Nigel's Eyes

20210915 Q.When is a ″threat not a threat? A: when it’s a risk.

We hear a lot about ″threat assessments″ in relation to financial crime (that is crime for which the primary activity is dealing with money). We hear about the ″threat″ that various form of economic crime (that is crime for which the primary objective is to make money) pose.

But when someone focuses on the ″threat″, he has come late to the party.

A threat is, by definition, an indicator of imminent harm. Until that point it is not a threat, it is a risk.

In a world where hyperbole is the norm, the importance of this distinction has been lost.

In all walks of life, we make decisions over all kinds of things on a moment by moment basis and some of them have hidden consequences.

For example, when you make your tea, toast and boiled egg for breakfast, do you wash out the pan you used to boil the egg, put the butter back in the fridge, wash the knife, brush down the breadboard and put it back in its place before or after you have enjoyed your breakfast? Psychologically, it matters. If you leave the kitchen messy and have to clean up after breakfast, it seems like it’s the price you pay for your enjoyment; it feels like a penance.

But if you clean up and then eat, so that only your egg cup, plate and teaspoon remain to be done in a matter of moments, then this is not a chore, indeed because the kitchen was clean when you went back into it, cleaning your own plate, etc. is insignificant. More importantly, your breakfast has been a reward for cleaning the kitchen.

It is tiny decisions like these that help you to identify and manage risk long before it becomes a threat; in our terms, they detect and deter a particular course of conduct before the threat becomes manifest.

We see a similar failure to properly differentiate between important concepts in the expression ″trust and verify.″ This is exactly the opposite of good practice in relation to the opening of accounts – and even the later conduct of those accounts. It should be ″verify then trust″.

Ideally, suspicion arises during the ″risk″ phase. It is at that point that a business that is regulated for financial crime purposes is best able to avoid becoming involved in whatever scheme the criminal aims to develop.

I used to say that money laundering is the only crime in which the victim is also prosecuted. That is no longer so as laws requiring companies to avoid committing offences, for example bribery, spread around the world.
The company is the victim when someone – either a member of staff or otherwise – commits an offence using the company as an unwitting conduit. It is not only companies: so called ″money mules″ are often entirely unaware that they are money laundering or passing money for terrorists, etc. They have been the victim of a confidence trick, thinking they were employed and, often, fall prey to a form of Stockholm Syndrome in which they are loyal to their ″employers″, even in the face of warnings from friends and family.

I have, since the mid 1990s, warned banks, etc. about another form of Stockholm Syndrome where, as a result of a relationship between a customer and e.g. a bank officer the officer metaphorically walks around his desk and sits alongside the customer.

This is because people trust then verify rather than verify then trust.

Which brings us back to risk v threat.

If you walk down a deserted dark alley, you may be aware that there is a risk that someone will pop out of the darkness and cause you harm. But at that point there is nothing to indicate that that is anything beyond natural caution.

If there is someone walking along the alley in the opposite direction, does his present automatically lift the situation from risk to threat? No, even if he is dressed in a way that makes you uncomfortable.
If you step to one side and he steps to the same side, the risk increases but it is still not a threat.

There may, or may not, come a time when a threat arises. But that will depend not on your state of mind but on circumstances over which you have no control. You can mitigate the risk – you can avoid the alley, you can cross to the other side, for example. You might even say a cheery ″good evening.″

But, unless and until the other person, if indeed there is another person, moves in such a way or says something relevant that indicates to you that some adverse activity is imminent, it never moves from ″risk″ to ″threat.″

If it does move to ″threat″, then the responses to a threat are entirely different to responses to risk.

That’s the challenge that we face in relation to both financial and economic crime. The correct approach is to identify and manage risk, to take the appropriate action before risk becomes threat.

From a macro, one might say a political, perspective, we have to understand that belligerence is not necessarily a threat. Jingoistic statements by national leaders are not, generally, a precursor to military or economic actions.

But sometimes they are.

Sometimes a threat is delivered with no intention of immediate harm: in such circumstances even though harm is not imminent, it has nevertheless risen from risk to threat.

In e.g. money laundering terms, the threat arises when the transaction is arranged; once it has been executed, it is no longer a threat because threats can exist only in relation to a future action.

However, it generates a further set of risks such as the risk of criminal or regulatory investigation sets up the circumstances where a risk can mutate into a threat.

So, as you can see, to use the correct phraseology is not a matter of being pedantic: it clearly demonstrates where, in a particular process, you are.

Does major, organised, economic crime pose a systemic risk to society and to economies? Yes, it undoubtedly does. This includes organised drugs, weapons and people trafficking, for example.

Does it reach the level of ″threat″? That is far less certain and there is no simple answer. Can such crime destabilise a country, either in terms of society or economically? Sometimes, yes it can. One only has to look at Mexico as the latest country to find itself in the grip of organised criminals.

Has Afghanistan moved from risk to threat or is it only certain persons within The Taliban and its associated terrorist groups that should be considered a threat? Should any of them?

The message I want to leave you with is this: if we keep inflating language so that everything sounds the most serious it can be all of the time, are we failing to recognise that there is a scale of conduct much of which is nowhere near the level that any ordinary person with a reasonable command of English would consider a threat?