[ajross]

More like, "some people try to commit fraud, so banks are required to implement AML/KYC processes to make the attack more difficult". Repeatedly asserting one is not dead is, if you think about it, more or less analogous to the documentation requirements for managing a large account at an investment bank.

Is it the best solution? Likely not. But the problem is real and does demand a solution of some form.

[logifail]

> Is it the best solution? Likely not. But the problem is real and does demand a solution of some form.

From the original article: "According to the Department for Education (DfE), which oversees Teachers’ Pensions, death register entries may be matched to scheme members even if personal details differ. The DfE told the Guardian that once a possible match has been identified, the beneficiary may be asked to confirm that they are not the same deceased stranger every 12 months since the system, administered by Capita, does not log a disproved link."

The problem is with the approach in attempting to reduce fraud.

Once a false positive from an incomplete match from the death register is proven false - when the pension recipient tells you they are still alive - you don't need to check up on that same incomplete match every 12 months, because you already know it's false.

Demanding "a solution of some form" completely misunderstands the problem and is the same approach that gave us the Post Office scandal.

[ajross]

> same approach that gave us the Post Office scandal.

I don't follow? This is just a data quality problem. Should it be fixed? Obviously. But everyone deals with bad data. You can't fix that, you just optimize around it.

The Post Office scandal was emphatically NOT about a data quality problem. It was that they were criminally prosecuting people to cover up their data quality problem. Again, everyone has bad data.

[logifail]

> Should it be fixed? Obviously.

The system, administered by C[r]apita, does not log a disproved link... so we get:

DfE: "Hello, are you dead or is our wrong data match from last time still wrong?"

The repeated asking of the same question is them covering up a data quality problem!

[g_p]

> This is just a data quality problem

Isn't this really a process problem (i.e. a missed requirement), so that after the first instance of a queried match (for whatever reason), the unrelated death record (which will have some kind of unique document identifier or can have one derived from the information on it and date of issue) can be excluded from being matched against the subject user? (As realistically you could have 2 people with same name and DOB, it seems like the issue here is not data quality.)

It sounds like nobody created a requirement in the design stage for the ability to say "I've checked this, it's not the same person, don't flag this same death entry again". That's maybe not something envisaged at requirements time, but the need for it now becomes apparent.

[aetherson]

AML/KYC regulations are, well, as the name suggests, anti-money laundering regulations, they aren't about the customers defrauding the bank. The bank presumably doesn't need to have regulations to incent it to keep its customers from defrauding the bank itself.

[AnthonyMouse]

Not only that, AML/KYC regulations are extraordinarily ineffective. It appears that some people thought they were a good idea and passed them without ever following up to see if the benefit is worth the cost, and the answer turns out to be a resounding no.

[zimpenfish]

> passed them without ever following up to see if the benefit is worth the cost

Pretty much the same for all the work UKGOV does to try and combat "fraud", sadly - they always end up spending multiples of the amount they'd save[1]

[1] whilst at the same time enabling fraud of their own like the fast-track PPE contracts, etc.

[AnthonyMouse]

This is worse than that. At least in theory if you spend resources prosecuting fraud, you could prevent more fraud than you prosecute through deterrence.

But that doesn't apply here because the reason KYC/AML is so ineffective -- literally 99.9% ineffective -- is that it's so easy to transfer value in some other way. And in turn to claim that even if you're using a traditional bank.

Money laundering is fundamentally very simple. They open a business that could plausibly generate that amount of profit and then claim the money was the proceeds of that business instead of the illegal one. The bank has no better way to know this is happening than the government, and the only people who do are in on it. So the rules are totally ineffective and because they're totally ineffective, they don't provide a deterrent.

But it's even worse than that. Most government waste is actually somebody's profit or salary, so then they lobby to keep it, but if it's a lot of waste then competing sociopaths lobby to cut it so they can get the tax money, which provides at least some financial pressure to limit the excesses of any given program.

The primary cost of AML/KYC rules isn't tax dollars. They fall on the general public through invasion of privacy, bureaucratic overhead, transaction costs and impaired competition between financial institutions. The general public is a diffuse group without organized lobbyists and without a thorough understanding of how much this is costing them. It also falls disproportionately on people who are already disadvantaged and have even less political influence than average. So there is no one supplying strong political pressure to get rid of it despite the high costs and near-zero effectiveness -- it's basically down to the people who have figured out how stupid this is to make it go away on their behalf.

[swells34]

This is a stupid take. Partly because of the use of acronyms for key terms, but also from the "constantly bothering a person is okay because it makes good security easier for us". There are plenty of good solutions that don't require you to heckle old ladies, and regular queries are generally bad security policy anyways. Regular boilerplate check-ins just breed complacency, after the 30th one do you think the person checking in is going to make sure the voice they are talking to on the other side is the right person? People get lax doing busy-work they know could and should be done by a computer. You ever had a job where you had to change passwords every 90 days? Opposite of security.

[ajross]

> This is a stupid take. Partly because of the use of acronyms for key terms

I thought that was clear enough in context. But: "Anti-Money Laundering" and "Know your Customer". They come up a lot in discussions here. Also, FWIW: if you're unclear about what someone meant, calling them stupid is a really terrible way to educate yourself.

[carom]

AML and KYC are about funding terrorism, not fraud.

[tedivm]

I honestly have to ask if you read the article. The only reason this is happening is because of how their system works, not because of any laws. When they detect that someone with a similar, but different, set of identity information dies they reach out to see if that person is the same as the one paying out the pension to. The problem is that once they confirm it is not the person, they keep asking anyways.

This woman had to confirm three times in one month, and then still had her pension stop.