The war on money laundering is going the way of the war on (some) drugs

In a study published last year by financial-crime expert Ronald Pol, he concluded that the global AML system could be “the world’s least effective policy experiment”. Personally, I would have guessed that that accolade belonged to the global war on (some) drugs, but perhaps Ronald has a point. He notes that the compliance costs for banks and other businesses could be more than 100 times higher than the amount of laundered loot seized.

Urine

Cash or charge? (CC-BY-ND 4.0)
NFT available direct from the artist at TheOfficeMuse (CC-BY-ND 4.0)

These comments remind me of those of Rob Wainwright, then Director of Europol, when talking about the great success of the continent’s $20 billion per annum anti-money laundering regime. He said that “professional money launderers are running billions of illegal drug and other criminal profits through the banking system with a 99 percent success rate”. This concurs with the figure given in The Economist. Although we are only intercepting a miserable one percent of the dirty money, the costs that the regime impose on the finance sector are staggering. Yet these enormous costs achieve nothing. The Money Laundering/Terrorist Financing (ML/TF) regime is, according to the Journal of Financial Crime 25(2), “almost completely ineffective in disrupting illicit finances and serious crime”. 

Direction of Travel

It’s going to get worse, of course. In the UK, many organisations are not yet compliant with the EU’s Fifth Anti-Money Laundering Directive (5MLD) and there is a Sixth Anti-Money Laundering Directive (6MLD) on the way. And the reach of the Financial Action Task Force (FATF) is being extended into cryptospace, so there’s no way to get round the bureaucracy. A couple of years ago FATF extended their recommendations to include cryptocurrency exchanges and wallet providers (together referred to as Virtual Asset Service Providers, or “VASPs”). This meant that all countries should apply anti-money laundering and anti-terrorist financing controls to these businesses: that is, customer due diligence (CDD), suspicious activity reports (SAR) and, importantly, the “Travel Rule” that aims to prevent money laundering by identifying the parties to a transaction when value over a certain amount are transferred. 

The decision to apply the same travel rule on VASPs as on traditional financial institutions was greeted with some dismay in the cryptocurrency world, because it meant that service providers must collect and exchange customer information during transactions. The technically non-binding guidance on how member jurisdictions should regulate their ‘virtual asset’ marketplace included the contentious detail that whenever a user of one exchange sends cryptocurrency worth more than 1,000 dollars or euros to a user of a different exchange, the originating exchange must send identifying information about both the sender and the intended recipient to the beneficiary exchange. The information must also be recorded and made available to “appropriate authorities on request”.

However, when speaking at the “V20 Virtual Asset Service Providers Summit” in 2020, Carole House from the Financial Crimes Enforcement Network (FinCEN) said that they want to see this threshold reduced to $250 for any transfers that go outside the US because their analysis of SARs filed from 2016 and 2019 showed the mean and median dollar values to be $509 and $255 respectively. Almost all the transactions began or ended outside the U.S.

Note that the information demand is quite extensive. According to the FATF Interpretive Note to Recommendation 16, the information should include name and account number of the originator and benefactor, the originator’s (physical) address, national identity number (or something similar) or date and place of birth. In essence, this means that counterparty’s personal information will sent around the web. Simon Lelieveldt, a former Head of Department on Banking Supervision at the Dutch Central Bank, is very well-informed and level-headed about such things, and even he called this a “disproportional silly measure by regulators who don’t understand blockchain technology”, which may be a little harsh even if not too far from the truth.

Surely the extension of the travel rule signals that it is time for a rethink. We need to begin with the fact that live in a world of data science, machine learning and artificial intelligence (AI) and understand that we cannot tackle crimes such as money laundering without machine brains to help us. This line of AI-centric thinking can be more disruptive than might seem at first glance because it suggests an alternative vision of regulation where we do away with a lot of the expensive barriers to entry to the financial system, those pot holes for criminals but chasms for legitimate users and instead use machine brains to police what is happening inside the system.

AML Isn’t Working

In other words, instead of trying to prevent criminals for getting in to the system, we should instead let them in and monitor what they are up to. If we force them to continue using cash, then we have no idea what they are up to! Whereas if we can persuade them to use electronic transactions of some kind, particularly those that leave an immutable record of criminality, then we would would actually be better off! Since cash cannot be tracked around the economy, we (society) have put in place a whole bunch of complicated and expensive rules about accounting for cash when it enters the financial system. But suppose there wasn’t any cash. Suppose there was only Bitcoin. In that case, as I pointed out some time ago, you wouldn’t need anti-money laundering (AML) regulations at all because you would be able to follow every coin around the blockchain!

Many observers, and Bitcoin fans in particular, say that this is nonsense because there are a variety of ways to jumble up and otherwise obfuscate the sources of value in transactions on the Bitcoin network. I never saw this as a realistic barrier to criminals though, and I noted that a simple rule that required banks to investigate any coins that had originated in anonymous wallets (or mixers) would be sufficient to stop the large-scale use. Also, you will remember that U.S. Department of Justice (DoJ) has already shown its intentions. You will remember they indicted Larry Harmon for creating the Bitcoin mixer “Helix” (in addition, Fincen fined him $60m last year) and have just arrested Roman Sterlingov, the alleged operator of Bitcoin Fog, a custodial bitcoin mixer that it says processed over 1.2 million BTC.

We erect (expensive) KYC barriers and then force institutions to conduct (expensive) AML operations, using computers and laser beams to emulate handwritten index cards and suspicious transaction reports (STRs). But as I have suggested before, suppose that KYC barriers were a lot lower so that more transactions entered the financial system. And suppose the transaction data was fed, perhaps in a pseudonymised form, to a central AML factory, where AI and big data, rather than clerks and STR forms, formed the front line rather than the (duplicated) ranks of footsoldiers in every institution. In this approach, the more data fed in then the more effective the factory would be at learning and spotting the bad boys at work. Network analysis, pattern analysis and other techniques would be very effective because of analysis of transactions occurring over time and involving a set of (not obviously) related real-world entities.

They have already taken a step towards this is in the Netherlands, where ABN Amro, ING, Rabobank, Triodos Bank and de Volksbank formed a consortium (Transaction Monitoring Netherlands, TMNL) to share data and identify unusual patterns in payments traffic that the individual banks cannot spot for themselves. Let’s hope they are successful, because estimates suggest that €16 billion of criminal money is laundered in the Netherlands each year from activities including drugs, human trafficking, child pornography and extortion.

British Opportunity

Michael Harris, director of financial crime compliance at LexisNexis Risk Solutions, commented that the release of the FinCEN files highlighted the “myriad issues” with the UK Anti-money laundering (AML) system – an ineffective suspicious activity report (SAR) regime, the poor use of data and technology and a legal system that inhibits information sharing and a culture that allows companies to hide their beneficial owners through offshore registered entities. There are other related negative impacts too: I remember a discussion with the then-Treasury minister Andrea Leadsom at techUK back in 2015, during which she noted that CDD is itself a friction against a more competitive financial services sector because it serves to create a moat around the larger incumbents.

I think that UKplc should rethink compliance for competitive advantage. As part of a post Brexit project to boost British invisibles, we should take jurisdictional competition seriously and create a compliance regime built on new technology not and industrial age mishmash of shaky identification documentation and millions of suspicious transaction reports. It is time for some new thinking. Omar Magana wrote a very good piece of this for the Chartwell “Compass” magazine. He asked whether “the enforcement of a regulation that was created over 20 years ago for a fast-evolving industry, may not be the best approach”. Note that he is not arguing against regulation, he is arguing (as I do) for a form of regulation more appropriate for our age (for which I use the umbrella term “Digital Due Diligence”, or DDD) using artificial intelligence and machine learning to track, trace and connect the dots to find the bad actors. If you look at the work of Chainalysis and others

The benefits to the wider economy are obvious – more access to financial services as well as more interdiction of actual money launderers, terrorists, corrupt politicians and tax evaders. We all know that COVID-19 is accelerating the evolution of digital onboarding, and that’s great. But we need to move to the next level: DDD! Now that we live in a world where digital identity is becoming a thing (both for people and for organisations) it’s time to plan for a faster, more cost-effective and more transparent approach that is based on the world we are actually living in.

(This is an edited version of an article first published on Forbes, 3rd May 2021.)

Separating the sheepcoins from the goatcoins

Some people mine Bitcoin for profits but some some people mine it for politics. The operator of a Bitcoin mining pool (a group of miners who work together to share the profits) quoted in CoinDesk recently said that some are investing not to convert electricity into cash but for other reasons “such as to avoid capital controls or avoid sanctions”. Indeed. And this has some serious implications. The Foundation for Defense of Democracies (FDD), a Washington think tank, summarised the emerging situation rather well in their position paper “Crypto Rogues“. They noted that “blockchain technology may be the innovation that enables U.S. adversaries for the first time to operate entire economies outside the U.S.-led financial system”. Now, while this may be technically slightly inaccurate (there are ways to create anonymous transactions without a blockchain and, indeed, the Swiss central bank has just published a working paper describing how to do so) it again flags up that the widespread availability of decentralised financial services threatens to bypass the existing infrastructure.

Iran provides an obvious example. They have every incentive to want to try new approaches to skirt the long arm of American law. The country already published a new set of regulations designed to funnel Bitcoin mined by Iranians to the state so that the country can use them to pay for imports. When the Iranian regime, for example, set up a venture to explore Bitcoin payments with a Swedish startup, the Swedish banks refused it a bank account because they themselves did not want to become subject to secondary sanctions. As America’s Treasury Secretary Mnuchin said at the time (talking about Iran), “If you want to participate in the dollar system you abide by US sanctions”.

On the other side of the world, North Korea has been developing a digital currency of its own. According to Alejandro Cao de Benós, President of the Korean Friendship Association, the Democratic People’s Republic of Korea intends to go down the Facebook route by creating an asset-backed digital currency rather than a digital fiat currency and then use some sort of blockchain with “Ethereum-style smart contracts” to do business and avoid sanctions. The regime sees this as a way to enforce deals it makes with foreign counterparties by developing a “token based on something with physical value” (eg, gold) in order to create a stable mechanism for payments in international trade between the regime and “other companies/individuals” (although it will not be available to individuals in the DPRK, who will be stuck with the Korean Won).

Across the Pacific in Venezuela, a country often mentioned by Bitcoin enthusiasts as a living case study of the benefits of decentralised cryptocurrency in the fight against tyranny, we find more mining going on: a video posted on Instagram by the 61st Battalion of the 6th Corps of Engineers of the Venezuelan Army shows military buildings converted into giant cryptocurrency mining centres and a warehouse that appears to be full of specialist Bitcoin mining equipment is labelled the “Center for the Production of Digital Assets”.

(I noted with interest that they do not appear to be mining “The Petro”, the digital currency of the revolution which according to the Bolivarian Council of Mayors’ recent “National Tax Harmonization Agreement” may soon be required for the payment of taxes.)

What… Whatible?

It seems to me that Bitcoin is a pretty poor choice for sanction-busting shenanigans though. Not only is the record of transactions public, but the Bitcoin value is not fungible. This matters. Remember that 2014 IRS Ruling about Bitcoins being a commodity, so that traders would have to track the buying and selling price of each individual Bitcoin in order to assess their tax liability? No? Here’s a reminder : “the real lesson from the IRS Bitcoin ruling is that for a currency-or any payment system-to work, its units must be completely fungible”.

Fungible (from the Latin “to enjoy” via Medieval Latin phrases such as “fungi vice”, meaning “to take the place of”) is one of my favourite adjectives. It means that all tokens are the same and can be substituted one for another. You owe me a quarter. It doesn’t matter _which_ quarter that you give me. Any will do. Any quarter can substitute for any other quarter because they are all the same. The same is true of the Pounds in my bank account, but it isn’t true of bitcoins. They are all different and their history can be tracked through the blockchain which is, as we are often reminded, and immutable public record of all transactions.

As my good friend Marc Hochstein observed about this some time ago, blockchain’s openness could turn out to be a bug for law-abiding citizens. Click To Tweet

The lack of fungibility has major implications for criminals, but also for the rest of us.  In England, the High Court (in the decision of AA v Persons Unknown & Ors, Re Bitcoin [2019]) has already ruled that crypto assets such as bitcoins are a form of property capable of being the subject of injunction. You can see what is going to happen: cryptographic exchanges will be required to identity who owns stolen coins and the owner will then be the subject of legal action to recover them. This owner might be entirely innocent about the origin of the coins and will say that they didn’t know that the bitcoins they bought are the proceeds of a ransonware attack and may ask to the keep them. But, J.P. Koning points out, that’s not how property law works. Even if you accidentally come into possession of stolen property then a judge can still force you to give it back to the rightful owner.

Launderette

You can own these cartoons!
NFTs available from the artist Helen Holmes from at
TheOfficeMuse (CC-BY-ND 4.0)

The UK has been experimenting with the “Unexplained Wealth Order” as a way to combat crime and corruption through the traditional money and finance system, but how would this translate to the world of cryptocurrency? Well, perhaps it doesn’t need to. In the world of Bitcoin, smart criminals may well try to use “mixers” or “tumblrs” that jumble together bitcoins to obfuscate their origin but I don’t think this will help in the long run. Apart from anything else, future consumers might want to know the provenance of their money, an idea explored by the artist Nitipak Samsen a decade ago in the Future of Money Design Awards. Check out the brilliant video he made here.

Have you ever wondered where the money in your pocket had come from? Who was the previous owner? Who was the owner before that? Might it be a famous celebrity?… Smart banknotes work by presenting a readable history of ownership on the note itself, an innovation designed to prevent money laundering

This might work in some interesting ways. People might pay a premium for coins that have an interesting past! Maybe coins that were used by a celebrity to buy drugs or were used to bribe a politician, coins that belonged to a murderer, that kind of thing, might be worth more than coins that belonged to boring people like me.

Clean Money

In the mundane world of dollar, dollar bills we have the concept of “money laundering” to describe what happens when dirty money is mixed with clean money (surely every one of us has touched banknotes that have been involved in some criminal activity!). But this doesn’t work for bitcoins. The “tainted” money stays tainted. Ross Anderson, Ilia Shumailov and Mansoor Ahmed from the Cambridge University Computer Laboratory wrote a terrific paper on this theme a couple of years ago. In “Making Bitcoin Legal” they pose some interesting questions about what to do with tainted cryptocurrency asking, for example, “If an identified customer says ‘Hi, what will you give me for UTXO x?’ and the exchange replies, ‘Sorry, 22% of that was stolen in a robbery last Tuesday, so we’ll only give you 78%’ does the customer then have to turn over the crime proceeds?”. Their idea of a public “taintchain” is an interesting way forward.  This would be a mechanism to make stolen coins visible, in which case they might display a futuristic Gresham’s Law dynamic as good coins drive out bad ones!

Whether by taintchain or some other mechanism, it’s actually pretty each to track dirty bitcoins. You can see where this might lead: if law enforcement agencies go to the biggest miners in the world and tell them that if they continue to confirm easily identifiable mixing transaction outputs, they will be accused of money laundering? This is not difficult to imagine, which suggests to me that Bitcoin’s lack of fungibility has far-reaching implications.

These implications have not gone unnoticed in the United States. Two of the largest Bitcoin mining companies there, Marathon Patent Inc. and DMG Blockchain Solutions Inc. (which together account for about a one-twelfth the power of the Bitcoin networks), recently joined forces to create the Digital Currency Miners of North America (DCMNA). This not-for-profit trade association has come up with pretty interesting idea: their miners will only process transactions that comply with American laws, thus extending the benevolent embrace of the U.S. Government into cryptocurrency. The idea (known as “clean mining“) is that instead of selecting transactions on the basis of which ones will bring the biggest fees, they will mine transactions based on the wallets that they come from.

Along the same lines, the “celebrity investor” (as described by CNBC) Kevin O’Leary announced that he will only buy bitcoins mined sustainably in countries that use clean energy. What’s more, he also said that he will not buy “blood coin” mined in China. Mr. O’Leary was quoted as saying that he sees “two kinds of coin”, which reinforces the point about fungibility and money and suggests to me, at least, that we could well see a strange and interesting twist in the world of cryptocurrency that has no analog in the analogue world of notes and coins: black and white money, or clean and dirty money, or light and dark money (an idea that goes back to the earliest days of cryptocurrency) in which some bitcoins will be worth more than others! Maybe a year or two from now, exchanges will be quoted two BTC-USD pairs: clean BTC at $100,000 and dirty BTC at $75,000. This doesn’t happen for GBP-USD or JPY-GBP, which confirms my feeling that whatever Bitcoin is, it isn’t currency.

[An edited version of this article first appeared on Forbes, 28th February 2021.]

Bitcoins stay dirty, no matter how much you launder them

Some people mine Bitcoin for profits but some some people mine it for politics. The operator of a Bitcoin mining pool (a group of miners who work together to share the profits) quoted in CoinDesk recently says that some are investing not to convert electricity into cash but for other reasons “such as to avoid capital controls or avoid sanctions”. Indeed. And this has some serious implications. The Foundation for Defense of Democracies (FDD), a Washington think tank, summarised the emerging situation rather well in their position paper “Crypto Rogues“. They noted that “blockchain technology may be the innovation that enables U.S. adversaries for the first time to operate entire economies outside the U.S.-led financial system”. Now, while this may be technically slightly inaccurate (there are ways to create anonymous transactions without a blockchain and, indeed, the Swiss central bank has just published a working paper describing how to do so) it again flags up that the widespread availability of decentralised financial services threatens to bypass the existing infrastructure.

Iran provides an obvious example. They have every incentive to want to try new approaches to skirt the long arm of American law. The country already published a new set of regulations designed to funnel Bitcoin mined by Iranians to the state so that the country can use them to pay for imports. When the Iranian regime, for example, set up a venture to explore Bitcoin payments with a Swedish startup, the Swedish banks refused it a bank account because they themselves did not want to become subject to secondary sanctions. As America’s Treasury Secretary Mnuchin said at the time (talking about Iran), “If you want to participate in the dollar system you abide by US sanctions”.

On the other side of the world, North Korea has been developing a digital currency of its own. According to Alejandro Cao de Benós, President of the Korean Friendship Association, the Democratic People’s Republic of Korea intends to go down the Facebook route by creating an asset-backed digital currency rather than a digital fiat currency and then use some sort of blockchain with “Ethereum-style smart contracts” to do business and avoid sanctions. The regime sees this as a way to enforce deals it makes with foreign counterparties by developing a “token based on something with physical value” (eg, gold) in order to create a stable mechanism for payments in international trade between the regime and “other companies/individuals” (although it will not be available to individuals in the DPRK, who will be stuck with the Korean Won).

Across the Pacific in Venezuela, a country often mentioned by Bitcoin enthusiasts as a living case study of the benefits of decentralised cryptocurrency in the fight against tyranny, we find more mining going on: a video posted on Instagram by the 61st Battalion of the 6th Corps of Engineers of the Venezuelan Army shows military buildings converted into giant cryptocurrency mining centres and a warehouse that appears to be full of specialist Bitcoin mining equipment is labelled the “Center for the Production of Digital Assets”.

(I noted with interest that they do not appear to be mining “The Petro”, the digital currency of the revolution which according to the Bolivarian Council of Mayors’ recent “National Tax Harmonization Agreement” may soon be required for the payment of taxes.)

What… Whatible?

It seems to me that Bitcoin is a pretty poor choice for sanction-busting shenanigans though. Not only is the record of transactions public, but the Bitcoin value is not fungible. This matters. Remember that 2014 IRS Ruling about Bitcoins being a commodity, so that traders would have to track the buying and selling price of each individual Bitcoin in order to assess their tax liability? No? Here’s a reminder : “the real lesson from the IRS Bitcoin ruling is that for a currency-or any payment system-to work, its units must be completely fungible”.

Fungible (from the Latin “to enjoy” via Medieval Latin phrases such as “fungi vice”, meaning “to take the place of”) is one of my favourite adjectives. It means that all tokens are the same and can be substituted one for another. You owe me a quarter. It doesn’t matter _which_ quarter that you give me. Any will do. Any quarter can substitute for any other quarter because they are all the same. The same is true of the Pounds in my bank account, but it isn’t true of bitcoins. They are all different and their history can be tracked through the blockchain which is, as we are often reminded, and immutable public record of all transactions. 

The lack of fungibility has major implications for criminals, but also for the rest of us. As my good friend Marc Hochstein observed about this some time ago, blockchain’s openness could turn out to be a bug for law-abiding citizens. In England, the High Court (in the decision of AA v Persons Unknown & Ors, Re Bitcoin [2019]) has already ruled that crypto assets such as bitcoins are a form of property capable of being the subject of injunction. You can see what is going to happen: cryptographic exchanges will be required to identity who owns stolen coins and the owner will then be the subject of legal action to recover them. This owner might be entirely innocent about the origin of the coins and will say that they didn’t know that the bitcoins they bought are the proceeds of a ransonware attack and may ask to the keep them. But, J.P. Koning points out, that’s not how property law works. Even if you accidentally come into possession of stolen property then a judge can still force you to give it back to the rightful owner.

Launderette

with kind permission of TheOfficeMuse (CC-BY-ND 4.0)

The UK has been experimenting with the “Unexplained Wealth Order” as a way to combat crime and corruption through the traditional money and finance system, but how would this translate to the world of cryptocurrency? Well, perhaps it doesn’t need to. In the world of Bitcoin, smart criminals may well try to use “mixers” or “tumblrs” that jumble together bitcoins to obfuscate their origin but I don’t think this will help in the long run. Apart from anything else, future consumers might want to know the provenance of their money, an idea explored by the artist Nitipak Samsen a decade ago in the Future of Money Design Awards. Check out the brilliant video he made here.

Have you ever wondered where the money in your pocket had come from? Who was the previous owner? Who was the owner before that? Might it be a famous celebrity?… Smart banknotes work by presenting a readable history of ownership on the note itself, an innovation designed to prevent money laundering

This might work in some interesting ways. People might pay a premium for coins that have an interesting past! Maybe coins that were used by a celebrity to buy drugs or were used to bribe a politician, coins that belonged to a murderer, that kind of thing, might be worth more than coins that belonged to boring people like me.

Clean Money

In the mundane world of dollar, dollar bills we have the concept of “money laundering” to describe what happens when dirty money is mixed with clean money (surely every one of us has touched banknotes that have been involved in some criminal activity!). But this doesn’t work for bitcoins. The “tainted” money stays tainted. Ross Anderson, Ilia Shumailov and Mansoor Ahmed from the Cambridge University Computer Laboratory wrote a terrific paper on this theme a couple of years ago. In “Making Bitcoin Legal” they pose some interesting questions about what to do with tainted cryptocurrency asking, for example, “If an identified customer says ‘Hi, what will you give me for UTXO x?’ and the exchange replies, ‘Sorry, 22% of that was stolen in a robbery last Tuesday, so we’ll only give you 78%’ does the customer then have to turn over the crime proceeds?”. Their idea of a public “taintchain” is an interesting way forward.  This would be a mechanism to make stolen coins visible, in which case they might display a futuristic Gresham’s Law dynamic as good coins drive out bad ones!

Whether by taintchain or some other mechanism, it’s actually pretty each to track dirty bitcoins. You can see where this might lead: if law enforcement agencies go to the biggest miners in the world and tell them that if they continue to confirm easily identifiable mixing transaction outputs, they will be accused of money laundering? This is not difficult to imagine, which suggests to me that Bitcoin’s lack of fungibility has far-reaching implications.

These implications have not gone unnoticed in the United States. Two of the largest Bitcoin mining companies there, Marathon Patent Inc. and DMG Blockchain Solutions Inc. (which together account for about a one-twelfth the power of the Bitcoin networks), recently joined forces to create the Digital Currency Miners of North America (DCMNA). This not-for-profit trade association has come up with pretty interesting idea: their miners will only process transactions that comply with American laws, thus extending the benevolent embrace of the U.S. Government into cryptocurrency. The idea (known as “clean mining“) is that instead of selecting transactions on the basis of which ones will bring the biggest fees, they will mine transactions based on the wallets that they come from.

We could well see a strange and interesting twist in the world of cryptocurrency that has no analog in the analogue world of notes and coins: black and white money, or clean and dirty money, or light and dark money (an idea that goes back to the earliest days of cryptocurrency) in which some bitcoins will be worth more than others! Maybe a year or two from now, exchanges will be quoted two BTC-USD pairs: clean BTC at $100,000 and dirty BTC at $75,000. This doesn’t happen for GBP-USD or JPY-GBP, which confirms my feeling that whatever Bitcoin is, it isn’t currency.

[An edited version of this article first appeared on Forbes, 28th February 2021.]

Follow the e-money

A couple of years ago I remember going to see ComplyAdvantage to make a podcast with them. I thought the new category of regtech was interesting and that the potential for new technologies in that space (eg, machine learning) was significant, so I went of off to learn some more about and talk to a few organisations to test some hypotheses. I remember thinking at the time that they were good guys and on a good trajectory and it looks as if my opinion was well-founded (they are doubling in size this year).

Anyway, I was thinking about them because they recently sent me a new white paper “A New Dawn for Compliance” (which notes that an estimated $2 trillion is laundered globally every year and only 1-3% of these funds are identified and possibly stopped) and it nicely encapsulated something that has been touched on in a fair few conversations recently: there’s no way to hire ourselves out of the compliance mess we’re in. Even if financial services and other businesses had infinite compliance budgets, which they most certainly do not, it’s simply not feasible to hire enough people to keep up. Even if there were infinite people with expertise in the space, which there most certainly is not, bringing them on board is too time-consuming, too expensive and too inflexible to create a compliance infrastructure that can respond the new environment.

Technology is the only way out of this.

Using technology to automate the current procedures is, as always, only a small part of the solution. The UK Financial Intelligence Unit (UKFIU) receives more than 460,000 suspicious activity reports (SARs) every year (according to the National Crime Agency), yet fraud continues to rise.

Moreover as Rob Wainwright (head of Europol) pointed out last year, European banks are spending some €20 billion per annum on CDD with very limited results. In fact, he said  specifically that  “professional money launderers — and we have identified 400 at the top, top level in Europe — are running billions of illegal drug and other criminal profits through the banking system with a 99 percent success rate”. This is not even a Red Queen’s Race, it’s a Formula 1 of crime where the bad guys are ahead and we can’t overtake them.

The Fifth Anti-Money  Laundering Directive (AMLDV) which comes into force in 2020 will, I predict, do nothing to change this criminal calculus. AMLDV will cost organisations substantially more than its predecessors and these costs are out of control. According to a 2017 whitepaper written by my colleagues at Consult Hyperion, KYC processes currently cost the average bank $60m (€52.9m) annually, with some larger institutions spending up to $500m (€440.7m) every year on KYC and associated customer due diligence (CDD) compliance. In the AMLDV era we will look back with nostalgia to the time when the cost of compliance were so limited.

It’s time for a rethink.

We need to re-engineer regulators and compliance to stop implementing know-your-customer, anti-money laundering, counter-terrorist financing and the tracking of politcally-exposed persons (let’s lump these all together for the sake off convenience as Customer Due Diligence, or CDD) by building electronic analogues of passport and suspicious transaction reports and so on. In a world of machine learning and artificial intelligence, we need to invert the paradigm: instead of using CDD to keep the bad guys out of the system, we should bring the bad guys into the system and then use artificial intelligence and pattern recognition and analytics to find out what the bad guys are doing and then catch them!

Surely, from a law enforcement point of view, it’s better to know what the bad guys are up to? Following their money should mean that it is easier to detect and infiltrate criminal networks and generate information that the law enforcement community can use to actually do something about the flow of criminal funds. In any other financial services business, a success rate of 1% would call into the question the strategy and the management of the business