Saturday, March 15, 2008

Robot Rats and SARs for PEPs

Sometimes things happen fast in politics. On Sunday morning, March 9, Eliot Spitzer woke up to the beginning of his 63rd week in office as Governor of New York State, an office which served as a stepping stone to the White House for his predecessors Theodore and Franklin D. Roosevelt. He had an apparently unstained reputation for fighting corruption in high places, which he had earned during his seven years as New York State's Attorney General, going after everything from Enron-type financial scandals to prostitution rings.

Two days from now—on Monday, March 17—he will hand over the keys of office and become Private Citizen Spitzer. Earlier this week, the New York Times revealed that Spitzer had been a customer of a prostitution ring that was under federal investigation. This evidence was revealed by a computer scan of Spitzer's banking transactions—a robot rat, if you will. The political firestorm that the news report touched off must have convinced him that trying to stay in office was an exercise in futility. On March 12, he announced that he was resigning. Ironies abound in a situation like this, but an ironic twist of special interest to the technical community is that Spitzer was caught by software that he had himself encouraged banks to use during his years as Attorney General. How did it work?

Banks have ethical obligations both to their customers and to the governments in whose jurisdictions they operate. Customers expect banks to keep their collective mouths shut about private financial matters, and by and large, banks are pretty good at doing this. But law enforcement officials realized long ago that banks are where the money is, including illegally gotten gains from enterprises such as drug dealing and prostitution. That is why in 1970, Congress passed the Bank Secrecy Act. This act is why you have to fill out a form with some identifying information any time you engage your bank in a single cash transaction of more than $10,000.

Criminals are as adaptable as anybody, and soon they learned not to trip that $10,000 wire by breaking up transactions into smaller amounts. To plug this leak in the dike, Congress enacted the Money Laundering Control Act of 1986. Besides asking banks to report any transactions over $5,000 that looked like they were evasions of the $10,000 limit, it removed liability for over-reporting. This meant that if you got annoyed at being called by the FBI for a series of legitimate but large financial transactions, you could no longer sue your bank for falsely tattling on you.

As time went on, $5,000 became less and less money in real terms, meaning that without doing a thing, Congress gradually lowered the threshold on what banks had to report. After a few banks got in trouble for under-reporting and computerized banking became nearly universal, the banks had the bright idea of just reporting everything automatically that looked suspicious. But first they had to tell the computers what "looking suspicious" meant.

One factor they loaded into their software, believe it or not, was the degree to which their customers are "politically exposed persons" (PEPs for short). If you are a governor, senator, UN delegate, or other personage whose position makes you more likely either to be the victim of a corrupt action (e. g. blackmail) or perhaps the perpetrator, you get a high PEP rating, and the threshold for making the computer spit out summaries of fishy-looking activity is accordingly set very low. Spitzer, needless to say, was a PEP, and when several large transactions to one firm showed up on a report, the bank decided to file a Suspicious Activity Report (SAR, for short) with the IRS.

At this point, humans got involved, but they could not have done their jobs without the aid of large software programs that inspect millions if not billions of transactions every year. Initially the investigators thought the governor might be the victim of blackmail, but when they found out the firm was a front for a prostitution ring, things took a different turn altogether.

Computers don't join political parties, but the people who program and operate them do. This story shows how technology can help law enforcement with investigations that in times past would have been impossible because of the sheer volume of data to inspect. Back in the days when the most advanced technology in a bank was the Friden calculating machine sitting on the comptroller's desk, a person's eyes were the only way to inspect records. That limited the nature and scope of investigations, although it also probably made things easier to do informally that were strictly against the law, as favors both to criminals and to policemen and detectives. Today, the same criteria can be applied impartially and exactly to millions of accounts, but at some point human judgment always comes into play. Once the computers provided the information to investigators, the investigators had to decide what to do with it.

And it was human judgment, however flawed, that made Governor Spitzer think that maybe he would escape detection of his expensive dalliances. Perhaps he was unconsciously hewing to an outmoded habit he developed before his own actions helped to tighten the screws on money launderers and others who do not care for banks to report their transactions to the government. Whatever the reason, this episode shows that the power to analyze large amounts of private computerized data can make or break very influential people. And without software engineers, no one would have that power.

Sources: A good summary of the laws and processes that led investigators to Spitzer's transactions is at http://firedoglake.com/2008/03/12/money-laundering-suspicious-activities-reports-and-structuring/. A Newsday account of how Spitzer's bank discovered the specific transactions is at http://www.newsday.com/news/local/state/ny-stspitzerbank0312,0,4637246.story.

No comments:

Post a Comment