Posted by & filed under Research & Investigation.

panama-papersJust over a week ago, the International Consortium of Investigative Journalists (ICIJ) released a searchable database of companies, people, and addresses named in the Panama Papers.  In addition to the online search tool, the ICIJ also released a downloadable version of the same information.  Below is a brief overview on how to download the database, and information on its content and uses.

How do I download the database?

While the ICIJ makes the database accessible in a few different formats and methods for downloading, the easiest way for the majority of people to access the files will be through the comma separated value (CSV) file link on this page.  All of the CSV files contained in the download can be opened in Excel.

If you are technically minded or feeling ambitions, the ICIJ also made a distribution of the graph database Neo4j available with the data in it.  This allows users to query the database and visually explore the connections between people and companies.   Something to keep in mind, this method will require you to download the Neo4j software on your computer, which may not be allowed by your company’s IT department.


What’s in the file?

Once you download and unzip the folder, you will see the five files contained below.  As mentioned previously, all of the included CSV files can be opened in Excel.




Below are the descriptions from the ICIJ to understand what each file contains.

Offshore Entity: A company, trust or fund created in a low-tax, offshore jurisdiction by an agent.

Officer: A person or company who plays a role in an offshore entity.

Intermediary: A go-between for someone seeking an offshore corporation and an offshore service provider — usually a law-firm or a middleman that asks an offshore service provider to create an offshore firm for a client.

Address: Contact postal address as it appears in the original databases obtained by ICIJ.

You will also notice the “all_edges.csv” file; this can be disregarded.   It’s purpose is to map the links between the parties in the file for graphing relationships.


More than the Panama Papers

While the Panama Papers have gotten all of the recent publicity, the above files also contain data from the ICIJ’s previous “Offshore Leaks” investigation.  The Offshore Leaks Database contains more than 100,000 companies, trusts and funds created in offshore locales such as the British Virgin Islands, Cayman Islands, Cook Islands and Singapore.  Below is information from an ICIJ article when the data was released in June, 2013.

The data are part of a cache of 2.5 million leaked offshore files ICIJ analyzed with 112 journalists in 58 countries. Since April, stories based on the data — the largest stockpile of inside information about the offshore system ever obtained by a media organization…


How can I use this information?

A definitive way to utilize this information is to analyze it for trends or patterns that could have a risk impact on your company.  There are several data mining solutions that could help with this task, but the majority of people reading this will be limited to analyzing the data in Excel.  Luckily, one of the most useful tools to extract significant information from large and detailed data sets are pivot tables, which are available in Excel (tutorial).

For example, if you are looking to identify frequently used addresses by shell entities, a pivot table of the address field of the “Entities.csv” would produce the below most frequently used addresses.




In addition, once the information is summarized it can easily be visualized using Excel’s charting features.  Below is a chart based on a pivot table of the country field in the “Entities.csv” file.




The above examples are the very tip of the iceberg of what is possible with the data.  And even if you don’t have a need to review the above files, the ability to create pivot tables and analyze large data sets is a tremendous advantage to all financial crime compliance professionals.

Posted by & filed under AML General, Research & Investigation.

SAR_formSorry, a blog article can’t actually tell you to file a SAR or not.  The decision on whether alerted transaction activity raises to the level of SAR filing is complex and requires a large amount of human judgment and analysis.  But everyday thousands of AML analysts are expected to make these tough decisions with uncertain information and pressure from mounting workloads.

It’s easy to get distracted when gathering and processing all of the information involved in dispositioning an alert.  Even though every case has unique aspects, and there are dozens of different factors that should be taken into account, there are essentially two questions that need to be answered when making a SAR filing decision.

  1. Are the transactions in line with the account’s purpose, profile, or nature of business?
  2. Is there any outside information that would increase the risk level related to the transaction or parties involved.  This could be negative news, political exposure, sanctions, a high number of prior investigations, subpoenas, etc..

We have put together the below flowchart to outline how the above questions could be integrated into the decision making process at its most basic level.  For a printable PDF version, please click here or on the below chart.



(click for printable PDF version)


We had a lot of internal discussion on how to make this chart as simple, but as comprehensive as possible.  The original chart was quite complex and had more than twice the number of decisions!  But the chart is not meant to cover every possible scenario, or to outline how to conduct an AML investigation.  It is meant to distill the core questions that need to be answered as part of every alert disposition; the decisions AML analysts must make multiple times a day, everyday.

Hope you find this helpful, and we would love to hear your feedback.


Additional SAR Resources:

Posted by & filed under Research & Investigation.

I was recently reading one of Kenneth Rijock’s articles that identified an office manager at a Mossack Fonseca subsidiary would frequently use different name variations on documents.  The article highlighted that

“this is a technique specifically designed to foil any investigation that seeks to find a pattern, or course of dealings, in financial transactions.  It is a method of deception often used by financial criminals.”

It also provided a list different name permutations that she used, such as using a compound or hyphenated last name and using the middle name as a last name.  Even when someone is acting in good faith, it is common for a name to be written different ways, so this seemed like a fun weekend project to tackle.

The Name Variation Tool is a small utility that will automatically create potential name combinations without having to manually write each one out.

Name Variation Screen Shot


Before using the tool, there are some important things to know:

  • This tool only performs mechanical combinations based on the name entered.
  • Specific ethnic or regional naming conventions are not taken into account.
  • Names are also not substituted with alternate spellings or nicknames.
  • The tool is currently set up to work with names that contain up to 5 parts.

I can not stress enough that this tool is meant to be a time-saver, and not meant to replace specific understanding of different cultural naming conventions or proper search techniques.

Hope you find it useful, and if you have any ideas or suggestions for improvements, I would love to hear them.

Posted by & filed under Research & Investigation.

offshoreWith the recent release of the Panama Papers, now seems like an ideal time for a blog post on red flags and investigation strategies related to shell companies.  A shell company is a legal vehicle (LLC, LP, etc.) that typically has no physical presence (other than a mailing address), and generates little to no independent economic value.  Although they are not illegal and can have many legitimate business purposes, they are commonly used to facilitate illicit activity, including money laundering and tax evasion.

What makes shell corporations suitable for illegal behavior is the secrecy they can provide their ultimate owners.  Anyone who has been involved in AML transaction monitoring or investigations has most likely run into one of these companies and had their case hit a road block.  Below are some investigative strategies to help get more information related to these companies, and also a list of shell company related red flags.


How to Investigate

Before you can determine if any suspicious activity has occurred, it is important to gather and analyze all available information related to the companies involved.  Below are some actionable strategies that have been successfully used in real-world investigations involving shell companies.

Utilize corporate registers, web, and news sources

These are the traditional first steps when trying to identify who is behind the company and if there is any risk relevant information related to the entity.  Check out our earlier post on tips for identifying ultimate beneficial owners for additional details.  It is also crucial at this step to try to identify any adverse media or negative news on the company or it’s directors.

Identify & review network of related parties

Even if you can’t identify the ultimate person behind the company, in many instances, there are common elements that can reveal more information about the company.  These include:

  • Incorporation address
  • Nominee directors or managers
  • Intermediary or incorporation service
  • Other counterparties (see below)
Search wire activity for counterparties and multiple levels deep

A common scenario involves an analyst reviewing an alerted transaction where their FI’s client either sent or received a wire transaction from a shell company.  In many cases, because of the lack of information on the company, the analyst reaches a dead end.  Instead of stopping there, a good strategy is to search for wire activity for that shell company.  Even if they are not a client of your FI, there is a good chance they had transactions with another customer, or through a correspondent banking client where the activity should be visible to you.

This will give you a good idea of the other types of companies the shell company is interacting with, and the types of transactions.  It will also give you more information on building out a network of related parties.   Although not always practical since time is a serious consideration for analysts, it is also possible to try to continue to follow the counterparty wire activity multiple levels down to see where funds end up.




Red Flags

Below is a FinCEN list of red flags commonly cited in Suspicious Activity Reports involving shell companies.  You can utilize all of the information gathered and analyzed during the investigative process to determine how closely your case matches with the below indicators.


  • An inability to obtain – whether through the Internet, commercial database searches, or direct inquiries to the foreign correspondent bank whose customer is the originator or the beneficiary of the transfer – information necessary to identify originators or beneficiaries of wire transfers.


  • A foreign correspondent bank exceeds the anticipated volume projected in its client profile for wire transfers in a given time period, or an individual company exhibits a high amount of sporadic activity that is inconsistent with normal business patterns.


  • Payments have no stated purpose, do not reference goods or services, or identify only a contract or invoice number.


  • Goods or services of the company do not match the company’s profile based on information previously provided to the financial institution.


  • Transacting businesses share the same address, provide only a registered agent’s address, or raise other address-related inconsistencies.


  • An unusually large number and variety of beneficiaries receive wire transfers from one company.


  • Frequent involvement of beneficiaries located in high-risk, offshore financial centers.


  • Multiple high-value payments or transfers between shell companies with no apparent legitimate business purpose.



There is nothing inherently wrong with shell companies, but the added risk lies in the opacity they provide the true parties behind the transaction.  Even without knowing the ultimate owners, in many cases it is possible to identify negative news or other risk relevant information on a person, entity, or address closely related to the shell company.  This information, in addition to the transaction activity itself, may be enough to push the case into SAR filing threshold.  It is also important to remember to stay focused on your financial institution’s exposure to risk when going down the the shell company rabbit-hole.  It is very easy to get so caught up in the investigation that you realize you stopped researching parties with any relationship to your bank a hour ago!


Posted by & filed under Negative News, Research & Investigation.

Search_KeyToday, thousands of AML analysts from financial institutions all around the world sit at their desks, making serious decisions about customer risk and suspicious activity.  Each is fulfilling critical components of AML, but each is also saddled with applications that make their jobs more difficult and ultimately jeopardize compliance.

When making due diligence and suspicious activity decisions, analysts must find and consider the implication of negative news information concerning a customer, counterparty, or beneficial owner.

Analysts need applications that help search for and discover negative news.  The problem for them, and the institutions for whom they work, is that the negative news applications used today fail to achieve the five necessary components of effective negative news searching.

For negative news research to be effective it must achieve the following five critical objectives.

  1. All information that can be searched is searched.
  2. Search results must be relevant to financial crime AND the person, company or entity that is being searched.
  3. Searching must be performed consistently by the entire AML team.
  4. Analysts must be able to move fast through results.
  5. There must be proof of what was searched, how it was searched, and the results.

Unfortunately, negative news applications like risk intelligence databases, news libraries, and search engines fail to achieve any of these five requirements.

  • Databases and news library applications are exceedingly limited in the amount of information they contain. How search engines return results is known only to the search engine, and each search engine has different levels of coverage.  Google doesn’t have everything Bing has, and Yahoo may return information Google and Bing don’t.
  • Scrolling through screen after screen of “false positives” slows down work. It is monotonous, boring, and frustrating for analysts.  This creates an environment where important information is missed, work takes too much time, and costs increase.
  • Searching for information in databases, news archives, and search engines has become a skill all its own.  Every analyst must develop their own “tricks of the trade” to find information.  This means searching is inconsistent.  Inconsistency in AML is risky.
  • Compliant work is documented work. When analysts review customer transaction history they record key information about the accounts and date range of the activity they reviewed. A manager, an auditor or a regulator can review this work to ensure procedures were followed and the outcome of the investigation is reasonable.

Unfortunately, when using negative news applications there is no way to truly document what was searched, how it was searched, and the results that were reviewed.  Instead analysts either write a statement in the case file like, “no negative news information was found” or they go through a “copy and paste” exercise trying to show a page or two of Google results.  This means there really isn’t a way for management, an auditor, or regulator to feel confident about the negative news portion of an investigation.

Effective AML compliance requires many critical steps.  One particularly critical step is the ability for every AML analyst to properly search for, find, and consider the impact of negative news information.  Unfortunately, the applications used today – many of which were built more than 20 years ago – fail to help analysts achieve these objectives. It is time for this to change.

Posted by & filed under Research & Investigation.

Missing PiecesSearch Engines have transformed people’s everyday lives.  We can instantly find the best Italian restaurant in town, directions to the airport, and what the cast of Saved By The Bell is now doing.   Search Engines are not, however, AML compliance applications.

This may sound surprising to tens of thousands of AML analysts and investigators around the world who rely on Search Engines like Google, Bing and Yahoo to find negative news information about customers, counterparties, and other people and companies they are researching and investigating.

Relying on Search Engines to find negative news information is a big problem because:

  1. Search Engines do not find all negative news information
  2. Search Engines present way too much unrelated information
  3. Search results needed by AML analysts are often buried well past page 1
  4. “Search Strings” used by AML analysts are helpful but highly limited
  5. Search Engines add time to AML work and increase costs
  6. Search Engines provide no record of work and therefore no proof to auditors or regulators


Search Engines Do Not Find All Negative News Information

Search Engines find information on the Surface Web, the part of the Web available to the general public.  There are billions of pages of information on the Surface Web.

When an AML compliance analyst wants to locate negative news information, a portion of these billions of pages are reviewed by whatever Search Engine they use.  Each Search Engine contains different indexes of information gathered from the web.  So Google, the most used Search Engine, does not search all the same information Bing or Yahoo search.  So just using Google means an AML analyst may miss negative risk information.

Google (or Yahoo or Bing) may in fact “find” the information that an AML analyst needs, but that important result – the one the analyst needs – may be on page 12.  In these cases, it is highly unlikely the analyst will read the first 11 pages of results, thus in effect the information needed by the analysts is never found.  Read about a real example of this here.

Search Engines combine hundreds of factors into complex algorithms that try to find information about each search query.  The problem is, no-one knows how these algorithms work – they are the closely guarded property of the Search Engines.  Not knowing the logic and computations behind a Search Engine’s algorithms puts AML users in a bad spot; analysts are left with the uneasy feeling that they may be missing key information.


Irrelevant Results and “Search Strings”

Search Engines are designed to show what they think you want to see.  Problem is, they don’t actually know what it is you want to see.  They don’t know you are an AML analyst looking specifically for information about whether a customer was involved in a past legal or criminal matter.  So Search Engines, using their algorithms, give you lots of information that isn’t relevant to what you want.  This means scrolling through endless results trying to find the one or two that actually matter.

These unrelated results add time to an analyst’s work, which piles up costs for each due diligence and investigation case.  Unrelated results also increase risk.  After-all, how many results can a person look at hour after hour, day after day, and not become frustrated and distracted by the monotony.  No doubt, this leads to analysts missing critical information.

To address the problem of too many unrelated results, analysts devise “search strings” of negative terms that try to reduce irrelevant information.  Search strings often do reduce results but they also create other problems for AML compliance.  Here are two of those problems:

  • Search Engines limit the number of words that can used in a search string.  What if the words not included are the words that would find the key information?
  • Search strings are not consistently used by every analyst on every search, thus creating an environment where work is done differently by everyone on every matter.  This lack of consistency leads to non-compliance.


No Proof of Work

Negative news searching is a critical component of AML due diligence and investigations.  Any strong AML compliance program requires work be documented and saved for review by a manager, an auditor and the regulators.  Search Engines do not provide any features that enable AML users to properly and consistently document their work.

AML procedures may mandate taking screen shots or copying and pasting the first page of Search Engine results, but in many instances this doesn’t prove much.  A screen shot won’t capture the entire search string used, or it won’t capture page 2 – 10 of the results.  It is also a mundane and monotonous process that is prone to human error.

If you are an AML compliance professional, it is important that the tools and applications you use are effective, efficient and consistent.  Using Search Engines as a way to find negative news falls short on all three of these objectives.

Posted by & filed under Research & Investigation.

There are going to be a lot of internal “fire drills” happening over the next few weeks (months?) from the recently released “Panama Papers”.  The documents are a collection of 11.5 million leaked internal records from the Panamanian law firm Mossack Fonseca, a leading firm in the incorporation of offshore entities.  The 2.6 terabytes of data includes information from 1977 through the end of 2015, and highlight possible examples of money laundering, sanction and tax evasion.

Instead of rehashing what has already been written, we will try to keep a grouping of the reported information by topic to save you time in tracking it down. Please see the topics below.

General Overviews


Politically Exposed




Vladimir Putin


Iceland Prime Minister: Sigmundur Gunnlaugsson




British Prime Minister: David Cameron




The Americans




Real Estate


Interactive and Data


Hope it helps!

Posted by & filed under AML General, Negative News.

compliance-data-searchHopefully you have found your way here from our new product demo; a search tool that has a zero false positive rate.  Feel free to check it out if you haven’t yet.  We’ll wait.

Happy April 1st!  As I’m sure you have figured out, the Global Compliance Data Search tool is obviously not a real product, and we were having some April Fool’s fun.  We went about it in a lighthearted way, but the issue we are attempting to highlight has serious implications for AML compliance officers.

If you ask many AML professionals what causes them the most headaches, the issue of false positives will no doubt be at the top of the list, particularly when it involves name screening, due diligence, and negative news research.  Each of these important processes runs into problems caused by false positive matches.  Everyone in AML knows it is important to attempt to limit false positives as much as possible, but there is a much more dangerous issue that rarely gets discussed False negatives.


False negatives are the opposite of false positives. They are results indicating that there is no match, when in fact there is.


Result sets with large numbers of false positives receive the most attention because the issue is prominently visible.  The abundance of work false positives create wastes time and incurs too much effort.  This waste of time and effort is far from ideal, but has been accepted among AML professionals as a necessary burden because among the dozens or hundreds of false positives, there may be a true match that must be identified.




False negatives are the opposite of false positives.  They are results mistakenly indicating that there is no match, when in fact there is.  The danger of false negatives is two-fold; first, since these matches don’t trigger any results you have no idea how much information you are missing, and second, this information is never reviewed since no one knows it even exists.  This is the stuff that should make compliance managers, regulators and executives really nervous.  What can be done to mitigate this risk?

There are three main causes of missing relevant information:


  1. System Shortcomings– the technology or algorithms used are not tuned to identify the relevant information


  1. User Error– end users are either not properly trained on system use, or enter information incorrectly


  1. Lack of Data– the universe of information being searched does not contain the relevant data


Each of the above issues pose their own unique and complex challenges.  System shortcomings is the area that garners the most attention, effort and budget.  User error issues are often thought to be resolved through training, but unfortunately many AML systems are not designed to operate easily and consistently.  The third issue, Lack of Data, is one that draws the least attention of AML managers, auditors and regulators.  It is time that changed.

Information, especially publicly available information, is growing at an extremely rapid pace and to identify risk relevant information, the AML industry still relies on techniques and systems put in place close to 15 years ago.  This is a big problem.

One of our core beliefs at TransparINT, gained from decades in the industry actually performing AML work, is that existing methods used to identify negative news, financial crime, and reputational risk information are not effective.  This lack of effectiveness leads to compliance failures.

If you are interested in learning more about the shortcomings of some AML traditional practices, feel free to check out some of our previous posts highlighting the identified gaps.


You Are Missing Information: Searching for Johnny Walker

How “Risk Intelligence” Databases Work (…and Don’t Work)

White Paper: Know Your Customer Screening for Negative News, There is Now a Better Way!


Happy April 1st!!!

Posted by & filed under AML General.

blogWhen I first got into the AML field, I remember having a very hard time finding industry related information that resonated with the work I was tasked to perform everyday.  There was no shortage of articles about the updated Wolfsberg 16th Directive on International Standards (not a real thing), but few people were talking about the practical side of performing the work that the vast majority AML and KYC professionals faced daily.

Luckily, as the industry has grown there are now more professionals willing to share their experiences and views on accepted practices drawn from years in the field.  Below is a list of five new blogs, all active less than a year, from industry insiders that are worth reading for anyone who works or manages professionals in the AML and financial crime compliance field.


5 New AML Bloggers You Should Be Checking Out:


Nick Guest Director of Risk and Operations at Cypress Resources

Nick Guest is the Director of Risk and Operations at Cypress Resources in Birmingham, Alabama.  His articles are an excellent mix of general principles and actionable best practices.


Leonard Shaefer Founder and Principal of Onomastic Resources

Leonard Shaefer is the Founder and Principal of Onomastic Resources, a consultancy specializing in name screening and processing for AML.  He was also a former Chief Scientist for Global Name Recognition at IBM.  The amount of detailed information regarding naming conventions for different cultures is a must read for anyone who takes name screening or due diligence seriously.


Frank Ewing Partner & Assistant General Counsel at Gabriel Partners, LLC

Frank Ewing is Partner and Assistant General Counsel at AML consulting firm Gabriel Partners, LLC.  Frank has seen the field from many different vantage points, and his articles have a heavy focus on the human element of AML work, which is probably the least talked about part of the job.


Ravon Taylor III & Theo Griffin Managing Partners at Taylor Griffin & Associates AML Solutions

Ravon Taylor III and Theo Griffin are both Managing Partner at Taylor Griffin & Associates AML Solutions and write for its blog.  It is clear from their posts that both are writing from a place of deep firsthand experience of AML issues ranging from consulting to SAR filing.


Keith Furst Founder & Financial Crimes Technology Consultant at Data Derivatives

Keith Furst is a Founder and Financial Crimes Technology Consultant at Data Derivatives.  More technologically focused than the other blogs, Keith puts forward some excellent ideas on using data to close many of the gaps in current AML processes.


Please note, the above blogs are being shared for informational purposes only.  TransparINT, LLC does not have a financial interest with any of the above individuals or companies.


Posted by & filed under AML Presentations, Research & Investigation.

In a previous post, we provided six free PowerPoint templates to help with AML presentations and visualizations.  While PowerPoint can be a very useful visualization tool, it falls short when there is a need to find relationships in larger data sets.  Luckily, there is an open source JavaScript library, D3.js, created specifically for producing data-driven dynamic and interactive visualizations.

If you take a look at the D3 gallery, you will quickly see how powerful of a tool it can be; the downside is that there is a fairly steep learning curve to get up and running for anyone without technical experience.

This is why we have put together the below files and instructions to allow anyone with the ability to cut and paste to create useful link analysis charts.  Below are the only requirements for this exercise.

  • Microsoft Excel
  • Text Editor (such as Notepad)
  • Modern Browser (basically anything after IE8)


Example Link Analysis Graph:



The most common use for link analysis charts in AML is to map relationships from transactional data.  For this example, we are going to assume that we have a transaction spreadsheet with a column for originators and a column for beneficiaries.

Before we get started, click here for a demo to see what what the finished product will look like.


Step 1: Format the data

csv_formatIn order for our D3 script to render the chart, we have to format the data in the correct way.  Attached is an Excel file that we created to help you do that.

First, you need to copy the column of originators from your transaction spreadsheet and paste them in the ‘source’ column.  Next, you need to copy the column of beneficiaries and paste them into the ‘target’ column.  Finally, starting at cell ‘C1’ you need to drag the formatting down to the last line of names.

This will create a properly structured comma separated value (CSV) list of names.


Step 2: Create the data file

Once you complete the above, open a text editor (e.g. Notepad) and paste everything from column C into the file. Save the file with the name of your choosing; just make sure it is saved as a .csv file.

This is an example of exactly how the file should be formatted.


Step 3: Link the data file to the graph file

Attached is also a file containing the D3 script to actually create the graph.  Now that the data is formatted properly, we have to adjust the file’s code to grab the data from our newly created CSV file.

This file might look intimidating, but don’t worry, there is only one line that needs to be edited.  Open the ‘graph-file.html’ file and edit the below line to replace ‘’ with the path where you saved your CSV file.  Save this file to your computer.



Please note, by default your computer may open this file automatically with your web browser. To edit the file, you will need to open it with a text editor though. You can accomplish this by right-clicking on it to open it with Notepad or any other text editor.


Step 4: Open graph file in your browser

Now just open the ‘graph-file.html’ file with your favorite browser and enjoy!  Your data should be rendered similar to this demo.


Link Analysis Files:

The attached zip file (Link_Chart_Files) contains the below:

  1. data-formater.xlxs – Excel file to help format data
  2. data.csv – Sample of properly formated data
  3. graph-file.html – Script to grab data and create link graph
  4. d3.v3.min.js – The graph file is set up to pull the D3 file over the web, but if your browser restricts this, the full D3.js file and be saved locally and linked



While this may seem like a lot of steps at first, once you have an understanding of the above you will be able to map out complex relationships within minutes.  This is also the very tip of the iceberg of what is possible with D3.  For example, this chart could be enhanced with transaction value labels over the links or by adding a search functionality.  Below is a list of additional resources for anyone who wants to explore these possibilies.

Additional References