A U.S. agency that fights financial crime is encouraging financial institutions, ranging from banks to cryptocurrency exchanges, to share customer information with one another to catch wrongdoers.
The Financial Crimes Enforcement Network (FinCEN), a bureau of the Treasury Department, issued a fact sheet Thursday spelling out that the 2001 Patriot Act gives institutions wide latitude in what kind of information they are permitted to share.
Overall, the sheet seemingly lowers the obstacles for further sharing of personal customer information among banks, the threshold of what qualifies as “suspicious” activity and whether the entities sharing customer information even need to be financial institutions.
Among other matters, the fact sheet clarifies that Section 314(b) of the act, and the regulations putting it into practice, “impose no limitations on the sharing of personally identifiable information.” The sheet added that institutions have to protect the security and confidentiality of this data, and use it only for the purposes laid out in the nearly 20-year-old law, passed a month after the 9/11 attacks.
Still, the guidance is likely to chafe privacy advocates inside and outside the crypto community who are already uneasy about the honeypot of personal data that FinCEN’s suspicious activity report (SAR) database has become. The more places information is shared, after all, the more ways it can be misused or stolen.
“It seems that in the spirit of ‘protecting our communities and preventing crimes and bad acts,’ FinCEN’s guidance is dramatically expanding its expectation of banks to share data, at the expense of individuals’ privacy, while potentially exposing them to very real cyber risks, when it is not clear that such a move is necessary,” said Nizan Geslevich Packin, an associate professor of law at City University of New York.
In a speech Thursday, FinCEN Director Kenneth Blanco framed interbank data sharing as a public safety measure.