Tuesday, November 14, 2023

In praise of anti-money laundering thresholds

Two seemingly separate stories, a crypto and a banking story, have a common thread in anti-money laundering thresholds.

In the first story, the New York Times shows how regular folks are increasingly losing their bank accounts because their bank perceives them to be engaging in risky behaviour. In the second, the U.S. government has proposed an expansive new rule that would require financial institutions to report all customers who use cryptocurrency mixers to the government.

Anti-money laundering thresholds underpin what I'll call the Pragmatic Compromise between the government and citizens, albeit a tenuous compromise, for reasons I'll explain.

The U.S. government and its various law enforcement agencies have the ability to get full access to bank records for the purposes of fighting crime. They can do so directly, that is, without having to proceed through the standard process of convincing a judge to approve a warrant. This is an incredible amount of power to have. To counterbalance this, a compromise of sorts has been agreed to that limits the government's access to bank records. A number of key financial thresholds have been established, below which transactions are protected from surveillance.

The most well-known method the government has for accessing your personal financial information is the requirement that banks submit currency transaction reports, or CTRs (see below), every time someone withdraws or deposits paper money. Banks don't submit a report for all cash transactions. The threshold for submitting is set at $10,000. So if you withdraw $9,999, your name and address won't be reported to the government. If you withdraw $10,001, you'll lose the threshold's protection and will be reported.

The modern U.S. currency transaction report [source]

The U.S. has a long history of providing direct government access to banking records. The practice began in 1945 when Treasury Secretary Henry Morgenthau Jr, invoking war-time powers, issued an executive order (see below) instructing banks to begin reporting currency deposits and withdrawals made by the public. Known as TCR-1 forms, these reports were to be forwarded every month to the government with information about the cash amounts involved and the identification of the individual making the transaction.

Morgenthau's reporting requirement was motivated by the desire to stamp out black marketeering, writes Paul Camacho, which had emerged as a way to evade war-time rationing programs. But even though the war soon ended and rationing ceased, the practice of cash reporting continued through the 1950s and 1960s, albeit on what must have been legally dubious grounds now that it was peacetime.

Henry Morgenthau's 1945 executive order on currency reporting [source]

In 1970, the necessary legal formalization to justify the reporting of bank information was provided when Congress passed the Bank Secrecy Act, which encoded directly into law the requirement that banks record and report cash transactions, as well as legislating a set of extra recordkeeping and reporting requirements. Over the years, additional recordkeeping and reporting standards were added by Congress to the Bank Secrecy Act, including the 1994 requirement that banks screen for "suspicious" transactions and report them to the government by submitting a suspicious activity report, or SAR (see below).

While there's certainly a law & order case to be made for providing governments with direct (i.e. warrantless) access to financial records, there's a pretty clear set of reasons why society should want to limit this power. Allow too much access and banks will inevitably get bogged down in the expensive bureaucracy of filing reports, which can lead to accessibility problems as the accounts of customers deemed to be a compliance nuissance are terminated—especially the ones who tend to make riskier but legal transactions. There's also the crucial question of the public's right not to be be snooped on, especially without a warrant and probable cause.

Suspicious Activity Report form, introduced in 1995

The first legal challenges to the government's direct access to bank records only came in the mid 1970s. But after hearing these cases (California Bankers Association v. Shultz and United States v. Miller), the Supreme Court allowed the entire data collection apparatus to remain intact. The majority ruled that there was no expectation of privacy in bank records, and that the recordkeeping and reporting requirements imposed by the Bank Secrecy Act do not violate bank customers' constitutional rights.

With the public having no constitutional protections against direct government access to bank records, the lone remaining counterbalance is the various anti-money laundering thresholds.

Which gets us back to the New York Times article (we'll touch on the cryptocurrency further down). The reasons for the growing debanking problem that the Times article highlights is complicated, but I'd suggest that one driver is a steady deterioration of two key reporting thresholds at the heart of the Pragmatic Compromise.

The original $10,000 cash reporting threshold was set back in 1945 by Henry Morgenthau, a level that was ratified in 1972 after the passage of the Bank Secrecy Act. This level has never been adjusted. (Morgenthau also set a second and lower $1,000 threshohold, but this only applied when banknotes in denominations of $50 or higher were involved).

Alas, inflation has been steadily eating into each thresholds' real value. When the Bank Secrecy Act was passed, $10,000 was worth $75,000 in today's dollars. In Morgenthau's time it was equal to $173,000. Either way, when the data collection apparatus was first established and the Pragmatic Compromise reached, most people's day-to-day cash withdrawals and deposits would have been sheltered from reported requirements. With the passage of time and inflation, a much wider swathe of civilian cash transactions have lost the protection offered by Morgenthau's $10,000 threshold. That means more snooping. It also means more debanking. Rather than absorbing the growing compliance costs of having "risky" cash-reliant customers, banks are closing accounts.  

As for suspicious activity reports, when they were first legislated in 1994 the government subjected them to a $5,000 threshold, which is equal to around $10,000 today. With inflation having effectively destroyed half of the value of the threshold, more and more regular transactions are falling under suspicion. As the Times points out, suspicious customers don't make for good customers: "Multiple SARs often — though not always — lead to a customer’s eviction."

The Pragmatic Compromise that society came to decades ago is being poorly administered. To restore it, what is needed is a reasonably-sized one-time "catching up" of the various thresholds to account for at least part of the inflation that has occurred over the years, and then periodic adjustments to these levels each year to account for subsequent inflation. Maybe that'll solve some of the problems brought to light by the Times.

Now let's turn to the crypto story. In addition to the two classic anti-money laundering reporting requirements, CTRs and SARs, the U.S. government is now proposing a third reporting requirement: one for crypto mixing.

Last month, the government announced that it deems mixing of cryptocurrency to be of primary money laundering concern. Any U.S. financial institution that knows, suspects, or has reason to suspect that a customer's incoming or outgoing crypto transaction involves the use of a mixer will have to flag it and send a report to the government. That report must include information like the customer's name, date of birth, address, and tax ID.

The US Treasury's proposed rule for treating crypto mixing as a primary money laundering concern [link]

Notably, there are no thresholds to this proposed reporting requirement. Any customer crypto transfer with even just a whiff of mixing must be reported by financial institutions to the government.

In its proposal (it isn't final, yet) the government grants that there are "legitimate purposes" for mixing. What are they? I think the popular view of crypto is that it is anonymous, but this isn't quite right. Every bitcoin or ether transaction gets recorded on transparent databases. This makes them trackable by anyone. In some respects, crypto may be the least privacy-friendly financial medium ever created. Mixing your coins in a jumble along with other's coins is one of the ways to free oneself from this all-seeing eye, both for criminals who have stolen coins and regular folks who don't want their financial lives displayed for all to see.

Given that there can be licit reasons for mixing, and putting this in the context of the decades-old Pragmatic Compromise, precedent would seem to suggest that the government should include a reasonably-sized threshold for reporting crypto mixing. If this was set at, say, $10,000 (and then adjusted yearly for inflation), then a customer could in theory mix $8,000 worth of bitcoins and then deposit them at an exchange, and that exchange would not need to report the transaction and the person who made it. Go above $10,000, and the customer will end up in a government computer.

Without a reasonable threshold, the same phenomenon that the Times documents with respect to bank customers will happen to crypto users. A wave of deplatforming will hit as financial institutions close the accounts of any customer that betrays even a hint of risky activity, much of which might only appear to be mixing when it isn't.

The government has the capacity for changing its initial stance on thresholds. If you go back to the early 1970s when the Bank Secrecy Act's thresholds were set by executive order, the government initially proposed a $5,000 threshold. After the public provided comments and grievances were aired, the final rule compromised and pushed it up to $10,000.

Likewise for SARs.

The government's original 1995 proposed rulemaking for suspicious activity reporting included no thresholds. So even a $10 or $20 suspicious payment would have been reported to the government. In response to public push-back, the government admitted that its first version of the rule would impose a "burden of reporting," and in its final version it introduced a $5,000 threshold for filing a SAR, which the U.S. has to this day.

The government also granted in its 1995 SAR decision that the adoption of a threshold was intended to "conform the treatment of money laundering and related transactions to that of other situations in which reporting is required." This seems to me to be a pretty clear admission of the Pragmatic Compromise; that reasonably sized dollar thresholds are a standard element of any anti-money laundering reporting requirement. I don't see any reason why the government's 1995 olive branch for suspicious activity reporting should not be extended to crypto mixing.


  1. "... its primary intention is to block what Canadian law professor Alan Young famously called two party consent crimes."

    Surely you aren't fault the money laundering statutes for jailing people involved in drugs and other two party consent crimes -- you should be blaming the actual drug laws themselves for that. Legalize drugs and then no one can be incarcerated for laundering drug money.

  2. “The practice began in 1945 when Treasury Secretary Henry Morgenthau Jr, invoking war-time powers, issued an executive order (see below) instructing banks to begin reporting currency deposits and withdrawals made by the public.”

    Minor point, but the executive order was issued by President Truman, not Secretary Morgenthau, even if it was at his request. Executive orders are the exclusive power of the president.