Right to Financial Privacy Act

The Right to Financial Privacy Act (RFPA) of 1978, in principle, protects the confidentiality of personal financial records by creating a statutory Fourth Amendment protection for bank records. The Act was essentially a reaction to the U.S. Supreme Court's 1976 ruling in United States v. Miller, where the Court found that bank customers had no legal right to privacy in financial information held by financial institutions. In fact, it codifies both protections and situations in which there is no protection. Many of the provisions of the RFPA and BSA apply to detecting criminal activity by the employees of a financial institution, not only its customers.

Under the RFPA, there is only limited Fourth Amendment protection. Customers of financial institutions have no expectation of privacy when the institution believes either the client may be violating law, or if a Federal organization with foreign intelligence mission certifies, in writing, that the institution must disclose records. The only caveat here is that if the institution takes the initiative, it may not disclose actual records, only identifying information.

According to the American Bankers Association, the federal Right to Financial Privacy Act of 1978 (RFPA) governs the release of customer financial information to federal government authorities [ABA 2001]. "Generally, the customer must receive notice prior to the release of the information so the customer has an opportunity to challenge the release. However, there are several important exceptions, three of which are particularly pertinent in the aftermath of the terrorist attacks. While the financial institution still is restricted to supplying identifying information, not records, on suspicion of wrongdoing, responding to requests from organizations authorized to collect foreign intelligence is quite different. If the FBI is making a request for customer financial information because of its role in investigating foreign intelligence, it is permissible to turn over the information to them without complying with the notice provisions of the RFPA. It is imperative that the financial institution ask for and receive a certificate of compliance with the RFPA from the government authority in this type of situation. The compliance certificate is not a warrant.

The financial institution is protected from liability if it provides customer information in good faith reliance after receipt of a certificate of compliance." For this authority, "the FBI Director certifies in writing that the records are sought for foreign counterintelligence purposes and that there are specific and articulable facts giving reason to believe that the customer or entity whose records are sought is a foreign power or an agent of a foreign power."

In situations when an appropriate Federal agency gives a written certificate that its request complies with RFPA, and it deems that a delay in obtaining the records would "create imminent danger of: the financial institution must provide the records with minimum delay.
 * physical injury to any person:
 * serious property damage; or
 * flight to avoid prosecution"