Shostack + Friends Blog Archive


FinCEN Effectiveness

At the Counter-Terror blog, Andrew Cochran writes: “Treasury Department’s FinCEN Unit Recovering From “Cyberjacked” E-Mail System:”

The most important impact of the cyberjacking has been to shut down the automated system whereby FinCEN and law enforcement request and receive information from financial institutions for use in terrorism and money laundering cases.

The system, enacted under section 314(a) of the PATRIOT Act, took several years and numerous hiccups to implement, but it’s operated quite smoothly for over a year. Starting in March, FinCEN posted 314(a) requests for information on a secure website for review and response by over 24,000 financial institutions. FinCEN periodically issues results of the 314(a) requests, with the most recent out on September 13 (I had posted discussions of 314(a) request reports earlier this year here and here). According to this report, the requests for information issued since the 314(a) request system began in February 2003 have resulted 157 cases involving terrorism or terrorist financing and 272 cases involving money laundering. The results of the cases thus far are, quoting from the September 13 report:

1091 Grand Jury Subpoenas
13 Search Warrants
154 Administrative Subpoenas/Summons/Other
77 Arrests
72 Indictments
10 Convictions

$14,405,053.64 Total Dollar Amount Located

In my opinion, that’s a good track record which merits a ‘congrats’ to FinCEN, law enforcement, and the participating financial institutions. Although there was no compromise in the 314(a) system itself, FinCEN was wise to shut it down while they run security tests. They plan to transmit 314(a) requests in another manner until they can restore the automated system.

That’s a good track record? 24,000 institutions all reviewing these requests for ten convictions? (And is that a normal ratio of 1258 subponeas/warrants/etc to 77 arrests?) No wonder our credit card fees are going up. Note especially the FDIC’s instruction:

SISS can only be accessed by the financial institution’s designated Section 314(a) points of contact. If you use a third-party vendor or product to conduct searches, your institution is still required to log on and review the information on the SISS. (Emphasis mine.)

As Cochran’s co-blogger Victor Comras pointed out, “these rules have turned out to be a much more controversial matter than originally envisaged, and have provoked the ire of banking managers across the country.” 24,000 institutions required to review an endless stream of requests to find, well, on first glance, it’s to find enough money to fund 28 September 11th scale attacks. Or perhaps, since roughly 2/3ds of the cases are “money laundering” not terrorism related, it’s enough “terrorist money” to fund 9 attacks. But its not broken down by investigation type, so its hard to say what fraction should be attributed to “terrorist financing.” Maybe they’ve seized some Convent’s savings account, much like they’ve put nuns on the no-fly list? I just don’t understand how this can be seen as a good return on investigative effort.

2 comments on "FinCEN Effectiveness"

  • BS says:

    Oh grow up. The banking community has been whining about regulations for years. If they had it their way they would still allow unknown individuals to come into banks and deposit suitcases full of cash without any id. Sound crazy? It was literally happening in the 70’s. And your credit card fees have nothing to do with the regulatory requirements of abank, no matter how much they would like you to believe it. Your $2 ATM cahrge for another bank? Pure 100% profit. Don’t be such a blind contrarian. Besides, terrorism related investigations take years YEARS (emphasis mine) to complete.

  • Adam says:

    So, BS, should I allow unknown individuals to come into my blog and deposit comments without any ID? Because you sure didn’t show any.

Comments are closed.