A problem of Action
There is a vocabulary problem at the centre of financial crime.
When powerful people steal — through tax structures, through misrepresented accounts, through the quiet rerouting of public funds to private pockets — the act acquires a technical name. The name describes the legal mechanism. But over time the mechanism becomes the story, and the story becomes the defence. A tax cheat is engaged in aggressive avoidance. A fraudulent executive misstated material information. A kleptocrat manages a sovereign wealth vehicle.
The renaming is not incidental. It is the first and most important line of defence available to people who steal in ways that require paperwork.
Intelligence-led compliance is the discipline of looking past the paperwork to the underlying act. It starts not with a transaction to verify, but with a question: what would this look like if someone were lying?
The discipline draws a precise distinction between information and intelligence:
Intelligence = information + action
Information is unprocessed. Intelligence is something that results in a decision. If a risk assessment does not change what someone does tomorrow, it has not served its purpose. It is filing, not intelligence.
The origins of this framework
In 2003, New Zealand’s Office of the Auditor-General examined IRD’s taxpayer audit function and found it materially under-developed. The intelligence capability needed to drive risk-based compliance was not in place.
Adam Hunt joined IRD in 2004 to build that capability. By 2005, a national intelligence function was operational — drawing on intelligence practice from military, law enforcement, and policing contexts (notably Intelligence Led Policing and the Braithwaite compliance model) and applying it to regulatory administration. At the time, very few revenue authorities anywhere had formalised anything comparable. The OECD guidance that now underpins most national compliance strategy was still being written.
When the OAG returned in 2006, it found IRD had:
- Identified intelligence needs and devised a final implementation strategy
- Established Compliance Risk Analysts running modelled risk identification across the taxpayer population
- Built a system of behavioural risk analysis that directed intervention before formal audit — a fundamentally different posture from the process fast, audit later model the OAG had criticised
This is a publicly verified record of transformation. The framework codified in the 2008 Blueprint remains the foundation of this practice today.
From IRD, the practice moved to the Financial Markets Authority, where Adam established the strategic intelligence function as part of the founding executive. The same logic applied: not transaction monitoring after the fact, but modelling of where harm was being constructed before it fully materialised.
Since 2014, this work has continued internationally — with the IMF and the ADB — working with revenue authorities across Africa, Asia, the Caribbean, and Central Asia on the institutional architecture of intelligence-led compliance.
How the framework operates
Service and enforcement: two different problems
A regulatory or compliance function must simultaneously deliver service and enforce obligations. These are not the same activity and they require different management approaches.
Service is about managing goods — well-intentioned outcomes, process management, making the process so easy it is hard not to comply.
Enforcement is about managing bads — detecting and addressing variance from legal obligations. Enforcement activities are about finding new issues (threats), quantifying them (risks), and prioritising for intervention. The most mature enforcement model available in the public sector is policing, and specifically Intelligence Led Policing.
The goal of an intelligence-led compliance function is to integrate these two streams under a single compliance intelligence capability that directs the right treatment to the right risk at the right time.
The intelligence model: interpret, influence, impact
The core model (adapted from Ratcliffe’s 3i framework) describes how intelligence functions:
- Interpret: Analysts interpret information from the environment — both internal data and external sources — to build an evidence-based picture of compliance risk.
- Influence: Intelligence products are presented to decision-makers to influence their choices about where to direct intervention resources.
- Impact: Those decisions impact the environment — changing behaviour, deterring non-compliance, and improving the integrity of the system.
The critical constraint is objectivity. Intelligence functions must be based on truth. They do not make decisions; they inform them. The greatest challenge is maintaining objectivity in the face of cognitive bias and institutional pressure to confirm what decision-makers already believe.
The intelligence hierarchy
Intelligence operates at three levels, and poor integration is a persistent failure mode (the intelligence black hole, observed in the NZ Police review of 2001 and replicated regularly in other agencies):
Strategic — Assesses external risks in the longer term. Sets objectives. Identifies unknown threats. Requires knowledge management, modelling, and a willingness to question the foundations of the system. Strategic intelligence must detect unknown unknowns — the compliance risks that have not yet acquired a name.
Operational — Translates strategic objectives into workable programmes. Defines specific issues, develops risk models, manages the tasking process. The main output is prioritised candidate segments for intervention at a project or programme level, blending treatments for the risk.
Tactical — Executes. Allocates specific candidates to specific actions. Monitors workflow. Investigators and analysts must work as a team — the analyst’s role is to support bulk prioritisation, not to act as administrative support.
An intelligence function that operates only at the tactical level — gathering information in response to immediate requests — is not intelligence-led. It is reactive, and it will consistently miss the highest-harm actors.
Four requirements for an intelligence-led model
- A professional intelligence capability to assess threats and risks.
- A governance system to evaluate, prioritise, and commit cross-organisational resources.
- A mechanism to draw together project teams to tackle problems identified by the intelligence.
- A way to deploy ongoing monitoring and intervention systems following projects — to maintain compliance gains in the long term.
Who this work is for
Revenue authorities and financial regulators building or rebuilding a compliance intelligence function. Institutional design, capability architecture, data strategy, and the cultural change required to shift from process fast, audit later to genuine risk-led intervention.
International institutions (IMF, ADB, bilateral donors) commissioning technical assistance for tax and financial regulatory reform. This practice has delivered programmes across Africa, Asia, the Caribbean, and Central Asia, and has contributed to the TADAT framework (Performance Outcome Area 2: effective risk management).
Private sector boards and executives who need to understand what their compliance posture looks like to a sophisticated analyst — and build a genuinely defensible position before they are asked to defend it. The same intelligence-led logic that revenue authorities apply to find non-compliance applies in reverse: if your compliance architecture was being stress-tested by someone who assumed you were not compliant, what would they find?
Primary source: Intelligence Led Regulation — A Blueprint. Adam Hunt, 2008.
Operational reference: A Vision for Strategic Risk & Intelligence. Adam Hunt, 2018v2.
Public record: Inland Revenue Department: Performance of taxpayer audit — follow-up audit. Office of the Auditor-General, October 2006.
My thanks to Prof. Malcolm Sparrow, Jerry Ratcliffe and Mark Lowenthal for the inspiration, and the foundation of my work.