True Crime, Banking Edition
This week, I sat down with Erik Torenberg, who founded Turpentine (a podcast network which produces Complex Systems, among many other shows). He reverse-interviewed me about how financial institutions act as bureaucracies and why. An interesting sub-theme of this observation is when financial institutions act as arms of the state, as they do when interdicting money laundering.
I've written about many of these topics fairly extensively before in Bits About Money. A bit of a disclaimer: I previously worked at, and am presently an advisor to, Stripe. Stripe does not necessarily endorse what I say in my personal spaces.
[Patrick notes: As always, I have included some after-the-fact thoughts throughout the transcript, set aside in this fashion. This week's transcript relied on more AI-powered (ChatGPT 4o, specifically) cleanup than human editing; please let me know if I missed any hallucinations. As always, the goal is to produce a written artifact which is as useful as the conversation without necessarily slavishly reproducing it.]
Sponsors:
Building an enterprise-ready SaaS app? WorkOS has got you covered with easy-to-integrate APIs for SAML, SCIM, and more. Start now at https://bit.ly/WorkOS-Turpentine-Network
Check is the leading payroll infrastructure provider and pioneer of embedded payroll. Check makes it easy for any SaaS platform to build a payroll business, and already powers 60+ popular platforms. Head to checkhq.com/complex and tell them patio11 sent you.
Timestamps:
(00:00) Intro
(00:33) Seeing like big tech
(06:31) AI centralization, and information processing
(09:23) Crypto vs AI: Thiel's perspective
(10:30) Seeing like a bank: ledgers and customer service
(19:57) Future of banking customer service
(22:27) Societal goals vs banking efficiency
(28:58) Sponsors: WorkOS | Check
(31:15) Understanding KYC and AML
(35:16) Money laundering explained
(42:28) Financial system as law enforcement
(51:41) Ideal changes in the financial system
(52:34) Wrap
(You can Ctrl-F these titles to skip to the corresponding part of the transcript, below. Sorry, I can't simply hyperlink them, due to technical limitations on some platforms.)
Transcript
Patrick: Welcome to Complex Systems, where we discuss the technical, organizational, and human factors underpinning why the world works the way it does.
Erik: Patrick, excited to turn the tables this time and interview you and get into some of the Bits About Money classics.
Patrick: Thanks very much, Eric. For those of you who don't know, I write a newsletter called Bits About Money. It usually covers the intersection of finance and technology and is published every 2-4 weeks, inspiration depending. Today we’re having a casual conversation on some recurring themes from it.
Seeing like big tech
Erik: Excellent. So I want to get into your Seeing Like a Bank post, named in homage to Seeing Like a State.
Seeing like a State famously addresses the problems of centralized control and coordination. Big Tech seems to do these very well. If you were to write Seeing Like Big Tech, what would that thesis cover?
Patrick: I think that is a book that is begging to be written. I'm not sure I'm the person who should write it. I’m happy the work and the mental model that is Seeing Like a State has metastasized into the tech industry and the intellectual communities around us.
I think there's a bit of a dialectic in that thesis. [Patrick notes: i.e. You will get more value out of Seeing as a critique of the modernist impulse than you will as a refutation of it, which it is often confused with.] Incidentally, the author (James C. Scott) passed away recently, and the book is very worth a read.
The brief version of the thesis is that high modernism tries to reduce the complexity of the world into a set of artifacts that can be operated on by government planners. Because reducing the complexity of something necessarily shaves off details at the edges, this has caused a bunch of human tragedies over the years. Scott walks case-by-case through failure scenarios ripped from history, like government planners doing things which are disrespectful (often very intentionally) of the culture of the people they are serving. In some cases, they do things which are disrespectful of reality, like (famously in the first few chapters, about German forestry management) attempting to impose their desire for order and discipline upon forests and discovering that biology is substantially more complicated than dreamt of in their philosophy.
The “And Yet” [Patrick notes: a winking disagreeable allusion to a recommendation for improv actors to accept the premise of a partner in the scene and build upon it, without e.g. debating that premise] version of Seeing Like a State is: And Yet we live in a society which is heavily indebted to the intellectual effort that is high modernism. And Yet we do have these enormous bureaucracies around us. And Yet the IRS, Social Security, your water department, et cetera, observationally exist.
[Patrick notes: I think a well-educated person could come away from Seeing Like a State assuming their municipal water department is likely oversimplifying the complex biology of water ecosystems, ignorant of the substantial lore in local communities with respect to water’s importance to the spirit world, and overly obsessed with graphs and paperwork. And then that person would go home and not die of cholera. Routinely delivering “nobody dies of cholera” is an important achievement and one that is very difficult to fake.]
Patrick: You may well have problems with these bureaucracies. But it is not in fact the case that everyone in your city has died because it is impossible to run complex systems. And therefore, the takeaway from Seeing Like a State should not be that it is impossible to run large bureaucracies, but that there are describable, particular dangers of running large bureaucracies that have predictable failure modes.
Does Big Tech prove that it’s possible to build bureaucracies far larger and more effective than previously excellent ones? The answer is both yes and no. Observationally, companies like AppAmaGooFaceSoft—pick your favorite—perform feats that are beyond the capabilities of any other human institutions, past or present.
Take, for example, Apple's supply chain. It’s fortunate that Apple doesn’t ship munitions, because, with the possible exception of the current U.S. military, Apple likely has one of the most impressive supply chains in human history, or something very close to it.
And if you’re not convinced Apple holds that title, then Amazon certainly might. They are leagues ahead in logistics, better at moving materials from point A to point B than the U.S. was at key historical moments—say, World War I or the Civil War. Imagine any point where the U.S. was clearly a major power but couldn’t manage to coordinate an entire fleet of ships arriving from China to a random port on a specific day, then get those goods onto planes in time for a launch announced a year in advance.
ig Tech is hyper-competent in certain areas, but it's clearly not omnipotent. Take Google, for example: they've had a strong track record, with successful acquisitions and global-scale products that excel in their respective domains. Yet, Google also has a long history of failures. It’s not obvious to me that Google could successfully execute on something like forestry management where, for instance, 18th century Germany struggled. Does forestry management align more with YouTube's level of success, or is it more akin to Google Wave or any of the other major products Google has discontinued over the last decade?
There are plenty of examples to consider. If one were to develop a "Seeing Like Big Tech" theory, it would ideally tease out the commonalities among the hyper-competencies these companies possess. Equally important would be identifying the areas where they consistently fall short.
For example, no one in Big Tech believes they've solved the principal-agent problem—the challenge of aligning employee incentives perfectly with organizational goals. That issue is still very much on the table.
For those unfamiliar with this dynamic in tech, one major reason it’s difficult to sustain new products at companies like Google is the way their compensation system works. It heavily incentivizes putting your name on a new initiative but strongly disincentivizes maintaining that initiative in, say, its fourth year.
As a result, the A-team at Google typically works on flagship products like Google Search or Gmail—those with massive user bases—or whatever the latest iteration of Google’s messaging app happens to be at the time you’re listening to this podcast. There will always be a new messaging app because Google recognizes that a competitive messenger could potentially reach billions of users and become one of the most valuable applications ever created. Google is so convinced of this that they've made roughly 20 attempts at it, yet all have failed.
Does this mean Google will perpetually fail at creating a successful messaging app? Not necessarily, but the pattern suggests a deeper systemic issue.
It is a very important data point that Google, despite having all the king's horses and all the king's men, continues to fail at doing that. Will they inevitably fail in the future at it? Who can say.
[Patrick notes: I am not optimistic at Google ever shipping another world-changing product they’ve developed internally. I think the rot may well be that bad. That said, I would have enthusiastically predicted that Microsoft’s best days were behind it in e.g. 2014, and in 2024, 2014 me appears obviously mistaken.]
AI, centralization, and information processing
Erik: The incentive problem is a significant one, as you mentioned. Another common issue people often highlight is the information problem, which takes us back to Hayek's idea that it's inherently difficult for any central authority to possess the full scope of information within an economy—whether we're talking about a micro-economy or the broader global economy.
Hayek argued that decentralized systems are more efficient because the pricing mechanism serves as a natural information processor. However, with the rise of AI and its power to process vast amounts of data, there's a possibility that centralized systems could gain an edge in managing and interpreting information that previously only decentralized approaches could handle. It's a compelling thought.
Patrick: It will be fascinating to see how this plays out. Given the current capabilities of AI, it seems likely that tasks like running a for loop with minimal human oversight across a vast number of similar items will become significantly easier than they are now.
This is an area where states have historically excelled. For example, running a “for loop” over tax returns for 300 million people: in tech, we often say that doesn’t scale, but governments manage to do it annually with around 80,000 people—that’s barely Google's headcount. So, AI’s capability to essentially run a for loop over every human utterance entered into a system is both a little terrifying and well within reach for any sufficiently resourced organization, either now or in the near future.
However, does this grant complete control over reality? Probably not. There's a Claude Shannon-esque information theory aspect here: if we're comfortable truncating the dimensionality of the data we process, we can handle a massive volume. But if we’re not willing to truncate—if we truly care about, say, artifact number 17,631 and how it might present differently—then we need to adjust our models accordingly. I don't think we have a clear path to a technology that lets us bypass the need to carefully examine each piece of data and reassess our mental models as needed.
[Patrick notes: To be clear, I don’t think this is a physical limitation of AI or one of those thin reeds that will keep humans relevant in a future where AI does all the gruntwork. I think this is just genuinely hard. It is hard even for the best-executed, best-managed systems in the world when they’re not simply operating on ginormous volumes of low-complexity situations (“convey this message, unaltered, from A to B”) but rather operating on slightly-less-ginormous volumes of high-complexity situations where the true best form of the rules is unknown and maybe unknowable (“What was Patrick’s income last year, calculated fairly, such that the resulting tax balances his nation’s need for revenue, the polity’s moral and aesthetic preferences, his right to the fruits of his labors, and his fellow citizens’ right to not be unduly disadvantaged vis him when evaluated in the same fashion”).]
Crypto vs AI: Thiel's perspective
Erik: Peter Thiel famously said that AI is communist and crypto is libertarian, or AI is centralizing, crypto is decentralizing, AI gives power to incumbents and crypto to startups. And I think we've seen AI empower incumbents. I don't think we've seen crypto do much of anything yet except to enable speculation. (Not to criticize crypto too much, but, that, I haven't seen a libertarian or decentralizing Renaissance thanks to crypto just yet.)
Patrick: I sort of shrug with regards to the political implications of various technologies. I think that's kind of heavily overblown, and the more interesting question to me is who is using this and what are they using it for?
[Patrick notes: The limited version of the argument I would endorse is that sometimes technology functions as a capabilities increase for particular political objectives. For example, a world with mass media available is one in which it is much easier to coordinate genocide than a world without mass media available. I do not think that it is sensible to call radio a pro-genocide technology, though, and I think this genre of mistake is often made.
Radio is, of course, indispensable for disaster relief, ties geographically disparate markets together, sells lots of ads, and very occasionally helps unite the populace in resisting genocidal dictators. It is a tool.]
Observationally, crypto hasn’t seen widespread adoption compared to tech systems that are truly in broad use. Meanwhile, the growth trajectory of AI, particularly in the first half of the last three years, has been exceptional—especially to those of us who’ve been around tech for a while. It’s one of the fastest growth curves we've observed in some time.
Moreover, not only has the adoption curve been steep, but the capabilities growth has been equally astounding. This keeps me quite bullish on AI. Many informed observers might note that, compared to the previous rate of surprises, the past 12 months haven’t been as shocking as the 24 months prior—which might be a good sign if one believes that the surprises keep coming right up until the end of the world. But that’s also something I tend to shrug off.
[Patrick notes: I’ve spent far fewer cycles thinking about this question than many people I’ve had the discussion with, but my somewhat considered gut check is my p(doom) is in the neighborhood of p(global ecological catastrophe incident to nuclear war), and I spend very little of my life thinking about nuclear war.]
Seeing like a bank: ledgers and customer service
Erik: Yeah. Let's transition into Seeing Like a Bank. You write in the beginning banks are extremely good at tracking one kind of truth ledgers. They're extremely bad at tracking certain other forms of truth for structural reasons. Why don't you unpack that?
Patrick: Aspirationally speaking, and it is more aspiration than law, banks are relatively good at recording transactions, ensuring that numbers balance at the end of the day, and not losing money. This all boils down to the function of ledgers—a technology we've had since Renaissance Italy, thanks to the Medici and the advent of double-entry bookkeeping. It's one of the most underrated technologies in human history, right up there with writing, and it's fundamental to how organizations operate at scale.
That said, many people have experienced the frustration of dealing with routine issues at their bank. Whether you visit a branch or call customer service, you often get passed around between departments, needing to re-explain your issue each time. You might hear conflicting information, and even if you eventually get a resolution, it often takes hours for something that feels like it should be resolved in minutes. Worse, you might not get a satisfactory resolution at all, potentially leading to significant consequences.
These structural issues in banks often manifest in the user experience. If you look behind the scenes at a bank, there might be a customer service division, but it's usually only unified in the sense that it shares a nameplate on the building. In reality, it’s composed of multiple silos and teams arranged in a tier structure. The least senior employees, often outsourced, but let’s assume for this example they’re all in one building in middle America, are in tier one. All calls initially go to tier one, where the goal is to triage and determine whether the call can be handled quickly by someone with minimal authority but who is the cheapest to employ, or if it needs to be escalated up the chain.
[Patrick notes: Call center siting is a fun field. The preference for middle America is common for U.S. based call centers due to neutral accent, low labor cost, and wide availability of people who are intelligent, diligent, and would actually take that job if offered. There are, of course, other places where call centers cluster, too.
Companies are notably less candid when discussing these factors externally, partially because call center work is not particularly high status and talking about the realities of it is depressing, and partially because there is a can of worms in verbalizing strong preferences one’s customer base has for humans they interact with.
Source: I paid for my college education, in part, by working in a call center, and seem to get brought back for one last job every few years.]
Patrick: Many of these simpler calls are quite common: questions like, "What's my balance?" or "Did my deposit go through?" In 2024, you’d expect these questions to be entirely answerable by a computer—and you'd be right. However, at the scale of a bank, a staggering number of calls are about these basic queries. A surprising portion of calls involve questions you’d assume a bank would never get asked, but they do—constantly.
Given that banks are effectively "wasting" time on these types of calls, they prefer to have someone making $12.50 an hour handle them, rather than a more senior or specialized employee. Tier one exists essentially to protect the more "expensive" staff from needing to engage with these types of interactions.
Erik: What is a concrete example?
Patrick: Imagine the worst breakup story you’ve ever heard. Now, picture someone recounting that story and, for whatever reason, choosing to tell it to a bank customer service representative. It happens every day, thousands of times. Some people just need someone to talk to, and some need someone to yell at. You might think they choose the bank because it’s related to a money issue, but often, the complaints are not strictly about money. And when they are, it’s often rooted in broader frustrations, like simply not having enough money.
[Patrick notes: An example straddling the line of “definitely the bank’s problem” and “not really the bank’s problem: consider this fact pattern.
A customer is working but has extremely unstable income and no savings to speak of. Their monthly electricity bill debit brings their account into the red; this causes a $35 fee to be automatically assessed. They call to protest the fee. Due to some combination of anger, shame, a lack of sophistication and precision in how they recount these facts, and a call center representative (who is also, very probably, not that distant from working poor herself) wanting to get them off the phone to successfully meet quota for this hour, the bank understands them as having (magic words incoming) Not Authorized the debit.
Some days later, their power is cut. The reason for this is that the bank yanked the month’s electricity bill back from the utility, and the utility followed its usual flowchart for that situation. The customer is unaware of these two facts. They called the utility, who suggested they call their bank a second time.
Now imagine listening to this customer talk for 15 minutes about the impact to their life of having the power cut, after a low procedural history which spent many minutes on how their hours were cut at work because the restaurant manager is now sleeping with someone else and approximately 15 seconds of mostly inaccurate commentary about what was said in the first call.
One should, of course, be compassionate in dealing with the challenges this customer faces in their life. However, regardless of one’s level of compassion, that will be a very challenging 15 minutes on the phone for the customer service representative. Now repeat that on, oh, 30% of all calls for the entirety of their career.
And then you can start to appreciate why banks institutionally firewall this customer from speaking to most of their organization, and also why they are not entirely candid that they have made that decision, in part because they truly do not understand themselves as having made it.]
Patrick: And the bank’s response is often, "Well, we are indeed the money people." They have a flowchart that dictates how much venting they need to tolerate before they’re allowed to disconnect the call—and yes, that’s an actual rule. The bank deals with an iceberg of issues you wouldn’t expect, simply because you’ve never had to dive into this problem space.
Tier 1 protects the rest of the bank from that iceberg. Tier 2 typically consists of people who’ve spent some time in Tier 1. Many in Tier 1 decide, after a year or two of enduring a stressful job where they’re constantly yelled at for things outside their control, that they don’t want to work in a call center for the rest of their lives and move on to other opportunities. Those who remain and move up to Tier 2 are usually more specialized, choosing to become experts in narrower aspects of the bank’s operations. Instead of handling any query about checking accounts, for instance, they might become the business account specialist or something similar, depending on the bank.
When a call is escalated to Tier 2, it’s been pre-screened by Tier 1. By the time it reaches the business account specialist, Tier 1 has (hopefully) verified that it’s indeed a business-related inquiry and not a crank call—though some business owners can be cranks; it happens.
[Patrick notes: Most large banks service retail consumers and small businesses out of the same organizational structure. The most numerically common small businesses are sole proprietors. Many of them are not particularly sophisticated, and the relative mix has decreased in sophistication due to e.g. changes in the medical industry which have resulted in many sole practitioner doctor/dentists exiting self-employment to join larger firms, which “creamed” some of the most sophisticated and lucrative customers out of the SMB banking segment.]
Patrick: Tier 2 agents have more authority and options to resolve issues than those in Tier 1. For example, while banks theoretically shouldn't lose money, in practice, they do, and these losses are referred to as "operational losses" in financial disclosures.
If money that should have been transferred from Account A to Account B fails to arrive, the bank might decide to charge it off as an operational loss, making good on the funds and placing them in Account B. However, banks don’t typically trust employees earning $12.50 an hour to make these decisions. Tier 2 agents, on the other hand, might have authorization to make accommodations on behalf of a customer, such as approving up to $1,000 before involving their supervisor, and possibly up to $10,000 before escalating it further. Below those thresholds, they might simply enter a brief reason in the system, hit enter, and the funds are credited—this isn’t the bank creating money out of thin air; it’s absorbing a loss to honor its commitments to the customer.
The challenge comes when a user is passed from Tier 1 to Tier 2: many banks haven’t made the necessary IT or operational investments to enable Tier 1 and Tier 2 to share context. So, from the customer's perspective, after spending 35 minutes on the phone with someone who seemed under-informed—a perception that may be somewhat true given the human capital realities of Tier 1—they must repeat everything they've said. The bank effectively "forgets" everything from the previous conversation as the customer gets transferred, possibly multiple times, to different departments.
Is this because banks dislike their customers? No. Is it purely about optimizing profit margins? Not exactly. It’s more an unsolved problem rooted in the complexities of capturing and conveying the right information across all touchpoints. As discussed earlier, like a state trying to map a territory, no map can fully represent a territory because it’s inherently smaller. Successfully distilling the right amount of information and passing it seamlessly within an organization is a challenge. The world’s largest, best-operated banks might do a fraction of what's implied here, but only because they’ve spent billions specifically on solving this problem.
For most customers banking at, say, First National Bank of Kansas, there hasn’t been a billion-dollar investment in their customer service infrastructure, so the experience is inevitably less streamlined. And yet, customers often tolerate this.
Why is it tolerable? Reflect on your happy interactions with dedicated, highly competent professionals who have spent years becoming specialists in their fields. Reflect on your interactions with the medical community. You can describe your problem in arbitrary detail, they will investigate for as long as necessary, they will use their professional expertise to recommend a treatment plan, and then you (or someone paying for you) gets billed for $9,000.
There are relatively few problems with banks that you as an individual have had where you would welcome a $9,000 bill for resolution.
[Patrick notes: You can get billed for banking professionals doing bespoke work on your behalf. It is most common in the upper echelons of business banking and in private banking, but in principle there is a line in your account disclosures for how much the bank will bill out e.g. back office staff forced to do research on your behalf. But most retail customers hate this notion and you need to have fairly specialized needs or weird fact patterns to run into it.]
Patrick: What we essentially have is an insurance mechanism: at a very low cost to users—paid out of the net interest margin on their checking accounts or the interchange fees from their credit cards—we maintain an escalating tier system of customer service representatives. This ranges from relatively inexpensive agents at the lower tiers to highly specialized and costly staff at the upper levels, who will "figure it out" when needed.
While this experience can be extremely frustrating for many users, it is far cheaper for the banks and offered at a price point that most people tolerate. This is, in a nutshell, how the financial industry approaches customer service: a tiered system designed to handle complaints and issues in a cost-effective manner, albeit one that often sacrifices customer satisfaction in the process. This is the Seeing Like a Bank thesis when it comes to customer service complaints.
Future of banking customer service
Erik: Do you expect this will be solved in 10 years, or is this just intrinsic to how banks work?
Patrick: I think we'll continue seeing tweaks at the margin and some improvements here. It actually isn't the case that there has been no improvement in banking or retail financial services in the last couple of years. The existence of mobile apps that give you an up to date account balance so that you don't have to call in and ask a human to read you your account balance out of the database is a major innovation and improvement in banking services.
Those apps, to a close approximation, only get better over time.
People don't perceive it this way, but the tiering system is actually an improvement over what we used to do.
[Patrick notes: Like everything, it had to be invented. The best single account of it that I’ve read was in Charles Schwab’s autobiography, where he exuded the sort of deeply-in-the-weeds wonkery that separates interchangeable MBA-totting standardized Powerpoint units from people who very, very clearly bent all of their energies to solve a hard problem for decades. Written in the margins of the work, effectively, is a symposium in the costing model for licensed versus unlicensed customer service representatives, careful parsing of regulations to knowing that you can recount a price IBM has traded at without a license but can’t quote a price to IBM without a license, and many anecdotes about how to build machines robust against unreasonable customer demands. (Unlike in retail banking, in the early years of Schwab, most of the unreasonable demands come from relatively wealthy clientele.)]
Patrick: Interestingly, when you look at old pieces of fiction or cultural artifacts frozen in time, you sometimes see anachronisms like stories of a widow losing her life savings due to a bank error, or quirky mechanics like “bank error in your favor” in Monopoly. These scenarios are largely relics of the past because the rate of bank errors today is much lower. Of course, it would be a far less entertaining game mechanic, but back in the 1910s, if the ledgers were wrong, you could indeed lose all your money and be out of the game.
So, are we going to improve the way we operate these tiered systems? As human-adjacent cognition becomes much cheaper, there’s potential to replace some of the tasks performed by less-trained employees earning $12.50 an hour with more sophisticated, cost-effective AI systems. These systems can handle large volumes of basic tasks, and eventually, with banks getting better at deploying these technologies, we might see more efficient routing from the initial point of contact directly to a bank professional who can resolve the issue responsibly.
This would likely result in a better experience: instead of redundantly inputting information once into a computer and then multiple times to different humans, customers might only need to speak to one human rather than bouncing between six different people before reaching the right desk for resolution.
While I’m cautiously optimistic about these incremental improvements, it’s worth noting that evolution, rather than revolution, tends to be the norm in financial services.
Societal goals vs banking efficiency
Erik: You write about how society goals conflict with banks being good at banking.
Patrick: One of the most frustrating experiences with a bank is when you’re told, “For reasons we don't feel like disclosing, we're closing your account. This decision is not appealable. We should part ways, effective immediately. You’ll receive a check in 30 days or so.” The exact details might vary depending on the bank or how you ended up in this situation, but what’s typically happening here is what's euphemistically called a "risk-based decision."
However, this isn’t usually about credit risk; the bank isn’t worried about losing money on your account. Instead, it’s often a regulatory risk-based decision. All regulated financial institutions operate as surveillance entities to some extent—they have to, by law. Within the bank, there’s a compliance department, essentially functioning like intelligence officers, where someone, often assisted by a computer program but ultimately making a human judgment, decides whether an account is too risky.
Usually, you can't speak directly with these decision-makers. They review the account, and based on compressed data representing a vast array of real-world facts, they make a decision. In your case, they’ve decided it’s a no. This process reflects the broader societal and regulatory goals of the financial system.
For example, one current social goal in the U.S., given the geopolitical conflict with Russia, is to avoid facilitating activities that could aid the adversary. As Russia has invaded Ukraine, the U.S. has positioned itself in opposition to Russia but not Ukraine. Banks, therefore, need to align with these geopolitical stances, leading to decisions that might catch some individuals in the crossfire, even if they’re not directly involved.
However, there's a region in Ukraine currently not under Ukraine's constructive control, and U.S. authorities are concerned that Russia could exploit its control over these areas to facilitate money laundering. As a result, financial institutions are instructed not to service customers in these regions without enhanced due diligence.
[Patrick notes: Enhanced due diligence, often abbreviated EDD because three-letter abbreviations are useful in implying there is more to KYC and AML than there actually is, is a requirement that doesn’t require anything in particular. You tell your regulator what your EDD policy is and what your EDD work entails, your regulator comes to an agreement that that is appropriate given the type of customers you serve and your risk analysis, and then you must do that EDD.
If you don’t have the risk analysis done, the policy prepped, the meeting of the minds with the regulator, and the machinery spun up, you can’t do EDD on your accounts in Russia-occupied Ukraine.
And many financial institutions make the decision that, while lamentable for affected individuals, they don’t have the expertise, budget, or burning inclination to fix the lack of this policy/apparatus, and would prefer to instead certify to their regulator “We have no customers in the specified region.”]
Financial institutions often interpret this as: if they're not deeply specialized in doing business in Ukraine, they should avoid it altogether. They fear they won’t be able to consistently ensure compliance with these complex directives from the government.
This creates a split-brain problem within U.S. decision-making. The government intends to say, "Please cut down on oligarch money laundering that supports Russia’s war effort." However, financial institutions hear this as, "Under no circumstances should you fund anything related to Ukraine," including, for example, scholarships for Ukrainian high schoolers—a slight exaggeration, but not far from the reality in some cases. I can't disclose specifics due to privacy concerns, but often, financial institutions recognize that their actions will negatively impact innocent people. Yet, they also know they don’t have the resources or control to fully comply without drastic measures, like investing heavily in compliance for Ukrainian business.
Consequently, they make the pragmatic decision to cut ties, leading to negative experiences for many—decisions made hundreds of thousands of times in recent years. Is this an ideal outcome? No. But is it a choice that institutions are compelled to make repeatedly? Yes, it will continue happening.
There’s no straightforward fix; if there were, it might have already been implemented. There's no simple resolution to the geopolitical conflict between Russia and the United States. And there’s no politically viable option within the U.S. economic framework that explicitly prioritizes fairness towards Ukrainians over lowering the cost of capital for Kansas farmers, for instance. No one in the U.S. is willing to articulate that trade-off directly, so we've ended up with the decisions we have.
This may seem disheartening, but much of the breakage associated with banks isn’t purely a banking issue; it’s a broader reflection of complex geopolitical and regulatory challenges that manifest within financial institutions.
Often, the bank becomes a mouthpiece for decisions made elsewhere, whether in a clearly identifiable source or within the broader, less identifiable workings of the U.S. system. Much of the friction at the bank-customer interface boils down to this blunt reality—one that banks will never explicitly state to customers: "You are poor, and that means you don’t get what you want in life." I’m the one who has to tell you this if it comes to that.
The banking system employs vast circumlocutions to avoid saying this outright, but ultimately, in a capitalist system, you pay money for things. If you don’t have the money, you can’t pay for the things.
Frequently, the person to break that news to the user is someone at the bank or connected to the financial system. It’s one of the roles the broader economy outsources to the financial system: delivering that bad news so actors don’t have to.
For instance, a restaurant might say, “Your card was declined. Please call the phone number on the back of it.” which shifts the blame to the bank, rather than saying, “You don’t have money, so we refuse to prepare you food, and your children will go hungry tonight.”
This diffuse decision-making and the responsibility for delivering tough messages are key reasons why banks are often perceived as the bad guys, both at the retail level and in a broader societal context. They frequently bear the brunt of criticism for poor decision-making within the economy as a whole, though that’s a larger and separate conversation.
Understanding KYC and AML
Erik: This is a good segue into another piece that you wrote about, which explains KYC and AML, which are a bit more subtle and nuanced than they appear on the surface. Can you explain what is often misunderstood here?
Patrick: Yes, so "Know Your Customer" (KYC) and "Anti-Money Laundering" (AML) are mandatory elements of the international compliance regime that have been in place in the United States since the early 1980s. Over time, this regime spread globally, largely fueled by the U.S. leveraging the dollar as a tool of foreign policy—a point where I find myself agreeing with critiques from the crypto community. Their complaints about this are largely accurate. You can see this clearly in the documents as these laws were passed and as supranational bodies increasingly tightened regulations on banking secrecy havens.
KYC is a complex regulatory framework that requires financial institutions to know who controls the accounts they do business with, identifying the individual behind the transactions, and sometimes extending to KYB—"Know Your Business"—to understand the nature of the transactions themselves. While it sounds simple, it’s deceptively complicated in practice. KYC is often connected to why your bank account might be shut down if, for example, your Ukrainian passport is flagged as high-risk at a particular institution.
I once observed a situation at a Japanese bank where a customer was trying to wire money to a cousin in Africa.
[Patrick notes: Correcting the record: I have seen, in an other-than-through-my-employment capacity, a report of this interaction, which I deem to be very credible based on industry knowledge, my personal experiences, and interactions I have seen in Japanese (and, for that matter, American) bank branches.]
Patrick: There was no reason to suspect anything was amiss, but due to KYC protocols, the bank was obligated to ask for details: “Why are you sending this money?” “He's my cousin, going to school. I’m sending him money for tuition.” The bank then requested documentary evidence of the cousin's enrollment. Understandably, the customer didn’t have a tuition statement on hand—a situation familiar to many who support family members abroad. Unfortunately, the customer, who was likely subjected to heightened scrutiny, raised their voice, the bank stood firm, and no tuition was paid that day. This outcome was directly influenced by KYC and AML requirements.
[Patrick notes: I’ll note that one reason this anecdote sticks in my memory is that I was once obliged to explain in detail that, through my most grievous fault, I did not have a tuition statement for a family member’s semester at Notre Dame. The question of why one immigrant succeeded and another did not is complex. Partly it is the maximally unfair reason, though feel free to chat up Japan-resident Africans about that topic because there is substantial nuance there. Partly it is because one of the immigrants was simultaneously a Japanese salaryman, who Japanese banks are institutionally inclined to bank the heck out of.
As long as I’m telling fun war stories: once upon the time, at a bank branch in Nagoya, KYC-adjacent concerns resulted in an Indian IT professional not leaving the branch with the account he had visited it to open. An American employee of the same firm was asked to go to the bank to “translate” for him.
That employee opened the conversation with “It seems like my colleague was unable to demonstrate his employment using his business card. I apologize for the lapse, and have brought a Proof of Employment certificate, dutifully stamped with the company seal. Thank you for the bank’s many years of careful attentiveness to our needs.”, which is salaryman for “He gets a bank book, branch manager apologizes, and we all forget this minor slight ever happened, or, in twenty minutes a shockingly senior individual will be here for an unscheduled meeting that will start at bone-chillingly polite.”
I have a complicated relationship with the values system that is being a Japanese salaryman.]
Patrick: AML considerations involve regulators instructing banks to categorize countries as low-risk, medium-risk, or high-risk for money laundering. Many African countries are often classified as high-risk, and Nigeria, in particular, frequently appears on these lists. This classification stems from a mix of geopolitical factors and the reality that large organized fraud rings operate from Nigeria, siphoning off significant sums from innocent victims in other nations. Those nations prioritize protecting their citizens from fraud over facilitating education for someone abroad, although this comparison is rarely made explicitly.
The people crafting these regulations make broad decisions without directly confronting the specific trade-offs, leaving the concrete consequences to play out in other offices, often many years later. There’s typically a lack of feedback between these on-the-ground outcomes and the original decision-making processes, which perpetuates these issues.
Money laundering explained
Erik: Can you explain what actually happens in money laundering, in more detail?
Patrick: sure. So Money laundering is a very elastic term, like taffy, and that’s intentional. Essentially, it refers to any action that conceals the connection between the proceeds of a crime and a legitimate transaction in the eyes of the state and its deputized surveillance apparatus within the financial system. In mandatory compliance training, you’ll often hear that money laundering typically occurs in three stages: placement, layering, and integration.
Placement refers to moving the proceeds of crime, often cash, into the regulated financial system. Imagine you’re a 1980s drug dealer selling cocaine on a street corner—you end up with a big pile of "dirty" money. This doesn’t necessarily mean the money is physically contaminated (though, for drugs specifically, it often is), but rather that it’s directly tied to an illegal activity that authorities want to intercept. There’s no legitimate explanation for this money that would satisfy the financial system. Placement, then, involves finding the weakest link in the financial system to get that cash deposited.
Layering is the next stage. Even if you’ve managed to place the money in the financial system, if it's still associated with a weak link, it’s not maximally useful. The “weak links” are themselves suspicious, and attempting to spend money from them directly will draw uncomfortable questions and invite a relatively straightforward investigation.
Layering aims to obscure the connection between the illicit origins and the funds now available in the system. This often involves moving money between multiple banks, across jurisdictions, through various transactions. For instance, money might be transferred from a poorly-regarded bank in a high-risk country, then wired to another bank, then another, repeatedly. These transactions might be papered over as intellectual property distributions between companies or payments for trade goods, gradually obscuring the trail.
Integration is the final stage. Now that you have money that’s been layered to the point of obscuring its criminal origins, you want to turn it into something tangible. You can’t eat it, and lying on it—especially now that most of it’s electronic—isn’t comfortable. Integration is about converting that laundered money into assets or spending it in ways that serve the goals of the criminal or organization, thus bringing it fully into the legitimate economy.
Integration often involves buying assets that generate clean money over time. For example, much of the wealth of Russian oligarchs has famously ended up in high-end properties in New York or London. Once purchased, these properties can be sold, and the proceeds from the sale are, by definition, clean. The paper trail shows that the money came from selling an apartment in New York or London. Alternatively, these properties can be rented out—say, to someone working on Wall Street. Is the tenant’s money clean? Yes, because it’s legal to work on Wall Street and pay rent. Is the landlord allowed to charge rent? Absolutely, within a capitalist system. This clean money can then be used for any number of things, from sending a child to private school to buying jets, effectively legitimizing the wealth of someone who owns a criminal enterprise. That, in a nutshell, is money laundering.
AML regulations have a significant impact on regular people because there is no de minimis threshold for money laundering, and certainly none for anti-terrorist financing, which is often conflated with AML. Compliance officials in both companies and government agencies are explicit: even sending a single dollar to a terrorist organization like Hamas constitutes a crime. Since they care about every dollar, banks are required to surveil transactions down to the smallest amounts representable on a computer. This effectively creates an ongoing tax on productivity, and sometimes these regulations can lead to unintended consequences.
For example, if someone jokingly writes "cocaine and hookers" in the memo field of a Venmo transaction, the system’s surveillance will flag the reference to cocaine. Even though one of these purchases might be legal in certain places in the U.S., the other definitely is not. Compliance teams at Venmo or similar institutions will have to flag the reference to cocaine, and at some places, they might simply warn the user to stop making such jokes. However, many institutions are reluctant to assume it’s a joke, as doing so could be perceived as "tipping off" even the most careless drug dealers. Since there are indeed many careless drug dealers using the financial system, the institution may choose to immediately sever ties with the customer to avoid any appearance of aiding in money laundering.
There have been cases where subgroups within financial institutions were complicit in aiding criminal activity, even if the institution as a whole was not. Institutions are highly attuned to avoiding these scenarios, given the severe regulatory and reputational risks involved.
I believe it was HSBC that was fined $2 billion because, during the placement stage of laundering money in Mexico, the cartel had standardized on using a specific size of box to transport cash. This box didn’t fit through the bank’s teller windows, which created a logistical issue for both the cartel and HSBC. Recognizing the value of their business relationship, HSBC made the decision to resize their teller windows to accommodate these cartel boxes of cash. When government investigators discovered this, they were understandably furious, leading to the hefty $2 billion fine.
[Patrick notes: I slightly muffed my retelling of this story. The cartels designed the boxes to fit the windows, enabling them to deposit hundreds of thousands of dollars of obviously suspicious cash at a time. See DOJ's Statement of Facts at paragraph 50.
The broader reason for the prosecution is not the specific tactic used, but HSBC having a severely compromised compliance culture in some of their national franchises, active knowledge of this fact, and no prompt corrective action. To quote one of my favorite memos, written about their Mexican operation specifically, "We have seen this movie before, and it ends badly." (pg 62-63)]
As a result, every compliance officer since then is reminded of this incident and taught two key lessons: First, these are responsibilities that society has imposed on us, and we are obligated to fulfill them. Second, any ambiguity in whether your actions are aiding someone involved in money laundering will be interpreted against you. This has created a culture where localized, seemingly reasonable decisions can feel outrageous to those affected by them, much like having a gun pointed at you for making a bomb joke at an airport.
We’ve developed a particular sensitivity to certain risks—like bombs in airports—and while the severity may not seem proportional to the individual in the moment, it reflects broader systemic priorities.
Financial system as law enforcement
Erik: You also mention in your piece that you agree with cryptocurrency advocates that the financial institutions are deputized to act as law enforcement agents.
Patrick: Absolutely. You could fill entire books with the requirements imposed by AML and KYC regulations, but the short version is that these regulations essentially deputize financial institutions to monitor an enormous volume of transactions—far more than anyone could realistically track manually. Just as the sheer volume of transactions today far exceeds what could be handled with paper and smoke signals, we rely on computer programs to flag potentially suspicious activity.
Most institutions use software from a small number of trusted vendors, and while some have in-house engineers tweaking the systems, the alerts primarily come from these standardized programs. These systems generate alerts based on various signals, intentionally vague for good reason, to flag transactions. However, these programs are not very discerning—their false positive rate is over 99%. This means banks have floors of employees who review brief transaction summaries, trying to determine whether they’re just another false positive or if they might indicate criminal activity. If the latter, they are required by law to file a Suspicious Activity Report (SAR), which is essentially a two to four-page memo sent to the Financial Crimes Enforcement Network, or FinCEN.
Now, when people hear that, they might assume FinCEN has its own floors of people reviewing these memos and pursuing enforcement. In reality, FinCEN only has a few hundred employees. Most of the SARs they receive never get read; instead, they go into a searchable database accessible by various law enforcement agencies. Those agencies find the database invaluable, not because they act on each report like the NYPD would respond to a crime report, but because it helps them reconstruct prior bad acts when they’re already investigating a case.
This system results in tens of thousands of individuals across financial institutions—essentially a workforce larger than the entire U.S. intelligence community—spending their days clicking through alerts, dismissing the vast majority as irrelevant. Occasionally, someone might flag something as worth investigating further, producing a report that will probably never be read.
From a cost-benefit perspective, whether this system is justified is questionable. There are significant downstream consequences that I’m confident our society did not fully anticipate, sign up for, or feel satisfied with. Consider the broader context: equity has been a major focus in recent years, and before that, there was a push to bank the unbanked. However, these regulations can have unintended, counterproductive effects on those goals.
If we were to force a concrete discussion on the trade-offs between banking the unbanked and KYC regulations, or between equity considerations and access to retail financial services versus KYC requirements, I don’t think people would agree with where society has currently drawn the line. But that conversation has largely been avoided.
If you consider other priorities, like economic growth—something I value highly—it’s evident that getting businesses off the ground is crucial. In their early days, startups are often overwhelmed by paperwork, which doesn’t just appear out of nowhere; someone has to generate it. The burden of paperwork limits these businesses' access to the financial services they need, especially in the critical first days, weeks, or months. I’ve seen this challenge firsthand in my own ventures and in the companies I’ve assisted professionally. The KYC hurdles hit early and hard, often disproportionate to the actual risk involved.
If you think about it statistically, if I were to help 100,000 businesses over the years, how many of them would likely be fronts for drug dealers? Probably none. Yet, we impose a time and attention tax on those 100,000 entrepreneurs to maybe catch one money launderer after the fact and to enable the government to seize their funds. This is a significant aspect of U.S. practice: KYC regulations create a self-contained crime on a bank document, simplifying the prosecutor’s job.
Lying to banks is a crime. You're required to declare your purpose for using an account, and if you don’t truthfully state, “I’m using this account to launder drug money,” and instead provide a false reason, such as claiming the funds are for a real estate deal, the government can seize all the money that flowed through that account. Filing a forfeiture action against it is often easier than securing a conviction for drug smuggling, because proving the lie on a bank document is more straightforward than proving the underlying criminal conduct.
[Patrick notes: It also makes the evidence available from one single entity with an impressive record of always responding to communications and keeping extremely organized records, which is not true of most forms of evidence. I cannot understate how importance this is, and neither can your U.S. District Attorney of choice, in their indictments for a wide variety of crimes. You will routinely read 2 pages of descriptions of crime-y crime and then 10 pages of recitations about money movement, with that money movement generating independent charges.]
Patrick: The supposed real estate deal is as real as dragons—it doesn’t actually exist. Once prosecutors investigate and realize this, they can effectively say, “Tails, I win all the money,” and proceed with forfeiture. This process often funds various expenses for the investigating law enforcement agency, including military surplus equipment. That’s the “success case” for these regulations, and I understand why those who directly benefit from forfeiture see it that way. However, it’s far from obvious to me that this is a success for society as a whole.
If we imagine a dial controlling how extensively we apply these regulations to transactions, I’d argue that we could afford to be more tolerant of certain abuses of the financial system in exchange for a substantial increase in the utility of legitimate users. This idea, which I might have borrowed from Dan Davies, is something I’ve repeated often: the right amount of financial fraud and money laundering is not zero. For the financial system to remain usable by those with legitimate intent, it will inevitably facilitate some criminal activities.
Few people in Washington or in bank boardrooms are willing to plainly state, “Yes, if we operate a bank, we will facilitate some criminal activity, and that’s acceptable because operating a bank is beneficial.” Yet, that’s essentially the trade-off we’ve made. So the real question becomes, at the current margin, are we facilitating enough criminal activity? If you didn’t like the first statement, you’re probably going to be even less comfortable with that one.
We live in a complex system with diverse and sometimes conflicting desires. We shouldn’t be singularly focused on interdicting crime; we should also consider the needs of people like an immigrant in central Japan who wants to send money to a cousin for school. In the political economies of countries like the United States or Japan, such individuals often have very little voice, yet we still bear the responsibility, as a society, to allocate some level of attention and resources to them. This ultimately raises the question: should they be able to access the banking system?
I believe they should be able to use the banking system for straightforwardly legal activities.
This perspective aligns somewhat with what the crypto community has been saying for a while, but where I diverge is in the belief that simply circumventing the system won’t fix the system or its outcomes. Circumventing might generate significant profits for some—both good faith and bad faith actors—but it doesn’t address the core issues. Eventually, a reckoning comes where regulators will insist, “You have to go legit now. You either comply with the regulatory apparatus, or we send you to prison.”
We’ve already seen parts of the U.S. crypto economy start to agree to “play ball” with regulators. For those considering investing significant effort over a decade or more, instead of focusing on inventing circumvention technologies that will eventually need to be reconciled with regulations, it might be more productive to engage directly in the societal debate. Advocate for recalibrating the balance between aiding good faith users and mitigating crime, rather than trying to bypass the system entirely.
Ideal changes in the financial system
Erik: If you could wave a wand and change anything related to what we've been talking about, what would you do differently?
Patrick: Oh man, there are many magic wands I’d want to wave. If I truly had one, I’d make it possible for us to be more honest about the trade-offs we’re actually pursuing. Right now, it’s perceived as incentive-incompatible within the broader U.S. political system, regulatory agencies, and similar institutions.
We often end up talking out of both sides of our mouth on this. There are other policy areas where we do manage to appreciate nuance. We sometimes delegate complex questions to experts who can keep multiple thoughts in their heads simultaneously.
[Patrick notes: Consider, for example, the amount of intellectual effort that the U.S. puts into the ethical dimensions of prosecuting wars. “Just war theory” is a thing you can study, and indeed you will be made to study if relevant to you. Regardless of whether one agrees with decisions on the merits you can trivially observe robust policy debate about the tradeoffs.
This doesn’t happen at Compliance University. There is no “just AML theory.” Even the usual suspects in e.g. advocates for the unbanked very rarely mention AML/KYC as explicit blockers to their preferences in their scholarly literature. Putatively pro-consumer regulators and politicians in the U.S. consider e.g. bank fees to be a very high priority but account opening requirements to be all but out of their remit; the discrepancy in emphasis between those two topics is probably 10,000:1 or more.]
Patrick: If I had a magic wand, I’d use it to help society acknowledge that the trade-off between providing financial services and crime interdiction is one where we’re capable of considering multiple factors and making balanced decisions.
So, in essence, the magic wand would help America be better at being America.
Erik: I think that's a great note to end on, and we covered many topics that are very on-theme for this podcast. Thanks for letting me turn the tables and reverse-interview you.
Patrick: Thanks very much, Eric. And I'll see you folks next week.