This is a really accessible look at how the Patriot Act created the final surveillance state in which we currently live. It's worth reading just to give yourself a sense of how thoroughly banks sell your privacy out.
Before 2001, “KYC” existed in principle but was largely determined by banks. Institutions determined their own risk tolerance, and what customer information they would collect.
The Patriot Act introduced minimum ID standards. It enforced a Customer Identification Program (CIP) for every bank, broker‑dealers, mutual funds, and other similar institute in the US.
The Patriot Act broadened the definition of a “money transmitter”: Before 2001 it was just “a licensed sender of money.” After the change it covered any person engaged as a business in transmitting funds, including informal money transfer systems. That was a big expansion.
the Patriot Act came extended “safe harbor” provisions, where banks were encouraged to proactively share customer data with intelligence, without fear of being sued by the customer because they would have legal immunity.
I particularly enjoyed this aside:
"Just to put this into context: The 4th amendment is mean to stop the government getting your information without a warrant. So instead, the government mandated that banks collect that information, and then granted the banks legal immunity for sharing that information with the government. An egregious overstep of what was meant to be a constitutional protection, if ever I’ve seen one."
it introduce something called government “broadcast lookups”. This is where FinCEN can blast a query to thousands of financial institutions (like “do you have anything on X person/entity?” or “do you have anything matching these patterns?”) and banks must search their records quickly and report back.