Anti-Money Laundering

Anti-money laundering use cases for graph analytics

August 31, 2020

Anti-money laundering (AML) and graph analytics is a match made in heaven. A lot of anti-money laundering use cases require identifying suspicious connections whereas graph analytics is designed to analyze complex connections from big data at scale. In this article we will provide a series of examples where graph analytics can be used to fight back against money laundering.

Ultimate beneficial ownership

The problem: Financial institutions are tasked with identifying UBOs. These are individuals that own a client, or on behalf of whom, a transaction is made. Sometimes that requires following a long chain of ownership relationships by taking into account relevant ownership thresholds.

How graph analytics can help: If a company is owned by a single shareholder, things are easy. It gets tricky when the number of ownership layers increases. Manually looking at the ownership structure of each company to identify its UBOs and repeating the process until there are no new UBOs is a time consuming and error-prone process. This type of analysis can be translated into a single graph query to automate the process. The result can also be visualized. Compliance analysts can look into the overall ownership graph to identify where a problematic UBO sits, for example.

AML and graph analytics: UBOs
Atech is owned at 25% by Acme, at 60% by Invest Inc. and at 15% by Global Corp. Acme is itself owned at 95% by John Smith and at 5% by Paul Simon. In this situation, the UBOs of Atech are Acme, Invest Inc. and John Smith.

Identification of Politically Exposed Persons and sanctions screening

The problem: Financial institutions are tasked with screening their clients to identify their potential ties with politically exposed persons (PEPs) or individuals and organizations that are in sanctions lists (such as the lists published by the Office of Foreign Assets Control). These persons represent high money laundering risks.

How graph analytics can help: The relationships between a client and risky entities can be as simple as a client and a politically exposed person sharing the same address. In this case, detecting such a situation is easy. What if indeed the risky entity wants to engage in money laundering? Chances are that a lot of effort will go into hiding the relationships to escape enhanced due diligence. Graph analytics can identify such indirect relationships across multiple types of entities and relationships (addresses, co-owned companies, IP addresses, phone numbers, transactions, etc.).

AML and graph analytics: Entity resolution
Jaime Benson is indirectly connected to Guanghua Zheng (an individual listed on OFAC’s Counter Narcotics Trafficking Sanctions list). If we were to look only at Jaime Benson and his direct connections, nothing suspicious would appear. Understanding that Jaime Benson is associated to a high risk individual requires following his relationships with 2 companies and 2 addresses.

Entity resolution

The problem: In an ideal world, each individual or company in your databases would be unique. Chances are though that it’s not the case. Maybe the John Smith that exists in the retail bank database has a different ID than the John Smith of the consumer credit database or of the John Smith in the company owners database that you bought, despite the fact that these 3 individuals are actually the same person. Avoiding this sort of duplication is a complex problem in an IT system with different silos.

How graph analytics can help: Graph analytics can detect common links across different entities to help identify potential duplicates, it's called entity resolution. Maybe even though our 3 John Smiths have different IDs they all share the same date of birth, the same address and the same phone number. If so, chances are that they are indeed the same person.

3 John Smiths from 3 different databases all share the same address and phone number. Maybe they’re the same person?

Structuring (also known as smurfing)

The problem: What if you’re a drug dealer with a lot of cash that you would like to deposit in a bank account that you control? Going to a bank with a sports bag and depositing the money is not a viable option. The bank will be obligated to file a Suspicious Activity Report (SAR) if the transaction is above $10,000. One approach consists in breaking down your transaction in order to bypass your bank’s control systems. For example, you could ask 3 of your neighbors to each deposit $4,999 and then wire you the money. Adding more people and more layers in the scheme will make it possible to launder more money and further conceal the situation. Detecting such patterns is more complex than simply checking whether a series of transactions on an account match a certain threshold.

How graph analytics can help: Graph analytics is perfect to detect such complex patterns even within billions of transactions.

AML and graph analytics: Smurfing
Deposits are made in 4 bank accounts, moved to intermediary accounts, and then combined to a single bank account. The money has been moved without the recipient having to do a single large deposit.


The problem: Round-tripping is the process where funds are returned after being transferred to an entity, shell company, financial instruments, location, or a person that has lower regulatory standards or obligations – giving the impression that the funds have derived from a clean source and thus completing a round trip.The more entities involved in the round trip, the easier it is to miss a link in the chain. When that happens, instead of a round trip, a compliance analyst would see two distinct money flows and fail to identify the money laundering risk.

How graph analytics can help: Graph analytics is perfect to detect such complex patterns across billions of entities and relationships.

AML and graph analytics: Round-tripping
Money flows via different operations through Hooli Ltd and Globex Corp which is based in a tax haven. That money can then be accessed by the individual who directly controls Hooli Ltd and indirectly controls Globex Corp.

Online gambling

The problem: Online gambling offers an opportunity to transfer money discreetly. Sit at a poker table where your accomplice is also present. You can then bet money on hands and lose on purpose. The end result is that the money has been transferred to your accomplice. How can an online gambling operation identify the groups within its community that are engaging in money laundering?

How graph analytics can help: Graph analytics allows you to turn the playing history into flows of money across players. It then becomes possible to look within this graph of transactions for suspicious patterns such as a player who is always on the receiving end of money flows from players who never play with anyone else.

AML and graph analytics: Online gambling
Cecile Ronca has received a substantial amount of money from a group of 5 players.

Investigation of a suspicious case

The problem: Sometimes a tip or a detection system may flag a client or a transaction as suspicious. A critical thing to assess in this case is whether this single suspicious situation is isolated or not. The client may be part of a larger criminal ring or the transaction may be part of a bigger scheme. Without more information, it’s important to explore as many leads as possible. This requires exploring what the client or transaction are connected to. This can be a very cumbersome process when the data is scattered across different tabs. Who is a person connected to directly and indirectly via financial transactions? This requires opening a first tab with the person’s transactions and their recipients. Then you’d need to open the same sort of tab for each recipient.

How graph analytics can help: Graph analytics facilitates the dynamic exploration of relationships within a large dataset. It’s possible to explore and visualize who and what a client is connected to across information as diverse as an address, a phone number, an email, transactions, etc. Detecting accomplices becomes faster.

AML and graph analytics: Synthetic identity
John Smith is connected to 4 individuals.

Synthetic identity

The problem: Criminals that want to defraud a bank or launder money typically try to cover their tracks. One approach is to create fake identities to commit their wrongdoings. A synthetic identity is a fake identity that mixes real or fake information (such as a real social security number or a fake name) that does not belong to a single real person. Detecting synthetic identities can help stop criminals before they commit financial crime.

How graph analytics can help: Graph analytics can help detect rings of clients interconnected across personally identifiable information such as an address, a phone number, a date of birth, an IP address, etc.

These 3 individuals are all sharing common information. This looks like synthetic identities controlled by a single group or person.

Learn more about AML use cases for graph technology

As criminals become more and more sophisticated in how they launder money, so too do the tools that help fight back against them. Download our in-depth ebook on graph analytics for AML to learn how to apply new technology to money laundering investigations. 

Image showing the ebook "How to outsmart money laundering networks" with a button to download the ebook
Subscribe to our newsletter

A spotlight on graph technology directly in your inbox.