Reinforcing AML systems with graph technologies

Fighting financial crimes is a daily battle worldwide. Organizations have to deploy intelligent systems to prevent and detect wrongdoings, such as anti-money laundering (AML) control frameworks. We’ll see in this blog post how graph technologies can reinforce those systems.

Using graph technologies to fight financial crimes

In today’s complex economy, law enforcement and financial organizations fight against a wide range of financial crimes: embezzlement, tax evasion, extortion, corruption, terrorism funding or money laundering, to name a few. While tracking down those activities, governments and financial institutions have to deal with a fast moving financial crime landscape and a growing volume of information of various formats.

Graph technologies like Linkurious can be powerful assets to help fight financial crimes. They provide exhaustive overviews of the different entities and their connections. And they support complex data queries on large data-sets in a near-real time environment.

In this article, we’ll focus on anti-money laundering procedures and explore a specific case with a graph approach.

Strengthening AML controls with network analysis

Money laundering is the act of converting proceeds from criminal activities into legal assets, concealing their true origins. Governments have been steadily strengthening AML rules to prevent those activities. Banking institutions are now required to follow strict AML policies and to report money laundering activity suspicions. Ineffective regulation compliance might be penalized with important financial penalties.

Organizations began to develop risk-based AML frameworks to monitor their customers and financial transactions. But criminals deploy sophisticated tactics to hide their wrongdoings. Shell corporations, tax havens or complex financial schemes are used to prevent identification or tracking of money flows. To thwart such criminal strategies, finding information about a specific suspicious entity is not enough. Financial crime units have to investigate the connections between individuals, accounts, companies, locations, to trace complex transactions. This is why network analysis and visualization technologies turned out to be efficient tools to support AML processes.

We will see below how graph technologies like Linkurious can be an additional asset when it comes to monitoring high risk customers for example.

Financial activities visualized as networks

Banking institutions keep track of numerous information sources about their customers (individuals or companies) and their financial activities. Graph database (GDB) technologies like Neo4j, Titan, AllegroGraph or DataStax Enterprise Graph allow to index complex connected data and easily query them to find patterns. With such systems, organizations can compile various information into a single data model.

A possible graph model of financial informations

A possible graph model of financial information

Linkurious provides an advanced graph interface compatible with numerous graph databases to easily explore and monitor the data.

Identifying money laundering patterns with Linkurious

AML regulations require banks to monitor their high risk customers. Listed on special watchlists, those individuals can be identified either by authorities (e.g Politically Exposed Person, Specially Designated National Lists) or by the institution itself (e.g customers with repeated suspicious transactions). “Are my customers currently involved in activities with flagged individuals?” “If yes, are these activities suspicious?”. Organizations need to be able to answer those questions.

Linkurious offers an interface to monitor graph data in real-time. In addition, analysts can set up alerts for specific patterns with Cypher queries. For instance as an AML analyst, I want to be warned each time there is any type of connection between my customer’s financial activities and my watch-list. I can use the following query to create my alert in the system:

Creation of an alert query

If new data are collected, such as transactions, persons, companies or relationships, Linkurious will automatically update and look for suspicious connections. With the advanced graph visualization interface, it’s then easy to investigate and assess the different cases.

Visual investigation of financial activities

The alert system reported several matches to our query. To evaluate the risk-level of the cases, analysts can use the interface to quickly visualize and investigate. Let’s check one of them:

Visualization of one of the matches signaled by the alert query

Visualization of one of the matches signaled by the alert query

In a glimpse, I see that Angela Marshall (a fictitious individual who figures on my watch-list) is indirectly connected to a transaction on a customer’s bank account. She appears to share the same address as my customer, the company Miboo.

This pattern is relatively suspicious. I might want to explore beyond this single connection and see which other entities are linked to this address.

Investigating the entities linked to the address

Investigating the entities linked to the address

In addition to sharing an address with an individual on a watch-list, our suspicious customer also share his address with three other companies and two of our internal employees. They are all living in the city of Hongqiao, China on 3557 Straubel Circle.

The address, 3557 Straubel Circle is located in Hongqiao, in China

The address, 3557 Straubel Circle is located in Hongqiao, in China

As an analyst, I might recognize a known pattern of money laundering: different companies registered with a unique address. Also, some employees are connected to a known high-risk customer. Those information can be reported to higher authorities to further investigation on the field.

Graph analysis focuses on relationships, therefore helps to discover hidden connections between different entities. Linkurious also operates an alert system in a near-real time environment. That way, financial crime units can identify suspicious activity schemes instantly and reinforce their AML regulation system.

Leverage today the power of graph analysis and visualization to fight financial crimes. Try Linkurious demo or contact us to discuss your project.

Using graphs for intelligence analysis

The identification and monitoring of terrorist or criminal networks are imperatives to detect threats and defeat attacks. Let’s see how Linkurious and graph visualizations can help identify and track potential dangerous individuals and networks.

Challenges for intelligence analysis

Criminal or terrorist activities are rarely the acts of isolated individuals. Behind these activities we find more or less centralized organizations or networks. Intelligence experts are in charge of identifying every actors of such groups, despite their strategies to hide their connections to the networks (encrypted communication services, numerous middlemen, fake identities, etc). Getting the whole picture of the network is essential to monitor suspect activities, prevent attacks or detected potential threats.

Countering such activities is also about gathering as much information as possible, from any possible sources. The more data intelligence and security organisms are able to obtain, the easier it is to track and anticipate criminal or terrorist activities. This means that analysts and investigators have to handle large sets of heterogeneous data.

Graph analysis is particularly suited to this sort of challenge. Graph databases allow organizations to store and query in near real-time the relationships between billions of entities. Let’s see how these systems, combined to tools like Linkurious, can help intelligence analysts identify and investigate threats.

Applying a graph approach to intelligence analysis

We will dive into the investigation of a potential terrorism threat and explore how Linkurious can help identify and investigate suspicious networks.

For this purpose, we have created a dataset with fictitious data about people, including addresses, phone numbers and travel information. This data can easily be modeled as a graph:

Graph data model of our investigation data

Graph data model of our investigation data.

To keep our analysis understandable we chose a very simple model with only a limited volume of data. An authentic situation will definitely involve larger volumes and a wider range of data types.

Data entities, such as individual, email, phone, are modeled as nodes. Relationships between entities are symbolized with edges, labeled with the nature of the connection. The data then forms a network.

In our graph model we have five types of nodes: people, countries, addresses and phone numbers, and as many types of edges, or relationships.
Let’s start our investigation by trying to detect suspicious patterns in our data.

How to use graph patterns to detect potential threats

When dealing with large datasets, we need to find ways to focus the analysts’ attention on relevant information. Here, we want to detect potential terrorist cells. We are going to try to detect groups of at least three people who 1) visited an at-risk country (in our case Syria) and 2) are indirectly in contact (via their addresses or phone communications).

With a simple Cypher script query, Linkurious users can set up a monitoring activity for chosen patterns. Below is the script we will use to identify our pattern:

// Detecting threats:
MATCH (a:Person)-[s:HAS_CONTACTED|HAS_PHONE|HAS_ADDRESS*..10]-(b:Person)-[:HAS_BEEN_TO]->(d:Country {name:’Syria’})
WITH a, collect(s) as rels,collect(distinct b) as suspects,d,count(distinct b) as score
WHERE score > 2
RETURN a,suspects
ORDER BY score DESC

Linkurious reported three individuals: Jessica Wells, Bobby Murphy and Ruth Warren (on the left of the graph). As an analyst, I can visualize them and how they are interconnected. Jessica, Bobby and Ruth display a “has been to” relationship with Syria and appeared to be all connected to a unique phone number: Judy Lewis’ (on the right of the graph).

Visualization of a suspicious network around Jessica, Bobby & Ruth

Visualization of a suspicious network around Jessica, Bobby & Ruth.

Several nodes intermediate between our three people and Judy’s phone number. Phone calls and address are the bridges enabling the connection between our individuals. For analysts, this particular pattern could be pointing toward a recruiting network, with numerous middlemen to avoid detection. Those results could lead to specific recommendations and further investigations.

A graph approach provides the opportunity to detect specific cross-data patterns. With Linkurious, it is easy to visualize and understand both the network and the relationship between its members. Node-edges graph visualizations combine all the available information in a single representation.
Some of the nodes here seem to be connected to other entities. Linkurious allows analysts to interactively explore the data and uncover new information.

Investigate complex network with graph visualization

We identified a potential network with several people. Perhaps they have accomplices? We can try to investigate further, starting from one node of the network. Let’s pick Judy’s phone number for instance and extend the nodes around it.

Investigating Judy’s closest connections via her phone number

Investigating Judy’s closest connections via her phone number.

Judy is connected to a certain Robert Wells, via phone communications, and Robert is himself connected to Theresa Mills’ phone number. If we expand the nodes linked to Theresa’s phone, we get the following visualization.

Visualization of a sub-network around Theresa’s phone number

Visualization of a sub-network around Theresa’s phone number.

The sub-network around Theresa Mills is very specific. The nodes, all linked together, are phone numbers associated to seven individuals. Such pattern -a  small highly connected group with a unique bridge to other potential suspects – represents a sub-network within the larger network we are investigating.

From a single node, we went up to another group, gathering new information about the network. Interactive and scalable tools like Linkurious ease the exploration and analysis for experts.

Visualize and analyse intelligence and security data with Linkurious

Graph approaches are well suited for the investigation of criminal network and terrorist groups. Linkurious offers to intelligence agents a unique entry point to identify hidden insights in complex connected data. Analysts can determine specific pattern to monitor suspicious activities. The visualization interface allows them to navigate between the nodes to identify new key actors through hidden connections.

Discover how you can identify hidden insights in your graph data and try the demo of Linkurious.

Introducing Ogma, the Javascript library for large-scale graph visualization and interaction

Linkurious announces the release of Ogma, the Javascript library for large-scale graph visualization and interaction.

State of the art visualization libraries for the Web are unable to display graphs with more than 10 000 nodes and edges. With Ogma is it now possible to display more than 100 000 nodes and 100 000 edges. Ogma is compatible with more than 80 browsers and any devices. Companies can now start integrating a reliable and scalable graph visualization component into their applications.

Ogma performance - large-scale graph visualization

Technology

Modular architecture

Ogma makes visualization of large graphs possible by leveraging the full performances of WebGL combined with a modular architecture. The visualization engine is built for WebGL first ; it supports HTML5 Canvas and SVG with the same level of details, though performance are dramatically limited by these rendering technologies.

Dynamic graphs

The library is designed for graphs with living data where nodes, edges, and their properties can change in real time due to user interactions or updates from data sources.

Level-of-details

A key challenge in visualizing large dynamic graphs is to display as little information possible on screen to avoid getting overwhelmed by the amount of data.
The graphics engine of Ogma provides the ability to define visibility thresholds for various visual components. For example, node texts can be displayed if the node is big enough on screen.

Ready to code with

Developers can get started easily using a unified API and an event model carefully designed. They get access to an extensive documentation website that contains the documentation reference of the API, more than a hundred examples, and advanced demos. They usually get answers in less than a single business day through the support channel.

Ogma API documentation

Ogma API documentation

Developers get access to the Ogma Showcase. It is a complete application written in Angular 2 to demonstrate the main features of Ogma. They can load sample graphs into the Ogma Showcase, play with layouts, filters, and styles, and export Javascript code snippets to quickly get results.

Ogma Showcase screenshot

Ogma Showcase screenshot

Integration

Ogma can be integrated into any modern Web-based application. It supports module bundlers such as WebPack, it can be used with React, and provides Typescript definitions for fast integration with Angular 2.

Ogma and its layout algorithms can be run on a server within a Node.js application. It provides a solution for clients running on slow machines so they can delegate computationnally expensive operations to the server.

Features

Ogma comes with a complete set of features, including:

Load your data

  • Call the graph API to add nodes and edges to the visualization.
  • Import data from multiple file formats.
  • Connect to a Neo4j server using the Bolt protocol.
  • Or generate synthetic graphs using Wattz-Strogatz or Barabasi-Albert models.

Customize visual results

  • Apply graph layouts (force-directed, hierarchical, concentric, geospatial).
  • Provide built-in user interactions with the mouse, trackpad, or through the API to hover, to select, to drag, or to group nodes and edges.
  • Customize style of nodes and edges with both basic visual variables (color, size, shape, icon, image) and advanced visual components (badges, stroke, outline, halo, and pulse effects).
  • Customize style of texts of nodes and edges (font, color, position, style, size, background) with support for line wrapping and line breaks.

ogma-example-customization

Help users analyze graph data

  • Create data-driven styles: map properties of nodes and edges to visual variables such as colors, sizes, and icons for easy and always up-to-date customization.
  • Filter nodes and edges, with the ability to create compound filters with AND/OR operators.
  • Group nodes and edges manually or with specific rules.
  • Find shortest paths.
  • Display a legend to communicate easily the meaning of the visual variables.
  • Display tooltips on user interaction to provide contextual information on nodes and edges, or to implement a context menu.

Export your results

  • Export customizable image files to SVG, PNG, JPG, TIFF which can integrate a custom watermark.
  • Export data in multiple file formats.

Roadmap

We have focused our efforts on building the next generation of interactive graph visualization engine for Web-based applications. We are now improving the scalability and quality of existing layouts. We will provide you more information during the coming months.

Deprecation of linkurious.js

Ogma comes with all the features of linkurious.js, which becomes deprecated. We will continue to support existing customers of linkurious.js until they migrate to Ogma.

How to get it

Ogma is available in a proprietary license only. Contact us to evaluate it!

Meet Francesco Infante, back-end engineer @ Linkurious

The Linkurious team is growing and we are glad to welcome a new member. Francesco Infante is joining us as Back-end Engineer. Welcome Francesco!

infante-portrait

Who are you?

I’m a software engineer, but that’s just the tip of the iceberg. I’ve always knew what my passion was; I’ve started at the age of 3, playing Commander Keen 4 and Wolfenstein 3D over and over, and learning MS-DOS enough to boot those games. Since then my passion never changed; while other kids were playing football, I was learning Visual Basic. My best Christmas memory was when my dad brought home my first pair of PC audio speakers! After that there was no going back :-).

Can you tell us about the products you love?

I love when a product is intuitive enough that I don’t have to learn how to use it. If I can deduce how it works by only glancing at it, it’s a good product for me. If somehow it’s too complicated to understand, it’s the designer fault. Since my expectations are high in this matter, I plan to make my work, in particular in the Linkurious back-end, as intuitive as possible within my ability; both for team-mates and for the final user.

What do you expect to learn at Linkurious?

I want to boost my analytical skills. Gladly, I work with bright people; there’s nothing worse than being the smartest in the room. I hopefully will continue facing new problems and solving them for the most part; learning from the unresolved ones too. I’m also looking into improving my communication and leading skills; and learning French of course!

Which super hero or fictional character would you be?

I would be the Doctor of course! All that knowledge of space and time in my mind… may probably be too much; but for a chance to see what the universe hides, I would bear the burden :-).

What is one thing few people know about you?

I like to pick locks as a hobby; still an enthusiast, though.

What is your favourite music piece at the moment?

Linkurious v1.4: streamline pattern detection with the Cypher-powered alert dashboard

The new major release of our graph visualization software Linkurious is now available! It provides a unique alert dashboard for teams of analysts, continuous indexing capabilities to Neo4j, support for AllegroGraph, and single sign-on (SSO) with Azure Active Directory. Linkurious v1.4.2 is available in two flavors: Starter and Enterprise. Releases always apply to both variants.

New features

Cypher-powered Alert Dashboard (Enterprise only)

From anti-money laundering and insurance fraud detection to cyber-security, companies must identify threats in connected data. The Neo4j graph database is perfectly suited to run complex queries and to extract patterns of suspicious or abnormal activity with the Cypher query language. Linkurious 1.4 provides a solution to streamline threat detection with its Alert Dashboard. Teams of analysts can now combine the power of graph-based analytics with human intelligence to detect and confirm alerts collaboratively.

Example of alert categorization and audit trail.

Alert categorization example.

It works as follows:

  1. Administrators create alerts with the Cypher query language.
  2. Alerts are generated at a given frequency.
  3. A team of analysts review the alerts to confirm or dismiss them. Analysts can sort alerts based on their importance, for instance money or risk involved. They can see who is working on alerts to synchronize with each other, and they can get the audit trail of alerts.

Learn more on the user manual and admin manual.

Example of an user alert dashboard

Introducing the user alert dashboard.

Notice that it is also possible to use the Alert Dashboard with an external pattern detection system instead of a graph database. All features can be easily integrated into third-party systems thanks to our REST API.

allegrograph-logo

Connector to AllegroGraph

AllegroGraph is industry leader of semantic database systems. We have teamed up with Franz, Inc to support AllegroGraph in Linkurious. Linkurious is now a web-based alternative for Gruff users to explore their semantic databases. They can benefit from all features of Linkurious, including data editing, text configuration, and raw SPARQL queries. Contact us to evaluate it!

Screenshot of Linkurious with DBpedia on Franz AllegroGraph

Neo4j continuous indexing

Linkurious will integrate seamlessly with Neo4j graph databases of unlimited size with the continuous indexing system. It is now possible to synchronize Neo4j 3.0.4+ databases with the Elasticsearch index automatically, without blocking users. We have contributed to neo4j-to-elasticsearch, the open source Neo4j plugin initially created by our friends at GraphAware. Kudos to them! Notice that we currently required an initial indexing phase to bootstrap Linkurious.

Single Sign-On with Azure Active Directory (Enterprise only)

You can configure Linkurious for a seamless authentication experience and secure access management with Azure Active Directory.

Linkurious login page with Azure AD

Noteworthy improvements

Support of Elasticsearch 2

Linkurious 1.4 is compatible with Elasticsearch 2.x. We continue to ship Linkurious with Elasticsearch 1.4.5 until considered totally safe to make the switch. You can now configure Linkurious to use more recent versions if you need to.

Security improvements (Enterprise only)

  • Users linked to an LDAP account can be removed.
  • Allow only users who belong to a configurable list of LDAP groups.
  • Assign a configurable user group for LDAP users the first time they connect to Linkurious.
  • Neo4j credentials can be read from environment variables instead of being stored in the configuration file of Linkurious.
  • Read-only mode can be independently enabled for each datasource.

Other improvements

  • Administrators can reset styles of newly created visualizations of all users from the Data administration panel.
  • You can create a widget from a visualization ID.
  • You can apply a force-directed layout computed on the server when creating a new visualization.
  • You can disable indexation of edges.
  • The “shortestPath” feature in Cypher queries is now allowed.
  • Node and edge count are more robust in DataStax Enterprise Graph.
  • Retry on error in DataStax Enterprise Graph indexation.
  • Fix truncated widget content when MySQL is used as internal data store.

What’s next?

The next release will integrate DataStax Enterprise and AllegroGraph full-text search engines for increased performance. Elasticsearch will become optional. We will also support more authentication providers based on your requests.

Try now

Try this new release on our online demo. We have just updated it! Contact us for any question, or send an email to support@linkurio.us for help.

Existing customers can download the new release from their account now.

Integrating graph visualization in Oracle BI with Linkurious

Our partner Peak Indicators explains how to integrate graph visualization powered by Linkurious in Oracle Business Intelligence (Oracle BI).

Linkurious + Oracle BI

Oracle BI provides powerful, visually appealing analytics. It helps people explore new insights and make faster, more informed business decisions. Like other business intelligence, Oracle BI is particularly suited for the analysis of tabular data via histograms, bar charts, pie charts and other such analytical visualisations:

oracle bi dashboard

An Oracle BI dashboard.

Peak Indicators has worked on extending Oracle BI by integrating it with Linkurious to deliver new embedded graph visualisations.

Why Graph Visualisation?

Whilst BI tools are typically designed for analytical reporting (trends, patterns, comparisons etc), graph tools are specially designed to visualise the connections and relationships that exist within your data (the visualisations are made up of “nodes” and “edges”).

The combination of BI and graph technologies offers a great way to view any aggregated data and the underlying connections it contains at the same time, with the additional capability to explore and discover all the links between the various data entities.

The combination of both helps generate new insights as we will see in an example.

Example: analysis of compliance issues

Imagine a financial services company which is analysing training feedback for some of its mandatory training. Good training results mean better compliance and less risks for the company.

Analysing training courses evaluation and compliance issues.

Analysing training course evaluation and compliance issues.

In the above scenario, Oracle BI is presenting the user with summarised trends of information with conditional formatting to highlight certain data exceptions. Here we can see an overview of how the training programs are performing.  There are 3 issues being highlighted:

  • Tony Cameron, a trainer, has received poor ratings
  • The Compliance training course has received poor ratings
  • There was a surge of compliance issues in March 2016

The first two issues are related to training delivery, whereas the compliance issues are related to business performance.   Are there any relationships between these seemingly separate issues that Oracle BI has highlighted?    Can we actually prove that poor training delivery can result in poor performance within the business?

This is where the Linkurious graph visualisations come in to play since we need to understand how all the various data entities are related to each other.   For example, in this instance the graph visualisation is showing the connections between:

  • the trainer (green)
  • the training delivery (purple)
  • the training attendees (brown)
  • the attendee’s resulting compliance issues (blue)
The connections between Cameron his students and the compliance issues.

The connections between Cameron his students and the compliance issues.

So we can see that the trainer Tony Cameron, who received poor feedback ratings, is related to 8 compliance issues within the business.

Here is a screenshot of how it actually looks when embedded within Oracle BI:

Linkurious embedded in Oracle BI adds graph insights.

Linkurious embedded in Oracle BI adds graph insights.

The analysis gets even more interesting when we add another trainer, Geoff Fraser, on to the visualisation.  Geoff has received much better ratings and we can see immediately that he is related to only 1 compliance issue in the business whereas Tony Cameron is related to 8!

linkurious oracle bi integration detail

So by using Linkurious we can deduce that improving the quality of our trainers could have a very real and positive impact on reducing the number of compliance issues!

Peak Indicators was able to quickly integrate graph visualization capabilities into Oracle Power BI using the Linkurious REST API,

Linkurious makes it easy to understand complex connections, allowing businesses to make smarter decisions. With its REST API you can add new capabilities to existing solutions like Oracle BI. Want to learn more? Contact us.