1 privacy and financial institutions john w. bagby, professor of ist school of information sciences...
TRANSCRIPT
1
Privacy and Financial Institutions
John W. Bagby, Professor of IST School of Information Sciences and Technology
The Pennsylvania State University Institute for Information Policy
©2001, 2002, 2003, 2004 by John W. Bagby
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Pre-9.11: Pro-Privacy Momentum
Privacy Fundamentalists’ Successes Shifting Public Opinion to Pre-Emptive Protections Privacy Law Expansion Self-Regulation Initiatives
Privacy Regulation Proliferated Online (COPPA), Financial (G/L/B), Health (HIPPA), Encryption Strengthened
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Post 9.11: Pendulum Swings Back
Privacy Advocates in Retreat Battle lines redrawn from former aggressive posture Now defending existing privacyStriving to mute expansion of government investigatory powers without appearing obstructionist
Government Investigation Hawks have Success
Public opinion shifting, in re, government intrusions Law Enforcement gaining new powers: USA Act Money Laundering Regulation Enhanced
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
So What IS Privacy? Webster’s New World:
Withdrawn from company or public view; Secrecy; One’s private life or personal affairs
Synonyms: Seclusion, solitude, retreat, intimacy, retirement, isolation, concealment, separateness, shame
Privacy vs. Confidentiality Shifting Privacy Focus: from Intrusions by Government to Include Intrusions by Private Parties, back to Government Monitoring PII - Personally Identifiable Information PIFI - Personally Identifiable Financial Information
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
The Privacy Balance- a Classic Trade-off
Individual Autonomy/Secrecy vs. Societal Interests/Security 1st A. Speech Implies Listener’s Right to LearnDemocracy: Public’s Right to Know Law Enforcement’s Continuing needs Avoiding Adverse Selection
Deservedly discrediting informationManagement’s Fiduciary Duty to SH
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
American Segmentation on Privacy 1. Privacy Fundamentalists
Value privacy highly, Summarily reject claims that PII needs are legitimate, Advocate general refusal to disclose PII, Seek strong regulation of privacy rights, Held steady @ 25% of population
2. Privacy Pragmatists Balance privacy with societal needs, Examine privacy policies & practices,
Disclose PII when economically rational, Support industry self-regulation unless ineffective, Grew from 55% in 1990 to 63% in 2000
3. Privacy Unconcerned Typically unconcerned so trust in benefits from disclosing PII, Unlikely to support
strong privacy rights, Declining from 20% in 1990 to 12% in 2000Source: Alan F. Westin, Interpretive Essay in Public Records and the Responsible Use of Information,
Choicepoint, 2000
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Economics of Private InformationInfo essential to market efficiency Market model presumes perfect info Info “wants to be free” Info IS property Who should capture value of PII?
Subject individualIntruder/collector
Privacy rights must balance competing, often deserving interests
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Incentives to Restrict Access Private data is like trade sec: irretrievable from pub domainPersonal private data susceptible to misuse Incomplete profiles too easily misinterpreted Irreparable harm from publication of defamation
Embarrassment, reputation, solitude
Data security is Inadequate Disclosure deters personal rehabilitation
Rationale for expansion of privacy rights:Long history of privacy intrusions Protects from societal predators (extortion, stalking)Privacy is a prerequisite to life, liberty & happiness
Declaration of Independence Creator endowed inalienable rights
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Incentives to Collect & Use Data availability is a “Goldmine” Broader data availability urged by:
Commercial info producersInformation wholesalers & users Law enforcement, National Security Individuals seeking personal safety assurance services
Costs of info collecn, archiving & repckging cont to drop Recruiting & employee monitoring; Insurance underwriting, obligor behavior; Target marketing; “Perfect price discrimination”
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Predictable Privacy Practices: Info. Indus.
Incentive to obscure the collecn, use & sale of PII
Lobby for weak privacy laws
Perfunctory industry self regulation
Slow to invest or innovate in privacy protections
Aggressive push on new items for collection
Refine/develop new methods: data collection; archival; use; data business models
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Law & Economics of PII Intrusions Prof. (Judge) Posner’s model would protect privacy or permit intrusion depending on a balancing:
1. Usefulness to society of PII acquired from the intrusion 2. Repugnance of the intrusion Applied to J. Hand’s formula:
Protect Privacy if B>P*L Intrude on Privacy if B<P*L
B=intrusion costs; P=probability of discovering useful info; L=societal losses
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Opting: In vs. Out
Opt-out - consumer ‘s affirmative act required to deny authorization for PII collection &/or use
Supported by data industry & users Database starts larger, declines only slowly Opting controlled by data collector
Opt-in - consumer ‘s affirmative act required to grants authorization for PII collect &/or use
Supported by privacy fundamentalists Database starts small, grows only slowly Must lure consumers to grant permission
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Proportion of Participants: Opt-in vs. Opt-out Consents
None
All
None
AllOpt-In Consent Opt-Out Consent
time time
some mostn n
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Regulation of Private Data Management
Fundamental Architecture & Mechanics of Private Data Activities PII Distribution Chain of Custody & Data Management Sequence:
1. Data Acquisition2. Information Analysis 3. Use of Knowledge
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
PII Distribution Chain of Custody & Data Mgt Sequence
Activity Occurs & Subject Individual is Identifiable
Data Collection: Sensing, Observation Capture
Data Storage: Made Available
Data Analysis Association Aggregation Organization Interpretation
Direct Use: by Data Manager
Secondary Use: PII Sold or Shared with 3d Party
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
US Privacy Law is Sectoral
US is sectoral: narrowly drawn to particular government methods & industry sectors
Enacted following experience with activities that the public finds abusive
EU is omnibus: comprehensive & uniform covering most industries & governments, strong privacy rights
Sets fundamental policy for individuals
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Sources of Privacy Law Constitutional Rights
1st, 3rd, 4th, 5th, 6th, 9th, 10th, 14th AmendmentsTorts
Appropriation, private facts, intrusion, false lightProperty Rights
Information is property Protective Regulations
Children, Financial, Workplace, Health, TeleCom Contract
NDAs, website policies, privileges Criminal Procedure International Law (e.g., EU)
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Fair Information Practice Principles
Origin: 1973 HEW Advisory Committee Rpt.1. Notice and/or Awareness 2. Choice and/or Consent 3. Access and/or Participation 4. Integrity and/or Security 5. Enforcement and/or Redress Spreading throughout government regulations and into
self-regulation Underlies the EU Private Data Directive
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Notice and/or AwarenessSubject individuals given notice of PII practicesBefore information collected Identify key details about
Data collectionData Security PII uses
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Choice and/or ConsentSubject individual has choice
Whether/how PII collected
How is Consent Manifest Opt-out (an affirmative act preventing PII collection and/or use) Opt-in (an affirmative act permitting collection and/or use)
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Access and/or ParticipationSubject individual access rightsGain timely & inexpensive access Review personal PII Simple & effective method to contest & correct inaccurate data
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Integrity and/or SecurityCollector/Archiver/Custodians
Reasonable steps to assure accuracy of PII Administrative & technical security measures
Standards: Prevent unauthorized access Prevent unauthorized disclosurePrevent destruction Prevent misuse
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Enforcement and/or Redress
Mechanism(s) of privacy practices enforcementEX:
Self-regulationPrivate rights of action Regulatory enforcement
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Financial Privacy under Fair Credit Reporting & Gramm-Leach-Bliley
Considerable U.S. experience with Credit-worthiness Reports a/k/a Consumer Reports or Credit Histories from 3d parties “non-experience”
Relevance: lending, ins. underwriting, bonding, empl. Publicly available info: ct. records, mtg records, liens “Experience” info from creditor’s own records
Financial PII dBases on networked computers & institutional consolidation raise privacy risks
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Pre-GLB PII Security Mechanisms FCRA compliance regulations, FTC oversight Subject individuals have access & participation rts.Legitimate purpose required to access reports
Criminal liability for obtaining report under false pretenses & knowing provision for illegitimate purpose, e.g., pretextingCivil penalties: damages, atty fees, costs, punitives
FTC unfair/deceptive trade practice enforcement Torts: negligence, defamation, ID Theft
TRW (Experian) v. Andrews (S.Ct. 11.01) FCRA 2 yr S/L starts when report wrongfully supplied not on discovery
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Application of GLB Privacy Rules Universal banking permits merging of PII dBases In June 2000, all major federal regulators of financial institutions coordinated privacy rulemakings
Insurance, Commercial & Investment Banking SEC, FDIC, FTC, FRB, OTS, Comptroller
Regulated “Financial Institutions” may grow beyond: brokers, banks, thrifts, credit unions, check cashing services, retailers issuing
credit cards, appraisers, vehicle lessors, check printers, tax preparation, investment advisors, mortgage brokers, trust services, credit counselors
States may fill in the GLB “gaps” (ins, among affiliates) FL, ND, MA, CA
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Why GLB?Glass Stegall Separated
Investment Banking, Commercial Banking, Insurance
But why?Morgans, et. al. monopolized finance 1870s – 1920sGuilded Age – Populist revulsion
Expectation of post GLB:1 stop shopping, consolidation, RiF, Share mkt/experience data among affiliates
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
GLB Privacy Provisions Nonpublic Personal Information - customer transaction data collected online or through traditional means from any source Privacy policies must be developed & disclosed
General PII categories collected, disclosed & to whom
Customer notice required Initial (2001) & when opening accounts Annually thereafter w/ same content Opt-out from onward transfer of customer “transaction & experience” PII to unaffiliated 3d parties
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC Reg.S-P: Rules 1 & 2 – Scope Applicable to SEC Regulated Financial Institutions
Domestic and foreign registered brokers, dealers, investment cos, investment advisors Referenced as “you” in S-P text
Privacy protection for individuals financial products or services primarily for personal, family or household use, Separate from and in addition to HHS’s health privacy rules under HIPPA.Futures commission merchants & introducing brokers:
Involved in securities futures products comply with S-P if in compliance with CFTC’s financial privacy rules (17 CFR part 160)
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC Reg.S-P: Rules 3 & 10 – Definitions
Affiliate Nonaffiliated Third PartyClear & ConspicuousCollect Customer Relationship Federal Functional Regulator Customer vs. Consumer
Financial Product or Service Nonpublic Personal Information Isolated Transaction with Consumer Partial Opt Out No Continuing Relationship
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC Reg.S-P: Rule 4 – Initial Notice
Clear & conspicuous notice required Must accurately reflect privacy policies & practices Revised notice required when new products/services obtained by existing customer Exceptions permit subsequent notice when prior notice is impractical
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC Reg.S-P: Rule 5 – Annual Notice
Ongoing, recurring, accurate notice required of privacy policies & practices Not less than annually – within consecutive 12 mo. period Financial institution may define 12 mo. If applied consistently to the customer Not required if customer relationship terminates
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC Reg.S-P: Rule 6 – Notice Contents
Categories of PIFI collected & disclosed about current & former customersCategories of affiliates & nonaffiliated 3d parties Explanation of opt-out rights & methods Policies & practices on PIFI security
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC Reg.S-P: Rule 7 – Form of Opt-OutExplanation of opt-out right & method Provide reasonable means to effect opt-out
One or more: check off boxes, reply form, electronic means (e.g., e-mail, website), toll-free phoneCustomer must agree to to use of electronic means Unreasonable if letter is only means available Joint customers may opt-out separately Opt-out effective whenever made Duration – until revoked in writing or electronically
Must comply with opt-out as soon as practical
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC Reg.S-P: Rule 8 – Revised NoticesFinancial institutions control terms of privacy policies so long as notice and opt-out procedures followed Revised notice may change privacy policies & practices May not disclose PIFI to nonaffiliated 3d party except as promised in initial notice without revised notice, reasonable opportunity new opt-out & consumer does not opt-out
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC Reg.S-P: Additional RulesRule 9 – Delivery
EX : hand-deliver, mail printed copy, posted on web-site & require electronic acknowledgment, postings for isolated transactions (ATM kiosk)
Rule 10 – Limits on Disclosures Rule 11 – Limits on Redisclosure & Reuse Rule 12 – Sharing Account No. for Marketing Rules 13, 14 & 15 – Exceptions Appendices – Sample Clauses
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Criticisms of GLB PrivacyPII sharing among affiliates encourages mergers to build data warehouses & conduct data mining
Insurer might not underwrite risky investor or spendthrift Highly sophisticated customer profiling of behaviors and preferences was not available heretoforeCustomers have no access rights to raw data nor to analysis of profiles or categorization 1st wave incomprehensible to most, even to FTC Commissioners (12.01)
Responses: 2 tiers (Madison Ave & legalese)But could become “nutritional-style” labeling
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Continuing Privacy Developments FTC Privacy Agenda
Nat’l No-Call List, Spam, ID Theft, Pretexting; FCRA Compliance; Enforce Privacy Promises; Children; Telemarketing; “Pre-Acquired Acct.Info;” P3PGLB Compliance
FTC Expanding use of Public Workshops SEC rather busy just now so FTC may become primary privacy regulator for financial institutionsNY Bar v. FTC (OK in failure to exempt lawyers) (DDC 4.30.02)
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
PretextingFraud & Illegal Means to Obtain PIFI from Fin. Inst. under “Pretext” & Solicitation of others to Pretext
Websites tout pretexter would pose as legit. Inquirer
GLB Prohibits Pretexting as unfair & abusive FTC settle & enjoin several info brokers 3.02
Smart Data, Discrete Data, Information Search MD, NY TXDisgorgement
Note FTC’s ascension in financial mkt regulation Significant FTC budget enhancement request for privacy
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
GLB Rulemakings ValidatedIndiv.References Serv. Group v. FTC 145 F.Supp.2d 6
(DDC 4.01) (cr.rptg. trade group + TransUnion)GLB regs apply to credit header sales/transfer/barter
PIFI now includes PII (name, addresses, contacts) FCRA permitted mkts in PII Agencies w/in Chevron (S.Ct.’84) statutory interpretation & rulemaking discretion
No 1st or 5th A. violations (=Protect, narrow legis class)TransUnion is a “financial institution” under GLB
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Remain Current on Evolving Privacy Regulations & Grassroots EffortsSec.govFtc.govFcc.govFrb.govDot.gov europa.eu.int
Andrewsonline.comSiegelgale, Inc. Epic.orgItsa.org Cookiecentral.com Public Citizen W3.org (P3P)
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
California Privacy Law DevelopmentsCalifornia Financial Information Privacy SB 1
Effective 7.1.04Opt-Out for affiliate sharing & joint marketing unless under common branding/holding co. or accessing common customer databaseOpt-In for 3d party sharingUniform customer notice format
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
California Privacy Law Developments
Security Breach Disclosure SB 1386Effective 7.1.03 ID Theft – applicable to govt AND businessApplies to “persons” conducting business in CA Covers PII “linked” to ssn, drivers lic #, acct#, security codes (e.g., pin, p/w)Requires Encryption
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
California Privacy Law DevelopmentsCA SB 1386 Disclosure Obligation:
Triggered by any breach of security-unauthorized acquisition of computerized data To: affected CA residentWhen: “most expedient time possible” & “without unreasonable delay” How: written, electronic (E-SIGN) If cost of notice exceeds $250,000 or over 500,000 persons impacted, then: email, conspicuous website, pressRemedies: damages, injunction
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Fair & Accurate Credit Transactions Act
Effective 1.1.04ID Theft Protections, Quicker Resolution of Disputed History & New Business ModelsFree Credit ReportNotice to Consumers Before Adverse Report to Credit BureauCreditor Investigation before Invoking Collector
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Security & Privacy Relationships Glass Half Empty:
PII not Secret unless SecuredPII Custodians Violate Privacy Duty w/o Adequate Security
Glass Half Full: PII remains Secret When Secure PII Custodians Comply w/ Privacy Duty w/ Adequate Security
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Security & Privacy RelationshipsSecurity of Info Systems & Physical Assets Better Assured when Privacy MaintainedIndividuals responsible for security made vulnerable when their PII is CompromisedTangible & intangible assets vulnerable with inadequate security over confidential trade secrets
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
PIFI Data Security Standards GLB §504 Requires Agencies to Collaborate in Developing Consistent Data Security Regimes
Fed. SEC, OCC, FTC, Treasury, FDIC, OTS, NCUA FTC “Safeguards Rule” Imposes Standards for Safeguarding Customer Information
Regulated financial institutions must develop, implement & maintain reasonable, administrative, technical & physical safeguards to protect the security, confidentiality & integrity of customer information Flexible: need be appropriate to institution’s size & complexity
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
PIFI Data Security Standards Designate Data Security Employee(s) Perform Risk Assessment, at least evaluate risks in:
Employee training & management Information systems, including, inter alia
Network & software design Information processing, storage, transmission & disposal Detecting, preventing & responding to attacks, intrusions
or system failures
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
PIFI Data Security StandardsDesign & Implement Safeguards to Control Risks IdentifiedRegularly Test & Monitor Effectiveness of Key Controls
Evaluate & adjust as in light or as dictated by changing business conditions or other material circumstance
Select & Retain Reasonable Service Providers Impose these risk management obligations on service providers
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
SEC 17 CFR 248.30Less Specific than FTC or HIPPA StandardsRequire Financial Institutions w/in SEC Jurisdiction to:
Adopt policies & procedures, reasonably designed to Insure security & confidentiality of customer recordsProtect against anticipated threats or hazards Protect against unauthorized access or use that could result in substantial harm or inconvenience
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Uniting & Strengthening America (USA Patriot) Act
Controversial Provisions: Expanded Federal investigation powers Detention of aliens, designation of terrorist orgs. Online surveillance enhancements Secret searches, Interagency info sharingMonitor confidential Atty-Client communications
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Links Between MoneyLaundering & Financial Privacy
Further Money Laundering Restrictions GAO Report: Insufficient Progress in Anti-Terrorism WarConundrum:
Must screen & monitor customer transactions, detect suspicious patterns, cooperate with law enforcementLiability for misuse of customer transaction data or participation in illegal activity
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
What IS Money Laundering? Various practices create illusion of legitimate transactions, disguise origin & movement of $ Law Enforcement motto: “Follow the Money!” Modern Term originated in 20s-30s gangster era
Coin cash flow from “numbers” racket cleansed through mob-operated coin-op laundries
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
What IS Money Laundering?Existed for nearly 4000 yrs Hide earnings from despotic govt confiscation & taxes Essential to terrorism, illegal drug trade, organized crime, smuggling
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Money Laundering Methods & ToolsWell-known practices but detection is costly Transactions with minimal recordkeeping
Payments under $10K to avoid Currency Trans. RptsCash used whenever possible Minimize use of checks, wire transfers, credit cards “Legitimate Fronts” apparently respectable businesses
See http://www.moneylaundering.com
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Anti-Money Laundering Laws Federal Statute with Money Laundering Provisions
Anti-Money Laundering Purposes and Methods
Bank Secrecy Act of 1970 (BSA)
Currency Transaction Report ("paper trail" for transactions over $10,000); civil & criminal penalties
Money Laundering Control Act of 1986
Creates three new federal money laundering crimes: (1) assistance in laundering, (2) engaging in $10,000 transactions involving property from criminal activity & (3) structuring transactions to avoid BSA disclosures of Currency Transaction Reports.
Anti-Drug Abuse Act of 1988 Increased civil & criminal sanctions. Forfeiture of property involved in violating BSA or other Anti-Laundering statute. Requires recordkeeping of large cash purchases of monetary instruments (bank drafts).
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
Anti-Money Laundering LawsFederal Statute with Money Laundering Provisions
Anti-Money Laundering Purposes and Methods
Crime Control Act of 1990, §2532 Federal banking regulators authorized to negotiate with foreign banking regulators for help in certain criminal investigation
Federal Deposit Insurance Corporation Improvement Act of 1991, §206
Federal banking regulators given discretion to disclose information to foreign banking regulators to enforce anti-money laundering laws.
Housing and Community Development Act of 1992, Title XV [Annunzio-Wylie Anti-Money Laundering Act]
Authorizes seizure, closing and/or revocation of charter of financial institutions guilty of money laundering or BSA offenses. Specifies mitigation factors.
USA Patriot Act of 2001 Broadens definition, programs & training required, tougher civil & criminal penalties
BA523 Privacy In Financial Institutions
©2001, 2002, 2003, 2004
by John W. Bagby
USA Patriot: Anti-Money Laundering Provisions
Broadens definition of financial institutions regulated under money laundering lawsRequires anti-money laundering programs & trainingRegulates private and correspondent bankingFCPA now defines money laundering defined as a form of bribery Stiffens civil & criminal penalties for money laundering
60
THE END