Summary
holding that a bank's disclosure that it suspected its customer of violating laws, whether or not the disclosure was prompted by a government agency's request, was permissible under § 3403(c)
Summary of this case from Toader v. J.P. Morgan Chase Bank, NAOpinion
No. 95-55288
Argued and Submitted May 7, 1996 — Pasadena, California.
Filed August 12, 1997
Burton V. McCullough, Los Angeles, California, for the plaintiff-appellant.
Robert M. Dawson at argument, Calvin House on briefs, Fulbright Jaworski, Los Angeles, California, for the defendant-appellee.
Appeal from the United States District Court for the Central District of California, Stephen V. Wilson, District Judge, Presiding.
D.C. No. CV-93-05767-SVW.
Before: Cynthia Holcomb Hall, Diarmuid F. O'Scannlain and Andrew J. Kleinfeld, Circuit Judges.
OPINION
This case turns on an exception, 12 U.S.C. § 3403(c), to the Right To Financial Privacy Act, 12 U.S.C. § 3401, et seq. The issue is whether a bank employee can tell an inquiring federal agent anything about a customer's account, and if so, how much, without subjecting the bank to liability.
FACTS
Dr. Antonio Puerta, the appellant, opened a bank account at Security Pacific National Bank under an alias, Anthony Simon. He used a Spanish passport with that name as his identification. He deposited a little under $100,000 when he opened the account, but withdrew every penny of it five days later. About three months later, Puerta wrote a check for $164,000 on the empty account, and tried to deposit it in a different Security Pacific branch. The deposit was not accepted, because the bank ascertained that there was no money in the account on which the check was drawn.
Subsequently, Puerta tried to make a $900 deposit from the empty Security Pacific account into an account at a Bank of America branch, and draw $750 against it. The teller's computer flashed a warning, so the manager called Security Pacific to ask about the check. Security Pacific told her that the account had been closed and the check would not be honored, so she called the sheriff's office and reported a suspected attempted fraud. A deputy sheriff arrested Puerta at Bank of America and found in his wallet multiple driver's licenses and other identification documents in the following names: Anthony Port, Anthony Simon, Medina Puerta, Antonio M. Puerta, Antonio Simon Palmer, Anthony Port Martin, Anthony Martin Simon. The county sheriff obtained records from Security Pacific showing that Puerta had opened the account using a Spanish passport under the name Anthony Simon. A Spanish passport in the name of Antonio Simon Palmer was taken from Puerta at the time he was arrested at the Bank of America branch.
A deputy sheriff called Special Agent Alan L. Ater of the Bureau of Diplomatic Security, United States Department of State, Los Angeles Field Office. The deputy sheriff told Agent Ater about the arrest and the Spanish passport. He also told him that the photograph of "Antonio Simon Palmer" on the passport was of the same person as the man arrested, who identified himself as Anthony Port, and that the man had used the passport to open the account at Security Pacific. Agent Ater matched the photograph on the passport to the INS alien file of Antonio Medina Puerta, a naturalized citizen from Spain, who had changed his name to Tony Anderson when he attained citizenship.
Agent Ater then called the Security Pacific branch where Puerta had established and quickly cleaned out his account some months previously. The vice president there, Marcia Cevallos-Hoffer, already knew about Puerta's check kiting, because a fraud investigator in her bank had told her about Puerta's attempt to deposit and then withdraw $164,000 from another branch by means of a check drawn on the empty account. The banker did not call the federal agent. She faxed the bank's branch in Geneva, Switzerland, to warn them that Puerta was being investigated for international check kiting, but did not call the authorities. The local authorities already knew about Puerta, having caught him red handed. The deputy sheriff, not the banker, called the federal agent and initiated the federal contact with the bank.
In the phone call, Vice President Cevallos-Hoffer told Agent Ater that she had a photocopy of a Spanish passport for "Antonio Simon Palmer" after he asked her if she had a copy of the passport. The banker did not tell the agent anything about any of the activity in the account, or that it had been closed.
Agent Ater then met with Vice President Cevallos-Hoffer. He showed her a photographic spread, and according to his affidavit, she identified the INS file photograph of Antonio Medina Puerta as the same person who used the Spanish passport in the name of Antonio Simon Palmer to open his account. The bank confirms this story in its answers to interrogatories. Cevallos-Hoffer confirms that she identified the photograph, but says she did not show Ater the bank's copy of Puerta's Spanish passport.
Puerta was convicted, as a result of this investigation, of unlawful procurement of citizenship, but his conviction was reversed. See United States v. Puerta, 982 F.2d 1297 (9th Cir. 1992).
Puerta was subsequently convicted of a more dramatic bank fraud, attempting to converting a $365 check into a wire transfer of $350,000 to an account in England, and that conviction was affirmed. United States v. Puerta, 38 F.3d 34 (1st Cir. 1994).
Puerta filed this civil suit against Bank of America and other defendants for a violation of the Right To Financial Privacy Act, 12 U.S.C. § 3401, et seq. Bank of America was sued, rather than Security Pacific, because a subsequent bank merger changed the identity of the defendant. The conduct at issue is exclusively that of Cevallos-Hoffer at what was then Security Pacific. The only appellate issue presented is whether Security Pacific violated the Act by Cevallos-Hoffer's response to Ater's inquiries.
ANALYSIS
The Right To Financial Privacy Act, 12 U.S.C. § 3401-3422, protects the secrecy of customers' financial records in banks, by limiting both federal law enforcement ability to obtain access to the information, and the bank's freedom to give it out. Regarding federal government access, the statute prohibits government access to information contained in customers' financial records, unless one of the statutory exceptions, such as customer authorization or subpoena applies. See 12 U.S.C. § 3402. The law also restricts banks. A financial institution is prohibited from giving government authorities access to information in customers' financial records unless one of the statutory exceptions applies:
§ 3403. Confidentiality of financial records
(a) Release of records by financial institutions prohibited. No financial institution, or officer, employees, or agent of a financial institution, may provide to any Government authority access to or copies of, or [sic] the information contained in, the financial records of any customer except in accordance with the provisions of this title.
(b) Release of records upon certification of compliance with chapter. A financial institution shall not release the financial records of a customer until the Government authority seeking such records certifies in writing to the financial institution that it has complied with the applicable provisions of this title.
12 U.S.C. § 3403(a), (b). Thus, in general, if a government authority asks a bank for access to or copies of information contained in the financial records of a customer, the bank may not release the financial records unless the government agent asking for them provides a written certificate of compliance. The statute lays out a carefully constructed scheme so that the customer generally gets notice of what is going on between the government and his bank, and may contest it, with exceptions. See 12 U.S.C. § 3408-3410. So long as the bank discloses financial records in good faith reliance on a government certificate of compliance, the statute provides the bank with a defense against a wrongful disclosure suit. See 12 U.S.C. § 3417(c). But if the bank responds to a government request by disclosing its customer's financial records without getting a written certificate by the government agent that the government has complied with the provisions of the title, then the bank may be liable to the customer for $100, actual damages, costs, reasonable attorney's fees as determined by the court, and in some circumstances, punitive damages. 12 U.S.C. § 3417(a); United States v. Frazin, 780 F.2d 1461, 1465-66 (9th Cir. 1986). Puerta's claim against the bank is that it gave out financial records, namely information about his Spanish passport, without getting a written certificate from Ater. The bank offers various arguments in defense, a number of which we reject, but one of which we accept.
A. Meritless contentions.
First, some underbrush. The bank argues that Puerta's argument should not be considered, because he cites some authorities, such as legislative history, which he did not cite in the district court. That argument is frivolous. An argument is typically elaborated more articulately, with more extensive authorities, on appeal than in the less focused and frequently more time pressured environment of the trial court, and there is nothing wrong with that.
The bank also argues that Puerta did not urge unavailability of the Section 3403 exception in district court on the ground urged here, that the federal agent rather than the bank initiated the contact. That is not true. Puerta's attorney made the argument only in passing in his opposition to motion for summary judgment. At oral argument, though, Puerta's attorney focused heavily on this exact point, especially beginning at page 23 of the transcript. The bank argued the contrary. The district judge considered the issue of whether the evidence showed who contacted whom, and whether it mattered, and concluded in his oral decision that it did not matter.
The bank also argues claim preclusion, on the basis of a state lawsuit where Puerta lost against what is now the same bank. In state court, Puerta had sued Bank of America, where he had tried to kite a $900 check on his empty Security Pacific account to get $750 cash; he had sought damages for being arrested when the bank called the sheriff. But that was a different bank from the one sued in the case at bar. The case at bar is against the bank on which Puerta drew the bad check, not the one to which it was presented, for disclosing one of his many identities well after the arrest when he had tried to kite the check. The appellee bank offers no authority for the proposition that a lawsuit against what was then a different bank, for a different wrong, at a different time, would bar this claim, related only because the two banks merged after the events were over. Puerta filed his action against Bank of America before the merger. Puerta therefore had two causes of action against two separate defendants at the time he filed his complaint, and his federal cause of action against Security Pacific is not precluded by the state court judgment in favor of Bank of America. See 18 Charles A. Wright, et al., Federal Practice and Procedure § 4407, at 52-53 (1981); Morris v. County of Tehama, 795 F.2d 791, 794 n. 4 (9th Cir. 1986) (California law).
See Puerta v. Bank of America, No. B083151 (Cal.Ct.App. Sept. 26, 1995).
B. Who called whom.
The bank won summary judgment in district court based on the statutory exception for notifying the government about suspected illegal activity:
(c) Notification to Government authority of existence of relevant information in records
Nothing in this title shall preclude any financial institution, or any officer, employee, or agent of a financial institution, from notifying a Government authority that such institution, or officer, employee, or agent has information which may be relevant to a possible violation of any statute or regulation. Such information may include only the name or other identifying information concerning any individual, corporation, or account involved in and the nature of any suspected illegal activity. Such information may be disclosed notwithstanding any constitution, law, or regulation of any State or political subdivision thereof to the contrary. Any financial institution, or officer, employee, or agent thereof, making a disclosure of information pursuant to this subsection, shall not be liable to the customer under any law or regulation of the United States or any constitution, law, or regulation of any State or political subdivision thereof, for such disclosure or for any failure to notify the customer of such disclosure.
12 U.S.C. § 3403(c) (emphasis added). Congress provided banks with a safe way to respond when federal agents call and ask about customers: get a written certificate of compliance from the government before releasing financial records. See 12 U.S.C. § 3403(b); see also 12 U.S.C. § 3417(c) ("good faith reliance upon a certificate" protects the bank from liability). The bank could have taken advantage of this safe harbor by asking the federal agent for a certificate, but did not.
The bank argues that all it did was provide notification to government authority as permitted by 12 U.S.C. § 3403. Puerta contends that Section 3403(c) makes an exception for the banks "notifying a Government authority," but here the bank did not do the notifying — the federal agent did. No one at the bank called the federal agency. The federal agent, based on information he had received from the county sheriff's office, called the bank.
The bank argues in its brief that "the actual evidence does not reveal who sought out whom." That is not true. Vice President Cevallos-Hoffer testified in her deposition that "Ater called my office" and arranged to meet with her personally. The bank admitted in its answers to interrogatories that "Agent Alan Ater ("Agent Ater") telephoned Cevallos-Hoffer" and "asked Cevallos-Hoffer if she would meet with him." There is no evidence at all in the record that anyone at the bank called Agent Ater or any federal law enforcement agency. Puerta produced cognizable evidence from which a jury could infer that the federal agent initiated the contact with the bank, rather than the bank initiating the contact with law enforcement. The bank failed to produce any cognizable evidence going the other way, despite its mischaracterization of the evidence in its brief.
Puerta's argument is that if the federal agent called the bank, then the bank cannot take advantage of the statutory exception for "notifying" the government. The argument treats the word "notifying" as referring to who initiates the contact. The idea is that if the bank calls the government, then so long as it does not say too much, it has no liability. But if the government calls the bank, the bank should refuse to say anything at all until the government agent provides a certificate of compliance with the Right to Financial Privacy Act.
[1] We read the word "notifying" in Section 3403(c) to refer to what the bank tells the federal authorities, not who calls whom. Literally, the word "notifying" means giving notice of or informing. American Heritage Dictionary of the English Language 849 (2d college ed. 1985). If lawyer A calls lawyer B to ask about a possible deposition, and B says "I just sent out a notice of deposition for that witness for the 23d," it is consistent with ordinary usage to say that A asked B about the deposition, and B notified A when it would be. Congress uses the word "notifying" in the subsection in the context of limiting what information a bank can disclose without liability, not when it can make the disclosure. A different section, the safe harbor for disclosures made when the government agent gives the bank a certificate, speaks to when the bank can safely make a disclosure. See 12 U.S.C. § 3417(c). A statute ought to be read as a whole, so that one can discern the coherent structure that often makes clear the proper construction of a particular part.
[2] Were we to construe the word "notifying" to mean that Section 3403(c) can protect a bank from liability only when the bank initiates the contact, we would import an unnecessary degree of arbitrariness. Agent Ater's title and office are esoteric, "Special Agent, Bureau of Diplomatic Security, United States Department of State, Los Angeles Field Office." Many bank tellers know that they can call the sheriff's office or the FBI about an apparently crooked scheme being perpetrated, but few are likely to have ever heard of Agent Ater's office. If a federal agent calls local banks to alert them that an international check kiter is making the rounds, and a banker says "I think your crook is here right now," there is no practical reason to treat the banker's disclosure as unprotected by the statutory exception because the federal agent dialed the phone. If courts were to focus on whether the federal agent merely spoke generally or asked about a specific bank customer, we would encourage disingenuous use of code words and false testimony, more than we would protect bank customers against inappropriate disclosure of their financial information.
We do wish to address the respectable but mistaken argument to the contrary, that who calls whom does matter. A House report on what became the Right To Financial Privacy Act says that the exception applies "only if the bank volunteers the information," and the government "may not provoke such disclosures by making inquiries":
Section 1103(c) allows a financial institution to notify a government authority that it has information which may be relevant to a possible violation of any statute or regulation. This section is intended to permit such reports only if the bank volunteers the information. Government authorities may not provoke such disclosures by making inquiries. Once the government authority has received such a notification, it will be required to comply with the provisions of the title with respect to obtaining financial records and the information contained in them.
H.R. Rep. No. 95-1383, at 50 (1978), reprinted in 1978 U.S.C.C.A.N. 9273, 9322. The highlighted portions of this paragraph lend themselves to the inference that if the federal agent provokes a disclosure by a phone call, then the statutory exception does not apply.
But this language is not part of the statute. The statute says that its prohibitions do not preclude the bank "from notifying a Government authority" of the permitted matters. It says nothing about who called whom, or who "provoked" the notification. The legislative history suffers the usual infirmity, that it was not passed by both houses of Congress and signed into law by the President. For that reason, it is not the law. The staff person who wrote the House committee's legislative history might have represented accurately what all the House committee members meant to say in the bill but did not, which would give strength to Puerta's argument. Alternatively, the staff person might have been assigned to write what some committee members wanted in the bill but did not get, or to throw a bone to some pro-privacy lobbyist whose preferred language was rejected by the House committee. The staff person could have written the "history" before the bill was drafted, anticipating language that did not get into the bill. Legislative history need not be written with the same care, or scrutinized by those skeptical of the statute with the same care, as statutory language. There is no way for a House or Senate member outside the relevant committee to vote against legislative history, so there is not much reason for them or us to parse every sentence. In conclusion, regardless of whether the House report implies that it should matter who calls whom, the law, at 12 U.S.C. § 3403(c), does not condition the exception upon the bank's initiating the communication. The words of the statute condition the exception upon the bank's limiting what it discloses, not upon the bank's initiating the communication.
The statute provides a much more powerful restraint on the bank than that it be the recipient rather than the initiator of the phone call. The restraint is that if the bank discloses too much, then it is liable to its customer for actual damages, $100 even if there are no actual damages, costs and reasonable attorneys' fees, and punitive damages if the violation was willful or intentional. See 12 U.S.C. § 3417(a). That should generate training programs and memoranda to bank employees to keep customers' financial records confidential. Because of these statutory penalties, any prudent banker will require a written certificate in order to obtain the benefit of the statutory good faith defense, see 12 U.S.C. § 3417(c), § 3403(b), before disclosing a customer's financial records.
C. Did the bank reveal too much?
[3] The remaining question is whether Vice President Cevallos-Hoffer disclosed more to Agent Ater than Section 3403(c) permits. The statutory exception says that the statute does not preclude the bank "from notifying a Government authority that such institution . . . has information which may be relevant to a possible violation," which information "may include only the name or other identifying information concerning any individual, corporation, or account involved in and the nature of any suspected illegal activity." See 12 U.S.C. § 3403(c).
Puerta argues that (1) a preliminary staff advisory from the Department of Justice to its own employees says banks can disclose names and addresses of suspected individuals and specific offenses suspected to have occurred, among other things; (2) the banker did not tell the federal agent what specific offense Puerta was suspected of; so (3) the exception does not apply. This argument is not logical. That the bank may disclose "the nature of any suspected illegal activity" as well as "the name or other identifying information" does not imply that it must disclose the nature of the suspected activity as a condition of its statutory permission to disclose the name or other identifying information. In addition to being illogical, Puerta's inference makes no practical sense. Law students have struggled for centuries over the complexities of fraud, larceny by trick, false pretenses, false tokens, embezzlement, uttering a forged instrument, cheats, etc. The attempted simplification of the common law crimes in the California Penal Code substitutes dozens of statutory crimes for the common law categories. A banker might have a good eye for something crooked going on, but a lawyer in the prosecutor's office would have to give considerable research and thought to the question of what specific offense had taken place.
[4] Taking the evidence submitted in the summary judgment papers most favorably to Puerta, the bank disclosed the following information to the federal agent: Puerta was suspected of some sort of illegal activity regarding his account at Security Pacific; the Spanish passport used to open his account said his name was Antonio Simon Palmer; and the picture on his Spanish passport appeared to be the same as the one the federal agent showed the banker of Antonio Medina Puerta.
[5] The bank was allowed, by 12 U.S.C. § 3403(c), to tell the agent "the name or other identifying information" of its customer suspected of illegal activity, and the nature of the activity. The evidence is that Vice President Cevallos-Hoffer told Agent Ater nothing about the nature of the activity, although the agent could have inferred confirmation of what the sheriff had told him. The banker did not tell how much money was in Puerta's account, how much had been in it at any particular time, or what transactions took place in the account.
[6] Puerta's name has, throughout his activities, been no easy thing to ascertain, because of the number of names he has used. His Spanish passport, used to identify himself when he opened the account, was "other identifying information." Likewise, his physical appearance was "other identifying information." All of us who get money out of our accounts without showing the tellers our drivers' licenses are using the sound of our voices and our physical appearances to identify ourselves to tellers who recognize us as the account holders. Thus what the bank disclosed — Puerta's Spanish passport used to open his account, the photocopy and fax of the photocopy of his passport, and confirmation of what Puerta looked like — all fell within the permitted category of "other identifying information."
[7] The right way to read 12 U.S.C. § 3403(c) is not, "the bank can tell the government the name and nature of the activity, but cannot disclose financial records." The statutory definition of "financial record" at 12 U.S.C. § 3401(2) includes "any record . . . pertaining to a customer's relationship with the financial institution." That would include the customer's identifying information. To give meaning both to the definition at § 3401(2) and the exception at § 3403(c), § 3403(c) should be read to mean that the bank can disclose certain financial records, but "only [those providing] the name or other identifying information" and the "nature of any suspected illegal activity." These bits of information, whether in the customer's financial records or not, are all that the bank may disclose without a certificate.
We thus agree with the construction placed upon the statute in the careful analysis of the district judge, and conclude that he properly granted summary judgment.
No costs are awarded.
AFFIRMED.