Not Every Tool Fits: Realigning Policy Tension through Anti-Fraud Governance

Lesson 2.5 of Ten Lessons in Public Policy

This is a continuation of previous essays in this series—Lesson 2.5 presents a case. Not every tool works. Let us examine how anti-fraud governance reveals the deeper alignment between policy goals and policy instruments.

As previously mentioned, stability in aerial yoga does not come from elaborate poses, but from core activation and structural alignment. Yes, one can hang with one hand, rotate midair, or invert—but only if the cloth is firmly hooked, the core engaged, and gravitational tension channeled along a stable axis. If the anchor point is unstable, or the center of mass drifts, no amount of strength can hold the posture. One falls.

Policy governance is no different. Tools are not menus, not checklists, not an accumulation of technical fixes. They are structured institutional responses. They must align with policy intentions, embed within defined responsibility frameworks, and produce sustained governance tension. Without such alignment, no number of tools can stabilize a policy. Even the grandest goals will remain suspended, unable to anchor—there will be no elegant choreography of public action.

So once we have identified a problem and entered institutional space, the critical questions are:

  1. Can the policy goal be structurally positioned within existing governance?
  2. Can the tool bear the intended governance tension?
  3. If not, how must we redesign the system so that institutional strength can carry our intentions?

I. Combating Fraud: Not a Matter of Insufficient Effort

Today, “combating fraud” is among the most consensual and politically legitimate goals. Romance scams, false investments, impersonations, deepfake videos, overseas fraud syndicates—the velocity of fraud far exceeds the pace of laws, policy cycles, and platform accountability.

The government has been active: banks issue in-person reminders, telecom regulators monitor SIM registration, police hunt down money mules, the Ministry of Education promotes awareness materials, hotlines are deployed, the NCC and telecoms block suspicious signals. All the tools are in motion.

Yet cases do not abate. Fraud languages mutate. Media shift. Social trust thins.

The issue is not effort. Rather, it is effort without anchoring. When the aerial cloth isn’t secured, rotating midair is futile. As the previous lesson emphasized, governance is not about how much we do—but whether we act from the right position.

II. Why the Problem Persists: A Diagnostic

1. Blurred Objectives: Goals such as “increase awareness,” “reduce case numbers,” or “raise detection rates” sound intuitive. But from an institutional perspective, these are non-operational and non-positional. Institutions cannot absorb abstract emotions or ambiguous expectations. Without concrete mechanisms, there is no entry into budgeting, accountability, or policy memory. These become political phrases, not governable goals.

2. Tool Overuse: When tools become default responses to public pressure, the system enters a state of “instrumental clutter.” More campaigns, more patrols, more legislation—but if they do not align with structural goals, they do not generate governance tension. Policy becomes restless: much effort, little structure; high cost, low coherence.

3. Responsibility Misplacement: Governance rests on the balance of responsibility, risk, and resource. When telecom platforms passively respond to police requests without being embedded in law; when schools are tasked with outreach without interagency support—tools are activated without structural anchoring. The system is mobilized, but fragmented.

Platforms act on goodwill rather than obligation; government units lack synchronization. Early warnings lack systemicity, data remains siloed, and enforcement is domain-bound. The issue isn’t intention—it is the absence of institutional syntax. Everyone acts, no one aligns.

III. What Counts as a Structurally Supportable Goal?

A policy goal is not a vision statement—it is a piece of institutional engineering. It must meet three structural conditions:

  1. Positionability: Can it be assigned within a governance node and held accountable?
  2. Decomposability: Can it be translated into tasks concrete enough for budgeting, staffing, and scheduling?
  3. Tension Compatibility: Can it generate sustainable tension with existing risk frameworks and tool configurations?

Examples include:

  1. “Establish a blacklist API mechanism for reporting and freezing accounts.”
  2. “Create a shared database of scam-related keywords across platforms.”
  3. “Implement mandatory anti-fraud protocols within corporate compliance systems.”

These are actionable, durable, and absorbable by the system.

IV. Tools Are Not Selections—They Are Translated Syntaxes

Policy tools are not mere options. They are operational translations of responsibility. Activating a tool means activating a part of the system. If the tool cannot be understood by the institutional language, if it cannot be borne by the structure of accountability, or absorbed by the resource system—it remains inert. It spins, rather than supports.

V. The UK’s Governance Shift: From Prosecution to Preventive Obligation

In 2023, the UK enacted the Economic Crime and Corporate Transparency Act. One of the most structurally significant designs—at least from my own institutional bias—is the introduction of a new offense: Failure to Prevent Fraud.

It does not rely on harsher penalties. Instead, it requires corporations to prove that anti-fraud systems are in place. If they fail to demonstrate adequate preventive structures, they are criminally liable.

This marks a systemic reframing. The question is no longer: “Did you commit wrongdoing?” but “Did you build an internal structure to prevent wrongdoing?”

Governance shifts from state-centric enforcement to distributed institutional responsibility. Risk is no longer external—it is internalized. Systems are self-built. Accountability becomes endogenous. This is not just legal reform—it is a syntax shift in governance: from reactive enforcement to anticipatory design; from isolated functions to coupled structures.

VI. Governance Is About Precision, Not Volume

Aerial yoga teaches that movement succeeds not through effort alone, but through precision of force. Institutions are the same. Governance is not a question of scale, but of alignment.

Policy failure is rarely the result of laziness. It stems from misaligned entry points—problems misframed, goals unpositioned, tools uncoupled, and responsibilities dangling.

Governance is not about the number of things we do. It is about doing things at points where structure can carry weight.

If governance fails to hold, it may not be because we lack strength—only that we have yet to anchor it where it counts.

留言

張貼留言

這個網誌中的熱門文章

除了宣示價值,我們還有什麼?—人工智慧基本法的未竟之業

圖片
  除了宣示價值,還有什麼?—人工智慧基本法的未竟之業 隨著人工智慧基本法的正式推進,台灣在數位法制的版圖上終於立下了一根顯著的標竿。在制度符號學(Institutional Semiotics)意義上,無疑傳遞了清晰的訊號:國家機器正式承認,「人工智慧(AI)」已不再僅僅是實驗室裡的技術參數,也不只是產業界追求效率的經濟工具,而是必須被納入公共治理架構、甚至牽動既有權責配置與法秩序調整的核心。 此等立法選擇,平心而論,不令人意外,亦不特別激進。若回顧台灣過去二十年來面對數位匯流、個資保護甚至金融科技(FinTech)等新興議題的軌跡,會發現這相當符合台灣立法者的一貫邏輯——先確立抽象的價值與方向,再透過授權條款,期待行政機關逐步補齊制度細節。這是一種「宣示先行,實質後補」的立法慣性,旨在於變動劇烈的技術浪潮中,為行政機關保留最大的裁量彈性;然而,這種彈性的代價,往往是將「法律可預測性」(Legal Predictability)往後延,並將龐大的判斷成本轉嫁至市場與社會端。 真正的問題並不在於立法的時機或形式,而在於這種在傳統行政領域行之有效的「摸著石頭過河」策略,在面對人工智慧這種演化速度極快、滲透力極強的「通用目的技術」(General Purpose Technology, GPT)時,是否仍能如預期般運作?當立法者再次將難題拋回社會,要求行為主體「先理解原則,再自行判斷後果」時,我們是否正在製造一場巨大的監管迷霧? 更精確地說,這場迷霧不只是「不知道怎麼守法」,而是包含了至少三層結構性的不確定:誰來說清楚?什麼時候說清楚?以及要用什麼形式說清楚?這三件事如果沒有被制度化,原則就會變成口號,而口號最終只能換來無盡的等待。 歐盟經驗的鏡像反射:確定性的代價與價值 在當前的公共討論中,台灣的人工智慧基本法常被置於國際比較的脈絡下檢視,其中最顯著的參照座標,便是歐盟甫通過的人工智慧法案(EU AI Act)。主流論述將歐盟視為「監管先行者」的典範,認為其作法「走得比較前面」,因此自然成為台灣借鏡的對象。然而,若我們仔細剝開歐盟的制度洋蔥,會發現一個在台灣經常被忽略的事實:歐盟目前面臨的治理困境,並非來自「是否立法」,而是來自立法之後,行為主體究竟該如何將這些規範翻譯成內部流程、產品決策與責任配置。 歐盟採取的是一種近乎「產品安全法規」的邏輯。其制度之所以能...
閱讀完整內容

當法律跑在能力前面,執法就變成賭局

圖片
When law outruns capability, enforcement becomes a gamble. 歐盟最新提出的「數位綜合方案」,將原本預計自 2026 年起陸續落地的 AI Act 高風險義務整體延後,並對 GDPR 的若干適用標準作出調整。這一系列時間表與技術條文的修改;從法制運作角度看,其實是歐盟試圖重新修正過去幾年高度前傾的監管節奏。核心訊息很直接: 當規範在行政能力、標準體系與產業準備都尚未到位時提前生效,制度本身便會成為新的風險來源,同時對 法律確定性(Rechtssicherheit)與可執行性(Vollzugstauglichkeit)產生損害。 過去十年,歐盟在數位領域採取的是一套高度主動的立法模式:先以框架性規範設定邊界,再透過技術標準、指引與執法實務慢慢填補細節。GDPR、DMA、DSA 乃至 AI Act 無不如此。這樣的作法在政治上具有明顯的宣示效果,也強化了歐盟作為「規則輸出者」的角色。但在 AI 與資料治理領域,這種先立架構、後補能力的路線,逐步暴露出其結構性限制: Regelungsdichte(規範密度)可以很高,Vollzugskapazität(實際執行能力)卻未必能跟上。 AI Act 的高風險義務便是一個典型例子。法條要求涵蓋技術文件完整性、訓練資料可追溯性、模型行為監測機制、風險管理流程等多重層面,每一項都假設存在一套成熟的標準體系與行政審查機制。然而,相關技術標準仍在制定過程中,各國主管機關的準備度明顯不一,企業端也尚未形成穩定的 best practice。在這樣的條件下,法規若在原定時程強行生效,實務上極易出現「義務已存在,但合格標準與審查方式未臻明確」的狀態。 對企業而言,這意味著法規遵循被迫建立在猜測之上:不知道做到何種程度才足以被認定為合規,卻必須提前調整內部結構與資源配置。對主管機關而言,則是在執法時缺乏穩定的判準,不同成員國之間的差異難以避免。這種情形直接侵蝕了 Rechtssicherheit,使法律本身成為一種額外的不確定性,而不是降低不確定性的工具。從這個角度看,延後義務並非削弱監管,而是試圖讓規範重新落在與現實能力大致相稱的水位,回到 Verhältnismäßigkeit(比例原則)可接受的範圍之內。 GDPR 的調整呈現出相同的邏輯,只是焦點從 AI 行為,轉移到資...
閱讀完整內容

The price of waiting: what Taiwan’s AI law reveals about regulatory uncertainty

圖片
As Taiwan advances its proposed Artificial Intelligence Basic Act, the debate has largely focused on familiar themes: ethics, principles, and the need for “responsible AI”. These questions matter. But they are not the most consequential ones. The more important issue is economic rather than moral. It concerns how law structures expectations, how uncertainty is distributed, and how delay becomes a rational response when judgement is deferred. Taiwan’s AI legislation offers a revealing case study in the political economy of regulatory uncertainty — and in the costs of asking markets to decide first. At a symbolic level, the Basic Act marks a clear shift. Artificial intelligence is no longer treated merely as a technical input or an industrial productivity tool, but as an object of public governance. Its deployment is recognised as having implications for legal responsibility, administrative authority and decision-making frameworks. Yet symbol and structure are not the same. The law’s...
閱讀完整內容