Hacker News new | past | comments | ask | show | jobs | submit login

No such thing as "an algorithm run amuck" - more like "another department run amuck". Someone programmed the thing, someone is running it deliberately.



Regulators fined Chase and other big banks for "weak controls". One way to show that these big banks have "strong controls" is to change parameters for these algorithms. Many legitimate transactions fall under structuring, layering, smurfing, laundering. After all, any goal of money laundering is to make their transactions appear "legitimate". Now almost all transactions (except for big businesses and people with few bills and pay stubs) come under scrutiny.

Strong controls = more false positives, more account closures, more SAR reports. That's what regulators want, and politicians don't want to rein on these regulators either by amending laws or by reducing "too much discretion" given to regulators. Of course, those affected by debanking (ordinary citizens and small businesses) don't have that kind of lobbying power to bring any such changes.

Big businesses instead can own small banks in fly over states, and run their transactions through those banks. Maybe, it is time to bank with local credit unions, as the latter allow mobile deposits. Once FedNow takes hold across credit unions, better switch to credit unions.

Another lesson: every one should have at least three checking accounts (one or two big banks; one or two credit unions).


> One way to show that these big banks have "strong controls" is to change parameters for these algorithms

imagine if some bank knowingly facilitated money laubdering, and needed to show they gave strong controls. What eould you do?

Thats right, you would close 10k minor accounts of random schmucks for 'suspicious activity', report 'job done' to the regulator, and continue your corrupt practices


The fundamental problem here is that these regulations are totally useless. Look into the effectiveness of KYC laws -- they're basically zero percent effective.

And the reason for that is that if anybody knew that somebody was engaged in criminal activity, they wouldn't have their bank account closed, they would be arrested and their finances seized by court order. So the bank account closures only happen to people for whom there is not enough evidence to charge them with a crime. In other words, a ton of innocent people.

Conversely, the bank is not a law enforcement agency and has no real way to distinguish between the kind of criminals who know how not to be obvious and the aforementioned totally innocent people, and if anything the practiced criminals are the ones who know how not to trigger the fraud detection algorithms, unlike the innocent people.

So the criminals don't get caught and the government blames the banks for this, but the banks still don't have any good way to know who the criminals actually are, so all they can ever do is round up random innocent people to put on a show of punishing somebody.

The fraud is that law enforcement should be an obligation of the banking system and that fraud needs to be eliminated.


> imagine if some bank knowingly facilitated money laundering

You won't have to imagine very hard, HSBC was caught laundering money, told they had to strengthen their controls, but ultimately all the Justice Department wanted was a small cut of the action in the form of fines and HSBC has been allowed to continue their corrupt practices even after being caught laundering money again and again (in addition to all kinds of other crimes). It seems like as long as they can pay the fines, banks are basically above the law.


One way to prove weak controls is also to show that low-level branch employees have the ability to override AML/KYC flags, and regularly do so. That's not just poor controls, it's demonstrating knowledge of the transactions being suspicious while enabling them anyway.

GP says "monitoring transactions should not be sufficient to satisfy KYC" - of course monitoring transactions is required to satisfy AML, flagging any transactions indicates specific knowledge of them being suspicious, and failing to act in any cases where it was warranted will be used as proof of lax controls, with fines starting in the hundreds of millions.


Isn't this where documentation of actual KYC would come in? "Flagged for reason X; Overridden by local manager - follows 10 lines of CYA justification"? Normally that's good enough for administrations.

The second time it's flagged for reason X+1, include 10 lines from rank 2 manager.


That probably would be acceptable but it's not clear it is worth the bank's while to do that


It seemed in these reports that the local manager was surprised. ... But it may be that they were only "suprised", i.e. not about to say that the system did prompt them but they ignored the prompt. Possible. It is also possible that the bank only prompts the local manager if the client has enough estimated net worth or estimated lifetime client business value. The kind of thing that might make sense but wouldn't be disclosed until there is a lawsuit.


All the examples cited in the article were with big banks who are probably the ones most likely to be employing these automated systems and getting pressure from regulators. For the benefit of decentralization and avoidance of CBDC's I am moving my accounts more to the smaller regional banks.


> Maybe, it is time to bank with local credit unions, as the latter allow mobile deposits.

I've never used a credit union and have had access to mobile deposits at everything from large multinational banks to small local ones for well over a decade.


Wrt keeping multiple accounts, what is the benefit of that compared to the overhead of monitoring and managing them? Is it just a contingency? Banks in particular have no real reason to give you your money back or respect your privacy. Why would I put my money in an institution that I can't trust?


Banks send out a cashier check upon closing accounts. I was pointing out some edge cases (last deposited check being the culprit of closure; however, this check was cleared by the payee bank). Contingency is one reason. It also depends on what you use banks for. If it is direct deposit from jobs and paying bills, big banks are okay.

The moment you start use Zelle heavily, one of those zelle recipients is linked with suspicious activity, that's a problem (btw, Zelle is owned by big banks). Banks find so many things suspicious: many check deposits, many zelle transfers, low balances, many cash/money order deposits, asking for cashier checks, wires(both domestic and foreign), any crypto activity, being a public figure, names similar to those on OFAC list, etc. Basically, they want normal customers (4 pay stubs, paying 10 bills a month) or extremely wealthy clients. Otherwise, you don't fit the average profile, and whatever you do is construed as not being legitimate.


In this context, the implied reason is that your still have a bank account if one of the banks decides to close or freeze your account. If you can do without an account altogether (how??), good for you, I guess.


> Banks in particular have no real reason to give you your money back

Of course they do. If they didn't have a reason, why would they do it?


>No such thing as "an algorithm run amuck" - more like "another department run amuck". Someone programmed the thing, someone is running it deliberately.

Not to defend banks, but you know how many bugs the average large software system has?


With such a critical activity that has the potential to destroy lives, "a bug" is not a good enough excuse. Hire a human to override the bug driven decision. These aren't bugs but conscious decisions taken by each bank because the fallout is on few enough customers that they don't need to worry. I've worked with/in enough banks to know someone intentionally drew a line and everyone who happens to fall under it can just suck it up.


You're not wrong. Chase has 18.5 million checking accounts and 25 million debit cards, so they can afford to lose a whole lot of small customers while still saving a bunch of money with the automation.


That’s the danger with the size of these things. With 18.5 million customers, they could literally murder a couple dozen a year and it’d be hardly noticeable.


I'm not arguing that the system must not have bugs, really - you are right there. I'm arguing that since everyone knows it does, then the system must provide for that. That is, the institution that we are buying the service from needs to be able to sort things out when it happens. Here we have abundant examples where they have no plan to even notice anything. - And that then they should not be surprised when we are desperate to find a better institution that is not THEM.


Or rather two departments being very good boys: these banks claim to have human reviewers. A first level of automatic flagging (with people running that) and a human review that the flagging deserves debanking (with people doing and running that).


The second, human level is off shore and very tough to get clear with even if nothing was truly wrong. Chase once gave me exactly 7 days around the holidays to present a power of attorney, with no way to escalate or just leave the account frozen a little longer. Since that crew is sitting in the other side of the planet and Christmas is meaningless they didn't care. I survived that episode with them but it gave me the heads up to look around.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: