European banks in the fight against money-laundering and terrorist financing : transaction monitoring system as a security device

(1)

European Banks in the Fight Against

Money-Laundering and Terrorist Financing

Transaction Monitoring System as a Security Device

Name: Evelina Baubonytė Student number: 12294888

Thesis supervisor: Dr. Rocco Bellanova Second reader: Dr. Carola Westermeier Date: June 21, 2019

Word count: 22,915

MSc Political Science (Political Economy)

(2)

List of Abbreviations

ACAMS Association of Certified Anti-Money Laundering Specialists AML Anti-Money Laundering

CSS Critical Security Studies CTF Counter-Terrorism Financing FAFT Financial Action Task Force FI Financial Institution

FIU Financial Intelligence Unit

ML Money Laundering

MSB Money Service Business NPO Non-Profit Organization PEP Politically Exposed Person

RA Risk-Assessment

RBA Risk-Based Approach TF Terrorism Financing

(3)

Table of Figures

Figure 1 Expectations of spending related to transaction monitoring for the financial year of 2019 ... 31 Figure 2 Average distribution of investigators by function performed ... 33 Figure 3 Four steps towards the implementation of a risk-based approach... 42

(4)

Chapter 1. INTRODUCTION

“Europe’s biggest banks fined for money laundering”, “European banks in money laundering scandals”, “Huge pools of dirty money are Europe’s worst-kept banking secret”. (The Week, 2018; Transparency International, 2019; Bloomberg, 2019). These are just a few examples of media headlines which depict the struggles that European banks were facing in the past few years. Numerous scandals have echoed throughout the European Union and its member states indicating various instances of wide-scale misconduct relating to the prevention of money laundering(ML) and terrorist financing(TF) in the banking sector. It has caused not only public outrage, but it has also raised concerns about the way banks conduct their business and address risks related to ML and TF. The inability of the banking sector to fulfill its duties comes in contrast with the notion that a financial institution is responsible for safeguarding and preventing financial markets from misuse.

The widely acknowledged presumption that a financial institution must play the role of a security actor in the fight against money laundering and terrorist financing has become prominent after 9/11, notably with the introduction of the so-called Bush doctrine (Grant and Barker, 2009). The doctrine promoted the idea that a proactive and preemptive approach to security must take place in order to tackle immediate or perceived future threats. As the then president of the United States (US), George W. Bush, put it, “[i]f we wait for threats to fully materialize, we will have waited too long” (New York Times, 2002). The preemptive approach to security thus not only helped to justify the intervention in Iraq, but it also strengthened sovereign power by incorporating and expanding security practices outside and beyond the state itself (De Goede, 2008). The financial sector was at the cornerstone of this approach simply because money was seen as blood flow of terrorism (De Goede, 2012). Later, the same assumption was applied to international organized crime.

As a consequence, a proactive approach to security practices indicated a newly formed nexus between security and finance (Biersteker and Eckertt, 2007). It gave impetus for governments across the world to shift security responsibilities and ascribe authority to new actors within the financial sector who in turn possess enormous amounts of customers’ information concerning their financial activity. (De Goede, 2008). In alignment with these changes, the financial sector has developed sophisticated and advanced means and methods in order to combat illicit activity and mitigate possible risks.

(7)

1.1. Research Question

With regards to the EU, the aforementioned fines that were imposed on European banks indicate that the responsibilities to protect and prevent the financial system from illicit financial crime are not being addressed appropriately. With the recent introduction of 5th EU Anti-Money Laundering Directive (European Commission, 2018a), this research invites a redirection of focus towards the way the banking sector deals with risks related to money laundering and terrorism financing. The contrast between the inadequate ability to safeguard the financial system from illicit crime and the security responsibilities that are shifted to the banking sector in the European Union indicates a problem, which this research aims to addresses.

The problem points to the greater attention that must be given to the daily security practices of the banking sector in their fight against illegal financial crime. According to the EU’s regulation, banks must be responsible for building and maintaining a comprehensive approach to risks related to ML and TF (European Commission, 2018b). At the core of this approach is the requirement to monitor all the financial transactions that a bank’s customers are involved in (European Commission, 2018a). In order to capture, detect and prevent activity associated with ML and TF, banks are using transaction monitoring systems (TMS) which enable them to store and analyze financial data. The transaction monitoring system, in turn, serves as a device which allows a bank to assess financial activity under the selective and specific criteria of suspicion. The practical question of how this device is used and how it contributes to the production of (in)security in the banking sector has not yet been raised. Looking at how banks are using the transaction monitoring system allow us to explore the limitations and constraints on the ability of financial institutions to fight against ML and TF. It can also depict the various ways of how the security role that banks have taken affects the financial system and individual security of its members. Moreover, it can open a pathway to question the contestations surrounding the profit-seeking nature of a financial institution and its responsibility to cater for security matters. These assumptions are made reflecting on the growing academic attention given to the technology and its relevance in the context of security practice (Bigo, 2014; Lyon, 2001). According to Amicelle et al., discussing technology and its use extends international and security studies on materiality, by focusing on a wider array of instrumentation and technological equipment through which security is practiced (2015).

(8)

This research takes into the consideration the growing attention on technology in the production of security and puts the transaction monitoring system at the center of the analysis by calling it a security device. Therefore, the study raises the following question:

• How does the transaction monitoring system contribute to the provision of (in)security within the banking sector of the EU and what challenges does it raise?

In order to assess the question, the research applies the security practice theory introduced by Amicelle et al. (2015). The security practice theory puts emphasis on the technological device and the implications it has on the production of (in)security. In turn, the research presents several sub-questions which helps to assess the main research question. The sub-questions are designed to reflect on the security practice formula and the three variables that it contains: “security practices= actors’ social disposition + socio-technical characteristics of devices + context” (Amicelle et al., 2015, p. 302). Therefore, the sub-questions are as follows:

• What is the context of the transaction monitoring system(device)?

• What are the socio-technical characteristics of the transaction monitoring system? • What is the social disposition of its user?

1.2. Academic Relevance

The research aims to fill the gap and contributes to the academic literature on the finance and security nexus by shifting the focus to the private banking sector and its involvement in security practices in the European Union. Moreover, it contributes to the growing literature on the technological device identified and its implications to the production of (in)security.

Scholarly work has widely addressed the underpinnings of the nexus between security and finance. Boy et al. (2011) show that the relation can be traced back to the modern form of government and especially became visible in the light of the financial crisis and the global war on terror. Others point out that finance and security assemblages can be universally applicable to all other social spheres (Martin, 2002). Bailes (2004), explains how the awareness of new transnational risks imposed by new non-state actors motivated the new security agenda to put businesses to the center of security policy. Moreover, Boy et al. (2011) indicate that although risks in the finance sector are mainly being linked to calculable uncertainty, when it comes to the assemblage of security and finance, uncertainty becomes increasingly incalculable. In turn, finance and security assemblages imply that unpredictability can be evaluated by looking at the intentions of others (Bernstein, 1996).

(9)

In the light of this uncertainty and incalculability, scholars have shifted their attention towards exploring the ways in which this incalculable uncertainty is being managed. By analyzing the methods and approaches of states in the aim to incorporate the financial sector in the provision of security, authors emphasize the techniques of pre-emption and precaution (see, for example, De Goede, 2008; Aradau and Van Muster, 2007). According to Bailes (2004), terrorist attacks and 9/11 in particular, in parallel with processes of globalization that enormously increased the speed of financial exchange, gave impetus to a pre-emptive approach to security. The pre-emptive approach is acknowledged as a means to cope with the uncertainty and incalculability of possible future risks. De Goede (2012) argues that pre-emption operates within the limits of knowledge and uncertainty by acting on suspicion and worst-case scenarios. In turn, the financial sector, in particular, becomes a key player, following the notion that money tracing can help to disentangle complex networks of criminals, stop the illicit activity and block possible threats before they materialize.

But, according to Aradau et al. (2008), security-conscious management based on the identification of risks and pre-emptive approach which points to the exclusion of different segments of the population, encountered little criticism. In turn, scholars are addressing the underpinnings of financial surveillance practices by looking at what constitutes normal and abnormal behavior. The scholarly attention is also given to the contestations between the profit-seeking nature and security responsibilities that are imposed on the financial sector (Vleck, 2018). Therefore, it is evident that the costs of maintaining security responsibilities are too high because certain risks cannot be simply evaluated. It leads to the practice of exclusion of individuals from access to financial services. In other words, certain customers are too risky to have a business relationship with.

Nonetheless, the literature on financial surveillance points out to the security-related information and how it is circulated (Amicelle & Chaudieu, 2018). It is argued, that international cooperation in financial surveillance lacks coherence, due to the fact that national agencies employ different approaches and strategies towards risk- management (ibid). Work has also been done on the ways financial information in the financial sector is used. De Goede (2018, p. 40) shows how the financial data is “carved off, reported, shared, and combined, to enable security interventions”.

Although the importance of financial surveillance is widely acknowledged (e.g. Amicelle 2011; Amoore & De Goede 2008), it lacks deeper empirical knowledge (Amicelle and Favarel-Garrigues, 2012). Thus, the contribution of this research is threefold. First, it adds

(10)

the banking sector within the European Union. Second, by analyzing the transaction monitoring system through the lens of a security device, the research contributes to the growing literature on technology and its implications to the production of (in)security. Lastly, the methodological contribution is made by showing how the research methods used can be applied to the analysis of other technological devices in different spheres of inquiry.

1.3. Structure of the Research

The research is divided into six chapters. The first chapter sets the stage by introducing the focus of this study, the problem it aims to address and the academic gap that it intends to fill in. The second chapter explains the theoretical framework of this study. It also points out to where the security practice theory is positioned within a broader field of critical security studies. Moreover, the theoretical framework shows the main aspects on which this research is focused and gives an explanation of how the transaction monitoring system serves the purpose of a security device. Emphasizing the importance of the daily practices for the production of (in)security, the third chapter explains and justifies the research design and methods that will be used. The fourth, fifth and sixth chapters are the actual analysis of this research. Each analytical chapter depicts and explores the transaction monitoring system and its use according to three variables of the security practice formula (Amicelle et al. 2015). For that, the fourth chapter addresses the context in which the transaction monitoring system is enacted. The fifth chapter analyses the socio-technical characteristics of the transaction monitoring system, and the sixth chapter elaborates on the social disposition of its user. Each analytical section is presented in a way that would highlight the biggest contestations surrounding the finance and security nexus in the banking sector within the EU.

(11)

Chapter 2. THEORETICAL FRAMEWORK

2.0. Introduction

The purpose of this chapter is to present and discuss the theoretical framework of this study. The thesis adopts the security practice theory as proposed by Anthony Amicelle, Claudia Aradau and Julien Jeandesboz (2015). By using elements of this theory, the research focus is directed towards three core aspects of a security device - performativity, agency and resistance. The security practice theory can be seen as a theoretical approach comprised of different perspectives on critical security studies to provide a framework for analyzing security practices through devices.

This chapter is divided into four parts. The aim of each part is to offer a deeper understanding of how the security practice theory can be applied to this particular research. Firstly, it will show where the so-called practice turn is positioned within a broader spectrum of Critical Security Studies (CSS). Secondly, it will provide a more detailed account of concepts of performativity, agency and resistance, the key elements upon which the research will focus on. Lastly, it gives an explanation and justification of the applicability of the chosen theoretical framework by using the security practice formula introduced by Amicelle et al. (2015).

2.1. Critical Security Studies

Critical security studies, as a sub-discipline of security studies, was formed as a consequence of drastic changes in global governance after the end of the Cold War. Traditional approaches were seen as not sufficient anymore to explain international processes, thus the state was no longer taken as a primary referent object (Waltz, 1979). CSS enriched International Relations theories in two ways, by deepening and broadening the discipline. First, critical theorists emphasized the importance of moving away from a rather narrow focus on state and its military capabilities to other sectors and issues related to environmental, economic, political or societal spheres (McDonald, 2008; Buzan et al., 1998). Furthermore, in contrast to traditionalist views, critical security scholars argue that (in)security cannot be simply calculated by measuring states’ military strength, thus the threats to security cannot be seen as something that is given (Wendt, 1999). Instead, they suggest that security manifests itself through inter-subjective interaction (ibid.). In other words, security must be seen as a social construct, which materializes through interactions between different processes and actors. As a consequence, critical security scholars put emphasis on the importance of norms, ideas, and identities, contrary to material aspects (Katzenstein, 1996).

(12)

In conclusion, critical security studies incorporate other units of analysis and provide a way to look at different approaches to how we can study security. The security practice theory of Amicelle et al. (2015) falls into the field of critical security studies by rejecting the notion of the state being the main unit of analysis, and by also showing that the production of (in)security can be a result of human interaction (Butler, 2010). The next section provides a detailed explanation of the practice turn that is at the core of security practice theory.

2.2. The Practice Turn

Broadly speaking, the practice turn in international relations invites us to reconsider the applicability of traditional theoretical approaches to international security by deepening and broadening the discipline of international relations (Adler & Pouliot, 2011). Developments in global security governance thus reconceptualized the conventional approaches to IR and opened new ways to analyze international relations.

For Bourdieu (1977), practice is explained by referring to the social context in which different actors operate. The social context, or – in the authors' words- the field, is comprised of power relations and constant struggles between different actors. The power relations and struggles are to be conceived as a product of differing objective and subjective structures (habitus) that individuals may uphold. These subjective and objective structures, in turn, are accompanied by cultural, economic or social capital that individuals aim to accumulate (capital) (Pouliot & Mérand, 2013, p. 36). All of this can be simplified using Bourdieu’s formula were “practice = [(habitus)(capital) + field]” (1979).

Building on Bourdieu’s formulation of the principles of practice theory (Bourdieu, 1977), a wide spectrum of scholars from different subjects other than Political Science explored the practice turn (Schatzki et al., 2001; Adler and Pouliot, 2011; Latour, 2005). Although practice turn scholarship is broad, most of the academic thinkers tend to agree on several key aspects: they take practice as the smallest unit of analysis, stressing that politics happens on the ground through practices in daily life, they put physical movements, the handling of artefacts, and practical knowledge in the center of the study and they focus on the performance of shared practices and how these practices produce social order (Bueger, 2017).

(13)

2.3. Security Devices and Socio-technical Characteristics

Pierre Bourdieu’s sociological model introduced above largely inspired and influenced the security practice theory proposed by Amicelle et al. (2015). Here the authors put security devices at the core of the analysis. By putting emphasis on security devices, they invite scholars to switch their focus to technology by arguing that security devices are not autonomous, therefore more philosophical importance must be given (Amicelle et al. 2015). Although the theory lacks an explicit definition of what a security device is, the recognition that an object has a purpose and an effect constitutes a brief description of it (Amicelle et al. 2015, p. 294). Furthermore, they use examples of a body scanner, a drone or documents so to give a broader understanding of what they call a security device. Linking the notion to this particular research, the study considers the transaction monitoring system to be a security device which clearly has a purpose to produce security.

Nonetheless, by focusing on what they propose to call security devices they suggest examining the configurations and reconfigurations of security practices while using the practice as a primary unit of analysis. The so-called analytics of devices puts focus on the object, purpose and effect, which consequently enables us to analyze issues of agency, appropriation and resistance. In other words, authors are putting emphasis on security devices and the impact that they have on the production of social order.

Their approach is also inspired by a Foucauldian understanding of technology as a means or method used to govern human beings (Behrent, 2013). Amicelle et al. (2015) argue that devices cannot be neutral and must be seen as techniques that are embedded in social practices and thus are reflections of socially perceived norms, values, and imaginations. A certain technological security device also entails different problems concerning implementation, the actual usage, and its limitations. The socio-technical characteristics that a device possesses determine its performative capacity and shape the impact on the population that the device is aiming to target. A security device inevitably comes with its own methods and means of operation, certain techniques which by itself can be a cause of political tensions or a reason for it. This is implicit to the security practice theory since Amicelle et al. (2015, p. 294) argue that more attention must be given to the political effects and performativity of security devices.

This is critical in understanding the capability of a given device, meaning that the socio-technical characteristics that it possesses enable us to look two ways, either backward or forwards. By looking backward, we are capable of exploring the social, cultural or economic

(14)

come to existence. Thus, it can provide the ground for understanding how imagination and anticipation of possible future threats can become visible through the enactment of technological or other types of devices. Secondly, devices can be a reflection of the political economy of security, which redraws the boundaries between what constitutes normal and abnormal and helps to categorize population by selecting what is perceived as good while trying to eliminate what is perceived as bad (ibid.). It also provides a lens through which we can look forward by analyzing the impact that a certain security device has on different segments of a population or how it produces (in)security.

Relating to the focus of this particular research, transaction monitoring can be seen as a system of technological security devices, which provides the tools and means to trace the activities of a certain population, in this case, the customers. The performativity of these devices thus shapes and affects the final outcome – the capacity to capture and prevent illegal activity.

The purpose of the transaction monitoring system also goes beyond safeguarding its customers to making sure that financial markets are being preserved, which inevitably affects the political economy of a society. Thus, understanding the process of transaction monitoring is to understand its technical and social characteristics. Only then can this research draw conclusions concerning the problems that arise in the process and how it limits the capacity to produce security. Looking at how many banks are recently under thorough investigation regarding misconduct and inability to capture illegal financial flows, makes one question the capabilities of these systems and what hinders its effectiveness (Reuters, 2019).

2.4. Social Disposition and Agency

It is important to take into account the aspect of agency while analyzing security practices through devices. For Amicelle et al. (2015), security devices with their socio-technical characteristics are subordinate to its user. According to the authors, “the internal characteristics (technical, logical, and cognitive) of devices both constrain and enable the action of the users” (Amicelle et al., 2015, p. 294). The actors’ position in relation to a given device entails the formers relation to it, its social disposition. Amicelle et al. (2015) argue that security devices per se do not just represent a pre-existing and socially constructed reality alone. This means that the agency which often accompanies the use of security device plays a role in the ongoing process of (in)security production. Borrowing from Foucault (2000, p. 300), the interlinkage between security devices and agency can be understood as a disposition of certain tools or instruments that enables individuals to limit freedom of others and determine and control them. Nonetheless, an actors’ social disposition also entails its own social, cultural or economic

(15)

capital that it holds. Thus, knowledge about a given security device, how and to what purpose it is used, plays an important role in the security practice. The saying do not let it fall into the wrong hands accounts for how critical it is to understand the social disposition that a certain user has over a given device, i.e. if used incorrectly, or without certain knowledge, the device itself can produce an outcome that was not expected or anticipated in the first place. Thus, the scope of competence, knowledge, and users’ own authentic experience must contribute and adhere to the purpose of the device.

Here the theoretical aspect of agency is intrinsic to the practices of transaction monitoring. The systems designed to combat threats related to ML and TF alone cannot simply full-fill the purpose of the devices that are in place. This implies, that the system must be accompanied by its users, the ones who have in their capacity the ability to govern it. Nonetheless, the individual user may also possess a certain and authentic understanding of reality and social order, which also can influence the way that a security device is used. Consequently, the way an individual uses a certain device according to his own understanding of what is normal and abnormal has an impact on the output that will be produced. The users thus are the specialists who, while compelled to certain responsibilities and rules, are obligated to use these devices in a way that would suit its purpose. This requires knowledge, a high understanding of how the security devices work and what they aim to target. Hence, in the absence of the latter, the process of transaction monitoring can be ineffective and produce more harm than good.

2.5. Context and Resilience

Lastly, the security practice cannot be examined without looking into the context in which a certain device is put. The context thus gives an understanding of the purpose and intention of a given device and enables us to address aspects of resilience, appropriation, and reliability. A security practice is inherent in contestation and tangled into a web of past experiences, which guides the future use of a security device (Bourdieu, cited in Pouliot & Mérand, 2013). In other words, different social, cultural or economic factors have an influence over a security device and its use. Social norms, rules, legislation, or a particular perception of a security threat in society can impact security practice and consequently shape its effect. Without understanding the context, one cannot simply examine security practice.

For this particular research, the context in which security devices are enacted plays a significant role. Devices designed to monitor transactions in order to prevent, detect or deter

(16)

provides a guide through which the anticipated outcome must be reached. Here it is important to look at the European Union Anti-money-laundering framework to get an understanding of what the purpose of transaction monitoring systems is, what these devices anticipate to target, and what effect is expected to be produced. The private banking sector thus becomes an interesting case to examine since resilience plays a significant role. It means, that in general, the aim of a financial institution is to seek profit by selling goods or providing services. Bearing in mind that transaction monitoring practices presuppose a certain type of financial surveillance, it goes beyond the profit-seeking nature of a bank. In this sense, the contestation materializes in a form of resilience that financial institution must sustain in order to maintain the profit, while at the same time addressing the responsibility to detect, deter and prevent illegal activity. Thus, without the context, one cannot examine the capacity of the transaction monitoring system and the challenges that come along the way.

2.6. The Security Practice Formula

Analytics of security devices provides a lens of how we can analyze security practices through devices putting emphasis on actors, security devices and context. The analytics of devices entails a different articulation of performativity, agency, and resilience by focusing on mediation rather than objects or individuals (Amicelle et al., 2015). Following this, the authors propose a formula to study security, whereas security practices are equal to socio-technical characteristics of a given device plus actors’ social disposition and the context. In Amicelle et al. (2015, p. 302) this formula is presented as follows:

“Security practice = socio-technical characteristics of device + actors’ social disposition + context”

Using the concept of analytics of security devices is suitable for this research for several reasons. First, it enables us to look at how (in)securities are being produced through everyday practices and what challenges can arise in the process. Devices used in compliance departments of financial institutions come with a pre-existing and socially constructed understanding of what constitutes a possible security threat. Second, individuals that conduct monitoring not only follow rules but have different levels of knowledge and different personal perceptions of a threat or a risk. Lastly, the context in which AML system and certain devices are enacted also shapes the final outcome that these devices must produce.

Following the before-mentioned formula, this research will focus on the EU’s legal framework on anti-money laundering and counterterrorist financing by examining the

(17)

responsibilities of financial institutions, the rules they must follow and the target objective of the transaction monitoring system. This will give a broader understanding of where financial institutions, particularly banks, are positioned in light of fighting illegal activity. It will also help to highlight the contestations between profit-seeking and the costs of maintaining security responsibilities, in this case – transaction monitoring. This is important because it can raise a lot of challenges and shape the capacity of the systems in place. For example, as Amicelle et al. (2015, p. 301) argue, “the daily use of financial surveillance devices in the banking industry illustrates the prioritization of legal and reputational protection rather than the internalization of policing aims”.

After examining the context, the research will further move to the socio-technical characteristics of transaction monitoring devices. Looking at the socio-technical characteristics of transaction monitoring systems enables us to examine several aspects. Reflecting on the context, socio-technical characteristics let us analyze the tools and methods used to monitor transactions. Here, it is important to look at how the system is able to pursue the objective to combat money laundering and terrorist financing. According to Amicelle et al. (2015), analyzing technical, logical or cognitive characteristics can lead to the understanding of what constraints or enables the actions to reach the desired outcome. With respect to regulatory requirements, banks have translated them into a complex set of risk-management measures that are embedded in the transaction monitoring devices (Favarel- Garrigues et al. 2011). The risk- assessment measures, in turn, make it possible to process a particular financial transaction using certain data-mining tools and techniques (Canhoto and Backhouse, 2007). This consequently means that it is important to look at what data these devices use and how it is processed in order to trace the illegal activity related to Money Laundering or Terrorist Financing.

Lastly, the social disposition of an actor will be addressed. Following the theoretical considerations, the actor’s, in this case, specialists’ relation to transaction monitoring devices will be taken into account. In this sense, the relationship can be examined by looking at the scope of input a certain specialist is permitted to produce while conducting transaction monitoring. And additionally, what knowledge a specialist must have in his possession to be able to detect, deter or prevent illegal activity.

2.7. Conclusion

This chapter has presented and explained the theoretical framework that this study follows. The research focuses on security practice theory introduced by Amicelle et al (2015).

(18)

Consequently, the chapter was divided into four sections, each giving a thorough understanding of the field in which the theory positions itself.

First, the broader field of critical security studies was presented in order to show that security practice theory follows a similar understanding of what is at the center of analysis. This section has argued that security practice theory is similar to critical security studies by means of switching its focus from states as the primary unit of analysis. As for critical security studies, security practice theory also takes into account the importance of human interactions and how it shapes and produces (in)security.

Secondly, following the importance of human interaction, practice turn was explained. This section has argued that security practice theory is based on understanding that politics happens on the ground through practices in daily life. Nonetheless, security practice must be seen as an outcome of the performance of shared practices. These shared practices, in turn, are shaped by differing subjective and objective structures that different individuals possess. Thus, the latter is a reflection of physical movements, the handling of artifacts or practical knowledge. All of this is also accompanied by cultural, economic or social capital that individuals possess or aim to accumulate.

Third, the study gave an explanation of the security practice theory and description of what they call a security device. In this section, the main aspects upon which the theory is built were also introduced. It argued that the transaction monitoring system can be seen as a set of technological security devices enacted for the purpose to produce (in)security. Furthermore, it also showed that security devices are not neutral or autonomous and they do have an impact on the production of social order. Consequently, the main aspects that must be taken into account while analyzing security practices through devices were explained. This included socio-technical characteristics of a device, social disposition of an actor which is using the device, and the context. This is implicit to the focus of this particular research, meaning that in order to understand how the decision about suspicion is made it is important to take all three aspects into account.

The last section of this chapter provided an explanation of how three before-mentioned aspects will be addressed while analyzing transaction monitoring devices. For this, the formula presented by Amicelle et al. (2015) was used. It argued that in order to understand a security practice through transaction monitoring devices it is important to first look at the context in which these devices are operating. Meaning that the EU framework on AML and TF must be addressed. Furthermore, socio-technical characteristics imply to look at the technicalities of transaction monitoring devices - tools and methods used in order to monitor transactions. This

(19)

will provide an understanding of what constraints or enables the actions to reach the objective of these devices (Amicelle et al.. 2015). Lastly, social disposition of an actor who uses transaction monitoring devices must also be taken into account. Meaning, that the users’ relation to transaction monitoring devices must be analyzed through aspects such as knowledge and the scope of input a user is responsible to put while using the device.

(20)

Chapter 3. RESEARCH METHODOLOGY

The aim of this chapter is to present the research methodology with an elaborated step-by-step explanation of how the research question is addressed. The first section explains the reasoning behind the choice of a qualitative approach which, as argued, is more suitable in dealing with theoretical and philosophical views (Maxwell, 2009). Second, it gives an explanation for the choice of a case study of the banking sector within the European Union. It argues that a case study as a methodological approach is suitable for this research because it allows making observations and more in-depth analysis of the topic upon which this research resides. In addition, the strengths and limitations of a case study are also specified. Third, the research methods are defined. It argues that document analysis combined with semi-structured interviews is the most suitable choice for this research.

3.1. Qualitative Approach

To assess the question in full depth, the research follows the logic of the qualitative approach. The qualitative research design entails a holistic, descriptive approach to the social or cultural event or phenomenon (Mason, 2002). Qualitative research portrays an interpretivist view on how the object of interest is produced, experienced or constituted (ibid.) The interpretivist epistemology aims to understand the world through interpretations of individuals and the interactions between them (Bryman, 2012). On the contrary to quantitative research, a qualitative study does not aim to test hypothesis or theories (Bryman, 2012), nor does it require a strict conceptualization of research design (Maxwell, 2009). In qualitative research, importance is given to the context of the object of interest and circumstances that shape particular events, actions or meanings (ibid). A qualitative study enables the researcher to seek answers as to why and how a specific event, phenomenon or object operates the way it does in a given context (Yin, 2014). With regards to the objective of this research, a qualitative approach is suitable because it allows us to explore the security practice through the device and gives a thorough understanding of the process of security production. In qualitative research, numerous different designs can be applied. But to gain a more detailed and in-depth understanding of the security practice through the transaction monitoring device, a case study as a research design is selected. The next section provides a thorough explanation of this choice.

(21)

3.2. Case Study

The research follows a case study research design, which entails an in-depth analysis of a single case and the complex nature of it (Yin, 2014). The reason behind this choice is that a case study helps to address how and why questions when analyzing a social process, event or particular organization (ibid). Using a case study allows the research to make observations and provide a detailed description of the case at hand (Gerring, 2007). This research focuses on the banking sector in the European Union. It uses the banking sector as a case because it falls under the AML/CTF regulatory framework which is imposed by the EU and is applicable to all member states. This implies that all European banks are operating under the same requirements and guidelines. Thus, although the practices vary significantly, the banking sector must address and comply with the regulation notwithstanding the approach chosen. At the core of the case is the transaction monitoring system which this research calls a security device. The transaction monitoring system serves as an independent variable. Analyzing the transaction monitoring system and the way it is used allows us to observe the influence and effect it has on the banking sector in the European Union and how it performs security. The choice of a case study as a methodological approach becomes clear because the research is observational by nature. In turn, it allows to generate hypothesis reflecting on the observations.

The case study as a methodological approach has its own limitations concerning generalizability (Campbell and Stanley, 1966). It is stated that information gathered about a single case makes it hard to generalize the findings and apply them to the broader segments of the population. However, this assumption cannot be fully applicable to this particular research because of several reasons. First, the research does not aim to make generalizations, it rather aims to highlight the possible implications to the production of security and contestations surrounding the process of the transaction monitoring. It aims to shed light on the daily transaction monitoring practices by showing how the decision, whether a transaction is suspicious or not, is made. It also tries to unravel the challenges and limitations that daily transaction monitoring can raise. The study then allows questioning the compatibility of devices and knowledge that is required in order to combat Money-Laundering and Terrorism-Financing. It confronts the contestations between the normative and practical side of transaction monitoring in the financial sector. The objective of this research is to emphasize the conditions and circumstances through which the transaction monitoring system is able to play the role of a security device. Simply, because of the fact that the regulatory framework of AML/CTF is applicable to all the member states in the EU, the findings to some degree can be applicable to

(22)

Nonetheless, the generalizability must be rather seen through the choice of the theoretical framework which this research applies. The study tries to show that the security practice theory proposed by Amicelle et al. (2015) can be applicable while analyzing different reporting entities, for example, money payment services, insurance firms, gaming industry, just to name a few. It unquestionably invites scholars to contribute to the field of financial surveillance by applying the same methodology to analyze different companies or sectors. Secondly, highlighting the issues and challenges that process of transaction monitoring raise, gives a good starting point to question the European Anti-Money- Laundering and Terrorist Financing framework and its effectiveness. The next section presents the methods chosen for this research.

3.3. Document Analysis

As one of the qualitative research methods, the study uses document analysis. First, document analysis puts emphasis on documents and related policy reports. Relevant documents inform the research about the context, socio-technical characteristics of the transaction monitoring system and social disposition of its user. It provides the study with a starting point on which the before-mentioned aspects can be questioned. For this purpose, document analysis mainly consists of policy reports provided by The Financial Action Task Force (FATF) and are fully accessible online via the organization’s publication repository. The publications published by this organization concern the guidelines and policy development initiatives in the fight against money laundering and terrorist financing. FATF is an inter-governmental organization authorized and mandated to monitor and provide assistance to its member states in order to improve the effectiveness of response to risks related to ML and TF (FATF, 2019).

Furthermore, the study focuses on publications provided by Association of Certified Anti-Money-Laundering Specialists (ACAMS) that can also be accessed online through their website. Policy reports published by this organization emphasize different reporting entities, but mainly banks. As for the ACAMS publications, the research will focus on the white papers. A white paper is acknowledged as an authoritative, in-depth report on a particular topic with the aim to present a problem and provide solutions to it. The study regards this material as essential in order to address the research question. In the analysis section, these reports are referred to by providing a date and the abbreviation of an association. Some of the reports were published in the same year, in this case, the reference distinguishes these reports by adding a letter to the given year. For example, if several reports were published in the same year they are separated as follows: (ACAMS, 2019a); and (ACAMS, 2019b).

(23)

In addition, the research occasionally uses statistical data to make the argumentation more explicit. Statistical data were taken from LexisNexis, the United Nations Office on Drugs and Crime and major consulting firms that publish annual reports and surveys concerning AML/CTF operations in the financial sector, such as Ernst&Young, Fenergo. When referencing the sources used, the same method as for ACAMS publications will be used.

Overall, the main aim of the document analysis is threefold. First, the publications used inform the study about the context in which the transaction monitoring system is enacted. Second, it helps to understand what kind of socio-technical characteristics the transaction monitoring system has. Third, the characteristics also inform about the social disposition of the user of the security device and his relation to it. Taken together, the document analysis assists in understanding how and in what ways the transaction monitoring system produces (in)security and what challenge the process raises. The document analysis is conducted following the hermeneutic approach which allows to emphasize the view of the author and provides space to elaborate her own argumentation (Gadamer, 1985).

3.4. Semi-structured Interviews

The security practice theory (Amicelle et al, 2015) which this research employs is built as a continuation of the practice turn in critical security studies, whereas the practice is taken as the primary unit of analysis (Bueger, 2017). As mentioned in the third chapter, the practice theory also puts emphasis on the presumption that politics happens on the ground through practices in daily life. The presumption underlines the choice of semi-structured interviews as a second research method.

By using a flexible structure of semi-structured interviews, the interviewee can gain more information by going beyond a strict questionnaire which opens an opportunity to go deeper into the topic at hand. Using a qualitative interviewing approach allows the interviewer to provide more insight into what he depicts is important and requires further explanation (Bryman, 2018). This enables the interviewer to get more detailed and comprehensive answers and gain information about the aspects that the research might have not taken into consideration. Consequently, the aim of the semi-structured interviews is to understand a social process- the production of suspicion- and the challenges it raises.

Following the theoretical framework used for this study, interview questions are built reflecting on three key aspects: the context in which the transaction monitoring system is enacted, socio-technical characteristics of the device and social disposition of its user. The

(24)

up questions regarding the challenges that the process of transaction monitoring might face. For example, concerning the aspect related to the social disposition of the user, respondents were asked:

1. What are the responsibilities of an analyst working with the transaction monitoring system? 2. Is an analyst allowed to make a judgment based on his own feeling of suspicion?

3. What expertise, skills and knowledge are required from an analyst in order for him to do his job?

In preparation for the interviews, a questionnaire info sheet was made. It included a detailed explanation of the aim of this research, the researcher’s personal contact details and the list of questions. The hardest task was to reach out to the respondents. Due to the sensitivity and confidentiality of the information regarding the operations within the banking sector, numerous offers for an interview were rejected. Initially, the respondents were selected using the ACAMS database which indicated the list of certified AML specialists. The database was chosen for the inquiry in order to maintain a high level of internal validity with respect to the topic at hand. The Certified Anti-money laundering Specialist credential is widely acknowledged as the highest standard in AML certification, which depicts a person as highly experienced and knowledgeable with respect to ML and TF (ACAMS, 2019). After numerous refusals for possible respondents, the number of actual interviews was narrowed to four. The certified AML specialists who responded to the invitation for an interview were initially contacted through email. Two respondents were contacted through personal connections that were made from prior experience working in the financial sector. Personal connections provided easier accessibility to two certified AML specialists. After getting positive responses, the researcher conducted interviews in her country of origin, Lithuania. The third interview was conducted in the Netherlands. And the last respondent was interviewed through email. The respondent sent the answers to the questions in a written format. With respect to personal privacy, the names and surnames of respondents are not mentioned in the research. In the analysis chapters, in order to avoid repetition, the respondents are referred to as specialists, experts or professionals. Lastly, in the analysis, respondents were differentiated by assigning a number to an interviewee, for example, (CAMS 3. Interview, May 2019) or (CAMS 1. Interview, May 2019).

(25)

Chapter 4. THE CONTEXT OF THE SECURITY DEVICE

Following the theoretical framework of this research, the analysis section addresses three main aspects which are explicitly emphasized in the security practice formula proposed by Amicelle et al. (2015). This chapter mainly focuses on the context in which the security practice falls in. According to the authors, security devices are not neutral, thus their mode of operation is largely dependent on a specific context (Amicelle et al. 2015). The sociopolitical context in which the transaction monitoring system is deployed informs about the purpose of the security device and its modes of operation.

Consequently, this chapter is divided into three parts. First, it gives an overview of what problem money laundering and terrorism financing predicates. This is important in order to understand the complexity of the security issue which banks are obligated to address. Then it turns the focus on international standards and frameworks which respond to the problem of ML and TF. Lastly, as the research confines within the European Union (EU), it will highlight the biggest contestations and struggles that banks face by making sure that the requirements imposed by EU regulators are met. All in all, it will show how the transaction monitoring system becomes an essential tool, a financial surveillance security device.

4.1. ML and TF - the Scope of the Problem

According to Amicelle et al., “each device is related to a particular history; it is based on negotiated standards, finalities and functionalities that convey specific representation of the sociopolitical issue(s) at stake” (2015, p. 294). Following this assumption, the research refers to a transaction monitoring system as a security device which serves as a problem solving mechanism. The problem, in the context of the security device, is illicit financial crime largely associated with money laundering and terrorist financing. Therefore, in order to understand the security practice through the device, the research draws attention to the scope of the proble m that ML and TF raises.

For more than two decades, financial institutions have been responsible for the prevention and detection of suspicious activity related to money laundering and terrorism financing (Vlcek, 2018). The information that financial institutions obtain about their customers and their activity is considered to be the key tool in fighting against illicit crime (Biersteker& Eckert, 2007). But in order to use this information appropriately, a bank must understand how criminals operate, what techniques they apply and how they are exploiting financial system.

(26)

The perception of risk that a bank follows and the information that it gets about the customer eventually is being combined into the transaction monitoring system. The difficult part for a bank is to understand the nature of ML and TF in order to build a comprehensive approach towards tackling the risks.

According to the International Bank for Reconstruction and Development, the World Bank and International Monetary Fund, tracing back or capturing illegal activity is difficult because of several reasons (2006). First, criminals use global networks and usually operate in a cross-border manner and take advantage of fast money transfer mechanisms, whereas tracing the activities become more and more difficult and require high international cooperation. Second, the illegal nature of their operations constrains the ability to accurately estimate the magnitude of the problem. In other words, illegal activity that is not being captured is there to remain unnoticed, because it is not documented by respective authorities. Third, the complexity of the definitions concerning ML and TF also hinders the effectiveness of combating criminal activity. For example, the meaning of terrorism, in general, differs remarkably throughout different countries (FATF, 2008). For example, in Turkey, the Kurdish separatist movement is viewed as a manifestation of terrorism. (Norgren, 2004). This does not necessarily mean that other countries agree with this position. The same can be said for money-laundering, whereas the crimes which would consequently constitute money laundering offense also vary significantly (World Bank et al. 2006). Lastly, methods that criminals use also differ across countries, regardless of characteristics related to economy, enforcement capacities, legal systems and other (ibid.). In addition, some typologies of ML and TF are more common to a particular region, thus a bank will consequently address the ones, which are most prevalent to their location (CAMS 2. Interview, May 2019). Therefore, other typologies that are less common to a particular area can be simply ignored. Nonetheless, criminals are always trying to keep up with the newest methods that governments or financial institutions use in their efforts to capture them, thus the methods to finance terrorism or to launder money are changing accordingly. The fact that only 1% of illicit financial flows that go through legitimate financial institutions are seized (UNODC, 2011, p. 11) predicate that the international community, governments, and financial institutions must implement a comprehensive framework and work together to combat money laundering and terrorist financing activities.

The scope of the problem thus indicates the complex nature of ML and TF. The complexity creates a certain mode of uncertainty under which financial institutions are authorized to take action. Therefore, the performativity of the transaction monitoring system largely depends on translation. In this case, translation portrays the means of “[…] establishing

(27)

links, connections, circulations […]” (Callon, cited in Amicelle et al. 2015). The next two sections aim to show how these connections and links are established by providing a critical overview of the international framework towards combating ML and TF and the approach that is specifically used within the EU.

4.2. International Organizations and Standard Setters

Response to illicit financial crime began with the international recognition of the issue and understanding that criminals take a huge advantage of financial institutions. All financial institutions were already holding information about their clients and their activities. But in order to secure the financial system from threats related to ML and TF, guidelines of how this information should be used where needed. This is important because it gives justification and legitimacy to the use of transaction monitoring system in order to detect, deter or prevent illegal activity.

To encourage an effective and comprehensive response to ML, the Palermo convention was adopted by the UN and signed by 147 countries (UNODC, 2004). This convention laid out the provisions concerning the criminalization of Money Laundering and related activities, the establishment of regulatory regimes to deter, detect and report cases of ML and the authorization of cooperation and exchange of information between respective governments and financial institutions (UNODC, 2004, see Article 6, 7).

In parallel, following the 9/11 terrorist attacks on the United States, the International Convention for the Suppression of the financing of terrorism came into force in 2002 (UN, 1999). The convention explicitly states that “the number and seriousness of acts of international terrorism depend on the financing that terrorists may obtain” (ibid.). Thus, it obligates countries to criminalize terrorism, organizations related to it and the acts of terror itself. The convention emphasizes the unlawfulness of collection or provision of funds with an aim to carry out a terrorist attack (ibid.). This implies that respective institutions must suppress or try to prohibit the transfer of funds that would eventually contribute to an attack.

Although by definition, money laundering and terrorism financing are different processes, the methods used to launder money are in many respects the same as of those used to fund terrorism (Norgren, 2004). The main difference here is that for terrorism financing, the funds may come from legitimate sources too, thus unraveling the traits of terrorism financing becomes somewhat more complex (FAFT, 2008). Despite the differences and similarities between ML and TF, both predicate illegality and crime in itself. Following the presumption

(28)

Financial Action Task Force (FATF), an intergovernmental organization, was established (FATF, 2019). This policy-making body is directed towards the development and promotion of an international response to combat ML/TF. FATF with its 40 Recommendations provides the most comprehensive and extended framework so far and promotes effective implementation of regulatory, legal and operational measures for combating ML/TF (FATF, 2018). The provisional recommendations are designed for universal application by member countries throughout the world and provide expertise to identify the risks and develop policies; apply preventive approach; exchange information throughout respective institutions and facilitate cooperation (ibid.).

However, facilitating cooperation between respective institutions is somewhat problematic. Banks are obligated to report any suspicious activity to the respective Financial Intelligence Unit (FIU) in the country they operate. In turn, the feedback on these reports becomes very important to a bank. First, the feedback is a good way to see whether a bank is using an effective approach towards ML and TF. But in reality, this is not the case. As experts put it:

[The] feedback would be very useful […] but banks do not get a lot of it. When FIU gets a report, they look at it and if it looks suspicious, they report it to the police enforcement agencies for further investigation. If police starts an investigation it can last for several years, even. So, it is mostly because of the time span. (CAMS 3. Interview, May 2019) Second, in some circumstances getting the feedback is important in order not to cause inconvenience to the customer. For example, if a customer wants to make a transaction that goes beyond a certain threshold, it first needs to be stopped and reported to FIU. If there is no suspicion concerning that transaction, the FIU must inform the bank as quickly as possible for it to be released. For instance:

[A bank] would stop a transaction which amounts to 1.000,000 euros, the transaction is immediately reported to the FIU and the feedback must be given quickly for a bank to be able to release the transaction in order not to cause any inconvenience for the client if/when there is ultimately nothing suspicious going on. According to the regulation they [FIU’s] need to tell the bank that they froze the transaction and started the criminal investigation. That’s the requirement. (CAMS 1. Interview, May 2019)

Inevitably FIU’s and their work have an influence on bank’s performance. This is important in order not only to satisfy the client but also to see whether the monitoring done by a bank is effective. Apart from the transactions which need to be caught and released in a short period of

(29)

time, a lack of feedback concerning complex and bigger cases becomes an issue for a bank because they simply do not get a lot of it. Therefore, effective cooperation comes as an important part of financial surveillance. The absence of feedback makes a bank subject to experimentation since no concrete response about the efficiency of the approach is given. The lack of feedback creates a situated mode of resistance wherein a bank is forced to make an objective evaluation of its own approach towards ML and TF.

All in all, focusing on financial institutions and stressing the fact that banks can be/are used as intermediaries by criminals, financial institutions must be responsible in identifying who their customers are, uphold high ethical standards and comply with respective authorities and laws (BCBS, 2019). This implies that financial institutions must be accountable for the identification, monitoring, and reporting of any abnormal, suspicious activity that is or can be in anyway related to money laundering or terrorist financing. This explicitly goes down to the transaction monitoring system where the financial information about a particular customer is stored, processed and filtered (De Goede, 2018). In turn, the transaction monitoring system and the way it is configured determine the effectiveness of surveillance and financial institutions’ ability to prevent or capture illicit activity.

4.3. AML/CTF at European Union Level

Notwithstanding the influence of international organizations and standard setters on the international AML framework, the European Union continuously applies its own approach to money laundering and terrorist financing threats. The EU, in the beginning, was relying on knowledge of experts who were based in the UK or US. According to AML specialists, “the understanding about AML and TF was coming from the UK and US because they were one step ahead of the EU. It was due to the fact that those countries were facing issues a little bit earlier” (CAMS 2. Interview, May 2019). With time, besides relying on international standards and guidelines, the EU started to adopt its own laws and regulations (European Commission, 2018a). Currently, the EU’s AML framework is now more focused on the vulnerabilities and issues connected to financial institutions which operate within the boundaries of the European Union. The EU’s AML framework implicitly puts the focus on the traceability of financial flows and information concerning the customers of respective financial institutions.

Specifically focusing on the European Union level, financial institutions operating within the EU are bound to make continuous adjustments to their transaction monitoring systems. It is because the laws and regulations at the EU level (especially referring to the 5th

(30)

which consequently materializes in a wider selection of products that financial institutions are now offering to its customers (European Commission, 2018b).

Although this comes as an advantage for financial institutions, particularly banks, it also means that new emerging products can easily become a new target for criminals which they can exploit and use to conceal illegal finance. Thus, products such as pre-paid cards or digital wallets mean continuous adjustments to the transaction monitoring systems in order to accommodate new possible threats. In other words, whenever a new product is introduced by the bank, transaction monitoring systems must be adjusted accordingly. As a certified Anti-money laundering specialist points out:

Now there are a lot of activities in the technology world, it is booming. So, it is continuous innovation, and if banks are considering something new, they need to do twice more work in order to understand what needs to be done, what safeguards need to be implemented and how they can improve. Because technology is evolving and quickly changing. (CAMS 3. Interview, May 2019)

This means that technology has a twofold implication for banks. It allows them to expand their services and provide more products to the customers but at the same time, they need to put more work in order to safeguard the market and their customers from new possible risks and threats.

When it comes to the EU AML framework, another aspect that must be highlighted is non-compliance with the regulatory standards. Stricter regulation with the adoption of the 5th

Anti-Money Laundering Directive precisely addresses the widespread and systematic failures of AML systems across the financial sector. In fact, this Directive focuses on improvements concerning information exchange between respective institutions and better access to it, transparency and better safeguards to stop illicit financial flows (European Commission, 2018b). The fact that 2018 witnessed a record number of AML fines imposed on banks in the European Union, which accounts for approximately 905$ million, perfectly illustrates the magnitude of the problem (Fenergo, 2019). While financial operations are globally expanding, the repercussions of non-compliance are far-reaching. Consequences of failure to comply with AML regulations can include criminal proceedings, reputational damage, and loss of credibility. Nonetheless, and most importantly, it can have an enormous negative impact on the global economy and financial institutions’ ability to cover and serve the needs of its customers. The argument about the repercussions of non-compliance relates to a tactic of diversion which is used by the respective governmental authorities. In that sense, a bank is not only seen as a security agent but also the one that must be controlled and monitored. As Chan (2001) argues,

European banks in the fight against money-laundering and terrorist financing : transaction monitoring system as a security device