Should We (Literally) Trash Cash?


November 8, 2016 was a big day. Millions of citizens were stunned, literally unable to believe what had just transpired. Economists issued dire warnings, suggesting a negative shock to future growth. Many took to the streets in protest. Within a week, election commission officials started raising concerns over potential fraud. And over the next few weeks, dozens died. It will be a long time before the events of November 8th are forgotten. Separately and completely unrelated, on the other side of the planet and on the very same day that spurred these events, America elected a new president.

November 8th will be remembered in India for a long time to come. In a televised speech to the nation, Prime Minister Narendra Modi announced that cash notes representing 86% of the country’s circulating currency would no longer be accepted as legal tender come midnight that same evening. The existing 500 and 1000 rupee notes that he demonetized, Modi explained, could be exchanged for newly issued notes before the end of the year. For those willing to provide identification when exchanging notes, the exchange period would be open until March 2017. (At current exchange rates, a 500 rupee note was worth about $7.50; a 1000 rupee note, $15.)

Given that the unexpected announcement came amidst news reports that the US election might affect the subcontinent’s relationship with America, Indians were caught completely off guard. In fact, many were stunned. And in a fast-growing economy with a large informal sector and in which it’s estimated that around 90% of transactions take place using cash, trashing most of the cash in circulation was not unlike throwing sand into the gears of a machine running at full speed. Furthermore, because hundreds of millions of Indians lack formal bank accounts, the impact was felt most by the poorest. The gender impact was also uneven, given that 80% of women in India, the UN reports, are unbanked.

Long lines at banks and ATMs quickly became commonplace, generating what the BBC reported as widespread chaos. One laborer noted “it was like someone had picked my pocket” as vendors refused to accept his currency. It’s estimated that at least 70 people have died as a result of the demonetization. Overworked bank officials, as well as those denied medical services because of inappropriate currency denominations, are among the dead. “Day of Rage” protests erupted across the country, and as they did, the terms of the demonetization changed on an almost daily basis, leading to even greater confusion and uncertainty.

As a result, economic activity in India is plunging. According to the Wall Street Journal, home sales are stagnant, political discussion about the scheme has brought the Indian parliament to a standstill, and tourists are paralyzed by the inability to use the Indian currency in their possession. The cash crunch is also rippling through supply chains, leading manufacturers to cut jobs, lower production, and reduce demand for raw materials. Former Prime Minister Manmohan Singh has suggested India will suffer a drop in GDP of around 2% as a result of Modi’s “monumental mismanagement” of the demonetization effort.

So what was Modi thinking? He noted his primary objective was “to break the grip of corruption and black money.” Modi further stated “black money and corruption are the biggest obstacles in eradicating poverty.” Indians hoarding bills would be forced to deposit or exchange them, allowing tax authorities to delve deeper into the sources of such funds. More tax revenues might lead to greater social spending and government support.

To prevent fraud during the exchange process, the government imposed limits on the amount of currency that could be swapped by any individual. To keep track of the limits, banks began to mark the left index finger of those who had exchanged old notes for new ones with permanent ink. But because this is the same method used to prevent election fraud, the Election Commission noted the marks might disenfranchise voters in ongoing local elections.

Another related goal of the effort, Modi noted, was to nudge the country towards “the realization of our dream of a cashless society.” According to research commissioned by MasterCard, India has one of the highest cash-to-GDP ratios in the world at around 12%, meaningfully above China (9.5%), the United States (7.5%), Mexico (5.3%), Brazil (3.9%), and South Africa (3.7%) but well below that of Japan (20.7%). Heading towards a cashless society would increase India’s effectiveness in monitoring tax compliance, tracking terrorist financing, and of course spotting financial crime and corruption.

India is not the only country to eliminate large-denomination notes to attack corruption. In 2000, Canada retired its C$1000 bill because of its frequent use in criminal transactions. But because the notes retained their status as legal tender, many of them remain at large. Separately, Singapore is phasing out its S$10,000 note. And just this week, Venezuelan President Nicolas Maduro made the 100 Bolivar note illegal in an attempt to thwart “Colombian smuggling mafias.”

In 2000, Canada retired its C$1000 bill because of its frequent use in criminal transactions.

Critics suggest that such efforts are ineffective at truly stopping large-scale corruption, however. Arun Kumar, author of the The Black Economy in India, estimates that only 1-2% of illicit wealth is stored in cash. Most, he notes, is stored in gold, in property or in Swiss bank accounts.  Further, Kumar notes that demonetization does not address the mechanisms or flow of dirty money—it only attempts to address the stock of prior gains from corruption. To truly target corruption, many believe essential policies include institutional reforms strengthening the rule of law, better law enforcement, and public awareness campaigns.

Nevertheless, arguments from academics to trash cash keep building. The Curse of Cash, a recent book by Kenneth Rogoff, supports the claim that a large portion of high-denomination paper currency is used to enable tax evasion, finance terrorist operations, and support underground economies in illegal drugs and human trafficking. (Rogoff wants to phase out the US$100 bill.) A paper by Peter Sands, a Senior Fellow at the Harvard Kennedy School, also recommended eliminating high-denomination notes to deter these activities. And Larry Summers, former US Treasury Secretary, has called for a global agreement to stop issuing notes worth more than $50 or $100.

To understand how these decisions might impact those transporting large sums of money in cash, consider the weight of US$10 million in various currency denominations. A criminal carrying such a sum in US$20 bills would need to lug 500kg (more than 1000 pounds!) of paper notes. In US$100 bills, the weight would drop by 80% to 100kg, about the weight of a large man. If using €500 notes, he would only have to carry slightly over 20kg. And using the Swiss CHF1000 notes could reduce the burden to a mere 11kg.

In a highly dynamic and uncertain global economy, there will always be nefarious actors trying to operate in the shadows. One way of targeting illicit activities is to increase the frictional costs of such doings by eliminating high-denomination notes. And although such efforts admittedly focus on symptoms more than the root causes of corruption, there is little downside in pursuing such an approach. We should of course insist on improved compliance and enforcement of a strong rule of law. But we should not dismiss trashing cash as a potentially useful tool to nudge better behavior.

Silicon Valley’s Nourishing Poisons


The emergence of digital technologies has transformed just about every element of our lives. It has enabled countless new business models, reinvigorated entrepreneurial spirits, and spurred the development of thousands of new products and services. There is no doubt that connected digital systems improve our lives.

But digitization has also created new vulnerabilities. Just ask senior executives of Home Depot, Target, Anthem, or JP Morgan about the risks of employing cyber systems to manage customer data.  Each company had the records of tens of millions of their customers stolen. And it’s not just customer data that’s at risk. After Sony Pictures was hacked, confidential information about employees and production plans were posted online. The hackers also tried to intimidate the company’s sales channels when it posted a vague threat against theaters showing the movie The Interview.”

But cyber risks can be much bigger than data or identity theft. Cyber attacks can disrupt the operations of digital systems. Las Vegas Sands, a global casino company, suffered a wiping attack that crippled the company’s operations. Twitter, PayPal, and Spotify have had their services disrupted by hackers. And Saudi Aramco had roughly 30,000 computers destroyed by a hacktivist group called the “Cutting Swords of Justice.”

And these are just a few of the known cyber attacks. On July 8, 2015, the websites of United Airlines, the New York Stock Exchange, the Wall Street Journal, and popular financial blog site Zero Hedge were all shut down for supposedly “technical reasons.”Coordinated cyber attack? Sure seemed like one to me. There are probably thousands of similar cases.

Cyber risks can be much bigger than mere data or identity theft.

The same technologies that enable us to rapidly order an Uber or to instantaneously download the latest book by Michael Lewis can also empty our bank accounts or steal our identities.  In short, cyber is a two-sided coin. About two years ago, Richard Danzig, former US Secretary of the Navy, delivered a speech he titled “Surviving on a Diet of Poisoned Fruit.” In it, he noted the very systems that enable wide scale collaboration and information sharing also allow for unprecedented intrusion. Cyber systems, he stated, both nourish and poison us.

Consider the case of Estonia, arguably the most connected country in the world. The small country was an early adopter of many e-government initiatives. It was the target of a 2007 cyber attack in which hackers effectively disabled the entire country, disrupting systems used by Estonian banks, ministries, broadcasters, newspapers, and even the parliament.

Last week I had the opportunity to speak with and listen to retired four-star Air Force General Michael Hayden, former head of the Central Intelligence Agency and the National Security Agency, at an event organized by First Republic Bank in Boston. Hayden’s message: We don’t fully appreciate the magnitude of the transformation that cyber systems are enabling. But it’s urgent that we do, and that we do so rapidly.

Hayden suggested we treat cyber as an entirely new domain, just as the military has done.  Doing so will allow corporate boardrooms and IT managers to focus on managing cyber risks more effectively. To help us rethink risk management in this new domain, Hayden pointed to the three primary factors driving risk: the threat environment, vulnerabilities in our defenses, and the consequences of an intrusion.

The threat level can be thought of as our level of participation in the cyber domain and the number of type of hackers who may want to inflict harm.  If we had zero participation in the domain, we wouldn’t have any risk. But it’s not a binary consideration: a company’s HR systems, for instance, could digitally store all employee records except for social security numbers. And it’s also possible to monitor threat risk by understanding and monitoring likely attackers. In fact, some cyber security firms are beginning to offer such services.

Most of our cyber risk management efforts are targeted at minimizing vulnerabilities. Citing FireEye’s Kevin Mandia, Hayden noted that most of our efforts are focused on developing stronger defenses, firewalls, and the like. And while worthwhile and generally effective, no amount of effort will ensure penetration-proof protection, he noted. The probability of hackers getting through cyber defenses will almost certainly be greater than zero for some time to come.

Minimizing the consequences of cyber attacks, however, is a big opportunity. It requires a company and its IT managers to be self-aware and focus, as Hayden noted, on resilience, response, and recovery after an attack. Today, it often takes months for organizations to identify that an attack even took place. By focusing on rapidly identifying an intrusion and limiting its impact, organizations have the ability to greatly reduce the risk of catastrophic effects resulting from cyber attacks.

The stakes are simply too high for cyber risk management to not get the attention it deserves. Cyber attacks have the potential to generate massive destruction and widespread loss of life. Think I’m being overly-dramatic? Think again.

Earlier this year, German utility RWE disclosed it had identified a virus implanted by hackers in the software that manages the movement of fuel rods at one of their nuclear power plants. It was caught and contained quickly. But in October, International Atomic Energy Association (IAEA) Director Yukia Amano confirmed cyber attacks have targeted nuclear power plants, noting that non-critical operations had been disrupted. The impact of a cyber attack that disabled safety and control systems at a nuclear facility could be enormous.

Further, Leon Panetta, former Secretary of Defense, has warned that cyber attacks “could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals…they could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.” And last year, Director of National Intelligence James Clapper bluntly stated that although an attack was not immediately likely, the United States “must be prepared for a large, Armageddon-scale strike that would debilitate the entire U.S. infrastructure.”

We need to think about cyber risk management more broadly, as General Hayden recommends. Dr. Danzig had it right. We’re drinking a nourishing poison. And while we should obviously minimize threats and address vulnerabilities, the blunt reality is some cyber attacks will be successful. So if we are to truly enjoy the nourishment digital systems provide, we better not allow the poison to kill us.

Subscribe To My Newsletter