June 25, 2006

Roundup on SWIFT breach -- limits claimed are already breached -- US citizens are the victims

Snippets on the big news story of the SWIFT breach. Domestically, this sort of monitoring is perhaps mundane...

The Treasury routinely monitors financial transactions in U.S. banks under the Bank Secrecy Act. Under that law, banks are required to report any cash transaction above $10,000 and to file a suspicious activity report on any transaction that the bank believes may be tied to criminal activity.

U.S. banks have filed more than 2 million suspicious activity reports since 1996, according to John Hall, a spokesman for the American Bankers Association. Banks are also required to retain information on all transfers of more than $3,000.

Should we admire the UST for their careful governance?. FinTimes says:

He said: "We get a data set from Swift but our analysts cannot just look through that data - they have to type into a computer the targeted search they want to do."

This search request must include the name of the targeted person or entity and the reason for believing that person could be associated with terrorism. "There is a record kept of every single search," he said. "Swift itself has people inside our facility who can monitor these searches in real time, and if they have any questions they can stop a search instantly and ask these questions."

As a further safeguard, he said the Treasury had appointed an independent auditor to examine the log of search requests. Mr Levey said the Treasury could not see the data unless it came up in response to a specific search. "Our most recent number is 0.13 per cent of the information that we have we can access."

According to the New York Times, some of these safeguards were introduced in 2003 after Swift threatened to pull out of the programme.

Apparently not. News also in that the 10 major CBs all had the information, as (I am told) they are all represented on the advisory board of SWIFT.

"We had the information in the context of our monitoring activities" of Swift (Society for Worldwide Interbank Financial Transactions), a BNB [Belgium's national bank] spokesman said, refusing to say when it had that information.

"We were alerted informally in the framework of our contacts with this enterprise," he said. ... The BNB said it saw no ethical problem in an exchange of information between Swift and the US authorities, adding that ethical monitoring was not part of its responsibilities.

The bank was charged with the "external surveillance" of Swift, meaning that it had to "check on a certain number of standards of proper functioning" to ensure that the overall financial sector was performing correctly.

The news about US spying "did not call into question the correct functioning of the institutions". The giving of information was "the responsibility of the business (Swift) vis-a vis its clients. The BNB, for its part, was 'subject to professional secrecy'," the bank said.

It added that Swift's databases were in the US and the Netherlands and their management was subject to legislation in those states.

The major central banks are OK with it. Elsewhere it seems that major Swiss banks confirmed they knew. Also jurisidiction is established by the location of databases.

SWIFT is headquartered in Brussels, but much of its operations are based in the United States, where knowledge of the government's secret access to its data was not widespread. Of officials at three large U.S. banks who agreed to speak about the program, only one said his institution had knowledge of it before yesterday.

"People around here are fine with this," said the official at a major New York bank, who spoke on the condition of anonymity. "It was done right." Treasury Undersecretary for Terrorism and Financial Intelligence Stuart Levey said yesterday that the central bank governors of major industrialized nations had also been briefed, although he did not say when that occurred.

Which all confirms my original impression -- I had simply assumed that this would have been done anyway. Why would SWIFT be immune to the data mining that is going on?

Realpolitik aside, the real story here is this: what and where is the debate about whether this is an acceptable thing or not? What happens when the American agencies successfully breach the safeguards that were forced on them by SWIFT? As they will, in time.

"There was one instance noted at one point in an audit that there had been one search that was done that was, in our view, inappropriate. . . . The person who conducted that search is no longer allowed to work on this program. And no information from any search that's even been questioned has ever been disseminated," Levey said. When information appeared that indicated a non-terrorist crime, such as money laundering or drug trafficking, he said the source of the information was "sanitized" before it was passed to other law enforcement agencies.

Boom! Already, the information is being passed for ML and drugs. See how easy that was? The press will concentrate on meaningless blather like who is that poor unfortunate lamb who was sacrificed to prove the information is governed, and miss the wider significance that the system is already being breached, even as they are saying that it is only for terrorism.

One reason the administration is engaging in so much secret surveillance is that current technology makes it so easy, suggested Paul Light, a public policy professor at New York University. "It's almost a case where the technology is leading the policy. If you can do it, why not do it?"

"Bush and his advisers just don't see privacy rights as a particularly balancing test in making the decision to go ahead with these techniques," Light said.

And, how is the rest of the world going to treat this? My guess is that it will be yet another nudge to all the non-friends of the USA to review their dependency on the dollar. Look to see what Russia, Iran, China and the Muslim world make of this.

If a nudge is one more percentage points off the USD as reserve currency, then the cost is twice that in economic payback to the people of the US, who have to pay back the debt. There are some real victims, then.

Posted by iang at June 25, 2006 05:06 PM | TrackBack

Report from the Wild East:

I have participated in a conference titled "Banking and Criminal Law" organized by the International Association of Penal Law (AIDP, http://www.penal.org ) where the following figures were announced for 2005 in Hungary:
Reports by banks and law-firms concerning possible money-laundering: approx. 14000
Investigations initiated by the police: 8
Cases heared at court: 2
Guilty verdicts: 0
At the same time, the estimated volume of money laundering through the Hungarian financial system during the same year: $4 billion.

These figures came as a shock to some of the participants (including myself). This proves that the immensely expensive snooping machinery that requires one or two full-time employees at major branches (the guy dealing with the paperwork required for reporting suspicious cash transactions), which both customers and banks hate, is completely ineffective. Banks were forced into compliance by the regulation that puts the criminal responsibility for money-laundering on the teller, if s/he failed to report it; thus, they end up reporting almost every transaction, just in case. Same for law firms and escrow agencies (these two functions are traditionally performed by the same companies in Hungary).

On the other hand, living without a bank account is nearly impossible in Hungary (for instance, it is illegal to pay salaries in cash for a wide range of jobs) and it is becoming increasingly burdensome to transact without the banks' participation. It's getting worse year by year.

Russia is a completely different story, where the trust in the banking sector is generally low among the general population and large parts of savings are held either at home in cash (exclusively in USD during the nineties, then in Euros and in the past two years increasingly in the local currency, roubels) or lended to trustworthy friends and relatives. Major money laundering is done through off-shore banks, mostly in the baltic states (Russian-owned Latvian banks are the favorites). Even if salaries arrive to bank accounts, people tend to visit the ATM on pay-day to get some cash (most ATMs give both roubles and USD; when ATMs first appeared in Russia, they were dollar-only). Escrow agencies (of which WebMoney is technically one) are very popular in securing p2p or b2b transactions. These are very loosely regulated, use a diverse set of communication channels, and God alone can track all the financial flows. There are just too many of them.

Posted by: Daniel A. Nagy at June 26, 2006 05:34 PM
Post a comment

Remember personal info?

Hit preview to see your comment as it would be displayed.