Why Graph Databases Excel in Anti-Money Laundering Investigations

By Emma Zhang

Background

The recent discovery of a massive money laundering case in Singapore underscores the demand for efficient data management and analysis in the financial sector. It also highlights the significance of graph database technology in combating complex criminal networks and money laundering activities. Traditional relational databases struggle to effectively handle data with multi-layered relationships and intricate connection patterns. In contrast, graph databases, leveraging their advantages in processing graph-like data structures, have emerged as the ideal solution for addressing such challenges.

This reported significant case related to suspicious transactions in Singapore involves a colossal sum of approximately 700 million USD. This incident marks the largest money laundering case in Singapore to date.

The surprise stems from Singapore's unique role in Asia, particularly in recent years, as geopolitical developments have attracted many individuals to the country, considering it a neutral ground for conducting business. Therefore, it is not unexpected that criminal activities targeted Singapore, given the substantial high-value cross-border transactions occurring in the country every moment. Countries with such capabilities make it remarkably easy to conceal money laundering and transfer illicit funds—especially considering Singapore's neighboring nations, many of which are associated with casinos, underground banking systems, fraud organizations, and more.

The recent actions taken by the Singapore government demonstrate its determination to combat these activities. On August 30th, Monetary Authority of Singapore (MAS) revised and released the reference documents Strengthening AML/CFT Controls and Practices to Detect and Mitigate Risks of Misuse of Legal Persons/Arrangements and Complex Structures and Effective Use of Data Analytics to Detect and Mitigate ML/TF Risks from the Misuse of Legal Persons, emphasizing the extensive use of data analytics to identify and mitigate money laundering and terrorism financing risks associated with the misuse of legal entities.

Rethink

Although this money laundering case involved a significant amount and had a substantial impact, the chain of events depicted in the graph was not highly complex. Suspicious fund flows could have been easily identified.

Why wasn't this relatively straightforward money laundering case discovered earlier?

From a global perspective on anti-money laundering efforts, this high-profile case in Singapore is not an isolated incident. Particularly with the rapid proliferation of online payment services, money laundering activities have become more covert than ever before. However, traditional anti-money laundering systems operate with relatively outdated risk models. The adaptability and implementation costs of these systems face significant challenges.

Many financial institutions possess data that are capable of revealing illegal activities but lack the ability to correlate and effectively mine the data and its relationships.

Why is this the case?

From a technical standpoint, almost all existing anti-money laundering compliance systems rely on traditional relational databases. These databases store information about customers, accounts, transactions, etc., within rows and columns (see the left part of chart following). To identify potential associations, staff members must link multiple tables and execute queries, a process that can take hours or even days and might be impossible to complete. Consequently, it is nearly impossible to determine meaningful connections between different involved parties and transactions.

In contrast, in a graph database, data is stored in nodes (entities or objects) and edges (relationships between nodes). Multiple nodes and edges form a graph (see the right part of chart above).

?

As a result, if regulatory agencies' technology remains rooted in traditional databases or shallow graph computing, they will be unable to identify these deeply concealed money laundering paths. Here is why:

• Inability to address the requirement of traversing more than 10 hops when dealing with transaction and equity data. Money laundering activities are constructed to evade detections executed against intricate transaction networks and multi-account loops. If regulatory requirements specify a 3-hop query while the transaction chains have a depth upto 5 hops, these deep money laundering patterns will never to discovered. It's worth noting that real-time identification of deep-hop links and networked transfers is nearly impossible without native in-memory graph computing engines.
• Incapability of correlating and determining hidden relationships between accounts spanning multiple hops. Meaningful, insightful analysis of transactions between multiple parties and multiple transactions is crucial for tracking fund movement traces and assessing money laundering risks.
• Lack of flexibility. Traditional database systems are inadequate for in-depth insight into illegal fund flow traces within a massive and complex environment. Criminals are exceptionally cunning.
• Low return. These systems require substantial investments, necessitating proper allocation of personnel, systems, and data for anti-money laundering and compliance tasks. However, these investments do not translate into revenue.
• Inaccuracy. Despite significant investments, traditional anti-money laundering systems exhibit exceptionally high false positive rates, failing to meet the real-time detection requirements of new and varied risks.

Graph Technology

Graph database technology addresses these pain points effectively. It offers a novel way of storing and analyzing data, particularly suited for exploring relationships, networks, and patterns comprehensively.

How does graph database technology unveil hidden transaction patterns and associations?

For financial institutions, the scale and frequency of organized crime in money laundering often surpass those of retail customers. Anti-money laundering efforts typically focus on large-scale money laundering, high-frequency occurrences, numerous linked accounts, and cross-border activities.

Graph technology can display all historical transaction information in a graph, allowing staff (investigators or analysts) to discover hidden relationships using powerful visualization tools, such as Ultipa Manager. This aids in understanding and analyzing transaction patterns, assessing money laundering risks, etc.

From the chart above, staff members can easily identify various situations through association relationships:

• Main participant shares the same IP address with customer1, which is on the bank's regulatory list.
• Main participant pays the auxiliary participant2, who is married to customer3 with a bank violation record.
• Main participant pays auxiliary participant1, who has transaction records with customer2 from a high-risk area.

It will be challenging to discover these insights through manual verification using traditional documents and forms since staff members would need to log into multiple systems for retrieval, making it nearly impossible to intuitively and rapidly assess risks.

Moreover, banks conduct Know Your Customer (KYC) and Customer Due Diligence (CDD) activities and continue to examine the sources of funds for each customer's transaction even after account opening. They also conduct risk assessments and periodically adjust the ratings. Why were the suspects in this case able to evade detection? It's primarily due to technical issues, highlighting a lack of comprehensive information.

Typicall, banks only hold static information of customers such as name, profession, and region. They find it challenging to identify intentionally concealed or disguised customer identities and related risk. However, with the help of graph technology, bank staff can, during the due diligence phase, reveal unknown risk factors by gathering associated information from more third-party databases.

Meanwhile, spreading from any suspicious accounts, Wang Yongming for example, accounts involved in abnormal transactions such as dealers of precious metals, luxury goods, and real estate will be dug out. These accounts can further lead to uncover more clues such as black production.

As shown in the chart below, graph database technology has a deep querying advantage that traditional relational databases cannot match in terms of tracking anti-money laundering transactions: starting from a specific account (outgoing account), passing through multiple hops of transfers (≥10 hops), and converging into another account (recipient).

Real-time performance of Ultipa Graph:

• Identify network formations, loops, etc., in large graph data related to transaction behavior on the same day (T+0).
• Real-time query and identification of "money laundering" patterns for a single user or multiple users.
• Support real-time alerts and blocking!

Furthermore, graph technology excels in screening and analyzing numerous corporate ownership structures, assisting banks in conducting periodic KYC checks and updating regulatory lists to continuously identify high-risk customers.

In the chat above, regulators can intuitively focus on the connections between DBS (Development Bank of Singapore) and suspect Su Haijin, and between Bank of Singapore and Su Baolin. They can conduct layer-by-layer drilling for deeper insights.

Summary

It's essential to emphasize that for the financial system, locking down criminal networks and promptly identifying money laundering risks are effective ways to protect financial assets, which demand exceptional performance and speed. Real-time graph databases, graph computing, graph storage, and graph middleware will play a crucial role in the next generation of anti-money laundering IT infrastructure.

In the past few years, Ultipa Graph has successfully empowered multiple financial institutions to efficiently identify various money laundering transactions through highly efficient computation, achieving rapid technology iterations, adapting to rapidly changing scenarios, and ensuring the stable operation of financial institutions.

• In-Depth Penetration Analysis: Criminals create complex relationships in the fund network to evade detection. Ultipa Graph can penetrate up to 40 layers, unraveling the intricate transaction networks between suspicious individuals, rapidly detecting money laundering behaviors, and assessing the level of money laundering risk.
• Speed Advantage: Utilizing powerful in-memory computing efficiency, Ultipa Graph can perform large-scale graph construction and graph computation in a short time. It ensures responsiveness and accuracy, meeting financial institutions' requirements for response time and precision while reducing hardware and operational costs.
• High Visualization: Anti-money laundering work involves efficiently discovering suspicious fund transactions in massive multi-dimensional intelligence data. High visualization of data can identify suspicious fund chains with characteristics such as "dispersion," "transfer," and "fusion" based on vast amounts of data. It presents analytical results in an intuitively visual manner, transforming seemingly fragmented and unordered data into a coherent whole, revealing hidden fund flows.
• White Box Traceability: Money laundering activities often involve multiple pathways and complex account relationships. Ultipa Graph can fulfill users' demands for data traceability and analysis, intelligently displaying relationship networks and allowing for intelligent retrieval and tracing. It performs well in money laundering case investigations, account management, and attribution queries of detection results.
• Real-Time Fraud Detection: Ultipa Graph can process thousands of payments or financial transactions in milliseconds. It ensures real-time updates and instant analysis when faced with data updates and changes from banks.
• High Coverage and Accuracy: Addressing the pain point of high false positive rates in traditional anti-money laundering systems, Ultipa Graph establishes intelligent rules and risk assessment measures through deep relationship analysis. It captures, discovers, and analyzes money launderers' intricately woven identities and network accounts, dynamically segments customer risks from multiple dimensions, effectively distinguishes money laundering signals from noise, and reduces false positives and false negatives, aiming to achieve precise identification of anti-money laundering objectives from various perspectives.
• Advantages in Technical Iterative Development: Traditional money laundering in banks often focuses on interbank transfers, where complete fund paths are challenging to trace. Money laundering syndicates have gradually formed complete money laundering chains in the upper, middle, and lower reaches. Money laundering channels and forms have also become more diverse. Therefore, for business scenarios with continuously growing data volumes such as customer identification, traditional relational databases cannot meet the demands of large data processing. Ultipa Graph provides fast secondary development capabilities, extending space for personalized analysis requirements. It improves the efficiency and upgrades of developers, ensuring rapid development and technical iteration.
• Cost Saving, Improved Work Quality: Through underlying ultra-strong computational power and high visualization, graph computing presents all transaction data and participant situations intuitively in a "graph." It enhances the anti-money laundering discovery process. Analysts can use auxiliary analysis tools to explore various types of information, analyze transaction patterns, and evaluate money laundering risks, automating key work processes. This drastically improves the efficiency and effectiveness of the team, ultimately reducing labor and operational costs.
• Ultipa Graph AI Graph Enhancement Intelligence: Ultipa Graph XAI Graph Enhancement Intelligence is an elastic, scalable deep computing engine for graph computing and storage. It features model enhancement, acceleration, significantly improved prediction accuracy, and interpretability for existing AI/ML and LLM large model architectures. It also addresses business demands of OLTP and OLAP types through an HTAP cluster, realizing horizontal expansion through distributed, multi-level storage.