A blockbuster story about the whistleblower who revealed President Donald Trump’s personal lawyer received payments from various companies has placed attention on a fairly obscure unit with the Treasury Department that’s at the heart of regulating the financial system.

The New Yorker’s Ronan Farrow interviewed someone he called a “law-enforcement official” who leaked, per the report, after not being able to find two suspicious-activity reports on Michael Cohen, who received big payments from AT&T, Novartis and Korea Aerospace Industries. AT&T T, -2.24% and Novartis NVS, -1.65% have both called these payments mistakes, and senior officials at those companies have stepped down as a result.

The reports are maintained by the Treasury Department’s Financial Crimes Enforcement Network, better known as FinCEN. It’s a regulator so out of the limelight that not a single public speech from any FinCEN official has been made since Trump took office.

The official told The New Yorker that he or she had never witnessed any reports that weren’t on the system.

“The FinCEN database is basically regarded as the holy of holies when it comes to information about money laundering, funding terrorism, and other financial crimes. The idea that information could be deleted from the database is deeply frightening,” said Justin Slaughter, a partner at Mercury Strategies and former Commodity Futures Trading Commission official.

Peter Djinis, who previously worked at FinCEN and now is in private practice, said he’s not aware of any provision to delete a suspicious-activity report, but in highly sensitive cases, like ongoing terrorist threats and high-level criminal cases, access can be limited.

That’s what a statement from the agency released Thursday said: “Under longstanding procedures, FinCEN will limit access to certain SARs when requested by law enforcement authorities in connection with an ongoing investigation.” The FinCEN statement added that government employees and law-enforcement personnel are not authorized to publicly disclose SARs.

Treasury’s inspector general has said, even before The New Yorker article, that it is investigating the leak.

Thousands of law- enforcement officials — those with investigative positions at the federal, state and local level — can get access to the database. That ranges from agencies obviously associated with financial crime, like the Internal Revenue Service and the Federal Bureau of Investigation, to ones less associated with financial investigations, like the State Department or the Department of Agriculture.

That database is nothing short of gigantic.

Not just banks but brokers, check cashers, casinos and currency dealers have to file what’s called currency-transaction reports for every cash transaction totalling more than $10,000, and when appropriate, file suspicious-activity reports, or SARs.

FinCEN says it receives an average of 55,000 filings (not just suspicious activity reports) each day from more than 80,000 institutions. In 2017, banks and credit unions alone filed 490,175 suspicious activity reports, while what could be called Wall Street — securities and futures firms — sent in nearly 19,000 reports.

Djinis, who helped to set up the system, said a bank has to meet one of three standards before filing a suspicious-activity report. The first has to do with structuring, when there is repeated activity just below the $10,000 level. A second standard is if the bank believes the funding of an account is coming from an illicit activity, anything from drug trafficking to terrorism. And the third standard is if there’s unusual activity based on the patterns of an account, say a million dollar transfer to an account that previously only had thousands of dollars in it.

Special Counsel Robert Mueller knew about the corporate payments to Michael Cohen long before the whistleblower released records. Reuters

In any case, it’s not obvious what the whistleblower accomplished. Whether he or she knew it or not, Special Counsel Robert Mueller already was aware of the Cohen transactions, as AT&T and Novartis said they were contacted by investigators from his office last year. In theory, it’s also possible that the special counsel’s office didn’t know about the two files allegedly missing or restricted.

It’s not clear whether Mueller know about the transactions from the SARs or by examining Michael Cohen’s bank, First Republic Bank. And it’s possible that Mueller’s team requested the information in the FinCEN database be restricted.

“The motivations of the person who released the information are a mystery to me. There are ways for Mueller to get any missing info,” said Slaughter. “I wonder if more people will now start leaking information if they believe other information to be missing. This could get chaotic very fast.”

Djinis said the whistleblower has harmed what he or she was trying to protect. “Whoever did it I think did a bad thing,” he said. “I was pretty heavily involved in the implementation of the SAR, and one of the biggest concerns was exactly this, that highly sensitive information would be disclosed to the public.”

That puts banks in a terrible position and at risk of being sued, even though the law provides safe harbors from civil litigation. “If a bank has to worry about what information they do convey, [the reports] will become meaningless and pablum,” Djinis said.