In 2021, BoA provided the FBI—voluntarily and without any legal process—with a list of individuals who made transactions in the Washington, D.C., metropolitan area using a BoA credit or debit card between January 5 and January 7, 2021. When that information was brought to the attention of Steven Jensen, the FBI’s then-Section Chief of the Domestic Terrorism Operations Section, he acted to “pull” the BoA information from FBI systems because “the leads lacked allegations of federal criminal conduct.” Documents obtained by the Committee and Select Subcommittee show that the FBI also provided BoA with specific search query terms, indicating that the FBI was “interested in all financial relationships” of BoA customers transacting in Washington D.C. and that had made “ANY historical purchase” of a firearm, or those who had purchased a hotel, Airbnb, or airline travel within a given date range.
In its June 22, 2023, letter to the Committee, BoA asserted that its actions “were within a legal process initiated by the United States Department of the Treasury.” Contrary to these assertions, however, documents on file with the Committee and Select Subcommittee indicate that the FBI—not the U.S. Department of the Treasury—initiated contact directly to BoA, and without legal process. As a result, it is unclear what “legal” process permits the FBI or BoA to share the sensitive customer information of potentially thousands of BoA customers and implicate them in a federal law enforcement investigation without any clear criminal nexus. To that end, BoA’s letter claimed that certain federal laws—namely, the Anti-Money Laundering Act and the Bank Secrecy Act—permit such an arrangement. However, these laws and corresponding regulations primarily contemplate information-sharing with the U.S. Department of Treasury and its components, not external correspondence with the FBI.