Unless you’ve been hiding under a rock or otherwise detached from the news during the past week, you’ve probably heard that the USA PATRIOT Act has expired. The story has been dominating headlines since midnight on Sunday, May 31, when the expiration officially took effect.
But most headlines are leaving out one important detail, so if you’re only a headline skimmer, you may want to read this: The USA PATRIOT “Act” didn’t actually expire. Only a few provisions of the 342-page act expired—one specific section to be exact, which is section 215. This section covers access to records and other items under the Foreign Intelligence Surveillance Act.
How Does Section 215 Affect Your Financial Institution?
What does this mean to you as a financial institution? Not much … Section 215 carried the “Lone Wolf” and “Roving Wiretap” provisions, which allowed U.S. intelligence and law enforcement agencies to target surveillance at suspected terrorists who may be acting alone without direct ties to terrorist groups. It also permitted the mass collection and monitoring of phone records of millions of Americans by the National Security Agency (NSA).
There was another lesser-known provision under Section 215 that permitted the FBI and CIA to collect other information, including information on financial data and transactions like wire transfers. Now before you get too excited, this does NOT mean that your institution is off the hook for retaining information on those transactions.
Misconceptions About the USA PATRIOT Act
This lesser-known provision is leading to the misconception that the entire PATRIOT Act has expired. And that’s simply not true. The vast majority of the act, including Title III (the International Money Laundering Abatement and Anti-Terrorist Financing Act of 2001), which carries the vast majority of requirements for financial institutions, is still in effect.
Financial institutions are still required to monitor for customers and transactions that could be related to terrorist activities through Section 314(a) and (b). You’re still required to verify the identity of customers through a customer identification program under Section 326. And you’re still required to have an established anti-money laundering program under Section 352.
Passage of the USA Freedom Act
Also adding insult to injury for those who thought they were off the “PATRIOT Act hook” was the passage of the USA Freedom Act on Tuesday, June 2, which saw expired parts of the law, including Section 215, restored and renewed through 2019.
So again, what does that mean for you as a financial institution? Not a lot. It’s business as usual when it comes to provisions under the act. However, individuals should know that the new USA Freedom Act did actually amend Section 215 to prevent the NSA from continuing its mass collection of phone data. Phone companies will now be responsible for the retention of data, and the NSA is authorized to obtain this data on targeted individuals, only with permission from a federal court.
Taking Note of Changes in Our Future
While revisions to the act do not mark mass changes for financial institutions, it’s important to take note. These are really the first major efforts to overhaul government surveillance since the USA PATRIOT Act was enacted, which could mark a potential shift in other areas of post-9/11 politics as well.
Amber Goodrich, Compliance Strategist for CSI Regulatory Compliance, has more than 10 years of financial industry experience. She is a Certified Regulatory Compliance Manager (CRCM) and Certified Bank Secrecy Act (BSA) Professional (CBAP).