Policymakers around the world have typically outsourced the detection of financial crime to the private sector. This approach is often referred to as the “gatekeeper” model, with the basic idea being that private firms, like bodyguards at a nightclub, are well-positioned to control access to the financial system and report suspicious transactions to regulators.

Unfortunately, empirical evidence shows that the gatekeeper model is not working. In a new paper, I examine the misaligned incentives of the existing system and propose a new market-driven approach.

Evaluating the effectiveness of the gatekeeper model is difficult, largely because policymakers have failed to establish clear standards by which to measure success. Nevertheless, the numbers speak volumes. Financial institutions spend more than $200 billion a year on financial crime compliance,[1] much of it for enormous staffs tasked with performing due diligence, assessing suspicious transactions, and submitting reports to regulators. In the Netherlands, for example, approximately 13,000 people, representing an astounding 20 percent of the total banking workforce, are fully dedicated to combatting money laundering and terrorist financing.[2]

Despite these investments, our best available estimates suggest that less than 1 percent of global money laundering is detected.[3] The numbers are equally abysmal in other areas of financial crime. One study estimates that the detection rate for closing-price market manipulation is approximately 0.3-0.32 percent.[4] Further, three-quarters of financial misconduct in the UK and two-thirds of fraud in the U.S. go undetected[5]

There are numerous contributing factors to these miniscule detection rates. Gatekeeper obligations are not always clear, and many compliance officers complain about receiving little communication from regulators after reporting suspicion. Regulators themselves often lack the necessary resources to investigate every report. The Financial Crimes Enforcement Network (FinCEN), for example, saw a 124 percent increase in reporting from 2014-2022 with only a 60 percent increase in funding and 3 percent increase in staff during the same period.[6]

No factor is a bigger problem, however, than the conflict of interest at the heart of the gatekeeper model. The system relies on private firms to monitor their own customers, putting their desire to maximize profit at odds with their duty to comply with regulations. Customers do not appreciate being interrogated about their transactions, and reporting your own client’s activity to regulators generally doesn’t bode well for the future of the commercial relationship. Thus, for gatekeepers, there is a natural temptation to cut corners, underfund compliance departments, and perhaps even assist criminal schemes. There are mountains of evidence, including more than $62 billion in civil fines for compliance failures, indicating that gatekeepers succumb to this temptation at an alarming rate.[7]

But what are the alternatives? One would be to allow regulatory agencies to directly surveil financial transactions. Regulators would have fewer conflicts than private gatekeepers and more incentive to catch crime. But government surveillance raises serious concerns about privacy. Another option would be to rely on indirect surveillance performed by corporate monitors. But monitors can generally see only samples of data and thus are ill-positioned to monitor continuously.

In my paper, I refer to these trade-offs as a surveillance trilemma. I contend that no existing form of surveillance can simultaneously feature positive incentives, data access, and privacy protection.  A new approach is needed, one that flips the incentives of the gatekeeper model while still affording data access and relatively strong privacy protections. The remainder of the paper outlines just such a solution: the licensed detection agent (LDA) program.

The LDA Program would create a new category of independent companies that are licensed, empowered to surveil transactional data, and financially rewarded for reporting suspicious activity to regulators. Firms would first seek regulatory authorization to act as LDAs, potentially complemented by licensing requirements for individual staff. They would then be provided with access to transactional data. Regulators would provide such data directly where possible (e.g., the SEC can grant access to the Consolidated Audit Trail). In other scenarios, banks and other financial institutions would be obligated to make their data available to LDAs.

Once LDAs spotted suspicious activity, they would conduct further investigation and submit in-depth reports to regulators. LDAs would subsequently be entitled to a percentage share of any penalties, seizures, or disgorgements of ill-gotten gains obtained as a result of their tips. Further, regulators would pay LDAs for each investigative report (provided stringent conditions are satisfied). This combined reward structure would offer both large long-term payouts and smaller short-term payments to encourage continuous monitoring. Various entities might act as LDAs, but the most likely candidates would be regulatory consultancy firms with investigative expertise and providers of detection software. The latter would have the opportunity to apply their own products to real-world data, strengthening incentives to innovate.

The LDA program is very much inspired by the success of whistleblower schemes. Perhaps no program better demonstrates the benefits of blowing the whistle  than the False Claims Act (FCA). Analyzing data from 1987-2023, I find that the U.S. government has, under the FCA, paid private persons about $12 billion of rewards in return for almost $72 billion in successfully obtained settlements and judgments. If we think of the FCA as an investment, the government has made a 490 percent profit. The LDA Program, too, would pay for itself; the financial benefits accrued by regulators would far outweigh payments made to LDAs for their reports.

But unlike whistleblowers, LDAs would not undertake the great personal risk of reporting on their own employers. Nor would they operate in the shadows. Rather, they would represent a new form of detection that professionalizes corporate sleuthing, or what might be called financial-crime bounty hunters. And unlike gatekeepers, these bounty hunters would have strong incentives to perform effective monitoring.

Like any proposal, the LDA program would entail risk. Careful design would be necessary to address possible conflicts, overreporting, and other unintended consequences. The paper discusses these risks and how they can be effectively mitigated. Naturally, further work would be needed to address the country-specific legal complications of implementing such a system.

Investigating these solutions further would be well-worth the effort. The current system imposes enormous costs on the private sector, costs which are in some cases explicitly passed on to consumers.[8] Yet the results are shockingly poor. We can do better.

ENDNOTES

[1] FORRESTER, True Cost Of Financial Crime Compliance Study, 2023, (2023), https://risk.lexisnexis.com/global/en/insights-resources/research/true-cost-of-financial-crime-compliance-studyglobal-report.

[2] Dutch Banking Association, NextGen Gatekeepers (Translated from Dutch), (2024), https://www.nvb.nl/media/czxdynla/nextgen-poortwachters-position-paper.pdf

[3] Ronald F. Pol, Anti-Money Laundering: The World’s Least Effective Policy Experiment? Together, We Can Fix It, 3 POLICY DES. PRACT. 73 (2020).

[4] Carole Comerton-Forde & Tālis J. Putniņš, Stock Price Manipulation: Prevalence and Determinants, 18 REV. FINANCE 23 (2014)

[5] John Ashton et al., Known Unknowns: How Much Financial Misconduct Is Detected and Deterred?, 74 J. INT. FINANC. MARK. INST. MONEY 101389 (2021); Alexander Dyck, Adair Morse & Luigi Zingales, How Pervasive Is Corporate Fraud?, REV. ACCOUNT. STUD. (2023).

[6] Miles Kellerman, “FinCEN and the Data Dilemma,” False Positive, (June 16, 2024): https://mileskellerman.substack.com/p/fincen-and-the-data-dilemma

[7] The $62 billion figure derives from a combination of two figures cited in recent Fenergo reports. See Fenergo, Reading Between the Fines: A Deep Dive into Financial Institution Penalties in 2022, (2022), https://resources.fenergo.com/webinars/reading-between-the-fines (last visited Nov 18, 2023); FENERGO, AML Enforcement Actions Surge in 2023, (2023), https://resources.fenergo.com/reports/aml-enforcement-actionssurge-in-2023#main-content (last visited Aug 22, 2024)

[8] See, e.g., NOS, Bedrijven, Stichtingen En Kerken Moeten van Banken Meebetalen Aan Witwasonderzoek, NOS, Dec. 27, 2022, https://nos.nl/artikel/2457797-bedrijven-stichtingen-en-kerken-moeten-van-banken-meebetalenaan-witwasonderzoek (last visited Jul 11, 2024).

This post comes to us from Professor Miles Kellerman at Leiden University. It is based on his recent paper, “Licensed Detection Agents: The Case for Financial Crime Bounty Hunters,” available here.