Brooklyn Journal of Corporate, Financial & Commercial Law


The U.S. government has responded to the increase of financial crimes, including money laundering and terrorist financing, by requiring that financial institutions implement anti-money laundering compliance programs within their institutions. Most recently, the Financial Crimes Enforcement Network exercised its regulatory powers, as authorized by the Treasury Department, by proposing regulations that now explicitly add customer due diligence to the preexisting anti-money laundering regime. The policy behind the government’s legislative and regulatory measures is clear—financial institutions must ensure that they are protected from and not aiding in the illegal efforts of criminals. The complexity and insidiousness of these financial crimes makes it difficult for the government to act solely and without the compliance of financial institutions. Although national security and the protection of the global economy are urgent priorities, all legislative actions or considerations need to be sensitive to personal privacy.

This Note examines the criminal activity and legislative history that has necessitated the proposal of such regulations, the burdens that compliance places on financial institutions, and the technology that aids these financial institutions in their compliance efforts. As a result of these compliance obligations and the potential penalties for non-compliance, customer privacy is not always guaranteed. Existing privacy laws do not sufficiently ensure that customer financial information is adequately protected; rather, these privacy laws allow privacy invasions for the sake of compliance with anti-money laundering legislation and, as a result, are often inadequate and insufficient when compared to international privacy schemes. It is important to find a balance between the need to protect national security, the requirements placed on financial institutions, and the rights customers have to financial privacy. The global nature of financial networks and of these illicit activities warrants concerted efforts by governments domestically and abroad to ensure that compliance does not result in unwarranted financial privacy invasions.

Until a global system can be established, this Note proposes that the currently proposed regulations be amended to mandate privacy programs within financial institutions. Financial institutions should develop privacy policies and procedures that will work with their already existing anti-money laundering compliance programs and should ensure that their compliance and privacy focused personnel coordinate their efforts so that regulatory compliance neither detrimentally impacts the way they conduct their business nor betrays their customers’ right to privacy.