I would like to follow up on Paul’s interesting comments on information sharing and the need in particular for timeliness. He raises a number of issues on when to share information and this is where I would like to come in. My background relies on information sharing across disciplines, be they units in the Bank or wider afield to other agencies such as Multi Lateral Development Banks (MDB) with their own integrity/investigations function or to law enforcement. And herein lies the difference between information managed by law enforcement when compared to that of the development community. In our search for timeliness – often a crucial issue for law enforcement it is not so for the development community, and in some ways this is essential as it allows us to first evaluate the reliability of the source of the information and then question the validity of the information. One may ask why we should do this, and the simple answer is – we must be able to satisfy ourselves that we have undertaken our own due diligence and are confident that the information we are providing will add value to the enforcement entity with whom we share the information. For instance we may find that after questioning the source of the data we ascertain that the information is not known directly to the source it is in fact a regurgitation of information relayed to him/her by someone else – and therefore while our source may be good the validity of our information could be questioned.
Verification of our own data can be undertaken simply and easily using open sources or proprietary databases, as well as checking our own in-house systems. In fact, building on the information that we receive should be the norm by enriching the original data and sharing it with relevant enforcement entities. Such an approach to checking our sources gives credibility to our own organization when we can safely say that we have done everything we can to ensure that those who receive the information can actually do something with it. If we set our standards high and become recognized and respected by others they will learn to trust us, and often the only way they will do that is by being able to use the product that we provide in an effective and efficient manner. The result – they share with us.
In INT we use information provided to us by individuals who we do not know and a single piece may be all that we need to start an investigation. As the investigation takes shape we should always be questioning both the source reliability and data validity because eventually any information we receive may end up in our final report. Whether we share single pieces of information or a whole report the data is key, and if we overlook the fundamental principle of checking and double checking we may find that either our report fails at the last moment or our credibility is destroyed when someone else uses the information only to find that the data is not valid.
There are long established systems that do provide a way of classifying reliability and validity, most commonly these are used in law enforcement. Having an agreed standard allows the receiver of the information to understand how to handle the data and whether additional checks need to be made. Do we have a list of basic questions that we should ask ourselves before acting upon information? – maybe, but is it common practice – I very much doubt it. Am I advocating such a practice – well that is an open question and I await responses on that stance – but before we decide on whether we should enhance the sharing of information we should at least look at systems of handling and assessing data that have been tried and tested and to see whether the development community, and the wider audience, would welcome a standardized system before embarking on open and frank information exchange.