The algorithm example used in this report is also called an exemplary embodiment which is simply put, the preferred example.
It is just another terminology for “example” but specifically used when referring to a patent. This Anti Money Laundering, AML, system has been chosen to represent how an AML monitoring system should function.
There may be variations within other systems but essentially, this is how they should all work. It can be taken that this is an exemplary embodiment and a template for electronic payment card monitoring system to combat money laundering.
The original abstract and full paper will be attached to this intelligence briefing for reflective purposes. This briefing will explain in a simplified manner how the detection system functions and always attempt to present it from a practitioner’s perspective not an academic manner. All superfluous and pretentious jargon will be discarded.
This system functions by receiving real-time data when a card is used.
An ingress channel is simply another word for money going in via a payment system.
An egress channel simply put is money going out through another channel.
All payment systems use a first Application Programming Interface (API). An API is the way for an application to interact with certain systems, images and databases etc. Its how software components should interact. A good API provides all the components/building blocks for a programmer to develop a program. In our case, it helps to identify the credit cards, debit cards used by the criminals we are chasing.
This generates a transactional profile for each card, the ingress channel, the egress channels and the funding sources of the payment cards.
What happens is that in response to receiving transaction data for a payment (in or out) the data is analysed by a predictive algorithm.
This compares the data to the transactional profiles to calculate a probable money laundering score.
It then uses the transaction data based on a set of rules to generate a suspicious activity report (SAR)
This recommends whether to approve or report the current transaction by transmitting the (SAR) back to the payment card system. And transmitting the SAR to an identified regulatory body.
The AML system can track funds/money/cash movements to other electronic payment cards (EPCs) and exit/egress channels. It functions by monitoring money movements (in and out) in real-time of EPCs across multiple channels. The system is capable of dynamic updating of AML to keep up with current trends of AML by real-time feedback incidents of known money laundering behaviour. Self-learning money laundering prediction algorithms use this feedback to adjust (tweak) the algorithms to keep up with the latest trends and patterns in money laundering behaviour.
• 1.21 Tracks mobile phone payments
• 1.22 Tracks funds added at an Automated Teller System (ATM)
• 1.23 Tracks physical face to face sales at a POS or via a physically present agent
• 1.24 Tracks merchant cards used at a merchant shop in a mall or a construction retail outlet such as paints, bricks and mortar, plumbing supplies etc. These would be hard to trace because once the purchased equipment leaves the POS the items have been incorporated into a physical building. These are also known as fake incentive cards
• 1.1 are the ingress funding sources point where funds can be introduced into the system, typically cash
Simply means the methods and channels used to extract the funds at the other end, where the funds are then laundered:
• 1.41 using the web to purchase goods
• 1.42 using the mobile phone to buy items that can be easily sold for cash
• 1.43 is using the ATM system to transfer cash/funds to other accounts and purchasing digital goods
• 1.4 to withdraw cash and purchase fencible goods
Each of the channels 1.2 to 1.4 are distinctly different with different levels of difficulty in converting the laundered funds back to cash.
It demonstrates how the components of the AML system updates itself via dynamic real-time scenario. This is successfully undertaken by identifying laundered money entering and exiting an electronic payment card system via multiple channels of ingress and egress. This generates the SAR (Suspicious Activity Report)
N1 Describes customer ingress network around a pre-paid card and the N1 network has “geo-location discrepancies between the customer geo-location and the ingress channel geo-location because the customer is using a pre-paid card.”
This is important because the customer has a Zip code (Post code) of 19380 but the customer has an IP address indicating the customer is in Zip code 94301. To support this transaction as a SAR, networks N2 and N3 are also linked to the pre-paid card via the egress channels of a web retailer (EC 1) and an ATM (EC 3) have a history of known “bad cards” (cards already flagged up as suspicious card, possible ML usage) depicted as 1, 4 and 2.
By using the network statistics of 1, 2 and 3, plus the AML rules component 2.5 there is a high certainty that pre-paid card 7 is being used for ML.
This transaction data enters the system number 2 via data transfer from API 2.2 (Application Programming Interface 2) via data transfer API payload 4.1. Simply put, there are three transactions for payment card 1. The first transaction shows a funding transaction and the other two transactions are buying transactions. All transactions are indicating that the relevant ingress and egress channels and reveal the funding source. Finally, the AML monitoring component stores the transactions used by each profile from the time 4,2 as shown. This enables the regulator or AML agent to keep monitoring the card in real-time and act when necessary. The funds move onto an electronic payment card, even if this happens simultaneously, across multiple channels and multiple funding sources and the AML system process examines all the ingress channels simultaneously and evaluates the ML risk on the cards and the individual ingress channel.
Evaluation begins when the AML system 5.4 receives a request for moving funds in 5.3 from the payment system 1. This funding source is usually cash 5.1 and may enter via any of the incoming egress channels 5.21 to 5.25
The AML system, 5.4, uses real-time transaction data from the request and updates, or creates profiles for the specified user, the ingress channel and the payment card as depicted in figure 5. This results in the transaction being tagged with a probabilistic scoring that indicates a level of potential ML risks. This transaction and profile are moved onto an AML SAR generation component which evaluates the score, the user, the channel and payment card based on a set of heuristic (enabling the human to learn by themselves or machine to learn by set rules in a program) rules. If the score is below a threshold, then the AML system kicks in and chooses which regulatory body to inform.
Each step of the ML transaction is covered from when the payments system 1 transmits a funds out request to the AML system 6.2.
The outgoing channels 6.61 to 6.65 are the egress points.
The AML system, 6.2, evaluates the transaction in real-time and updates or if necessary, creates a profile for the user, the card and egress channel.
The transaction is then passed on to AML rules component, 6.3, which uses one of many self-learning predictive algorithms in the blocks, 6.31 to 6.34. This then generates a probabilistic money laundering score level.
The movement of funds can be made opaque by moving funds between cards, “obfuscating the movement of money.”
This is overcome when the AML system receives a request from the payment system, 2, a funds transfer request from component 7.2 on behalf of payment card 11. Then the AML system kicks in and using real-time evaluates the transaction and updates or creates profiles for the user, the channel and the funding source.
The transaction is then passed along to the AML rules component 7.3, where the transaction is scored for possible money laundering using one of the many predictive algorithms. Finally, the transaction is then passed along to the SAR generating component
Specifically, how laundered money is traced when its moved across multiple electronic payment cards. This is achieved by using geo-locations as examples to create links between SV/PP (Stored value/prepaid) cards to generate SARs.
Example: AML system 8.6, uses location based on IP addresses to link all the SV/PP cards.
Card 1 and Card 2 use IP1 within 5 minutes of each other to move funds to Card21 via the lines 8.2
Card 3 and Card 4 to Card n, from different locations move funds to Card 31 via lines 8.4
Both Card 31 and Card 41 (Line 8.5) move funds to Card 51 using lines 8.6 and 8.5.
Then Card 51 tries to extract from the system using IP1. Subsequently, all Cards 1 to n, Card 21, Card 31, Card 41 and Card 51 are now linked via the IP address.
This in turn triggers a SAR (using the component in Block 8.7) to the relevant regulatory agency in Block 8.62.
This example creates a situation where multiple cards are purchased from the same location and money is withdrawn from the cards via an ATM, 9.3, which is at a different location.
As in the Figure 8 previously, geographic location is used to link all the SV/PP Cards.
Money is loaded onto Card 1 through Card n within the same Zip (Postal) code.
Zip 1 is shown at 9.1. The AML system, 9.6, calculates the number and speed of card purchases by geography and tags the transactions if the velocity is over a certain threshold in block 9.4. Further activity on this particular group of cards is monitored.
Because this group of cards withdraw money using the same ATM, located in another country, the AML system, 9.6, triggers the generation of a SAR in Block 9.51.
Example: Card 1 is loaded from an IP address, IP1, and is linked to the AML system 10.6 and to all other cards associated with the IP address IP1via line 10.1.
If 5 of the 7 cards associated with IP address IP1 are tagged as suspicious previously via lines 10.2 and 10.3. Because the SAR rate for IP1 was 71% (very high) SAR generation is triggered for Card 1 and Card 1 is flagged for further monitoring.
Researched by A. Lehal for Ultrascan Humint
- Anti-Money Laundering (AML) and dismantling terror financing networks by exclusion from the mobile banking system
- The Alleged Threat of Mobile Money
- An important factor within money is micro-structuring also known as “smurfing”
- Further challenges for law enforcement
- The threats of mobile money
The algorithm example used in this report is also called an exemplary embodiment which is simply put, the preferred example. It is just another terminology for “example” but specifically used when referring to a patent. This Anti Money Laundering, AML, system has been chosen to represent how an AML monitoring system should function.
• This can enable and lead to increasing corruption
• Which in turn can enable money laundering through illicit cash flows
• Which then divert and starve funds of developing economies that are already cash poor and suffer from capital-starvation.
The amount of money that is laundered annually is of truly colossal proportions. ML poses an existential threat to all countries. It warrants and demands thorough oversight and a transnational prevention strategy. The UK’s National Crime Agency (NCA) calculated recently, “hundreds of billions of pounds are laundered through UK banks each year.”