SAR threshold. Additionally, some states have extended AML rules and have given casinos a $3,000 multiple transaction log (MTL) threshold. Moreover, all financial institutions regarded as MSBs must obtain and record specific information for all transfers of at least $3,000, and all currency exchangers must track any exchange that exceeds $1,000 in either domestic or foreign currency.
Federal regulators also require financial institutions to institute formal compliance programs for the BSA/AML rules, and regulators heavily micromanage this process. For guidance, the Federal Financial Institutions Examination Council publishes a 442-page examination manual that outlines procedures and requirements for a BSA/AML compliance program. The manual includes an overview of, for example, an appropriate customer identification program (CIP) as well as customer due-diligence (CDD) “policies, procedures, and processes.” Section 326 of the USA PATRIOT Act requires each bank to have a written CIP that is “appropriate for its size and type of business and that includes certain minimum requirements.”
The CIP is mandated to enable banks to form a “reasonable belief” that they know the true identity of each customer. Effective CDD programs, on the other hand, are meant to enable banks to “comply with regulatory requirements and to report suspicious activity.” Additionally, Section 1073 of the Dodd–Frank Wall Street Reform and Consumer Protection Act gave the Consumer Financial Protection Bureau (CFPB) certain regulatory responsibilities for remittance transfers. Specifically, Dodd–Frank amended the Electronic Fund Transfer Act “to create a new comprehensive ‘consumer protection regime’ for remittance transfers sent by consumers in the United States to individuals and businesses in foreign countries.” Combined, these rules impose large costs on financial institutions, many of which have decided to stop offering certain services rather than deal with the additional compliance burden or risk being held liable for criminal activity.
Cost and Benefits of BSA/AML RulesThe original goal of the BSA/AML rules was to reduce predicate crimes, such as illegal drug distribution, rather than money laundering itself. Judged by this standard, very little empirical evidence suggests that the rules have worked as designed. In fact, even though BSA/AML rules have been expanded consistently throughout the past four decades, it remains difficult to discern any net benefit of the overall BSA/AML regulatory framework. Even though there is no clear evidence that the rules materially reduce crime, the BSA/AML bureaucracy began relentlessly expanding internationally—primarily through the Financial Action Task Force (FATF)—more than two decades ago.
One comprehensive study reports that even though the FATF proceeds as if these rules have produced only public benefits, “[t]o date there is no substantial effort by any international organization, including the International Monetary Fund, to assess either the costs or benefits of” this regulatory framework. In fact, BSA/AML regulations have been sharply criticized as a costly, ineffective approach to reducing crime. The rules have also been criticized for being overly intrusive and elaborate, and for distorting the classical constructions of criminal law and criminal procedure. The available evidence even suggests that the BSA/AML framework has forced financial firms to report so much information that it has made law enforcement more difficult because the information overload has reduced the reporting regime’s effectiveness at uncovering crime.
The growth in the reporting volume to law enforcement shows where the information overload has taken place. For instance, the annual number of SARs filed in the U.S. was only 52,000 in 1996, and had jumped to 689,414 by 2004. In 2013, U.S. depository institutions (banks) filed almost 1 million SARs, and (separately) MSBs filed nearly 800,000 SARs. In 2014, SAR filings totaled 1.7 million, and 916,709 were filed in the first half of 2015 (a pace of 1.8 million annually).
In 2001, roughly 13 million CTRs were filed with FinCEN. As shown in Table 1, FinCEN reported more than 15 million CTR filings in 2014, a considerably slower growth rate than for SARs. The total volume of BSA/AML filings has reached enormous proportions. For instance, in 2015 the FinCEN director announced that the agency receives “approximately 55,000 electronically filed BSA reports from more than 80,000 financial institutions and 500,000 individual foreign bank account holders each day.”
Aside from any possible benefits in crime reduction, research suggests that compliance costs are high for financial companies, with a disproportionate burden falling on smaller firms. For instance, Federal Reserve researchers report that compliance costs are especially burdensome for smaller banks, where hiring even one additional employee can lower the return on assets by more than 20 basis points. Other research suggests that the increasing compliance burden in the banking industry is at least partly responsible for the trend toward consolidation and the disappearance of smaller banks.
Though it is merely one example, an American Bankers Association (ABA) publication highlights a small bank that reports it has to dedicate more than 15 percent of its employees to compliance-related tasks. An ABA survey also suggests that the cumulative cost associated with compliance has caused banks to offer fewer services and raise fees, thus harming consumers. For example, almost 20 percent of the banks subject to the CFPB’s new remittance rules plan to simply stop providing remittance services, while 42 percent intend to raise fees to cover the additional compliance costs. Aside from these direct costs, banks have likely endured the cost of losing law-abiding customers who do not want to provide personal information, though this cost is difficult to quantify.
There seems to be little attention paid by either FinCEN or Congress to how high these compliance costs have become. Table 2 provides an estimate of these costs. The estimates are primarily based on the Office of Management and Budget (OMB) Office of Information and Regulatory Analysis burden-hour estimates for the information-collection requirements. The hours are then monetized using Bureau of Labor Statistics information about compliance personnel salaries. Using these figures, the total BSA/AML costs are estimated to be between $4.8 billion and $8 billion annually.
It is important to note that this estimate is probably a significant underestimate of the actual burden. For example, the OMB estimates that FinCEN’s “Future Commission Merchants and Introducing Brokers Customer Identification” requirements can be met in two minutes per customer, an assumption which is, at the least, questionable. The OMB makes a similar estimate regarding the Broker-Dealers Customer Identification Program.
Furthermore, other government agencies, notably the Department of Justice and the IRS, expend resources enforcing these laws although, so far as the authors know, these two agencies do not report the costs they incur from enforcing AML laws. Thus, only FinCEN’s budget is included in this Backgrounder’s cost estimates. Furthermore, the cost of funds provided by the U.S. government to international organizations, such as the FATF, is not considered in the estimate. To summarize, the Table 2 cost estimates are only with respect to BSA/AML compliance costs; they do not include costs relating to information reporting for tax purposes, nor do they include compliance costs due to other banking or securities regulations.
Tables 3, 4, and 5 provide data related to money-laundering investigations, indictments, and sentences from the FBI, IRS, and the U.S. Sentencing Commission. These government sources frequently provide inconsistent information about money-laundering crimes, but the overall crime statistics cast serious doubt on the efficiency of the BSA/AML requirements.
The FBI reports a downward trend in money-laundering investigations, from 548 in 2007 to 303 in 2011. (See Table 3.) There were only 37 indictments and 45 convictions in 2011. Using FBI data, those 45 convictions cost society between $107 million and $178 million per conviction, an absurdly low return on the billions in costs incurred by the private sector.
The IRS initiated between 1,300 and 1,600 money-laundering investigations in fiscal years (FYs) 2013, 2014, and 2015. (See Table 4.) In FY 2015, the IRS investigations resulted in 691 people being sentenced. Even making the heroic assumption that all 691 money-laundering sentences reported by the IRS were prosecutions that would not have occurred but for the AML statutes, and using the low end of the estimated costs of the AML regime, these prosecutions have a cost of at least $7 million each.
The U.S. Sentencing Commission reports that 667 money-laundering sentences were handed down in 2015, a decrease from 896 in 2006. (See Table 5.) This figure is slightly less than the 691 reported by the IRS. However, for 2014, the Sentencing Commission shows 885 sentences, compared to the IRS figure of 785. Regardless, these figures are reasonably close to each other and they indicate that the typical number of sentences for AML offenses is fairly low. Another mitigating factor is that many of these AML sentences were in addition to sentences for the underlying, predicate crime.
Separately, in FY 2015, FinCEN issued 12 civil money penalties. Thus, on the surface, these cases seem like a clear misallocation of law enforcement resources. It is difficult to believe that this regulatory framework is the most effective use of scarce law enforcement and private-sector resources. Yet, FinCEN has not been subject to any meaningful cost-benefit analysis, and federal (and international) bureaucracies keep adding additional costs and burdens. It is long past the time to change this approach.
After having increasingly forced financial institutions into a quasi-law-enforcement role for more than four decades, federal agencies should be able to easily point to direct net benefits. The available evidence suggests, however, that the BSA/AML regime has been a highly inefficient law enforcement tool. At the very least, a high degree of skepticism about further expansion of these and similar requirements is in order. Given the billions of dollars spent annually by the private sector on the existing elaborate and costly AML bureaucracy, a serious data-driven cost-benefit analysis of the existing system is warranted. Based on the evidence publicly available, the current regime is unlikely to withstand a rigorous analysis.
Lastly, the International Monetary Fund (IMF) has found that the withdrawal of correspondent banking relationships by Western banks with developing-country banks is having a macro-economically significant adverse impact in much of the developing world, and endangers financial stability. This development limits international trade and access to credit. Financial intermediation is important to financial prosperity and economic development. The IMF staff finds that this development is largely due to the regulatory risk, the risk of enforcement penalties and high compliance costs caused by the AML regulatory regime, and “tax transparency initiatives,” such as FATCA and the FATF’s black list.
BSA/AML Rules Threaten FinTech ApplicationsThe effect that these rules have on emerging financial services technologies—known as FinTech—should also be considered when assessing the cost and benefit of the BSA/AML regulatory framework. One major problem is that financial services firms, entrepreneurs, and even regulators, are still learning how these new technologies can be used. It is clear, however, that BSA/AML rules have contributed to existing firms’ hesitancy to use certain technologies, thus slowing down their implementation. For example, traditional banks have been reluctant to develop the blockchain technologies spawned by Bitcoin, and even to work with blockchain-based companies. In particular, the pseudo-anonymous nature of bitcoin transactions has been a challenge for complying with BSA/AML laws.
Even though bitcoin transactions are completed with an electronic address, they do not include the name or any other direct information about the person sending or receiving bitcoins. Naturally, pseudo-anonymous transactions pose a challenge for complying with know-your-customer laws. Furthermore, the Treasury’s recent request for “Public Input on Expanding Access to Credit Through Online Marketplace Lending” shows that it is clearly contemplating greater regulation of online lenders, a relatively new form of financial intermediary.
Title III of the Jumpstart Our Business Startups (JOBS) Act created an exemption from registration under the Securities Act for equity crowdfunding that allows entrepreneurs to raise capital using the Internet. In addition to broker-dealers, Congress created a more lightly regulated category of intermediary called a “funding portal” on which entrepreneurs may list their offerings. FinCEN has proposed a rule titled “Amendments to the Definition of Broker or Dealer in Securities,” treating these funding portals as broker-dealers for AML purposes, even though they are not broker-dealers. Similar rules were proposed and then rejected by the Securities and Exchange Commission and the Financial Industry Regulatory Authority.
Rejecting such rules is the right approach because funding portals do not handle customer funds. The JOBS Act prohibits funding portals from doing so. However, the banks and broker-dealers that do handle customer funds must comply with BSA/AML rules. Thus, the proposed rules quite literally impose duplicative and overlapping requirements. They require both the financial institution holding customer funds and the funding portal—despite the fact that funding portals cannot hold customer funds—to perform the same function (for AML purposes) with respect to the same customer funds.
It is inappropriate to require funding portals to comply with these rules because the ability of the funding portal to engage in, or facilitate, money laundering does not exist to any meaningful degree, and the costs of complying with these rules are likely so high as to make funding portals uneconomical. Implementing such rules will result in a situation where the only intermediaries are broker-dealers, thus frustrating the intention of Congress to establish a more lightly regulated intermediary class. As with all financial services activities, it is critical that personal and financial privacy and compliance costs remain key concerns as policymakers design new regulations for funding portals and all other FinTech applications.
The principle of federalism potentially complicates these matters because each U.S. state has the ability to create its own set of regulations for FinTech firms. Regarding the state–federal relationship, 31 U.S. Code § 5330 (a)(3) explicitly states that it does not supersede “any requirement of State law relating to money transmitting businesses operating in such State.” Congress should consider the possible benefits of pre-empting state registration requirements for money-transmission businesses because the technological changes of the past few decades ensure that any money transmitter, regardless of the state in which it is domiciled, can easily transfer funds around the entire globe.
A Better Means of International Information SharingThe primary goals of international information sharing should be to promote law enforcement, combat terrorism, and prevent and punish fraud in a manner consistent with the principles of a free society. A better means of achieving these goals is to replace the current patchwork of international agreements with a well-considered, integrated international convention that ensures robust information sharing for the purposes of preventing terrorism, crime, and fraud, but also provides enforceable legal protections for the financial and other privacy interests of member states’ citizens and the legitimate commercial interests of their businesses.
Membership in this convention should be restricted to governments that (1) are democratic (representative democracies with legitimate elections and protections for political minorities); (2) respect free markets, private property, and the rule of law; (3) can be expected to always use the information in a manner consistent with the security interests of the member states; and (4) have—in law and in practice—adequate safeguards to prevent the information from being obtained by hostile parties or used for inappropriate commercial, political, or other purposes.
Such an arrangement would facilitate law enforcement and anti-terrorist aims by allowing more information to be exchanged safely and more expeditiously. It would also provide, for the first time, enforceable legal protections for the rights of citizens of the member states. Regardless, the Senate should not ratify the Protocol Amending the Multilateral Convention on Mutual Administrative Assistance in Tax Matters. Doing so would lead to substantially more transnational identity theft, crime, industrial espionage, financial fraud, and the suppression of political opponents and religious or ethnic minorities by authoritarian and corrupt governments. Ratifying the protocol would put Americans’ private financial information at risk, and the risk would be highest for American businesses involved in international commerce.
Seven Policy Reforms
- Congress should direct the Department of Justice (in consultation with the IRS and FinCEN) to annually report the number of AML referrals, prosecutions, and convictions (including those that were made without a simultaneous prosecution for a predicate crime), and the number of occasions where BSA/AML customer requirements lead to a criminal prosecution or conviction for a non-money-laundering crime. To the extent possible, the data should report retroactively for the previous 10 years.
- Congress should instruct both the Government Accountability Office and FinCEN to undertake a rigorous data-driven cost-benefit analysis of the current BSA/AML regime that examines the costs incurred by government, financial institutions, and others, and compares them to the benefits of the regime. The cost estimates should be based on a survey of firms that must comply with the current BSA/AML framework.
- Congress should eliminate currency transaction reports (CTRs) altogether and streamline the reporting process so that suspicious activity reports (SARs) are the only reporting mechanism. Alternatively, if Congress decides to maintain CTRs, the CTR threshold should be adjusted for inflation from $10,000 to $60,000. The use of cash should not be criminalized, and it makes little sense to continue collecting millions of reports on lawful transactions. Congress should also adjust the SAR threshold to $60,000 so that financial institutions do not have to file reports on small transactions.
- Congress should provide that funding portals are exempt from BSA/AML requirements, since they are prohibited from holding customer funds and the financial institutions that do hold customer funds must undertake BSA/AML compliance.
- As a replacement for the current patchwork of existing arrangements, the United States should draft and promote a well-considered, integrated international convention that ensures robust information sharing for the purposes of preventing terrorism, crime, and fraud, but also provides enforceable legal protections for the financial and other privacy interests of member states’ citizens and the legitimate commercial interests of their businesses. Membership in this convention should be restricted to governments that fulfill the four requirements listed above: They must (1) be democratic; (2) respect markets, private property, and the rule of law; (3) only use the information in a manner consistent with the security interests of the member states; and (4) have safeguards to prevent the information from being obtained by hostile parties or used inappropriately.
- Congress should pre-empt state regulation of money-transmission businesses. These businesses are engaging in interstate commerce and there should be one uniform regulatory regime for reducing compliance costs and avoiding duplicative regulations. This is particularly true given the heavy level of federal regulation in this area.
- The CFPB should be eliminated through repeal of Title X of Dodd–Frank. Title X of the Dodd–Frank Act created the CFPB, an independent federal agency whose regulatory authority is neither well-defined nor fixed. The CFPB is imbued with unparalleled powers over virtually every consumer financial product and service, and it could easily create rules that extend the BSA/AML regime under the pretense of protecting consumers.
ConclusionFinancial privacy is a key component of life in a free society, and the U.S. system of government was designed to ensure individuals a private sphere free of government involvement, surveillance, and control. The current U.S. financial regulatory framework has expanded so much that it now threatens this basic element of freedom. For instance, individuals who engage in cash transactions of more than a small amount trigger a general suspicion of criminal activity, and financial institutions of all kinds—including jewelry stores—have to report such transactions. Regulations have imposed an enormous compliance burden on these firms, and the companies have essentially been forced into a quasi-law-enforcement role.
The cost estimates provided in this Backgrounder suggest that the current regulatory framework is unlikely to withstand a rigorous cost-benefit analysis. For instance, the costs of the current U.S. BSA/AML regime are estimated to be between $4.8 billion and $8 billion annually, at least $7 million for each AML conviction. Nonetheless, the BSA/AML framework has expanded for the past few decades without any meaningful cost-benefit analysis of these rules. Since the current framework appears grossly cost-ineffective, Congress should require regulators to develop better information about the costs and benefits of the current regime.
Internationally, the U.S. has signed a treaty and is engaged in further talks that would allow hostile countries access to American citizens’ private financial information. The U.S. should not ratify the Protocol Amending the Multilateral Convention on Mutual Administrative Assistance in Tax Matters. The primary goals of international information sharing should be to promote law enforcement according to the principles of a democratic society, combat terrorism, and prevent and punish crime and fraud. The current patchwork of international agreements fails to accomplish these goals, and the overly complex and burdensome financial regulatory framework has likely impeded efforts to meet these goals. This Backgrounder recommends seven reforms that would better protect individuals’ privacy rights and improve law enforcement’s ability to apprehend and prosecute criminals and terrorists.
—David R. Burton is Senior Fellow in Economic Policy, and Norbert J. Michel, PhD, is a Research Fellow in Financial Regulations, in the Thomas A. Roe Institute for Economic Policy Studies, of the Institute for Economic Freedom and Opportunity, at The Heritage Foundation.