Dr Ronald Pol, former lawyer and researcher joins me to talk about how and why AML laws are ineffective and simply cost taxpayers, customers an incredible amount. We chat:

  • The environment of AML laws 
  • FATF and how they create these laws
  • Breathtaking costs 
  • Effectiveness around 0.1%
  • KYC benefits some criminals

Links:

Other relevant episodes:

Sponsors: 

Stephan Livera links:

Podcast Transcriptions:

Stephan Livera:

Ron, welcome to the Stephan Livera podcast.

Ronald Pol:

Thanks for having me on.

Stephan Livera:

So Ron, I’ve been having a look at some of your work and, now this is typically a Bitcoin podcast, but I think your work is actually quite interesting for my audience and listeners, because they will probably be interested and perhaps have their viewpoints informed by some of the research that you have been doing, which is around the research into AML and potentially the ineffectiveness of the current AML anti-money laundering regimes around the world. And I think it would be great to maybe just get a little bit of background from you: where are you coming from? What’s your professional and academic background in this area?

Ronald Pol:

Very cool. I was once a lawyer for many years in London and New Zealand, and also in a few other countries for a smaller amount of time. In-house and also external major law firms, et cetera. And I also have a degree in economics, but I certainly don’t call myself an economist. But some years ago I was quoted in the US Senate testimony by someone quoting me and describing AML as arguably the least effective anti-crime measure anywhere, which is quite a significant ask, really, when you consider some of the things—you look at prohibition and you look at the war on drugs and they’re pretty ineffective. So I ended up doing a PhD with some of the top critical thinkers in this area just to really get to the bottom of it.

Stephan Livera:

Yeah. And so there is this whole discussion, as you pointed out in some of your blog posts, is this idea that in the corporate media often the conversation is something like, Oh, look how bad Bitcoin is and look how good AML laws are. But I think you have a view that’s fundamentally challenging that. What’s your view around that?

Ronald Pol:

Absolutely. I mean, that’s the narrative that potentially catches people out as well because people are rightly focused on Bitcoin or whatever crypto they happen to be in or more broadly, and they’re met with the narrative that Bitcoin is bad and AML is good. And so they tend to focus—and you can quite rightly say this needs to happen too on explaining to senators and various others that Bitcoin isn’t bad, that it’s used in legitimate ways, more than illegitimate ways, et cetera—and they miss the other side of the equation sometimes, which could potentially be the Trojan horse in terms of regulations in the space, that some crypto people are inadvertently allowing the Trojan horse into the city grounds already. The fact that AML is not necessarily the good that it’s made out to be—certainly the intentions are good—but it’s profoundly ineffective. And without addressing those issues for AML and fiat itself, simply applying all of that same stuff without asking those questions into crypto is potentially a very significant issue that people just aren’t aware of. And won’t be aware of it until it’s far too late.

Stephan Livera:

I see, yeah. And so just for listeners who are new, maybe they’re not as familiar—typically when people sign up with a bank, a financial institution, a Bitcoin exchange, or a Bitcoin company—they have to do what’s colloquially called KYC, Know Your Customer. And it’s part of this whole AML Anti-Money Laundering regime, which is—there are different players in the industry or in this world as it were. So there is FATF, Financial Action Task Force, and they are pushing out a lot of what they call guidance, or policy guidance, or best practices—that’s what they want to call it—out to local regulators out there in the world and legislators as well in those different countries. So for example, FinCEN in the US, AUSTRAC in Australia, FCA in the UK, and various others, like the regulating entities or at least the monitoring entities. And so that’s like a high level. Would you perhaps care to elaborate a little bit on that structure and how we got here to where we are now?

Ronald Pol:

There’s certainly a lot to unpack there, so if I neglect something come back to me on it, particularly in terms of the KYC-type element. But in terms of the overall structure, FATF, as you say, is the the global regulatory standard-setting agency, a tiny outfit based in Paris. There are around 70 international agencies involved in this, including FATF regional groups and a whole lot of others like the IMF and the World Bank and the United Nations and a great many others. So 70 or so international agencies involved in AML overall with FATF essentially at the top of that. There are also 205 countries and jurisdictions that have bought into the FATF model. And that’s more than there are countries in fact. But that happens because there are some like the former Dutch Netherland Antilles, for example, they’re grouped up as individuals. So there’s 205 countries and jurisdictions. And in each of those, there’s up to about a dozen or so—in some countries like the UK even more than that—but at least two or three and often a dozen or more government agencies that are involved in this as well. So you multiply that by 205, you add 70 to it, and there’s quite a lot of taxpayer money going into that process. And that’s without the compliance costs that are imposed on banks and millions of financial institutions around the world as part of this. So that’s the overall global structure of how that works. There was a lot more that you had in that question—I’ve missed most of it I suspect.

Stephan Livera:

Yeah. I also just wanted you to touch on how we got where we are now, because it seems that there has been very little regard for effectiveness of policy and regulation. Now, to be clear, I’m a libertarian, I’m anti-these laws and regulations in the first place, but I think it is worthwhile considering that—Are these laws even effective at their own stated purpose? Are they even cost-effective even on their own terms? And I think some of your research is actually showing that potentially that’s not the case. And yes, it’s that this has been essentially rammed through onto most of society around the world. How did we end up here?

Ronald Pol:

Different ways of looking at that. So for example, you look at it recently how it was rammed through, and you go back in history and look at that. So if you look at the recent approach, AML laws are quite unusual in the sense that—they don’t appear that way—each individual country puts the AML laws in place and they match international standards, et cetera. That’s the driver. And they appear to follow the same format as any other law. So what happens with other laws is: in a particular country, you identify, What’s the problem? How do we solve that problem? What laws are we going to put in place to solve the problem in our country? That actually doesn’t happen with AML. It’s very, very unusual because what AML does is countries have to put in laws that match the FATF standards. That’s what they do. And so countries don’t actually match the laws about the problem that’s in that particular country. So if that country has a particular issue, if the laundering takes place in particular way, if crime takes place in a particular way—it seems it doesn’t matter. It is assumed that, in effect, the FATF standards will cover all of that. And it’s also quite remarkable because some of my research identified that, in a great many countries, that’s actually not the case. In a great many countries, there is actually occasionally some research and most countries there’s none. But there is some research which shows how criminals actually use banks and various other entities to launder the proceeds of crime—and FATF laws aren’t going to have any impact on that—but the country just puts in place the laws that match FATF standards. And so criminals just carry on the way they’ve been carrying on and are perfectly happy with that. So researchers see all that, because some researchers do the empirical work and see what actually happens. And there’s this massive disconnect, but of course a lot of people believe that that standard is what it’s all about, and if we follow that standard, therefore what’s going to have this impact. So there’s a whole series of assumptions built into it. So laws are put in place that match the standards, irrespective if they’re going to have the impact, and it’s believed to have that impact. Now that goes right back to the beginning. So I tend to look at the beginning—you know, money laundering has been in place forever and we’ve had money laundering laws since 1970 or 1986, depending on where you look at it—but I look at 1990, essentially, as the beginning of the modern era. And that’s when the global diffusion took place. That’s when FATF was set up, introduced these standards, and moved them around the world. And that’s where the system came about. And the system is one that is inherently based on an assumption. That’s not necessarily a bad thing because in science we base things on assumptions all the time, and it’s a testable hypothesis. So scientists will test their hypothesis. Does it work? So the assumption in this case is that: if banks and other firms comply with local laws based on international standards, that should have an impact on money-laundering crime and terrorism—the main things. Now that’s a testable hypothesis. It’s a perfectly valid hypothesis. The only trouble is that it has never been tested, and it’s not been proven to be the case. Now in the early days, it didn’t really matter because it was a good idea, it was in fact based on good science in terms of follow the money science and policing science, and that has worked particularly well—the Italians proved that very, very well—well before some of this stuff came about, and also in the US jurisdiction in a number of different ways. So it was solidly based. But in 1991, very few countries had signed up to the FATF standards. And the reason for that was because FATF couldn’t prove that following these standards would have a significant impact on crime. So why would the countries sign up? Very few signed up. And then, curiously enough, a lot of banks started using the FATF of standards as a lazy proxy for risk in those countries. And what that meant was that all of a sudden—essentially by stealth but actually it was almost inadvertent—but it became express after that, that countries had to get the FATF tick if they wanted access to the financial system. So all of a sudden countries had to sign up to the FATF model. Whether it worked or not didn’t matter anymore. They had to sign up because otherwise they don’t get access to the financial system. Or, if they don’t slavishly apply the FATF standards—whether or not they have an impact on crime—if they don’t slavishly apply them, then some significant costs are imposed on their jurisdiction. They have to go through a whole lot of reviews and get up to standard, et cetera, et cetera. And so that’s where it all really went wrong. And in fact today if you were to ask anyone in the AML community—and of course they’ll splutter and object violently—but if you ask them, Well, show where it has been proven demonstrably, materially, in what ways there is significant impact on crime, terrorism, and indeed money laundering? And it’s not even measured. And a trio of top professors a couple of years ago pointed out the fact that they’re not even collecting the data to be able to measure it. So it’s not evaluated. It’s not measured at all. All that is measured—and there’s huge amounts of measurement that does take place by the way—but what is measured is the activity: we’re ticking all these boxes, we’re doing all these things, we’re prosecuting people for money laundering, et cetera. But when you really drill down, you pull away all of those assumptions—what impact does it have on crime? What impact does it have on terrorism? What impact does it have on even money laundering? And the answer is: very, very little. And the UN has book-ended the decade with a couple of brutal reports. One demonstrated a decade ago that the success rate of AML controls in terms of the proportion of criminal funds interdicted as a result of it is almost zero. They said 0.2%. So criminals get to keep 99.8%. But in fact, when you look at their data and you look at some extra work done by the Europol afterwards, it’s probably actually 0.1% even on their own data. But nonetheless, it’s de minimis. And I’ve updated that since and peer-reviewed academic journals and the latest puts it at 0.05%. So criminals get to keep 99.95%. But there’s lots of other work out there too. There’s some empirical work coming out with another trio of professors shortly. They did a book in 2014. There’s another one coming out later this year which demonstrates just how simple it is for criminals to launder proceeds of crime, to hide money around the world, et cetera, just standard tax evasion, not just crime, but also terrorists, et cetera. It’s still very, very simple. And so in Bitcoin, we’re getting all of these regulations that are going to be imposed. And I think next week FATF is launching another guidance on how this should work in Bitcoin or cryptocurrencies. And—good luck guys, you’re going to be wearing all these wonderful regulations.

Stephan Livera:

Yeah. So what I’m hearing is essentially a story of ineffectiveness. That there has been incredible compliance burden costs, lack of access driven into the financial system, and just general administrative bloat driven by many of these AML and so-called financial crime laws that are essentially making it very difficult for people to participate in the financial system. And part of that is—in essence that’s part of why Bitcoin exists to create this parallel alternative—but at the same time, even on their own terms, if they’re only finding 0.1% or 0.05% of criminal finances, then it’s obviously not a very effective policy. It’s not cost-effective. And I think that’s an important point to consider: that even on their own terms, they’re just effectively spinning their wheels in the mud. And everyone’s just doing all this checking and checking of things, that we’re not really getting much of a result out of it. And that’s very unfortunate.

Ronald Pol:

Yeah. And I introduced the cost-effectiveness into it in one of my papers last year which was picked up by The Economist and Forbes and a few other places. But I’m not particularly concerned about the cost-effectiveness. It’s incredibly ineffective in terms of costs. If you look at the costs, roughly it costs many hundreds of times more on banks, citizens—and of course, citizens pay every cent of it. Banks are fined $10 billion a year or thereabouts, and the compliance costs $300-400 billion per year depending on how you do the analysis. It’s easy to say, Ah well, the banks deserve it and they can afford it, et cetera. Well actually, we pay every cent of that as citizens. And as taxpayers, we pay every cent of the cost of all of these government agencies as well. Also, personally I’m not particularly fussed by the regulation or not regulation either. I know a lot of people in the Bitcoin community favor Bitcoin because it’s not regulated—I personally don’t mind. If it’s regulated, that’s fine. And a lot of people think, Well, we should be regulated, and therefore it’ll be wider adoption, et cetera. I don’t even buy into that particular argument, because let’s assume that, Yes, it’s regulated. That’s fine. But the regulation should be effective. That’s my point. My focus is effectiveness. Whether there is regulation or not—others can argue that. I don’t have any particular concern. I tend to favor regulation personally, but either way, it doesn’t really matter. Is it effective? Does it work? Does it have an impact on crime as intended? Does it even have an impact on laundering? And of course, a lot of people say that it does in the industry. So there are a lot of people in industry, and I’m a bit different in the industry. I’ve dived down to a very, very, very deep level to look at the underpinning of the entire system using a PhD at the highest level of critical thinking and pulling away every single assumption. That’s unusual in this century because the main indicator of expertise is something that somebody described to me—he just passed his exam recently and he was somewhat flummoxed—he said, it’s a three and a half-hour multi-choice exam and now I’m an expert somehow. Which I thought was an interesting observation on his part. There are some really, really smart people in the space, but there is this belief that, Oh, we catch some criminals, therefore it works. And that misses the counterfactual. And it also misses the other thing. So yes, it does help catch criminals, so in that sense it does work. The KYC helps catch some criminals. But it misses the fact that if we had a system that was effective, we could catch a heck of a lot more criminals. It also misses the fact that because we believe this is effective, we’re not actually testing the system properly to actually catch all those other criminals. So we are constantly sweating the 0.05% impact, or the 0.1% impact, or even call it 0.5% impact if you really want to on crime, while the 99.95% is happily carrying on. And so while we convince ourselves of this—and it’s natural human nature as well, because we don’t want to think that we’re doing all of this work and it’s not really having the impact. And so we see the criminal that gets caught and we think, Yes, there’s the impact. And we’re not thinking about the counterfactual. And in fact, KYC is a fascinating thing in itself. There is a perception that if we know the identification of someone, then that’s going to help fix the problem. And so if we can identify someone, if we know our customer, we know who they are, et cetera. And that’s based on an assumption as well that criminals want to hide, and that ordinary people are perfectly happy to have their information given to all and sundry. Well, neither of those assumptions are necessarily true. And in fact, my empirical research has found—and a lot of other researchers have found something similar—very often, criminals are delighted to be asked for KYC because they were previously hiding in the shadows. They were earning their money from methamphetamine or whatever they’re earning their money from. And they were constantly trying to hide their money and constantly trying to get large amounts of cash into the system, et cetera, et cetera. But then when they have to show an ID in purchasing a house, for example, then they buy another house, and another house, another house—very quickly, they are known to the world as a property developer. And that’s apparently better than being known as a methamphetamine dealer. And so KYC actually helps laundering take place sometimes. In fact, I’ve got one example—which I’m waiting for it to blow up and then maybe John Oliver will run with it, I’ll write a script for him—where a regulator introduced new ID laws in their country for a particular area in the economy, that it was not actually possible to launder proceeds of crime in that particular area until the regulator introduced the KYC requirement. All of a sudden it was then possible to launder the proceeds of crime. Which was fascinating really, when you think about it. So KYC, there’s just a perception that, Oh, this fixes everything. We just need to get beneficial ownership. We just need to get this—Well, you’ve got to drill down past those perceptions and find, Does it actually work? And when you drill down, drill down, drill down and ask those hard questions, it really, really does not work. And rather than just imposing it on every new area—now Bitcoin and the wider crypto community is wearing it—but that’s happened everywhere else. It just started off, you know, If we just extend it to another country that will fix everything. If we extend to every country—and every country is extended to. If we just extend it to gatekeepers—professional facilitators like lawyers and accountants—that’ll fix everything. Well, it hasn’t done it either. If we just do ratings and blacklists, that’ll fix it. Well, that hasn’t fixed it. And if we give regulators more and more money, well, that’s not fixing it. FinCEN got a whole lot more money to process suspicious activity reports more efficiently. Well actually in 1994 scientists pointed out the SARs issue was a major problem that needed to be addressed, not just giving more money to it. So, you know, 1994 and we’re now 2021 and still haven’t addressed those fundamental issues. So that’s the situation we’re currently at. But of course there’s a huge belief that it works, which prevents anyone testing whether it actually works. And so when someone like me points this out—and scientists have been doing this as I said for 27 years, I’m not the only one—then it’s often seen as a personal affront. Oh, you must be wrong, rather than, Okay, let’s drill down to it. Let’s ask the questions.

Stephan Livera:

Yeah. Yeah. So, I mean, there’s a lot in there, so let’s take some of those ideas and expand on some of them. So one crucial point you touched on was SARs. So that’s these activity reports, basically. So things like, If it’s over $10,000, it has to be reported to the regulator. And in other cases, even if it’s suspicious activity—not just every $10,000—but if you did lots of $9,000 transactions as an example, then that bank might be now required to run some analytics in the background and then report that up to the local regulator, FinCEN, AUSTRAC, or whoever. And so could you just touch on that a little bit? What we’ve seen over that 27 years, as you’ve been saying, that there’s so many SARs and activity reports going to the regulators. But what’s happening? Is it just not being effective there?

Ronald Pol:

It’s incredibly ineffective. Well the reason—there’s two elements, one is the suspicious activity reports, which are a misnomer anyway. And the second is the other reports like the anything above $10,000 or anything of a certain type of transaction or whatever. So there’s those two things. So, one: banks, et cetera, have to provide everything that meets this particular threshold, whatever it is, above $10,000 or international orders above a certain amount, whatever. And then banks also have to have a massive compliance function, which itself is hugely costly and is a barrier to entry to other new firms and a barrier to entry to competition, but that’s a separate issue again. And so they have to sift through it. Now, this is also fascinating, because banks find a 98% false positive rate. That’s very common. So what other sort of software would we allow a 98% false positive rate? So it’s sending up all these flags of legitimate transactions, legitimate people that just don’t quite match the thing, and so the software does all the easy work and then puts all the hard work onto the individuals and to the compliance people. They’re hardworking people in those compliance departments. They’re very, very dedicated. They do an amazing job, but the system is completely skewed against them. So they’ve got this massive, massive amount of data they’ve got to try and sift through. But the real problem with the SARs system [is] it’s not actually set up to find crime. At all. It is set up to build haystacks. And the way it builds haystacks is fundamentally flawed as well. So what it does: it puts together vast haystacks of data. And there are some needles, criminal needles in that data, right? That’s true. But it’s really, really, really hard to find those needles. And the way it’s set up is really, really hard find those needles. And the banks are penalized—not for not finding crime or finding crime, whatever—no, they’re penalized because the haystack doesn’t quite match the height, weight, ambient temperature distribution required by the regulator. So the regulator looks at it tick, tick, tick. Yes. It’s that height. Yes—Okay, great. That passes. Well, it doesn’t have any impact on crime! Oh, nobody asked that question. It doesn’t meet those requirements. And yes, there are criminal indicators in those, but those are criminals that are hiding in plain sight. So somebody at a major US bank said to me, As long as criminals are doing what they’ve always been doing, our system is set up to find anomalies. So if they’re doing what they’ve always done, we’ll never see them because it’s not different to what they’ve always done. And that’s another issue. Compliance systems are set up to comply, and FATF sets out a whole bunch of standards. Look: we’ve found that criminals do this, this and this. Therefore, you need to set up a system that does this, this, and this, and it looks at these particular things. So the compliance and software teams set up systems that look for those particular things. And that’s fine. And there’s a whole lot of what they call rules or scenarios that they look for. And like this colleague in the US bank, anything that’s a bit different from that gets flagged, right? But there’s 99% of the dark space that they’re not looking at because that’s not where it’s at. It’s also they’re following the FATF standards. They’re not following empirical evidence. So I’ve got empirical evidence in several countries that shows what criminals actually do. It doesn’t match the FATF standards. That’s fine—criminals love it! They can keep doing that. And the other problem with the haystack manufacturing business—otherwise known as AML compliance—is that there are a whole lot of needles [stood on 26:03] the bank. And so the bank complies, but criminals are still working through that bank very, very well, even though they’re fully compliant with these incredibly complex rules. So you can just imagine the bank is handing over a whole bunch of haystacks, so there’s acres and acres and acres of haystacks—and FAU, the outfit that needs to try and look through that to try and find crime—there’s still a whole lot of crime going on in the banks and the banks are patting themselves on the back because we comply. There’s no risk—there’s a heck of a lot of risk, they just don’t see it because the system isn’t set up to see it. Meanwhile, the criminal needles in those haystacks are mostly not being found. But they’re there hidden in plain sight. And the solution—which is what happened with FinCEN just earlier this year—the solution is to give more money to create bigger haystacks. And two scientists pointed out in 1994 that this SARs idea sounds good, it’s a nice nice theory, but it actually doesn’t work. We need to fix it. And you know, that was 27 years ago. And every year there’s another issue where it’s not being—you know, in Germany a couple of years ago and the US just this year. So: throw more money at it, make bigger haystacks and not find the criminal activity faster and more efficiently.

Stephan Livera:

Yeah. And it can have an impact for customers and the service quality at that bank, because that bank or a Bitcoin exchange or company has to go through and do all this reporting, then there might be some compliance analyst sitting in a team who has to look at that SAR or SMR (suspicious matter report), and then either shut down that customer’s account or stop that account. And then it just causes all this friction and blockage, when, as you were saying, it’s often a haystack. They’re just creating a bigger and bigger haystack. All that data, that compliance analyst in the bank or the Bitcoin exchange or wherever has to then decide, Okay, we’re reporting this up to our regulator. And then the regulator is dealing with a huge haystack, but they’re not necessarily finding the actual criminals. And what I’ve seen—and I’m sure you’ve probably got an interesting comment on this as well—is that oftentimes when we see in the news, the unsophisticated person who’s just looking at it in the news, they don’t really understand the AML laws and things, they say, Oh, this bank got done for not doing AML. And really what was happening is maybe they weren’t catching all the reporting that they were meant to be catching. And so they weren’t building the haystack to the right level in this analogy. And so I wonder, in your view, is that an example of the laws and the regulations have basically been crafted in such a way that it’s very difficult to comply with? And so banks and other financial institutions just get in trouble from that point of view, even if there’s not necessarily been money laundering or terrorism financing going through those accounts?

Ronald Pol:

Excellent question. In fact, I would venture to say that it is impossible to comply with AML laws. Absolutely impossible. I could go into any large bank with a decent analyst. I will find significant amounts of criminal activity. I will find breaches of the AML laws. No question. So the issue there is that banks think that they’re compliant—and they’re not—because they cannot be. The system is set up in that way. But it’s actually worse than that because the system is no longer—and it’s increasingly no longer—focused against crime. It’s focused against banks. Because banks are an easier target for lazy regulators. Now, regulators don’t think that. Regulators genuinely believe—well most of them, some have shared with me that they know the reality but they can’t say it publicly—but a great many of them genuinely believe that they’re crime-fighting demons. But what they’re doing—and a great many of these cases, not all of them—so you go back to the original HSBC case and that was serious facilitation of criminal activity known by the bank. And you know, they should be pinged for that. But if you look at a lot of these cases, you drill down into it and get past the salacious, shouty media-type stuff. You look at it and it’s for breach of—they’re not ticking the right boxes, they missed a few reports they should’ve seen, their software wasn’t quite set up to send those reports over. Did those reports have any indication of criminal activity? Was there any laundering taking place? Was there any risk of laundering taking place? You ask those questions. And very often—I’ve seen some here in New Zealand recently actually and they really got to the high watermark in this country—two regulators in particular. It’s really quite bizarre. They’re now penalizing banks for situations where there is zero risk or almost zero risk of any laundering, any crime. They just didn’t tick the boxes quite right. And so that’s actually going to have a chilling effect. And of course it’s impossible to comply anyway. So the only determinant now whether a bank or an exchange is going to be prosecuted is not determined by their activities—whether they’re facilitating crime, or whether they’re a bit dodgy, or whether they just don’t care, that’s not the issue—it’s whether the regulator gets around to looking at them and has the resources to do so. Because the regulator can go to any exchange, any bank, and will find breaches because the laws are impossible to comply with, and they’re not focused on crime. They’re focused on creating enormous haystacks.

Stephan Livera:

I see. And so similarly to that point is that you could be an enterprising politician who realizes this and then use that to drum up anger against banks, because that’s a popular way that you can be a very populist politician—drum up anger against the banks and say, You aren’t doing enough against AML, we need these new laws, et cetera. And so it just kind of perpetuates the same problem and we just build bigger haystacks rather than finding genuine criminals and stopping genuine crime.

Ronald Pol:

Absolutely. I had a—I won’t say which country—I had a conversation with a senior legislator in a G7 country, and that particular legislator was previously a police commissioner. And I said to that person, Well, if you want AML laws to be effective in your country, it depends really whether you’ve got your police commissioner hat on—someone who actually understands crime and wants to actually have an impact on reducing the harms from crime—or whether you’re a politician. And, you know, he is a politician and was the police commissioner. And—it sounds a bit brutal—but I said, If you put in place these laws as everyone is advising you, the media will be all over you saying, This is amazing, we’re plugging gaps, and we’re having a huge impact on crime. And so you’ll be lauded for it. It’ll be fantastic politically. And in 10 years time you’ve retired, et cetera, and it’ll have showed to have zero impact on crime or almost zero impact on crime, and would have cost hundreds of billions of dollars. So it really depends if you’re thinking like a politician that just wants to win the particular votes because there is a perception that it has an impact on crime and you’re just working to that perception, or whether you actually want to have an impact on crime. And that’s the core, really. You’ve nailed it.

Stephan Livera:

Yeah. And so one other point I wanted to draw on from what you were saying earlier around criminals who actually want some of these laws because it maybe helps legitimize their actions in the eyes of the law—they can now front as a legitimate business—a similar trend, and obviously this is a Bitcoin show, one news item I’ve seen recently is this notion of people basically buying an already-KYC’ed account at one of the big Bitcoin exchanges. And then people are basically using somebody else’s KYC to sell their Bitcoins or buy Bitcoins or things like that. And so that’s one example where this system might be a bit counterproductive in that way. So I’m wondering whether you’ve noticed that trend, or do you have any comment on that?

Ronald Pol:

I’ve not seen it in Bitcoin, but it’s exactly the same as happened in fiat. So I’m not at all surprised. And in fact, we’ll see a lot of the same things happen in Bitcoin that we’ve seen in fiat as well, in terms of—it’s often explained by people in the AML industry as, Oh, criminals are being so much smarter and getting ahead and finding gaps, et cetera. It’s not really finding gaps. I mean, the whole system is basically like creating a stack of colanders to catch water, in terms of trying to stop crime. And so it’s not working so you put another colander on top of it to try and catch that water, and another colander on top of it. It’s not that criminals are so much smarter and constantly getting ahead, et cetera—the system is not built to stop crime, period. It was never built to do so. And that’s not necessarily deliberately not built to do so, although some researchers have found evidence that US and UK officials actually conspired to do just that. But there was only a juicy six months of correspondence they were able to get declassified, so we want to see more that in the future. But I don’t rely on that at all. I look at: How is it designed? What does the design enable it to do? Does the design enable it to have a material, demonstrable impact on serious profit-motivated crime, terrorism, and even money laundering? And the answer is no. So it is not designed to stop crime. The design does not do so. And it does that extremely well.

Stephan Livera:

I see. Yeah. And one other Bitcoin point that we make in the Bitcoin community is the idea of creating honeypots. And this applies even in the fiat world as well, but essentially when banks and Bitcoin exchanges and other companies are forced by the law or by the government to collect KYC and other information, this now creates a honeypot that a hacker or some other malicious party could try to get that information. And especially in the case of Bitcoin where there’s no take-backs, there’s no bailout, and if we’re truly bullish on Bitcoin as I and many of my listeners are, we think this thing is going to literally millions of dollars per coin—if they know that let’s say Stephan Livera KYC’ed at exchange A and he purchased this many sats or this many Bitcoin and then that database later gets hacked and they have my name, my address, how many coins I have—that represents a very serious honeypot risk as well. So I’m wondering whether you’ve looked at any of that or whether that has come into your analysis at all.

Ronald Pol:

Yeah actually I’ve seen it. I’ve not done research on it at a deep, deep level, but I’ve certainly seen it happening. In fact, one example: you look at what happened in Afghanistan recently. So people provided their information to the legitimate government at the time. Then Taliban came back in and is now the legitimate government. And it has now access to all financial records, including the records of people who did all the KYC, et cetera, the people who helped the previous government, who helped the US government, et cetera. So it happens there. You know, whether you’re in the US and there’s a Democrat or a Republican, the next one is in control and puts in place something. And would you want that information to cross? We’re seeing that now of course with vaccine passports and all of that information, et cetera. And in the central bank cryptos as well, which is a significant issue. And a lot of these issues are not being well addressed. There is an underlying assumption that KYC is good, that we need identification, we need all sorts of identification, that’s a good thing. And certainly there are privacy people who are putting up a good argument in a number of areas, but what’s often missing from that is—it’s a belief that KYC is good. Let’s test that assumption. Do we need all of this KYC, or could we do some of it that actually has an impact? Or could we do something else that has a greater impact? So there seems to be an assumption that we need to do KYC rather than, What’s the purpose of KYC? What are we trying to achieve by KYC? And if we’re asking that deeper question then, What sort of KYC should we get to achieve that as to be a minimum that enables that objective? And that’s not happening. It’s: KYC is good, crypto is bad. It’s that sort of very, very simple narrative that’s coming about. And I’m seeing that in the AML community too. There are people—who are not saying it publicly—but serious AML elites are saying in the background that in fact AML software should have access to all of the countries financial data, period. If you’re not a criminal, you’ve got nothing to hide. That’s actually a conversation that’s happening more and more. I’ve seen it on a number of occasions—again, in small group discussions by AML elites. And I even joked with one group a few months ago saying, You mean a bit like that NSA system that Snowden pointed out? Thinking that somebody might think, Oh, are we really going that far? And no one in that group blinked an eye. It was a little chilling, I thought. Now I’m not saying whether we need this KYC or that KYC, et cetera. My issue is always, Does it work? Is it effective? What are we trying to achieve? What’s the underlying goal? If the underlying goal is preventing any criminal use, stopping crime, having demonstrable impact on crime—okay. Rather than assume that’s going to have that impact, let’s test what’s going to have that impact and then put in place the minimum amount that will achieve that goal. And that is not what is happening. It does not happen in the AML community. And as KYC is rolled out into Bitcoin and other areas, I’m seeing it not happening even more so. And so it’s potentially worse than people think it’s going to be.

Stephan Livera:

Yeah. So as you say, the main concern from your point of view is the ineffectiveness of AML. And certainly I agree with you. It’s like: we can disagree with government regulation on companies, but even if you granted that or set that to the side, we’re saying, Even on their own terms, have they been effective? And the answer is simply, No, they have not. And so the other point that I wanted to touch on what you were saying there is that there’s a massive potential for abuse. So as you pointed out with the NSA, there were examples where US government spy agency staff would spy on their ex-girlfriends’ wives and people, because they would use that tool that was there, and yes, some of them got in trouble for it and there were news articles—you can search that, listeners—but the same thing would be possible in a KYC database, as what you were saying, such that if all the KYC software was allowed to tap into everyone’s financial information, it’s a massive honeypot. Think how many people would love to get access to that. Marketing companies would love to be able to surveil you in terms of what and how you spend your money. Governments would love to surveil you. Criminals would love to surveil you so they know who’s wealthy and who’s keeping money at their home. There’s all these aspects that are just not really just about that system. And unfortunately it seems that there’s not enough noise about the injustice of this and that there are very serious risks being created for innocent people who may not have done anything wrong, no crimes committed, and yet their data is potentially being leaked out just in the same way that, for example, there was a big Equifax hack years and years ago. So not that long ago, maybe five to 10 years ago. And so these are all examples where that’s a pretty big risk. All right. So we’ve got that there—

Ronald Pol:

We can probably add to that statement, too. I said that the UN book-ended the decade with two reports—the one I’ve mentioned was illustrating how incredibly ineffective it is. Earlier this year, the UN came out with a report demonstrating the massive harm caused to millions of people, communities, and even countries by AML laws. And unfortunately their proposed solutions I don’t think are particularly effective. But they’re absolutely right that the harms are immense. For example, we had this here years ago where there was an expat community trying to send money home to Somalia and the Somalian banking system wasn’t wasn’t working. And so they had to send it via another country. And these are legitimate people, but because it set up a flag that it could be laundering—the bank knew it wasn’t laundering—but it was too much of a risk from the regulator so they just cut all those accounts away. Ordinary people trying to send a few dollars home to their own people, and it was known that they were legitimate people. And you look at that on a global scale: millions of millions of people being hurt by this. And even countries, because countries are being slammed with poor ratings—You’re a bad money-laundering country because of this, this and this. Well, actually there’s great irony in this. So you look at say the UK and the US who get the highest ratings for anti-money laundering effectiveness according to the current protocols, and they are arguably the two top money-laundering countries in the world. And so the rating system does not do what it says on the box. And so that harms a lot of countries who are penalized with poor ratings, who may actually have very, very little risk or may not have that particular level of risk. Or—and this is where other researchers look into it and I don’t have too much on this—but it’s been said by some researchers that there are certain countries that are using the apparent objectivity of FATF protocols as in fact another layer of foreign policy control, because they have pretty significant influence in the background in this area. Now, again, I’m not concerned with that personally with my research. I look at, Is it effective? And it’s really, really not effective. But those are issues that are quite significant issues and the harm on communities, on millions of individuals—it’s been slammed by the United Nations. But it just rolls on. The narrative is the narrative.

Stephan Livera:

Yeah. And as you were saying, there’s been that concern about countries because of FATF and the pressure applied amongst the countries—they’ll say, You’re not doing “enough,” you’re not making a big enough haystack, so you need to go and report harder or KYC them harder, or ask more stuff. And it also perhaps leads to debanking of certain industries. So we’re seeing certain banks come out and say, Oh, we’re just going to put out a blanket policy. If you are involved in say the gun industry or drug industry or one of these industries, we’re just not going to bank you at all, just flat out. And so perhaps that’s also part of it.

Ronald Pol:

Yeah Cuba had that. A whole lot of banks dis-established their correspondent banking relations with Cuba. With a bunch of South Pacific countries. In Africa. And the Middle East. These are legitimate people doing legitimate transactions to legitimate businesses—you know, 99%—but they happened to get bad tick from FATF. And in fact, my research has indicated that it’s actually very, very easy. If you look at the way the system works to get any tick, many are just going through, following the narrative, getting the experts that tell them what to do, et cetera, and they’re getting really punished by the FATF ratings. But a few have figured out that it’s eminently gameable. And it is. I could get just about any FATF rating for just about any country in the world because of the way it works. But you know, countries don’t realize that. They do it legitimately. They genuinely think it has an impact. All of their advisors tell them it has an impact. And they go through the motions and they get absolutely brutalized. And then they realize, and then it takes another six or seven years to try and claw that back. And meanwhile, their legitimate businesses, many of their citizens, are hurting big time.

Stephan Livera:

Yeah. So I want to touch on what can be done. I guess one thing that often happens in these things is they talk about, Oh, we’re going to reform the system! But then really they just make it worse. What can be done in terms of people who believe this is an issue? Can they find politicians who are willing to champion the cause? Perhaps some of the Bitcoin-friendly politicians who might want to champion the cause? Or is it possible to defund or restrict the funding for entities like FATF or some of these overly large and overburdensome regulators and laws? What can be done here?

Ronald Pol:

Well it’s interesting there, because my research originally focused on that approach, which is a top-down approach: How do we change the system to enable it to have a massive demonstrable impact on serious proper-motivated crime. And by the way, that is a huge reduction in compliance cost, a huge reduction in regulatory risk at the same time. It doesn’t need to be, as it is now, increasing each of those. It can be less. The trouble is there’s a whole lot of barriers to that. So for example, one of the barriers with politicians—we’ve touched on a little bit of that—is that politicians are in a really difficult place. Well, one, they’re busy, so they’ve got a whole lot of things they’re doing, right? So they take advice on this sort of thing. And they’re given advice that, You need to fill the gaps and do the FATF rules—that will work. So they take that advice. And often they take that genuinely, they believe it will work, and they implement those laws. And those laws had no such impact at all, but the politicians don’t question that advice. And it’s difficult for them to do so. Also, the system is set up so that even the politician who knows it’s a crock will still put in place the FATF standards, because we need to get that tech so that we’ve got access to the financial system. So the system is set up against its reform. It’s set up against recognizing that. Even in banks, I’ve talked to chief executives and chairs of major banks who know that it’s a crock, but they can’t say anything because they’re between a rock and a hard place too. One, they’re advised by senior compliance—people who genuinely believe this stuff—and so it’s difficult for them to push back and do something different, particularly when they go to the regulator who has also drank the Kool-Aid and is going to penalize them for anything there. So the chance of a top-down change at that level is fairly remote. And FATF a few months ago basically said, We just need to keep doing what we’re doing. So they’re locking in a fourth decade of failure. So my research some time ago started to pivot towards looking at, Is there a way where an individual country with a degree—rather than the supine followership that we’ve had to-date for the past 30-odd years—could actually very quietly do it itself and achieve a massive impact on serious proper-motivated crime, but in a risk-free way, i.e. not jeopardizing the FATF ticks but have a massive impact. Now, if that happens, then that country could then be a catalyst for others to follow. And that would be fantastic. And other countries would follow because it works. And because it’s much less costly and much less burdensome on their businesses, et cetera, and other countries would follow simply because it works, not because they have to. Also, I’ve been looking at ways that individual banks can act as a catalyst for change. And that’s looking possible as well. But this needs to be done in a way where banks can quietly do it—have a massive impact—but without affecting the regulatory arrangement at all, and strip out all of their regulatory risk including all those needles that the current system leave the banks. So stripping out all those criminal needles. So they slash their regulatory risk to almost zero, but it needs to be done in a way that the regulators are happy with. So that’s where I’ve been working on it in a way where in fact you can make the regulators look like heroes, strip at your regulatory risk dramatically, cut down your costs enormously—and as a few more banks start to do that, because it works, and the regulators look good because all of a sudden, Oh, we’re having a demonstrable impact on crime, and [in] the current system no one’s ever demonstrating it, no one’s ever robustly testing it, but it can be done in a way where it can be robustly tested, that individual bank can quietly do it, another bank can quietly do it, that regulator looks good—then all of a sudden that can act as a catalyst around the world as well. So I think the way to change—because there is almost zero discernible interest in changing at the top level in terms of FATF and countries having that leadership—

Stephan Livera:

But Ron, I’m not clear what you’re saying there is that you’re saying that banks would have to keep doing all the KYC, FATF, etc. itself, but have their own thing on the side that’s their own way of showing that they’re stopping criminals. How exactly would they do that other thing?

Ronald Pol:

Oh, I can’t give too much away, but think of it this way. So for example, over the years I’ve looked at compliance systems. I have never seen a compliance system that has matched the three requirements that I have—never—until recently. And so at the moment compliance systems allow banks and exchanges, et cetera, to comply with the regulations. The regulator says, you need to do these things and so they have all of these rules and scenarios. They call them scenarios—they might have 20 or 30 scenarios. Bigger banks might have a hundred scenarios that they tweak to look for criminality. Now they look down those lines of criminality, but there’s 98% that they just can’t see. And also it produces 98% false positives. So it’s an incredibly inefficient way of doing it, because these systems are set up to comply. I’ve had chief executives of compliance in to say, Come and look at our system. It’s the best thing, it’s got AI, it’s got all of this, etc. And I then tell them, I look at three things. And then they run away screaming—well, not quite screaming, but they certainly are no longer that interested in me looking at their system because they know that it doesn’t achieve those things. And so I ask, Will it have a substantial demonstrable impact on serious crime? Will have a substantial demonstrable impact on regulatory risk? And will it have a substantial demonstrable impact on compliance costs? Slashing all of those, and in a robust way. And until recently, I never saw a single system that did that. And the first one I saw that did it was fascinating. It wasn’t built as a compliance system. It was built to find crime. And so it’s not based on ticking those boxes, et cetera. It’s based on, How do we actually strip out in terms of crime? So coming back to your question, does it [allow for me to not do all of that and still do this?] Well the interesting thing about that: not necessarily. It still needs to do the tick box stuff in the meantime, because it can’t afford not to. So it has to. But if you tack on something that enables that visibility to happen in a way that is robust in terms of the way I look at things from a scientist point of view, Is it robust? Is it demonstrable? You can demonstrate this in a way that demonstrates to the regulator there’s a demonstrable impact on crime—that’s never been done before—in a way that demonstrates to the board that we’ve stripped out massive regulatory risk. If you can do that, that’s when you then get to the stage where the regulator is saying, This is fantastic. This is an amazing thing. Thank you very much. All of a sudden you’ve got no regulatory risk and you’ve got no risk anyway, because your system has stripped it out. And so you still have to tick those boxes for the meantime, but eventually you’re moving towards something where your regulator is saying, This is great. Let’s do more of this. And when one regulator does that, then another one in another country does it. And another one in another country does it and eventually FATF will say, Oh yes, that’s what we meant all along. And that’s fine. It’s not about ego. When that happens and FATF actually says, Ah yes, that’s what we meant all along. And then, Yes, here’s a system that works—we’ll slightly tweak what’s happening because this country is doing a great job and everyone else needs to follow that approach. That’s great. I don’t have a problem with it. That’s when we’ve flipped from 0.05% impact on crime to have a marked impact on crime, where it’s, in that particular metric, it might be 20% or 30% or whatever happens to be. Which is hundreds of times greater impact. And the modeling I’ve done demonstrates that the costs just fall away to—not quite zero—but a tiny, tiny fraction of the benefits, which is what happens in most regulatory compliance systems, unlike AML. Which is why they don’t measure it, because this is one where the cost, instead of being a tiny fraction of the benefits, the costs are by some measures 25,000% of the benefits which is unheard of in regulatory compliance—except in AML.

Stephan Livera:

Yeah. It’s unfortunate that there’s very little concern for actual cost-effectiveness. And I think the other thing is because it’s an ever-shifting goalpost, there will be some new directive and they’ll say, Oh, now it’s AML 5D. Now you’ve got to check this and this, and they just continually implement some new thing. And then the compliance costs shoots into the sky. And so, again, it just keeps the current large players in banking services, financial institutions entrenched in their position versus new players, while at the same time not really doing much against actual, genuine bona fide crime.

Ronald Pol:

That’s been going on for nearly 30 years. It’s basically a silver bullet-type approach. And all the firms are doing it and all the experts are saying—at the moment it’s AI, for example—Oh, AI is gonna fix everything. And some of the stuff that’s come out of the recent data leak, it’s, Oh, we need to extend the laws more to lawyers and accountants, et cetera—that’ll fix everything. Oh, we need more beneficial ownership transparency—that’ll fix everything. But people don’t step back a second and think. And I’ve done this analysis. I’ve looked at all of those silver bullet solutions over the past 30-odd years. And every one was touted the same. We need to extend it to more countries. We need to extend it to more businesses. We need to extend now to Bitcoin, et cetera. But if you look at all of those, the combined impact—none of them had a material impact on crime at all individually, let alone all combined. No one’s asking that question. It just sounds like a good idea. So let’s do another tranche of extending it further, extending it further into the art industry, into crypto, into—et cetera. That’s going to have this impact. And all we’re doing is sweating the 0.05% impact. And you know, it’s fantastic for two global cartels and that’s it: organized crime and organized compliance.

Stephan Livera:

Well, I think that’s probably a good point to finish up here, Ron. Thank you for joining us. It’s been a really great and informative discussion around the ineffectiveness of AML. For any listeners who want to follow your work online or find you, where’s the best place for them to find you?

Ronald Pol:

Probably the blog, I guess: effectiveaml.org or drop me a line through LinkedIn, Google me, and you will find me or find all sorts of abuse about me, I suspect. I haven’t Googled myself for a while so I don’t know what will come up, but effectiveaml.org is probably the best start.

Stephan Livera:

Excellent. Well, I’ll put that in the show notes for listeners. And Ron, thank you again for joining me.

Ronald Pol:

Thank you.

Leave a Reply