The European Parliament’s rejection of the SWIFT agreement, on 11 February, sent shockwaves through the US administration. A month later and still smarting from the vote, the US Treasury is absolutely determined to restore full access to SWIFT’s records, which it lost on 1 January 2010, when SWIFT transferred its non-US records to centres in the Netherlands and Switzerland. The Treasury says that SWIFT’s move, coupled with the MEPs’ rejection, have deprived it of crucial intelligence it needs to track terror financing. Specifically, it no longer has access to the records it is most interested in - for example, transfers from a Gulf Arab bank to a North African one - because SWIFT’s US centre in Virginia only covers US banks.

Asked if the US was considering signing bilateral agreements with Belgium or the Netherlands, where SWIFT’s headquarters and European data centre, respectively, are located, to get around the EP vote, a Treasury official told Europolitics: “Our first preference is for an EU-US agreement. But we cannot rule out any other possibilities”. The official said Parliament’s ‘no’ vote came as a surprise given that the November 2009 interim agreement was due to expire in October 2010 and MEPs had the power to approve or reject any more permanent agreement. The official viewed the vote largely as MEPs’ way of asserting the extra political clout they gained under the Lisbon Treaty.

As for the EP’s data privacy concerns, the official insisted they have already been addressed. “Data privacy was the centrepiece of the negotiations for the interim agreement. All the issues now mentioned were on the table.” The accord strengthened existing data privacy safeguards by creating a four-person review panel, the official added. Asked about objections to SWIFT transferring ‘bulk data’ to the US Treasury rather than doing more targeted searches, the official said there had been much misunderstanding about how the system actually works. Unlike a bank, which can search transactions using its account holders’ names, SWIFT is only a messaging company and thus cannot conduct searches this way. To comply with the Treasury’s subpoenas, therefore, SWIFT developed a special search capacity, in late 2001, when Treasury’s Terrorist Financing Tracking Programme (TFTP) was first set up.

“We have a stand-alone, top secret terminal at Treasury where SWIFT’s database can be accessed by a limited number of accredited individuals. When they do a search, they must give a legal justification, including their sources. They cannot simply enter a name.” The official stressed there already was adequate oversight of the searches. “Whenever a search is done, SWIFT officials are in the room monitoring it. SWIFT also employs an outside firm that audits the search logs and issues reports to SWIFT.” The official said the system was “excellent but not perfect,” admitting there was one instance where an official used the search tool inappropriately. As a result, that person “was removed from their position”. Searches were limited to counter-terrorism investigations and the Treasury has recently changed the search mechanism, specifically the ‘and’ and ‘or’ fields, to further limit the data that searches yield.

ALTERNATIVE ROUTES

Some have pointed out that the US now has an alternative - less intrusive - mechanism than TFTP to obtain the data it wants: the June 2003 EU-US Mutual Legal Assistance Treaty (MLAT). This treaty, after a lengthy ratification process, finally came into effect on 1 February 2010. However, the Treasury official insisted “this is not an appropriate mechanism” because, unlike SWIFT’s database, it would not yield information on non-European banks. SWIFT has cornered an estimated 80% of the global market in electronic financial transfers. Article 4 of MLAT, the article dealing with sharing information on bank accounts, is designed more for assisting investigations into past offences than for confirming intelligence tip-offs on future attacks.

The Treasury adopted a rule, on 10 February ⁽¹⁾- the day before the EP vote - implementing Article 4 of MLAT. The Treasury has granted EU law enforcement agencies the right to submit requests for bank account information related to money laundering and terrorist investigations via the Treasury’s Financial Crimes Enforcement Network (FinCEN). Washington expects that US federal law enforcement agencies will gain reciprocal access to information on suspect accounts in the EU, based on Article 4 of MLAT. Announcing this expansion of FinCEN’s existing programme, which dates from October 2002, FinCEN Director James Freis stressed “the hits we get back contain very limited information,” which was nonetheless crucial for investigators.

LITTLE INTEREST ON CAPITOL HILL

In the debate over access to bank records, the US Congress has been, in contrast to the European Parliament, remarkably quiet. On a visit to Washington, on 3-5 March, to strengthen operational links between Parliament and Congress, German MEP Elmar Brok (EPP), who voted against the SWIFT accord, told Europolitics: “SWIFT seems to be not so important on Capitol Hill”. The US Senate, for example, was not asked to ratify the November 2009 EU-US accord because it did not require US legislation to be modified. Some on Capitol Hill hope to enact a horizontal data privacy law to replace the US’ patchwork of sector-by-sector laws, but “this initiative has gone nowhere so far,” said one data privacy advocate. In the near future, US data privacy protections are likely to remain less stringent than the EU’s more uniform regime. Nor has the SWIFT issue registered prominently on the radar of US public opinion - again, in contrast to Europe. “SWIFT has a foreign feel to it because it is based in Brussels,” the data privacy advocate said. “It is also less controversial than, for example, government wiretaps of telephone conversations, because it is less intrusive.”

“Data privacy was the centrepiece of the negotiations for the interim agreement. All the issues now mentioned were on the table” 
⁽¹⁾  See www.fincen.gov/statutes_regs/frn/pdf/20100204.pdf