Whether money transfer companies such as Western Union are financial institutions under the Right to Financial Privacy Act, which requires the federal government to obtain a valid subpoena or warrant to access individuals’ financial records and to provide the individuals with notice and an opportunity to challenge the access?
In 2022, news reports revealed a mass surveillance program that had been collecting and distributing the financial records of millions of people—mostly immigrants—who used money transfer companies to send money abroad. The program, run through a nonprofit called the Transaction Records Analysis Center (“TRAC”), obtained money transfer records from companies such as Western Union, MoneyGram, Dolex, and Ria, and made these records available to the Department of Homeland Security and over 600 other federal, state, and local police agencies.
Money transfers companies offer financial services like wire transfers, both domestic and foreign, for a fee. Money transfer companies are particularly popular with the under- and unbanked—people who are unable to open a checking account at a traditional bank. Immigrant communities in particular use money transfer companies to send money to family abroad.
The TRAC surveillance program has its roots in the mid-2000’s, when the Arizona attorney general first subpoenaed Western Union for all records of money transfers between several U.S. states and the Mexican state of Sonora. After Western Union successfully challenged the subpoena, the Arizona attorney general started an investigation into whether Western Union facilitated money laundering. As part of a settlement agreement to end the investigation, Western Union agreed in 2010 to hand over bulk transaction data detailing money transfer activities in the southwestern United States. Western Union also agreed to help fund anti-money laundering efforts, which ultimately resulted in the founding of the TRAC in 2014. Meanwhile, Arizona subpoenaed other money transfer companies—none of which challenged the subpoenas—and collected all of these records in the TRAC. Arizona then proceeded to give law enforcement agencies across the country access to the TRAC, including the Department of Homeland Security (“DHS”), which has been a user since at least 2017.
Since at least 2014, the TRAC has collected all money transfer transactions of $300 sent to or from the Southwest border region and, since 2015, all money transfer transactions of $500 or more from the “Watchlist States:” Arizona, California, New Mexico, Texas, and Mexico. This bulk collection has resulted in a stockpile of over 145 million money transfer records.
Western Union’s agreement with Arizona to fund the TRAC and provide it with financial records ended in 2019, at which point the Department of Homeland Security began to provide funding to the TRAC and to request bulk transaction data from Western Union and other money transfer companies. The TRAC continued to collect comprehensive bulk money transfer records until Sen. Rob Wyden’s inquiries into the program led DHS to suspend its role in requesting the data.
Following public revelations of the TRAC mass surveillance program, a group of individuals who have sent money transfer of $500 or more abroad from the southwestern United States brought a class action suit against DHS, ICE, and six money transfer companies, including Western Union, under the Right to Financial Privacy Act and the California Unfair Competition Law.
The Right to Financial Privacy Act requires that federal agencies obtain a valid subpoena or warrant to access customers’ financial records and to notify the customer prior to obtaining access so that the customer is able to challenge the access request. Not only were the customers’ bulk records obtained without valid warrants or subpoenas, but none of the defendants notified any of the customers that the government had requested access to their financial records.
The defendants moved to dismiss the suit, claiming, among other things, that money transfer companies are not financial institutions under the Right to Privacy Act.
EPIC filed an amicus brief in support of the class action plaintiffs’ opposition to the defendants’ motions to dismiss. EPIC’s brief explained the technological and legal changes that led Congress to recognize a right to privacy in financial records in the Right to Financial Privacy Act. The brief also argued that denying coverage of money transfer companies would decimate the financial privacy of immigrants and low income communities, which use money transfer companies for financial services because they are unable to afford to access the same services at traditional banks.