Suspicious Transaction Report Exploitation

1
Suspicious Transaction Report Exploitation

• Analytical Techniques and Tools

2
STR Analysis

• Broadly defined as financial analysis.
• Different than traditional forensic analysis.
• Relies initially on reporting institution
  analysis.
• Involves evolving issues and new problems.

3
Analytical Process
Reselect Target
Refocus Target
Develop Hypothesis
4
STR Research

• General
• Perform additional research on cluster.
• Determine relevancy of related STRs, threshold
  reports and FIU data.
• Develop relevant information to increase
  knowledge of targets, activities and associates.
• Specific
• Fixed STR field queries.
• STR narrative field exploitation.
• Compare STR data against FIU, government and
  commercial information.

5
STR Fixed Field Queries

• Query all information in fixed suspect
  fields of initial STRs.
• Identify other STRs linked by target names,
  identification numbers, addresses, accounts and
  phone numbers.

6
STR Narrative Analysis

• Process of reading each and every STR narrative.
• Query all pertinent account numbers and names
  associated with STR activity.
• Whereas fixed field queries find connections
  between persons conducting related activity,
  narrative exploitation finds
• Originators/beneficiaries of wire transfers
• Persons conducting ATM transactions and payees
• Payers or purchasers of negotiable instruments
• Activity in foreign countries
• Banks and accounts

7
Compare STR Data Against Additional
Information

• Query targets and associates through
  available FIU databases, law enforcement and
  other government data, and commercial
  databases.
• Identify information germane to suspicious
  activity and understanding of activity.

8
STR Analysis

• Analysis is not merely a review, or even a
  detailed reading of the information found as
  a result of research.
• It is an attempt to extract more meaning from
  the available information than what is
  provided, or to establish connectivity between
  events or subjects that is not immediately
  or obviously apparent.
• PROCESS OF CONVERTING INFORMATION INTO
  INTELLIGENCE

9
Analytical Methodology

• Information is useless unless critical
  questions are asked of it.
• Who, what, where, when and how are
  questions that are evident in the STR.
• Focus on why the suspicious activity
  occurred.

10
Analytical Methodology

• STR targets are identified from the
  assessment of a financial institution
  employee.
• Possible innocent person.
• Analysts should look for a reasonable
  explanation for the activity.
• Example Relief worker or foreign financial
  practice.
• If no reasonable explanation exists, the
  greater the likelihood of a criminal
  connection.

11
Examples of Critical Questions

• What is the purpose of the transaction?
• Is this a single transaction?
• How many financial institutions were
  involved in the transactions?
• If several persons are involved, are they
  related?
• Are there any patterns reflected in the
  dates of the transactions?
• Are there any patterns reflected in the
  amounts of the transactions?

12
Examples of Critical Questions

• Any change in the frequency of the
  transactions?
• Any change in the amount of the
  transactions?
• Any shift in transaction patterns?
• Any transactions occurring in proximity to
  the location of physical and/or legal
  persons concerned?
• Who ultimately benefits from the
  transaction?

13
Analytical Process
Make Hypothesis
14
Analytical Techniques

• Organization and manipulation of data.
• Explore various techniques of analysis
• pattern analysis
• event or timeline analysis
• commodity flow
• link analysis

15
Limitations of STR Data

• Insufficiency of STR data and other data
  available to FIU to perform such as
  pattern analysis or chronological event
  flow.
• STRs only provide a snapshot of account
  activity.
• True source of funds and account
  application analysis is not possible.
• STRs can make general observations as to
  source and destination of funds.
• Narrative exploitation can give a wider
  picture of activity and flow of funds
  through account.

16
Multiple Tier Research
STR 1
STR 2
STR 3
Target A Deposits funds to account and wires to
Subject B.
Subject C Receives suspicious wire from Subject
B and wires funds to Subject D.
Subject D Receives wire from unknown source and
withdraws funds.
Subject B
17
Multiple Tier Research
Linear Analysis -- Flow of Funds
STR 2
STR 3
STR 1
Subject D Receives wire from unknown source and
withdraws funds.
Target A Deposits funds to account and wires to
Subject B.
Subject C Receives suspicious wire from Subject
B and wires funds to Subject D.
Subject B
STR 4
Subject B makes large check deposits for Business
A
Non-Linear Analysis
Subject E, owner of Business A, writes checks to
Charity A, which are deposited to account in
foreign bank.
STR 5
Subject F wires funds to account in foreign
country.
Suspicious account in foreign country
STR 6
18
Refocusing Target
Subject A
Initial Target
Original Target
STR 1
Subject B
Business A
STR 2
Subject E
Subject A
Subject C
STR 1
Subject B
New Target (Business A)
Subject D
Business B
Refocus After Evaluation
STR 3
19
Correspondent Accounts
FUNDS TRANSFER Series of electronic
transactions in order to move funds from one
location to another.
New York
London
Dubai
Pakistan
20
Correspondent Accounts

• Originator (Daniel)
• Originators Bank
• Payment Order
• Beneficiarys Bank
• Beneficiary (Ahmed)

Payment Order
Bank in New York
Wire 10,000 to account in Karachi
Bank in Karachi
21
Correspondent Accounts
Actual Fund s Transfer
Correspondent Account
Bank in New York (Originating Bank)
Bank in London (Intermediary Bank)
Correspondent Account
Correspondent Account
Bank in Dubai (Intermediary Bank)
Bank in Karachi (Beneficiary Bank)
22
Correspondent Accounts

• Correspondent account users
• Shell banks with no physical presence in any
  country for conducting business with their
  clients.
• Offshore banks with licenses limited to
  transacting business with persons outside the
  licensing jurisdiction.
• banks licensed and regulated by jurisdictions
  with weak anti-money laundering controls.

23
Correspondent Accounts False Positive Example
Subject C
STR 3

Subject A
ACCOUNT
Subject D


STR 1
STR 4


Business A

STR 5
Subject B
Subject E
STR 6
STR 2
24
Data Mining Cluster Showing Two False
Positive Correspondent Accounts
25
Review Tasks of the FIU Analyst

• Develop hypothesis.
• Analyst must find, interpret and connect
  information that points to illegal activity.
• Present information so that FIU customer
  draws same conclusions.

Refocus Targets
Develop Hypothesis
26
STR Analytical Tools

• Do not need to be complex.
• Must be user friendly to the analyst.
• Combination of analysis, data mining and
  information sharing software.
• Reliable Off-the-shelf analytical software
• Excel (Microsoft)
• Access (Microsoft)
• Analyst Notebook (I2 Inc.)
• VisuaLinks (Visual Analytics)

27
STR Analytical Tools

• Allow information from various sources to
  be analyzed together.
• Tools are used to collate, compare and link
  diverse information.
• Three categories of analytical tools
• Link charting
• Data mining
• Data manipulation

28
Link Charting Tools

• Can be essential component of STR analysis.
• Aids development and analysis of subject
  connections.
• Assists investigators and prosecutors in
  visualizing suspicious activity.
• Flexible allows various types of visual
  analysis.

29
Simple Link Chart
30
Complex Link Chart
31
Complex Link Chart
32
Timeline Chart
33
Data Mining Tools

• Links information through matching fields .
• Limited capability for analysis beyond visual
  display.
• Not conducive to adding data not already in
  database.
• Visual charts not provided to customers.
• Analytical uses
• Identify subjects
• Walk the pertinent STRs to identify and
  link all related STRs.
• Review the STRs to ensure there are no
  false-positives matches.
• Provide initial clusters for research and
  analysis.

34
Walked Data Mining Visual Chart
35
Data Manipulation Tools

• Consist of spreadsheet applications and
  relational databases.
• User friendly and flexible.
• Can only be used with a limited set of
  data.
• Data can be imported or manually entered
  and sorted, queried, counted, reported and
  exported.
• Relational databases can link different
  types of data for analysis.

36
Sample I2 Analyst Notebook
37
Relational DatabasesMicrosoft Access
38
Conclusion

• Analytical Process
• Targeting Research - Analysis
• Analytical Methodology
• Critical Questions Techniques STR Limitations
• Multiple Tier Research Linear versus
  Non-linear
• Correspondent Accounts
• Refocusing of Targets
• Analytical Tools
• Link charting - Data mining - Data
  manipulation