A U.S-based agency (FinCEN) responsible for curbing financial crimes is encouraging financial institutions, ranging from banks and cryptocurrency exchanges, to share customer information within themselves to identify lawbreakers.
The Financial Crimes Enforcement Network (FinCEN) is a bureau of the Treasury Department. It issued a fact sheet on Thursday stating the 2001 Patriot Act, which gives institutions clarity on the kind of information they are permitted to share. The sheet cities Section 314(b) of the act and the regulations putting it into practice – “impose no limitations on the sharing of personally identifiable information.” It also explained that institutions have to protect the security and confidentiality of customers and use the data gotten for the purposes stipulated in the law.
However, the guidance is likely to irritate privacy advocates within and outside the crypto community who are already uneasy about the Suspicious Activity Report (SAR) database of FinCEN. After all, the more places customer information is shared, the more vulnerable they become. An associate professor of law at the City University of New York, Nizan Geslevich Packin, has also expressed his displeasure with the recent development.
“It seems that in a bid to protect our communities and prevent crimes, FinCEN is dramatically expanding its expectation of banks to share data. This guidance is at the expense of individuals’ privacy, which will potentially expose them to real cyber risks, even though the reason behind such a move is not clear yet.”
In a speech on Thursday, FinCEN Director Kenneth Blanco highlighted that interbank data sharing is a public safety measure to reduce the crime rate within financial institutions.
“Information sharing among financial institutions through 314(b) is critical to identifying, reporting, and preventing crime. There will also be a prepared virtual gathering for bankers and lawyers, as this is an important part of protecting national security.”
The director also addressed how institutions are reluctant to adhere to this admonition. He added:
“Many have been asking for clarity on this area for a long time. So the agency deemed it fit to clarify in detail the circumstances where 314(b) applies, with the hope of improving participation.”
A better explanation
The information that can be shared is not limited to suspicious activities involving proceeds of a specified unlawful activity. This means that institutions do not need specific information or a conclusive determination that these activities are fraudulent before sharing data. The FinCEN fact sheet also claims that additional reporting can help reveal overall financial trails and build a more comprehensive picture of an individual’s activities.
In addition to Blanco’s remark, Angela Angelovska, the co-founder of DLx Law, asserts that while multiple financial institutions handling sensitive data could create extra vulnerabilities, the idea may ultimately be positive. If banks can share data about the activities of an individual among each other, it could stop some entities from acting with blinders. She explained further:
“If someone engages in an account in a certain way, and then behaves differently in another account, that might seem suspicious to both banks. But if they communicate this data before filing a SAR, it could benefit the customer, as additional reporting will disclose if there are fraudulent intents or not.”
FinCEN is not doing its job
Despite the genuine reasons behind FinCEN’s efforts, many view it as a sign of a failed policy, as it shows that Congress has not been performing its oversight function. A former FBI special agent, Michael German, claims that it is time for elected representatives to protect the data of individuals following its promise under the Bank Secrecy Act, rather than these exceptions for sharing. He also believes that FinCEN would push for more information and more information sharing, even if such information is inconsequential to its goals.
In other news, financial institutions are still forbidden to disclose that a SAR exists. However, financial institutions participating in section 314(b) that want to file or have already filed a joint SAR can freely discuss among themselves. Although crypto exchanges were not explicitly listed in the sheet, money services, businesses, and security brokers are still part of the list, and both categories include cryptocurrency businesses. FinCEN also added that compliance vendors and associations of financial institutions, including unincorporated ones governed by a contract between members, are also allowed to participate in information-sharing.
In an era where cybersecurity is a primary concern, the questions about the safety of the information collected by FinCEN and the bureau’s failure to create plausible guidelines remain valid.