Suspicious-Transaction Reports Seen Vulnerable to Hackers

contained in suspicious-transaction reports safe from computer hackers, a major trade group charged. The Independent Bankers Association of America said the Treasury Department's Financial Crimes Enforcement Network needs to do more to make sure that reports on questionable bank transactions are not vulnerable to anyone with a computer, a modem, and some spare time. "Fincen should have the appropriate security firewalls to restrict data base access," said IBAA president Richard L. Mount, who is also president of Saratoga (Calif.) National Bank, "especially since the sophistication of hackers has permitted them access to all types of data." The government has been streamlining the process of reporting suspicious transactions. A key part of the burden-reduction plan proposed by the four regulatory agencies would allow banks to submit reports to one place - Fincen - instead of sending a copy to eight different regulators. Fincen would then make the reports available to the rest of the government. Bankers agreed that the change will reduce red tape, but Mr. Mount noted in a letter to the Federal Deposit Insurance Corp. that putting all the information in one spot could be dangerous. In his letter, Mr. Mount urged the government to specify when and how any of the information contained in a suspicious activity report could be made available. In addition, he said penalties should be established for any person or agency that violates the confidentiality rules, and information should be automatically removed from the system after a given amount of time. But Steve Kroll, Fincen's general counsel, said the data base system will be much safer than transporting stacks of papers by truck, fax, or the mail, as is now the case. The agency will protect the suspicious transaction reports with elaborate access codes and tracking procedures. The data also will likely be subject to confidentiality requirements similar to those used at the Internal Revenue Service, he added. Mr. Kroll noted that, though no system is foolproof, Fincen is confident that private information in the data base will stay that way. John Byrne, senior federal regulatory counsel for the American Bankers Association, said shielding the information from people who should not see it will be a struggle. "It's an awesome task," Mr. Byrne said. But he added: "I'm more concerned about having copies of it sent to eight different agencies, and eyes being able to see it there, than having it sent to one agency."