The bill adds a new statutory section directing the Secretary of the Treasury to disclose to key congressional committees information about the volume of Bank Secrecy Act (BSA) reports held by FinCEN and the written protocols governing other agencies’ access to that data. It also requires the Treasury to review and, when appropriate, revise those protocols in coordination with national security and law‑enforcement partners to better tailor access, enforce nondisclosure, and protect legal rights.
The measure is narrowly focused: it prescribes reporting content and a review process rather than substantive changes to the BSA itself. By forcing regular reporting and formal review, the bill creates a structured transparency and oversight mechanism that could change how FinCEN balances operational secrecy, interagency access, and privacy protections for U.S. persons.
At a Glance
What It Does
Amends chapter 53 of title 31 by creating section 5327. The Secretary must deliver an initial report to the House Financial Services Committee and the Senate Banking Committee within 180 days of enactment and annually thereafter, documenting report counts and describing written protocols for national security, law enforcement, and intelligence access to FinCEN data. The Secretary must annually review and, as appropriate, revise those protocols in consultation with the Director of National Intelligence and the Attorney General, and notify the committees of revisions within 30 days. The statutory addition sunsets after seven years.
Who It Affects
FinCEN/Treasury (responsible for compiling and producing the reports and revising protocols); federal national security, law enforcement, and intelligence agencies that query or receive FinCEN data (whose query counts and denials must be reported); and congressional oversight committees that gain a regular, documented window into access practices. It will also interest privacy advocates, financial institutions that submit BSA filings, and legal counsel for affected entities.
Why It Matters
This is a targeted transparency and governance intervention aimed at making interagency access to sensitive financial reporting auditable by Congress. For professionals, it creates a predictable oversight cadence and a public record that could influence agency behavior, litigation risk assessments, and compliance posture around BSA reporting and beneficial‑ownership records.
More articles like this one.
A weekly email with all the latest developments on this topic.
What This Bill Actually Does
The bill inserts a single, time‑limited reporting and review requirement into the Bank Secrecy Act architecture rather than changing who must file or what must be collected. Treasury (through FinCEN) must create an annual public-facing product for two congressional committees that explains how many BSA filings exist and how other agencies are allowed to read, retain, or disseminate that information.
The statute ties that transparency to operational governance: written protocols about agency access are the central object of disclosure and scrutiny.
Implementation will be a practical exercise in data curation. Treasury must assemble counts of different report types, preserve the inventory of retained filings, and compile any written guidance provided to outside agencies about who may search or receive FinCEN records.
The statute explicitly contemplates that the report will include not only protocol text but also metrics—such as the number of outside queries and any denials or revocations of access—so the committees can see both rules and operational compliance with them.The bill also builds in a governance loop: Treasury must review the access protocols annually with input from the Director of National Intelligence and the Attorney General and revise the protocols if appropriate to better align collection and dissemination with authorized objectives and legal rights. That review is meant to produce iterative tightening (or relaxing) of access rules, with committees kept apprised of any changes shortly after they occur.
Finally, the whole new section expires after seven years, making this an experimental transparency regime rather than a permanent restructuring of FinCEN’s authorities.
The Five Things You Need to Know
The statute requires Treasury to deliver an initial report within 180 days of enactment and then annually to the House Financial Services Committee and the Senate Banking Committee.
Each report must include counts of BSA filings by type since January 1, 2022, the total number of reports retained by FinCEN, and a description of written protocols or guidance for outside agency access.
Reports must disclose operational metrics about access, including the number of outside agency queries during the reporting period and any denials or revocations of access with reasons.
Treasury must annually review and, as appropriate, revise access protocols in consultation with the Director of National Intelligence and the Attorney General, and provide revised protocols to the committees within 30 days of change.
The added section (31 U.S.C. § 5327) is temporary: it is repealed at the end of the 7‑year period following enactment.
Section-by-Section Breakdown
Every bill we cover gets an analysis of its key sections.
Short title
Declares the Act’s short title, 'Financial Privacy Act of 2025.' This is purely nominal but signals the bill’s legislative focus on privacy and information controls rather than on altering filing obligations under the BSA.
Findings
Lists Congress’s factual predicates, including the aggregate volumes FinCEN has collected (currency transaction reports, suspicious activity reports, Form 8300s, and projected beneficial‑ownership filings). The findings justify the need for oversight by citing both the scale of collection and the sensitivity of the data, and they serve as legislative context for why the reporting and review mandate is necessary.
New reporting duty to congressional committees
Adds 31 U.S.C. § 5327(a), which sets out the required contents of Treasury’s report: annual counts of BSA reports by type since Jan 1, 2022; the total number retained by FinCEN; and a description of written access protocols provided to national security, law enforcement, and intelligence agencies. It also requires disclosure of any updates to those protocols during the reporting period and operational metrics such as query counts and denials. Practically, this forces Treasury to convert operational logs and internal policies into a form usable for congressional oversight and public accountability.
Annual review and interagency consultation
Creates a standing obligation for Treasury to review—and, where appropriate, revise—its protocols each year in consultation with the DNI and the Attorney General. The review must focus on tailoring data handling to authorized objectives, enforcing nondisclosure prohibitions, and protecting legal rights. This institutionalizes a regular governance conversation between Treasury and national security and justice partners about the tradeoffs between access and privacy.
Committee access and notice of revisions
Requires Treasury to provide copies of written protocols on request to the chairs or ranking members of the two named committees, and to give those committees copies of any revised protocols within 30 days of a change. That creates a near‑real‑time paper trail for committee oversight and reduces the chance that substantive protocol changes escape congressional notice.
Seven‑year expiration
Specifies that the newly added section is repealed at the end of seven years from enactment and that the chapter’s table of contents be amended accordingly. The sunset makes this a temporary statutory experiment intended to produce a finite record for evaluation rather than a permanent new layer of reporting requirements.
This bill is one of many.
Codify tracks hundreds of bills on Privacy across all five countries.
Explore Privacy in Codify Search →Who Benefits and Who Bears the Cost
Every bill creates winners and losers. Here's who stands to gain and who bears the cost.
Who Benefits
- House Financial Services Committee and Senate Banking Committee — Gain a consistent, structured flow of data and written protocols to inform oversight, hearings, and legislative choices about FinCEN access and data retention.
- Privacy and civil‑liberties advocates — Receive improved transparency about the scale of data collection and the mechanics of interagency access, enabling better advocacy and litigation strategy on nondisclosure and privacy protections.
- Defense and intelligence oversight offices (Congressional) — Obtain operational metrics (queries, denials) that help assess whether access to financial intelligence is being properly limited and tracked.
Who Bears the Cost
- Treasury/FinCEN — Must allocate staff time and systems work to compile historical counts, retain inventories in audit-ready form, draft protocol descriptions, and run annual interagency reviews; this imposes administrative and IT costs.
- National security, law enforcement, and intelligence agencies — Face additional scrutiny and potential administrative friction because their query activity and any denials will be documented and reported to Congress, possibly changing internal operational practices.
- Congressional staff and committees — Will need capacity to review, analyze, and follow up on the new data stream, which may require technical support and legal analysis to interpret operational metrics and protocol language.
Key Issues
The Core Tension
The central dilemma is transparency versus operational secrecy: the bill demands visibility into how sensitive financial data is held and shared to protect privacy and enable oversight, but too much disclosure or bureaucratic reporting can undercut legitimate national security and law‑enforcement uses, strain agency relationships, and produce incomplete or redacted information that undermines the statute’s oversight goals.
The bill tightens the paper trail around access to FinCEN data without changing substantive access authorities—so its practical effect depends on what the reports reveal and how committees act. Compiling accurate counts and query logs across disparate systems will be technically nontrivial; legacy databases, informal sharing arrangements, and classified access pathways may complicate the completeness and usability of the reports.
The requirement to disclose written protocols is helpful for oversight, but many operational constraints are implemented through nonpublic, classified, or compartmented processes that may not be fully reflected in the unclassified documents provided to congressional committees.
The consultation requirement with the DNI and Attorney General formalizes interagency input but does not prescribe how disputes over access or redactions are resolved. Treasury could legally produce redacted protocols or characterize some operational details as classified; the statute does not create an enforceable public‑access right or specify judicial review mechanisms.
Finally, the seven‑year sunset frames the statute as a temporary check rather than a permanent transparency regime, raising questions about whether short‑term visibility will drive lasting institutional change without follow‑up legislation or administrative reforms.
Try it yourself.
Ask a question in plain English, or pick a topic below. Results in seconds.