SPEAKERS CONTENTS INSERTS
Page 1 TOP OF DOC
62–436
2000
''KNOW YOUR CUSTOMER'' RULES: PRIVACY IN THE HANDS OF FEDERAL REGULATORS
HEARING
BEFORE THE
SUBCOMMITTEE ON
COMMERCIAL AND ADMINISTRATIVE LAW
OF THE
COMMITTEE ON THE JUDICIARY
HOUSE OF REPRESENTATIVES
ONE HUNDRED SIXTH CONGRESS
FIRST SESSION
MARCH 4, 1999
Serial No. 62
Printed for the use of the Committee on the Judiciary
Page 2 PREV PAGE TOP OF DOC
For sale by the U.S. Government Printing Office
Superintendent of Documents, Congressional Sales Office, Washington, DC 20402
COMMITTEE ON THE JUDICIARY
HENRY J. HYDE, Illinois, Chairman
F. JAMES SENSENBRENNER, Jr., Wisconsin
BILL McCOLLUM, Florida
GEORGE W. GEKAS, Pennsylvania
HOWARD COBLE, North Carolina
LAMAR S. SMITH, Texas
ELTON GALLEGLY, California
CHARLES T. CANADY, Florida
BOB GOODLATTE, Virginia
STEPHEN E. BUYER, Indiana
ED BRYANT, Tennessee
STEVE CHABOT, Ohio
BOB BARR, Georgia
WILLIAM L. JENKINS, Tennessee
ASA HUTCHINSON, Arkansas
EDWARD A. PEASE, Indiana
CHRIS CANNON, Utah
JAMES E. ROGAN, California
LINDSEY O. GRAHAM, South Carolina
MARY BONO, California
Page 3 PREV PAGE TOP OF DOC
SPENCER BACHUS, Alabama
JOHN CONYERS, Jr., Michigan
BARNEY FRANK, Massachusetts
HOWARD L. BERMAN, California
RICK BOUCHER, Virginia
JERROLD NADLER, New York
ROBERT C. SCOTT, Virginia
MELVIN L. WATT, North Carolina
ZOE LOFGREN, California
SHEILA JACKSON LEE, Texas
MAXINE WATERS, California
MARTIN T. MEEHAN, Massachusetts
WILLIAM D. DELAHUNT, Massachusetts
ROBERT WEXLER, Florida
STEVEN R. ROTHMAN, New Jersey
TAMMY BALDWIN, Wisconsin
ANTHONY D. WEINER, New York
THOMAS E. MOONEY, SR., General Counsel-Chief of Staff
JULIAN EPSTEIN, Minority Chief Counsel and Staff Director
Subcommittee on Commercial and Administrative Law
GEORGE W. GEKAS, Pennsylvania, Chairman
ED BRYANT, Tennessee
Page 4 PREV PAGE TOP OF DOC
LINDSEY O. GRAHAM, South Carolina
STEPHEN E. BUYER, Indiana
STEVE CHABOT, Ohio
ASA HUTCHINSON, Arkansas
SPENCER BACHUS, Alabama
JERROLD NADLER, New York
TAMMY BALDWIN, Wisconsin
MELVIN L. WATT, North Carolina
ANTHONY D. WEINER, New York
WILLIAM D. DELAHUNT, Massachusetts
RAYMOND V. SMIETANKA, Chief Counsel
SUSAN JENSEN-CONKLIN, Counsel
JAMES W. HARPER, Counsel
C O N T E N T S
HEARING DATE
March 4, 1999
OPENING STATEMENT
Gekas, Hon. George W., a Representative in Congress from the State of Pennsylvania, and chairman, Subcommittee on Commercial and Administrative Law
Page 5 PREV PAGE TOP OF DOC
WITNESSES
Anthony, Robert A., Professor, George Mason University School of Law
Barr, Hon. Bob, a Representative in Congress from the State of Georgia
Burniston, Timothy R., Managing Director, Compliance Policy and Specialty Examinations, Office of Thrift Supervision, Department of the Treasury
Glover, Jere W., Chief Counsel, Office of Advocacy, Small Business of Administration
Hawke, John D., Jr., Comptroller, Office of the Comptroller of the Currency, Department of the Treasury
McLaughlin, James, Director, Regulatory Affairs, American Banker's Association
Medine, David, Associate Director, Financial Practices Division, Federal Trade Commission
Nojeim, Gregory T., Legislative Counsel, American Civil Liberties Union
Paul, Hon. Ron, a Representative in Congress from the State of Texas
Page 6 PREV PAGE TOP OF DOC
Sciacca, Christie A., Associate Director, Division of Supervision, Federal Deposit Insurance Corporation
Singleton, Solveig, Director of Information Studies, Cato Institute
Small, Richard A., Esq., Assistant Director, Division of Banking Supervision and Regulation, Board of Governors of the Federal Reserve System
LETTERS, STATEMENTS, ETC., SUBMITTED FOR THE HEARING
Anthony, Robert A., Professor, George Mason University School of Law: Prepared statement
Bachus, Hon. Spencer, a Representative in Congress from the State of Alabama: Prepared statement-
Barr, Hon. Bob, a Representative in Congress from the State of Georgia: Prepared statement
Burniston, Timothy R., Managing Director, Compliance Policy and Specialty Examinations, Office of Thrift Supervision, Department of the Treasury: Prepared statement
Gekas, Hon. George W., a Representative in Congress from the State of Pennsylvania, and chairman, Subcommittee on Commercial and Administrative Law: Prepared statement-
Page 7 PREV PAGE TOP OF DOC
Glover, Jere W., Chief Counsel, Office of Advocacy, Small Business of Administration: Prepared statement
Hawke, John D., Jr., Comptroller, Office of the Comptroller of the Currency, Department of the Treasury: Prepared statement
Leach, James A., a Representative in Congress from the State of Iowa, and chairman, Committee on Banking and Financial Services: Letter dated February 3, 1999
McLaughlin, James, Director, Regulatory Affairs, American Banker's Association: Prepared statement
Medine, David, Associate Director, Financial Practices Division, Federal Trade Commission: Prepared statement
Nojeim, Gregory T., Legislative Counsel, American Civil Liberties Union: Prepared statement
Paul, Hon. Ron, a Representative in Congress from the State of Texas: Prepared statement
Sciacca, Christie A., Associate Director, Division of Supervision, Federal Deposit Insurance Corporation: Prepared statement
Page 8 PREV PAGE TOP OF DOC
Singleton, Solveig, Director of Information Studies, Cato Institute: Prepared statement
Small, Richard A., Esq., Assistant Director, Division of Banking Supervision and Regulation, Board of Governors of the Federal Reserve System: Prepared statement
''KNOW YOUR CUSTOMER'' RULES: PRIVACY IN THE HANDS OF FEDERAL REGULATORS
THURSDAY, MARCH 4, 1999
House of Representatives,
Subcommittee on Commercial
and Administrative Law,
Committee on the Judiciary,
Washington, DC.
The subcommittee met, pursuant to call, at 10 a.m., in Room 2141, Rayburn House Office Building, Hon. George W. Gekas [chairman of the subcommittee] presiding.
Present: Representatives George W. Gekas, Ed Bryant, Steve Chabot, Jerrold Nadler, William D. Delahunt and Anthony D. Weiner.
Staff present: Jim Harper, Counsel; Ray Smietanka, Chief Counsel; Susan Jensen-Conklin, Counsel; Audray Clement, Staff Assistant; David Lachmann, Professional Staff Member; and Sam Garg, Minority Counsel.
Page 9 PREV PAGE TOP OF DOC
OPENING STATEMENT OF CHAIRMAN GEKAS
Mr. GEKAS. The hour of 10 o'clock having arrived, the Subcommittee on Commercial and Administrative Law of the Judiciary Committee will come to order. We note presence of a hearing quorum with the attendance of the gentleman from Massachusetts, Mr. Delahunt, and the Chair.
We will begin by setting the stage for what should be an interesting hearing by simply stating that the purpose of the hearing is to delve into the anatomy of a regulation that seems to have caused a great stir among the American people and which is vexatious at best and dangerous at most.
It is interesting that I came across the controversy through driving around in my district one day about 3 weeks ago, I suppose it was, listening to a local talk show hosted by a local personality in Pennsylvania, Bob Durgin, who ranted and raved about this particular regulation. He is a staunch critic of government interference in anything. You name it, he is against it, so we always listen to what he says because we can learn. He devoted an entire talk show period to listeners who would call in to complain about various things, and when he outlined what this problem was, his lines were flooded with complaints, or shall we say precomplaints—shock at the prospect of having to undergo the weight of such a regulation. ''Know Your Customer'' is what we are talking about, of course.
The problem has several sides to it, for the purposes of this committee, because we are dealing on a regular basis with administrative law. We have to administer and oversee the Regulatory Flexibility Act, RegFlex as we call it, and we are embarking on a program to try to pass legislation which we call the Regulatory Fair Warning Act. All of these things come into play in one fell swoop with the testimony that we are going to hear about the problem that we have outlined.
Page 10 PREV PAGE TOP OF DOC
We hope at the end of the hearing that we will be better satisfied with how the regulation came to be. We know that the Congress is at fault, many times retrospectively, in passing statutes that cause vague or unenforceable regulations, but we want to try to connect the two, the act of Congress or the inaction of Congress with the promulgation of the subject regulation.
We want to see how the regulation manifested itself in the various corners of the administrative agency world. Four separate Federal agencies are involved in this. Sometimes they have opposite views on the purpose of the regulation or opposite views on whether or not it affects small business. We like to characterize it, for the purpose of dramatizing the issue, that among those four agencies it seems that the left hand and the right hand are so far apart they can't even grasp each other, let alone talk to each other. So we are interested in trying to sort all of that out.
Interestingly we are going to be embarking upon hearings sometime in the near future on the proposed Fair Warning Act. In that proposed act, the criterion of regulation is whether it gives adequate warning to those to be regulated or whether it is too vague or too broad or too complex to be understood by first, the regulated public and second, by the courts. Can a small businessman, by looking at a regulation, know exactly what he is warned against? The courts have ruled on that, and we are going to be trying to codify the rules in the Fair Warning Act.
So that is where we are. We are ready to hear the testimony having to do with this one regulation and the acts of Congress that prompted it and how the agencies will be dealing with it.
Page 11 PREV PAGE TOP OF DOC
[The prepared statement of Mr. Gekas follows:]
PREPARED STATEMENT OF HON. GEORGE W. GEKAS, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF PENNSYLVANIA, AND CHAIRMAN, SUBCOMMITTEE ON COMMERCIAL AND ADMINISTRATIVE LAW
Today we cast new light on a set of proposed regulations that have caused a significant portion of the public a significant amount of concern. The ''Know Your Customer'' regulations, proposed by four separate offices that regulate banking institutions, are widely recognized as invasions of Americans' privacy.
The proposals would require banks to monitor—more accurately, conduct surveillance on—their customers' transactions. I believe they are an honest and good faith attempt by the regulators to pursue money laundering, a legitimate interest that Members of Congress have supported.
But the proposals, in my view, overreach. They make a fundamental mistake by failing to account for the passion Americans show when their financial privacy is threatened. I don't think the mistake was an obvious or stupid one, but it is obvious that we all can learn from it by examining the process from which the proposals emerged.
And, let me say, I hope this examination will be a post-mortem.
I want to briefly address some concerns arising from our examination of the proposals and their promulgation. I look forward to full discussion of these issues.
Page 12 PREV PAGE TOP OF DOC
First, I question whether these rules would stand the test of my Regulatory Fair Warning Act (H.R. 881). The proposed rules appear vague. I understand they are the product of cooperation between the agencies and representatives of the banks. But they would put banks in a very disadvantageous position if regulators changed their interpretations of the rules if or when cooperation broke down.
Second, the regulations would have an as yet unknown effect on small businesses. The regulators were split right down the middle on whether these rules would substantially affect small entities under the Regulatory Flexibility Act. As Congress reaffirmed in 1996, it is essential that all regulators consider and understand the effect of their rules on small entities before they go forward.
Finally, there is what can only be called a left hand/right hand problem between the bank regulators and other agencies, notably the Federal Trade Commission. The bank regulators are asking banks to snoop into private information while its sister agency has pursued the opportunity to set privacy policy for the private sector. It's unclear to me whether the regulatory process is up to the task of coordinating the left hand and the right hand in this situation. Let Congress address privacy at the pace, and in the way called for by the American people.
We have many witnesses and much interest in these complicated issues. I thank our witnesses for being here and I thank my colleagues for helping me expeditiously survey the issues today.
Page 13 PREV PAGE TOP OF DOC
Mr. GEKAS. We note the presence now of the gentleman from Tennessee, Mr. Bryant, and that of the gentleman from New York, Mr. Nadler. We understand that Mr. Delahunt has another schedule that he must maintain. If you don't mind, I will yield first to the gentleman from Massachusetts for the purpose of a short opening statement not to exceed 25 minutes.
Mr. DELAHUNT. That is adequate time, Mr. Chairman. I appreciate taking me out of turn.
I want to commend you for scheduling this hearing on the proposed so-called ''Know Your Customer'' rules. I don't know of a proposed rule that has ever provoked so much public interest and concern. According to the testimony submitted by the FDIC, that agency has received something on the order of 135,000 comments, and the comment period does not end until Monday.
I also understand from its testimony that the agency recognizes that in view of this unprecedented reaction, the proposed rules cannot go into effect in their present form, if at all. Our government is often criticized for being insufficiently responsive to the popular will, so it is good to know that in this instance the message has been received loud and clear by the FDIC.
Now, the message certainly has something to do with the specifics of this particular proposal, but I believe that it has even more to do with a growing feeling in the public mind that we are losing control over the most private aspects of our personal lives, from our intimate associations to our reading habits, from our medical history to the genetic code that makes us who we are. A recent news story described a court case in which one party sought to use supermarket purchasing records to show that the opposing party had a drinking problem. Only yesterday The New York Times described the new technologies that permit computer networks to identify users and track them from destination to destination as they surf the Internet. When privacy groups raised concerns about these new technologies, a leading developer said, and I quote, ''You already have zero privacy. Get over it.''
Page 14 PREV PAGE TOP OF DOC
Millions of Americans are beginning to fear that this is true, but they are unwilling to get over it. They value their privacy and are unwilling to stand by while it slips away or is sacrificed in the name of law enforcement or national security or corporate profit.
So we come to the ''Know Your Customer'' rules. Financial institutions are already required by law to report suspicious activity that comes to their attention. There is nothing new in that. But there is a world of difference between requiring these institutions to report possible criminal violations and ordering them to profile millions of innocent account holders in order to ferret out criminals. The first says only that corporations must not turn a blind eye to illegal activities; the second seeks to turn them into the eyes and ears of the law enforcement community. I would suggest that this smacks of Big Brother.
In its written testimony, the ACLU suggests that even without these new rules, existing law already authorizes banks to spy on their customers to an unacceptable degree, and they may well be right.
It is time to consider what we are doing to the fabric of civil society when we enlist private entities as adjuncts of law enforcement. What does it mean for the workplace environment when we turn employers into agents of the Immigration Service? What does it mean for the doctor-patient relationship when we encourage patients to inform on their doctors? How do we strike a proper balance between the legitimate needs of law enforcement and the values of a free society?
Page 15 PREV PAGE TOP OF DOC
By now it's clear even to the proponents that the ''Know Your Customer'' rules fail to strike that balance. Should they be issued in anything like their present form, it would be my intention to file a resolution of disapproval pursuant to the Congressional Review Act.
So as for the larger questions, Mr. Chairman, I recognize we will not settle them today, but I hope this proposal and the extraordinary reaction it has engendered will encourage us to examine those questions in a more thoughtful and comprehensive way. Thank you, Mr. Chairman.
Mr. GEKAS. We thank the gentleman. I propose the gentleman from Massachusetts and I synchronize our watches.
Mr. DELAHUNT. That was less than 25 minutes.
Mr. GEKAS. I know.
We turn now to the gentleman from New York for an opening statement.
Mr. NADLER. Thank you, Mr. Chairman. I will not use my full 5 minutes. Mr. Chairman, I want to welcome our colleagues and distinguished witnesses to today's hearing. Thank you.
Though it is my understanding the rules, as proposed, are not likely to move forward, nor should they, I welcome this opportunity to hear from the regulators, the industry, small business and individual civil rights advocates on the ''Know Your Customer'' regulations. I hope the regulators will clarify for the subcommittee the problem they see and how they intend in future rulemakings, if any, after the well-deserved demise of these rules to deal with these issues in a more intelligent manner than do these rules and in a manner that does not do violence to people's privacy and fourth amendment rights in the way these proposed rules do.
Page 16 PREV PAGE TOP OF DOC
I would also hope that concerns raised by the Small Business Administration in terms of administration of any future rules would be addressed by today's witnesses.
Finally, I would question whether in the name of the war on drugs we have not lost sight of our fundamental liberties and constitutional standards intended to protect them in a manner at least as egregious as in these proposed and, I am sure, soon to be abandoned regulations. Those standards require a careful balancing, and I would hope we could remember that they form an impermeable barrier between liberty and the big hand of government. My constituents have in large numbers expressed these concerns with respect to these rules, and certainly with respect to some of the egregious violations engendered by some of the actions of government in the war on drugs, and I believe it has been true in districts across the country.
So, Mr. Chairman, I welcome today's hearings and hope they will assist this committee and the regulators in dealing more thoughtfully with these important questions in the future.
I want to add, Mr. Chairman, one thing, that this hearing has sort of grown like topsy in the last few days of this week. We had anticipated it would be a two-panel morning hearing until yesterday, I suppose, and my schedule had commitments made that will not permit me to stay beyond 12:30 today. I apologize to those testifying after that, especially to Mr. Nojeim, who is the Minority witness we asked to come here, but be assured all of us will carefully read all the prepared statements in any event.
Page 17 PREV PAGE TOP OF DOC
I yield back the balance of my time.
Thank you, Mr. Chairman.
Mr. GEKAS. The gentleman yields back the balance of his time.
We turn to the gentleman from Tennessee, Mr. Bryant, for an opening statement.
Mr. BRYANT. Thanks you, Mr. Chairman. I want to welcome all our distinguished guests. As our colleague from New York indicated, we have four panels today and some 11 very distinguished witnesses who will, I am sure, cover the complete ground on this issue.
Last December, as has been mentioned, Federal banking regulators proposed new rules that would compel our Nation's banks to monitor their customers' accounts for the Federal Government to keep tabs on, ''suspicious,'' financial activity. These vaguely written rules place, I believe, an undue burden on small banks and introduce the frightening prospect of people in Washington monitoring our visits to the ATM machine.
Now as a former prosecutor, and we will hear from other people in law enforcement today, I am concerned about the misuse of the laws, the violation of laws and money laundering, but I do know there already exists a number of statutes which guard against this and which provide a balance to the privacy issue, a balance where banks do cooperate in ferreting out suspected cases of currency and foreign trade transactions. The Foreign Transaction Reporting Act and Antidrug Act of 1986 are among these. But what this particular set of regulations now proposes, that came out since last December, ''Know Your Customer'' regulations would go, I believe, far beyond that. It would force the banks to gather information about their customers and their account activity. It would compel banks to develop information-gathering strategies without specific requirements of new rules. In essence, banks would be forced to guess what the vaguely written regulations mean, with possible Federal penalties if they guess wrong.
Page 18 PREV PAGE TOP OF DOC
These customer regulations would also put an undue burden on the banks, particularly the smaller banks, with the new Federal mandate; possible, that is, because different Federal agencies can't even agree on the economic impact of these rules.
Currently, without these vague, confusing rules, the banks are free to know their customers, the names, addresses and so forth, in order to provide them the best financial services. This is a good business practice, but not a means of surveillance to snoop out personal information for the Federal Government.
I want to thank the chairman for having this hearing today. I believe it will serve a good purpose. We will finally, I hope, get answers from the government about what we really mean here, and, in fact, whether we really need these additional new bureaucratic regulations. Again, I am one of those that believes there is a proper balance always, and certainly we want to make sure we can avoid, catch and prosecute all people that are out there committing crimes. But on the other hand, on the other side of the pendulum, we have a very important responsibility to protect our privacy and individual customers', the customers of the banks. And so I think this hearing is going to be very good for us and I look forward to hearing your testimony and reading your statements as well, as I also have conflicting schedules with other committees and markups today.
Thank you.
Mr. GEKAS. We thank the gentleman.
Page 19 PREV PAGE TOP OF DOC
Now we turn to the gentleman from Arkansas, whose attendance, the record will indicate, has already occurred, and we yield to him for 5 minutes.
Mr. HUTCHINSON. Thank you, Mr. Chairman. I will try to be brief, but I am very grateful for this hearing. It is very timely in light of the many, many inquiries I have received from my constituents. Every once in a while as you go through congressional life, a proposed regulation will hit the populace right in the face and cause a great deal of concern. Sometimes that is unjustified, sometimes it is based upon a lack of communication or lack of understanding as to what is being proposed. So this hearing is very helpful in terms of addressing the concerns that have been raised by my constituents, and I am sure these same concerns have been heard across the country.
Any time you touch upon the issue of privacy, an individual's personal bank account and the transactions that they may make, and whether the government is going to be imposing regulations that will infringe upon that privacy, it goes to the heart of our system of government, our freedom and our privacy. So these are very, very important issues, and I look forward to hearing from the panelists today on these issues.
I am certainly concerned from a couple of standpoints. One, I mentioned the privacy issue. I don't think a customer should have to go in and explain because there might be an unusual transaction. We are very concerned about the law enforcement aspects and the benevolent purposes intended, but is this the right direction, the right approach to accomplish that?
As my colleague from Tennessee indicated, there is also the aspect of the burden on business, the burden on the banking industry and whether this is a reasonable requirement to place on them. So I have strong reservations about this proposal.
Page 20 PREV PAGE TOP OF DOC
I look forward to the testimony today and the questioning that will follow. I yield back the balance of my time, Mr. Chairman.
Mr. GEKAS. We thank the gentleman.
Without objection, we enter into the record the written opening statement of Congressman Spencer Bachus of Alabama, a member of this committee.
[The information referred to follows:]
PREPARED STATEMENT OF HON. SPENCER BACHUS, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF ALABAMA
As a member of Congress, I have been at the forefront of legislative efforts to fight international narcotics and the profits they generate. While the primary catalyst behind the proposed ''Know Your Customer'' regulations is money laundering deterrence with the need to respect consumer privacy and avoid undue burden on financial institutions.
Through the directive to profile all accounts and transactions, the federal regulators are mandating the constant analysis of every citizen as if they are criminals. All consumers and the public at large expect the government to pass laws and develop regulations that retain the belief that they are innocent until proven guilty. This broad standard of scrutiny set by profiling all accounts is an unacceptable breach of consumer privacy.
Even more troubling is the regulation's vague requirement that financial institutions determine and document a customer's source of funds. This requirement ignores the vast and complicated landscape of today's financial marketplace and could require banks to spend enormous sums on efforts to comply with this regulation. Customers can deposit funds via branches and ATM machines in far away cities and states, without the supervision of their bank branch manager, private banking officer, or other accountable bank personnel. Furthermore, the degree to which financial institutions must verify the accuracy of customer disclosures of source of funds is unclear.
Page 21 PREV PAGE TOP OF DOC
In closing, existing regulations require financial institutions to report suspicious activities and disclose large cash transactions. The benefits derived from the ''Know Your Customer'' regulations do not justify the loss of privacy by financial services consumer and the costs and consequences subjected to financial institutions that serve these consumers. Therefore, I respectfully request that the [FDIC, FED, OCC] retract the proposed ''Know Your Customer'' regulation.
Mr. GEKAS. With that, we invite our first two guests to take their place at the witness table. They are our colleagues in the House of Representatives. Ron Paul represents a district in Texas after the inexplicable background that has him being born in Pittsburgh, going to Gettysburg College, and then going South. I will never understand it, but nevertheless that is part of his record. Since then he has been active in Texas politics and all other kinds of endeavors in Texas.
He has been an insistent voice in the issue at hand and has properly pestered our committee for time and slot to make his views known. We welcome him here today.
With him is the gentleman from Georgia, a former member of the CIA and a former U.S. attorney, who has become a member of the Judiciary Committee and has cooperated with us in many other similar issues. He, too, tracked me wherever I happened to be in my district and was persistent enough to reach me, and at that time I acquiesced to his appearance here today.
We welcome the remarks of our colleagues. We will start with Congressman Paul.
Page 22 PREV PAGE TOP OF DOC
STATEMENT OF HON. RON PAUL, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF TEXAS
Mr. PAUL. Thank you very much, Mr. Chairman. I appreciate very much your holding these hearings. I appreciate very much you holding these hearings because the regulation, of course, that we are addressing today was proposed back in December, and I think this is the first time we have had anything official to really look into this, and I give you a lot of credit for this.
It is true, a lot of people have spoken out about this, and a lot of inquiries have been made probably more on a subject of a regulation than at any time in our history. Usually they get 200 or 300 inquires or comments about a regulation, but now it is up to 135,000.
I would like to submit my written statement and——
Mr. GEKAS. Without objection.
Mr. PAUL [continuing]. And addendums to that because I just want to make a few points and make it as brief as possible.
To me it is a very important issue. The financial privacy is important, but I see this as just one part of the total privacy issue, which I have exerted a lot of energy in trying to study, but one in particular we should in a way be pleased about, because the American people and the Congress are waking up to this very important issue.
Page 23 PREV PAGE TOP OF DOC
I think too often we in the Congress and the people of this country are careless about sacrificing their liberties with good intent. We give too much authority to the regulators, to the agencies, to the administrative branch of government because in reality, under a strict constitutional rule, agencies of government wouldn't write these kind of things, it would be only the Congress. So to me this is a great benefit. To one who advocates strict constitutional rule, this points out the shortcomings of the system under which we live. So I am delighted to see what has happened.
Last summer we had a money laundering bill come up, which urged the passage of this type of regulation. The bill passed the House and the Banking Committee on voice vote, but I did write a long dissenting view on this because I thought this was the wrong direction to go, and that is available in my testimony as well.
But I think that we as a Congress should address this and decide who really has this authority to write regulations like this, and to me there is no question about this. I see the responsibility of us as Members of Congress as being the protector of liberty rather than the violators of liberty, and when we see regulations like this, this is an intrusion into the privacy and liberties of individuals. So if we participate in it directly by passing a law that directly encourages or by neglect in allowing the agencies to do this, we are complicit in this, we are part of the problem. So I see the responsibility falling on us, and that is why I am so delighted that you have brought these hearings about and that we have a chance to talk about it.
We cannot expect the banks to be our protector. The banks have a burden, the small banks more so than the large banks, and they have done their share in trying to stop this, but the real abuse is on the private citizen, the individual citizen, and many argue the abuse may be on the unsophisticated, the poor, the minority individual who is not quite able to protect themselves.
Page 24 PREV PAGE TOP OF DOC
We have been pursuing this concept of stopping money laundering since we passed the Bank Secrecy Act of 1970, and this is precisely where they claim they get the authority to do this. So it smolders, it sits there. We were not here in 1970, but the authority was given, and yet they continue to use this authority.
I have a bill introduced, and I have 40 cosponsors, which repeals this authority for an agency of government to impose regulations like this. I don't think that bill will get to the floor and that we are going to pass it, but I don't suspect these regulations will be going into effect, because we have done a lot to call attention to the problems. But yet again will they stop? Is the authority there?
We have to talk about the motivation for this authority. It is twofold. One is the IRS. This is one of the things they do. They want to know where the money is and make sure people are paying their taxes. If we endorse the concept of the IRS, big government and efficient tax collecting, yes, they want to know what everybody is doing.
But more than the IRS, the motivation has been the war on drugs. This is much more challenging. I am a physician. I detest the use of drugs. I think they are horrible. Yet I condemn the 30 year Federal war on drugs. I think it is a total failure and has been used for the total sacrifice of personal liberties. It is used for seizure and forfeiture of property, which we should address as well, and who suffers? The poor people, the unsuspecting, the people who can't protect themselves. It has been reported—and this is a hard figure to believe—it has been reported that for conviction under forfeiture laws or under money laundering, it costs the U.S. Government $100 million. We have spent $200 billion on the war on drugs, and there is no evidence that we have made any improvement.
Page 25 PREV PAGE TOP OF DOC
But again, I think they are incompatible. So I challenge my colleagues to think about this. Can we have big government, who love big government programs, and can we have the war on drugs without the sacrifice of liberty? That to me is the real challenge.
I thank the chairman.
Mr. GEKAS. I thank the gentleman.
[The prepared statement of Mr. Paul follows:]
PREPARED STATEMENT OF HON. RON PAUL, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF TEXAS
Chairman Gekas, Ranking Member Nadler, thank you for giving me the opportunity to testify before you today. I feel as though I am uniquely qualified to speak against the proposed financial regulations since I was the only member to dissent (see Appendix A) when the House Banking and Financial Services Committee considered this proposal in the last congress under H.R. 4005, the ''Money Laundering Deterrence Act of 1998'' which passed the full committee by voice vote. I have introduced three financial privacy related bills this congress: the Know Your Customer Sunset Act (HR 516), the FinCEN Public Accountability Act (HR 517), and the Bank Secrecy Sunset Act (HR 518), and I am introducing an amendment (No. 8) during the markup of the financial modernization bill (HR 10) today in the banking committee (see Appendix B).
This proposed regulation would require financial institutions to set up a program monitoring customers' accounts, establish a ''profile'' of the customer's ''regular and expected'' transactions and report all other activities as ''suspicious.'' Outrageously, the institution would also be required to determine the customers' source of funds. Those most likely to be discriminated against are those lacking an established relationship with the financial institution such as the poor and racial and ethnic minorities.
Page 26 PREV PAGE TOP OF DOC
The regulators largely claim justification for proposed rule under the Bank Secrecy Act of 1970. The act is so broad and unclear that irresponsible regulators can claim nearly any mandate. The congressmen who passed that bill nearly three decades ago could not have anticipated that the Federal Reserve and the other current regulators would read into that language the ability to promulgate the Know Your Customer rule.
Treasury, without a specific mandate from Congress, created FinCEN (the Financial Crime Enforcement Network) which runs a database which collects and collates information about ordinary citizens who have not even been suspected of committing a crime. Under the Bank Secrecy Act, banks are required to collect information about their customers and pass that information on to FinCEN.
The California Bankers Association points out on their web site (http://www.calbankers.com/legal/kycpage.html#background):
''There is no precedent whatsoever to match what is being proposed—for a private nongovernment entity to be required to continually monitor ordinary citizens to actively ensure the legality of their unregulated activities [banking transactions].
''The proposal is equivalent to the post office, a government entity, being required to identify each patron, identify their vendors, addressees, customers, etc., monitor their normal and expected deliveries, and report suspicious deliveries or receipt of deliveries to ensure that the mails are not used in the commission of a crime [which itself is a separate federal crime].
Page 27 PREV PAGE TOP OF DOC
''It is not unlike requiring telephone companies to identify customers and monitor their customers' calling patterns [why would a customer suddenly make excessive calls to Bogota, Colombia?] to ensure no commission of crimes through the wires. Telephone companies probably have the ability to monitor calling patterns, but in our free society we avoid such intrusions.''
Not content with just the information collected under the Bank Secrecy Act, FinCEN then collates it with information from U.S. Customs, the Internal Revenue Service and other federal regulators. In addition, FinCEN then gathers and collates information from state governments (which routinely sell private information enabling identity theft—a growing concern of many Americans) such as drivers' license information, property transfers, vehicular registrations and professional licenses; it also purchases information such as credit bureau reports from the private sector and adds it to its dossiers of ordinary Americans who are not otherwise under suspicion of committing any crime. FinCEN's web site, http://www.treas.gov/fincen/, confirms this practice.
It is argued that one need not worry if one ''isn't doing anything wrong.'' Hosep Krikor Bajakajian and his wife know better. While attempting to board an international flight, Mr. Bajakajian was arrested. His only ''crime'' was failing to report that they were carrying more than $10,000 in legally obtained money. Despite the fact that the maximum fine for not reporting such behavior to the proper authorities was only $5,000, the U.S. Customs officials sought to confiscate the entire $357,144 he was carrying!
While the U.S. Supreme Court ruled last summer in U.S. v. Bajakajian (No. 96–1487) that the forfeiture of the entire amount of money ''would be grossly disproportional to the gravity of his offense,'' it illustrates one of the perils of the ''Know Your Customer'' proposal for law-abiding citizens. ''When the government confiscates a person's home or business, the person is often harmed far more than if they had been given a brief jail sentence,'' explains Tom Gordon of Forfeiture Endangers American Rights (FEAR). ''The safeguards against government overreaching should be just as strict for protecting property as they are for protecting liberty.''
Page 28 PREV PAGE TOP OF DOC
Of course, ''suspicious'' activity is inherently subjective and prone to abuse. Georgetown University law professor David Cole compiled a list of characteristics included in the ''drug-courier profiles'' used by U.S. law enforcement officers (see Appendix C). These included: Arrived late at night. Arrived early in the morning. Arrived in afternoon . . . One of first to deplane. One of last to deplane. Deplaned in the middle . . . Bought coach ticket. Bought first class ticket . . . Used one-way ticket. Used round-trip ticket . . . Traveled alone. Traveled with a companion . . . Wore expensive clothing. Dressed casually. In short, everyone anywhere at any time could fit a ''suspicious profile'' according to U.S. law enforcement officials.
Chairman Gekas, you are right to make an issue of government bureaucracies overstepping their congressionally-intended bounds. Take again the issue of asset forfeiture. Explains Judge John Yoder (in The End of Money and the Struggle for Financial Privacy by Richard W. Rahn), ''When I set up the Asset Forfeiture Office, I thought I could use my position to help protect citizens' rights, and tried to ensure that the US Department of Justice went after big drug dealers and big time criminals, rather then minor offenders and innocent property owners. Today, overzealous government agents and prosecutors will not think twice about seizing a yacht or car if they find two marijuana cigarettes in it, regardless of where they came from. I am now ashamed of, and scared of, the monster I helped to create...Today, asset forfeiture laws are also more likely to be used to intimidate someone who is innocent, than to go after someone who is a big time criminal or drug dealer.''
Former Federal Reserve Governor Larry Lindsey explains (''Should Money Laundering Be a Crime?'' Cato Institute debate, 5 December 1997) that between 1987–1996 banks filed 77 million Currency Transaction Reports (CTRs) resulting in about 3,000 money laundering cases. About 7,300 defendants were charged—but only 580 were convicted—over the ten-year period, Justice Department figures show.
Page 29 PREV PAGE TOP OF DOC
These additional regulations would come at great cost—both to consumer privacy as well as financial—with little benefit. According to the April 1998 Fed Staff Study 171, federal financial regulations cost the industry over $125 billion in 1991. This cost contributes to higher ATM and other fees and higher costs on loans, etc. This burden falls disproportionately on smaller institutions and contributes to the consolidation of assets in the financial system through bank mergers and closures.
We are entering a new era of more representative rule-making. As just one example, internet technology is changing the way government works; the Libertarian Party set up a web site, www.DefendYourPrivacy.com, to enable opponents of Know Your Customer to rapidly contact the FDIC as well as their Congressional representatives. In just two weeks, over 120,000 Americans used the site to register their opposition to this privacy invasion (tens of thousands of other Americans did so separately). Clearly, the Internet will be the musket of the 21st Century, for it will provide freedom-loving Americans with the tools to keep government power in check.
Attempts by the Federal Trade Commission (FTC) or other regulators to usurp jurisdiction and extend their regulatory reach must be rejected outright. The American people have spoken loudly and clearly: they want a less invasive government that respects their privacy, and they want law enforcement to have access to private information only through a search warrant process. Thank you for holding a hearing on this important subject.
APPENDIX A
DISSENTING VIEW OF RON PAUL REGARDING MONEY LAUNDERING BILLS
Page 30 PREV PAGE TOP OF DOC
The support for the passage of these bills is a recognition that the current policy has failed. These two bills, H.R. 4005, the Money Laundering Deterrence Act of 1998, and H.R. 1756, the Money Laundering and Financial Crimes Strategy Act of 1998, should be rejected. Despite the desire to appear to be ''doing something'' to thwart personal behavior that some find objectionable, the more justifiable position is to stand for and respect the U.S. Constitution, good economic sense, individual rights and privacy. Ours is a federal government of limited powers, restricted by the United States Constitution and the too-often-forgotten Bill of Rights preserving individual liberty and reserving certain powers to the states.
Constitutional concerns
Constitutionally, there are only three federal crimes. These are treason, piracy on the high seas, and counterfeiting. The federal government's role in law enforcement ought to be limited to these constitutionally federal crimes. As such, the criminal laws concerning issues other than these must, according to the ninth and tenth amendments, be reserved to state and local governments. The eighteenth and twenty-first amendments are testaments to the constitutional restrictions placed upon police power at the federal level of government.
This interventionist approach (further expanded by these two bills) has not only failed to stem the flow of drugs into this country, substantially reduce the illegal drug trades' profitability or reduce consumption of publicly disapproved-of substances, but it has introduced a new, violent element into the mix. As a result of government coercion attempting to stifle individual choice and voluntary exchange, profits on the trade of now-illegal substances are artificially high which induces some individuals to risk official retribution. Before drug prohibition and the so-called war on drugs, some individuals chose to use some drugs—just as some do today. However, the violence associated with the drug trade is a result of the failed federal government's attempt to restrict individual liberty.
Page 31 PREV PAGE TOP OF DOC
It is an irrational policy: what is the rationale behind a policy whereby morphine is legal but marijuana is not? Perhaps, following the logic of the prohibitionists, we should, by federal governmental intervention, outlaw fatty foods that allegedly harm one's health.
Unfunded mandate and great regulatory cost
These bills will join the misnamed Bank Secrecy Act and other measures that amount to an unfunded mandate on private bankers whose only crime is to meet the needs of their customers. Such a federal government intervention in this voluntary exchange is obviously wrong and unjustified by our constitutional rights.
The costs of showing that one complies with the current forms far exceed any alleged benefit. These bills will only add to that burden. Calculations using statistics provided by the Financial Crime Enforcement Network (FinCEN) put costs of compliance at $83,454,000 in 1996 for just one law, the Bank Secrecy Act. This estimate was made by totalling only the number of forms required by the Bank Secrecy Act (multiplied by the cost of compliance of each type of form) to the respondent financial institution, according to numbers supplied in response to a September 1997 request by my office to FinCEN. Two forms were not included in the total which undoubtably would push the current total compliance cost higher: IRS 8852 had been required for less than one year, and TDF 90–2249 was not yet active.
Regulatory burdens contribute to bank mergers
Compliance costs for smaller banks are disproportionately high. According to a study prepared for the Independent Bankers Association of America by Grant Thorton in 1993, annual compliance costs for the Bank Secrecy Act in 1992 were estimated at 2,083,003 hours and $59,660,479 just for community banks. It noted that ''smaller banks face the highest compliance cost in relation to total assets, equity capital and net income before taxes. For each $1 million in assets, banks less than $30 million in assets incur almost three times the compliance cost of banks between $30–65 million in assets. These findings are consistent for both equity capital and net income measurements.'' In short, these regulations impose a marginal advantage to larger institutions and are a contributing factor to the rise in mergers into ever-larger institutions. These bills will only exacerbate this factor.
Page 32 PREV PAGE TOP OF DOC
The Cost of Banking Regulation: A Review of the Evidence, (Gregory Elliehausen, Board of Governors of the Federal Reserve System Staff Study 171, April 1998), concurs that the new regulations will impose a disproportionately large cost on smaller institutions. The estimated, aggregate cost of bank regulation (noninterest expenses) on commercial banks was $125.9 billion in 1991, according to the Fed Staff Study. As the introduction of new entrants into the market becomes more costly, smaller institutions will face a marginally increased burden and will be more likely to consolidate. ''The basic conclusion is similar for all of the studies of economies of scale: Average compliance costs for regulations are substantially greater for banks at low levels of output than for banks at moderate or high levels of output,'' the Staff study concludes.
In addition to all of the problems associated with the obligations and requirements that the government regulations impose on the productive, private sectors of the economy, the regulatory burdens amount to a government credit allocation scheme. As Ludwig von Mises explained well in The Theory of Money and Credit (originally) in 1912, governmental credit allocation is a misdirection of credit which leads to malinvestment and contributes to an artificial boom and bust cycle. Nobel laureate Frederick A. Hayek and Mises' other brilliant student Murray Rothbard expounded on this idea.
The unintended consequences of the passage of this bill, as written, will be to stifle the formation of new financial institutions, to consolidate current financial institutions into larger ones better able to internalize the cost of the additional regulations, and to lower productivity and economic growth due to the misallocation of credit. This increased burden must ultimately be passed on to the consumer. The increased costs on financial institutions these bills impose will lead to a reduction of access to financial institutions, higher fees and higher rates. These provisions are anti-consumer. The marginal consumers are the ones who will suffer most under these bills.
Page 33 PREV PAGE TOP OF DOC
Little benefit for great cost
Despite the great costs this interventionist approach imposes on the economy, the alleged benefits are poor. Let all of those who believe that the current anti-money laundering laws work stand up and take credit for the success of their approach: drugs are still readily available on the streets. The proponents of these bills need to explain how the additional burden that these bills will impose will meet their objectives. They have failed to justify the costs.
''The drive to stem these flows has imposed an enormous paperwork burden on banks. According to the American Bankers Association, the cost of meeting all the regulations required by the U.S. government may total $10 billion a year. That might be acceptable if convictions for money laundering kept pace with the millions of documents banks must file each year. But the scorecard has been disappointing,'' reads the Journal of Commerce (December 10, 1996).
Referring to the same Justice Department figures cited in the Journal of Commerce article, Richard Rahn, president and CEO of Novecon, LTD, writes, ''In the ten year period from 1987–1996, banks filed more than 77 million Currency Transaction Reports (CTRs) with the U.S. Treasury. This amounts to approximately 308,000 pounds of paper . . . 7,300 defendants were charged but only 580 people were convicted, according to the Justice Department. Environmentalists take note: this works out to about 531 pounds of paper per conviction [America the Financial Imperialist, to be presented at the Cato Institute Conference, Collateral Damage: The Economic Cost of U.S. Foreign Policy, June 23, 1998].''
Page 34 PREV PAGE TOP OF DOC
Mr Rahn cites arguments by former Federal Reserve Board Governor Lawrence Lindsey who explains that money laundering laws discriminate against the poor. Mr Rahn's paper elaborates, ''[The poor] are the least likely to have established relationships with banks and the most likely to operate primarily with cash. Hence, they are the first to be targeted, and this even further discourages bankers from wanting their business.''
Legal liability questions not adequately addressed
These laws open the financial institutions up to a new area of legal liability. These bills do not adequately address these concerns. Responding to the Treasury Department money laundering proposal, John J. Byrne, the American Bankers Association's money laundering expert, said the industry opposes plans that impose onerous record-keeping requirements and banks fear being sued by the government or another company if they incorrectly certify that a customer has not committed any illegal acts (American Banker, November 11, 1997). These regulations effectively deputize bank tellers as law enforcement officers.
The Independent Bankers Association of America (IBAA) has called for FinCEN to establish a ''safe harbor'' in these regulations. In nearly all cases, the bank has acted in good faith and should not risk being punished. Says a January 1998 IBAA letter to FinCEN, ''If a bank has acted in good faith, knowing that there is some protection from liability will encourage banks to use the exemption process. For many banks, especially smaller banks which do not experience as many large currency transactions, it is much simpler to file a CTR. Many are concerned about the possible liability attached to incorrect usage of the exemption list. To avoid any hint of liability, and to avoid criticism from examiners, bankers avoid using the exemption process. A safe harbor from liability would go a long way to encourage them to use exemptions, and to cut down on the number of CTRs.'' Banks filed 12.75 million currency transaction reports in 1996, nearly double the number only six years earlier without any appreciable reduction in the drug trade.
Page 35 PREV PAGE TOP OF DOC
Infringes on right to privacy
Subtler and more far-reaching means of invading privacy have become available to the government. Discovery and invention have made it possible for the government, by means far more effective than stretching upon the rack, to obtain disclosure in court of what is whispered in the closet.
US Supreme Court Justice Louis Brandeis (1928)
A Winston Smith, or any other average citizen, would have good reason to be even more concerned with the technological reach of a not so fraternal, big government agency. In his opening statement before the Subcommittee on General Oversight and Investigations, House Banking and Financial Services Committee, Hearing to Review the Department of the Treasury's Proposed Rules for Money Service Businesses, Chairman Spencer Bachus championed privacy rights saying, ''We have to be cognizant that rules often have unintended consequences . . . These rules will require a huge increase in the amount of information on private citizens that will be provided to federal law enforcement. We need to know whether this creates a potential for abuse, either by those in the industries that do the reporting or by those in government that receive the information . . . this is not an insignificant concern.''
At the same hearing, John Byrne of the American Bankers Association trumpeted our tradition of common law rights of privacy and supported ''meaningful, consumer-friendly'' frameworks based on self-regulating privacy regimes. That is a much preferred approach.
Page 36 PREV PAGE TOP OF DOC
It is proposed that some banks like the Bank Secrecy Act because of the safety and soundness concerns associated with ''illicit'' funds. The problem lies with the government's interventionist drug policies. Would those same proponents of the money-laundering laws still argue about safety and soundness of deposits from beer and wine wholesalers and distributors?
FinCEN's blemished record safeguarding our privacy
The mere existence of the databases holding confidential information on private individuals opens up the possibility of abuse. Unfortunately, it is not just an unfounded fear based on hypotheticals. In fact, the employees of FinCEN itself cannot always be trusted. In 1993, one employee took the liberty of using the resources at his disposal to do a little digging into the (assumed to be) private records of the mother of his girlfriend. In the same year, another employee of FinCEN left her desk unattended with the opportunity available for others to access privileged information—and someone else used the opportunity to pursue personally-motivated independent research.
FinCEN defends itself in a fax to our office in response to our inquiries saying ''our system of security controls is . . . obviously working. Because of the controls we have in place, the two violations which occurred were picked up right away and dealt with immediately.'' Neither employee was prosecuted nor fired. No systemic changes were made to safeguard privacy.
The General Accounting Office has criticized FinCEN for failing to keep Congress adequately informed. The agency has missed congressionally-mandated deadlines and sometimes implemented fewer than one-half of the provisions of congressional acts, according to one recent GAO report (Money Laundering: FinCEN Needs to Better Manage Bank Secrecy Act Civil Penalty Cases, June 1998).
Page 37 PREV PAGE TOP OF DOC
Computer vulnerability to hackers is another concern expressed by a major trade group. ''The Independent Bankers of America said the Treasury Department's Financial Crimes Enforcement Network needs to do more to make sure that reports on questionable bank transactions are not vulnerable to anyone with a computer, a modem and some spare time,'' reports The American Banker (November 30, 1995).
''By requiring the disclosure of detailed information on customers and their transactions, the proposed regulations would conflict with the confidentiality inherent in encrypted communications in electronic banking and commerce,'' writes Thomas E. Crocker (The American Banker, September 23, 1997) in an editorial entitled ''Broadening Bank Secrecy Act Is Risky.'' He wrote opposing Treasury Department's proposal to expand the BSA's reach into electronic commerce, but the comments are valid in a broader context as well.
No government agency can be trusted to safeguard adequately our privacy.
Barr amendment would reduce privacy safeguards
The sense of Congress amendment offered by Mr. Barr would make a bad situation worse. Since current safeguards have proved insufficient, we must not reduce what little protection our constituents have. ''The government has tremendous information resources at its disposal in data base centers, like the Financial Crimes Enforcement Network (FinCEN) . . . FinCEN has literally everything there is to know about you—tax records, postal addresses, credit records, banking information, you name it—and if more taxpayers knew about it, they would be outraged [emphasis added]'' claimed Grover G. Norquist, president, Americans for Tax Reform, in a statement to the House Judiciary Committee at the hearing on ''Security and Freedom Through Encryption.''
Page 38 PREV PAGE TOP OF DOC
FinCEN, in a written response to questions concerning his testimony, said ''FinCEN has no access to income tax data of any kind . . . The only tax records to which FinCEN has access are property tax records of the kind that any citizen may view in any courthouse . . . FinCEN does obtain from credit agencies certain basic identifying information for individuals as permitted by the Fair Credit Reporting Act. Finally, it has no general access to banking records but only to reports of large currency transactions and suspicious activity.''
Mr. Norquist was ahead of his time. This bill gives FinCEN access to income tax records. In addition, the Treasury Department has tried to lower the threshold for ''large currency transactions'' to only $750. Of course, if you look ''suspicious,'' let's make it only $500, they say. ''Suspicious activities'' by customers is inherently subjective and open to abuse. Mr Norquist is right to point out that taxpayers should be outraged. In addition, the so-called ''know your customer'' amendment adopted by the committee further infringes on the right to privacy.
Not every citizen is a crook
In Supreme Court Justice William O. Douglas dissented in California Bankers Assn v. Shultz, 416 U.S. 21 (1974), questioning the Constitutionality of the Bank Secrecy Act, writing:
''First, as to the recordkeeping requirements, their announced purpose is that they will have 'a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings,' 12 U.S.C. 1829b . . . It is estimated that a minimum of 20 billion checks—and perhaps 30 billion—will have to be photocopied and that the weight of these little pieces of paper will approximate 166 million pounds a year . . . It would be highly useful to governmental espionage to have like reports from all our bookstores, all our hardware [416 U.S. 21, 85] and retail stores, all our drugstores. These records too might be 'useful' in criminal investigations.
Page 39 PREV PAGE TOP OF DOC
''One's reading habits furnish telltale clues to those who are bent on bending us to one point of view. What one buys at the hardware and retail stores may furnish clues to potential uses of wires, soap powders, and the like used by criminals. A mandatory recording of all telephone conversations would be better than the recording of checks under the Bank Secrecy Act, if Big Brother is to have his way [emphasis added]. The records of checks—now available to the investigators—are highly useful. In a sense a person is defined by the checks he writes. By examining them the agents get to know his doctors, lawyers, creditors, political allies, social connections, religious affiliation, educational interests, the papers and magazines he reads, and so on ad infinitum. These are all tied to one's social security number; and now that we have the data banks, these other items will enrich that storehouse and make it possible for a bureaucrat—by pushing one button—to get in an instant the names of the 190 million Americans who are subversives or potential and likely candidates.
''It is, I submit, sheer nonsense to agree with the Secretary that all bank records of every citizen 'have a high degree of usefulness in criminal, tax, or regulatory investigations or proceedings.' That is unadulterated nonsense unless we are to assume that every citizen is a crook, an assumption I cannot make,'' Justice Douglas concluded.
Operation Casablanca worsens situation
The police ''sting'' operation has caused international problems since such operations are illegal in Mexico with some referring to it as ''a debacle for U.S. diplomacy.'' Rosario Green, Mexico's foreign minister, says, ''This has been a very strong blow to binational cooperation, especially on matters of drug trafficking.'' (Wall Street Journal, May 28, 1998) U.S. banks named in the investigation were left untouched. She claims to have evidence that U.S. agents broke Mexican law and Mexico may demand their extradition; she termed the operation a ''violation of national sovereignty.''
Page 40 PREV PAGE TOP OF DOC
The illegal sting operation will make only a paltry dent in money laundering activities. Since it is estimated that $300 billion to $500 billion is cycled through the U.S. financial system on an annual basis, the operation will have little real effect. Federal officials expect to seize as much as $152 million in more than 100 accounts in the United States, Europe and the Caribbean (Washington Post, May 20, 1998).
''In general, U.S. government sting operations have failed to produce many convictions. Of 142 cases filed and 290 defendants charged as the result of bank stings between 1990 and 1995, only 29 were found guilty,'' the Journal of Commerce (December 10, 1996) article continues. And drugs are still available on the schoolyard.
Oppose regulations of gold as money
The Financial Action Task Force (FATF) on Money Laundering (based at the Organization for Economic Cooperation and Development), 1997–1998 Report on Money Laundering Typologies (12 February 1998), suggested expanding still further the reach of governmental police intervention—this time in the gold market. ''The FATF experts considered for the first time the possibilities of laundering in the gold market. The scale of laundering in this sector, which is not a recent development, constitutes a real threat.
''Gold is a very popular recourse for launderers because of the following characteristics:
a universally accepted medium of exchange;
Page 41 PREV PAGE TOP OF DOC
a hedge in times of uncertainty;
prices set daily, hence a reasonably foreseeable value;
a material traded on world markets;
anonymity;
easy changeability of its forms;
possibility for dealers of layering transactions in order to blur the audit trail;
possibilities of double invoicing, false shipments and other fraudulent practices.''
The FATF report continued, ''Gold is the only raw material comparable to money.'' While the FATF experts are clearly right in concluding that gold is money, we should steadfastly oppose the report's consideration of an expanded governmental reach to control gold.
''It is impossible to grasp the meaning of the idea of sound money if one does not realize that it was devised as an instrument for the protection of civil liberties against despotic inroads on the part of governments. Ideologically it belongs in the same class with political constitutions and bills of rights,'' Ludwig von Mises wrote in The Theory of Money and Credit.
Page 42 PREV PAGE TOP OF DOC
Congress should safeguard our freedoms and privacy
In Supreme Court Justice Thurgood Marshall's dissent in California Bankers Assn v. Shultz, 416 U.S. 21 (1974), he wrote:
''As this Court settled long ago in Boyd v. United States, 116 U.S. 616, 622 (1886), 'a compulsory production of a man's private papers to establish a criminal charge against him . . . is within the scope of the Fourth Amendment to the Constitution . . .' The acquisition of records in this case, as we said of the order to produce an invoice in Boyd, may lack the 'aggravating incidents of actual search and seizure, such as forcible entry into a man's house and searching amongst his papers . . .,' ibid., but this cannot change its intrinsic character as a search and seizure. We do well to recall the admonishment in Boyd, id., at 635:
''It may be that it is the obnoxious thing in its mildest and least repulsive form; but illegitimate and unconstitutional practices get their first footing in that way, namely, by silent approaches and slight deviations from legal modes of procedure.''
First Amendment freedoms are 'delicate and vulnerable.' They need breathing space to survive . . . More importantly, however slight may be the inhibition of First Amendment rights caused by the bank's maintenance of the list of contributors, the crucial factor is that the Government has shown no need, compelling or otherwise, for the maintenance of such records. Surely the fact that some may use negotiable instruments for illegal purposes cannot justify the Government's running roughshod over the First Amendment rights of the hundreds of lawful yet controversial organizations like the ACLU. Congress may well have been correct in concluding that law enforcement would be facilitated by the dragnet requirements of this Act. Those who wrote our Constitution, however, recognized more important values [emphasis added],'' Justice Marshall explained.
Page 43 PREV PAGE TOP OF DOC
''Congress should block the proposed regulations and repeal the Bank Secrecy Act, under which such rules are possible,'' wrote Richard Rahn, president of Novecon Corp. and an adjunct scholar at the Cato Institute (Investor's Business Daily, August 12, 1997). ''Our freedoms and our privacy are much too important to be compromised merely to make money-laundering more costly and inconvenient for criminals.''
I agree.
APPENDIX B
(AMENDMENT NO. 8)
AMENDMENT TO THE COMMITTEE PRINT OF FEBRUARY 27, 1999
[THE SUBSTITUTE TEXT TO H.R. 10]
OFFERED BY MESSRS. PAUL AND CAMPBELL
Page 206, after line 12, insert the following new paragraph (and redesignate the subsequent paragraph accordingly):
''(2) LIMIT ON AGENCY AUTHORITY.—No provision of this Act or any other provision of Federal law may be construed as requiring any insured depository institution or any institution-affiliated party to monitor the legality of the transaction activities of customers.
Page 44 PREV PAGE TOP OF DOC
APPENDIX C
Well-intended but poorly drafted or interpreted legislative language can make any one of us ''suspicious'' in the war on drugs. U.S. law-enforcement officials developed characteristics of ''drug-courier profiles'' which were compiled by Georgetown University law professor David Cole, and reported in the Flummery Digest (October, 1998). http://www.ora.com/people/staff/sierra/flum/98.10.htm
These included:
Arrived late at night, arrived early in the morning, arrived in afternoon;
One of first to deplane, one of last to deplane, deplaned in the middle;
Purchased ticket at airport, made reservation on short notice;
Bought coach ticket, bought first-class ticket;
Used one-way ticket, used round-trip ticket;
Paid for ticket with cash, paid for ticket with small-denomination currency, paid for ticket with large-denomination currency;
Made local telephone call after deplaning, made long-distance call after deplaning, pretended to make telephone call;
Page 45 PREV PAGE TOP OF DOC
Traveled from New York to Los Angeles, traveled to Houston;
No luggage, brand-new luggage, carried a small bag, carried a medium-sized bag, carried two bulky garment bags, carried two heavy briefcases, carried four pieces of luggage;
Overly protective of luggage, dissociated self from luggage;
Traveled alone, traveled with a companion;
Acted too nervous, acted too calm;
Made eye contact with officer, avoided making eye contact with officer;
Wore expensive clothing and gold jewelry, dressed casually;
Went to rest room after deplaning, walked quickly through airport, walked slowly through airport, walked aimlessly through airport;
Left airport by taxi, left airport by limousine, left airport by private car, left airport by hotel courtesy van;
Suspect was Hispanic, suspect was black female.
Mr. GEKAS. The next witness, as introduced, the gentleman from Georgia, Mr. Barr.
Page 46 PREV PAGE TOP OF DOC
STATEMENT OF HON. BOB BARR, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF GEORGIA
Mr. BARR. Thank you, Mr. Chairman. It is a tremendous honor to be before this panel today, very distinguished panel, and I appreciate the work of this panel in beginning to draw attention to these ''Know Your Customer'' regulations.
I appear today not only as a member of the Judiciary Committee, with the same background that other members of this panel and this subcommittee bring to addressing these problems, but also, with two other members of your panel with us today, as a former United States attorney. I appear today also, I suppose, as probably one other thing all of us has in common; that is, as a banking customer.
The ''Know Your Customer'' regulations from the standpoint of a banking customer, a former U.S. attorney and member of the Judiciary Committee in my view are totally unnecessary and would cause very serious harm, both economic and otherwise, not only to our banking system, but would eat away at something that is short supply in our society today; that is, confidence in and credibility of the Federal Government.
From the standpoint of a former United States attorney, I can tell you there are very, very stringent laws on the books used day in and day out by United States attorneys and assistant United States attorneys in conjunction with investigators from our Federal investigative agencies that are clearly sufficient and have been proved to be sufficient to attack serious problems of money laundering through our financial institutions. There is more than sufficient power at the beck and call of the United States attorneys and Federal investigators now if they believe, have reason to believe, reasonable cause to believe, probable cause to believe, that a banking customer or somebody using a financial services institution is laundering money.
Page 47 PREV PAGE TOP OF DOC
There is no reason to vastly expand, and the ''Know Your Customer'' regulations, Mr. Chairman, are not an incremental expansion, they are a vast expansion of the power of Federal regulatory agencies. From the standpoint of attacking money laundering, there is no reason whatsoever for these new and vastly expanded regulations.
I noticed in a wire service story today that the Vice President has appointed an individual as a new privacy czar. This may be one of the first areas this privacy czar could look at, because as was mentioned by members of this panel already in their opening statements, what we are really looking at here is yet another manifestation of the war on privacy that seems to be the hallmark of much of what the Federal Government is engaged in as we reach the close of the century and enter a new millennium.
Much more so than ever, the currency in the 21st century will be information. That is where real power lies. That is where economic and political power is rooted. If they allow these sorts of regulations to move forward, we will have lost perhaps before we enter the 21st century the first great battle of the 20th century, that is to say one of the last vestiges of privacy; that is, a person's individual economic relationship with their bank, completely eradicated.
We have heard in our office, Mr. Chairman, from thousands of constituents and other citizens from different districts around the country. I know the FDIC—they have indicated they have heard from, I think, close to 150,000 people opposed to this, and virtually just a handful are in support of it. I think that should tell us something.
Page 48 PREV PAGE TOP OF DOC
I am very, very pleased. I was reading as I was waiting for the opportunity to appear here this morning, Mr. Chairman, the comments of the Comptroller of the Currency Mr. Hawke, and I am very pleased to see that as his prepared statement says, ''it is my judgment, however, that the proposal should be promptly withdrawn. I firmly believe that any marginal advantages for law enforcement in this proposal are strongly outweighed by its potential for inflicting lasting damage on our banking system.''
I would certainly wish those in government had heeded this advice and looked at the regulations before this point, but it is heartening to see, and I hope Mr. Hawke's colleagues in the executive branch share his view, listen to the people, listen to the Congress, and revoke these horrendous proposed regulations forthwith.
As Mr. Paul has done, I have introduced legislation, H.R. 530, that would, if necessary, rectify this legislatively. We may move forward with that.
These are important issues, Mr. Chairman, as evidenced by these hearings today, to discuss regularly and in depth with the American people. Similar to what we did last year when the proposed regulations on the national ID card surfaced, the citizens were mobilized. Mr. Paul and myself and others in the Congress listened to those concerns, got together with Mr. Nojeim at the ACLU and other organizations from across the political spectrum bound together by a common desire to retain and protect what small vestiges of privacy our institutions and citizens have. This is another example of where it is so important to remain vigilant and active in highlighting these sorts of intrusions, and I salute you, Mr. Chairman and members of the subcommittee, for being on the crest of that wave addressing these problems.
Page 49 PREV PAGE TOP OF DOC
Mr. GEKAS. We thank the gentleman. Without objection the written statement of Congressman Barr will be admitted into the record.
[The prepared statement of Mr. Barr follows:]
PREPARED STATEMENT OF HON. BOB BARR, A REPRESENTATIVE IN CONGRESS FROM THE STATE OF GEORGIA
Thank you for allowing me to testify this morning. I don't think the Subcommittee could choose a more worthwhile endeavor than protecting the privacy rights of American citizens, and I'm honored to be a part of that effort.
If you ask most Americans to name the most basic, foundational, bedrock principle of our criminal justice system, you'll almost always get a response of just four words: ''Innocent until proven guilty.''
After all, what could be more important? A guilty person can lose his reputation, his property, or even his life at the hand of the government. Forcing the government to prove beyond a reasonable doubt that he is, in fact, guilty, before taking those things, is the fulcrum on which the scales of justice rest. Take away that fulcrum, and you render our courts unable to dispense justice.
This should be a very simple principle to apply. Unfortunately, the federal government—in its frequently bumbling, ham-fisted, and sometimes downright malevolent fashion—keeps messing it up by reversing the words. Americans are then assumed guilty until they can prove themselves innocent. The result is justice according to the Queen in Alice in Wonderland, ''[s]entence first—verdict afterwards.''
Page 50 PREV PAGE TOP OF DOC
The vast expansion of asset forfeiture laws is an example of this principle in action. Innocent people are suspected of criminal action, and their property is summarily seized. They only get it back when they can prove they're innocent. Disturbingly, this is the same principle that reared its ugly head last year with the introduction of so-called ''Know Your Customer'' regulations.
Anyone who doesn't believe this principle is important in real America should take note of the record number of individuals who have registered complaints with the FDIC about proposed ''Know Your Customer'' regulations; regulations that assume every American with a checking account is a potential criminal. The FDIC has informed our office that nearly 150,000 individuals have contacted the agency to oppose the proposed regulations. Only a handful—a grand total of fourteen—agreed with the proposal. Needless to say, the Federal Register rarely generates such a vigorous response. When it does, however, Washington had better listen.
Essentially, these regulations propose requiring banks to compile detailed information on the financial transactions of their customers without any regard to whether those customers are suspected of criminal wrongdoing. This information then becomes your personal profile. If that profile simply indicates a recent transaction is ''out of character,'' your bank is forced to report your finances to the government.
This proposed regulation was targeted at a worthwhile goal: reducing the ability of criminals and criminal organizations to launder money. As a former United States Attorney under Presidents Reagan and Bush, I know that striking at the financial underpinnings of drug dealers and racketeers is one of the most effective ways to cripple their operations. I have worked in Congress to strengthen the ability of law enforcement to fight money-laundering at home and abroad, and will continue to do so.
Page 51 PREV PAGE TOP OF DOC
However, my experience as a prosecutor has also given me a clear appreciation of the vast power already controlled by federal law enforcement. This power can be, should be, and is, used to protect privacy, property, and life. But, as history has shown, it can just as easily be abused to violate privacy, confiscate property, and even to take lives.
As with any issue, in order to legislate effectively, we must strike a balance between important, competing interests. Virtually every law enforcement issue we face forces us to balance financial limitations and the need to protect civil liberties, against our desire for a safer, more secure America. The ''Know Your Customer'' regulations do not strike such a balance; it's not even a close call.
It is for this reason I have introduced H.R. 530, the ''American Financial Institutions' Privacy Act'' which will mandate a comprehensive study of the economic and privacy consequences of any proposed ''Know Your Customer'' regulations, and will prevent federal banking regulators from implementing any such regulations unless the regulations are approved by Congress. I believe this legislation strikes the right balance by allowing regulations to address any future law enforcement challenges we may face, while requiring explicit congressional approval with full knowledge of economic and privacy consequences.
As I have said, these proposed regulations constitute an outrageous violation of individual privacy. They also stand to generate major costs for financial institutions. What do we get in return? Not much.
It is highly unlikely, even ludicrous, to assume that profiling the salary deposits, ATM fees, and mortgage payments of millions of Americans will have a significant impact on the activities of criminals. Creating new regulations will snare the law-abiding, and will simply encourage those who would break the law to conduct business in other countries with looser regulations.
Page 52 PREV PAGE TOP OF DOC
Based on the ease with which information can be gathered, accumulated, manipulated, and abused, the currency and power of the 21st century will not lie in military or economic might, but with information. If, out of excessive concern for security, financial success, or simply by being careless, we allow it, our privacy may be the first and most profound victim of the 21st century. An important step in protecting privacy is blocking misguided proposals, such as ''Know Your Customer.''
Mr. GEKAS. Parenthetically I want to say I consulted with the gentleman from Iowa, Mr. Leach, the chairman of the Banking Committee, of which Mr. Paul is a member, and he felt very good about the fact that we were going to administratively and regulation-wise delve into the issue, and he has promised and will deliver, I know, a letter that we can put into the record showing the Banking Committee's concern as well on this important issue.
[The information referred to follows:]
| Committee on Banking and Financial Services, |
| U.S. House of Representatives, |
| Washington, DC, February 3, 1999. |
Office of the Comptroller of the Currency,
Communications Division, Washington, DC,
Attention: Docket No. 98–15.
Robert E. Feldman, Executive Secretary,
Page 53 PREV PAGE TOP OF DOC
Federal Deposit Insurance Company,
Washington, DC,
Attention: Comments/OES.
Jennifer J. Johnson, Secretary,
Board of the Governors of the Federal
Reserve System, Washington, DC,
Attention: Docket No. R–1019.
Manager, Dissemination Branch,
Records of Management & Information Policy,
Office of Thrift Supervision, Washington, DC,
Attention: Docket No. 98–114.
SIRS AND MADAMS: As you know, the notice of proposed rulemaking issued on December 7, 1998, requiring depository institutions to establish so-called ''Know Your Customer'' programs, has engendered significant opposition from both the banking industry and the public at large. While I believe that the proposed rule represents a well-intentioned effort to combat money laundering at U.S. financial institutions, it has also become apparent that as drafted, the proposal is susceptible to interpretations that have troubling Constitutional and regulatory implications. Accordingly, I am writing to urge that the proposed regulation be revised to limit the regulatory burden it would impose upon financial institutions—particularly smaller banks and thrifts—and reviewed to give greater weight to the privacy rights of customers of financial institutions.
Page 54 PREV PAGE TOP OF DOC
I recognize that the ability of criminal elements to enter the proceeds of their illicit activities into the legitimate financial system corrodes the integrity of that system, and demands an aggressive response from relevant regulatory agencies and law enforcement authorities. However, in developing strategies to counter money laundering, the government must also be vigilant in its defense of Constitutional liberties, and ensure that proposals that rely upon financial institutions to monitor their customers' account activity accord proper deference to the privacy concerns of
those customers. Banking depends on confidence of depositors in financial institutions. As well-intentioned as the proposed ''Know Your Customer'' regulation is, it is self-evident that given the magnitude of the concerns that have been registered, implementation in its current form is likely to have the counterproductive consequence of undermining rather than bolstering public trust in the banking system.
Sincerely,
| James A. Leach, Chairman. |
Mr. GEKAS. Is the gentleman from Georgia a member of the Banking Committee as well?
Mr. BARR. He is, Mr. Chairman.
Mr. GEKAS. Then we have expert testimony right from the start. We thank both of you, and we will be inviting you to join us in further action in the regulatory war as it were. Thank you very much.
Page 55 PREV PAGE TOP OF DOC
Mr. BARR. Thank you, Mr. Chairman.
We have been joined by the gentleman from Ohio, who desires to make an opening statement as indicated by his nod.
Mr. CHABOT. I appreciate that, Mr. Chairman. I will try to be relatively brief.
I would like to thank Chairman Gekas for holding this hearing today, and I also want to share with Mr. Barr and Mr. Paul that I will review their opening statements. I assume it is in written form.
Mr. PAUL. Yes.
Mr. CHABOT. In this age of electronic information, instant Internet access and rapid technological development, there has been a sharp deterioration of personal privacy rights in this country. We faced this problem during the debate over CALEA when the FBI wanted authority to wiretap 1 in 100 phone calls. We have seen a proposal to implement a national health identification system which would undermine both personal privacy and the doctor-patient relationship by facilitating access to a patient's entire past medical history. In the 104th Congress we were confronted with what I called 1–800–BIG–BROTHER, which would have required all companies to call the Federal Government for approval before hiring a new employee.
Page 56 PREV PAGE TOP OF DOC
Now the FDIC has developed a new scheme, ''Know Your Customer,'' which will serve to further erode every American citizen's basic right to privacy. We might as well just call these proposed regulations what they are in effect, permission to spy on your customer.
I am deeply concerned with both the potential for invasion of consumer privacy under these regulations and the massive financial burdens which will be placed on banking institutions by this unfunded mandate, costs that will eventually be passed on to bank customers. We can all agree it is important that financial institutions cooperate with the government and law enforcement to detect money laundering and other criminal activities; however, there are already a number of regulatory tools in place which specifically address these problems, such as the Bank Secrecy Act.
While I do not object to many of the established methods used to detect bank crimes and would support reasonable efforts to further combat these efforts, I am disturbed by the proposed regulations. This proposal is a flagrant invasion in the privacy of innocent citizens. It is rather Orwellian to require banks to monitor and scrutinize the transactions of every single customer, the vast majority of whom are not nor ever will be money launderers or drug dealers.
Under the proposal, financial institutions would be required to develop profiles of all customers to determine the source of his or her funds. As proposed, these profiles would be used to establish a range of normal and expected transactions, and any transaction that falls outside of these parameters would be subjected to scrutiny. While transactions outside of these parameters may indicate possible money laundering, these transactions are much more likely to indicate innocuous occurrences, such as a yearly holiday bonus or purchase of an automobile.
Page 57 PREV PAGE TOP OF DOC
In fact, the list of transactions that could require investigation under ''Know Your Customer'' are enormous. Bank customers should not be coerced into explaining the source of funds every time they make a sizable deposit, nor should they be required to reveal their intentions when making a withdrawal.
The ''Know Your Customer'' regulations also place the onus of a costly unfunded mandate squarely on the shoulders of our Nation's banks, small and large. The expected cost of obtaining information and implementing a profiling system is only the beginning. Financial institutions would also be required to incur the expense of continuous monitoring and ongoing personnel training. There is little doubt these costs will eventually be passed on to consumers in the form of higher bank fees.
I urge you to consider both the privacy concerns and financial burden associated with the implementation of this regulation. This is a bad regulation and should never see the light of day. I yield back the balance of my time.
Mr. GEKAS. We thank the gentleman.
We are ready to proceed with the body of testimony for which this hearing was originally created. We invite to the witness table Mr. John D. Hawke, Jr., who is the 28th Comptroller of the Currency, who oddly enough became Comptroller on the day after or almost coincident with the promulgation of the subject regulation. So he was baptized almost immediately with a controversy. He graduated from Yale University in 1954 with a B.A. in English and earned his law degree in 1960 from Columbia University School of Law.
Page 58 PREV PAGE TOP OF DOC
Before you begin your testimony, I want to be certain something on the record is clear. The blame for all of this does not rest upon the regulators alone. We, the Members of Congress who founded the controversy about the statute that we passed, can share the blame. The same criteria apply, vagueness, complexity of purpose, et cetera. So I want everyone to know we are not here to throw one-way arrows. They can bounce back and hit the members of this committee just as accurately.
So with that, we turn to Mr. Hawke for his testimony.
STATEMENT OF JOHN D. HAWKE, JR., COMPTROLLER, OFFICE OF THE COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY
Mr. HAWKE. I thank you.
Mr. GEKAS. Does the gentleman have a written statement he wishes to make a part of the record? If so, without objection it is so ordered.
Mr. HAWKE. Thank you. Mr. Chairman, Mr. Nadler, members of the subcommittee, I am pleased to be with you to discuss the proposed regulation that has come to be known as ''Know Your Customer.''
As the chairman has indicated, I was sworn in as Comptroller of the Currency on December 8, 1998, the day after this proposal was put forward, so I did not participate either in the process that led to this proposal or in the formulation of the proposal itself. I come new to the issue, and this has both advantages and disadvantages.
Page 59 PREV PAGE TOP OF DOC
One clear disadvantage is that I did not have a firsthand opportunity to learn of the background of the proposal before it was published or to benefit from the interagency deliberations concerning the complex issues that unquestionably surfaced as the agencies formulated the proposal.
One advantage of coming new to this issue, however, is that I believe I can bring an objective judgment to the question of what future the proposal should have, a judgment that I hope is informed by some 37 years in the public and private sectors dealing with issues of Federal banking regulation, as a lawyer in private practice representing banks, as a professor of banking law at three major law schools, as General Counsel to the Federal Reserve Board, and as Under Secretary of the Treasury for Domestic Finance.
Mr. Chairman, the comment period on the proposed regulation closes this coming Monday, and we are reviewing the many comments we have received. It is my judgment, however, that the proposal should be promptly withdrawn. I firmly believe that any marginal advantages for law enforcement in this proposal are strongly outweighed by its potential for inflicting lasting damage on our banking system.
Let me say at the outset that the law enforcement objectives that underlie the ''Know Your Customer'' proposal are of enormous importance to our country and must not be dismissed. It is widely recognized that the ability to launder the proceeds of illegal activity, particularly drug traffic, facilitates criminals engaged in such activity. Stemming the flow of narcotics into the country and combating the sale of drugs on our streets depend heavily on the ability of law enforcement to impede the efforts of drug dealers to convert the cash proceeds of their activities into usable funds.
Page 60 PREV PAGE TOP OF DOC
Since it is inevitable that criminals will seek to use depository institutions to launder their illegal revenues, it is entirely reasonable that banks and their regulators take all reasonable steps to ensure that they are not used wittingly or unwittingly to further illegal activities. For many years the Bank Secrecy Act has been aimed at achieving this objective, and bankers have provided a valuable role in this effort in a working partnership with bank regulators and the law enforcement community.
Beyond the valuable contribution banks make to this effort, there are other considerations that must be weighed as we consider new regulatory initiatives. Banks play an enormously important role in our economy. They serve as a safe repository for the earnings and savings of scores of millions of citizens. They play an essential role in the financing of commercial and consumer transactions. They operate our mechanism for making and clearing payments, and they provide a broad range of fiduciary services for both individuals and businesses.
Maintaining public confidence in the banking system has long been an important objective of national policy. That is why Congress created a system of Federal deposit insurance 65 years ago; it is why the Federal Reserve has been invested with the responsibility to act as a lender of last resort and provider or liquidity; and it is why we have a comprehensive system of Federal bank licensing, supervision and regulation. Indeed, restoring public confidence in banks was one of the important reasons why the OCC was created over 135 years ago.
Crucial to maintaining the confidence of bank customers in our banking system is their expectation that their relationships with their banks will be private and confidential—that information they provide to their banks will not be used for inappropriate purposes; that transactions will be processed objectively and nonjudgmentally; and that the interests of the customer will be paramount in importance. As I learned early in my legal career, many courts have held that banks have an implied contractual obligation of confidentiality to their customers.
Page 61 PREV PAGE TOP OF DOC
To be sure, this confidentiality is not absolute. Banks must respond to lawful subpoenas for customer information; they have reporting obligations under the Bank Secrecy Act; they are required to report ''suspicious transactions'' to law enforcement authorities; and they may share certain kinds of information about credit experience with credit reporting bureaus. To date, however, these qualifications to customer confidentiality have not seriously affected customer confidence in the system as a whole, although, as I will point out shortly, they have created enough concerns to keep millions of Americans out of the system.
My grave concern is that if Federal law imposes an explicit and enforceable obligation on banks not only to adopt procedures designed to identify their customers, but also to maintain systems for ''monitoring customer transactions and identifying transactions that are inconsistent with normal and expected transactions'' for that customer, as the proposed regulation would require, it could have a profoundly adverse effect on the nature of the relationship banks have with their customers and, consequently, on the banking system as a whole. Law-abiding citizens, who make up the overwhelming proportion of bank customers, are likely to have serious concerns that their everyday relationships with their banks will be routinely scrutinized for evidence of misconduct. They will be understandably apprehensive that their banks will report, as a ''suspicious activity,'' any transactions that may be the least out of the ordinary, or that do not meet some predetermined customer ''profile'' established by a faceless bank employee or some commuter program. And they are likely to come to the view that, instead of being protectors of a confidential relationship, their banks have turned into an extension of the law enforcement apparatus. Were this to occur, it could do lasting damage to our banking system.
There are several other reasons why I have concerns about the proposed ''Know Your Customer'' regulation.
Page 62 PREV PAGE TOP OF DOC
First, it would obstruct our effort to bring more Americans into the financial mainstream. In my time as Under Secretary of the Treasury, we worked hard to carry out the mandate of Congress that all Federal non-tax payments should be made electronically. One of the greatest obstacles to achieving this goal has been that an estimated 10 million people who regularly receive Federal payments do not have bank accounts. There are a variety of reasons why this is so, but surveys indicate that almost one-quarter of those recipients who do not have bank accounts give concerns about confidentiality as a reason. A federally enforced ''Know Your Customer'' rule can only serve to heighten the concerns that already cause millions to remain outside the banking system.
Second, I believe that the proposal would create competitive disparity among different types of financial service providers, to the detriment of banks. No regulation has yet been proposed that would apply to credit unions, money market mutual funds and security brokerage accounts. It can be expected that customers who have concerns about the continued confidentiality of their financial affairs may migrate to these other institutions. Indeed, in an open marketplace, one might expect those non-bank intermediaries to exploit this advantage.
Finally, I have serious concerns about the kind of regulatory compliance burdens that would inevitably develop if a new regulatory regime were adopted. Bankers have been conditioned to want certainty and precision in the rules they must operate under. I see the potential for a myriad of questions being raised, resulting in the development of a smothering body of rulings and interpretations that banks would have to consult in order to be sure they were in conformity with the law. The creation of such burdens would have a particularly heavy impact on community banks, which typically do not have the depth of compliance resources that larger banks have.
Page 63 PREV PAGE TOP OF DOC
Indeed, the rulemaking proposals themselves give a forewarning of this. While the text of the proposed rule itself is quite short, the preamble material strongly suggests that there will be a strong demand for definition and interpretation. One agency's proposal, for example, prescribes what kind of customer identification should be required by a bank when a new account is opened. An in-State driver's license is acceptable, it says, but an out-of-State license cannot be used without ''corroboration''—unless the customer happens to live in a community such as Washington, D.C., that spans several States and the license was issued by a neighboring State. How long will it be before a banker asks for a ruling whether an expired driver's license suffices or an interpretation whether a State must be contiguous to qualify as ''neighboring''?
None of these concerns should be taken as reflecting a belief that banks should remain oblivious to the identities of their customers or that they should not take care to have systems and controls in place that will allow them to identify suspected illegal conduct—such as transactions that are purposely structured to remain below reporting thresholds. Banks not only have obligations under existing law, but they have a variety of good business reasons to know their customers. The large majority of banks already have processes in place to accomplish these objectives.
In that regard, bank trade associations could provide a valuable service to their members by developing and sharing information on best practices in this area. Trade groups do an effective job in communicating their members' objections to proposed government initiatives, but there is an opportunity here for them to address the ''Know Your Customer'' issue in a way that could obviate the need for any new regulation. Assisting members in developing sensible and customer-sensitive ''Know Your Customer'' programs would be a valuable service.
Page 64 PREV PAGE TOP OF DOC
For all of the reasons I have expressed in my statement to you today, I am convinced that this proposal should be withdrawn. Thank you for the opportunity to address this important matter.
Mr. GEKAS. We thank you, Mr. Hawke.
[The prepared statement of Mr. Hawke follows:]
PREPARED STATEMENT OF JOHN D. HAWKE, JR., COMPTROLLER, OFFICE OF THE COMPTROLLER OF THE CURRENCY, DEPARTMENT OF THE TREASURY
Chairman Gekas, Ranking Member Nadler, and members of the Subcommittee, I am pleased to be with you this morning to present my views on the proposed regulation that has come to be called ''Know Your Customer.''
I was sworn in as Comptroller of the Currency on December 8, 1998, so I did not participate either in the process that led to this proposal, or in the formulation of the proposal itself. I come new to the issue, and this has both advantages and disadvantages.
One clear disadvantage is that I did not have a first-hand opportunity to learn of the background of the proposal before it was published or to benefit from the interagency deliberations concerning the complex issues that unquestionably surfaced as the agencies formulated the proposal.
Page 65 PREV PAGE TOP OF DOC
One advantage of coming new to this issue, however, is that I believe I can bring an objective judgment to the question of what future the proposal should have—a judgment that I hope is informed by some 37 years in the public and private sector of dealing with issues of federal banking regulation, as a lawyer in private practice representing banks, as a professor of banking law at three major law schools, as General Counsel to the Federal Reserve Board, and as Under Secretary of the Treasury for Domestic Finance.
Mr. Chairman, the comment period on the proposed regulation closes this coming Monday, and we are reviewing the many comments we have received. It is my judgment, however, that the proposal should be promptly withdrawn. I firmly believe that any marginal advantages for law enforcement in this proposal are strongly outweighed by its potential for inflicting lasting damage on our banking system.
Let me say at the outset that the law enforcement objectives that underlie the Know Your Customer proposal are of enormous importance to our country and must not be dismissed. It is widely recognized that the ability to launder the proceeds of illegal activity—particularly drug traffic—facilitates criminals engaged in such activity. Stemming the flow of narcotics into the country, and combating the sale of drugs on our streets, depend heavily on the ability of law enforcement to impede the efforts of drug dealers to convert the cash proceeds of their activities into useable funds.
Since it is inevitable that criminals will seek to use depository institutions to launder their illegal revenues, it is entirely reasonable that banks and their regulators take all reasonable steps to ensure that they are not used wittingly or unwittingly to further illegal activities. For many years the Bank Secrecy Act has been aimed at achieving this objective and bankers have provided a valuable role in this effort in a working partnership with bank regulators and the law enforcement community.
Page 66 PREV PAGE TOP OF DOC
Beyond the valuable contribution banks make to this effort, there are other considerations that must be weighed as we consider new regulatory initiatives. Banks play an enormously important role in our economy. They serve as a safe repository for the earnings and savings of scores of millions of citizens. They play an essential role in the financing of commercial and consumer transactions. They operate our mechanism for making and clearing payments, and they provide a broad range of fiduciary services for both individuals and businesses.
Maintaining public confidence in the banking system has long been an important objective of national policy. That is why Congress created a system of federal deposit insurance 65 years ago; it is why the Federal Reserve has been invested with the responsibility to act as a lender of last resort and provider of liquidity; and it is why we have a comprehensive system of federal bank licensing, supervision and regulation. Indeed, restoring public confidence in banks was one of the important reasons why the OCC was created over 135 years ago.
Crucial to maintaining the confidence of bank customers in our banking system is their expectation that their relationships with their banks will be private and confidential—that information they provide to their banks will not be used for inappropriate purposes; that transactions will be processed objectively and nonjudgmentally; and that the interests of the customer will be paramount in importance. As I learned early in my legal career, many courts have held that banks have an implied contractual obligation of confidentiality to their customers.
To be sure, this confidentiality is not absolute. Banks must respond to lawful subpoenas for customer information; they have reporting obligations under the Bank Secrecy Act; they are required to report ''suspicious transactions'' to law enforcement authorities; and they may share certain kinds of information about credit experience with credit reporting bureaus. To date, however, these qualifications to customer confidentiality have not seriously affected customer confidence in the system as a whole—although, as I will point out shortly, they have created enough concerns to keep millions of Americans out of the system.
Page 67 PREV PAGE TOP OF DOC
My grave concern is that if federal law imposes an explicit and enforceable obligation on banks not only to adopt procedures designed to identify their customers, but also to maintain systems for ''monitoring customer transactions and identifying transactions that are inconsistent with normal and expected transactions'' for that customer, as the proposed regulation would require, it could have a profoundly adverse effect on the nature of the relationship banks have with their customers, and consequently, on the banking system as a whole. Law-abiding citizens—who make up the overwhelming proportion of bank customers—are likely to have serious concerns that their everyday relationships with their banks will be routinely scrutinized for evidence of misconduct. They will be understandably apprehensive that their banks will report any transactions that may be the least out-of-the-ordinary, or that don't meet some predetermined customer ''profile'' established by a faceless bank employee or some computer program, as a ''suspicious activity.'' And they are likely to come to the view that instead of being protectors of a confidential relationship, their banks have turned into an extension of the law enforcement apparatus. Were this to occur, it could do lasting damage to our banking system.
There are several other reasons why I have concerns about the proposed Know Your Customer regulation.
First, it would obstruct our effort to bring more Americans into the financial mainstream. In my time as Under Secretary of the Treasury, we worked hard to carry out the mandate of Congress that all federal nontax payments should be made electronically. One of the greatest obstacles to achieving this goal has been that an estimated 10 million people who regularly receive federal payments do not have bank accounts. There are a variety of reasons why this is so, but surveys indicate that almost one-quarter of those recipients who do not have bank accounts cite confidentiality as a reason. A federally-enforced ''Know Your Customer'' rule can only serve to heighten the concerns that already cause millions to remain outside the banking system.
Page 68 PREV PAGE TOP OF DOC
Second, I believe that the proposal would create competitive disparity among different types of financial service providers, to the detriment of banks. No regulation has yet been proposed that would apply to credit unions, money market mutual funds and security brokerage accounts. It can be expected that customers who have concerns about the continued confidentiality of their financial affairs may migrate to these other institutions. Indeed, in an open marketplace one might expect those nonbank intermediaries to exploit this advantage.
Finally, I have serious concerns about the kind of regulatory compliance burdens that would inevitably develop if a new regulatory regime were adopted. Bankers have been conditioned to want certainty and precision in the rules they must operate under. I see the potential for a myriad of questions being raised, resulting in the development of a smothering body of rulings and interpretations that banks would have to consult in order to be sure they were in conformity with the law. The creation of such burdens would have a particularly heavy impact on community banks, which typically do not have the depth of compliance resources that larger banks have.
Indeed, the rulemaking proposals themselves give a forewarning of this. While the text of the proposed rule itself is quite short, the preamble material strongly suggests that there will be a strong demand for definition and interpretation. One agency's proposal, for example, prescribes what kind of customer identification should be required by a bank when a new account is opened. An in-state drivers license is acceptable, it says, but an out-of-state license cannot be used without ''corroboration''—unless the customer happens to live in a community such as Washington, D.C., that spans several states and the license was issued by a ''neighboring'' state. How long will it be before a banker asks for a ruling whether an expired drivers license suffices, or an interpretation whether a state must be contiguous to qualify as ''neighboring''?
Page 69 PREV PAGE TOP OF DOC
None of these concerns should be taken as reflecting a belief that banks should remain oblivious to the identities of their customers or that they should not take care to have systems and controls in place that will allow them to identify suspected illegal conduct—such as transactions that are purposely structured to remain below reporting thresholds. Banks not only have obligations under existing law, but they have a variety of good business reasons to know their customers. The large majority of banks already have processes in place to accomplish these objectives.
In that regard, bank trade associations could provide a valuable service to their members by developing and sharing information on best practices in this area. Trade groups do an effective job in communicating their members' objections to proposed government initiatives, but there is an opportunity here for them to address the Know Your Customer issue in a way that could obviate the need for any new regulation. Assisting members in developing sensible and customer-sensitive Know Your Customer programs would be a valuable service.
For all of the reasons I have expressed in my statement to you today, I am convinced that this proposal should be withdrawn. Thank you for the opportunity to address this important matter.
Mr. GEKAS. I have just a couple of rudimentary questions. I consider them rudimentary.
If it will be withdrawn, as you indicate it will be withdrawn, do the four agencies in question still have a mandate to do something about ''Know Your Customer'' procedures or regulations?
Page 70 PREV PAGE TOP OF DOC
Mr. HAWKE. There is a view that the anti-money laundering statutes impose on the agencies a requirement to encourage, if not require, ''Know Your Customer'' programs. But I think, Mr. Chairman, that there is a significant difference between a Federal regulation that imposes an explicit ''Know Your Customer'' requirement on banks and that engages in definition of the relevant terms and a more hortatory kind of admonition to banks to take prudent steps to know who their customers are. When the requirement gets embodied in a regulation, I think it runs the risk of causing bank customers to view their banks as extensions of the law enforcement apparatus.
Mr. GEKAS. On what Federal action, what congressional action do you feel that the current regulation was based? Was it the sense of Congress action taken last summer, or was it the act of 1970 as is referred to by our colleagues, or what was the foundation, statutorily, of the proposed regulation?
Mr. HAWKE. Mr. Chairman, if I may beg the subcommittee's indulgence, I think the members of the next panel are probably better able to deal with questions of that sort than I am. I didn't participate in the discussions before this regulation was proposed.
Mr. GEKAS. I will accommodate that with the next panel.
I have no further questions. Does the gentleman from New York have any questions to ask?
Page 71 PREV PAGE TOP OF DOC
Mr. NADLER. I have no questions. I simply want to thank the controller and express satisfaction at hearing his views on the fact that these regulations should not be implemented and the reasons therefore.
Mr. HAWKE. Thank you.
Mr. GEKAS. We thank the gentleman.
We now invite to the witness table the next panel, comprised of Richard Small, an Assistant Director in the Division of Banking Supervision and Regulation of the Board of Governors of the Federal Reserve System. He has primary responsibility for the enforcement and special investigations functions of the Federal Reserve. He has worked on law enforcement in a number of positions at the Treasury and Justice Departments.
Joining him will be Christie Sciacca, the Associate Director for Policy of the Division of Supervision of the FDIC. He works on both domestic and international bank supervisory policy. Mr. Sciacca received a bachelor of science in business administration from Northeastern University, located where?
Mr. SCIACCA. Boston, Massachusetts.
Mr. GEKAS. Mr. Sciacca also graduated with honors from the Stonier Graduate School of Banking and from the American Banker's Association School of International Banking.
Page 72 PREV PAGE TOP OF DOC
With them at the witness table is Timothy Burniston, Managing Director for Compliance Policy and Specialty Examinations at the Office of Thrift Supervision. He is responsible for policy development and compliance and trust examinations, technology risk management, consumer affairs, and the OTS Consumer Affairs Program. In 1977, he graduated from Gettysburg College, and received an MBA from George Washington University in 1981.
David Medine is Associate Director of the Financial Practices Division at the Federal Trade Commission's Bureau of Consumer Protection. He is responsible for enforcing numerous Federal statutes that protect consumers engaging in financial transactions. He received his undergraduate degree from Hampshire College and his law degree from the University of Chicago Law School.
It appears that we have the Four Horsemen of the Apocalypse here ready to give us a doomsday report on the current issue. I suppose a jumping-off place for you will be the announcement by the Comptroller of the Currency as to his prediction. If you are to counter that prediction, it will be of special significance to us, and I am not prompting you either way.
Mr. GEKAS. Mr. Small will begin. We will try to allot to each the time required, but we must try to make it within 5 minutes.
STATEMENT OF RICHARD A. SMALL, ESQ., ASSISTANT DIRECTOR, DIVISION OF BANKING SUPERVISION AND REGULATION, BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
Mr. SMALL. Thank you, Mr. Chairman. I am pleased to appear before this subcommittee to discuss the proposed ''Know Your Customer'' regulation. As you are aware, the Federal Reserve, along with the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency and the Office of Thrift Supervision, issued a notice of proposed rulemaking with regard to ''Know Your Customer'' on December 7, 1998.
Page 73 PREV PAGE TOP OF DOC
As a proposed regulation, there has been no final decision on the wording of any new regulation or, for that matter, whether it is necessary to have a new regulation. The rulemaking process provides for a period of time during which the public can comment on the specifics of the proposal. As has already been stated, the comment period for this proposal concludes on March 8th. As we are still in the midst of the comment period, I am not able to provide any information with regard to the Federal Reserve's determination as to how to proceed with this proposal. That determination will not be made until the comment period has been concluded and there has been an opportunity to complete the review of the comments that have been submitted.
As we move forward in our review of the comments and our determination as to whether or how to proceed with the proposed rule, we will carefully weigh three important issues.
First, it has become clear that the proposal raises privacy concerns that also pose a real danger of eroding customer confidence in institutions at which they bank. The Federal Reserve recognizes the sensitivity of this issue.
Second, the Federal Reserve will continue to recognize that participating in the government's programs designed to attack the laundering of proceeds of illegal activities through our Nation's financial institutions could enhance public confidence in the integrity of our financial system.
Third, we will also be mindful of industry concern about the potential burden that ''Know Your Customer'' regulations might impose, and in doing so it would place banking organizations at a competitive disadvantage as the result of obligations that would come from the ''Know Your Customer'' regulations that do not apply to other types of financial service organizations subject to the provisions of the Bank Secrecy Act, such as brokerage firms and money transmitters.
Page 74 PREV PAGE TOP OF DOC
It would be useful to provide some background information about ''Know Your Customer'' policies and the purpose of the proposed rule. The concept of ''Know Your Customer'' has been around for quite some time. Many banks today use such policies and procedures to protect the integrity of their institutions. In addition, bankers have expressed concern that there is no uniformity in the banking agencies' and Department of the Treasury's guidance on identifying transactions that would be reported under existing suspicious activity reporting regulations.
In the past, there have been expressions of congressional interest in ''Know Your Customer'' regulations. The Annunzio-Wylie Money Laundering Act of 1992 authorized the Department of Treasury to prescribe minimum standards for anti-money laundering programs of all financial institutions covered by the Bank Secrecy Act. The legislative history of this law and other legislation addressing the government's anti-money laundering efforts indicate the Congress expected that the minimum standards would include ''Know Your Customer'' policies.
In the Money Laundering Deterrence Act of 1998, which was approved by the House of Representatives near the end of the 1998 session, section 9 included a requirement that the Secretary of the Treasury comply with the provisions of the Annunzio-Wylie Money Laundering Act by promulgating ''Know Your Customer'' regulations for financial institutions within 120 days of enactment of the legislation.
These considerations led all of the Federal bank supervisory agencies, including the Federal Reserve, to develop the proposal. In proposing the ''Know Your Customer'' regulations, it was our intent to provide banks with guidance as to what programs and procedures they should have in place to have sufficient knowledge of their customers to assist in the detection and prevention of illicit activities occurring at or through the banks. I should note that the proposal would not require banks to turn over to the government information about their customers and would not require banks to monitor every customer transaction.
Page 75 PREV PAGE TOP OF DOC
In an effort not to create a substantial burden for the majority of banking organizations, the proposal sets forth the concept of developing and applying ''Know Your Customer'' programs based on the perceived risks associated with the various customers and the types of transactions that the banks understood would be conducted with the customers. For the majority of customers, we assumed that banks would find that they posed no or minimal risk and that the ''Know Your Customer'' programs would be nothing more than formalizing existing procedures for identifying customers and following existing suspicious activity reporting requirements.
The proposal also recognizes that privacy was a critical issue. We specifically solicited comments on, and I quote from our proposal, ''whether the actual or perceived invasion of personal privacy interests is outweighed by the additional compliance benefits anticipated by the proposal.''
To date, the response from the public on this issue has been unprecedented. The public comments indicate that bank customers believe that ''Know Your Customer'' rules will result in material invasion of their personal privacy interests. As I noted at the beginning, the comments have highlighted important issues, both with respect to privacy and other aspects of the proposal we will be considering in the days ahead.
Thank you.
Mr. GEKAS. We thank the gentleman, commending him on restricting his testimony to exactly 5 minutes. You are the first one in the history of the subcommittee. I hope that you three will follow suit.
Page 76 PREV PAGE TOP OF DOC
[The prepared statement of Mr. Small follows:]
PREPARED STATEMENT OF RICHARD A. SMALL, ESQ., ASSISTANT DIRECTOR, DIVISION OF BANKING SUPERVISION AND REGULATION, BOARD OF GOVERNORS OF THE FEDERAL RESERVE SYSTEM
Mr. Chairman, I am pleased to appear before the Subcommittee on Commercial and Administrative Law to discuss the proposed ''Know Your Customer'' regulation. As you are aware, the Federal Reserve, along with the Federal Deposit Insurance Corporation, the Office of the Comptroller of the Currency and the Office of Thrift Supervision, issued a notice of proposed rulemaking with regard to ''Know Your Customer'' on December 7, 1998.
As a proposed regulation, there has been no final decision on the wording of any new regulation or, for that matter, whether it is necessary to have a new regulation. The rulemaking process provides for a period of time during which the public can comment on the specifics of the proposal. The comment period for this proposal concludes on March 8. As we are still in the midst of the comment period, I am not able to provide any information with regard to the Federal Reserve's determination as to how to proceed with the proposal. No determination will be made until the comment period has concluded and there has been an opportunity to complete the review of the comments that have been submitted.
As we move forward in our review of the comments and our determination as to whether, or how to proceed with the proposed rule, we will carefully weigh three important issues. First, it has become clear that the proposal raises privacy concerns that also pose a real danger of eroding customer confidence in the institutions at which they bank. The Federal Reserve recognizes the sensitivity of this issue. Second, the Federal Reserve will continue to recognize that participating in the government's programs designed to attack the laundering of proceeds of illegal activities through our nation's financial institutions could enhance public confidence in the integrity of our financial system. Third, we also will be mindful of industry concern about the potential burden that a ''Know Your Customer'' regulation might impose and that in doing so it would place banking organizations at a competitive disadvantage as the result of obligations that would come from the ''Know Your Customer'' regulation that do not apply to other types of financial service organizations subject to the provisions of the Bank Secrecy Act, such as brokerage firms and money transmitters.
Page 77 PREV PAGE TOP OF DOC
It would be useful to provide some background information about ''Know Your Customer'' policies and the purpose of the proposed rule. The concept of ''Know Your Customer'' has been around for quite some time. Many banks today use such policies and procedures to protect the integrity of their institutions. In addition, bankers have expressed concern that there is no uniformity in the banking agencies' and Department of the Treasury's guidance on identifying transactions that would have to be reported under existing suspicious activity reporting regulations.
In the past, there have been expressions of Congressional interest in ''Know Your Customer'' regulations. The Annunzio-Wylie Money Laundering Act of 1992 authorized the Department of the Treasury to prescribe minimum standards for the anti-money laundering programs of all financial institutions covered by the Bank Secrecy Act. The legislative history of this law and other legislation addressing the government's anti-money laundering efforts indicates that the Congress expected that the minimum standards would include ''Know Your Customer'' policies. In the Money Laundering Deterrence Act of 1998, which was approved by the House of Representatives near the end of the 1998 session, Section 9 included a requirement that the Secretary of the Treasury comply with the provisions of the Annunzio-Wylie Money Laundering Act by promulgating ''Know Your Customer'' regulations for financial institutions within 120 days of enactment of the legislation.
These considerations led all of the federal bank supervisory agencies, including the Federal Reserve, to develop the proposal. In proposing the ''Know Your Customer'' regulation, it was our intent to provide banks with guidance as to what programs and procedures they should have in place to have sufficient knowledge of their customers to assist in the detection and prevention of illicit activities occurring at or through the banks. I should note that the proposal would not require banks routinely to turn over to the government information about their customers and would not require banks to monitor every customer transaction.
Page 78 PREV PAGE TOP OF DOC
In an effort not to create a substantial burden for the majority of banking organizations, the proposal sets forth the concept of developing and applying ''Know Your Customer'' programs based on the perceived risks associated with the various customers and the types of transactions that the banks understood would be conducted by the customers. For the majority of customers, we assumed that banks would find that they posed no or minimal risk and their ''Know Your Customer'' programs would be nothing more than formalizing existing procedures for identifying customers and following existing suspicious activity reporting requirements.
The proposal also recognized that privacy was a critical issue. We specifically solicited comments on ''whether the actual or perceived invasion of personal privacy interests is outweighed by the additional compliance benefits anticipated by [the] proposal.''
To date, the response from the public on this issue has been unprecedented. The public comments indicate that bank customers believe that the ''Know Your Customer'' rule will result in material invasions of their personal privacy interests.
As I noted at the beginning, the comments have highlighted important issues, both with respect to privacy and other aspects of the proposal, that we will be considering in the days ahead.
Mr. GEKAS. But we now turn to Mr. Sciacca.
Before we do, I want to state that the written testimony of each of you, of all the participants, will be made a part of the record without objection, and you can summarize for the 5-minute period allotted.
Page 79 PREV PAGE TOP OF DOC
Mr. Sciacca.
STATEMENT OF CHRISTIE A. SCIACCA, ASSOCIATE DIRECTOR, DIVISION OF SUPERVISION, FEDERAL DEPOSIT INSURANCE CORPORATION
Mr. SCIACCA. Thank you, Mr. Chairman. I appreciate the opportunity to testify on behalf of the Federal Deposit Insurance Corporation on the proposed ''Know Your Customer'' regulations.
The FDIC insures the Nation's 10,483 commercial banks and savings institutions and is the primary Federal supervisor of over 5,800 State-chartered banks that are not members of the Federal Reserve System.
The FDIC, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency and the Office of Thrift Supervision published the proposed publication for public comment in December 1998. The FDIC alone has received now over 175,000 comments from the public. Virtually all of the comments express vigorous opposition to the proposal. Given this opposition, it is obvious to us that the proposal cannot become final in its current form, if at all.
The integrity of the Nation's banking system is rooted in confidence. Confidence between a financial institution and its customers is what enables banks and other financial institutions to attract and retain legitimate funds from legitimate customers, and maintaining confidence in the Nation's banking system is the mission of the FDIC. It was never our intention in this proposal to upset that confidence, but rather to affirm it.
Page 80 PREV PAGE TOP OF DOC
Our intention was to help protect the integrity of the banking industry. Clearly, we have not achieved that goal. What we have done, however, is have the public confirm our concerns regarding privacy, and privacy is a right of Americans to be vigorously protected.
When the agencies announced the interagency proposal last December, the FDIC took several steps to ensure public input on privacy and other issues. The FDIC's Board of Directors announced the proposal at a board meeting that was open to members of the public and the press. The FDIC posted the proposal on its web site, extended the comment period from 60 to 90 days, and encouraged the public to submit comments through the Internet. The FDIC also forwarded the proposal to State non-member banks to solicit their input and in its cover letter highlighted the privacy concern and other issues.
In crafting the proposal, the agencies recognized the issues of burden and customer privacy. In the letter the FDIC sent on the proposal to all FDIC-supervised banks, we clearly cautioned financial institutions about avoiding the invasion of customer privacy by safeguarding and handling financial information responsibly. We reiterated our concerns regarding privacy and burden by inviting specific public comment on whether the benefits of implementing the ''Know Your Customer'' requirements outweighed the costs involved and whether the actual or perceived invasion of personal privacy interests is outweighed by additional compliance benefits anticipated by the proposal, as Mr. Small indicated a few minutes ago.
As I noted earlier, virtually all of the public comments are from individuals whose primary concern is the impact of the proposal on their personal privacy. Comments from bankers have expressed great concern about the cost of compliance, customer privacy, and the competitive disadvantage if all financial institutions are not subjected to the same requirements. Some bankers also have asserted that the proposal's elements are redundant, ineffective and unnecessary.
Page 81 PREV PAGE TOP OF DOC
Congress has also expressed concern over the proposal. As you know, several bills have been introduced that would prohibit the proposal from being implemented in its current form. We appreciate the interest shown by Congress, the public and the banking industry in the proposal and the issue that it raises. I want to assure you that the FDIC is listening and has received the message loud and clear.
Because the comment period does not close until March 8, under the rules governing Federal rulemaking, no final decision regarding the proposal can be made prior to March 8. However, the FDIC is reading every comment letter and considering it very carefully. After the close of the comment period, the FDIC will carefully consider its options, including simply withdrawing the proposal.
Again, I appreciate the opportunity to present the FDIC's views on these issues and would be happy to answer any questions you might have.
[The prepared statement of Mr. Sciacca follows:]
PREPARED STATEMENT OF CHRISTIE A. SCIACCA, ASSOCIATE DIRECTOR, DIVISION OF SUPERVISION, FEDERAL DEPOSIT INSURANCE CORPORATION
Thank you Chairman Gekas, Ranking Member Nadler and members of the Subcommittee. I appreciate the opportunity to testify on behalf of the Federal Deposit Insurance Corporation on the proposed ''Know Your Customer'' regulations. The FDIC insures the nation's 10,483 commercial banks and savings institutions and is the primary federal supervisor of 5,863 state-chartered banks that are not members of the Federal Reserve System. My statement first provides some background on the proposed regulation. Next, I will summarize the main points of the comments we have received, particularly with respect to privacy. Finally, I will address the future of the proposal.
Page 82 PREV PAGE TOP OF DOC
BACKGROUND
The FDIC, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Office of Thrift Supervision published the proposed regulation for public comment in December 1998. The FDIC alone has received over 135,000 comments from the public as of March 2, virtually all of which express vigorous opposition to the proposal. Given this opposition, it is obvious to us that the proposal cannot become final in its current form, if at all.
The integrity of the nation's banking system is rooted in confidence. Confidence between a financial institution and its customers is what enables banks and other financial institutions to attract and retain legitimate funds from legitimate customers. Maintaining confidence in the nation's banking system is the mission of the FDIC. It was never our intention in this proposal to upset that confidence, but rather to affirm it. Illegal activities, such as money laundering, fraud, and other transactions designed to assist criminals in illegal ventures pose a serious threat to the integrity of financial institutions. Recent and highly publicized situations involving money laundering, such as the Raul Salinas case, demonstrate the importance of federal supervision and bank vigilance in this area. While it is impossible to identify every transaction at an institution that is potentially illegal or involves illegally obtained money, financial institutions must take reasonable measures to identify such transactions in order to ensure their own safe and sound operations.
Under the Bank Secrecy Act, insured financial institutions are required to report suspected illegal activity involving transactions conducted (or attempted) through the insured institution. The proposal was intended to provide consistent, practical, and yet flexible guidance to banks on compliance with anti-money laundering requirements and to assist banks in protecting themselves from being unwitting victims of, or participants in, criminal activity. We never intended, as some commenters have suggested, to require banks to monitor every transaction, every customer and every account in a bank.
Page 83 PREV PAGE TOP OF DOC
Banks need a way to identify transactions that are suspicious from a law enforcement perspective. Many banks already have formal programs to know the customers with which they do business. For the many banks that have already implemented such a program, the proposal would require them to make sure their programs are in writing and approved by their respective boards of directors. Even banks without formal programs require personal identification such as a driver's license from an individual opening an account. For business customers, upon opening an account, a bank will often require articles of incorporation, board resolutions, partnership agreements, or business licenses, as appropriate. Institutions without formal programs have requested the federal banking agencies to provide guidance in this area. Such institutions have held off going forward with formal Know Your Customer programs so that they will not expend financial and personnel resources on programs that would not meet their primary federal regulator's standards.
PUBLIC COMMENTS
When the agencies announced the interagency proposal last December, the FDIC took several steps to ensure public input on privacy and other issues. The FDIC's Board of Directors announced the proposal at a board meeting that was open to members of the public and press. The FDIC posted the proposal on its website; extended the comment period to 90 days; and encouraged the public to submit comments through the Internet. The FDIC also forwarded the proposal to state nonmember banks to solicit their input, and in its cover letter, highlighted the privacy concern and other issues.
In crafting the proposal, the agencies recognized the issues of burden and customer privacy. In the letter the FDIC sent on the proposal to all FDIC-supervised banks, we clearly cautioned financial institutions about avoiding the invasion of customer privacy by safeguarding and handling financial information responsibly. We reiterated our concerns regarding privacy and burden by inviting specific comment on: (i) whether the benefits of implementing Know Your Customer requirements outweighed the costs involved, and (ii) whether the actual or perceived invasion of personal privacy interests is outweighed by the additional compliance benefits anticipated by the proposal.
Page 84 PREV PAGE TOP OF DOC
The agencies expressly solicited comments on a number of other issues, including whether the definition of ''customer'' for these purposes was too broad and would unnecessarily include individuals who present little risk; and whether a competitive disadvantage for banks would be created with respect to financial entities that offer similar services but are not covered by the proposal.
As noted earlier, virtually all of the public comments are from individuals whose primary concern is the impact of the proposal on their personal privacy. Comments from bankers have expressed great concern about the cost of compliance, customer privacy, and the competitive disadvantage if all financial institutions are not subject to the same requirements. Some bankers also have asserted that the proposal's elements are redundant, ineffective, and unnecessary.
Congress has also expressed its concern over the proposal. As you know, several bills have been introduced that would prohibit the proposal from being implemented in its current form. We appreciate the interest shown by Congress, the public, and the banking industry in the proposal and the issues that it raises. I want to assure you that the FDIC is listening and has received the message loud and clear.
FUTURE OF PROPOSAL
Because the comment period does not close until March 8, under the rules governing federal rulemaking, no final decision regarding the proposal can be made prior to March 8. However, the FDIC is reading every comment letter and is considering them very seriously. After the close of the comment period, the FDIC will carefully consider its options, including simply withdrawing the proposal.
Page 85 PREV PAGE TOP OF DOC
Again, I appreciate the opportunity to present the FDIC's views on these issues and would be happy to answer any questions you might have.
Mr. GEKAS. I want to ask Mr. Nadler if he will join with me in saying for the record that we would propose that the testimony and the opening statements as produced here today by this committee be entered into the record as commentary to be lodged therein before March the 8th, thus adding to the volume and to the thunder that has been evoked by this issue. If you will do that for us, we will consider the hearing even more of a success than has already been indicated.
Mr. NADLER. I would certainly join in that request. I agree that doing that would add to the volume and thunder and, hopefully, to the wisdom of the comments.
Mr. GEKAS. Thank you.
Mr. GEKAS. We turn to Mr. Burniston.
STATEMENT OF TIMOTHY R. BURNISTON, MANAGING DIRECTOR, COMPLIANCE POLICY AND SPECIALTY EXAMINATIONS, OFFICE OF THRIFT SUPERVISION, DEPARTMENT OF THE TREASURY
Mr. BURNISTON. Good morning, Mr. Chairman, Mr. Nadler. Thanks for the opportunity to be here today and talk about the Office of Thrift Supervision's views on the proposed ''Know Your Customer'' regulation.
Page 86 PREV PAGE TOP OF DOC
This morning I will share some thoughts with you on where we are, how we got here and where we go next. I will discuss our goals in issuing the proposal and briefly summarize the comments we received. I will discuss our initial Regulatory Flexibility Act analysis and our use of plain English drafting techniques and outline how we plan to proceed once the comment period closes.
The primary goals, as you have heard them this morning, of the proposed rule are to ensure that banks and savings associations develop and maintain procedures reasonably designed to facilitate compliance with anti-money laundering statutes and their existing requirements on reporting suspicious activities. The rule is intended to protect the integrity of insured financial institutions by reducing the likelihood that these institutions might become unwitting participants in any customer's illicit activities. The rule is aimed at assisting the efforts of law enforcement authorities to combat illicit activities. The proposed rule is intended to provide useful but flexible guidance for institutions to follow as they develop and implement programs to meet these goals.
Our early screening of the comments received to date suggests that the overwhelming majority of individual comments reflect public concern about the privacy of information that would be collected and held by financial institutions. Simply stated, these individuals view the proposed rule as an unwarranted intrusion into their personal privacy. A lesser but still substantial number of individuals believe the proposed rule is an unwarranted search and seizure and is therefore unconstitutional. This is particularly troubling to us, since we know that customer trust is a thrift's stock in trade.
Page 87 PREV PAGE TOP OF DOC
In contrast, most financial institution commenters are concerned about the expected burden imposed by the proposed rule. A number of financial institutions are also concerned about a level playing field. That is, while banks and savings associations would be subject to a ''Know Your Customer'' rule, non-bank financial institutions such as brokerages, money transmitters and check cashers would not. This raises the related concern that the proposed rule might simply cause illegal activities to migrate from banks to non-banks. Moreover, law-abiding bank customers may migrate to non-banks to protect their privacy interests.
We took three steps to try to ensure that the process by which we issued our proposed rule would provide sufficient time for the industry to understand it and suggest alternatives.
First, we used a 90-day comment period, which is 30 days longer than our usual comment periods on regulations.
Second, we drafted our regulation using a question and answer format and other plain English techniques so we might elicit some really good feedback. We did not want to hide any potential burdens behind regulatory ambiguity.
Third, we consulted with the Small Business Administration's Office of Advocacy, incorporated their suggestions, and performed an initial regulatory flexibility analysis. We provided this analysis to the SBA 2 months before the proposal was published. The goal of that analysis was to obtain additional information about the potential burden on small institutions and about other alternatives that would accomplish our objectives.
Page 88 PREV PAGE TOP OF DOC
We also indicated any final regulation that we might come out with, and I am not suggesting that that is imminent, would not be out until April of 2000 at the earliest.
We mentioned in our regulatory flexibility analysis that ''Know Your Customer'' monitoring would be similar to monitoring already conducted by savings associations. For example, savings associations currently monitor customer transactions to ensure that cash transactions exceeding $10,000 are reported under the Bank Secrecy Act, to ensure that customers do not overdraw their accounts, and to ensure that loan payments are accurate and timely. Consequently, ''Know Your Customer'' monitoring would to some extent rely on skills that savings association personnel already have.
Further, we designed the rule so that each association could design its own program appropriate to its own resources.
As we move forward, there are two things that will guide us. One is our sensitivity to the issues raised by the comments, and the other is our need to legitimately balance our sensitivity with our role as a primary regulator of savings associations.
You referred earlier to your dialogue with Chairman Leach. We did receive a letter from him on the 3rd of February. I would like to just offer one passage in closing that I think summarizes this issue best.
He wrote to us, ''I recognize that the ability of criminal elements to enter the proceeds of their illicit activities into the legitimate financial system corrodes the integrity of that system and demands an aggressive response from relevant regulatory agencies and law enforcement authorities. However, in developing strategies to counter money laundering, the government must also be vigilant in its defense of constitutional liberties and ensure that proposals that rely on financial institutions to monitor their customers' account activity accord proper deference to the privacy concerns of those customers. Banking depends on confidence of depositors and financial institutions.''
Page 89 PREV PAGE TOP OF DOC
We will be guided by Chairman Leach's words as we go forward. We will work with the banking industry, other Federal agencies and other interested parties, including those representing consumers, to explore alternatives, including non-regulatory approaches, that are responsive to the comments received and to supervisory objectives.
Thank you for letting me go 30 seconds beyond my allocated time.
Mr. GEKAS. We will blame Mr. Leach for part of that time.
[The prepared statement of Mr. Burniston follows:]
PREPARED STATEMENT OF TIMOTHY R. BURNISTON, MANAGING DIRECTOR, COMPLIANCE POLICY AND SPECIALTY EXAMINATIONS, OFFICE OF THRIFT SUPERVISION, DEPARTMENT OF THE TREASURY
Good morning, Chairman Gekas and Members of the Subcommittee. Thank you for the opportunity to discuss the Office of Thrift Supervision's (OTS) views on the proposed ''Know Your Customer'' regulation. The OTS, the Board of Governors of the Federal Reserve System, the Office of the Comptroller of the Currency, and the Federal Deposit Insurance Corporation published the proposed regulation for public comment on December 7, 1998. The comment period closes four days from now, on March 8.
I would like to share with you this morning our thoughts on where we are, how we got here, and where we go next. I will discuss our goals in issuing the proposal and briefly summarize the comments we have received so far. Next, I will discuss our Regulatory Flexibility Act analysis of the proposed rule and our use of ''plain English'' drafting techniques in preparing the proposal. Finally, I will outline how we are planning to proceed once the comment period closes.
Page 90 PREV PAGE TOP OF DOC
We issued the proposed Know Your Customer rule because of concerns that illicit activities, such as money laundering, fraud and other transactions that assist criminals in their illegal ventures, pose a serious threat to the integrity of financial institutions. We support the anti-money laundering provisions of the Bank Secrecy Act, and we are committed to helping banks and savings associations develop anti-money laundering programs to fulfill their obligations to identify and report known and suspected violations of law.
The primary goals of the proposed rule are to ensure that banks and savings associations develop and maintain procedures reasonably designed to facilitate compliance with anti-money laundering statutes and their existing requirements on reporting suspicious activities. The rule is intended to protect the integrity of insured financial institutions by reducing the likelihood that such institutions might become unwitting participants in any customer's illicit activities. The rule is aimed at assisting the efforts of law enforcement authorities to combat illicit activities. The proposed rule was intended to provide useful but flexible guidance for institutions to follow as they develop and implement programs to meet these goals.
OTS has received over 4,000 comments on the proposed rule and I understand the tally has reached over 100,000 at the FDIC. The overwhelming majority of individual comments reflect public concern about the privacy of information that would be collected and held by financial institutions. Simply stated, these individuals view the proposed rule as an unwarranted intrusion into their financial privacy. A lesser but still substantial number of individuals believe the proposed rule amounts to an unwarranted search and seizure and is therefore unconstitutional. This is particularly troubling to us, since we know that customer trust is a thrift's stock in trade.
Page 91 PREV PAGE TOP OF DOC
By contrast, most of the financial institution commenters are concerned about the expected burden imposed by the proposed rule. These commenters discuss the dollar cost and resource burden necessary to implement the proposed rule, such as purchasing new computer software.
A number of financial institutions are also concerned about a level playing field. That is, while banks and savings associations would be subject to a ''Know Your Customer'' rule, non-bank financial institutions such as brokerages, money transmitters, and check cashers would not. This raises the related concern that the proposed rule might simply cause illegal activities to migrate from banks to non-banks. Moreover, law-abiding bank customers may migrate to nonbanks to protect their privacy interests.
We took three steps to try to ensure that the process by which we issued our proposed rule would provide sufficient time for the industry to understand the rule and suggest alternatives. First, we went out for a 90-day comment period—30 days longer than our usual comment periods on regulations—to give institutions ample time to evaluate the proposal and suggest alternatives. That comment period closes next Monday and we will then have the benefit of all of the comments to help us to decide how best to proceed. It would be premature now for me to attempt to state with certainty what OTS will do next, but I can assure you we are well aware of the level of interest the proposal has generated.
Second, we drafted our regulation using a question and answer format and other plain English techniques to make it easier for institutions to understand the proposed requirements and, in turn, give us good feedback about how the proposal would affect them and how it could be improved. We did not want to hide potential burdens behind regulatory ambiguities.
Page 92 PREV PAGE TOP OF DOC
Third, we consulted with the Small Business Administration's Office of Advocacy and performed an Initial Regulatory Flexibility Analysis. The goal of that analysis was to obtain additional information about the potential burden on small institutions and about other alternatives that would accomplish our objectives.
We also indicated that any final regulation would not be effective until, at the earliest, April 2000, over a year after the close of the comment period. This was intended to give institutions ample time to prepare to comply with any rule that may be implemented. And I am not suggesting that this is imminent.
As I mentioned, we included an Initial Regulatory Flexibility Analysis to identify the burden associated with our proposed rule. That analysis is also instructive in understanding what we were trying to accomplish by issuing the proposal. The proposed rule emphasizes the flexibility that we intended to have available to each savings association to design a program appropriate for its size and resources. A flexible approach has distinct advantages over other alternatives. For example, since the rule would apply to all savings associations, regardless of size, criminals could not choose a savings association without a ''Know Your Customer'' program as a vehicle to conduct illegal activities. It also avoids requirements that are beyond the means of small institutions. Small institutions could use simpler, less costly, and less burdensome programs than those implemented by larger institutions to achieve compliance.
We mentioned in our analysis that Know Your Customer monitoring would be similar to monitoring already conducted by savings associations. For example, savings associations currently monitor customer transactions to ensure that cash transactions exceeding $10,000 are reported under the Bank Secrecy Act, to ensure that customers do not overdraw their accounts, and to ensure that loan payments are accurate and timely. Consequently, Know Your Customer monitoring would to some extent rely on skills that savings association personnel already have and regularly use.
Page 93 PREV PAGE TOP OF DOC
Our cover letter transmitting the Know Your Customer proposal to the thrift industry further emphasized that we purposefully designed the proposed rule so that each savings association could design a Know Your Customer program appropriate for its size and resources. We specifically asked for comment on the proposed rule's economic impact on small institutions.
Let me emphasize that we are mindful of the burden that the proposed rule may place on large and small savings associations. We will give great weight to the letters that commented on this issue, and we will strive for a reasonable balance among the goals of helping institutions meet their responsibilities, competitive equity and minimizing burden, and respecting the legitimate privacy concerns of bank customers.
There are two words that will guide our efforts as we move forward: ''sensitivity'' and ''balance.'' We are sensitive to the privacy concerns raised by the comment letters. We are also sensitive to the need for a supervisory framework that ensures that the institutions we regulate adhere to the nation's anti-money laundering statutes, including the Bank Secrecy Act. We will seek an appropriate balance between these legitimate interests.
We are sensitive to the burden that may be placed on institutions, particularly smaller ones, by the proposed rule. We also want to ensure that whatever supervisory framework we may impose will minimize the potential for illicit activities to be conducted at savings associations. Here too, we will seek an appropriate balance between these legitimate interests.
Page 94 PREV PAGE TOP OF DOC
Perhaps your colleague, Representative Jim Leach, Chairman of the House Banking Committee, said it best in his letter to the Federal banking agencies on February 3. Chairman Leach stated, and I quote:
I recognize that the ability of criminal elements to enter the proceeds of their illicit activities into the legitimate financial system corrodes the integrity of that system, and demands an aggressive response from relevant regulatory agencies and law enforcement authorities. However, in developing strategies to counter money laundering, the government must also be vigilant in its defense of Constitutional liberties, and ensure that proposals that rely on financial institutions to monitor their customers' account activity accord proper deference to the privacy concerns of those customers. Banking depends on confidence of depositors in financial institutions.
We will be guided by Chairman Leach's wise words as we move forward. We will work with the banking industry, other federal agencies, and other interested parties, including those representing consumers, to explore alternatives, including nonregulatory approaches, that are responsive to the comments received and to supervisory objectives.
Thank you. I would be happy to answer any questions you may have.
Mr. GEKAS. At this moment, we will turn to Mr. Medine.
STATEMENT OF DAVID MEDINE, ASSOCIATE DIRECTOR, FINANCIAL PRACTICES DIVISION, FEDERAL TRADE COMMISSION
Page 95 PREV PAGE TOP OF DOC
Mr. MEDINE. Mr. Chairman, members of the subcommittee, I appreciate this opportunity to present the Federal Trade Commission's views on the important issue of financial privacy.
We live in a burgeoning information economy. The personal computer revolution of the 1980's and the explosive growth of interactive technologies in the 1990's have made it possible to collect, aggregate, store and market personal information in ways unthinkable only a generation ago. The use of this information can have great benefits for consumers, but it is also a matter of great concern, because information can be aggregated and disseminated so readily.
It is not surprising to learn that, of all types of information collected about them, American consumers view their financial information as most sensitive, indeed as sensitive as their medical histories. As custodians of sensitive financial information, banks must strike a balance between addressing their customers' privacy concerns and guarding against fraud and other criminal uses of banking services.
Last December, the banking agencies announced proposals to promulgate ''Know Your Customer'' regulations intended to curb money laundering. Based on the comments thus far submitted on the proposed rules, it appears that many consumers are concerned with the unauthorized disclosure of their personal financial information to any third party, including the government. Such comments demonstrate the tension between erecting safeguards that detect and deter criminal activities and protecting individuals' privacy interests. Striking the correct balance in this context presents a significant challenge to government, financial institutions and the public.
Page 96 PREV PAGE TOP OF DOC
The Commission has extensive experience dealing with consumer protection issues related to the financial services industry as well as consumer privacy issues, and I am pleased to present the Commission's perspective on these complex areas.
Two of the Commission's over 40 statutory mandates are particularly relevant to the issues before this subcommittee: one, the Commission's authority to enforce the Fair Credit Reporting Act; and, two, the Commission's new consumer protection role under the Identity Theft and Assumption Deterrence Act of 1998 of logging complaints, providing information to victims of identity theft, and referring those complaints to credit bureaus and law enforcement.
The Fair Credit Reporting Act regulates credit bureaus and establishes important protections for consumers with regard to the privacy of their sensitive financial information. The Commission has a lengthy experience of enforcing the FCRA, which Congress enacted, in part, to address privacy concerns associated with the sharing of consumers' financial and credit history contained in consumer credit reports.
Two points are worth mentioning about the operation of the FCRA that raise privacy concerns for the future: First, under the FCRA, financial institutions are free to distribute without limitation information about their own experiences with a customer. In the event that large numbers of individual firms choose to report information on their transactions with consumers directly to firms through network computers, it may be possible to create detailed financial profiles on consumers without the privacy safeguards found in the FCRA.
Page 97 PREV PAGE TOP OF DOC
Second, the 1996 amendments to the FCRA include a provision that permits affiliated companies to share consumer information, even credit reports, free from many of the FCRA's restrictions. These lessened requirements for affiliated companies sharing information may raise special concerns in the electronic banking or electronic payments context, where detailed and sometimes sensitive information about consumers is gathered.
In the area of on-line privacy, the Commission has been involved in addressing on-line privacy issues almost as long as there has been an on-line marketplace and has held a series of workshops and hearings on such issues, including the special privacy concerns raised by the on-line collection of financial information.
Throughout, the Commission's goal has been to understand this new marketplace and its information practices, to assess the impact of those practices on consumers, and to encourage and facilitate effective self-regulation as the preferred approach to protecting consumer privacy on line. The Commission's efforts to encourage self-regulation have included bringing industry and consumers and privacy advocates together to address on-line privacy issues at our workshops and meeting with and encouraging industry leaders to adopt effective self-regulatory programs.
These efforts have been based on the understanding that personal information can be collected and widely distributed on the World Wide Web with unprecedented ease and the belief that greater protection of personal privacy on the web will not only protect consumers but also increase consumer confidence and, ultimately, consumers' participation in the on-line marketplace.
Page 98 PREV PAGE TOP OF DOC
In June, 1998, the Commission issued a comprehensive report to Congress on internet privacy. The report set out the findings of the Commission's extensive March, 1998, survey of the information practices of over 1,400 commercial web sites and assessed the effectiveness of self-regulatory efforts to date in protecting consumer privacy. The survey included a sub-sample of 125 sites operated by banks, credit unions, mortgage companies, real estate agencies and other financial services firms.
The Commission found that although almost all of these sites were collecting and identifying personal information, together with very sensitive financial information, very few were disclosing their information practices.
The Commission survey findings, as well as its review of then existing industry information practice guidelines, led it to conclude that, as of June, 1998, an effective self-regulatory system had yet to emerge. The report recommended that Congress consider legislation governing the on-line collection of personal information from consumers generally, if effective self-regulation does not take hold.
Since the report was issued, several major self-regulatory initiatives have emerged to develop industry guidelines to protect the privacy of personal information, including the important work of the Banking Industry Technology Secretariat, or BITS. In addition, the privately funded study of commercial Web sites' information practices is scheduled to take place next week. We are hopeful that this study will provide an objective measure that informs the Commission's views on the current state of self-regulation to implement on-line privacy protections. The Commission is monitoring these developments with great interest and will keep the Congress informed of their results.
Page 99 PREV PAGE TOP OF DOC
It is clear that consumers are extremely concerned about the privacy of their sensitive financial information. In addition, it would appear that large numbers of commenters perceive that the ''Know Your Customer'' proposals contemplate government invasion of privacy. At the same time, the Commission is mindful of the importance of establishing mechanisms to prevent crimes, such as money laundering and fraud.
The public response to the ''Know Your Customer'' proposals highlights the tension between potential regulatory initiatives and privacy concerns. The Commission is pleased to serve as a resource as this subcommittee and others consider how to strike the proper balance between these important competing issues.
Thank you.
Mr. BRYANT. [Presiding.] Thank you, Mr. Medine.
[The prepared statement of Mr. Medine follows:]
PREPARED STATEMENT OF DAVID MEDINE, ASSOCIATE DIRECTOR, FINANCIAL PRACTICES DIVISION, FEDERAL TRADE COMMISSION
Mr. Chairman and members of the Subcommittee, I am David Medine, Associate Director for Financial Practices, Bureau of Consumer Protection, Federal Trade Commission (''FTC'' or ''Commission''). I appreciate this opportunity to present the Commission's views on the important issue of financial privacy.(see footnote 1)
Page 100 PREV PAGE TOP OF DOC
I. INTRODUCTION
We live in a burgeoning information economy. The personal computer revolution of the 1980s, and the explosive growth of interactive technologies in the 1990s, have made it possible for businesses to collect, aggregate, store, and market personal information in ways unthinkable only a generation ago. The commercial use of this information can have great benefits for consumers; but it is also a matter of great concern because information can be aggregated and disseminated so readily.
It is not surprising to learn that, of all the types of information collected about them, American consumers view their financial information as most sensitive, indeed as sensitive as their medical histories.(see footnote 2) As custodians of sensitive financial information, banks must strike a balance between addressing their customers' privacy concerns and guarding against fraud and other criminal uses of banking services. Last December, the Federal Reserve Board,(see footnote 3) the Office of the Comptroller of the Currency,(see footnote 4) the Office of Thrift Supervision,(see footnote 5) and the Federal Deposit Insurance Corporation(see footnote 6) announced similar proposals to promulgate ''Know Your Customer'' regulations intended to curb money laundering. The proposed rules would, among other things, require banks to establish procedures to ascertain the identity of their customers and the sources of funds deposited in their accounts, and to monitor patterns in their customers' banking activities to identify suspicious transactions. Based on the comments thus far submitted on the proposed rules, it appears that some consumers are concerned with the unauthorized disclosure of their personal financial information to any third party, including the government.(see footnote 7) It further appears that large numbers of commenters perceive the proposed rules to pose a new type of privacy intrusion, one initiated by government. As discussed below, this is not the type of privacy concern we have traditionally examined because it does not involve privacy protections that arise when consumers deal with businesses. Such comments demonstrate the tension between erecting safeguards that detect and deter criminal activities and protecting individuals' privacy interests. Striking the correct balance in this context presents a significant challenge to government, financial institutions, and the public.
Page 101 PREV PAGE TOP OF DOC
The Commission has extensive experience dealing with consumer protection issues related to the financial services industry as well as consumer privacy issues, and I am pleased to present the Commission's perspective on these complex areas.
II. THE COMMISSION'S CONSUMER PROTECTION ROLE
A. The FTC's Law Enforcement Authority
The FTC is a law enforcement agency whose mission is to promote the efficient functioning of the marketplace by protecting consumers from unfair or deceptive acts or practices and increasing consumer choice by promoting vigorous competition. The Commission's primary legislative mandate is to enforce the Federal Trade Commission Act (''FTCA''), which prohibits unfair methods of competition and unfair or deceptive acts or practices in or affecting commerce.(see footnote 8) With certain exceptions, including banks and other depository institutions to the extent they are regulated by the federal bank regulatory agencies, the FTCA provides the Commission with broad law enforcement authority over entities engaged in or whose business affects commerce(see footnote 9) and with the authority to gather information about such entities.(see footnote 10) The Commission also has responsibility under approximately forty additional statutes governing specific industries and practices.(see footnote 11)
B. The FTC's Activities in the Financial Services Industry
Page 102 PREV PAGE TOP OF DOC
The Commission has extensive experience in addressing consumer protection issues that arise in the financial services industry, involving, for example, the use of credit cards, lending practices, and debt collection.(see footnote 12) The Commission also provides consultation to Congress and to the federal banking agencies about consumer protection issues involving financial services. The Commission periodically provides comments to the Federal Reserve Board regarding the Fair Credit Reporting Act, and the implementing regulations for the Truth in Lending Act, the Consumer Leasing Act, the Electronic Funds Transfer Act, and the Equal Credit Opportunity Act.(see footnote 13)
In addition, the Commission has recently reported to or testified in Congress regarding the Fair Credit Reporting Act, the Fair Debt Collection Practices Act, identity theft, and the implications of electronic payment systems for individual privacy. On July 28, 1998, for example, the Commission presented testimony before the House Committee on Banking on ''pretexting.'' This term refers to information brokers' practice of obtaining confidential financial information for resale under false pretenses, e.g., by telephoning banks and posing as the account holder.(see footnote 14) The Commission believes that the act of pretexting by information brokers, which has profound implications for both financial institutions and their customers, likely violates the FTCA's prohibition of ''unfair or deceptive acts or practices in or affecting commerce'' and would warrant filing an action in federal court to obtain injunctive and other equitable relief under Section 13(b) of the FTCA.(see footnote 15)
Two of the Commission's statutory mandates are particularly relevant to the issues presently before the Subcommittee: (1) the Commission's authority to enforce the Fair Credit Reporting Act (''FCRA''); and (2) the Commission's new consumer protection role under the Identity Theft and Assumption Deterrence Act of 1998. The FCRA regulates consumer reporting agencies, also known as credit bureaus, and establishes important protections for consumers with regard to the privacy of their sensitive financial information.(see footnote 16) The Commission has extensive experience enforcing the FCRA, which Congress enacted, in part, to address privacy concerns associated with the sharing of consumers' financial and credit history contained in consumer credit reports.(see footnote 17) The FCRA limits the disclosure of consumer credit reports only to entities with specified ''permissible purposes'' (such as evaluating individuals for credit, insurance, employment, or similar purposes) and under specified conditions (such as certification from the user of the report).(see footnote 18) In these ways, the FCRA operates generally to limit disclosure of consumer reports primarily to instances where a consumer initiates a transaction, such as an application for credit, employment, or insurance.(see footnote 19) The FCRA also provides consumers with certain rights in connection with the information maintained by consumer reporting agencies.(see footnote 20)
Page 103 PREV PAGE TOP OF DOC
The FCRA imposes civil liability for both willful and negligent noncompliance by consumer reporting agencies and parties who procure reports from (or furnish information to) such agencies.(see footnote 21) It grants civil enforcement authority to the Commission, other federal agencies, and the states, to seek both monetary penalties and injunctive relief for violations of the Act.(see footnote 22) The potential monetary penalties include, for those who knowingly violate the FCRA, up to $2,500 per violation in a civil action brought by the Commission in district court.(see footnote 23)
The FCRA also provides for criminal sanctions against parties who infringe on citizen privacy by unlawfully obtaining credit reports. The FCRA provides that ''(a)ny person who knowingly and willfully obtains information on a consumer from a consumer reporting agency under false pretenses . . .'' may be fined and imprisoned for up to 2 years. 15 U.S.C. §1681q. The Computer Fraud and Abuse Act prohibits unauthorized entry into credit bureau files, providing for fine and imprisonment (up to one year for a first offense, up to ten years for a second offense) of a person who ''intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains information contained in . . . a file of a consumer reporting agency on a consumer, as such terms are defined in the [FCRA].'' 18 U.S.C. §1030(a)(2).
Issues relevant to the FCRA are currently pending before the Commission. In Matter of Trans Union Corporation, the Commission is currently considering an appeal from an initial decision of an administrative law judge concerning whether Trans Union's sale of target marketing lists violates the FCRA. Initial Decision of Administrative Law Judge James P. Timony, F.T.C. Docket No. 9255, XXF.T.C. XX(July 31, 1998).
Page 104 PREV PAGE TOP OF DOC
Two points are worth mentioning: First, under the FCRA, merchants are free to distribute without limitation information about their own experiences with a customer.(see footnote 24) In the event that large numbers of individual merchants choose to report information on their transactions with consumers directly to other merchants, it may be possible to create detailed financial profiles on consumers without the privacy safeguards provided by the FCRA.(see footnote 25)
Second, the 1996 amendments to the FCRA include a provision that permits affiliated companies to share consumer information, even credit reports, free from many of the FCRA's restrictions.(see footnote 26) These lessened requirements for affiliated companies sharing information may raise special concerns in the electronic banking or electronic payments context, where detailed and sometimes sensitive information about consumers is gathered.
In addition to its responsibilities under the FCRA, the Commission has a new, important role to play in combating identity theft, a practice that goes to the heart of personal financial privacy. Identity theft occurs when an individual appropriates another's name, address, Social Security number, or other identifying information to commit fraud. Identity thieves may use consumers' identifying information to open new credit card accounts, take out loans in the victim's name, or to steal funds from existing checking, savings, or investment accounts.(see footnote 27) Certain perpetrators go so far as illegally obtaining professional licenses,(see footnote 28) driver's licenses, and birth certificates,(see footnote 29) and even committing other crimes under their assumed identities.(see footnote 30) Others use the consumers' identifying information to submit fake medical bills to private insurers.(see footnote 31) Identity thieves often have lenders send bills to an address different from that of the victim, to conceal their activities from the victim for a prolonged period of time.(see footnote 32) In the interim, the perpetrators run up debt, in some cases tens of thousands of dollars, under their assumed identities.(see footnote 33)
Page 105 PREV PAGE TOP OF DOC
Recently, the Identity Theft and Assumption Deterrence Act of 1998 made identity theft a federal crime and authorized the FTC to serve as a central clearinghouse to receive complaints from, and provide information to, victims of identity theft.(see footnote 34) Specifically, the Act requires the Commission to establish procedures to (1) log the receipt of complaints by victims of identity theft; (2) provide these victims with informational materials; and (3) refer complaints to appropriate entities, including the major national consumer reporting agencies and law enforcement agencies.
To meet these new statutory responsibilities, Commission staff has begun work on a plan that centers on three principal components: (1) creating a toll-free telephone number to assist consumers who have been victims of identity theft;(see footnote 35) (2) maintaining a database to track and analyze identity theft complaints received by the FTC and others, and to assist law enforcement authorities in their investigations; and (3) preparing educational materials to provide guidance to consumers on how to prevent identity theft and what to do if they become an identity theft victim.
C. The FTC's Role in Online Privacy
Commerce on the Internet falls squarely within the scope of the Commission's statutory authority under the FTCA. The Commission has been involved in addressing online privacy issues for almost as long as there has been an online marketplace and has held a series of workshops and hearings on such issues, including the special privacy concerns raised by the online collection of financial information.(see footnote 36) Throughout, the Commission's goal has been to understand this new marketplace and its information practices, to assess the impact of these practices on consumers, and to encourage and facilitate effective self-regulation as the preferred approach to protecting consumer privacy online. The Commission's efforts to encourage self-regulation have included bringing industry and consumer and privacy advocates together to address online privacy issues at our workshops, and meeting with, and encouraging, industry leaders to adopt effective self-regulatory programs. These efforts have been based on (1) the understanding that personal information can be collected and widely disseminated on the World Wide Web with unprecedented ease, and (2) the belief that greater protection of personal privacy on the Web will not only protect consumers, but also increase consumer confidence and ultimately consumers' participation in the online marketplace.
Page 106 PREV PAGE TOP OF DOC
These FTC efforts have served as a foundation for dialogue among members of the information industry and online business community, government representatives, privacy and consumer advocates, and experts in interactive technology. Further, the Commission and its staff have issued reports describing various privacy concerns in the electronic marketplace. See, e.g., IRSG Report; FTC Staff Report: Public Workshop on Consumer Privacy on the Global Information Infrastructure, December 1996; FTC Staff Report: Anticipating the 21st Century: Consumer Protection Policy in the New High-Tech, Global Marketplace, May 1996.
In June 1998 the Commission issued a comprehensive report on Internet privacy, Privacy Online: A Report to Congress (the ''Report'').(see footnote 37) The Report described four fair information practice principles: that consumers be given notice of how information collected from them is used by online companies and choice regarding intended uses of their information; the need for consumer access to personal information maintained in online companies' files; and online companies' responsibility to take steps to ensure the security and integrity of the personal information they maintain. The Report set out the findings of the Commission's extensive March 1998 survey of the information practices of some 1,400 commercial Web sites, and assessed the effectiveness of self-regulatory efforts to date in protecting consumer privacy.
The survey included a subsample of 125 sites operated by banks, credit unions, mortgage companies, real estate agencies, security and stock brokerages, investment and asset management firms, venture capital firms, and other companies offering financial products and services. Commission staff found that although almost all of these sites were collecting identifying personal information together with very sensitive financial information, very few were disclosing their information practices.
Page 107 PREV PAGE TOP OF DOC
The Commission's survey findings, as well as its review of then existing industry information practice guidelines, led it to conclude that, at least as of June 1998, an effective self-regulatory system had yet to emerge. The Report recommended that the Congress consider legislation governing the online collection of personal information from consumers generally, if effective self-regulation does not take hold.(see footnote 38) Since the Report was issued, several major self-regulatory initiatives have emerged to develop industry guidelines to protect the privacy of personal information, including the important work of the Banking Industry Technology Secretariat (B.I.T.S.).(see footnote 39) In addition, a privately funded study of commercial Web sites' information practices is scheduled to take place later this month. We are hopeful that this study will provide an objective measure that informs the Commission's views on the current state of self-regulation to implement online privacy protections. The Commission is monitoring these developments with great interest and will keep the Congress informed of their results.
III. Conclusion
It is clear that consumers are extremely concerned about the privacy of their sensitive financial information. In addition, it would appear that large numbers of commenters perceive that the Know Your Customer proposals contemplate government invasion of privacy. These perceptions are significant. At the same time, the Commission is mindful of the importance of establishing mechanisms to prevent crimes such as money laundering and fraud. The public response to the Know Your Customer proposals highlights the tension between potential regulatory initiative and privacy concerns. The Commission is pleased to serve as a resource as this Subcommittee and others consider how to strike the proper balance between these important competing interests.
Page 108 PREV PAGE TOP OF DOC
Mr. BRYANT. I thank you other gentleman for your very fine presentation.
At this time, the Chair would recognize the distinguished gentleman from New York, Mr. Nadler.
Mr. NADLER. I want to thank the panel for being here.
Let me ask Mr. Small one question, and that is, you stated you assumed that for the majority of customers, the regulations would merely formalize existing bank policies. Is it your testimony that these policies require filing to the same extent that the regulations are accused of requiring profiling?
Mr. SMALL. No, because I don't believe the proposal as drafted requires the profiling that it has been interpreted to do. We believed when we wrote the proposal that there would be a minimum amount of work that would be necessary for a majority of the customers of the institution, and in fact that a majority of banks were already doing this. Obviously, from the comments we received, our assumptions are most likely incorrect for a number of banks and something that we have to go back and take a look at as we go forward. But we did not believe there was going to be any major profiling, as the word has been interpreted, for the majority of customers at an institution.
Mr. NADLER. Do you think that a good number of banks do profiling now?
Page 109 PREV PAGE TOP OF DOC
Mr. SMALL. In some way or another, and they may not do it for the purposes we are talking about, but it is my understanding that a number of banks do profiling for marketing of businesses, for marketing of business services from the institution. They already get or know a majority of the information that we would assume that they would know for purposes of the proposal.
Mr. NADLER. I would like to ask if anyone else wants to comment on the same question.
Thank you.
Mr. GEKAS. [Presiding.] We thank the gentleman.
Mr. Small, in your statement, you indicated that the promulgation of the ''Know Your Customer'', the one at issue here, was based on considerations, I think is the way you put it, that were preceded by the passage by the House of the resolution in 1998. To me, that means you assumed the intent of the Congress without a final act by the Congress. If part of your consideration was on the action in 1998, you are not saying to me, are you, that the rule was promulgated on the basis of the 1998 half-action by the Congress?
Mr. SMALL. Absolutely not, Mr. Chairman. That was just an example of our interpretation of the sense of Congress in this area, and it actually goes back much further than that.
Page 110 PREV PAGE TOP OF DOC
Back in the early 1990's there was proposed legislation, and I mentioned Annunzio-Wylie. In 1996, as a matter of fact, during a hearing of the House Banking and Financial Services Committee, Governor Kelley of the Board was testifying and was specifically asked questions about ''Know Your Customer'' and was specifically asked questions about why there wasn't a regulation in place. So we have gotten a sense over time that Congress has been very interested, at least some of Congress has been very interested, in seeing us go forward with those regulations.
Then that is evidenced again by the passage of the House bill at the end of 1998, as well as, I might add, there was a bill that was introduced in the Senate just in January called the Drug Free Century Act. That as well has a sense of Congress provision in it that says that the Secretary of the Treasury and the Federal Reserve should expedite the promulgation of ''Know Your Customer'' regulations for financial institutions.
Mr. GEKAS. I understand that fully. But in the final analysis, if you acted in December, partially or totally, on the basis of incomplete actions on the part of the House or the Senate or the Congress, then there is something missing in what connection there should be between action by the Congress and promulgation of rules by the regulators.
Mr. SMALL. Right. As I said, that is absolutely not the case. We acted based on what we believed was appropriate through the years, what we thought was required by statute, and what we thought was a good and sound proposal for the banking industry.
Mr. GEKAS. Excuse me. Why in December, Mr. Small, and not back in May of that year or February? Why December?
Page 111 PREV PAGE TOP OF DOC
Mr. SMALL. Actually, Mr. Chairman, we have been working on it in a concerted effort to get it done for almost a year and a half prior to its release.
Mr. GEKAS. Did you feel an extra push when the House acted as it did? Is that what you saying?
Mr. SMALL. No, I am not. All that the passage of the bill in the House does for my purposes is evidence or provide some justification as to why we thought we should go forward. But it was in absolutely no instance the reason that we went forward.
We have been talking about promulgating ''Know Your Customer'' regulations since the mid-1990's. We have been asked by some in the banking industry since the early 1990's to promulgate regulations; and, as I already mentioned, we got a sense of the Congress over the years that there was an interest in having this done.
Just so I am clear, the passage of the bill in 1998 had absolutely nothing to do with our release of it or the reason we did it or making an assumption that the Congress as a whole was going to pass that bill and that is why we were preempting them.
Mr. GEKAS. But you felt it was a consideration. That is what you stated. That brings up a whole series of worries on my part. If indeed it went into the thinking at all, then we are—I am not criticizing you as much as criticizing us. If we do incomplete actions and they cause to become signals that you should take into consideration, as you say, there is something wrong.
Page 112 PREV PAGE TOP OF DOC
I yield to the gentleman.
Mr. NADLER. I just want to comment on that, if I may, for a moment.
Without characterizing the reasons that the agencies did what they did, because I take you at your word and have no information to the contrary, I would simply observe, Mr. Chairman, if an agency believes it has a statutory right to do something, whatever it is, and the House or the Senate or a committee of the House or the Senate proposes something, they may think, gee, that is a good idea. There is nothing wrong with an agency which thinks it has the authority to do something taking an idea from the House or the Senate just because we didn't finish the legislation and mandate it. They should take good ideas from wherever they may come.
The question is, in any regulatory sphere, has an agency abused its authority by going beyond its authority. But, frankly, if they are within their authority—and, again, I don't like these regulations, but I am just commenting on what was said a moment ago. If an agency works within its authority and acts on what it thinks is a good idea that they got from some committee or the whole House, I see nothing wrong with that. It doesn't say we did anything wrong by considering that idea either.
Mr. GEKAS. I thank the gentleman.
Mr. Sciacca, you mentioned that part of the adverse commentary came from the banking community itself because of the overburdensome set of regulations that would make their life more complicated.
Page 113 PREV PAGE TOP OF DOC
What I was wondering, the bankers concerns, weren't they enough for the FDIC to consider compliance with reg-flex?
Mr. SCIACCA. Mr. Chairman, we did a regulatory flexibility analysis, I think as was indicated in the SBA statement. We, along with the Office of Thrift Supervision, did, in fact, conduct that.
Mr. GEKAS. I wasn't sure. I knew that Mr. Burniston did say that occurred. I wasn't sure——
Mr. SCIACCA. We did it, and we believe the questions we asked, because this was a proposal, Mr. Chairman, that the questions were to solicit and elicit the comments on some of the issues raised by the Small Business Administration.
In addition to that, we do appreciate the comments by the Small Business Administration as to how we might in the future consider and advance our so-called reg-flex analyses.
Mr. GEKAS. So I ask Mr. Sciacca and Mr. Burniston jointly, was the criterion of the Small Business Act enough for you to indulge in the reg-flex analysis? Did that compel you to do that?
Mr. BURNISTON. Yes, sir.
Page 114 PREV PAGE TOP OF DOC
Mr. GEKAS. That is interesting to me, because I worry about how that is being implemented. Some agencies choose to ignore it totally.
Mr. Medine, how did you view the reg-flex requirement?
Mr. MEDINE. Mr. Chairman, we are not a banking agency, so therefore we were not involved in the promulgation of these proposed regulations.
Mr. GEKAS. All right. Does the gentleman from Tennessee have any questions?
Mr. BRYANT. Thank you, Mr. Chairman.
Mr. Sciacca and Mr. Burniston, I missed because of a markup in another committee much of your testimony. I am reviewing your statements. I am concerned about the issue that was alluded to, the burden on the banking institutions, but also a comment I caught from you, Mr. Burniston, in the end, about programs, the effect on driving customers away to other financial institutions. I think, Mr. Sciacca, your review of the comments, many of the comments, had that same concern, that it might be some type of competitive disadvantage. Could you for a couple of minutes between the two of you expand further on the issue of competitive disadvantage?
Mr. BURNISTON. Well, the general concern that I mentioned in my oral remarks referred to the fact that if entities other than financial institutions who are subject to this rule provide banking and transactional services, that in one case you could have the effect of law-abiding persons wanting to move their banking relationship to another source where they would not have the privacy concerns perhaps that they would have with a federally insured depository institution.
Page 115 PREV PAGE TOP OF DOC
The other factor that I raised related to the fact that you could be basically creating a situation where it becomes more attractive for the criminal element to move to an entity that is not covered by this type of a regulation. That is certainly not a competitive disadvantage, to have the criminals move elsewhere, but it certainly is a concern as well.
Mr. BRYANT. Thank you.
Mr. SCIACCA. I would only add to that, Representative Bryant, that we did solicit comment on that exact question, as to whether or not the fact that only the financial institutions, supervised by the agencies were covered by this regulation, wouldn't that create a competitive disadvantage between those organizations and those not covered. I think, as indicated in Mr. Burniston's testimony and by Comptroller Hawke when he was here, that he expressed a similar concern of the so-called uneven playing field, and that the one thing we don't want to do is to upset the confidence that the American public has in the banking system. If that is upset in any way, it causes them to move their relationships outside of that system, then it creates a competitive problem for the industry.
Mr. BRYANT. Thank you.
Mr. Medine, you have testified on behalf of the FTC on two areas of responsibility, the Fair Credit Reporting Act and the fairly new issue of identity theft. Would you again for a couple minutes tell us how these regulations would impact potentially in an adverse way, if there is any? I understand you to say there could be adverse ways, those two areas of responsibilities.
Page 116 PREV PAGE TOP OF DOC
Mr. MEDINE. I am sorry, I think those are really more examples of ways to protect consumers' privacy and to address some of the concerns that privacy innovations cause. Because under the Fair Credit Reporting Act, our primary mission is to protect the privacy of sensitive financial information, and we do that vigorously through our oversight of credit bureaus and other firms in the economy that provide financial information.
Identity theft, of course, has taken off dramatically over the last several years through the misuse of consumers' identifying information, and the Congress has established the Federal Trade Commission as a resource for victims of identity theft, as a place to go to file their complaints, to get information about how to dig out of being victims of identity theft, and also to transmit that information to credit bureaus to help get these victims back on their feet again and to law enforcement to facilitate the prosecution of identity thieves.
Mr. BRYANT. So in terms of the FTC, you would see, though, no adverse impact of these regulations on those two areas?
Mr. MEDINE. I think they are really separate issues. I think both of those areas make clear the high degree of concern about financial privacy that I think has triggered the response to those proposed regulations. So I think we are striking the same vein, but I think we are approaching it in a different fashion. That is, in the FCRA area and the identity theft area, we are trying to do things to protect consumers' privacy.
Mr. BRYANT. I understand Mr. Hawke mentioned that these regulations, and I don't know the exact wording, but could be withdrawn, may be withdrawn, will be withdrawn. Are any of you in a position to comment on whether that would be a good idea? I am not trying to put you on the spot, and I know you didn't come to testify about that, but on behalf of the agencies you represent, are any of you in a position to say that would be a good idea perhaps at this time or a bad idea, if you are in that position?
Page 117 PREV PAGE TOP OF DOC
Mr. SCIACCA. I think, Congressman, that what we can say is, and I reiterate what our chairman has said in addition to Comptroller Hawke, who in addition to being the Comptroller of the Currency sits on our Board of Directors, and that is that the current proposal, it is obvious to us, cannot move forward in its current form, and that among alternatives that are being very seriously considered is simply withdrawing the proposal.
Mr. GEKAS. Any other comments?
Thank you, gentleman, for your testimony.
I thank the gentleman. The time of the gentleman has expired. We note that the Four Horsemen have scored, and we dismiss them with our thanks. Thanks very much.
We now invite the next panel to approach the witness table.
That panel is comprised of Jere Glover, Chief Counsel and head of the Office of Advocacy of the U.S. Small Business Administration. The Office of Advocacy was created in 1976 to monitor the contributions and concerns of small business and to work for policies that reduce regulatory burdens and support small business growth. Mr. Glover received his bachelor and law degrees from Memphis State University and an advanced law degree from George Washington University.
He is joined at the table by Professor Robert Anthony, who teaches Administrative Law and Administrative Practice, Federal Courts and Legislation at the George Mason University School of Law. He is past chairman of the Administrative Conference of the United States and remains active in the Administrative Law and Regulatory Practice Section of the American Bar Association. Professor Anthony earned his BA from Yale and legal degrees from Oxford and Stanford.
Page 118 PREV PAGE TOP OF DOC
With them is James D. McLaughlin, the Director of Regulatory and Trust Affairs for the American Banker's Association. He has responsibility for coordinating relations with Federal regulatory agencies, as well as legislative issues affecting bank, investment, securities and trust services. He received his bachelor's degree from Fairfield University and his law degree from Fordham University.
Next is Solveig Singleton, the Director of Information Studies with the Cato Institute in Washington, D.C. She has written and spoken numerous times on privacy issues, the Internet and telecommunications. Ms. Singleton obtained a BA degree in philosophy from Reed College and her law degree from Cornell Law School.
Gregory Nojeim is the Legislative Counsel of the American Civil Liberties Union in the Washington national office. Prior to joining the ACLU, he was the Director of Legal Services for the American Arab Antidiscrimination Committee. Mr. Nojeim graduated from the University of Rochester and received his law degree from the University of Virginia Law School in 1985.
We will begin with Mr. Glover, with the same statement on the part of the Chair that all the written statements will become a part of the record without objection. Each will be limited to 5 minutes for the sake of making a complete and succinct record.
We begin with Mr. Glover.
STATEMENT OF JERE W. GLOVER, CHIEF COUNSEL, OFFICE OF ADVOCACY, SMALL BUSINESS OF ADMINISTRATION
Page 119 PREV PAGE TOP OF DOC
Mr. GLOVER. Good morning, Mr. Chairman, members of the subcommittee. I am Jere Glover, Chief Counsel for Advocacy at the U.S. Small Business Administration. Today with me is Greg Dean, Assistant Chief Counsel for Banking and Finance Programs at SBA.
The Chief Counsel of the Office of Advocacy is basically charged with the responsibility of making sure that small business isn't burdened by government regulations. You may have noticed that we haven't quite finished that job just yet and that we continue to pursue that diligently.
We are often asked to look at regulations that impact small business, and often we find that there is a discrimination against small business and a disproportionate impact on small business. In fact, we have done some 30 studies on this topic.
When we look at that information what we find is somewhat interesting in that perhaps this regulation has more of an impact on some of the large banks than some of the small banks. If we consider, for example, many of the large banks have done a lot not to see their customers anymore, by making you pay to go see the teller and by making you go through the automatic teller machines. Some of the big banks have actually done a very fine job of not knowing their customers anymore. The small community banks, of course, are much better at that.
The Congress and this committee have improved the regulatory climate for small business very significantly during the last few years. The Small Business Regulatory Enforcement Fairness Act, which was passed in 1996, strengthened the Regulatory Flexibility Act and added some real teeth to that legislation.
Page 120 PREV PAGE TOP OF DOC
By and large, most of the agencies in most of the situations are doing a much better job. We have been working closely with those agencies. In fact, we have worked closely with the financial and banking regulating agencies and, by and large, they have done a good job. And we are pleased to report that the panel process which you put in place with EPA and OSHA, (we have had over 13 EPA panels, we have had two at OSHA) are all working very well.
What is working is that we are beginning to get involved before decisions are made by the agencies prior to the input from small business so that the agencies understand the cost, the benefits, and the impacts on the smaller members of their regulated industries.
So, overall, we are seeing a good bit of improvement in that regulatory climate. However, I will caution that there are instances and agencies which tend to ignore the rules and regulations.
Now, ironically, the courts are looking at the judicial review provisions of the Small Business Regulatory Enforcement Fairness Act. Adding judicial review to the Regulatory Flexibility Act has put some real teeth into the Regulatory Flexibility Act. So far we have seen four Court of Appeals cases and five District Court cases handing down decisions on the act. In some cases regulations have simply been thrown out because the agencies have failed to comply with the Regulatory Flexibility Act. In fact, our office filed our first amicus brief in a case, which resulted in an agency's rule being thrown out.
With that general overall view of what is going on, let me turn to the specific issue at hand. Two of the agencies involved in this particular rulemaking certified under the Regulatory Flexibility Act that this regulation would not have a ''significant economic impact on a substantial number of small businesses or small entities.'' We question that decision. We especially question that decision since one of the agencies used the old law.
Page 121 PREV PAGE TOP OF DOC
The new law requires that, in addition to making that finding, they must also include a factual statement providing the basis for that certification. The actual provision that was added to the law is, whenever there is a certification, they must include along with it a statement providing the factual basis for the certification. So the agency not only certifies it, but they must have a factual basis to certify it.
If you review their comments in the Federal Register and their provisions in these two instances, clearly the two agencies did not provide such a factual basis.
The two that did provide regulatory flexibility analysis, we think they did not do sufficient outreach to small business, small banks and community banks or they would have fully understood that that impact was far greater than they anticipated.
So, overall, in compliance with the Regulatory Flexibility Act, we think the agencies did not meet the standards that we expect, and we will be working with them. We have provided guidance to the agencies, we have trained over 600 individuals and provided them with the specific guidelines. We will be working closely with them in the future to make sure that they seriously consider the impact on small banks.
We study banking, and small businesses rely heavily on banks. We want a vital, strong, small business banking community out there.
Thank you.
Page 122 PREV PAGE TOP OF DOC
Mr. GEKAS. We thank the gentleman.
[The prepared statement of Mr. Glover follows:]
PREPARED STATEMENT OF JERE W. GLOVER, CHIEF COUNSEL, OFFICE OF ADVOCACY, SMALL BUSINESS OF ADMINISTRATION
Good Morning, Mr. Chairman and members of the Subcommittee. Thank you for inviting me to testify today before the Subcommittee on the recent regulatory proposal issued by the federal banking regulators to implement a ''Know Your Customer'' program for all banks.
My name is Jere W. Glover and I am Chief Counsel for the Office of Advocacy at the U.S. Small Business Administration. Congress established the Office of Advocacy in 1976, and its statutory mission is to represent the views of small business before federal agencies and Congress.(see footnote 40) As Chief Counsel for Advocacy I am also charged with monitoring federal agencies' compliance with the Regulatory Flexibility Act (RFA)(see footnote 41) as amended by the Small Business Regulatory Enforcement Fairness Act of 1996 (SBREFA).(see footnote 42)
In addition, I am charged by Congress to monitor and report on the availability of capital and credit for small businesses. To fulfill this mandate, the Office of Advocacy has undertaken a series of studies analyzing bank lending to small businesses. The studies are titled, ''Small Business Lending in the United States,'' ''The Bank Holding Company Study,'' and the ''Micro-Business-Friendly Banks in the United States'' study. This year we have added the study, ''Small Farm Lending in the United States.''(see footnote 43) In addition, we have funded with the Federal Reserve Board two surveys entitled, ''The National Survey of Small Business Finances.''
Page 123 PREV PAGE TOP OF DOC
The Office of Advocacy also held a major conference to discuss the impact of bank mergers and consolidation on small businesses and small banks. Our intent was to raise the visibility of the potential harm that could be caused by mergers and consolidations. No clear answers emerged, but we are continuing to monitor the issue.
Before discussing the proposal of the federal banking regulators, I would like to give a brief outline of the provisions of the Regulatory Flexibility Act and the SBREFA amendments.
THE REGULATORY FLEXIBILITY ACT
The Regulatory Flexibility Act was created by Congress in response to one of the recommendations of the 1980 White House Conference on Small Business. The primary purpose of the Act is to establish, as a principle of regulatory issuance, that federal agencies endeavor, consistent with the objectives of the rule and of applicable statutes, to fit regulatory and informational requirements to the scale of entities subject to the regulation. In essence, the Act requires agencies to take a closer look at proposed regulatory actions and their potential impacts upon small entities and to elicit comments from the small business community.
The Act requires agencies to determine whether a proposed regulatory action will have a ''significant economic impact upon a substantial number of small entities.''(see footnote 44) If so, then the agency must perform an Initial Regulatory Flexibility Analysis.(see footnote 45) If the agency does not believe there will be a ''significant economic impact upon a substantial number of small entities,'' then the head of the agency may certify to that effect. For final regulatory actions, agencies must incorporate small entities' comments into a Final Regulatory Flexibility Analysis(see footnote 46) or verify their original certification.
Page 124 PREV PAGE TOP OF DOC
In 1996, significant amendments were added to the Regulatory Flexibility Act by SBREFA. Changes include the requirement that a factual justification accompany a certification statement, a greater emphasis to be placed on outreach efforts to small entities, Small Business Advocacy Review Panels be established for some EPA and OSHA proposed regulatory actions, and the most significant change—judicial review of major sections of the Act. Small entities may now bring actions against federal regulatory agencies seeking judicial review of the agencies' Regulatory Flexibility Act proceedings.
Outside of the Regulatory Flexibility Act, SBREFA established new regulatory requirements for federal regulatory agencies that include the adoption of compliance policies with mitigation provisions, the compilation of small entity compliance guides for regulations where a Final Regulatory Flexibility Analysis has been conducted, the establishment of Regional Small Business Regulatory Fairness Boards and the establishment of a Small Business and Agriculture Regulatory Enforcement Ombudsman.
Since SBREFA, small entities are increasingly seeking judicial review of agencies' regulatory actions. To date, we are aware of four cases that have been reviewed at the appellate level, five cases that have been decided on the district court level and at least four or more cases that are still pending. Attached is a list of cases where Regulatory Flexibility Act issues have been raised by small entities.(see footnote 47)
To assist federal regulatory agencies and small business entities, we have conducted numerous outreach seminars and programs. In addition, last year we published a guide for federal regulatory agencies entitled, ''The Regulatory Flexibility Act: An Implementation Guide for Federal Agencies.''(see footnote 48) Please note that we received substantial input from federal regulatory agencies on the content of the booklet. The booklet was prepared as guidance and not as a legal interpretation of the Regulatory Flexibility Act. The courts are the final interpreters of the Act.
Page 125 PREV PAGE TOP OF DOC
In addition, we work with agencies that request our assistance with the Regulatory Flexibility Act and answer their questions about the rulemaking process.(see footnote 49) Attached is a list of some of the issues with which we have been involved in Fiscal Year 1998 and that have resulted in significant changes and savings for small entities.(see footnote 50)
Based upon our experience with the Regulatory Flexibility Act and the Small Business Advocacy Review Panels, we continue to emphasize the need for clarity in rule language, a quantitative analysis in an agency's certification justification and sufficient input from small entities. Regarding uncertain regulatory impacts on small entities, Advocacy has advised that ''. . . it is recommended that the agency err on the side of caution and perform an IRFA with the available data and information, and solicit comments from small entities regarding impact. Then, if appropriate, the agency can certify the final rule.''(see footnote 51)
Inadequate certifications, including initial certifications, are judicially reviewable but only after a rule has become final. SBREFA has been in effect only three years. In the life of regulatory development, that is a short time. With the rise of appeals of final agency actions, we fully expect that agency certifications will be one of the areas contested by small entities.
PROPOSED ''KNOW YOUR CUSTOMER'' RULE
Now let me address the proposed ''Know Your Customer'' Rule.
Page 126 PREV PAGE TOP OF DOC
Late last year in a further effort to stem money laundering and illegal financial transactions through our banking system, the federal banking regulators issued a joint regulatory proposal known as the ''Know Your Customer'' rule.(see footnote 52)
Small businesses and community banks are very much in support of deterring money laundering and other illegal financial transactions. As highlighted in each of the preambles of the proposed ''Know Your Customer'' regulation, these types of activities destroy customer confidence and the integrity of the banking system. No bank wants to develop a reputation as a bank that fosters criminal activity.
As drafted, the proposal would require all banking organizations to implement a ''Know Your Customer'' program that consists of monitoring customers, their transactions and the transactions of third parties (intermediaries) done in the normal course of business for illegal and suspicious activities. Banks would be required to identify the real identities of their customers (even if transactions are conducted by third parties) and develop customer profiles, determine the source of the customer's or third party's funds, monitor account transactions, develop a system to determine normal and expected transactions and establish a system to know when to report activity that is not normal or ordinary for the customer or the transaction.
Recognizing that banks are already obligated under existing regulations of the Bank Secrecy Act(see footnote 53) and the Currency and Foreign Transaction Reporting Act(see footnote 54) to file transaction reports and to generally monitor suspicious activities, the federal banking regulators decided to propose a very ''flexible'' regulation. It was reasoned that each bank already has some form of in-bank oversight for criminal activity and therefore could design their own ''Know Your Customer'' program.
Page 127 PREV PAGE TOP OF DOC
While it is true that banks are already doing some of this, what they have been doing is neither as comprehensive nor as expansive as may be required by the proposed regulation. Further, the proposed regulation does not detail how the current regulatory scheme was deficient or how banks could improve their oversight within the current system. In addition, a key element lacking in the proposal was a description of how the banking regulators would enforce the new programs. The enforcement criteria used to judge the proposal did not include any concrete examples as to what constitutes a sufficient ''Know Your Customer'' program, what is considered a satisfactory customer profile and what constitutes sufficient maintenance of the program. The proposal did indicate that guidelines would be issued with the publication of the final regulation. However, guidance after a rule has become final deprives small entities of commenting on key components of the proposal.
A ''flexible'' regulation combined with the lack of precise oversight and enforcement controls can lead to uncertain and costly compliance for small entities and arguably ineffective oversight of a problem that itself has not been explicitly defined. We believe that the requirements of the Regulatory Flexibility Act, if they had been fully complied with, would have elicited comments from the small banking community and helped the regulators draft a more appropriate regulatory response—or no regulatory response, if regulations could not effectively address the issue.
REGULATORY FLEXIBILITY ACT COMPLIANCE AND THE PROPOSED ''KNOW YOUR CUSTOMER'' RULE
Let me state from the outset that the agencies did not comply with the Regulatory Flexibility Act. First, it is clear that this rule will have an impact upon small entities thus certifications were inappropriate. Second, while two of the regulators did undertake Initial Regulatory Flexibility Analyses, the analyses were woefully inadequate to elicit valuable input from the affected small entities.
Page 128 PREV PAGE TOP OF DOC
The Federal Reserve System and the Office of the Comptroller of the Currency certified that the proposed ''Know Your Customer'' regulation would not have a significant economic impact upon a substantial number of small entities. The Federal Deposit Insurance Corporation (FDIC) and the Office of Thrift Supervision (OTS), while stating that they were unable to determine the impact upon small entities, published an Initial Regulatory Flexibility Analysis.
In this proposal it was more appropriate and legally correct to conduct an Initial Regulatory Flexibility Analysis rather than just issue a straight certification. Under the first test of the Regulatory Flexibility Act, as to whether there is a ''significant economic impact upon a substantial number of small entities,'' the banking regulators had already determined that the proposal would affect all banks, including community banks. Since the nature of the proposals included many undetermined items that could be very broadly interpreted by small community banks, we believe an Initial Regulatory Flexibility Analysis could have been used to determine the exact scope of the economic impact. This could be have been done through a series of detailed questions and regulatory alternatives to elicit responses from the small banking community.
Although the FDIC and OTS did the right thing in publishing Initial Regulatory Flexibility Analyses they did not go far enough. The following detailed questions could have been included in the proposal: what are the anticipated overall costs to small community banks, what is the cost of training (to what extent are specialized expertise and professional skills necessary), what are the potential costs of hiring outside assistance (consultants, attorneys and accountants), what are the anticipated costs of the software changes necessary for monitoring and recordkeeping, and how much of the cost will need to be passed on to customers. More importantly, questions needed to be asked about the scope of the problem and the anticipated impact of the proposed regulation in solving the problem. Finally, an Initial Regulatory Flexibility Analysis should have contained regulatory alternatives or request suggested alternatives from the small banking community. In both analyses, alternatives were peremptorily dismissed as inappropriate and unworkable.
Page 129 PREV PAGE TOP OF DOC
The notice did question whether the proposal would cause a competitive disadvantage for banks competing against non-bank financial institutions and whether there would be an actual or perceived backlash due to customers' privacy concerns. But the more important questions, listed above, were omitted.
The Office of Advocacy has consulted with some representatives of the small banking community. They indicated that the proposal would cost substantially more and take more time to implement than cited. Many believe that new computer software programs would have to be purchased and customized to do the more intrinsic monitoring of customers and transactions and general maintenance of the system than anticipated under the proposed regulation. In addition, many also believe that they will have to hire and expertly train at least one person in each bank or banking system to oversee the implementation and maintenance of the proposed program.
Others see a comparison to the original regulations of the Community Reinvestment Act issued in the 1970's, before the passage of the Regulatory Flexibility Act. At the time, the regulation was intended to be flexible, with each bank being able to tailor the implementation to their own lending programs. Within a decade it became apparent that the regulation was a compliance nightmare. The new regulatory structure revised later has a small community bank exemption but the re-drafting of the Community Reinvestment Act regulations came only after a series of national public meetings, thousands of comment letters and many revisions. The lack of precision in the ''Know Your Customer'' proposal might have similar results, intermediate unproductive costs and no regulatory impact to the underlying problem.
Based on our experience with the Regulatory Flexibility Act and the Small Business Regulatory Review Panels, we believe that an Initial Regulatory Flexibility Analysis should have been conducted for this proposal with significant input from affected small entities. While we applaud the FDIC and OTS for taking the initiative to prepare an Initial Regulatory Flexibility Analysis, they clearly needed to do a more thorough job. We believe that other regulatory outreach activities should have been undertaken by the banking regulators, including advanced notices of proposed rulemaking, industry roundtables, and public meetings.
Page 130 PREV PAGE TOP OF DOC
While I am not recommending at this time that the Small Business Advocacy Review Panel provisions of SBREFA be extended beyond EPA and OSHA to all federal agencies, I do believe that a panel-like process would be extremely beneficial in this instance. It is fair to say that we are continually impressed by the value added to the process by small entities and how more effective regulatory proposals can be devised in response to small entities' input.
CONCLUSION
The Regulatory Flexibility Act was passed by Congress in 1980 to ensure that small entities' voices are heard in the federal rulemaking process. The Act requires agencies to take a closer look at proposed regulatory actions and their potential impacts upon small entities and to elicit comments from the small business community. In 1996, Congress amended the Act through the Small Business Regulatory Enforcement Fairness Act thereby placing greater responsibilities on agencies to consider the impact of proposed regulations on small entities. In addition, it gave the right to small entities to challenge improper federal agencies' actions.
With respect to the proposed ''Know Your Customer'' rule issued by the federal banking regulators, we believe that the Initial Regulatory Flexibility Analyses should have been performed. We believe that the Federal Reserve Board and the Office of the Comptroller of the Currency improperly certified that the proposal would not have a ''significant economic impact upon a substantial number of small entities.'' While we applaud the FDIC and OTS for preparing an Initial Regulatory Flexibility Analyses, we believe that the analyses should have been more thoroughly constructed so as to elicit appropriate input from small banks and small banking organizations.
Page 131 PREV PAGE TOP OF DOC
The Office of Advocacy and small entities are watching. Given the visibility of judicial review under the Regulatory Flexibility Act, it can be expected that improper agency actions will be challenged. Especially vulnerable are agencies that issue improper certifications. In light of this, federal regulatory agencies need to take the Regulatory Flexibility Act seriously.
62436a.eps
62436b.eps
62436c.eps
62436d.eps
[Note: A document submitted for the record by Mr. Glover, ''The Regulatory Flexibility Act: An Implementation Guide for Federal Agencies,'' by the Small Business Administration, Office of Advocacy (http://www.sba.gov/ADVO/), is in the subcommittee's files.]
Mr. GEKAS. We turn to Professor Anthony.
STATEMENT OF ROBERT A. ANTHONY, PROFESSOR, GEORGE MASON UNIVERSITY SCHOOL OF LAW
Mr. ANTHONY. Thank you, Mr. Chairman, members of the committee. I greatly appreciate the opportunity to appear before you on the important issue of agency use of guidance documents to lay down new requirements.
Page 132 PREV PAGE TOP OF DOC
Perhaps this is a somewhat different perspective that I offer from those mentioned thus far in this hearing. They arise from my interest in non-legislative rules issued by Federal agencies. These are documents such as guidances, circulars, policy statements, bulletins, memoranda, manuals—documents which were not promulgated through the processes that Congress has laid down for making rules with the force of law. The key proposition here is that agencies should not use non-legislative documents like guidances to impose binding requirements on the public.
The problem I want to address today is that the banking agencies in their proposed rules appear to be planning to set forth some of their ''Know Your Customer'' law through guidances and similar non-legislative documents, instead of developing legally binding rules the way Congress has specified.
Now there is no doubt that the agencies' ''Know Your Customer'' programs are intended to be binding on the banks and on members of the public, including depositors and other customers. The basic structures and requirements of these programs are being set up by regulations; and if they are adopted, they will be promulgated in accordance with the Administrative Procedure Act's rulemaking procedures and in accordance with the banking laws.
But those legislative documents are not going to be the whole story, apparently. The agencies have announced that further concrete provisions are going to come separately in non-legislative documents, supplemental guidance documents, which will not be promulgated through APA rulemaking procedures.
Page 133 PREV PAGE TOP OF DOC
Again, a basic general doctrine under the APA is that Federal agencies may not use non-legislative documents like guidances to impose binding rules on the public. Federal agencies are creatures of Congress and for them to legislate—that is, to issue rules and regulations declaring what people can and can't do and what standards they have to meet—they have to do it the way that Congress has directed. This means particularly that the agencies must observe the rulemaking procedures that Congress requires.
Those procedures are normally the familiar APA notice and comment procedures, which include full opportunity for public input and publication of both the proposed and the final rules in the Federal Register with explanations. Sometimes Congress specifies variations on these rulemaking requirements for particular agency programs, but the basic mandate to use statutory rulemaking procedures remains the same. These procedures supply a sort of a democratic process for rulemaking by the unelected agencies that serves as an imperfect substitute for the democratic process of legislation by the people's elected representatives in Congress.
A critical point is this: These statutory rulemaking procedures must be used whenever an agency issues a document that is going to have binding effect, even if it doesn't have legally binding effect, but has only a practically binding effect, which is what most of these non-legislative documents do.
On these grounds there is cause for concern about the way the banking agencies are developing their ''Know Your Customer'' plan. The proposed regulations require banks to establish ''Know Your Customer'' programs, and the proposed regulations indicate components that those programs, ''should include.'' But then, as announced in the preambles to the proposed regulations, each agency intends to provide a ''supplemental'' document to provide further ''guidance.''
Page 134 PREV PAGE TOP OF DOC
Now I certainly agree that the banks and their customers vary considerably, and each bank should be allowed to develop a system appropriate to its own circumstances. But I doubt that it is a good idea to implement this system through guidance documents. If the guidance documents expressly impose new requirements or as a practical matter are treated by the agency as imposing new requirements, they may be invalid for failure to comply with APA rulemaking requirements.
Now it is not improper for agencies to issue nonlegislative documents that actually interpret existing legislation, though such documents are not binding on the public or on the courts. Here the ''Know Your Customer'' regulations, if adopted after consideration of the public comments, will constitute legislation. But their provisions indicating merely what the banks' programs should contain may not amount to legislation that is sufficiently mandatory and specific to form the basis for making a genuine interpretation in a guidance document. Moreover, as expressed by the Fed, the ''guidance is not intended to provide additional interpretive explanations of the regulations, but rather it will provide concrete examples of proven effective means to accomplish the requirements.''
Well, even if the documents only give examples, promulgating them without use of APA rulemaking procedures is not free from legal difficulty. Will such guidances be treated as safe-harbor rules? If so, they might well protect the bank against enforcement by the agency, but could the bank rely on the guidance document which does not have the force of law to protect it against lawsuits brought by customers injured by bank actions taken in conformity with these examples? And how about customers and others who under the guidances might be asked by banks to supply information about third parties? Will the unlegislated guidance document protect them from suit by persons whose information they disclose?
Page 135 PREV PAGE TOP OF DOC
Issuance of regulatory material through guidance documents can pose risks not only to the issuing agencies, but also to banks and other persons in the private sector. Such risks could be avoided if the agencies issued that material through notice and comment rulemaking in accordance with the APA. More important, it would be a good practice to do so, fairer to the regulated banks, fairer to customers and fairer to the general public.
Thank you, Mr. Chairman.
Mr. GEKAS. We thank the gentleman.
[The prepared statement of Mr. Anthony follows:]
PREPARED STATEMENT OF ROBERT A. ANTHONY, PROFESSOR, GEORGE MASON UNIVERSITY SCHOOL OF LAW
MR. CHAIRMAN AND MEMBERS OF THE SUBCOMMITTEE:
I appreciate the opportunity to appear before you on the important issue of agency use of guidance documents to lay down new requirements.
I am George Mason University Foundation Professor of Law at the GMU School of Law in Arlington, Virginia. I have been at George Mason since 1983. From 1964 to 1974 I was an associate professor and then a tenured full professor of law at the Cornell Law School before being appointed by President Ford to a five-year term as chairman of the Administrative Conference of the United States, 1974–1979. I have long been active in the Administrative Law and Regulatory Practice Section of the American Bar Association, chairing several committees and serving in various Section-wide offices from 1985 to 1994. My academic specialty is administrative law.
Page 136 PREV PAGE TOP OF DOC
I have a particular scholarly interest in ''nonlegislative rules'' issued by federal agencies—documents such as guidances, circulars, policy statements, bulletins, memorandums and manuals. These are agency documents that were not promulgated through the processes that Congress has laid down for making rules with the force of law. The key general proposition here is that agencies should not use nonlegislative documents like guidances to impose binding requirements on the public.
The problem I want to address today is that the banking agencies appear to be planning to set forth some of their ''Know Your Customer'' law through guidances and similar nonlegislative documents, instead of developing legally binding rules in the way that Congress has specified.
There is no doubt that the agencies' Know Your Customer programs are intended to be binding on the banks and affected members of the public including depositors and other customers. But, while the basic structures and general requirements of these programs are being set up by regulations, promulgated in accordance with the rulemaking procedures of the Administrative Procedure Act (APA) and the banking laws, those legislative documents apparently aren't going to be the whole story. The agencies have announced that further concrete provisions are going to come separately in nonlegislative documents—supplemental guidance documents—which will not be promulgated through APA rulemaking procedures.
Again, the basic general doctrine under the APA is that federal agencies may not use nonlegislative documents like guidances to impose binding rules on members of the public. Federal agencies are creatures of Congress, and for them to legislate—that is, to issue rules and regulations declaring what people can and can't do or what standards they have to meet—they must do it the way Congress has directed.
Page 137 PREV PAGE TOP OF DOC
This means, first, that the agency has to have authority from Congress by statute to act on the subject matter. I am not raising any such question here. Second—and this is what I do want to emphasize—the agency must observe the rulemaking procedures that Congress requires. Those procedures are normally the familiar APA notice-and-comment procedures, which include full opportunity for public input and publication of both the proposed and final rules in the Federal Register with explanations. Sometimes Congress specifies variations on these rulemaking requirements for particular agency programs, but the basic mandate to use statutory rulemaking procedures remains the same. These procedures supply a sort of democratic process for lawmaking by unelected agencies that serves as an imperfect substitute for the democratic process of legislation by the people's elected representatives in Congress.
A critical point is this: These statutory rulemaking procedures must be used whenever an agency issues a document that will have binding effect on the public, even if that is just a practical binding effect rather than a legal effect. (There are exceptions for military and foreign affairs, and for public property and related fields. Nonlegislative rules that have binding effect are the subject of my article, Interpretive Rules, Policy Statements, Guidances, Manuals, and the Like—Should Federal Agencies Use Them to Bind the Public? 41 Duke Law Journal 1311–84 (1992).)
On these grounds, there may be some cause for concern about the way the banking agencies are proceeding to develop their Know Your Customer plan. The proposed regulations require banks to establish Know Your Customer programs, and indicate components that those programs ''should include'' (FRB, 63 FR 67523; OCC, 63 FR 67529; corresponding sentence omitted by FDIC, 63 FR 67535; compare OTS, ''must . . . contain,'' 63 FR 67542). But then, as announced in the preambles to the proposed regulations, each agency intends to provide a ''supplemental'' document to supply further ''guidance'' (FRB, 63 FR 67517; OCC, 63 FR 67525; FDIC, 63 FR 67530; compare OTS, 63 FR 67537, calling it ''interpretive guidance'').
Page 138 PREV PAGE TOP OF DOC
Now, I certainly agree with the banking agencies that banks and their customers vary considerably, and that it is appropriate to allow each bank to develop a system appropriate to its own particular circumstances. But I doubt that it is likely to be a good idea to provide the flexibility through the use of guidance documents. If the guidances expressly impose new requirements, or as a practical matter are treated by the agencies as imposing new requirements, they may be invalid for failure to comply with APA rulemaking procedures. And this is as it ought to be, because agencies have no warrant for imposing new regulatory requirements without going through the Congressionally-mandated procedures that normally call for publication in proposed as well as final form and for full opportunity for the public to comment.
It is not improper for agencies to issue nonlegislative documents that actually interpret existing legislation, though such documents are not binding on the public or on the courts. Here the proposed Know Your Customer regulations, if adopted in final form after consideration of public comments, will constitute legislation. But their provisions, indicating merely what the banks' programs ''should'' contain, may not constitute legislation that is sufficiently mandatory and specific to form the basis for making a genuine interpretation in a guidance document. Moreover, as expressed by the Fed, the ''guidance is not intended to provide additional interpretive explanations of the regulations, but rather it will provide concrete examples of proven effective means to accomplish the requirements. . . .'' (63 FR 67517).
Even if the guidance documents only give examples of what will comply (rather than detailed specifications of what is required to comply), promulgating them without use of APA rulemaking procedures is not free from legal difficulty. Will such guidances be treated as safe-harbor rules? If so, they might well protect a bank against inconsistent enforcement by the agency. But could the bank rely on the guidance document, which does not have the force of law, to protect it against lawsuits brought by customers injured by bank actions taken in conformity with the examples? And how about customers and others, who under the guidances might be asked by banks to supply information about third parties? Would the unlegislated guidance document protect them from suit by persons whose information they disclosed?
Page 139 PREV PAGE TOP OF DOC
Issuance of regulatory material through guidance documents can pose risks not only to the issuing agencies but also to banks and other persons in the private sector. Such risks could be avoided if the agencies issued that material through notice-and-comment rulemaking, in accordance with the APA. Perhaps more important, it would be good practice to do so—fairer to the regulated banks, to customers and to the general public.
I recognize that all detailed circumstances cannot be foreseen. But to the extent some of the details are to be dealt with in agency documents, it is better to do that through regulations developed by APA notice-and-comment procedures than to do it through unlegislated guidances. The APA procedure tends to generate better inputs (structured opportunity for comment by the entire public) and better outputs (more fully tested and deliberated). And the resulting regulations have the force of law, so that all affected persons can know where they stand.
Mr. Chairman, I will be happy to answer any questions that you or other members of the Committee may have.
Mr. GEKAS. We turn to Mr. McLaughlin.
STATEMENT OF JAMES McLAUGHLIN, DIRECTOR, REGULATORY AFFAIRS, AMERICAN BANKER'S ASSOCIATION
Mr. MCLAUGHLIN. Thank you, Mr. Chairman and members of the subcommittee. I am James McLaughlin, Director of Regulatory and Trust Affairs of the American Bankers Association. I am pleased to present the views of the ABA on the ''Know Your Customer'' proposal.
Page 140 PREV PAGE TOP OF DOC
We believe that preventing money laundering is an important tool in the fight against illegal activities, and our industry has consistently supported government efforts in this regard. In fact, banking has been commended by law enforcement agencies for its efforts.
But this proposal has gone too far. It poses added and unnecessary burdens on banks and further slants the regulatory imbalance with our competitors who would not have the same requirements. But there is a bigger issue at stake here: The privacy of our customers and the confidence that they have in their financial institution. The banking industry is deeply concerned about that because our business is based on trust.
In January the ABA took the unusual step of asking formally that the proposal be withdrawn. We did so well before the end of the public comment period, when we felt we had no choice. Privacy is so important to the public and the industry, and the level of concern about this proposal is so high that no response short of withdrawing this proposal will serve the public interest. To do otherwise, we fear, will undermine confidence in both our industry and government.
I would like to address quickly three key concerns. The ''Know Your Customer'' proposal would: (1) have serious implications for maintaining customer privacy; (2) would add costly and unnecessary regulatory burdens on the banking industry; and (3) would widen the already existing gulf in regulatory treatment between banks and nonbanks.
Privacy concerns. ABA believes that the banking industry protects customers better than any other industry in the United States. We have long protected our customer information from unauthorized access while fulfilling our statutory mandate to report possible violations of law.
Page 141 PREV PAGE TOP OF DOC
The greatest cause of industry and public opposition to the ''Know Your Customer'' proposal has been its use of several broad terms. For example, it requires a system to determine the source of funds for all customers and to know the normal and expected transactions of all customers. The media reports have focused especially on the ''profiling'' and ''monitoring'' wording. Privacy advocates have expressed outrage that the local banker will be required to analyze all customer transactions. This public outpouring has so tainted this proposal that simply deleting one or another or even all of these terms is not enough to calm public concern. The public is unlikely to be consoled by simple word changes.
At the same time we recognize that even if this proposal is withdrawn, broad policy issues remain that will need clarification. The policy debate over how to reconcile the inherent conflict between fraud prevention and money laundering deterrence on one hand, and customer privacy on the other, should continue. The banking industry wants to be a part of that debate.
Two: Costly and unnecessary burdens on banks. Banks currently employ procedures that they believe are adequate to meet law enforcement needs. While the agencies may have intended the proposal to merely reflect industry practice, the proposal contains many elements that greatly exceed what is being done today.
For example, the proposal fails to retain the current policy behind suspicious activity reporting, that of reporting a violation after it has occurred. It replaces that policy with a new, vastly more expansive burden of investigating all customers to determine if anything illegal has taken place. To say that this places banks in an awkward position with its customers is an understatement. While the regulators have stated that this is not what was intended, the language of the proposal makes this issue very real and of major concern to our members and the banks' customers.
Page 142 PREV PAGE TOP OF DOC
The development of systems for profiling and monitoring customer transactions carries with it huge potential implementation and ongoing costs. One community bank estimated that the first full year of ''Know Your Customer'' implementation would cost that institution $110,000. This is a very heavy burden, particularly when you consider that more than 4,000 banks have fewer than 25 employees.
Finally, the proposal would widen the gulf in regulatory treatment between banks and nonbanks. Bank competitors which offer bank-like products have no statutory obligation to meet current suspicious activity requirements, let alone the proposed ''Know Your Customer'' rules. To date the National Credit Union Administration has not proposed a similar requirement for the Nation's credit unions. In addition, no proposal imposes ''Know Your Customer'' obligations on securities and insurance firms. They don't even have to file suspicious activity reports, while securities or insurance affiliates of banks must. This is bad public policy. Certainly many privacy-conscious customers will be led to believe that banks and their affiliates intrude into their privacy while other financial institutions do not.
In summary, Mr. Chairman and members of the subcommittee, we have no choice but to urge that this flawed proposal be withdrawn. Thank you.
Mr. GEKAS. We thank the gentleman.
[The prepared statement of Mr. McLaughlin follows:]
PREPARED STATEMENT OF JAMES MCLAUGHLIN, DIRECTOR, REGULATORY AFFAIRS, AMERICAN BANKER'S ASSOCIATION
Page 143 PREV PAGE TOP OF DOC
Mr. Chairman and members of the Subcommittee, I am James D. McLaughlin, Director, Regulatory and Trust Affairs, of the American Bankers Association, Washington, D.C. I am pleased to be here today to present the views of ABA on the federal banking regulators' current ''Know Your Customer'' proposal.
The ABA brings together all categories of banking institutions to best represent the interests of this rapidly changing industry. Its membership—which includes community, regional and money center banks and holding companies, as well as savings associations, trust companies and savings banks—makes ABA the largest trade association in the country.
Mr. Chairman, the banking industry believes that preventing money laundering is an important tool in fighting illegal activities and our industry has consistently supported government efforts in this regard. In fact, government law enforcement officials have often complemented our industry on its efforts to fight money laundering. Nonetheless, the current proposal by federal bank regulators called ''know your customer'' goes far beyond a reasonable approach to this problem. In an effort to root out illegal activity, the proposal would require banks to gather information on and monitor the activities of all our customers.
Certainly, this regulation poses an additional and unnecessary burden on banks, and further expands the regulatory imbalance with our competitors that would not have the same requirements. But there is a bigger issue at stake here—the privacy of our customers and the confidence they have in their financial institution.
We thank you for holding this hearing today. It is an important step in assuring millions of bank customers that their privacy will be protected. It is becoming increasingly clear that Congress opposes these regulations. Last month the ABA took the unusual step in asking formally that the proposal be withdrawn. And the regulators themselves are saying that the proposal was a mistake. For example, Comptroller of the Currency John D. Hawke, Jr., just last week, told an ABA meeting that he could not support the proposal. This is not a partisan issue—conservatives and liberals have joined bankers and their customers in opposing this proposal.
Page 144 PREV PAGE TOP OF DOC
Mr. Chairman, the ABA believes that the banking industry protects customer privacy better than any other industry in the United States. We have long protected customer information from unauthorized access, while fulfilling our mandate to report possible violations of law. Privacy is so important to the public and the industry, and the level of concern about this proposal is already so high and still growing, that no response short of withdrawing this proposal will serve the public interest. To do otherwise, we fear, will undermine confidence in both our industry and the government.
In my statement today, I would like to address three key concerns. The know-your-customer proposal:
Has serious implications for maintaining the privacy of our customers;
Would add costly and unnecessary regulatory burdens; and
Would widen the gulf in regulatory treatment between banks and nonbanks.
I. ADDRESSING THE PRIVACY CONCERNS OF OUR CUSTOMERS;
The greatest cause of industry and public opposition to the know-your-customer proposal has been its use of several broad terms or definitions. For example, some of the specific parts of the proposal (or in some instances, the preamble to the proposal) require a ''system'' to determine the source of funds for all customers and to know the normal and expected transactions of all customers. The amount of information needed and the mandated eavesdropping required by the proposal raise great concerns about privacy. Media reports have focused especially on the profiling and monitoring wording, and privacy advocates have expressed outrage that their local banker will be required to analyze all customers' transactions.
Page 145 PREV PAGE TOP OF DOC
This growing public view has so tainted the discussion of this regulation that simply deleting of the ''profiling'' term—as has been suggested—is not enough to calm the public's nerves. Questions would continue to be raised about the motivations of the government, and the public is unlikely to be consoled by simple word changes. While it is clear the authors of this proposal did not intend it to be read so broadly, we believe that the only option is to withdraw it completely.
The banking industry's reputation is built on trust, and protecting the privacy of our customers is fundamental to its preservation. We believe that no other industry in the United States does as much to protect privacy, while still fulfilling our obligations under the law to report possible criminal violations.(see footnote 55) The know-your-customer proposal flips the delicate balance between our need to protect customer privacy and the obligation to report possible violations of law on its head. Confidence in both our industry and government must be preserved.
We recognize that broad policy issues remain that will need clarification. The policy debate on how to reconcile the inherent conflict between fraud prevention and money laundering deterrence, on one hand, and customer privacy, on the other hand, should continue.
Let me mention one worry bankers have. Even though the statute protects banks from civil liability for filing suspicious activity reports, the industry anticipates increased challenges under the guise of compromising customer privacy. While one recent court decision upheld this needed protection,(see footnote 56) others have not. We urge Congress to consider additional provisions to ensure that banks which comply with the law are protected from customer suits—for following the statutory mandate.
Page 146 PREV PAGE TOP OF DOC
II. THE KNOW-YOUR-CUSTOMER PROPOSAL WOULD ADD COSTLY AND UNNECESSARY REGULATORY BURDENS
Since 1984, banks—by law—have been required to report possible violations of federal law to the Treasury Department (which shares this information with federal and state law enforcement agencies) after the discovery of:
insider abuse;
any violations of any federal law; or
potential money laundering activities.(see footnote 57)
In fact, in a recent telephone poll, ABA found that close to 90 percent of banks currently employ procedures that they believe are adequate to meet the law enforcement needs that underlie the know-your-customer policy. Therefore, the banking industry is already supporting the stated law enforcement goal of establishing systems to deter fraud. While the agencies may have intended the December proposal to merely reflect industry practice, the proposal contains many elements that greatly exceed what is being done today, and these very provisions are the ones that have raised such public concern.
For example, the know-your-customer proposal fails to retain the current policy behind Suspicious Activity Reporting (''SAR'') requirements—that of reporting a violation after it has occurred. The language of the new proposal replaces that policy with a new, vastly more expansive burden of investigating all customers to determine if anything illegal has taken place. While the regulators have stated that this is not what was intended, the language in the proposal makes this issue very real and of major concern to our members.
Page 147 PREV PAGE TOP OF DOC
Moreover, as discussed above, there is great public concern and opposition to imposing a ''system'' to determine a customer's source of funds and a requirement to know the normal and expected transactions of all customers. While government spokespersons have stated that the intent is much narrower, the potential for huge costs and invasive practices is very high under the language of the proposed rule.
Profiling and monitoring customer transactions—again the subject of tremendous public rebuke—carries with it huge potential implementation and ongoing costs for banks. Some of our larger members are still gathering estimates on what it would cost to develop profiles for each existing and new customer, as well as to implement automated systems that would identify exceptions. One community bank estimated that the first full year of KYC implementation would cost the institution $110,000 without counting any automation upgrades, overtime or overhead.
III. THE KNOW-YOUR-CUSTOMER PROPOSAL WOULD WIDEN THE GULF IN REGULATORY TREATMENT BETWEEN BANKS AND NONBANKS.
Even if the know-your-customer proposal did not impose additional regulatory burden on banking institutions, the fact remains that the banking industry will be at a decided disadvantage with respect to our financial services competitors. This is because these competitors—which offer bank-like products—have no statutory obligation to meet suspicious activity requirements, let alone know-your-customer rules. To date, the National Credit Union Administration has not proposed a similar requirement for the nation's credit unions. In addition, securities and insurance firms will not be required to follow similar rules or file suspicious activity reports, while securities or insurance affiliates of banks must.(see footnote 58)
Page 148 PREV PAGE TOP OF DOC
This is bad public policy. Certainly, many privacy conscious customers will be led to believe that banks and their affiliates intrude into their privacy, while other financial institutions do not. One of the many community bank commenters stated this concern very succinctly:
We feel that this regulation, if adopted, could severely impact the banking system in a negative way because customers will not feel welcome at a bank and will go where they feel welcomed (credit unions, brokerage houses; i.e., anywhere that does not follow the regulation).
The net effect of this regulation may well be to further erode public confidence in banking institutions. Further, it places banks in a terribly awkward position between law enforcement and our legitimate customers.
In addition, compliance experts in our industry are interested in how to achieve more uniformity in the examination process, and all sides should address the competitive inequalities relative to suspicious activity reporting. As recently as January 22, the FRB(see footnote 59), FDIC and OCC staff heard from over forty bankers about their concerns regarding the scope of the proposed rulemaking. The meeting attendees recommended the agencies continue to receive input on these important issues. The ABA concurs with this recommendation.
CONCLUSION
Mr. Chairman, thank you for allowing us to express our views on this important proposal. We take seriously the public's perception that the know-your-customer rule is an invasive and burdensome requirement. The American Bankers Association appreciates the willingness of the federal banking agencies to meet with interested groups to discuss the scope of the know-your-customer proposal. However, despite constructive dialogues over the critical issues, it has become clear to us that the current proposal should be withdrawn.
Page 149 PREV PAGE TOP OF DOC
Mr. GEKAS. We will now ask Ms. Singleton to present her statement.
STATEMENT OF SOLVEIG SINGLETON, DIRECTOR OF INFORMATION STUDIES, CATO INSTITUTE
Ms. SINGLETON. Thank you. I am Solveig Singleton, a lawyer at the CATO Institute.
Thank you, Mr. Chairman, for this chance to testify on the ''Know Your Customer'' proposal. The goal of my testimony today is to talk about where the proposal fits into the big picture of statements that the administration and other executive branch agencies have made on the importance of privacy. In particular, the Federal Trade Commission, the Commerce Department and Vice President Gore have made statements about the importance of privacy that on their face are very inconsistent with the ''Know Your Customer'' proposal.
Vice President Gore, for example, has said, and I quote, ''privacy is a basic American value in the information age and in every age, and it must be protected.''
The Federal Trade Commission has taken a very active interest in privacy, and, as we heard the ''Four Horsemen'' panel discuss, has held many workshops on privacy. One of the things that the Federal Trade Commission has emphasized is the importance of customer choice in how their information is used; that is, consumers should be able to choose how the information is used, whether it is collected and so on. Another thing that the FTC has emphasized is the importance of confidentiality for customers in developing trust in the institutions of commerce.
Page 150 PREV PAGE TOP OF DOC
Now, I think clearly the ''Know Your Customer'' proposal doesn't offer customers a choice about how their information is used or collected, and it poses serious problems of confidence in the banking system, particularly for small business customers; for, say, immigrants who come from a background where they have been living under authoritarian regimes which they came to this country to escape, and suddenly they find themselves again in a situation where they prefer to use cash and find that that activity in itself is considered suspicious.
Now, the FTC's comments, and Vice President Gore's comments, and the Commerce Department's proceedings on privacy have all focused very much on the private sector, and that raises the question of what exactly is the danger to privacy here. Is it the private sector, or is it the government?
Looking at the ''Know Your Customer'' proposal in particular, banks under the proposal would not be collecting this information to lower their marketing costs or develop new products or services. Rather, they would be producing these reports to give them to Federal regulators with unique powers to investigate citizens, to bring them to trial, to arrest them and, without trial, to seize assets in forfeiture proceedings.
This suggests to me that the answer to the question is the unique power of government is the real danger. In the big picture, one might say, the administration's privacy policy in focusing on the private sector, ignoring the privacy factors posed by government, is upside down.
But even if one disagrees with me, and thinks that the private sector is a danger as well, it is pretty clear that the unique powers of government do make it a human rights problem, so it wouldn't make any sense for the administration to talk about the importance of privacy as applied to the private sector and not apply those same principles to government.
Page 151 PREV PAGE TOP OF DOC
Thank you very much.
Mr. GEKAS. We thank the lady.
[The prepared statement of Ms. Singleton follows:]
PREPARED STATEMENT OF SOLVEIG SINGLETON, DIRECTOR OF INFORMATION STUDIES, CATO INSTITUTE
Mr. Chairman, my name is Solveig Singleton and I am a lawyer at the Cato Institute. In keeping with the truth in testimony rules, I first note that the Cato Institute does not receive any money at all from the federal government, nor has it in the past.
Thank you for this opportunity to comment on the FDIC's proposed ''Know Your Customer'' regulations. The goal of my testimony today is to examine where the ''Know Your Customer'' proposal fits in the ''Big Picture'' of this administration's privacy policy. The FDIC's ''Know Your Customer'' proposal is inconsistent with declarations made by the FTC, the Commerce Department, and by Vice President Al Gore on American's privacy rights. Government-supported programs like ''Know Your Customer'' pose a unique threat to human rights, because government alone has the power or arrest and prosecution, and to demand asset forfeitures.
The ''Know Your Customer'' proposal fosters mistrust and resentment of government, particularly among immigrants and minority groups.
The proposal sidesteps the Fourth Amendment.
Page 152 PREV PAGE TOP OF DOC
''Know Your Customer'' will not make our streets or banks safer.
''Know Your Customer'' eerily recalls Communist China, where neighborhood committees of retired communist party members reported on their neighbors.
Abuses of information collected by government in the past show that that government will not observe safeguards intended to prevent the abuse of the power to collect information.
THE ADMINISTRATION'S STANCE ON PRIVACY
Since electronic commerce began to put on a growth spurt, headed for ungainly adolescence, various agencies and individuals in the executive branch and in various agencies have offered up many pronouncements on privacy. These announcements are entirely inconsistent with the ''Know Your Customer'' policies developed by the FDIC, as if the right hand does not know what the left hand is doing.
Since 1996, the FTC has initiated a large number of workshops, reports, and proceedings on the importance of privacy. These have been directed at the private sector businesses that collect information from customers for marketing purposes. The FDIC's proposal to have banks monitor their customer's transactions and create profiles of ''normal'' banking patterns, though, suggests that the FTC should turn its scrutiny from the private sector to government. The banks will not use the information they collect to develop new services, cut costs, or to contact customers with information about new products. Rather, the banks would provide information to regulators who possess powers of arrest and to bring citizens to trial or to seize assets in forfeiture proceedings—powers the private sector lacks.
Page 153 PREV PAGE TOP OF DOC
In privacy proceedings, the FTC and the Commerce Department have each emphasized that their view of privacy includes giving consumers a choice about privacy. The FTC explains that ''choice means giving consumers options as to how any personal information collected from them may be used.'' The FDIC's ''know your customer'' proposal, however, would give customers no escape from surveillance. This top-down regulatory mandate would impact all FDIC-insured banks.
In 1998, Vice President Al Gore has proposed, with great fanfare, an Electronic Bill of Rights. In discussing privacy, he said:
Privacy is a basic American value—in the Information Age, and in every age. And it must be protected. We need an electronic bill of rights for this electronic age. You should have the right to choose whether your personal information is disclosed; you should have the right to know how, when, and how much of that information is being used; and you should have the right to see it yourself, to know if it's accurate.
Why should government, with its unique law enforcement powers, be permitted to disregard ''basic'' privacy principles? In targeting the uses of information in the private sector and allowing government-sponsored information gathering to grow, this administration has turned the privacy problem upside down.
THE FDIC'S PROPOSED KNOW YOUR CUSTOMER RULE
The proposed ''Know Your Customer'' rule represents regulators' attempts to discover where U.S. citizens get their money and whether the citizens' banking activities are ''normal.''
Page 154 PREV PAGE TOP OF DOC
The ''Know Your Customer'' proposal fosters mistrust and resentment of government.
The FDIC has already received thousands of comments from people outraged at this prospect. People know the difference between being treated as a citizen and being treated as a suspect. Imagine the anger and fear that recent immigrants, African Americans and Hispanics will feel, knowing their banks are recording information about their jobs and patterns of withdrawals and deposits.
The proposal sidesteps the Fourth Amendment.
The Fourth Amendment to the United States Constitution protects our privacy from government intrusions. If the police suspect a U.S. citizen of a crime, they would need a warrant to legally see his or her private papers. The ''Know Your Customer'' proposal forces banks to become agents of the police, spying and reporting on their own customers—without ever obtaining a warrant. It's an end run around our constitutional rights of privacy. Unless and until the police have probable cause to suspect someone of a crime, where he gets his money is none of the government's business.
''Know Your Customer'' will not make us safer.
The FDIC argues that the new rules are somehow needed to ensure the ''safety'' and ''reputation'' of the banking system. But banks—Swiss banks in particular—have managed to respect their customers'' privacy for decades without endangering the ''safety'' of the banking system.
Page 155 PREV PAGE TOP OF DOC
With the ''Know Your Customer'' proposal, the government would sacrifice the rights of all to catch a tiny number of alleged wrongdoers. Of the 7,300 defendants charged with money laundering from 1987 and 1995, only 580 were convicted, in almost all cases the ''small fry.'' Money laundering is essentially a paperwork offense, the crime of trying to conceal the proceeds of a crime. Historically, it was not a crime at all. Money laundering convictions are obtained at enormous taxpayer expense, and the streets are no safer because of them. Only a desk-bound view of law enforcement would see more surveillance to catch money laundering as a meaningful way to protect the rights of crime victims.
''Know Your Customer'' or ''Know Your Comrade?''
Under the proposed rule the banking system would act like a network of police spies—not unlike the neighborhood committees of retired party members in communist China (known as a ''a bridge between the government and the masses''). Those committees of elderly women with bound feet were known as the ''KGB with tiny feet.'' They padded about to report their neighbors for having too many children or a dirty house or harboring ''capitalist roaders.'' There are differences between the two systems—''Know Your Customer'' isn't intended to support a Communist Party program. But there is a key similarity: in both systems, an intrusive program of regulation requires the government to force the private sector to help by reporting on everybody, everywhere. This is a sure sign that the government is on the wrong track.
In a free society, there's no need to turn private businesses into spy agencies. Most laws are self-reporting. If I murder someone, his relatives will demand justice; if I defraud him, he will complain himself and do his best to see that I am caught; if I spill foul chemicals into his stream, he will complain loudly when he finds out. There's no need to force bankers, grocers or neighbors to report that kind of behavior, or to threaten them with the forfeiture of their property if they don't. Using neighbors or private businesses as spies is a sure sign that the state has departed from the central job it is supposed to perform—protecting our liberties and rights.
Page 156 PREV PAGE TOP OF DOC
GOVERNMENT ABUSES OF INFORMATION
Government cannot be trusted with the power to collect complex and private facts about our lives without a showing of probable cause. History shows that government will not observe safeguards intended to prevent the abuse of the power to collect information:
During World War II, U.S. census data was used to identify Japanese-Americans and place them in internment camps.
When Social Security numbers were introduced in 1935, the public was repeatedly assured that they would be used only to ensure that workers were paying the payroll tax; they are now used throughout the federal government and private sector for many purposes entirely unrelated to social security.
In 1995 over 500 Internal Revenue Service agents were caught illegally snooping through tax records of thousands of Americans, including personal friends and celebrities. Only five employees were fired for this misconduct.
In response, the IRS developed new privacy protection measures. These measures were useless, with hundreds of IRS agents being caught in early 1997, again snooping through the tax records of acquaintances and celebrities.
The Clinton administration reportedly obtained hundreds of FBI files, including those of:
Page 157 PREV PAGE TOP OF DOC
Billy R. Dale: Fired Travel Office Director
Marlin Fitzwater: Bush's press secretary
Ken Duberstein: Reagan's chief of staff
James Baker: Bush's secretary of state
Tony Blankley: Newt Gingrich's spokesman
The complexity of our lives and the government's lack of knowledge about them are a bulwark against authoritarianism as important as the Constitution. As James C. Scott noted in Seeing Like A State: How Certain Schemes to Improve the Human Condition Have Failed, all through history governments have struggled to collect more information about citizens. But the more they strive, the more unlikely it is that their goals can be compatible with the complex, fast-moving life in free society. No American citizen should be treated like a suspect unless and until he is one. The ''Know Your Customer'' rule has no place in a free country.
Mr. GEKAS. Mr. Nojeim.
STATEMENT OF GREGORY T. NOJEIM, LEGISLATIVE COUNSEL, AMERICAN CIVIL LIBERTIES UNION
Mr. NOJEIM. Thank you.
Mr. GEKAS. You may have the benefit of the microphone.
Mr. NOJEIM. Thank you, Mr. Chairman. I promise not to read the footnotes in my written statement.
Page 158 PREV PAGE TOP OF DOC
I am Gregory Nojeim, legislative counsel, and I am pleased to testify on behalf of the ACLU on the ''Know Your Customer'' bank resolution. ACLU is a nonpartisan organization of over 275,000 members dedicated to protecting the principles of freedom set forth in the Bill of Rights.
The ''Know Your Customer'' regulations infringe on the privacy rights of bank customers. The regulations should be withdrawn, and Congress should ensure that no remotely similar regulations take their place. But if Congress stops there and fails to substantially modify the statutory basis for the regulations and strengthen the Right to Financial Privacy Act, it will itself have perpetrated a massive deception on the over 100,000 people who have spoken out against the regulations.
Today I will describe the current state of financial privacy and explain how the proposed ''Know Your Customer'' regulations would make a bad situation worse. I will close by suggesting statutory changes to enhance financial privacy and improvements to the Administrative Procedures Act to protect privacy and promote public participation in the rulemaking process.
Most people don't know it, but financial institutions are already required to spy on their customers. Congress wrote a blank check to authorize the Treasury Department to require them to do so. It also insulated financial institutions from civil liability for spying on their customers, and Congress barred financial institutions from telling their customers that their bank had spied on them by reporting their transactions to the Federal Government. In terms of financial privacy, this is a sorry state of affairs.
Page 159 PREV PAGE TOP OF DOC
From 1996 to 1998, banks reportedly filed 233,000 so-called suspicious activity reports with the Financial Crimes Enforcement Network, FinCEN, in the Treasury Department. Forty percent of these reports relate to money laundering. Banks suspecting money laundering must report transactions aggregating $5,000 or more any time they believe, ''the transaction has no business or lawful purpose or is not the sort in which the particular customer would normally be expected to engage.''
Banks must describe the activity they deem suspicious and report personal information about the suspect, and that is the term used in the report, ''suspect,'' including Social Security Number. They must retain for law enforcement any explanation of the transaction, and banks even have to, ''recommend any further investigation that might assist law enforcement authorities.''
These suspicious activity reports are made available electronically to every U.S. attorney's office and to 59 law enforcement agencies, including the FBI. No suspicion of crime, probable cause, reasonable grounds to believe or even mere relevance to an ongoing investigation need be shown by a law enforcement agency to FinCEN before the law enforcement agency accesses the report.
Instead of using normal law enforcement tools, such as a court order, on a subpoena, to obtain this information, many law enforcement agencies use a vacuum cleaner approach. They suck up everything FinCEN offers by periodically downloading the entire harvest of new information. The proposed ''Know Your Customer'' regulations are a law enforcement profiling scheme calculated to help banks decide when to report their customers to the government on suspicious activity reports.
Page 160 PREV PAGE TOP OF DOC
Properly viewed, the debate about ''Know Your Customer'' is not a debate about whether financial institutions will spy on their customers, it is a debate about how such surveillance will be conducted and how intrusive it will be. Bank regulators say the ''Know Your Customer'' rules do little more than formalize programs banks have adopted under pressure from their regulators. Based in part from comments of the banks and trade associations, we disagree.
First, no banking regulation now requires that banks profile their customers, and many of the ''Know Your Customer'' programs banks have voluntarily adopted do not require customer profiling, determining normal and expected transactions or ascertaining the sources of funds.
Second, to determine the source of funds, banks may feel compelled to violate customer privacy by asking intrusive personal questions about where the customer got their money.
Finally, more bank customer transactions would be reported to the government if the ''Know Your Customer'' regulation is adopted. Banks will tend to err on the side of reporting in part because it is easier to secretly report the customer than to inquire of the customer about the transaction.
Bank regulators and the courts are not doing the job to protect financial privacy. Congress should step in aggressively. Congress should strengthen the Right to Financial Privacy Act and require that suspicious activity reports that are not acted on by law enforcement within 1 year be sent to the suspect to whom they pertain unless they are needed for an ongoing criminal investigation.
Page 161 PREV PAGE TOP OF DOC
To enhance public participation in the rulemaking process, the Administrative Procedures Act should be amended to require agencies to accept e-mail comments on proposed regulations, and those who comment should be notified of the extent to which their comments will be publicized and whether they will be posted to the Internet.
The APA should also be amended to require an independent assessment of the extent to which proposed rules promote the dissemination of personally identifiable information without the knowledge of the person to whom the information pertains.
When it comes to protecting personal privacy, the buck stops here in Congress. No other institution can do what you must to protect our privacy.
Thank you.
Mr. GEKAS. Thank you very much.
[The prepared statement of Mr. Nojeim follows:]
PREPARED STATEMENT OF GREGORY T. NOJEIM, LEGISLATIVE COUNSEL, AMERICAN CIVIL LIBERTIES UNION
Mr. Chairman and Members of the Subcommittee:
I am pleased to testify today before the Commercial and Administrative Law Subcommittee of the House Judiciary Committee on behalf of the American Civil Liberties Union about the privacy implications of the proposed ''Know Your Customer'' bank regulations. The ACLU is a nation-wide, non-profit, non-partisan organization consisting of over 275,000 members dedicated to protecting the principles of freedom set forth in the Bill of Rights. The ACLU receives no funding from the federal government.
Page 162 PREV PAGE TOP OF DOC
The ACLU believes that the Know Your Customer regulations inappropriately and unnecessarily infringe on the privacy rights of bank customers. The regulations should be withdrawn and Congress should ensure that no remotely similar regulations take their place. But if Congress stops there and fails to repeal or substantially modify the statutory basis for the proposed Know Your Customer regulations, or to strengthen the Right To Financial Privacy Act, it will itself have perpetrated a massive deception on the 100,000 people who spoke out against the Know Your Customer regulation. Customers of financial institutions who are not engaged in illegal activities should have a statutory right to know when personal information about them has moved into the law enforcement world. When it comes to protecting the financial privacy rights of Americans, the buck stops with Congress. Neither the courts, the bankers, nor the bank regulators can do what you must do to protect our privacy.
Today, I will describe the current state of financial privacy and explain how the proposed Know Your Customer regulation would make a bad situation worse. I will close by suggesting the need for statutory changes to enhance financial privacy, and improvements to the Administrative Procedures Act that would enhance privacy and promote public participation in the rulemaking process.
CURRENT KNOW YOUR CUSTOMER PRACTICES
Most people do not know it, but financial institutions are already required to spy on their customers. Congress authorized the Treasury Department to require them to do so. Congress also insulated financial institutions from civil liability for spying on their customers, and Congress barred financial institutions from telling their customers that their bank had spied on them by reporting their transactions to the federal government. In terms of financial privacy, this is a sorry state of affairs. Properly viewed, the debate about the proposed Know Your Customer regulations is not a debate about whether financial institutions will spy on their customers and report to the government, it is a debate about how such surveillance will be conducted and how intrusive it will be.
Page 163 PREV PAGE TOP OF DOC
The Bank Secrecy Act authorizes the Treasury Department to require financial institutions to maintain records of personal financial transactions that ''have a high degree of usefulness in criminal, tax and regulatory investigations and proceedings.''(see footnote 60) It also authorizes the Treasury Department to require any financial institution to report any ''suspicious transaction relevant to a possible violation of law or regulation.''(see footnote 61) These reports, termed ''Suspicious Activity Reports'' are filed with the Treasury Department's Financial Crimes Enforcement Network (''FinCEN'').(see footnote 62) Between April 1, 1996 and September 30, 1997, 110,000 such reports were filed, and of those reports, approximately 40%—48,000 reports, or 130 reports every work day—were filed by financial institutions to comply with the Bank Secrecy Act.(see footnote 63) Press reports indicate that from 1996–1998, 233,000 such reports were filed.(see footnote 64)
This is done secretly, without the consent or knowledge of bank customers, any time a financial institution decides that a transaction is ''suspicious.'' The Suspicious Activity Reports are made available electronically to every U.S. Attorney's Office and to 59 law enforcement agencies, including the FBI, Secret Service and Custom Service.(see footnote 65) No suspicion of crime—probable cause, reasonable grounds to believe, or even mere relevance to an on-going investigation—need be shown by the law enforcement agency to FinCEN before law enforcement accesses the report. No court order, warrant, subpoena or even written law enforcement request showing a need for the information need be prepared and given FinCEN. Instead of using these normal law enforcement tools—often under judicial supervision—many law enforcement agencies use a vacuum cleaner. They suck up everything FinCEN offers by periodically downloading the entire harvest of new information.(see footnote 66) And they don't give it back. This tremendous loss of personal privacy occurs daily even without the Know Your Customer regulations in place.
Page 164 PREV PAGE TOP OF DOC
HINCHEY: As I understood your description, these SARs are now done electronically and they are available on a computer database, and that computer database is made available to law enforcement agencies on a routine basis because it is simply there and they can just check into it if they so desire. . . .
SERINO: Many of the law enforcement agencies draw down on a weekly or monthly basis all the information from the SAR databank in Detroit, so that a United States Attorney in New York would have his—he would draw down his suspicious activity reports, the FBI would draw them down, and they would review them themselves.
Mr. Serino also testified that he did not know whether the FBI draws down the Suspicious Activity Reports on a daily, weekly or monthly basis. See also FinCEN 1st Review at Ch. 2, Federal Law Enforcement Agencies. For example, the Secret Service downloads Suspicious Activity Reports from FinCEN, then immediately loads them onto the Secret Service's Intranet where the information can be searched by all Secret Service field offices.
Banks must file Suspicious Activity Reports for many reasons,(see footnote 67) including whenever they believe transactions(see footnote 68) aggregating $5,000 or more involve potential money laundering or violations of the Bank Secrecy Act if the financial institution has reason to suspect that:
(i)
the transaction involves funds derived from illegal activities or is intended to conceal such funds to evade any law or regulation, including reporting regulations;
Page 165 PREV PAGE TOP OF DOC
(ii)
the transaction is designed to evade any Bank Secrecy Act regulation; or
(iii)
the transaction has no business or lawful purpose or is not the sort in which the particular customer would normally be expected to engage, and the financial institution has no reasonable explanation for the transaction after examining the available facts, including background and possible purpose of the transaction.(see footnote 69)
To the extent known, the financial institution must report personal information about the ''suspect.''(see footnote 70) It must also provide a complete narrative description of the activity it deems suspicious, explain who benefited, and retain for law enforcement any confession, admission, or explanation of the transaction. The financial institution must also ''recommend any further investigation that might assist law enforcement authorities.''(see footnote 71) Financial institutions must also report currency transactions in excess of $10,000 separately to the IRS on Form 4789, the Currency Transaction Report.
FinCEN cites ''the 'natural hesitancy' of organizations to track the relationship between the volume of reported information and the opening of particular cases''(see footnote 72) to justify the lack of adequate reporting on the usefulness of this massive surveillance system in obtaining money laundering convictions. However, it appears that the Suspicious Activity Reporting System may be reporting more information than even law enforcement wants.(see footnote 73)
Page 166 PREV PAGE TOP OF DOC
THE KNOW YOUR CUSTOMER REGULATIONS
On December 7, 1998, the Comptroller of the Currency,(see footnote 74) the Office of Thrift Supervision,(see footnote 75) the Federal Reserve Board(see footnote 76) and the Federal Deposit Insurance Corporation(see footnote 77) published proposed ''Know Your Customer'' regulations. These regulations would worsen the already sad state of financial privacy. The regulations would require banks and thrift institutions to:
(i)
identify their customers;
(ii)
determine the sources of funds for each customer;
(iii)
determine the ''normal and expected'' transactions of each customer;
(iv)
monitor each customer's account activity and measure it against historical patterns; and
Page 167 PREV PAGE TOP OF DOC
(v)
report to the U.S. Treasury Department's Financial Crimes Enforcement Network (FinCEN) any transactions that are ''suspicious'' because they do not conform to historical patterns.
In short, the proposed Know Your Customer regulations are a law enforcement profiling scheme.(see footnote 78) Financial institutions would create customer profiles and monitor customer transactions to determine which transactions do not fit the profile and are therefore suspicious, and report those transactions to the government. To meet the command that the financial institution determine the sources of each customer's funds, the financial institution would have to compile the equivalent of a dossier on each customer. The product of the profile—in the form of a Suspicious Activity Report—would be sent to the Treasury Department's FinCEN. As is the practice today, FinCEN would evaluate the report and affirmatively send it to the Attorney General when there is ''reason to believe that the records may be relevant'' to a crime, and passively allow law enforcement access to the records regardless of its assessment of whether the SAR reflects evidence of crime.
Under these regulations, same bank teller who smiles at the end of the banking transaction and says ''have a nice day'' could also be charged and trained to investigate the customer's sources of funds. Officials of financial institutions would do the work of law enforcement more than ever before. Their mission would be not only to conduct banking operations, but also to spy on their customers and the sources of their funds, and report to the government. The proposed Know Your Customer regulations are calculated to further enlist banks in the fight against money laundering—the process of disposing of the proceeds of illegal activity including drug sales. They would turn normal law enforcement practices up side down. Everyone is presumed suspicious since for each customer, intrusion is the norm, not the exception, because their banking practices must be profiled and their sources of funds ascertained.
Page 168 PREV PAGE TOP OF DOC
IMPLEMENTATION OF THE PROPOSED KNOW YOUR CUSTOMER REGULATION WOULD FURTHER DIMINISH FINANCIAL PRIVACY
The proposed Know Your Customer regulations were issued to help financial institutions determine when to report to the government transactions of their customers by filing Suspicious Activity Reports. Financial institution regulators have said that implementation of the Know Your Customer regulations would do little more than formalize the Know Your Customer programs that financial institutions have ''voluntarily'' adopted under pressure from their regulators.(see footnote 79) To the extent this statement is correct, it exposes the damage to financial privacy that has already been done. At the same time, though, the FDIC admitted that the proposed regulations would require financial institutions to gather information about customers that could be abused and must be safeguarded, and felt compelled to caution banks to collect only the information necessary to comply with its intrusive regulation.(see footnote 80) We believe the proposed regulations would make several significant changes in current banking practices that would further diminish financial privacy interests.
First, no banking regulation now requires that banks profile their customers and many if not most of the Know Your Customer programs banks have voluntarily adopted do not require customer profiling. To profile a customer, banks would have to ascertain the sources of funds for each customer and determine their normal and expected transactions. In the case of businesses, banks would be required to ascertain the type of the business in which the corporation, partnership, or sole proprietor engages.
Though regulators characterize this information as essential to determine whether a customer's actual use of the account conforms to what was expected when the account was opened, the proposed regulations do not tell financial institutions how to make this assessment. Financial institutions will in many cases feel compelled to conduct their own investigations, and thus further violate their customer's interests in financial privacy. Ascertaining the source of funds is a qualitative, not a quantitative process, and it is one many financial institutions do not undertake. Current law and current regulations do not require that banks pry into the source of funds of their customers on a blanket basis, or the nature of their businesses. This in and of itself is detrimental to customer privacy.
Page 169 PREV PAGE TOP OF DOC
Second, financial institutions are not currently required to search specifically for suspicious transactions, but rather only to report transactions that come to their attention and appear to be suspicious. The proposed Know Your Customer regulation would require such searching.
Third, financial institutions would have to monitor all transactions, not just large cash transactions and attempts to ''smurf.'' (i.e., the practice of splitting a large transaction into many separate transactions to evade reporting requirements.) Every transaction would have to be monitored to determine whether it falls outside of the usual and expected transactions for a particular category of customer.
Fourth, many financial institutions would inquire of their customers about transactions that do not fit the customer's profile. What business is it of the banker that a large deposit from a particular customer resulted from a gift instead of from a job? No teller wants to be in the position of asking the customer where the money came from, and being answered with the sad, tight-lipped, reply that the customer's father passed away and left money to the customer.
Fifth, all of the financial institutions that do not now have in place a Know Your Customer program would be required to adopt one under the proposed regulations. In fact, the FDIC views the proposed regulation as a way to ''level the playing field'' between institutions that do not have Know Your Customer Programs and those that do.(see footnote 81)
Page 170 PREV PAGE TOP OF DOC
Sixth, the proposed regulations would require financial institutions to determine the ''true identity'' of their customers, and their sources of funds. Instead of merely ascertaining the identity of the person opening the account, they would have to list all those who benefit from an account, including clients of financial advisors, trust beneficiaries, and those who have a beneficial interest in an escrow account. Financial institutions would be put in the position of determining the sources of funds for people with whom they have no banking relationship.
Finally, more, not fewer, Suspicious Activity Reports would be filed with the government's FinCEN if the Know Your Customer regulation was adopted. We believe this because one of the stated objectives of the proposal is to increase reporting of suspicious activity.(see footnote 82) In addition, whenever a transaction is unusual for a particular customer, financial institutions will tend to err on the side of reporting in part because it is easier, and less embarrassing to the financial institution, to report the customer to the government than it is to inquire of the customer about the transaction.
Financial institutions would be required to report transactions that are not ''normal and expected'' for a particular customer, according to that customer's profile. As many have already pointed out, many ''unusual'' transactions for a particular customer are in fact quite usual and ought not be reported as ''suspicious'' to the federal government. Whether it is an inheritance, a law suit settlement, an automobile purchase or the payment of college tuition, large transactions may be uncommon for a particular customer. He or she should not have to explain the transaction to their banker to avoid the filing of a Suspicious Activity Report. Many small businesses also have large ''unusual'' transactions, such as receiving a retainer fee or paying for equipment. These concerns are amplified because if the customer's explanation of the transaction does not sufficiently allay the suspicion of the banker, the customer's explanation must be flagged in the Suspicious Activity Report and a record made available to law enforcement.
Page 171 PREV PAGE TOP OF DOC
The proposed Know Your Customer regulations cannot be fixed and should be withdrawn. The entire premise of the regulation is inconsistent with customer privacy. Moreover, Congress should step in to protect customer privacy because financial institutions are not doing the job.
BANK PRIVACY POLICIES AND PRACTICES
The privacy policies that have been voluntarily adopted by banks are woefully inadequate. They do not explain the circumstances under which banks report financial transactions to the federal government as ''suspicious,'' even though some of that information is in the public domain. They do not even advise customers of the number of Suspicious Activity Reports the bank sent to the federal government in the last year, and the number of their customers they reported as ''suspects.'' Instead, customers are given only a soothing assurance that the bank believes that customer financial privacy is important, but that the bank will share personal financial information in many circumstances, and will provide sensitive customer information to ''regulatory authorities and law enforcement officials in accordance with applicable law'' as Chase Manhattan puts it. I have attached a few bank privacy policies.
We are particularly concerned about the reactions of the financial institutions to the proposed Know Your Customer regulations. Most of the early comments from financial institutions and their trade associations did not sufficiently take into account the effect on financial privacy that the proposed regulations would have. Instead of saying from the start that the proposed regulations damage financial privacy and should be withdrawn, most argued that the proposed regulations should be applied to more entities—such as mutual funds and credit unions—so that banks would not face a competitive disadvantage. This is not a pro-privacy position.
Page 172 PREV PAGE TOP OF DOC
CONGRESSIONAL ROLE IN PROTECTING FINANCIAL PRIVACY
The institution best positioned to protect financial privacy is the Congress. The Supreme Court ruled in United States v. Miller, 425 U.S. 435 (1976) that individuals do not have a ''reasonable expectation of privacy'' under the Fourth Amendment in financial records pertaining to them but maintained by a bank in the normal course of business. See also California Bankers Assoc. v. Shulz, 416 U.S. 21 (1974) (upholding the then limited reporting requirements of the Bank Secrecy Act. ACLU was a plaintiff in this case).
In response to these Supreme Court rulings, Congress enacted the Right to Financial Privacy Act.(see footnote 83) But it is clear that the right to financial privacy that was created is riddled with loopholes, including one very large loophole to accommodate financial institution reporting under the Bank Secrecy Act.(see footnote 84) Though the Right to Financial Privacy Act contemplates that notice will be given customers when financial records are transferred from one federal agency to another(see footnote 85) notice is not given when Suspicious Activity Reports are furnished by FinCEN to law enforcement officials.
Members of Congress could take a number of steps to enhance financial privacy:
First, Congress should refrain from urging bank regulators to issue Know Your Customer regulations, and from creating more incentives for financial institutions to file more Suspicious Activity Reports. Section 8 of H.R. 4005, ''The Money Laundering Deterrence Act of 1998'' which passed the House of Representatives last year on a voice vote under a suspension of the rules would have required bank regulators to issue Know Your Customer regulations within four months. Similarly, Section 1408 of S.5, the ''Drug-Free Century Act'' now pending in the Senate, would express the Sense of Congress that Know Your Customer regulations should be expedited. Section 1403 of S. 5 would expand to contracts and other legally enforceable agreements the safe harbor provisions of the Bank Secrecy Act, thus stimulating more Suspicious Activity Reports.
Page 173 PREV PAGE TOP OF DOC
While we believe that the Bank Secrecy Act should be repealed (we challenged it in court under the Fourth, Fifth and First Amendments), Congress could take a number of steps short of repealing the Bank Secrecy Act to protect customer privacy.
Sunshine might go a long way toward protecting the privacy of the customers of financial institutions. At present, officials of financial institutions find themselves between a rock and a soft place. The ''rock'' is the threat of massive sanctions and penalties for violating the Bank Secrecy Act by failing to file a Suspicious Activity Report, or failing to have in place procedures calculated to facilitate the filing of such reports. The ''soft place'' is the safe harbor afforded financial institutions for reporting as suspicious the financial transactions of their customers,(see footnote 86) together with the statutory assurance that their customers will never know that their bank reported their transactions to the government.
Thus, financial institutions have every incentive to report anything out of the ordinary as ''suspicious'' and little disincentive to refrain from inundating FinCEN with reports about their customers' perfectly legal, but unusual, transactions. Worse still, FinCEN retains all the reports, as may the law enforcement entities that download its data.(see footnote 87) Congress should level the playing field. It should require that Suspicious Activity Reports that are not acted on (i.e. are not the subject of a criminal investigation) within one year of filing be sent to the ''suspect'' to whom they pertain, unless law enforcement can show a continuing need for the information as a result of an ongoing criminal investigation.
Congress should also examine amending the Right to Financial Privacy Act to ensure that the privacy and notice it promises become more the rule, not the exception.
Page 174 PREV PAGE TOP OF DOC
CHANGES TO THE ADMINISTRATIVE PROCEDURES ACT
It is within the jurisdiction of this Subcommittee to consider changes in the Administrative Procedures Act that would further open the process of rulemaking to public comment, and would ensure that everything possible is done to protect the privacy of the people who have to live under administrative rules.
Massive public outrage brought home to the bank regulators and to members of Congress the danger to privacy posed by the Know Your Customer proposed regulations. To a large extent, the public learned about the proposed rules through the Internet. Most of the comments received from the public were submitted by e-mail. People in a sense ''voted'' on the regulations by pointing and clicking, and they took the time to explain their vote to the regulators. Though staff were inundated with comments, FDIC Chairperson Donna A. Tanoue was quoted as saying about the importance of receiving e-mail comments, ''I believe it is the only way to go for the future. . . . The FDIC would encourage it.''(see footnote 88)
Yet, the Administrative Procedures Act only requires that comments be written, and does not specify how they can be conveyed. In this particular rulemaking, the NPR issued by the Federal Reserve Board invited only hand delivered and mailed-in comments. The Comptroller of the Currency, the Office of Thrift Supervision and the Federal Deposit Insurance Corporation invited comments by hand delivery, mail, fax and e-mail. The Act should be amended—or an appropriate administrative order issued—to require agencies to allow comment by all of these means, including e-mail.
Page 175 PREV PAGE TOP OF DOC
Many angry comments were sent by e-mail. It is quite likely that many people who commented did not realize that their comments would be made part of a public record and could be posted to the Internet, as is the practice of some agencies. The APA should be amended, or an appropriate administrative order issued, to ensure that an adequate notice is given so that those who comment know the extent to which their comments may be publicized.
By statutory mandate, executive order, or administrative rule, agencies evaluate the extent to which proposed regulations have an economic impact on small entities, impose record keeping requirements, and constitute an unfunded mandate to the states. However, nothing(see footnote 89) requires agencies—or preferably a separate agency in the federal government—to consider the privacy implications of proposed regulations.
The Administrative Procedures Act should be amended to require such a privacy assessment. It would include an evaluation of the extent to which the proposed rule would result in the dissemination of personally identifiable information without the consent or knowledge of the person to whom the information pertains, and of less invasive policy alternatives that could achieve substantially the same results without the same effect on personal privacy. The evaluation could be premised on the notion that a loss of personal privacy is a potential ''cost'' associated with new regulatory regimes. We believe that this assessment should be conducted by an independent body answerable to Congress. The person assessing the privacy effects of a proposed regulation ought not be answerable to the agency that proposed the privacy violation. To borrow a phrase from Bruce Phillips, the head of Canada's privacy commission, this body could become the ''pinch hitter for the little guy.''
Page 176 PREV PAGE TOP OF DOC
CONCLUSION
The biggest privacy problem with the Know Your Customer regulations is the law on which they are based. Implementing the proposed regulations would make worse a bad situation in terms of financial privacy. We believe that Justice Douglas got it right when he said, in disputing the justification for the record keeping requirements of the Bank Secrecy Act, that those records will be useful in criminal, tax and regulatory proceedings, that:
It would be highly useful to governmental espionage to have like . . . reports from all our bookstores, all our hardware and retail stores, all our drugstores. These records too might be ''useful'' in criminal investigations . . . A mandatory recording of all telephone conversations would be better than the recording of checks under the Bank Secrecy Act, if Big Brother is to have his way. . . . That is unadulterated nonsense unless we are to assume that every citizen is a crook, an assumption I cannot make. 416 U.S. 85–86.
The proposed Know Your Customer regulations should be withdrawn and Congress should enact new legislation to protect financial privacy.
62436e.eps
62436f.eps
62436g.eps
Page 177 PREV PAGE TOP OF DOC
Mr. GEKAS. If you will indulge the Chair, I want to ask each of you a question I consider pertinent.
You stated, Mr. Nojeim, that too often the Congress offers a blank check, and then the regulators, I suppose, go wild with that blank check. We really are trying to be cognizant of that. That is why we enacted some of the things we did under the Contract with America to tighten up on the possibilities of judicial review in some of the regulations, and regulatory flexibility analysis, all these things. We are really trying, but we do ask ACLU and other citizens to alert us when you think a particular statute does amount to a blank check. We worry about that. We don't want to do that, believe it or not. So I would ask you to keep vigilant on the blank check.
You made a good distinction, Mr. Nojeim, on the surveillance. Surveillance is a noble tool on the part of law enforcement, but I take it you are talking about how surveillance should be targeted toward an accused or someone suspected of wrongdoing, not surveillance of an entire list of bank customers. Is that the distinction you want to try to make?
Mr. NOJEIM. I want to endorse the views of Mr. Delahunt, the views he offered at the outset. We have to start thinking about what it means when we deputize private elements in society to do surveillance work for law enforcement. We do see it a lot. Employers are required to investigate whether their employees are qualified to work. Doctors may be keeping medical records that would be easily accessible to law enforcement under the proposal from the administration. And here banks are given surveillance duties with respect to their customers. Well, customers ought to know what the bankers are doing with their personal information, and they don't right now.
Page 178 PREV PAGE TOP OF DOC
Attached to my testimony are some of the bank privacy statements. You don't see one banker saying with any level of detail the extent to which that bank reports their customers' transactions as suspicious.
When it comes to the blank check, the blank check was issued in 1970 in the Bank Secrecy Act. First, the Bank Secrecy Act has recordkeeping requirements. The act requires banks to maintain records that, ''have a high degree of usefulness in criminal, tax and regulatory investigations and proceedings.'' The act also has a reporting requirement. It requires banks to ''report suspicious transactions relevant to a possible violation of law or regulation.''
Mr. GEKAS. Blank check.
Ms. Singleton, I was struck by your differentiation between the cause of maintaining the rights of privacy on the part of citizens that are announced by government officials, but then there might be a reluctance to apply that to government actions which go contra to preserving privacy. That is also an ongoing problem with which we have to deal. This one, I would take it, you would feel is one where privacy is preeminent in the considerations.
Ms. SINGLETON. Yes. It seems that sort of, to put the problem in a nutshell, that the left hand of government doesn't know what the right hand is doing. If I could maybe just think about where the whole debate should be going, I think it is important to look back to the United States Constitution, and to the fourth amendment, which you alluded to in your previous question, which would suggest that before the government treats a citizen like a suspect, they should have a showing of probable cause. So that is one important constitutional principle.
Page 179 PREV PAGE TOP OF DOC
Another one I would say is the doctrine of enumerated powers. That is to say it makes very little sense to have a Federal Government pursuing enormously ambitious administrative programs over every aspect of one's day-to-day life and say, we trust them with this power, but we don't trust them with the information they want to administer these programs.
I think when you enlarge the scope of the Federal Government, it will inevitably follow you and will enlarge demands for information, the logic of extending government. It becomes very difficult to resist the logic of eroding privacy.
Mr. GEKAS. Thank you.
Mr. McLaughlin, you mentioned something which also has been recognized by Members of Congress; that is, the cost attending to burdensome regulations generally, and particularly in this one. You said, for instance, one bank would have to spend $110,000 to keep up with the demand. Would that mean lawyers' fees and accounting fees, extra personnel?
Mr. MCLAUGHLIN. Mr. Chairman, that would not even include lawyers' fees——
Mr. GEKAS. Oh, my.
Mr. MCLAUGHLIN [continuing]. Other than the lawyer doing an analysis of what the bank had to do, that estimate was based on the bank developing and implementing the system necessary to provide the overall review of the accounts, the monitoring, keeping the records, so on.
Page 180 PREV PAGE TOP OF DOC
Mr. GEKAS. Is that in-house expense?
Mr. MCLAUGHLIN. In-house costs, yes.
Mr. GEKAS. And if you add the costs to it, with extra stationery costs or what?
Mr. MCLAUGHLIN. I am not sure whether the extra stationery was there, but I am sure with $110,000 the stationery cost is minimal.
Mr. GEKAS. But we recognize that is one of the reasons we entered into the modifications in the last few years on regulatory guidance to try to reduce the cost for small businesses, et cetera.
Mr. Anthony, you mentioned that—this is another thing that is golden for us—to reiterate the importance of following the rulemaking processes announced by the Administrative Procedures Act. We have been preaching that so often, and we have become rebuked too often when we cry out, why don't you follow the rules that are inherent in the Administrative Procedures Act.
One of the things you said, also, is important to us. When you emphasize that the particular regulation should include in the ''Know Your Customer'' rules—should include, I take it from that, correct me if I am wrong, that the whole thing is too vague, is that what you were trying to get across?
Page 181 PREV PAGE TOP OF DOC
Mr. ANTHONY. Yes, indeed, Mr. Chairman, it is vague. It is not specific, not concrete. Therefore, it leaves these questions open that were referred to by members of the earlier panel, which would have to be spelled out by these low-profile interpretations and guidances and other documents which don't go through a rulemaking procedure, don't get the benefit of all these public comments of the sort we heard reported on today, and I think are inconsistent with the rule of law.
Mr. GEKAS. Thank you.
Mr. Glover, I was ecstatic when I heard you commend the trend toward giving more impact and more input on the part of small business in the final regulation that is targeted to regulate them. And we who put great stock in, for the first time, introducing judicial review to the system are happy to hear you have good reports that that part is working.
Let me ask you, when you started off, you said about big banks and small banks, that really the big banks are going to be more adversely affected. Where is the cutoff between big banks and small banks, in architecture?
Mr. GLOVER. I was attempting humor there. Given the hour and time, I thought that big banks have started charging customers fees when they meet with tellers, and for those banks, obviously knowing their customer is the furthest from their mind. So it was an attempt to be humorous.
But there are differences between large and small banks. We do a lot of analysis of that, and we publish it. We are currently doing a banking study to determine which banks are friendly to small business. We looked at bank holding companies. We looked at bank mergers. We are working on a study showing which banks are friendly to small farms. We looked at a bunch of different information, and the definition that we looked at varied depending on what they are proposing to do and what the burdens are.
Page 182 PREV PAGE TOP OF DOC
One of the concerns here is that they didn't really make that kind of analysis. They didn't say, ''okay, small business finds that the biggest part of regulatory complaints is often just understanding what the regulation says and means.'' When you have very vague regulatory requirements, the costs for the small business to figure out the means they have to hire consultants and hire lawyers, often causes the costs to go up exponentially.
You can tell a small business what to do, and they will figure how to do it. When you say ''go out and figure something out,'' the cash register starts ringing. They suddenly state, ''I don't know how to do this, and I don't know anybody who does know it.'' If you talk about a rural bank, they could be out of the information loop.
So it is a challenge. I know the banking associations do things to try to help. The Independent Bankers Association of America and the American Bankers Association try to help, but these are still very burdensome kinds of regulations. You tell them what to do, they can live with that, but I was concerned with——
Mr. GEKAS. There was another thing that puzzled me on how we can try to help to remedy. You said out of the four agencies, that two agencies did try to comply with RegFlex, but that their analyses fell short of what you felt might be required.
What is your remedy for that when you feel that—and we are told they did comply, but really they fell short of it. How do we test that? How do we review that?
Mr. GLOVER. First of all, we file comment letters, and we will be filing one on Monday, which is the due date with the agencies where we point out our concerns. We report to Congress on which agencies are complying and which are not. Every one of our comment letters are put on our Web site on the Internet within a few days.
Page 183 PREV PAGE TOP OF DOC
Mr. GEKAS. I understand, but what I am getting at is this: Agency X says it has complied with RegFlex. You as the SBA representative look at it and say they have fallen short. They did not really—even though they tried, they didn't fulfill the obligation.
What is the remedy there? Is it judicial review?
Mr. GLOVER. Absolutely. In the two agencies we don't think there is any question. Reasonable people can differ.
Mr. GEKAS. I understand that.
Mr. GLOVER. That is subject to an individual filing a legal action and challenging their compliance. Then with judicial review under the Regulatory Flexibility Act we have seen several regulations simply thrown out by the courts because the agencies did not comply. The Regulatory Flexibility Act certification used to be the ''get out of regulatory compliance'' for the agencies where they simply certified everything as not having a ''significant economic impact on a substantial number of small businesses,'' but with judicial review that loophole is closed. But some agencies are still doing it. The courts are going in and throwing them out when the agencies improperly certify.
Mr. GEKAS. Thank you.
I want to declare victory for the American people here today in the troubled dismissal of an onerous rule and burdensome feature of their relationship with their bankers and with banking institutions. If the last panel was the Four Horsemen of the Apocalypse, this is the starting five here of a basketball team that has entered the Final Four in the tournament, and I declare you champions and wish you all well, and thank you for your participation in this hearing.
Page 184 PREV PAGE TOP OF DOC
This hearing is concluded.
[Whereupon, at 12:20 p.m., the subcommittee was adjourned.]
(Footnote 1 return)
My oral testimony and responses to questions you may have reflect my own views and are not necessarily the views of the Commission or any Commissioner.
(Footnote 2 return)
Testimony of Alan F. Westin on ''Electronic Payment Systems, Electronic Commerce, and Consumer Privacy'' before the Subcommittee on Financial Institutions and Consumer Credit, House Committee on Banking and Financial Services, at 4 (September 18, 1997).
(Footnote 3 return)
Know Your Customer, 63 Fed. Reg. 67,516 (1998) (to be codified at 12 C.F.R. pts. 208, 211, and 225) (proposed Dec. 7, 1998).
(Footnote 4 return)
Know Your Customer, 63 Fed. Reg. 67,524 (1998) (to be codified at 12 C.F.R. Pt. 21) (proposed Dec. 7, 1998).
(Footnote 5 return)
Know Your Customer, 63 Fed. Reg. 67,536 (1998) (to be codified at 12 C.F.R. Pt. 563) (proposed Dec. 7, 1998).
(Footnote 6 return)
Know Your Customer, 63 Fed. Reg. 67,529 (1998) (to be codified at 12 C.F.R. Pt. 326) (proposed Dec. 7, 1998).
(Footnote 7 return)
The Commission notes that federal law already limits the government's access to an individual customer's bank records, and that that statutory protection would be unaffected by the proposed Know Your Customer rules. See Right to Financial Privacy Act, 12 U.S.C. §3401 et seq.
(Footnote 8 return)
15 U.S.C. §45(a).
(Footnote 9 return)
The Commission does not have criminal law enforcement authority. Further, certain entities, such as banks, savings and loan associations, and common carriers, as well as the business of insurance are wholly or partially exempt from Commission jurisdiction. See Section 5(a)(2) of the FTC Act, 15 U.S.C. §45(a)(2), and the McCarran-Ferguson Act, 15 U.S.C. §1012(b).
(Footnote 10 return)
15 U.S.C. §46(a). However, the Commission's authority to conduct studies and prepare reports relating to the business of insurance is limited. According to 15 U.S.C. §46(a): ''The Commission may exercise such authority only upon receiving a request which is agreed to by a majority of the members of the Committee on Commerce, Science, and Transportation of the Senate or the Committee on Energy and Commerce of the House of Representatives. The authority to conduct any such study shall expire at the end of the Congress during which the request for such study was made.''
(Footnote 11 return)
These include, for example, the Truth in Lending Act, 15 U.S.C. §1601 et seq., which mandates disclosures of credit terms, and the Fair Credit Billing Act, 15 U.S.C. §1666 et. seq., which provides for the correction of billing errors on credit accounts. The Commission also enforces over 30 rules governing specific industries and practices, e.g., the Used Car Rule, 16 C.F.R. Part 455, which requires used car dealers to disclose warranty terms via a window sticker; the Franchise Rule, 16 C.F.R. Part 436, which requires the provision of information to prospective franchisees; and the Telemarketing Sales Rule, 16 C.F.R. Part 310, which defines and prohibits deceptive telemarketing practices and other abusive telemarketing practices.
(Footnote 12 return)
For example, in 1992, Citicorp Credit Services, Inc., a subsidiary of Citicorp, agreed to settle charges that it aided and abetted a merchant engaged in unfair and deceptive activities. Citicorp Credit Services, Inc., 116 F.T.C. 87 (1993). In 1993, the Shawmut Mortgage Company, an affiliate of Shawmut Bank Connecticut, N.A., and Shawmut Bank, agreed to pay almost one million dollars in consumer redress to settle allegations that it had discriminated based on race and national origin in mortgage lending. United States v. Shawmut Mortgage Co., 3:93CV–2453AVC (D. Conn. Dec. 13, 1993). The Commission brought the Shawmut case jointly with the United States Department of Justice. In 1996, the J.C. Penney Company entered into a consent decree and paid a civil penalty to resolve allegations that the company failed to provide required notices of adverse actions to credit applicants. United States v. J.C. Penney Co., CV964696 (E.D.N.Y. Oct. 8, 1996). In 1998, in conjunction with the law enforcement efforts of several state attorneys general, the Commission finalized a settlement agreement with Sears, Roebuck and Company that safeguards at least $100 million in consumer redress based on allegations that the company engaged in unfair and deceptive practices in its collection of credit card debts after the filing of consumer bankruptcy. Sears, Roebuck and Co., C–3786, 1998 FTC LEXIS 21 (Feb. 27, 1998). The Commission also worked with state attorneys general in resolving allegations against other companies that involved practices in the collection of credit card debts after the debtors had filed for bankruptcy. Montgomery Ward Corp., C–3839 (Dec. 11, 1998); May Department Stores Co., File No. 972–3189, 1998 FTC LEXIS 117 (Nov. 2, 1998).
(Footnote 13 return)
Commission staff participates in numerous task forces and groups concerned with, for example, fair lending, leasing, subprime lending, electronic commerce, and commerce on the Internet, all of which have an impact on the financial services industry.
(Footnote 14 return)
Testimony of the Commission on ''Obtaining Confidential Financial Information by Pretexting'' before House Committee on Banking (July 28, 1998).
(Footnote 15 return)
Section 13(b) of the FTCA authorizes the Commission to seek equitable relief in federal court in cases of fraud and other serious misconduct. 15 U.S.C. §53(b).
(Footnote 16 return)
15 U.S.C. §1681 et seq.
(Footnote 17 return)
See, e.g., 15 U.S.C. §1681(a)(4)(''There is a need to insure that consumer reporting agencies exercise their grave responsibilities with fairness, impartiality, and a respect for the consumer's right to privacy.'') (emphasis added).
(Footnote 18 return)
15 U.S.C. §1681–1681u.
(Footnote 19 return)
15 U.S. C. §1681b.
(Footnote 20 return)
15 U.S.C. §1681–1681u.
(Footnote 21 return)
15 U.S.C. §1681n–1681o.
(Footnote 22 return)
15 U.S.C. §1681s.
(Footnote 23 return)
15 U.S.C. §1681s(a)(2). The Act creates a private right of action for actual damages proven by a consumer, plus costs and attorneys fees. In the case of willful violations, the court may also award punitive damages to a consumer. 15 U.S.C. §1681n(a)(2). Any person who procures a consumer report under false pretenses, or knowingly without a permissible purpose, is liable for $1000 or actual damages (whichever is greater) to both the consumer and to the consumer reporting agency from which the report is procured. 15 U.S.C. §1681n(b).
(Footnote 24 return)
Section 603(d) of the FCRA, 15 U.S.C. §1681a(d) (''The term ''consumer report'' . . . does not include (A) any report containing information solely as to transactions or experiences between the consumer and the person making the report.'').
(Footnote 25 return)
In 1997, the Commission conducted a study of database services, known as ''look-up services'' or ''individual reference services,'' that make commercially available personal information used to locate and identify individuals. The study examined how such services operate and, more importantly, whether and how they may create detailed profiles on consumers containing financial and other sensitive personal information. It culminated in a report to Congress summarizing what the Commission had learned about the individual reference services industry and assessing the viability of a proposed set of industry self-regulatory principles, which portend to provide some controls on the disclosure of sensitive personal information. Individual Reference Services: A Federal Trade Commission Report to Congress (December 1997) [hereinafter ''IRSG Report''].
(Footnote 26 return)
15 U.S.C. §1681a(d)(2)(A).
(Footnote 27 return)
B. Givens, The Privacy Rights Handbook 231–32 (1997).
(Footnote 28 return)
Official Transcript of ''FTC Consumer Identity Fraud Meeting,'' August 20, 1996 [hereinafter ''ID Theft Transcript''] at 12–13. A copy of the transcript is available online at <http://www.ftc.gov/ftc/conferences/htm>.
(Footnote 29 return)
See, e.g., IRSG Report, at 17.
(Footnote 30 return)
Givens, supra note 2, at 231.
(Footnote 31 return)
E. Hendricks, Identity Theft Key to Major Medical Fraud Operation, Privacy Times, Feb. 6, 1998, Vol. 18, No. 3, at 3–4.
(Footnote 32 return)
ID Theft Transcript at 11–12.
(Footnote 33 return)
See, e.g., IRSG Report at 17; Givens, supra note 2, at 232.
(Footnote 34 return)
PL 105–318, 112 Stat. 3007, amending 18 U.S.C. §1028 (1998).
(Footnote 35 return)
It is estimated that public and private entities, including the three major credit bureaus, receive over 500,000 identity theft complaints a year. This help line will supplement, but is not intended to replace entirely, these existing means of receiving complaints.
(Footnote 36 return)
The Commission held its first public workshop on privacy in April 1995. In a series of hearings held in October and November 1995, the FTC examined the implications of globalization and technological innovation for competition issues and consumer protection issues, including privacy concerns. At a public workshop held in June 1996, the Commission examined Web site practices in the collection, use, and transfer of consumers' personal information, including sensitive medical and financial information; self-regulatory efforts and technological developments to enhance consumer privacy; consumer and business education efforts; the role of government in protecting online information privacy; and special issues raised by the online collection and use of information from and about children. The Commission published a summary of the workshop testimony in a December 1996 staff report entitled Consumer Privacy on the Global Information Infrastructure. The agency also held a four-day workshop in June 1997 to explore issues raised by individual reference services, as well as issues relating to unsolicited commercial e-mail, online privacy generally, and children's online privacy.
(Footnote 37 return)
The Report is available on the Commission's Web site at www.ftc.gov/reports/privacy3/index.htm.
(Footnote 38 return)
Both in the Report and in subsequent Congressional testimony, the Commission recommended that Congress consider legislation to address the online collection of identifying personal information from young children. Report at 42–43; Testimony on ''Consumer Privacy on the World Wide Web'' before Subcommittee on Telecommunications, Trade and Consumer Protection, House Committee on Commerce (July 21, 1998) at 13–19. On October 21, 1998, President Clinton signed the Children's Online Privacy Protection Act (COPPA), which requires that Web sites that collect identifying personal information from children under the age of thirteen implement safeguards to ensure parental involvement and control in the collection and use of their children's personal information. Title XIII, Omnibus Consolidated and Emergency Supplemental Appropriations Act of 1999, Pub. Law 105–277, 112 Stat. 2681, XX (October 21, 1998). The COPPA authorizes the Commission to promulgate regulations to effectuate the statutory principles of parental notice and consent, as well as other required fair information practices. The Commission soon will initiate a rulemaking proceeding under the Act.
(Footnote 39 return)
B.I.T.S. was established in 1996 by the Bankers Roundtable, a consortium of the 125 largest banks in the United States, to examine issues related to electronic payment systems, including infrastructure security issues and consumer privacy.
(Footnote 40 return)
The Office of Advocacy, established by Public Law 94–305, is an independent office charged with representing the views and interests of small businesses before the Federal government. By law, the Chief Counsel is appointed by the President from the private sector and confirmed by the Senate. The Chief Counsel's comments and views are his own and do not necessarily reflect the views of the Administration or the U.S. Small Business Administration.
(Footnote 41 return)
5 U.S.C. §601 et seq.
(Footnote 42 return)
Public Law 104–121, 110 Stat. 857 (codified at 5 U.S.C. §601 et seq.).
(Footnote 43 return)
The studies are available on SBA's Internet website at ''www.sba.gov/ADVO/stats/''.
(Footnote 44 return)
5 U.S.C. §605(b).
(Footnote 45 return)
5 U.S.C. §603.
(Footnote 46 return)
5 U.S.C. §604.
(Footnote 47 return)
Appendix A.
(Footnote 48 return)
''The Regulatory Flexibility Act: An Implementation Guide for Federal Agencies,'' U.S. Small Business Administration, Office of Advocacy, 1998.
(Footnote 49 return)
In 1998, the Office of Advocacy received inquiries from the Office of Thrift Supervision on proposed two regulatory actions prior to their publication in the Federal Register.
(Footnote 50 return)
See Appendix B.
(Footnote 51 return)
The Regulatory Flexibility Act: An Implementation Guide for Federal Agencies,' U.S. Small Business Administration, Office of Advocacy, 1998, at page 22.
(Footnote 52 return)
Regulations H, K, Y: State Banking Institutions Federal Reserve System Membership, International Banking Operations, and Bank Holding Companies and Bank Control Change; ''Know Your Customer'' Requirements; Minimum Security Devices and Procedures and Bank Secrecy Act Compliance; and the Development and Maintenance of ''Know Your Customer'' Programs to Deter and Detect Financial Crimes; Proposed Rules, 63 Federal Register 67516 et seq.
(Footnote 53 return)
12 U.S.C. 1951 et seq.
(Footnote 54 return)
31 U.S.C. 5311 et seq.
(Footnote 55 return)
For a detailed summary of privacy law in the United States, see ''Financial Privacy in America'' on aba.com.
(Footnote 56 return)
On February 10, 1999, the U.S. Court of Appeals (2nd Cir.), in Lee v. Bankers Trust Company, found that 31 U.S.C. 5318 (g) protects a bank from customer lawsuits for filing a SAR.
(Footnote 57 return)
The criminal referral reporting regulations have been in effect since 1984. The successor to the 1984 criminal referral form requirements, the 1996 ''Suspicious Activity Reporting'' or SAR regulations were promulgated under 31 U.S.C. 5318 (g) and require banks to file with the Treasury Department reports of transactions which they suspect involve proceeds of illegal activity.
(Footnote 58 return)
The Treasury Department's bureau, the Financial Crimes Enforcement Network (FinCen), has been stating for some time, that they are planning to issue proposed regulations for suspicious activity reporting for securities firms and so-called ''money services businesses'' or ''MSBs.''
(Footnote 59 return)
The staff of the Federal Reserve Board is to be especially commended for its diligence in agreeing to meet with over 20 bank associations at the state and federal levels during this comment period.
(Footnote 60 return)
12 U.S.C. Sec. 1829b and 12 U.S.C. Sec. 1951.
(Footnote 61 return)
31 U.S.C. Sec. 5318(g)(1).
(Footnote 62 return)
A Suspicious Activity Report can be viewed at http://www.treas.gov/fincen/forms.html#90.
(Footnote 63 return)
Forty per cent of the Suspicious Activity Reports received by FinCEN are issued because the financial institution preparing the report suspects a violation of the Bank Secrecy Act. FinCEN, First Review of the Suspicious Activity Reporting System, p. 8 (April 1998) (hereinafter ''FinCEN 1st Review'').
(Footnote 64 return)
CQ Daily Monitor, February 10, 1999, at p. 5.
(Footnote 65 return)
FinCEN 1st Review at 1, and at Ch. 2.
(Footnote 66 return)
H.R. 4005—Money Laundering Deterrence Act of 1998 and H.R. 1756—Money Laundering and finance Crime Strategy Act of 1997: Hearings Before the House Committee on Banking and Financial Services, 105th Cong. pp. 55–56 (Statement of Robert B. Serino, Deputy Chief Counsel, Office of the Comptroller of the Currency in exchange with Rep. Maurice Hinchey (D–NY)).
(Footnote 67 return)
Suspicious Activity Reports are filed to report suspicious activity relating to crimes other than money laundering, including bribery, check fraud, check kiting, loan fraud, counterfeiting, credit card fraud, embezzlement and self-dealing.
(Footnote 68 return)
''Transactions'' include any deposit, withdrawal, transfer between accounts, exchange of currency, loan, extension of credit, purchase or sale of any stock, bond or other investment security, or any other payment through the financial institution.
(Footnote 69 return)
Adapted from 12 CFR Secs. 563.180, 21.11 and 208.20, and the directions for completing the Suspicious Activity Report.
(Footnote 70 return)
This information includes: full name and address; date of birth; home and work phone numbers; Social Security Number; occupation; forms of ID (including passport and driver's license numbers); relationship of the suspect to the institution (e.g. customer); and the dollar amount of the alleged violation.
(Footnote 71 return)
Part VI of Suspicious Activity Report form. Financial institution are required to have written procedures—approved by the institution's board of directors—for complying with the Bank Secrecy Act.
(Footnote 72 return)
FinCEN 1st Review, Ch. 4.
(Footnote 73 return)
The Chicago Tribune reported that regulators said they never meant for the government to receive more Suspicious Activity Reports as a result of the Know Your Customer regulations. It quoted Lester Joseph of the Criminal Division of the U.S. Justice Department as saying, '' 'If anything, we want fewer'' ' such reports. Melissa Wahl, ''Hitting a Wall of Opposition,'' Chicago Tribune, Business Section (Feb. 4, 1999). The Sentencing Commission reported that 895 defendants were sentenced for having engaged in money laundering in 1997. U.S. Sentencing Commission, 1997 Sourcebook of Federal Sentencing Statistics, Table 3.
(Footnote 74 return)
63 Fed. Reg. 67524 (Dec. 7, 1998).
(Footnote 75 return)
63 Fed. Reg. 67536 (Dec. 7, 1998).
(Footnote 76 return)
63 Fed. Reg. 67516 (Dec. 7, 1998).
(Footnote 77 return)
63 Fed. Reg. 67529 (Dec. 7, 1998).
(Footnote 78 return)
The Federal Reserve Board indicated that its proposed Know Your Customer regulations would ''necessarily require'' banks to develop ''customer profiles.'' 63 Fed. Reg. at 67517. The OCC and FDIC proposed rules do not explicitly call for customer profiles, but would appear to have the same effect.
(Footnote 79 return)
Not surprisingly, those in the business of helping financial institutions cope with the Bank Secrecy Act and the proposed regulations characterize the change that would be wrought in dramatic terms. For example, the internet site for Global Alert Media which offers seminars on how to comply with the Bank Secrecy Act, trumpets, ''The U.S. Know Your Customer regulations have been proposed! These revolutionary regulations will change the money laundering control landscape dramatically. . . .'' Global Alert Media invites people to purchase 100 pages of analysis and guidance on how to comply, for only $179.00.
(Footnote 80 return)
63 Fed. Reg. at 67530.
(Footnote 81 return)
63 Fed. Reg. at 67530.
(Footnote 82 return)
For example, the FDIC identifies increased reporting of suspicious customer activities as one of its two primary objectives in issuing the proposed Know Your Customer rules. 63 Fed. Reg. at 67533.
(Footnote 83 return)
12 U.S.C. Section 3401 et seq.
(Footnote 84 return)
''Nothing in this chapter shall authorized the withholding of financial records of information required to be reported in accordance with any Federal statute or rule promulgated thereunder.'' 12 U.S.C. Section 3413(d).
(Footnote 85 return)
12 U.S.C. Section 3412(b).
(Footnote 86 return)
12 U.S.C. Section 3413 and 12 U.S.C. 3403(c).
(Footnote 87 return)
Data retention regimes vary across the many law enforcement agencies that have access to FinCEN data.
(Footnote 88 return)
164 American Banker No. 34 ''Washington People: Know-Your-Customer Mail At 45,000 and Still Growing,'' (Feb. 22, 1999).
(Footnote 89 return)
On May 14, 1998, the President issued a directive that agencies designate a senior official within 30 days to assume primary responsibility for privacy policy. This official would, among other things, evaluate legislative proposals involving the collection and disclosure of personal information. The directive does not explicitly charge this privacy point person with evaluating proposed regulations for their impact on privacy. Members of the Subcommittee may wish to inquire of the privacy point persons of the respective agencies that issued the proposed Know Your Customer regulations about any privacy assessment they may have conducted.