Whoever leaked Michael Cohen's bank information to lawyer Michael Avenatti - something that would've required accessing a federal database - their identity likely won't be a secret for long.
That's because anyone who accesses the government's Financial Crimes Enforcement Network will leave a digital trail that will likely lead law enforcement to discover the identity of whoever leaked the information to Avenatti, according to Bloomberg.
The fact that the information was released at all does offer several clues. According to information released in an interview with Ronan Farrow, and the fact that experienced users would likely be aware of the audit trail left by a search of Cohen's records, it's likely that whoever it is likely doesn't regularly use the database.
The individual provided an explanation for the leak in an interview with Ronan Farrow of the New Yorker, who referred to the person as an official and not as a man or woman. The official says that he grew alarmed that he was unable to find two earlier reports made by First Republic Bank about transactions in Cohen’s consulting account and that he feared information was being withheld from law enforcement officials.
Explaining his motivation, he said he knew that leaking the suspicious activity report violated bank secrecy laws but was willing to take the risk out of concern that similar reports involving Cohen had mysteriously disappeared.
According to Bloomberg, more than 10,000 agents, analysts and investigators from more than 350 federal, state and local agencies across the US can access the database, which logs approximately 30,000 searches a day.
In another sign that Avenatti's source may not have been an expert, Avenatti’s trove of records included transactions involving other Michael Cohens who weren't related to Trump's personal attorney. Whoever it is could face consequences, including legal repercussions.
"Government employees and law enforcement personnel with access to the system are not authorized to publicly disclose SARs," FinCEN spokesman Steve Hudak said.
There's perhaps the best reason to believe that whoever leaked Cohen's records was unfamiliar with the system is that, while they expressed "concern" about the attorney's vanishing financial reports, they were apparently unaware of several legitimate reasons why these reports wouldn't appear in the database. For example, they could've been restricted because they had become part of an investigation.
If that were the case, investigators wouldn't want to risk a leak allowing others to access sensitive reports.
"Under longstanding procedures, FinCEN will limit access to certain SARs when requested by law enforcement authorities in connection with an ongoing investigation," Hudak said.
Of course, as Bloomberg points out, prosecutions involving the disclosures of suspicious activity reports are rare - mainly because leaks of FinCen data are rare. But some people familiar with FinCen's thinking say whoever leaked the data will almost certainly be charged with a crime.
"The leaker is taking an extraordinary personal risk for greater transparency," said Duncan Levin, a former federal and state prosecutor who dealt extensively with the FinCEN database.
"Whoever did this has added immeasurably to the public conversation and likely knows full well how much legal risk he or she is now facing."
Indeed, convictions aren't unheard of. A former official with Chase Bank in California was convicted in 2011 of wrongfully disclosing a suspicious activity report of a customer suspected of committing mortgage fraud. Frank Mendoza, the bank official who was convicted for the disclosure, used this information to try and shake down a customer whom he suspected was guilty of bank fraud.
In late 2008, Mendoza's bank filed a suspicious activity report. In 2009, Mendoza approached the borrower, told him about the report that Mendoza's bank had filed, and said a federal investigation into his business was likely. Alternatively, Mendoza said the customer could pay him $25,000 to help make the problem disappear.
The borrower instead went to the FBI, which allowed him to play along. Mendoza was then arrested, charged and, following a one-week trial, convicted on three counts of bank bribery and one count of unlawfully disclosing a suspicious activity report. The deliberations lasted 30 minutes.