How Federal Banking Laws Brought Down Eliot Spitzer

By Andrew Cochran


"But Spitzer had the money broken down into several smaller amounts of under $10,000 each, apparently to avoid getting around federal regulations requiring the reporting of the transfer of $10,000 or more, the sources said. The regulations are aimed at helping spot possible illegal business activities, such as frauds or drug deals. Apparently, having second thoughts about even sending the total amount in this manner because it still might reveal what he was doing, Spitzer then asked that the bank to take his name off the wires, the sources said. Bank officials declined, however, saying that it was improper to do so and in any event, it was too late to do so, because the money already had been sent, the sources said. The bank then, as is required by law, filed an SAR, or Suspicious Activity Report, with the Internal Revenue Service, reporting the transfer of the money that exceeded $10,000, but had been broken down into smaller amounts, the sources said."

And so began the federal investigation that resulted in the resignation of the Governor of New York, Eliot Spitzer (updated). Let's quickly run through the federal laws involved, for they are among the most important tools used to prevent, detect, and catch money laundering and terrorist financing. My sources are Congressional testimony in 2004 by a senior official of the Federal Reserve System, Jeffrey Breinholt's "The Bank Secrecy Act for Beginners," posted on February 14 on this year, and selected federal regulations.

These federal laws and regulations were added in layers as new transactions arose which exposed loopholes in existing law. In 1970, Congress passed the first such law, the Currency and Foreign Transactions Reporting Act, also known as the "Bank Secrecy Act" (BSA), with requirements for recordkeeping and reporting by banks and other financial institutions to identify the source, volume, and movement of funds for investigatory purposes. The BSA implemented the filing of Currency Transaction Reports, or CTRs, for currency transactions in excess of $10,000. The Money Laundering Control Act of 1986 imposed criminal liability for any person knowingly assisting in money laundering or structuring transactions to avoid reporting under the BSA. It also directed banks to establish and maintain BSA compliance procedures. In January 1987, all federal banking agencies issued regulations requiring banks to develop procedures for complying with the BSA and other AML requirements. By 1996, the federal financial regulators mandated that all banking organizations report any instances of known or suspected criminal or suspicious activity to the Treasury Department by filing a Suspicious Activity Report, or SAR (see this IRS website for more details). Unlike the CTR, there is no threshold dollar amount for filing a SAR. It was this form, filed by Spitzer's bank, which triggered the investigation.

After the terrorist attacks of September 11, 2001, Congress passed the USA Patriot Act, of which Title III was directed at mandating more anti-money laundering and terrorist financing mechanisms. Title III criminalized terrorist financing, for banks and other financial institutions, expanded the reach of the BSA filing requirements to all financial institutions (including broker-dealers and casinos), toughened customer identification requirements for those institutions, and greatly raised the awareness in the banking community of the need to watch for suspicious transactions and report them to law enforcement.

Would Spitzer had been discovered if he had engaged in his activity before the passage of the Patriot Act? Personally, I doubt it. But heightened awareness among bank employees, tougher bank examination procedures, numerous stiff penalties for BSA noncompliance, and extra press coverage all came in the past six years. These combined forces make it almost impossible for a highly public figure, such as a state Governor, to successfully structure transactions to avoid the BSA requirements. Financial institutions face even more regulatory requirements for "politically exposed persons" of Spitzer's rank.

These anti-money laundering and terrorist financing laws and regulations have been the subject of numerous other posts here since we opened, including the following:

Victor Comras, "Terrorism Financing: A New Emphasis on Tracking. But Will It Be Effective?" (typographical anomalies are due to the transfer of the post from our original site)

Andrew Cochran, "Highlights of First "U.S. Money Laundering Threat Assessment"" and "Bank Secrecy Act Compliance Not Getting Easier, But Not Broadening Either"

Dennis Lormel, "Bank Secrecy Act and National Security" and "Looking Back and Forward at Terrorist Financing and Money Laundering Highlights"

Jeffrey Breinholt, "The Holy Grail of Public-Private Counterterrorism Cooperation"

March 12, 2008 12:25 AM Link

Spitzer's quaint capture

By Roderick Jones


One of the stranger sides to the unfolding Eliot Spitzer story is that he was caught by a wiretap in conjunction with some irregular banking activity. This seems an exceptionally quaint way to be caught out in 2008 and doesn’t really say much for the New York Governors criminal skill-set. Traditional wiretapping has seemingly become a thing of the past (although clearly useful in catching dangerous high-end prostitution networks). The Economist ran a piece last week entitled ‘bugging the cloud’ highlighting the virtual impossibility of tracing calls that use VoIP and especially Skype. The article notes that the FBI is pushing Skype to build a special back-door that allows for lawful-intercept but so far this hasn’t happened. This is a useful signpost as Skype’s history is connected to that of Kazaa (the P2P file sharing software) through its founders. Kazaa evades certain legal requirements as its holding company (Sharman networks) is based in Vanuatu --a small Island nation in the South Pacific. It doesn’t seem too much of a leap to imagine VoIP companies or virtual worlds similarly headquartered in Vanuatu seeking to evade regulation. Meanwhile the programmer who developed ‘Pretty Good Privacy’ is developing a free VoIP product called Zfone, which could be wholly wiretap proof. Most virtual worlds now also have VoIP built into them so if Skype is a current problem, it does stretch the mind to wonder how the intelligence community is going to keep up with encrypted VoIP communications in a virtual world.

The tension between technological innovation and government attempts to frame a legislative and operational response seems at times to be at breaking point. Governments do bite-back from time to time but this often appears to be piecemeal. The reported request from the Pentagon for Google to take down street-views of its military bases seems reasonable but it only works because Google is in the USA. But what about, EveryScape? A recently launched online tool that ‘takes you through the doors of the world’s cities’. This would appear to be of more use to a potential attacker than Google Street View but there have, as yet, been no attempts to limit its scope. So how can government frame a response to technological innovation, which is straining and breaking traditional law enforcement activity? There does at least seem to be a straightforward legislative case for western governments mandating that VoIP technology companies, based within their jurisdictions, comply with official requests to build in appropriate technical measures so lawful intercept can be conducted. This would blunt the potential problems associated with Skype and Zfone. In the case of visual products such as Everyscape or Google Street View this gets a little harder but the principle that analytical co-operation should be built into their systems should be maintained. This still leaves the problems of Pacific Islands being used as jurisdictional bases but for now this remains a seemingly inevitable possibility rather than current fact -- much like the New York Governors resignation.


March 11, 2008 05:30 PM Link