Detecting Money Laundering

Financial institutions have a regulatory requirement to monitor account activity for anti-money laundering (AML). Regulators take the monitoring and reporting requirements very seriously as evidenced by a recent set of FinCEN fines.  

One challenge with AML is that it rarely manifests as the activity of a single person, business, account, or a transaction. Therefore detection requires behavioral pattern analysis of transactions occurring over time and involving a set of (not obviously) related real-world entities.

For large transactions, banks file Currency Transaction Reports (CTR) that are used by FinCEN for processing and analysis.  However financial institutions have to also monitor for "structuring" or "smurfing" which are multiple (usually smaller) related deposits designed to avoid the currency reporting requirements.

Monitoring performed by financial institutions broadly fall into two complementary categories, knowledge-based systems and link analysis. There are a variety of approaches to knowledge-based AML systems including statistical analysis, machine learning.and data visualization.  

Applying machine learning to AML has been challenging due to the limited availability of labeled datasets.  However there are a number of unsupervised techniques that may be worth considering.  

NETWORK MODELING

Network modeling is a powerful approach to AML analysis (Möser). Each account and real-world entity is set up as a node of a graph and transactions constitute the edges.  Edges can have weights.  Edge weights typically reflect the volume or the monetary value of transactions flowing between nodes. 

Once a graph structure has been created, analysis can reveal the relationships between the nodes including:

  • closeness / betweenness centrality - identify how important nodes are within a graph 
  • connected components - indication of subgraph relationships
  • community detection - detection of subgraphs where a set of nodes is densely connected internally and sparsely connected externally. Perhaps one approach to identifying AML structuring is to use community detection algorithms. In-Q-Tel's Lab41 has done an extensive amount of work in this area including their latest research focused on role detection (Henderson).
  • pagerank - a measure of a node is estimated through transference of that measure from other connected nodes.  For example, the trustworthiness of a real world entity can be estimated from the trustworthiness of the associated accounts or entities with whom they transact.
Henderson and Gallager illustrate the differences between the Fast Modularity community detection algorithm, on left. The graph on the left shows 22 communities, the one on the right shows four roles that crosscut those communities.

Henderson and Gallager illustrate the differences between the Fast Modularity community detection algorithm, on left. The graph on the left shows 22 communities, the one on the right shows four roles that crosscut those communities.

CLUSTERING

Clustering can be applied to transactions and graph-derived metrics like centrality, number of connected components, etc. to identify natural groupings within the data.  Clustering results will require interpretation to determine which groupings could be indicative of AML activity (if any).

While spectral clustering is considered by many to be state of the art for graphs, some recent research suggests that deep learning autoencoders may also be a useful way to perform graph clustering (Tian).

TIME SERIES ON GRAPHS

Another approach is to treat transactions and graph-derived metrics as a time series (in other words periodically calculate centrality, connected components, etc. for active nodes).  This time series can be monitored for anomalies.  For example, if a particular node in the graph unexpectedly has a significant change in centrality, perhaps it's a sign of suspicious activity.  

Many statistical and machine learning approaches are available for time series anomaly detection, including Twitter's Seasonal Hybrid ESD.

Anomaly detection for long duration time series illustration from Twitter's ESD implementation

Anomaly detection for long duration time series illustration from Twitter's ESD implementation

REFERENCE

Henderson, Keith, et al. "Rolx: structural role extraction & mining in large graphs." Proceedings of the 18th ACM SIGKDD international conference on Knowledge discovery and data mining. ACM, 2012.

Möser, Malte, Rainer Böhme, and Dominic Breuker. "An inquiry into money laundering tools in the Bitcoin ecosystem." eCrime Researchers Summit (eCRS), 2013. IEEE, 2013.

Office of Technology Assessment, Congress of the United States Information Technologies for the Control of Money Laundering. (Washington, D.C.: 1995).

Senator, Ted E., et al. "Financial Crimes Enforcement Network AI System (FAIS) Identifying Potential Money Laundering from Reports of Large Cash Transactions." AI magazine 16.4 (1995): 21.

Tian, Fei, et al. "Learning Deep Representations for Graph Clustering." AAAI. 2014.

White, Scott, and Padhraic Smyth. "A Spectral Clustering Approach To Finding Communities in Graph." SDM. Vol. 5. 2005.