From Clocks and Clouds VOL. 5 NO. 1
A Statistical Analysis of Privacy Norms and State Compliance with Anti-Money Laundering Regulations
IN THIS ARTICLE
Organized crime and terrorist organizations cannot be battled by force alone; anti-money laundering (AML) techniques have become key tools to trace these individuals through their finances. Every country has an interest in implementing internationally-standardized AML and counter the finance of terrorist (AML/CFT) regulations, yet there are still widely ranging levels of compliance between states. Previously, scholars have tried to explain this variability through political, managerial, bottom-up, and top-down approaches. However, they have all failed to fully recognize the importance of culture in dictating behavior. Through statistical analysis, this paper finds that one cultural factor, a preference for privacy, has a negative correlation with overall AML/CFT compliance. However, the findings reveal the paradox that the very definition of privacy has unintentionally been contorted by privacy watchdog organizations. The false equivalence made between surveillance and record-keeping is detrimental to the public perception of AML/CFT policies and impedes their implementation. This paradox can be further revealed by future qualitative research.
To protect the homeland, the United States security community tracks down serious criminals, intercepts arms shipments, and monitors terrorist training grounds or recruiting hotspots. U.S. officials also engage in less glamorous work, running through hundreds of financial transaction records that have been flagged as suspicious. Although there is no butt-kicking involved, tracking and preventing money-laundering is an important part of national defense. Money laundering makes crime profitable and terrorist financing possible. Both organized crime rings and terrorist groups pose a serious threat to national security because their activities endanger citizen safety and decrease economic stability. Anti-money laundering (AML) policies can allow government agents to track members of a network through the group's finances, and often enable them to deny profit and income to the group members.
In 1989, the G-7 summit in Paris created the Financial Action Task Force (FATF) to address money laundering concerns. In 1990, the FATF published 40 recommendations, known as the FATF 40. The recommendations are specific steps that member states should take to reduce money laundering. They include actions such as the criminalization of money laundering, enforcement of due diligence in the banking sector, and the creation of a system to monitor for and report suspicious transactions. Since 1990, the FATF added more recommendations and expanded its membership from 16 to 36 members. In the years after 9/11, the FATF added 9 more special recommendations to counter the financing of terrorism (CFT).
The list of other international instruments is long and cumbersome, so it will suffice to say that many of the other conventions and bodies are tasked with legally enforcing or evaluating the same recommendations. A list of relevant international agreements is included in the annex. The FATF works closely with the International Monetary Fund (IMF), the World Bank, and MONEYVAL, the group responsible for evaluating non-FATF members of the Council of Europe (FATF.org 2014). The alphabet soup of cooperation has led to the application of a surprisingly consistent evaluation methodology. These evaluations have found that although the recommendations were intended to apply to all countries, and despite the fact that all states have some interest in fighting money laundering, there are widely varying levels of compliance and implementation of AML/CFT policies. In the next section, I will explain the theory behind the varying levels in compliance. Then, I will describe my hypothesis, that a strong culture of privacy is negatively correlated with high compliance. After that, I will walk through the methodology, including the variable definition and specification, that led me to my findings, that this negative correlation does exist. I will end with a discussion of the findings, the implications, and caveats.
Literature Review: Compliance Theory
Non-compliance is a common problem with international law and non-mandatory policies, and many scholars have puzzled over why states would negotiate and sign an agreement and then fail to implement it fully. Scholars thus far have attempted to explain this puzzle using a variety of approaches. The two main schools of thought can be grouped into political or managerial frameworks. Within each group, scholars tend to focus on bottomup (domestic) or top-down (external) factors.
Cooperation theory grew out of a group of scholars who looked at compliance through a game-theoretic perspective, thereby emphasizing strategic structures and top-down factors. These scholars, embodied by the seminal book Cooperation Under Anarchy (Axelrod and Keohane 1986), believe that non-compliance is a state choice, and that those choices are determined by political factors (Mbaye 2009, 65). In Cooperation Under Anarchy, Axelrod and Keohane discuss cooperation and defection in terms of game theory. They treat states as rational, generally unitary actors who make decisions based on mutuality of interests, the shadow of the future, and the number of actors. Axelrod and Keohane discuss how the structure of the game, i.e. whether the situation favors cooperation or collaboration, changes the likelihood of striking a bargain and of complying with it (Axelrod and Keohane 1986).
Criticism of the state-centric aspect of the works came within a few years of publication, but the political perspective remained largely unchallenged. Robert Putnam (1988) preferred a mix of stateand domestic-level analysis; "The politics of many international negotiations can usefully be conceived as two level games" (434). He argues that the state, or group of central decisionmakers, is as heavily influenced by domestic political groups as it is by foreign pressures. However, like Axelrod and Keohane and the strategic structuralists, he studies the political factors of compliance.
Maria Green Cowles, James Caparaso, and Thomas Risse (2001) also emphasize political factors, but use a domestic-centered approach. In Transforming Europe: Europeanization and Domestic, they primarily explore how international institutions affect change at the state level. Of interest to this work is their "goodness of fit" theory of compliance. The closer the terms of an agreement fit a state's current policies or their preferences, the lower amount of adaptational pressure will apply, and the easier compliance grows (7).
The managerial school grew in indirect opposition to the game theorists. Abram Chayes and Antonia Handler Chayes (1993) argue, "compliance problems often do not reflect a deliberate decision to violate an international undertaking on the basis of a calculation of interests" (176). They believe that non-compliance is a function of managerial problems, primarily capacity and ambiguity, not the political problem of intentional defection. Ronald Mitchell (1994) adds that an important way to increase capacity and decrease ambiguity is by developing integrated compliance systems. Compliance increases as the regime succeeds in "increasing transparency, providing for potent and credible sanctions, reducing implementation costs to governments by building on existing infrastructures, and preventing violations rather than merely deterring them" (428). Although Chayes and Chayes recognize that states are not unitary actors (1993, 180), they believe the assumption that they are has theoretical value for their work, and focus on external and state-level, rather than domestic, factors.
In 2011, the IMF published Working Paper 11/177, called "Compliance with the AML/CFT International Standard: Lessons From a Cross-Country Analysis." Concepcion Verdugo Yepes, who prepared the report, criticizes the field, complaining that only a small amount of scholarship looked at domestic, bottom-up factors (2011, 8). A few, such as Knill and Lenschow (2005), look at cultural, institutional, and socioeconomic framework conditions. Yepes investigated all three types of factors econometrically. He admits, "political discourses – the ideas and narratives behind policies and policy change – are set within the broader culture of a country" (Yepes 2011, 9).
The importance of culture has been underestimated. Cultural preferences are sometimes made express in political discourse and decisionmaking, but often they only implicitly affect managerial styles. For example, in the U.S., the American culture of individualism is often reflected in speeches that refer to the importance of "personal responsibility." That rhetoric is reflected in managerial decisions, such as Secretary Eric Shinseki's resignation in the wake of the Veterans Health Administration scandals (Shear 2014).
The intention of this paper is not to contribute to the managerial school's body of work, but I do share the assumption that ambiguity plays a role in cooperation. Furthermore, the cultural context surrounding the interpretation of international law is a critical determinant of compliance.
Although Yepes agrees that culture is important, he only looks at one cultural factor: the degree of ML criminalization, which indirectly measures the cultural acceptance for the practice. Although this is a promising start, he ignores a whole host of other explanations. Other cultural factors that could decrease compliance include a high value on sovereignty, a general distrust of UN/international bodies, an aversion to "snitching," or a preference for strong privacy rights. Within the limited scope of this paper, I chose to investigate the relationship between privacy norms and compliance with AML/CFT policies.
I hypothesized that a country's culture of privacy, with the accompanying dislike of surveillance, negatively affects compliance with AML/CFT regulations. If politicians and bureaucrats highly value individual privacy, they may be skeptical of regulations that require monitoring and reporting of financial information, such as the requirement to implement a system of reporting suspicious transactions. Politicians might resist passing relevant legislation, and bureaucrats may be slow to implement new measures. Although a cultural value cannot easily be measured, a preference for privacy typically translates into stronger legal protections for privacy. This allows us to indirectly compare and rank cultural preferences between countries. This logic led to the following research question and hypotheses.
Q: Does a state's privacy ranking negatively affect its compliance with AML regulations?
I tested one independent variable, AML compliance, and six dependent variables (described under variable definition). First I found the correlation coefficient. For those that were correlated above 50% of the time, I calculated the t-value and p-value of the coefficient to find the significance level.
The data for my independent variable, AML compliance, is from the AML/CFT Compliance Index that Yepes uses in the 2011 IMF study referenced above. The AML/CFT Compliance Index judges seven groupings of recommendations: Legal measures, institutional measures, preventive measures for financial institutions, preventive measures for DNBFPs, preventive measures for the informal sector, entity transparency, and international cooperation. Designated Non-Financial Businesses and Professions (DNBFPs) refer to casinos, real estate agents, dealers in precious stones, lawyers and independent legal professionals, trust and company service providers, and related positions. For more, see footnote 44 in Yepes.
For each recommendation, countries are judged as compliant, largely compliant, partially compliant, and non-compliant. For a select few, the criteria are considered not applicable. Yepes quantified these ratings, designating respective values of 1, 0.66, 0.33, 0, and 1. This led to cumulative scores ranging from 6 to 40.33, within a potential range of 0 to 100. For further information on the specification, see Yepes 2011 pages 14 through 16.
I used six independent variables, the titles and descriptions of which follow. For information on the criteria, source material, and publication date, see table XX in the annex. The description is the author's summary, but the criteria are quoted verbatim from the source material.
Short Title: PRIV
Short Title: MFM PRIV
Short Title: GOV ACCS
Short Title: CON PRIV
Short Title: EU FIN 1
Short Title: EU FIN 2
The first independent variable I chose was PRIV, or the overall privacy ranking, from Privacy International's National Privacy Ranking from 2007. This dataset had the most comprehensive ranking on the largest number of countries that I could find. That being said, as I will discuss later, only 47 countries were assessed. I then examined the components of the overall ranking to find more specific factors. I tested financial surveillance, even though it was lumped with medical and movement surveillance, which means that it is a distorted "specific" gauge. I chose government access to data because it includes access to financial information held by private companies. One can interpret due diligence requirements as a suggestion for a closer relationship between government agencies and these private firms. Finally, I chose constitutional privacy as an indirect measure of the historical-cultural public tolerance for surveillance.
None of these components were dedicated solely to financial surveillance, so I looked at later studies. The report, European Privacy and Human Rights, published in 2010 by Privacy International, followed similar methods to the 2007 ranking, but separated financial information from medical and movement. The scope was limited to EU member states and a few other relevant states because funding for the 2010 report came from a European Commission program. Inexplicably, the report produced two sets of numbers, one scaled from 1 to 10, and the other scaled from 1 to 7. I have requested further information from the authors with no response as of the date of publication.
The total population was limited to the countries that agreed to the FATF agreements and were evaluated for their performance, a total of 161 entities. The population was limited further to those who were included in the 2007 Privacy International report. This left 47 countries. I then controlled for the corruption and income group, since Yepes found that those factors significantly affected compliance. Controlling for a corruption index of 70-100 out of 100 left 19 countries. Out of those, all 19 counted as advanced economies according to a World Bank report in 2007, the same report that Yepes used.
1. The national privacy ranking total is negatively correlated with compliance at the p<0.01 significance level.
We have strong evidence to reject the null hypothesis. The correlation coefficient of the national privacy ranking total and AML/CFT compliance index is -0.530, and the p-value is 0.00975. Even though the correlation is not dramatically above 50%, the statistical significance is very high, since normally a p value under 0.05 would be considered strong evidence to reject the null. In addition, the fact that the correlation is so significant despite a sample size as small as 19 strengthens the rejection.
2. EU Financial Surveillance is negatively correlated with compliance at the p<0.10 level.
EU financial surveillance 1 has a stronger negative correlation with the AML/CFT compliance than PRIV does. EU FIN 1 has a correlation coefficient of -0.580. This makes sense, since this is the most specific metric, and directly refers to the money-laundering regulations. On the other hand, the p-value is only 0.0506, which would not normally be considered significant. However, the sample size is tiny, at only nine countries, which drastically hurts the confidence level. More data would raise the significance, whether it raised or lowered the correlation. The problems with acquiring more data are discussed above, in the methodology, and below, in caveats.
3. All dependent variables are negatively correlated with compliance.
Even though the other variables have low correlation coefficients, they are all negatively correlated with compliance, which suggests that the hypothesis is not wildly off. Instead, we can infer that we would benefit from more refined variables.
The correlation coefficient of EU FIN 2 is -0.417, which borders meaningful association, but is still low. It is puzzling that the more specific rating does not have as strong a correlation, especially since both ratings are from the same European Privacy and Human Rights report from the same year. This is an area for future investigation.
The correlation coefficients of the components of PRIV are all quite low. The largest coefficient is for the medical, financial, and movement metric, at -0.258. This is unsurprising, since the advantage of having a specific financial surveillance rating is outweighed by the presence of two accompanying unrelated measures. The other two are so low as to be meaningless.
4. There is no meaningful relationship between government access to data and compliance.
Government access to data has a correlation coefficient that is even lower, at -0.104. In the context of the assumption that more specific measurements lead to a stronger correlation, this seems surprising. Yet in this case, the wrong details are examined and too much of the rest of the AML sphere is excluded. GOV ACCS only rates government access to and cooperation with the private sector, which is only one part of financial monitoring, not to mention of AML measures more generally. Additionally, this metric does not account for the ways in which a culture of privacy could affect compliance more generally, on a systematic, political level. Instead, GOV ACCS is only indicative of part of the story: the managerial approach to the public/private information-sharing relationship.
5. There is no meaningful relationship between constitutional protection and compliance.
Constitutional protection has the lowest correlation coefficient, at -0.024. Such a small coefficient is essentially meaningless. Given the above complaint that GOV ACCS does not look at the political manifestations of culture, it seems like the rating of constitutional protections of privacy would fill that gap. I will discuss this puzzle in my analysis, but for now it suffices to say that there is no real relationship here.
Before diving into implications, it is important to remember the caveats of these findings. The sample is small and is not random, the data is not contemporary, correlation does not prove causation, and surveillance is an indirect and imperfect measure of privacy.
First, the selected countries do not constitute a random sample out of a population. As I described before, controlling for income and corruption reduced the population drastically and made sampling pointless. This could be addressed by more wide-spread data collection. However, there are only two countries that meet the control requirements that lack data. Hong Kong and Chile are the only entities that met the requirements of corruption and income group but were not evaluated in the 2007 Privacy International report. With a population as small as 19, sampling is impossible. Additionally, the controlled total population of 19 is too small to guarantee a normal distribution. However, the sample size is taken into account when calculating the p-value. I chose to have a smaller, better controlled, population. For the EU-only data set, I realize that a group of 9 is absurdly small for this type of test. However, the results indicate that this is a good area for future study, albeit using a different method that does not depend on a large population.
In addition to sample size, some inconsistencies in the data may be present because of the discrepancy in dates. Many of the reports from which I sourced my metrics are only reproduced every few years, and the FATF evaluations come in rounds that necessarily produce staggered results, since the organization does not have enough resources to simultaneously send teams to each country.
To address this issue, I decided to use data from reports close to the center-point of 2007, instead of choosing the most recent data from each metric. I used the economic ranking that Yepes uses, which is from 2007, even though his work was published in 2011. I drew four of my metrics on privacy (PRIV, MFM PRIV, CON PRIV, GOV ACCS) from the most recent report that had data on a wide range of countries. I used Transparency International's 2007 corruption perception index to limit my sample. Even though there is a more recent ranking, from 2013, the index from 2007 provides a more accurate comparison since my economic ranking and all my privacy rankings are from that year. As further justification, all of the assessments that Yepes relies on are from 2005 through 2010, and fall close to 2007. In this paper, I sacrificed using the most recent information in favor of consistency.
Correlation v. Causation
Although this is a familiar phrase, it is important to remember that correlation does not show causation. I speak of this more in my analysis, but my findings only show a negative relationship, without indicating whether one causes the other or if there are confounding variables that influence them both. My first finding is still important, though, because it clearly shows a negative relationship. This information could inform policy-making decisions but, if this caveat is forgotten, it could also easily be turned into a misleading headline such as "AML Regulations Decrease Citizen Privacy."
Surveillance as an Indirect Measure of Privacy
A lack of surveillance is not equal to the existence of privacy. But the concept of privacy is fuzzy, and measuring the lack of surveillance is the best way to find concrete information, which means this approach is valid. Is the government allowed to listen to phone calls? Do they have to get a warrant first? Adding the second question, on limits, is important because it distinguishes between levels of surveillance that the citizen has accepted or not. These questions are easier than "Do citizens have privacy?" As the authors of the 2007 Privacy International report concede, they make a normative claim that all surveillance is bad, and that even surveillance to which the citizens have agreed to be subjected can sometimes be bad. However, as I will discuss in my analysis, I believe the authors have made a fatal error by not distinguishing enough between accepted and unaccepted forms of surveillance, nor between invasive and noninvasive practices. As I will explain, this created a weakness in my findings that goes beyond a small caveat.
Here I shift to the critical analysis of these findings. Finding 1 is legitimate, despite the caveats. However, finding 5 reveals that there is a disconnect between measurement and reality. In effect, although there is a negative correlation between privacy and AML compliance, it is due to a structural reason based on the logical fallacy that all information gathering is surveillance.
First, I will address the mistake of the authors of the Privacy International report. Then, I will explain how this plays out in my work. Finally, I will show how the lack of a relationship between constitutional protections and compliance demonstrates this paradox.
The fallacy that all information-gathering is surveillance, or spying, continues to be perpetuated because a significant amount of both policymakers and policy-evaluators believe it to be true. These days, it is common to speak of privacy and surveillance as opposing ideas, or a zero-sum game. Therefore, politicians speak of "balancing" privacy and surveillance, just as they speak of finding the right balance between liberty and security. Then, since both surveillance and monitoring are techniques of gathering and storing information, many people feel comfortable equating them. They conclude that monitoring endangers privacy in the same way surveillance does. But monitoring is not the same as surveillance. Monitoring is not invasive; it is similar to counting the number of letters in each mailbox. Surveillance, on the other hand, would be like opening and photocopying every letter.
The authors of the Privacy International report measure privacy as the absence of surveillance. Yet, because of this fallacy, the authors also measure privacy as the absence of monitoring. Since many of the FATF recommendations require monitoring (but not surveillance!), high compliance necessitates high monitoring. The composition of the financial privacy metrics and of the overall privacy rating therefore structurally ensures a negative correlation between privacy and compliance.
The fact that there is no conflict between constitutional ideals of privacy and compliance could mean two things. First, it could mean that countries completely ignore their ideals, and that compliance is powerand interest-based. I reject this explanation because it ignores the complicated, multi-dimensional nature of domestic politics. In addition, although it is not in the scope of this paper to comment on the realist/constructivist debate, such an explanation denies the importance of ideas and norms at any level. More convincingly, the fact that the correlation coefficient is so low shows that there is no real relationship, nor rivalry, between constitutional values of privacy and AML regulations. A constitution indicates the ideology and ideals of the founding political elite, rather than the de facto situation. Yet it does reflect the stated priorities of politicians, and is an important symbol of the attitudes of the people. The only conflict comes from the rhetorical confusion that equates surveillance and monitoring.
There is strong evidence to reject the null hypothesis. There is in fact a negative correlation between privacy and compliance with AML/ CFT measures. However, this is due to a structural feature of the rhetoric of privacy. The definition of privacy used here automatically judges monitoring as invasive surveillance. To get around this paradox, a new approach is needed to study the problem. If, as this research suggests, there is no relationship between constitutional ideals of privacy and AML/CFT compliance, a more qualitative research regime could tease out the details. A discourse analysis of parliamentary speeches on the topic of privacy could give evidence that the perception of surveillance and monitoring is confounded.
Such an analysis could decrease the ambiguity surrounding the role of AML/CFT regulations. With the assumption that ambiguity, rather than intentional defection, is an important factor in cooperation failures, we can predict that compliance will increase. If, as I predict, AML/CFT regulations pose no danger to individual privacy, formal and informal resistance to these measures should decrease.
In this case, compliance should increase even without a substantive change in current regulations. Instead, clarifying ambiguous wording could change domestic interpretations and perhaps make politicians, bureaucrats, and citizens more receptive to implementation at every level. This, in turn, would ensure that fewer criminals and terrorists will be able to launder their ill-gotten gains.
Allison Blauvelt was a student of International Studies. She graduated in May 2014. School of International Service (SIS), American University.
Axelrod, Robert, & Keohane, Robert O. (1986). Achieving cooperation under anarchy: Strategies and institutions. In K. Oye, (ed.), Cooperation Under Anarchy. Princeton, NJ: Princeton University Press.
Chayes, Abram, Chayes, Antonia Chandler (1993). On compliance. International Organization 47: 175-205.
Cowles, Maria Green, Caporaso, James, & Risse, Thomas (2001) (eds). Transforming Europe: Europeanization and domestic change. New York: Cornell Univ. Press.
FATF.org. (2014). FATF Members and Observers. Retrieved from http://www.fatf-gafi.org/pages/aboutus/membersandobservers/.
Knill, C., Lenschow, A. (2005). Compliance, competition, communication: Different approaches of European governance and their impact on national institutions. JCMS: Journal of Common Market Studies 43(3), 583-606.
Mbaye, Heather A.D. (2009). Assessing competing explanations for compliance and noncompliance with European Union policies. Midsouth Political Science Review, 10, 63-82.
Mitchell, Ronald B. (1994). Regime design matters: Intentional oil pollution and treaty compliance. International Organization 48(3): 425-58.
Privacy International. (2007, December 31). Surveillance monitor 2007: International country rankings. Retrieved from https://www.privacyinternational.org/reports/surveillancemonitor2007-international-country-rankings.
Privacy International. (2010). European Privacy and Human Rights. Retrieved from https://www.privacyinternational.org/reports/surveillance-monitor-2011-assessment-ofsurveillanceacross-europe.
Putnam, Robert D. (1998). Diplomacy and domestic politics: The logic of two-level games. International Organization 42: 427-460.
Shear, Michael D., Joachim, David S. (2014, May 30). V.A. Chief Eric Shinseki, set to meet Obama, apologizes for ‘systemic' crisis. The New York Times. Retrieved from http://www.nytimes.com/2014/05/31/us/politics/va-chief-eric-shinseki.html?_r=0.
Yepes, Concepcion Verdugo. (2011). Compliance with the AML/CFT international standard: Lessons from a cross-country analysis. Working Paper 11/177. International Monetary Fund.
AML International Agreements
Council of Europe. (1980, June 27). Recommendation on measures against the transfer and safekeeping of funds of criminal origin.
Council of Europe. (1990, November 8). Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime (ETS 141).
Council of Europe. (2005, May 16). Convention on Laundering, Search, Seizure and Confiscation of the Proceeds from Crime and on the Financing of Terrorism (CETS 198).
European Union. (1991, June 10). Council Directive 91/308/EEC on the Prevention of the Use of the Financial System for the Purpose of Money Laundering.
European Union. (2005, October 26). Directive 2005/60/EC on the prevention of the use of the financial system for the purpose of money laundering and terrorist financing. Amended in 2008.
Financial Action Task Force. (1990, April 1). International Standards on Combating Money Laundering and the Financing of Terrorism & Proliferation. Revised in 1996, 2001, 2004, and 2012.
United Nations. (1988, December 29). Convention against Illicit Traffic in Narcotic Drugs and Psychotropic Substances.
United Nations. (1999, November 15). Convention against Transnational Organized Crime.
United Nations. (1999, December 9). Convention for the Suppression of the Financing of Terrorism
United Nations. (2001, September 28). UNSC Resolution 1373, requiring criminalization of terrorism-related activities.
United Nations. (2003, October 31). Convention on Corruption.
United Nations Department of Public Information, "Former Yugoslavia UNPROFOR." Last modified 1996. Accessed November 7, 2012. http://www.U.N..org/Depts/DPKO/Missions/unprof_b.htm.