Sign in Subscribe
Graph Theory

Detecting international financial crimes

Remco Moolenaar

3 min read

Detecting international financial crimes is a difficult task, due to lack of international cooperation, privacy concerns and diffuse regulations. In this paper I will discuss a possible solution to improve this on a national / EU / global level by means of using public-key cryptography to hide all personal details between the  different participating bodies.

First, I will explain some preliminary knowledge that is required to understand the concepts. Secondly, these basic concepts are shown in more detail.

Foreknowledge

The following preliminary knowledge concepts are neede  to  understand the  proposed solution: public-key cryptography and graph theory.

Public-key cryptography

Encryption of messages between two entities (persons, organisations, etc.) is based on the concept of public-key cryptography. If, for instance person A want to send a encrypted message to person B, the following steps are taken:

  • Person A gets the public key of person B.
  • With this public key the message is encrypted.
  • Person A sends the encrypted message to person B.
  • Person B gets its private key and decrypts the message.
  • The message is read by person B.

It is important for this to work securely by means of the private key of each entity is stored safely and is not accessible to anybody else. This way (in the example) only person B is able to decrypt the message and nobody else.

All modern message apps (PGP Mail, WhatsApp, Signal, etc.) work like this.

Graph Theory

From Wikipedia: “In mathematics, graph theory is the study of graphs, which are mathematical structures used to model pairwise relations between objects”. Graphs look like this:

Using this theory numerous concepts and characteristics can be derived from a given graph. For instance: find clusters of tightly connected objects or find edges / endpoint objects.

The context

One of the major problems related to financial crime is to find the connection between all the transactions that take place: from local entities via shell companies to tax havens. And visa versa. This requires internal cooperation between national regulators and the different financial institutions involved.

However, a major hurdle has always been privacy regulations: in short, it is very difficult to share data between different institutions. Solving this would clear the path to finally create the graph of all the entities (objects) involved in financial crime.

Detecting financial crimes

The basic concept is create a separate body (financial crime unit: FCU) outside the financial institutions and regulators that collect all the transactions happening. However, all privacy related data will be encrypted using public-key cryptography. The encryption will take place at the owner of the transaction (the financial institution) using the public key made available by the regulator (the national regulator, the ECB or IMF).

The FCU will receive those transactions, which at least will contain the source bank account number (or cash / cheque deposit) and the target bank account number. Both account numbers will be encrypted using public-key cryptography. This way the FCU will not see any privacy related data, but is able to detect identical bank accounts as each bank account will create an unique encryption code. This way the FCU is able to create the graph with all bank accounts and their relations.

For instance (see above graph): if entity ‘1’ is a well-known shell company or tax haven then money passing from ‘6’ via ‘4’, ‘3’ and ‘2’ to ‘1’ could mean that entity ‘6’ is suspicious. And, when money is passing back from entity ‘1’ to ‘6’ via ‘5’ and ‘4’, would make entity ‘6’ more suspicious. Especially when hardly any money remains inside the intermediate entities.

Detecting such irregularities will be done using concepts from graph theory and algorithms derived from those concepts.

Example: a ‘clique’ is a (sub)graph where all entities are connected to each other. Finding such a clique could be an indication of a money laundering schema, where money is passed back and forth between entities. Especially when international transactions take place.

Related this is the strongly connected component which will detect (sub)graphs which are strongly connected. Such (sub)graphs can be an indication for illegal activities, especially if one of the entities inside this graph is already suspicious. To  calculate this, algortihms exist that perform in linear time  (for instance Trajan's algortihm).

When such irregularities are detected, the FCU needs to report this to its regulator. The regulator (which owns the private key) will be able to decrypt the account numbers and start the investigations.

Questions

  • Is the regulator allowed to do this, based on privacy regulations?
  • Can more data be passed per transaction? Like amount, currency and description?
  • Can extra metadata be added? Like for instance: ‘cash’, ‘cheque’ or ‘international’ transaction?

Sign up for more like this.

Enter your email
Subscribe