This short article is about the unintended consequences of desirable changes.
Anyway- the aim is not the specific case study (normative changes introduce for anti money laundering purposes), but reminding to adopt a systemic, comprehensive view while preparing the blueprint for changes.
The main ingredient: consider the mindset of the affected stakeholders, and keep monitoring and adapting, to develop a predictive approach, instead of just reacting to the environment.
And plan/communicate change and its implementation within the framework of the available environment.
The side-effect of just reacting? You will keep trying to solve tomorrow yesterday’s problems.
As I discussed in other articles, in my business experience, while it makes sense to introduce change one step at a time, what matters is having a systemic view.
Why? Because the order in which the changes are introduced can negatively affect the results.
As well as an inappropriate communication and disclosure of your blueprint.
Two basic mistakes: too much information- or witholding information needed to foster acceptance.
As an example, I will simply share some observations- it might be that these apply only to the countries that I visited over the last few years (mainly: former Western Europe).
In this specific example, the change has already been introduced.
Therefore, the first step is understanding the changes that produced the actual status (“Past and present”), then discuss the main issue of the current state (“Identity collection points”), and, finally, how this could evolve (“Risks and opportunities”).
The model that I will adopt can be described by a simple picture.
If you prefer to see it described in words: you start with a framework of reference (your “axioms”), a set of rules (“proposition”) is defined, it is then applied (“environment”), and the feed-back from the environment (results, reactions, externalities, etc), along with the guidelines for the interpretation of the rules, is used to both guide the interpretation, and derive actions to influence the environment and extend the rules, to improve the alignment between your original rules and the reality of the environment you are dealing with.
In my experience, this communication function is critical to ensure a constant alignment, as it opens the field to potential spontaneous cooperation based on the insider’s view and experience, and not just from a distant “thinking” function setting up the rules.
1. Past and present
Until few years ago, when you talked about money laundering, almost everybody referred to something done by organized crime, dictators, or corrupt organizations of one sort or another- and usually for relatively large amounts- or continuous flows..
Eventually, new rules were introduced, focusing on tracing large amounts.
But after 9/11, the focus on money laundering moved from involving millions or hundred of millions, to smaller amounts, as concisely expressed in the 9/11 report:
The 9/11 attacks cost somewhere between $400,000 and $500,000 to execute. The operatives spent more than $270,000 in the United States.
(pag. XCVIII, section “Financing”)
And this focused the spotlight on the “informal” finance, e.g. somebody in one country receiving the money, and telling a correspondent in another country to give the same amount to a third party- with no registered transactions.
It is called “informal” because it does not use all the (traceable) advanced technologies that we normally associate with banking: but it is the way banking worked centuries ago- a bit of paper (nowadays, an e-mail or text message or instant message).
And what happens when you identify a potential loophole and close it without a systemic view?
You create an incentive to exploit other, less convenient ones.
I have been travelling around Europe for work since late 1980s- but only over the last few years I found money exchange and wire-transfer shops or corners mushroom everywhere.
At first, they were mainly catering for foreign immigrants sending money back home in locations where the banking system is less developed or too expensive (otherwise- it was cheaper to use the banking system).
But during the 1990s in Latvia I saw a different use.
I went to an exchange shop (was really just an hole in the wall), and an old woman with a plastic shopping bag in front of me asked to the guy beyond the counter if she could change dollars.
Then, she started piling up, movie-style, packs of dollar bills (I think 20s and 100s).
And this, in a country that, if my memory does not betray me, at the time had a pro-capita annual income of 400 USD.
In some European towns the density of these shop is so high, that they are literally one after the other.
It could be a legitimate increase in business- but, to play it safe, gradually safeguards were introduced.
2. Identity collection points
Eventually, to close an obvious loop, in most places became required to provide an identification to be able to execute or receive a wire-transfer.
But who manages the personal identification data provided?
In 2008, I was told in various Italian hotels that they were soon going to feed the information directly into a system (in Italy, you have to show your ID to check in at the hotel, and the data used to be collected daily by the police- or so I was told by hotel clerks, when they complained about the paperwork).
I know all the complaints about privacy, etc.
But, considering that in many countries already you had to provide identification and financial data for various reasons, it makes sense to centralize the data where you can be relatively confident that the data will be managed according to the official privacy rules, instead of spreading the information across the board.
Few months ago, I went to have an haircut in Brussels: and to reserve my haircut… I had to provide the ID, whose data where, to my astonishment, stored within a computer- as would obviously have been stored my credit card information.
You do not expect a simple hairdresser to keep on file all the personal details required to apply for a credit or set up contract.
Cybercafes, hotels, utilities, etc: all collect all the information required to duplicate an identity.
Funny how everybody made such a fuss about transferring data to the US government (myself included).
Last time I checked, hairdressers did not really seem to have the facilities and expertise required to safely manage and store sensitive data.
Whenever there is a security issue, some remedy regulation is set in place- to be circumvented by a new innovation
Giving to each point-of-contact with customers the power to collect personal sensitive information de-facto opened up a Pandora’s box
To bypass the anti money laundering controls, you just need to have access to a source of identification data (say, a storage of personal and banking/credit card information)- the wire-transfer will be done under somebody else’s name.
The obvious solution? Further controls and additional information requests.
As I discussed a prior article (“Privacy as a knowledge management issue”), this is a natural evolution- the only way to balance this need for further security with privacy is to avoid human intervention in the data collection and analysis process.
3. Risks and opportunities
Moving back to the issue, i.e. the potential misuse of data collected by third parties, the risks are obvious.
But current existing technology could allow to improve the monitoring on two levels:
- point-to-point, i.e. ensuring that the identification is done each time a transfer is done, and that it is a “live” identification
- as a network, i.e. monitoring patterns of connections to identify inconsistencies
I will not discuss here the specific existing technologies or their combination that I am referring to, for obvious reasons.
Anyway, by centralizing the data in each jurisdiction, it could be possible to actually improve and monitor data access and identify new patterns in financial flows, while simplifying exchanges between jurisdictions
And avoiding data theft- a centralized data solution would allow to remove the human element from the data collection/analysis, or at least to “anonymize” the data (see my previous article Secure your data).
This in turn would allow a better identification of potential or existing money laundering patterns at what could be called “micro-financing level” (or “micro laundering”)
Moving even further, as increasingly banknotes become more “intelligent” (e.g. visit the ECB website to see all the “intelligent” features of the Euro banknotes), traceability could allow to eventually simplify documentation requirements.
For example, the “lifecycle” of each banknote (i.e. the hands through which it passes) could be followed (at least for larger denominations), and show the path of financial transactions (i.e. those moving electronically through the banking system and other financial institutions, and the cash-based ones), removing the need for part of the usual accounting requirements- the State would now the cash-flow of its (individual, corporate) citizens in real-time.
As shown in the example, the solution to a potential risk could actually generate unexpected benefits, whose feasibility was not even considered.
Both in the private and public sector, sometimes a systemic view is adopted while identifying change, but then a preliminary assessment of the existing environment allows to identify changes that cannot be introduced without first introducing a paradigm shift.
And any paradigm shift could be rejected.
Therefore, sometimes the changes identified during the preliminary/blueprint phase are removed from consideration and implementation, while assessing the response and doing further communication activities needed to prepare the acceptance for the full set of desired changes.
Paraphrasing what American startups often like to say, you need to evangelize before you can preach- otherwise, you risk preaching only to the choir.