Oddbean new post about | logout
gunson | 3 months ago (raw) | root | parent | reply | flag +1 
 Hi L0la, great article.  As someone with a bit of familiarity of AML and IDV systems at financial institutions I can assure you that IP addresses and device IDs are already collected and used widely (mainly to attempt to detect fraud rings, although loads of false positives from people who share devices). Banks balance the privacy constraints of GDPR with the stronger demands of their financial regulators (who are indeed influenced by Wolfsberg and FATF).
L0laL33tz | 3 months ago (raw) | root | parent | reply | flag +1 
 Hi, thank you! Afaiu whats novel about their suggested approach is that they propose for this data to be fed into a ML algorithm shared across institutions (and likely jurisdictions) to build a „behavioral map“. Something like Palantir‘s Gotham comes to mind, which has been penalized/ruled unconstitutional in several EU jurisdictions as it recycles data  collected for specific purposes. If you ever want to talk, my DMs are open ;)
Lee | 3 months ago (raw) | root | parent | reply | flag +1 
 There are several companies in the industry pushing a "federated learning" model for transaction monitoring models. I had not heard of incorporating social media data points beyond graphing intra-bank connections. 

I'll check out your article. 

cc: @gunson
Lee | 3 months ago (raw) | root | parent | reply | flag +2 
 yeah... just scanned the article.
thanks for writing it, L0la.
not surprising to me. 

banking customers have to understand that their banker is obligated to surveill customer financial behavior and report anomalous and/or potentially criminal activities. use of ALL internally-available data to accomplish this set of tasks should be expected (to do less would leave the bank open to accusations of negligence).

however, if your bank is monitoring your social media in any way, they've stopped being just a bank. at that point they've essentially become an intelligence agency that offers some banking services on the side. 

I recommend any/every retail and institutional consumer establish no less than three banking relationships at the national, regional, and credit union level. without this redundancy you're essentially trapped if you want to shut down an account based on poor treatment (or if the bank suddenly wants to shut you down).

it may take some effort to establish what I'll call resiliency in your operating accounts. but the effort will be worth it should your bank execute a quick pivot on you, your industry, or your latest social media post. (this resiliency will also serve you well if you bank fails because they foolishly concentrated holdings in Treasuries or Commercial RE loans.)

oh... and buy and self-custody bitcoin, too.
L0laL33tz | 3 months ago (raw) | root | parent | reply | flag 
 That's a really good point. I wonder if the state isn't already effectively outsourcing penal law to financial institutions – since the closure of an account is effectively a penalization, and in the case of AML without due recourse for the consumer – and what laws/legal exceptions would govern the export of government duties to private institutions.
Lee | 3 months ago (raw) | root | parent | reply | flag 
 I'm not a lawyer (not legal advice) but I can guess the BSA has already been challenged on constitutional grounds resulting in a loss for the plaintiffs. again, not a lawyer and can't say for sure.