Another sad anecdote: A bank in Finland suspended an account for a text in free-form message field of a bank transfer. The message was for a vet visit of a dog named Ira. When you say "Ira's payment" in Finnish, you add suffix -n, so the text field said Iran, which of course must indicate money transfer to a sanctioned country. It is comforting to know that the bank system catches all the illegal activity that the sanction-busting criminals helpfully announce.
A bank in France (Boursorama, now Boursobank IIRC) locked someone's account because they did not provide the document.
Yes, "the document", without telling which document. When calling the support, they first said that it must be indicated, no kidding. And then they said that it was not possible (despite getting screenshots).
It is sometimes a matter of having the wrong attribute set somewhere in a database and welcome to hell.
At least you got an explanation, I had my Vivid account blocked without one, the only interaction was by chatbot, the only response I got was can't disclose the reason because of compliance issues. For extra fun trying to get the funds on the account back I had to go to an online form, which didn't have the fields I was told to fill in, and again was met by no response. Eventually had to go through EU dispute settlement to get a human response and an email link to an app for digital identity validation, eventually I at least got my funds transferred to my main bank. Why the account was blocked remains a mystery, I only used it for online payments and never even contested, refunded or failed one.
Anyway, it's utterly bizarre to me that banks can get a license to run their business with what seems only a marketing and it-team with virtually no recourse for the customer, it was a WTF moment for me and I hope to never get in such a dystopian situation for something I really rely on, be it banking or (utility) services. (and I got a slightly better understanding how it must feel like for the victims of the Dutch childcare benefits scandal (https://www.politico.eu/article/dutch-scandal-serves-as-a-wa...))
I had a financial company attempt to withhold my money so I skipped the chatbot and went straight to the CFPB. They were suddenly able to ACH the funds back to the account they originally took them from. Just goes to show how arbitrary and capricious all these companies are.
An acquaintance of mine (in Europe) had a default bank transfer message "al-qaeda terrorist fund" for years and years. That did finally raise some flags, but a visit to a bank office was enough to get the account unblocked.
Being a bit stubborn, he still kept the message and just applied rot13 to it.
I once wanted to make a small network of bots hosted at frriend's homes. These bots would talk each other by sending some Shakespeare's play excerpts where you would replace the names of the characters by names of various criminals. Just to see how long before I get caught :-)
Until I read that the law in my country explictely forbids "deceiving" the police...
You got my point. That's why I was thinking about being backed by a lawyer 'cos at some point the discussion between "deceiving" and "acting" could be raised :-)
What's funny about this is that multiple people at this bank think that a terrorist group would just freely advertise itself this way. Like some local cell leader names his accounts "Groceries", "Home Repair", "Bombing Supplies"
No, they don't. The banks know perfectly well that this doesn't catch terrorists. But by law they are liable if a terrorist uses their services if they don't have a program to detect terrorists. A key-word match on Iran, bomb, ISIS, etc. is enough in the eyes of the regulator.
No it isn't (at least in the US). Banks have to adhere to Know Your Customer laws, and have to refuse services related to any person or group that's been sanctioned. OFAC has a search tool for such persons[0], but notably says that even using their tool isn't enough to avoid liability. Just saying "we looked for 'bomb supplies' in the memo" isn't going to cut it.
You might see dumb things because banks will do anything they can think of to ensure they comply, and enough in the eyes of the regulator is that they don't allow banned transactions.
Yes, you're meant to do KYC checks, but also be on the look out for things that your non-sanctioned customers might be doing (post KYC checks) that involves interacting with Sanctioned entities.
Hence lots of pattern matching on names of sanctioned countries/organisations/people.
I chuckled. And I know you have a point. I just immediately translated the story to US and this person would have a hard time keeping that account ( or any if he continued ).
Still, actual terror group would do it the same way intelligence agencies call their division 'room 10' as a code for something else. As a species, we certainly are a little weird.
> but a visit to a bank office was enough to get the account unblocked.
What would have happened if your acquaintance was from Middle-East or Middle-East looking? Probably the story would not have ended so happily or at least not so fast.
Fun fact: one of the biggest banks in France has a branche on “Avenue de Cuba” in some city in South America (maybe Buenos Aires but I can’t quite remember because it was about 10 years ago I found this out). They get bank transfers to and from that branch blocked from time to time for “sanctions busting” because people just string match on the name “Cuba”.
They're scared of the bad press that that one criminal that does announce their payment's purpose and later gets caught will bring "See, it even said in the note field that it's for Iran and they didn't catch it. Bank X is so incompetent"
