[Note From Oct 2020: Consider this entire essay retracted, see here for why.]
In a sentence, it probably has the best anti-terrorism and anti-crime effect per dollar or man hour of any human endeavor – enabled by overzealous laws that seem to be used more for the threat of enforcement than to actually punish noncompliance.
Obviously, all laws should have a deterrence effect. If something is morally unacceptable, laws to punish it ought to, among many things, attempt to reduce frequency of occurrence. I get a bit worried when the laws can be a bit vague, and somewhat terrified when the laws are so broad that you could reasonably claim everyone is breaking them.
Know Your Customer laws can very easily fall into that trap. Financial institutions need to know their customers, what they do, and what's normal and abnormal in their transactions. That's sort of a broad mandate. If someone says they're granite wholesalers, I'm not sure what I would see that's unusual for them. If they sold to another business, I mean, why does anyone buy granite? Presumably for construction – but all businesses are indoors, and it could be they want fancy granite to give to a contractor. Is there any transaction, in any amount, to any other accounts that would surprise me? Perhaps regular, equally sized payments to non-construction firms. That'd be about it.
But I'm no professional – I'm not sure I'd be able to sleuth out suspicious behavior. But I've read several textbooks on forensic accounting, and tried to contact the FBI about details of this process (for the purposes of seeing if someone could make an engaging video game of this process – I still do not know, because the local office had literally no one who was responsible for answering that kind of question – not too surprising, I guess, it's both uncommon and not a priority). It seems complicated. But that's my entire point! I know some about accounting and have read textbooks about forensic accounting specifically, which makes me more than an idiot, and yet I'm not up to the task... but every bank must be. And given Know Your Customer requirements seem to rely on local branches physically seeing and speaking with people, at least occasionally, every branch must also have this expertise on hand... maybe?
Presumably there's some way to centralize this process, but on the border between suspicious and not there can be a lot of in-person confusion needing to be cleared up. So presumably the only efficient way to do this is to over-report, if you are a bank.
Massively over-report too – if you miss something suspicious (for some unknown meaning of the term) you could get in trouble. So essentially there's a small bit of the government that gets to peek into every part of life involving money.
Somewhat astonishingly, I've never heard any stories of truly bad abuse. I'm sure they make mistakes sometimes, and surely the law isn't exactly lined up with my preferences, so enforcing it strongly might suck, but just not hearing of terrible abuses puts it miles ahead of cell phone and internet surveillance, which are terrifyingly more invasive, used, occasionally, for the personal stalking of government employees, and provide almost no benefit that's been disclosed to any senator.
Every other intelligence community effort should hang their head in shame in comparison to AML/CFT work, which has a relatively light footprint and gets pretty remarkable results.
In an ideal world, almost all other mass surveillance would be canned and this would be considered as the balance people would want to take between security and privacy. We don't live in that world, but in the meantime, the people doing the work certainly have nothing to be ashamed of, they're doing great stuff.