This week marks the 55th anniversary of the Bank Secrecy Act (BSA), a pivotal law that set us on the road to total financial surveillance. Last week I wrote about ways in which the Patriot Act eroded financial privacy, but the modern shift really began in 1970 with the BSA. Since its introduction, the BSA regime has grown staggeringly, and now touches basically every corner of the financial system. Financial privacy used to be assumed, but today the norm has flipped, and pervasive monitoring is treated as ordinary.
Let’s look back over five decades to see what changed, how much privacy we lost, and how this new baseline of surveillance became "just the way things are".
You can watch our video on the history of financial surveillance here.
The big shift
It appears that the collective memory has faded. We’ve forgotten that just a few decades ago, withdrawing one’s own funds was a straightforward right. There were no probing questions about the intended use of those funds or one’s occupation. The routine sharing of bulk transaction data with countless third parties was not the standard.
Today is a different story. We are required to justify our routine financial activities, authenticate our identity, and defend our choices at every financial turn. There has never been so much friction between us and our own money, with surveillance hurdles at every juncture just to pay for something online, and this new normal is an ingrained part of our expectations of using the financial ecosystem.
On top of that, behind the scenes, data pipelines spray a firehose of personal information to countless invisible players, and the data gets cycled from institutions, to brokers, to government entities, and back the other way.
How individuals interacted with the financial system 55 years ago versus today is night and day. Times really have changed, but they changed slowly, with a lot of these changes creeping in behind the scenes before the public ever realized what was going on.
The great privacy paradox
So we’ve established that financial privacy has never been worse. But here’s the confusing part about the situation: many people still go about their daily lives behaving as if what they do just stays between them and their bank, or between them and a given merchant.
A paradoxical situation has emerged, where most people continue to believe in a notion of financial privacy that has ceased to exist.
This widespread assumption that financial activities remain confidential, safeguarded by banks or credit unions, contrasts starkly with reality. In truth, financial privacy in the United States is more illusory than real.
How do we explain this mismatch between what people believe is true and the actual state of financial privacy?
First, privacy was the standard for so long, and then the systematic dismantling of our financial privacy occurred gradually over time without people really paying attention.
Second, the bulk of this increased surveillance has been intentionally kept hidden from the public.
This is the most insidious part of the situation, which I want to make very clear in this newsletter. The privacy we think we have and the privacy we actually have are very different things. Governments and banks would never have been able to get away with this shift if they hadn’t deliberately kept it out of view.
To explore the history of how financial privacy slowly disappeared, and to unveil the extensive financial surveillance apparatus that remains largely opaque to the general public, we have to go back through history and look carefully at how all of this surveillance crept in.
This analysis primarily focuses on developments within the United States, but the implications are global, thanks to the U.S. exporting its legislative and regulatory frameworks abroad. The trend toward financial surveillance is worldwide, with governments now monitoring payment systems across borders.
Where it all started
The year 1970 heralded a transformative period in financial privacy with the enactment of the Bank Secrecy Act. Its aim was to address concerns over secret foreign bank accounts by gathering more information on people’s financial activities, in order to combat the concealment of wealth in overseas accounts.
The BSA introduced a paradigm shift by requiring financial institutions to maintain records of customers’ transactions and personal information and to report significant transactions, specifically those exceeding $10,000, to the Treasury Department. This legislative move transformed financial professionals into de facto government informants, reporting on Americans for the mere act of engaging with their finances.
The law sparked considerable debate, drawing criticism from various quarters, including Congress, the banking sector, and civil liberties organizations. The New York Times even reported at the time that the law was unconstitutional. A legal challenge ensued, questioning the BSA’s compatibility with the First, Fourth, and Fifth Amendments.
Central to the legal debate was the Fourth Amendment, which safeguards individuals against unreasonable searches. The mandate for financial institutions to divulge personal financial information without a warrant was perceived as an infringement of this constitutional protection.
Despite these concerns, the Supreme Court ultimately upheld the BSA, reasoning that information shared with banks constitutes business records rather than private data, thus not warranting the same expectation of privacy. This completely undermined the expectation of privacy that people had always had with their banks.
The Supreme Court at the time commented that the reporting requirements for the banks were not an undue burden, because they applied only to “abnormally large transactions.” $10,000 in 1970 was indeed seen as abnormally large, because the purchasing power of the U.S. dollar was so much higher back then.
To put this amount in context, in 1970 $10,000 would buy you a new house in some areas. From this perspective, if you were paying all cash for an entire, brand new house, it might be a suspicious enough and rare enough occurrence that it was not seen as a burden on financial institutions to report this, nor an unreasonable intrusion into people’s daily lives.
However, the BSA never included any adjustment for inflation. Year after year, the purchasing power of the US dollar disappears, which means that this financial surveillance has silently and insidiously crept further and further into our lives. Now this threshold has extended into everyday transactions.
Since 1970, the Bank Secrecy Act’s powers have not only expanded silently through inflation but explicitly through all kinds of amendments that increase its scope.
The Annunzio-Wylie Anti-Money Laundering Act
One subsequent expansion of the BSA worth noting was the Annunzio-Wylie Anti-Money Laundering Act of 1992. It broadened the scope of reportable activities through the introduction of Suspicious Activity Reports (SARs). This shift from reporting threshold-based transactions (of $10,000 or more) to any transaction considered “suspicious,” regardless of size, opened the floodgates to a firehose of financial reporting.
Another big change that the Annunzio-Wylie Anti–Money Laundering Act ushered in was around transparency of these surveillance programs. When the Bank Secrecy Act was first introduced, it was countered with something called the Right to Financial Privacy Act, that essentially said that if people’s finances are being looked into, they at least need to be told about it, and that way individuals would have the right to push back and hold overreaching entities accountable if they felt their rights were being violated.
The 1992 Annunzio-Wylie Anti–Money Laundering Act made it illegal for your bank to tell you if it filed a SAR. To this day, you’re not allowed to know if your bank filed a report to the government for you using your own money.
It also introduced “safe harbors” for banks who share information with law enforcement: under the Annunzio-Wylie Anti–Money Laundering Act banks can’t be sued or held liable for giving data to law enforcement. There were no longer repercussions, or accountability measures to protect citizens against overreach of reporting.
This really ushered in a new era of mass surveillance of the financial activity of innocent Americans. The banking sector’s role has evolved from safeguarding depositor privacy to facilitating government surveillance. It’s also a major reason why people have this illusion of financial privacy. They just don’t realize what’s been happening, by design, because the whole surveillance process has been made confidential.
The Patriot Act
Last week I did a deep dive into the Patriot Act and how it was a watershed moment for financial surveillance, but I’ll provide a quick recap of some of the major changes. Basically, the Patriot Act was the Bank Secrecy Act on steroids. Title III of the Patriot Act, The International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001, aggressively cemented financial surveillance as a normalized part of everyday life.
First was the formalization of “Know Your Customer” (KYC) regulations, which have since become a staple in the arsenal of financial surveillance tools.
Before 2001, banks and institutions determined their own risk tolerance, and what customer information they needed to collect. The Patriot Act introduced minimum ID standards. It enforced a Customer Identification Program (CIP) for every bank, broker-dealers, mutual funds, and other similar institute in the US. These entities had to collect and verify government-issued IDs for every customer. They also had to cross-check identities against government watchlists.
This is when financial anonymity became illegal.
The Patriot Act also allowed unprecedented data sharing across agencies and borders. There used to be stringent rules about which government departments are allowed to share data with each other, again to protect citizens from overreach. Sections 351 and 358 broke down specific information-sharing barriers between the FBI, CIA, NSA, FinCEN, and foreign governments.
The Patriot Act also expanded safe harbor laws and allowed banking information to be shared with intelligence agencies. Mass data pipelines from private banks to the surveillance state were legalized overnight. Banks were encouraged to proactively share customer data with intelligence, without fear of being sued by the customer because they would have legal immunity.
It covered liability under “any contract or other legally enforceable agreement.” So if you had a contract with your bank that they’d keep your information private, the government said the bank now had immunity if they shared that information and broke the contract.
The intent of The Fourth Amendment was to stop the government getting your information without a warrant. But right now we have a system where the government has mandated that banks collect this information of their behalf, demanded they hand over the information, and then granted the banks legal immunity for this sharing or data, even if doing so broke “any contract or other legally enforceable agreement” of privacy between you and your bank.
On top of this, Section 314(b) created a safe harbor for financial institutions to share customer and activity information with other financial institutions, when they in good faith suspect money laundering or terrorist financing. It unleashed a torrent of data sharing, all legally protected.
Banks were now both required to report SARs and other information to the government, and they were legally shielded for aggressively and proactively doing so, and were also allowed to exchange intelligence with other banks. It fueled the private-sector surveillance grid that we have today, and deputized the financial system as investigatory agents in it.
The relationship between banks and Intelligence agencies was also formalized and made permanent. For example, it introduced something called government “broadcast lookups” where FinCEN can blast a query to thousands of financial institutions, and and banks must search their records quickly and report back. This shifted the relationship from passive reporting, to creating on-demand, system-wide queries, where banks have been deputized as active responders and participants.
Under the Patriot Act, FinCEN’s mission was also codified as financial intelligence, giving it a permanent mandate and making it a statutory intel hub.
The result is a permanent, legally protected data flow where financial institutions are effectively deputized, and customer information moves quickly to law enforcement and intelligence agencies.
Furthermore, we were told the Patriot Act would be a temporary measure, but it ended up lasting forever.
Omnibus bills for creeping surveillance
The trend of utilizing omnibus bills to quietly introduce or expand surveillance measures is ongoing. The American Rescue Plan Act of 2021, another omnibus bill, introduced surveillance to anything involving a payment transmitter (for example, PayPal, Venmo, or Cash App) that has $600 or more of transactions in a year.
In 2022, Congress floated the Special Measures to Fight Modern Threats Act, which aimed to eliminate some of the checks and balances placed on the Treasury. The Treasury Secretary has a special ability to sanction transactions and because this is such a powerful tool, there’s always been a check on this power — The Treasury Secretary has to report every time they do this in the Federal Register. The Fight Modern Threats Act tried to remove this reporting requirement, which would allow the Treasury to use these powers even more.
This bill hasn’t been passed, but it also hasn’t gone away either. Similar ideas keep resurfacing while Treasury continues to use existing Section 311 authorities through fresh 2025 actions.
There is an ongoing onslaught of bills that try to expand financial surveillance, and each time another one slips by, financial privacy in our lives is chiseled further and further away. It’s an offensive attack on the privacy expectations of innocent Americans.
Financial surveillance at the border
In September 2025, the Treasury’s Financial Crimes Enforcement Network (FinCEN) renewed and expanded a Geographic Targeting Order (GTO) that dramatically lowers the reporting threshold for cash transactions in certain areas, from $10,000 to transactions as low as $1,000.
This means that thousands of routine financial activities, like cashing a check or sending money to family, are now tracked and reported to federal authorities. The order compels businesses to collect personal information, file detailed reports, and retain records for five years.
Several lawsuits brought by the Institute for Justice have won preliminary injunctions, arguing that the GTO is unconstitutional, burdensome, and offers no proven crime-fighting benefit. Despite those court rulings, the government has appealed and continues to enforce the order in most affected areas.
CBDCs
The worst may be yet to come. Across the world, government officials have been increasingly considering central bank digital currencies, or CBDCs. A CBDC is a national currency that is a direct, digital liability of the central bank. You can think of it as a digital form of the dollar, but it’s much more than that. It would put the government in the middle of every financial transaction.
Rather than having to get our financial information from banks, the government would have access to every transaction directly. While right now, cash still affords people a private means of payment, a CBDC would eventually take the place of digital cash and eliminate that final privacy safeguard.
Furthermore, CBDCs aren’t just a digital form of money. They represent what’s known as programmable money. Rules can be coded directly into the money itself, dictating how it can be used. Money could instantly be frozen, savings seized, or certain transactions could automatically be prohibited according to predetermined rules about how money is allowed to move. Politicians are already salivating over such potential use cases.
It’s possible that the government could even do things like erase money that’s not spent fast enough, if they wanted to stimulate the economy.
Unfortunately, CBDCs are not simply theoretical. Basically every country in the world is currently exploring them. You can take a look at the Human Rights Foundation’s CBDC Tracker to see exactly where each country stands, and who has already launched one.
Those who champion CBDCs talk about how it will make our financial system more efficient, and bring it into the new age. Attention is focused on the shiny rhetoric, while yet another financial surveillance tool is slipped silently into our lives, making financial freedom just that little bit harder.
The cost of a zero-crime society
The legislative journey from the Bank Secrecy Act to the present day reflects a steady expansion of financial surveillance, driven by various rationales from combating crime to national security. When you erode financial privacy, critical questions need to be raised about the balance between security measures and individual rights.
Namely, to what extent should we as a society permit pervasive surveillance in the name of stopping crime?
To answer this question, it’s important to first recognize that the optimal crime rate is not zero. It’s a spicy take, but stick with me.
While a world with zero crime may intuitively seem better than a world with some crime, it depends on the costs of getting to that zero-crime world. We can’t bring the world to a halt to stop someone jaywalking, because the cost is too high. You can’t burn down a city to stop someone stealing a pack of gum. The cost is just too high.
We as a society need to have a conversation about which costs we’re willing to bear, and the balance we want between surveillance and privacy.
Traditionally that balance has been the Constitution, and in particular the Fourth Amendment. But the Fourth Amendment has been decimated in the digital age, and we’ve lost sight of that original Schelling point. We’ve tipped the balance scales in the complete opposite direction of the individual by stripping people of their right to privacy and allowing omnipotent surveillance of every financial activity, in the name of stopping anyone from ever committing a crime. And this cost is far too high.
Privacy is essential for a free society. If you eliminate this very thing that makes a free society possible, no matter what righteous cause you profess to be advancing, it’s a cost we can’t afford to bear.
It’s through surveillance that our freedoms are limited. Every totalitarian regime in existence maintained power through pervasive surveillance. Our financial activities reveal intimate details about us, including our religious beliefs, daily habits, and the causes we support that might hold powerful people accountable or challenge political authority.
Without financial privacy, all of these aspects become vulnerable to exploitation, and those involved are susceptible to being targeted. We must be vigilant against creeping surveillance that shifts the balance of power away from the individual.
And don’t get me wrong, removing the mass-surveillance apparatus we’ve created doesn’t mean ending the fight on crime. It just means respecting Fourth Amendment protections. If the government wants your information, they can get a warrant and prove probable cause. It’s not supposed to be absurdly easy for the government to dive into people’s private information. The purpose of the Constitution is to restrict the powers of government and protect the people.
Yet over the past few decades, we have slowly built a system of unchecked financial surveillance that makes it trivial for the government to search your affairs with impunity, and with almost no oversight or accountability. It’s time to question whether this is the world we want to live in.
In summary: This is the new normal, and we need to push back.
The landscape of financial interaction was markedly different fifty years ago. Customers enjoyed greater autonomy in opening accounts and managing their money, often choosing to engage with banks based solely on the cash they possessed. The era was characterized by less scrutinized transactions and, occasionally, the absence of ID requirements for account setup. The discretion once afforded to banks in determining necessary information for account creation has been supplanted by federal mandates, with customer information no longer confined to the private domain of the bank-customer relationship.
Financial institutions now file 30 million reports annually under the BSA, often erring on the side of over-reporting to avoid potential penalties. This practice underscores the pervasive nature of financial surveillance, with significant costs borne by both the industry and consumers.
The BSA marked a fundamental shift in the confidentiality dynamics between individuals and financial institutions, effectively involving the government in financial interactions instead of allowing people the dignity of privacy.
As surveillance mechanisms become increasingly embedded within the financial system, the safeguards of freedom are slowly chipped away, and the worst part is that nobody really recognizes that this is what is happening. Most people continue to hold on to the illusion of privacy, because what’s actually going on has been both hidden from view and normalized.
Changing this is an uphill battle, but it’s one that’s worth fighting. The first step is just making people aware of how far financial surveillance norms have shifted in just a few decades. The narrative of combating terrorism and serious crimes, while compelling, must be weighed against the potential for overreach and the erosion of fundamental liberties. It is through ongoing dialogue, rigorous oversight, and a commitment to upholding individual rights that society can navigate these challenges, especially in today’s increasingly interconnected world.
You should be able to use your own money without being tracked, profiled, and stored forever in a government database, and without banks being allowed to trade your financial data with each other. Let’s fight to bring back dignity to the financial landscape.
Yours in privacy,
Naomi
