Neo4j’s Alicia Frame explains how the ICIJ has gained greater transparency on financial and political connections using graph technology.
In May, Fijian authorities seized the superyacht of sanctioned Russian oligarch and member of Putin’s inner circle, Suleiman Kerimov. Kerimov was in the Kremlin the day Russia invaded Ukraine.
Some of Kerimov’s illegal activities, such as moving $700 million via shell companies, came to light through investigations such as the Pandora Papers by the International Consortium of Investigative Journalists (ICIJ). His crimes would not have been discovered without connecting the dots between companies, financial accounts, assets, and oligarchs.
Tracking deliberately disguised actions, like uncovering hidden fraud networks, is notoriously difficult. Tracing the fingerprints of people like Kerimov on the global finance scene and anti-money laundering work more broadly requires the use of advanced data tools.
It’s not an easy job. The organisation has publicly confirmed that it took nearly two years to reveal the hidden assets of more than 330 politicians and high-level public officials in more than 90 countries and territories. This included information on the secret offshore holdings of 130 billionaires from 45 countries, including 45 Russian oligarchs.
Many of these cases were linked with money laundering cases. The ICIJ is using graph database technology to connect the dots to help identify Russian oligarchs for sanctions. This is especially useful for regulators where the ties to the Kremlin are not well documented.
If you’re not familiar, graph technology is a computational approach to representing connected data and is the perfect tool for these types of investigations. Why? Because graph technology is highly adept at spotlighting data relationships at scale.
Graphs reveal patterns of extended connections that can’t be easily identified in the rows and columns of a typical tabular dataset. Graph databases help you map out the connections between individuals you want to track and the connections between them. A graph database is unique in this relationship-centred approach.
More interestingly, for teams fighting fraud, graph platforms now offer the capability to run off-the-shelf algorithms on connected data, in order to uncover these hidden patterns. Because of their ease of use and unique ability to analyse connections, graphs are central to addressing money laundering.
Graph-based algorithms can pinpoint bad actors or unusual money transfers, or even uncover money laundering rings. Graphs also help render your anti-fraud systems more robust by making it harder to avoid detection.
The following are a few graph-based approaches that technology and security professionals are deploying today:
Enhancing transactional data to spot the fraudster at work
Graph technology can automatically connect individuals, financial institutions, and companies based on their transactions. Relatively simple queries can easily identify the ringleader of a criminal network or the hidden owner behind a network of shell companies.
Transactional data can also be enhanced and enriched with Natural Language Processing (NLP) techniques. Entities (like people, places, and things) can be extracted from unstructured data, and verbs can be used to find the relationships between entities. To eliminate misspellings and inconsistencies, simple scoring techniques can connect similar (or identical) entities:
- Jaro-Winkler Distance, which compares first or last names in different sources
- Sørenson Dice, which gauges similarity between two samples
- Levenshtein Distance, which compares strings for misspellings, punctuation differences, and other subtleties.
Graph databases use the resulting enhanced information as the basis for pattern-matching. Localised pattern matching looks for attributes with direct or indirect relationships to other anchor attributes. For example, a simple graph query can find how many known criminals have transacted with the contacts of an oligarch.
Be part of something bigger, join the Chartered Institute for IT.
Moving beyond queries, graph algorithms can be used to uncover patterns and detect anomalies even when a domain expert doesn’t know exactly what to look for. For example, community detection algorithms can cluster entities into groups based on their connections. Those communities may ultimately represent fraud rings, money laundering operations, or chains of synthetic identities.
Scrambling up the money laundering data mountain
Anti-money laundering (AML) databases tend to grow and can eventually contain millions of parties and billions of transactions. Non-graph database technologies struggle to cope with this volume and dynamism of data, but also make it difficult to derive meaningful and timely analyses.
Unlike traditional data storage techniques, graph databases can easily accommodate massive volumes of evolving data. Even better, graph algorithms can automatically identify both bad data and suspicious patterns. Simple techniques like ‘graph similarity’ can be used to identify duplicate entities, ensuring high levels of data accuracy, while techniques like centrality scoring can help investigators focus on the most important entities in a graph.
The ability to scale with data volume is just one axis of consideration; the ability to flex the data model also matters. Money launderers are constantly changing their tactics to keep one step ahead of the authorities. It’s crucial that investigators continually enhance their systems with better data, models and judgments.
As transaction and party histories grow and enhance the richness of the data, graph algorithms can assess historical similarities scores between entities and add that information back into the graph. Once entities have been resolved, the AML process flags suspicious entities, and transaction analysis follows money trails by tracing transactions across multiple parties.
An important part of the AML process is scoring suspicious parties and transactions using localised pattern-match algorithms that look at structural and behavioural patterns, including Guilty by Association scores. These tend to be based on the quantity, quality, and distance of a party’s relationships with suspicious entities.
In graph terms, algorithms create scores based on the availability and length of paths from start to endpoints. Guilty by Association scores, for example, can include customers associated with regulatory and law enforcement actions, negative news coverage, global and narrative sanction lists, and Politically Exposed Persons (PEPs).
Using such a technique can quickly flag individuals associated with other high-risk individuals, legal entities with unknown ownership, or counterparties or banks in high-risk parts of the world. A very helpful approach in the race to optimise the AML process.
Algorithms highlight suspicious activity
Scoring algorithms can be used to flag assets with unknown ownership, overly cash-heavy businesses, or companies operating out of high-risk geographies. Suspicious behaviour scores highlight actions involving transaction structuring and payment-chain layering, such as rapid cash movement, accumulation, and concentration.
In practice, a flagging process could apply several different scoring algorithms before applying graph algorithms. AML practitioners are taking advantage of incorporating graph-based approaches into traditional techniques like ‘guilty by association scoring’, layering, undervalued invoices, and other scenario analyses.
Traditional graph algorithms can also be leveraged: The weakly connected components’ algorithm can be used to identify the network of account holders in a payment chain used to conduct money laundering. Centrality algorithms can also be utilised to determine the role and relevance of the accounts in the network. Finally, clustering algorithms, such as Louvain or strongly connected components, can identify sub-networks and payment chains within a potential money-laundering network.
While there is no silver bullet to detecting money laundering rings, dramatic improvements can still be made using graph technology to join the dots and uncover discrepancies. Whether it’s in uncovering the financial and political connections of Putin or in helping bolster banks and governments’ security efforts, organisations should be looking at getting started with graphs.