What price will business pay in the new fight against terrorism? Change has come to the world of technology, e-commerce and banking. On October 26, 2001, President George W. Bush signed into law the “United and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism” -- known as the “USA Patriot Act.” This Federal antiterrorism statute aims at enhanced domestic security through expanded surveillance procedures, new prohibitions on international money laundering, removal of obstacles to investigating terrorism, and increased information sharing for critical infrastructure protection.
Federal prosecutors recently received instructions on the use of the government’s new, high-tech tools (some say “toys”) which will be fully operational under the Act. These tools include FBI Carnivore computers which capture a suspect’s e-mail. Carnivore gives the FBI access not only to all of the targets’ communications, but also to communications of non-targets who use the same Internet service provider as does the target. Another tool is a “Key Logger” device, which, under the new “Sneak and Peek” searches, secretly records everything a suspect types on a keyboard. The “Key Logger” allows investigators to capture passwords and to unscramble data files which might otherwise have unbreakable codes. There is also “Fluent” software which will translate Arabic and other languages. “Oasis” technology transcribes television and radio broadcasts for analysis. “CIA Live!” allows CIA experts to send instant messages and collaborate on reports and maps on secured computer networks. Software called “dTective” traces financial transactions linked to the terrorist attacks on New York and Washington. “Encase” software is capable of recovering deleted computer files and searching for incriminating documents on a seized computer. Also, under Section 216 of the USA Patriot Act, the Internet would be subject to surveillance, with minimal protections to privacy under new provisions of the “Pen Register” and “Trap and Trace Orders” authorized by this Section.
Section 351 of the new Act provides specific directives to banks and financial institutions, requiring the implementation of anti-money laundering programs. These include development of internal polices, procedures, and controls, the designation of a compliance officer, the requirement of an on-going employee training program, and an independent audit function to test programs. The mandatory reporting of suspicious or large cash transactions (previously reported only to the Treasury Department) has been expanded to require reporting to law enforcement. Financial institutions are prohibited from disclosing to anyone whether or not reporting has occurred. Unless there is malice in the reporting, financial institutions receive immunity for meeting obligations under this Act.
While most banks and financial institutions report that their “Know-Your-Customer Rule” already satisfies the provisions of the USA Patriot Act, some additional requirements of the new law may lead to some dramatic changes. For example, the Act bans U.S. banks from opening so-called “correspondent accounts” for banks with no offices and no parent bank subject to regulatory scrutiny. Some predict that these new provisions will force some of the large financial institutions to end their relationships with offshore “shell” banks in the Bahamas, Cayman Islands, and elsewhere. Banks will be required to make greater efforts to determine the sources of overseas accounts. Under the new law, overseas banks and national governments must cooperate with U.S. investigations or face sanctions -- including prohibition from doing business in the United States. Depending upon a financial institution’s policies in complying with the USA Patriot Act, the Gramm-Leach-Bliley Act, which became effective July 1, 2001, may require additional disclosure to customers of the privacy policies of financial institutions.
So far, the business community has applauded the USA Patriot Act as a necessary tool in fighting terrorism. Still, some have lingering concerns, and business usage of the Internet for highly sensitive information, unrelated to terrorism, may require reevaluation in light of the anticipated government surveillance. Time will provide the perspective and opportunity for a fair balance, but for financial institutions and businesses that use the Internet for communication and commerce, the change has come.