Cotton to Bondi: Investigate Whether Sensitive American Data at Risk of Access by CCP

FOR IMMEDIATE RELEASE
Contact: Patrick McCann (202) 224-2353
December 18, 2025

Cotton to Bondi: Investigate Whether Sensitive American Data at Risk of Access by CCP

Washington, D.C. — Senator Tom Cotton (R-Arkansas) today sent a letter to Attorney General Bondi urging an investigation into whether the data from Airwallex is being accessed by the Chinese Communist Party. Airwallex is a cross-border payments platform that processes highly sensitive U.S. data for major American companies.

In part, Senator Cotton wrote:

“I respectfully request that the Department open a full investigation into whether Airwallex data is being accessed by the Chinese Communist Party.”

Full text of the letter may be found here and below.

December 18, 2025

The Honorable Pam Bondi
Attorney General
U.S. Department of Justice
950 Pennsylvania Avenue, NW
Washington, DC 20530

Dear Attorney General Bondi:

I write concerning evidence that Airwallex, a cross-border payments platform with significant operations in mainland China and Hong Kong, is processing highly sensitive U.S. data for major American companies, potentially exposing this data to the Chinese Communist Party through legal compulsion under PRC intelligence laws. Airwallex operates as a U.S. money transmitter (NMLS #1928093) and powers payment, payroll, and reimbursement systems for Zip, Brex, Rippling, Deel, and Navan. Through these integrations, Airwallex processes data for OpenAI, Anthropic, Coinbase, and defense contractor Anduril Industries, including Social Security numbers, dates of birth, supplier payments, payroll information, and employee reimbursement accounts revealing travel patterns.

According to reporting, Briar Mercier, Airwallex's head of operations and strategy, raised alarms in 2023 about China-based staff pushing to access client KYC data including names, birth details, and identification numbers. These concerns were dismissed due to potential revenue loss despite acknowledging a compliance breach.1 Sources also reported that when Airwallex moved its headquarters to Singapore in 2023, the company had identified it was unable to quarantine customer data from China.2 Given that the PRC National Intelligence Law obligates all organizations and citizens under Chinese jurisdiction to support state intelligence work and keep such cooperation secret, Airwallex's mainland operations create material risk of Chinese government access to sensitive U.S. data.

This pattern is not unprecedented. Zoom admitted calls were routed through China despite security assurances,3 and TikTok's internal meetings revealed ByteDance employees repeatedly accessed U.S. user data.4 Airwallex makes similar assurances, yet internal warnings suggest internal pressures may be overriding security guarantees.

If Airwallex is releasing sensitive information, that would implicate Executive Order 14117, prohibiting transactions that provide bulk sensitive personal data to countries of concern, including China.

I respectfully request that the Department open a full investigation into whether Airwallex data is being accessed by the Chinese Communist Party.

Sincerely,

Tom Cotton
United States Senator

###