FinCEN’s record retention policy is detailed in the “Request For Records Disposition Authority” that FinCEN submitted to the National Archives and Records Administration. FinCEN’s policy for retaining CTRs, FBARs and SARs is as follows:
Delete/destroy data when 11 years old or when no longer needed for administrative, legal, audit, or other operational purposes, whichever is later. Older, legacy data from the 1980s previously downloaded to magnetic tapes and stored offsite are also covered by this item.
Stockpiling Bank Secrecy Act Records
At a minimum, this means that the FinCEN database contains approximately 179,000,000 BSA records*. That number represents 1 record for every 1.3 US adults. The definition of “no longer needed for administrative, legal or other operational purposes” is unclear but it could be interpreted to mean indefinitely
The media and public are attentive to the dragnet cell phone and internet data collection by the NSA. The New York Times reported last fall that the CIA is scooping up mass data on international money transfers “including transactions into and out of the United States” through a secret FISA court approved program.
While the Bank Secrecy Act program is not secret, it differs from some of the other government surveillance programs in that the program collects data on specific individuals including name, address, social security number, occupation and bank account numbers. The sheer volume of BSA reporting begs the question…
At what point is enough data, enough?