Search for Illicit Activities Taps Confidential Financial Data
by Robert O’Harrow Jr., Washington Post
In the amorphous war on terrorism, government officials believe they have a new weapon: the growing number of financial institutions that use powerful technology to monitor confidential customer activity and report suspicious behavior to law enforcement and intelligence officials.
Driven by little-known provisions of the USA Patriot Act, the anti-terror legislation that was approved after Sept. 11, banks, securities firms and other companies are deploying computer systems that draw together millions of transactions, sometimes automatically, in searches for money laundering, terrorist financing or other unusual patterns.
“The Patriot Act is imposing a citizen-soldier burden on the gatekeepers of the financial institutions,” said David Aufhauser, general counsel at the Treasury Department and head of an inter- agency task force on terrorist finance. “In many respects, they are in the best position to police attempts by people who would do ill to us in the U.S., to penetrate the financial systems.”
Federal regulators three years ago tried to impose similar monitoring requirements on financial institutions to combat money laundering but dropped their plan, known as “know your customer,” after it caused an uproar among consumers concerned about their privacy. Now some specialists believe the scrutiny of consumers on the government’s behalf is going even deeper.
“Sept. 11 obviously made us totally rethink where to draw the line with respect to government access to customer information,” said David Medine, a former financial privacy specialist at the Federal Trade Commission.
“The question going forward is: Did we draw that line in the right place?” Medine said. “It is really a fundamental civil liberties issue.”
The increased financial scrutiny is part of an expanded campaign by the government to tap into public and confidential data in search of people who pose terrorist threats. The push relies heavily on data and analytical tools, some of them developed in the 1990s for direct mail, credit-card offers and other kinds of targeted marketing.
As directed by the Patriot Act, Treasury Department regulations require that securities firms, money-services businesses and broker-dealers file reports on suspicious activity, something banks have been doing for several years. Those firms, along with mutual funds, operators of credit-card companies and some other financial companies, also must have anti-money-laundering programs.
Congress also said that financial companies must authenticate new customers, check their identities against government watch lists and maintain records for government scrutiny.
The law encourages financial institutions to share information among themselves about customers suspected of being involved with terrorism or money laundering, and it gives them protection from legal liability for doing so. In addition, it gives law enforcement and intelligence agencies greater access to confidential information without a subpoena while also requiring that credit bureaus secretly turn over credit reports to the CIA, National Security Agency and other intelligence agencies when presented with a request signed by a senior agency official.
While law-enforcement officials said the cooperation of the financial services industry is critical to the war on terrorism, some industry officials have expressed concern.
H. Rodgin Cohen, a leading financial services lawyer in New York, said he believes that financial companies may find themselves asking customers about seemingly suspicious but innocent activity that might be embarrassing or involve private matters, such as health care. He predicted that they also will file more suspicious-activity reports, with less evidence, to avoid trouble from the government.
“As long as the government can enlist the financial institution as part of the front-line defense against money laundering and terrorism, it has got to be anticipated there will be more in the way of intrusions on privacy,” said Cohen, chairman of Sullivan & Cromwell. “It is just a different manifestation of whether they can wiretap you.”
Tracy Calder, chief money-laundering prevention officer at UBS PaineWebber Inc., agreed the new reporting mandates, coupled with the sophisticated monitoring technology, are “absolutely intrusive.” But, she said, they will help fight terrorism and crime, something she believes most people will embrace. “Americans are willing to accept more intrusiveness in exchange for security,” she said.
The computerized systems create profiles of customer activity, sometimes including more than a year’s transactions, and sift through deposits, wire transfers, ATM activity and links among account holders. Mantas Inc., a Fairfax County spinoff from SRA International Inc., a government contractor that works closely with U.S. intelligence agencies, recently demonstrated how its software can monitor millions of transactions a day.
Using data culled from people whose identities were masked, officials showed reports that a bank analyst might receive from an overnight computer review. One report in the demonstration had a risk score of 95 out of 100. A click on a screen that resembled a Web page pulled up a file that showed several unrelated individuals at the same address had, over several days, sent out 18 checks or money orders for a total of $9,000.
Another click on the screen brought up a report about links among five relatively new accounts at different branches of the same bank. Those accounts had transferred $125,000 to another account in Miami. The system noted that the account holder there then wrote a check for $125,000.
While each account on its own did not appear to represent a risk, the coordinated activity set off alarms, said Don Temple, an anti-money-laundering specialist at Mantas and a former special agent at the IRS. “You can only detect suspicious transactions today with sophisticated data-mining and pattern-recognition software,” Temple said.
Experts said such systems could also flag a securities account that never trades stocks. Or the systems could draw attention to someone of apparently modest means who receives a $40,000 wire transfer from abroad and then sends out a large check. Specialists said the systems, by sweeping through vast electronic depositories of information, can find links among customers that a person might never see.
“Sometimes we’ve referred to our product as the ‘Big Brother,’ ” said Alison Holland, spokeswoman for NetEconomy, a Dutch firm that is pitching its systems to U.S. firms. “It can monitor so many things.”
Some companies used such tools before Sept. 11, as computer power increased and the government increased efforts to stop the flow of drug and mob money through the U.S. banking system. But TowerGroup, a Massachusetts research firm that tracks financial services, estimated that banks and other institutions will double their spending on monitoring systems this year, to $120 million. “This is just a sea change in the industry,” said TowerGroup analyst Breffni McGuire.
UBS PaineWebber, for example, recently signed a deal with Searchspace Corp., a company that says its computer system “captures and uses all transactions that flow through an organization to provide continuously adaptive profiles of all individuals.”
Riggs Bank NA is working with Americas Software Corp. to install a similar system that will automate procedures it has had in place for several years. Citigroup Inc. has contracted with Mantas, which says its software can “reduce the risk of money laundering with comprehensive, enterprise-wide surveillance of your customer, account, and transaction information . . . to reveal suspicious and previously unknown behaviors.”
Last week, in response to a mandate in the Patriot Act, the Treasury Department’s Financial Crimes Enforcement Network, known as FinCen, began operating a secure online network to make it easier for financial companies to report suspicious behavior by customers to the government.
Central to that relationship are suspicious-activity reports, which require officials to fill in more than 50 kinds of information, including addresses, account numbers, Social Security numbers and phone numbers.
They are maintained by FinCen in databases that are available to local, state and federal law-enforcement agencies. Under Patriot Act provisions, intelligence agencies also have the right to get such reports on demand. People who are the subjects of the reports may not see them, a FinCen official said.
The number of suspicious-activity reports filed with the government was almost 163,000 in 2000, compared with 81,000 in 1997, the first full year the reports were collected, the agency said.
The pace of the reports jumped sharply after the Sept. 11 attacks. About 125,000 were filed from Oct. 1, 2001, to the end of March, compared with about 86,000 in the same period the previous year, agency officials said.
John Byrne, senior counsel at the American Bankers Association, said members have cooperated with the government in tracking down terrorist assets and matching customer names against government lists of suspects since Sept. 11. But Byrne said that financial institutions, even those using the most sophisticated technology, need guidance and timely intelligence to help the government.
“We have proven our willingness to respond to legal government requests to search records and report suspected crime,” he said. “What concerns us is any policy that suggests that the financial industry on its own determine potential terrorist activity. At the end of the day, the financial sector is not law enforcement.”
Officials at FinCen said they have no interest in deputizing the financial industry and intruding unnecessarily into the financial lives of most people. They want the industry to act as a gatekeeper, not a cop, and to focus on risky customers.
“We have this important practical reason for paying attention to privacy concerns,” FinCen Director James F. Sloan said. “If we don’t, we’re going to end up losing these tools.”
Sloan said suspicious-activity reports, coupled with powerful data warehouses and mining tools at FinCen, have turned up leads and suspects. “This created an opportunity for dialogue that has never existed before,” Sloan said of the Patriot Act. “It has given us an opportunity to work with the industry like never before.”