Access to Financial Information

- [Instructor] Financial records figure prominently in many government requests for personal information, as regulators and investigators seek to follow the money. These requests are often part of lawful investigations. And privacy professionals should comply with requests that meet legal requirements. However, they should do so with awareness of the special laws and regulations that apply to this access. The U.S. government passed the Right to Financial Privacy Act in 1978. This law applies to financial institutions but broadly defines that term. Some of the organizations included under RFPA are banks, credit unions, money services businesses, investment firms and even casinos and the post office. RFPA applies only to requests made by federal government agencies. It does not apply to requests by state regulators, private businesses or other organizations. And it only covers record related to specific customers of financial institutions. The RFPA requires that any requests from federal agencies for records covered under the law meet two requirements. First, the request must reasonably describe the records in question. And second, the request must be justified by one of five criteria. Requests are acceptable if the customer authorizes access, if there is an administrative subpoena or summons for the information or if there is a judicial subpoena or summons. And requests are also acceptable if a court has issued a search warrant or if an authorized government agency issues a written request for information that's going to be used for law enforcement purposes and they do so in a case where there is no summons or subpoena authority otherwise and they're issuing the request under existing departmental regulations. In cases where an RFPA request is authorized, the agency must provide the customer with written notice of the request and then wait 10 days from the date of service or 14 days from the date of mailing of that notice to access the records. This provides the customer with time to object to the request in court. The Bank Secrecy Act of 1970 contains other provisions regarding access to customer financial records. While the name of this act implies that it requires banks to keep customer information secret, the reality is that this act compels financial institutions to report some customer information to the federal government. The Bank Secrecy Act requires that financial institutions maintain records of customer activity for five years. These records must include information on credit accounts, deposit accounts, checks, certificates of deposit, wire transfers, payment orders and direct deposits. This records retention requirement ensures that information is available for investigators if needed. The act also contains two different reporting requirements. Currency transaction reports, or CTRs, must be filed any time that a customer engages in cash transactions totalling more than $10,000 in a single day. This can either be a single transaction or a series of transactions by a single customer. Suspicious activity reports, or SARs, must be filed any time that a financial institution suspects that money laundering activity is taking place or that a customer is deliberately taking actions to avoid the CTR requirements. It's important to note that the Bank Secrecy Act prohibits financial institutions from informing customers that they're filing suspicious activity reports.