“Knowledge of the enemy’s dispositions can only be obtained from other men”

Sun Tzu

Intelligence plays a critical role in the effectiveness of a regulator through developing greater understanding of the at-risk behaviors manifesting in the targeted population/area/entity. In the information age, much of regulatory intelligence is formed from analysis of data, leading inevitably to the resource-question of how much intelligence effort should be invested in the development of human sources. Human intelligence – also known as HUMINT – is intelligence discerned from information collected from human sources.

HUMINT sources vary greatly and can be anything from a conversation to complex source cultivation to surveillance. Investment in information and systems often follows a sense of optimization in which HUMINT is viewed as less valuable than it once was or otherwise can be replaced by data. However, this paper argues that HUMINT retains its importance as an invaluable avenue for intelligence practitioners to inform the ‘why’ and the intent of the actor/s subject to regulation.

Gaming regulators, like many other regulators, have increasingly moved towards sophisticated data analytics programs, which can help to sort and make sense of the vast amount of information they collect on a daily basis. This has led in many instances however, to an over-reliance on data and less emphasis on other collection methods.

While data provides a valuable addition to the regulatory toolbox the importance of building and maintaining a robust HUMINT capability within a gaming regulator shouldn’t be ignored. In addition, the excessive expenditure on this new tool has not led to greater knowledge, and data modelling has not proven the silver bullet for informed regulatory decisions it once may have seemed.

The art of asking questions of people remains often a simpler and cheaper way to add meaning to complex data than investing in expensive analytics systems.

There are two major categories of human sources: controlled (eg agency liaison and agent / Informant handling) and uncontrolled. This article focuses on uncontrolled human sources that is the traditional collection domain of regulators pre-information age and includes tip-offs, complaints and any audit / investigation / inspection that involves engagement with people.

Uncontrolled human sources generally have no specific requirement to provide information but may have access to information, which they can supply. This may occur regularly or be a once off. Uncontrolled sources are cheap, on the ground and often available in real-time. The inclusion of a broader community of actors associated with the jurisdiction being regulated is a force-multiplier for regulators and is a critical and acknowledged capability to be leveraged by intelligence officers.

As an analogy, take recreational fishing regulation. A regulator with 70 inspectors can maximise their surveillance and therefore intelligence coverage if they harness the several thousand recreational fisher-people in their jurisdiction willing to take the time to pass information as community sources. Such a system requires active management of participation and not simply managed through an impersonal call center.Most regulators have no system of recognizing a valuable community source for transfer into more of a managed (controlled) source system. Additionally, uncontrolled sources usually generate a large amount of ‘noise’ which requires a robust capacity to prioritize and evaluate source information. It is often expedient to allow this information to disappear amid a flurry of meaningless complaints statistics rather than use it for intelligence purposes, or even use it as a measure of the public value of the regulator. 

A key intelligence-design question to ask is, ‘which part of your operation will benefit most from community input?’ This may allow ‘flags’ to be placed in call center operations so that when specific fields or key words are entered that respond to a person or issue of interest, a discrete indicator is raised with the intelligence team.   A key public value performance measure question to ask is, ‘does the regulator value input from the community to their intelligence system as a measurable sense of its own public value?’ Many police forces can rate the value of their public tip-off system in generating quality cases as a measure of public respect for the police. However, most regulatory performance reporting is silent on this key connection.

A good HUMINT collection system must be able to deal with intelligence nuisances, be able to assess ‘clean skins’, value one-off input and separate out those few sources that may be needed as long-term informants. In assessing the input against harm and trust parameters, the intelligence system can advice on the transition of human source information to effective case initiation and outcome.

Lastly, a robust HUMINT system needs to be inclusive of the many voices from representative bodies and interest groups which may offer key insights or represent the view of many in a distilled (if often heavily biased) manner. To illustrate these ideas, Case Study A (at the end of this article) relates to the question of low-level, broad scale money laundering, the pitfalls of inbuilt analytical system thresholds and the effectiveness of HUMINT.

Money laundering is one of the most adaptive and flexible set of methodologies of any crime type. The innovative ways in which criminal entities launder money is astounding. What does this mean for regulatory intelligence in the gaming industry? It means that an overreliance or a sole-reliance on data-based reporting and monitoring leaves the regulator open to significant risk.

As our systems become smarter, so too do money laundering methodologies adapt to avoid or exploit those systems. Money laundering in the gaming industry is – at its heart – a behavior. This is one of the critical vulnerabilities for a money launderer: at some point, particularly at physical establishments, they can be observed.

As a final note, the makeup of an intelligence team within a gaming regulator should take the nuances associated with HUMINT into account. Does your team have the capacity to conduct HUMINT collection and analysis alongside data analysis? Collection requires a great deal of empathetic and relationship management skills on behalf of the intelligence officer. Can such training be prioritized to the same degree? Are there people on the team whose work preferences lend themselves to be better at cultivating relationships? Do they understand human source information evaluation processes? Is there a person(s) on the team who has experience in behavioral analysis and can deduce and identify patterns of behavior over time and across different reporting sources?

A robust HUMINT incorporation into an intelligence team can dramatically expand the effectiveness of a gaming regulator however, it is not a systems solution. To build a successful HUMINT capability requires specific recruitment, extensive relationship cultivation and ongoing training for both intelligence team members and regulatory field officers.

Case Study A

In a previous intelligence role, my team received data downloads on a daily basis from regulated entities as well as transactional reports from other government departments. We used this data to identify potential money-laundering indicators as well as other suspicious financial behavior at several physical gaming establishments.

One morning, I received a tip-off from one of our venues of a patron acting suspiciously. This individual had been observed by the floor manager. The behavior was described as ‘the individual is inserting notes into a slot machine, playing one game and then immediately withdrawing the money’. This behavioral indicator of small-scale money-laundering activity is common and used at electronic gaming machines world-wide (which is no news to most of those who work in gaming regulation). However, it represents a critical intersection between data and HUMINT.

These small-scale suspicious activities are often carefully orchestrated by the perpetrators to not ‘ping’ flags in the data monitoring system. This means that while the transaction is captured and is accessible by the regulator, software that is programmed to bring suspicious behavior to the notice of the team responsible may not pick it up. Moreover, even if the technology does manage to flag it, if the amount is small (as is often the case in these sort of instances), the likelihood it will be prioritized for investigation is low.

However, in this particular instance, Suspect X was doing the same thing at multiple establishments on a weekly basis, as were a large number of their associates. The only reason this information came to light was through drawing links between tip-offs that described similar behavior. These tipoffs were recorded as they came in within a HUMINT collection system. This system was periodically used to perform network and timeline analysis to form possible links between tips. The result, on this occasion, was a money laundering network which had laundered hundreds of thousands in a short space of time without raising a single flag on our database. All of the information was present, we could see the transactions when we looked for them but all had ‘gone under the radar’. However, the suspicious and recurring behavior of these individuals was almost immediately noted by staff at gaming establishments, and many of them communicated those suspicions to the regulator and to law enforcement. Had our team not had the ability to prioritize HUMINT alongside our daily data analysis, it is likely that this network would have continued to go undetected. 

AUTHOR

Anne-Maree Quarmby is the Chief Operations Officer of Intelligence Rising. Intelligence Rising offers bespoke, face-to-face training and consultation services for law-enforcement, regulatory and defence agencies in Australia and New Zealand. Anne-Maree and Intelligence Rising can be contacted here.