Washington (CNN) -- The CIA is collecting bulk records on international money transfers, using the same Patriot Act legal authority that has become the center of controversy in U.S. surveillance programs, a source told CNN.
A person familiar with the program said the agency's efforts are an outgrowth of terror finance-tracking programs that were established in the wake of the September 11, 2001, terror attacks and revealed that al Qaeda funded the hijackers using methods such as smuggled cash, money transfers, and credit and debit cards.
The Treasury Department and the National Security Agency have other programs that similarly focus on financial transaction data. The CIA program provides some redundancies intended to catch transactions that may not draw attention in other programs.
The Wall Street Journal and The New York Times first reported the existence of the CIA program Thursday night, saying it has sparked concerns from lawmakers.
The revelation comes amid debate in the United States over whether to pare back some surveillance in light of privacy concerns raised after former NSA contractor Edward Snowden leaked documents describing secret spy programs.
The CIA program focuses on transfers that the agency believes could be the source of terrorism financing and that use services such as MoneyGram and Western Union. The vast majority are purely non-U.S. transactions, but it includes some transactions to or from the United States.
Such U.S.-related transactions could raise concerns about data of U.S. people, which the CIA is generally prohibited from collecting.
The court that oversees Foreign Intelligence Surveillance Act has established legal rules governing the CIA program, as it has with NSA surveillance programs, and requires evidence of a connection to potential terrorism before data belonging to U.S. people can be accessed, the person familiar with the program said. The agency works with the FBI to target potential financing of terrorism.
A U.S. intelligence official said any activity in such programs includes what the government calls "minimization procedures to protect U.S. person information" and court-approved restrictions on specially trained analysts who can query the data, and on the length of time such data is allowed to be retained.
The CIA said it doesn't comment on "alleged intelligence sources or methods."
Dean Boyd, a CIA spokesman, said that "the CIA protects the nation and upholds the privacy rights of Americans by ensuring that its intelligence collection activities are focused on acquiring foreign intelligence and counterintelligence in accordance with U.S. laws."
Boyd said that the agency's activities are overseen by Senate and House intelligence committees, the FISA court, the Justice Department and other agencies.
A Western Union spokesman said: "We collect consumer information to comply with the Bank Secrecy Act and other laws. In doing so, we also protect our consumers' privacy and work to prevent consumer fraud."
CNN also received a similar statement from MoneyGram.
"We value our customers' privacy and work hard to protect it, just as we work hard to protect customers and others from fraud and other crime. We comply with the laws of all the countries where we do business, including the laws that govern privacy, government investigations, and compliance with lawful subpoenas and court orders," the company said.
"We have reporting obligations related to suspicious transactions, money laundering and other financial crimes around the world. The laws to which we are subject generally prohibit us from discussing details."
While the details of the CIA program provide new information on the scope of Patriot Act bulk records collection, U.S. government monitoring of financial transaction data has become well known since 9/11.
The 9/11 attacks cost al Qaeda between $400,000 and $500,000 to carry out, according to the 9/11 Commission, and the plotters transferred much of the money through readily detectable means via banks, money-transfers, travelers checks, and credit and debit cards. At the time, the financial transactions didn't raise any flags. Among the transactions uncovered after the attacks were MoneyGram and Western Union money transfers, the commission said.
Since the attacks the United States has tightened banking rules. The government collects data from the Belgian-based Society for Worldwide Interbank Financial Telecommunication, or SWIFT, which operates a global system that helps banks clear financial transactions. Banks, money transfer outfits and casinos are also required by the United States to flag suspicious transactions under the Bank Secrecy Act, which also is the law used to police money laundering and other illicit financial transactions.