July 4 revelers in Highland Park, IL, experienced another mass-casualty shooting in America. Stunningly, at this point it’s no longer surprising to see these news alerts. Something has to change.
I wrote here a couple weeks ago that RegTech behavior-monitoring technologies have the potential to warn of impending violence—like school shootings and similar mass-casualty
violence. Too many pundits dismiss the possibility without understanding the technology that helps fight financial crime. And predictably, naysayers pepper their dismissals with references to entertainment products like “Minority Report” and “Person of Interest.”
But these knee-jerk naysayers are missing the difference between metadata and PII, or Personally Identifiable Information.
A huge part of the reason that Regtech-style behavior monitoring provides a more measured and less invasive approach lies in our industry’s deep experience in privacy-protecting approaches to data analysis and behavior monitoring. In our efforts to keep
criminals out of the international banking system, we have gained deep expertise in flagging only Risk-relevant behaviors among floods of data. That expertise in behavior monitoring can be used to flag behavioral predictors of mass shootings—without us becoming
a surveillance state where individuals are targeted and tracked.
The fear I hear when discussing this concept is real and understandable: No one wants to be surveilled. That is why RegTech-supported behavior monitoring might provide a way forward—this approach does not surveil anyone. The monitoring system would not have
any person’s name, address, or anything else that could point to a specific identity.
In fighting financial crimes, we help institutions monitor for very specific behaviors. We are not looking at people; rather, we are looking at the behavior evidenced in the data.
For example, we may look for activity that shows money flowing into one account, then being transferred to a different account, and then 80 percent or more of those funds being transferred out. So, with a massive haystack full of an institution’s financial
transactions, we look for that anonymous behavioral needle that points to possible suspicious transaction/s. At this point--and only at this point--do the authorized bank officers look directly at the identity of the person who engaged in that behavior.
This anonymized monitoring of suspicious behaviors among oceans of data represents the polar opposite of the surveillance-state dystopias described in a lot of recent essays and
reporting. And it is also opposite of the approaches of
quasi-military school-hardening products pushed by a burgeoning field that seeks to impose on schools the strategies of control and monitoring common in prison settings. And neither is it the
facial-recognition and PII-centric behavior monitoring that the Chinese government currently favors.
When pundits and analysts dismiss out of hand any behavior monitoring because of fears of overreach detailed in the linked articles above, they are also dismissing a crucial opportunity to harvest the low-hanging fruit of public metadata—absent PII—that
can flag obvious highly relevant data points that predict a probability of violence.
People who dismiss this kind of metadata monitoring tend to emphasize the extreme potential outcomes of PII-centric monitoring. But they don’t also recognize that there are many tech-assisted monitoring options that are not invasive and that do not lead
to a “Minority Report” society.
This is why RegTech and the behavior-monitoring methods in AML/CFT and financial-crime fighting have such potential. In our industry, we strive to facilitate the easy flow of legal business through the international financial system. We design tech and monitoring
procedures that respect people’s financial privacy and their ability to conduct their legal business privately. Financial institutions and RegTech firms have been working for decades to monitor for high-risk-of-crime behaviors—while also protecting the privacy
related to the legal activities of customers.
Professionals in the field of Governance, Risk, and Compliance (GRC) live and breathe Behavior Monitoring and the risks that unwanted behavior can present. We cannot violate anyone’s privacy; that is a career-ending event for us.
We in GRC think differently from law enforcement, from quasi-military security and surveillance, from metal-detector and camera-surveillance companies, etc. Perhaps it’s time to explore whether thinking differently might be the key to safer schools,
safer parades, safer supermarkets, safer nightclubs, safer concerts, and a safer public.