It for fiu The Internet as a tool for financial intelligence units

Presenter :Yosi Margalit, IMPA – FIU IsraelSEP 2011 Tbilisi, Georgia

Crime detection methods in electronic financial

transactions Ssolutions for

Financial Intelligence Unit

Chain of AML and ATF Attack

Information Technology for FIU - Tbilisi Georgia

3

Computing Center Architecture

FIU Systems Architecture(IMPA Concept)

WINDOWS 2000

UNIX Oracle

Collectionnetwork

WINDOWS 2000

UNIX Oracle

Reserchnetwork

EGAP

Ministry of justicenetwork

File system

Email

Internet

ReportingInstitute

workstations

workstations

workstations

5

Reporters

•Banks

•Trustees

•Insurers

•Stock Brokers

•Portfolio Managers

•Benevolent Funds

•Financial Services

•Post Bank

•Customs

Customers

•Police CID

•GSA

•Regukators

•FIU

Archive

Reserc

h &

An

aly

sis

Temp Files

Svivot (Link and Time Line Analysis)

MS Tools

Tables

Files

Media

Tables

Files

Media

Scanning Actimize (A.M.L)

Data

-En

try /

Dis

sem

inati

on

Oracle 9i Tools

Workflow

Authentication

Report Validation

Government

•Population Register

• Registries e.g., Companies, Vehicles, Real-Estate

Virtual Information Flow

6

• Provision of an Integrated Information Processing System which shall enable controlled flow of information and) processing of intelligence.

• Provision of an effective and secure CTRs and UARs ( ~ STR) collection system for all levels of Reporters.

• Provision of timely ITR / FTR input and insertion facility.• Monitoring reporting practices and support of regulators in

enforcement of compliance. • Strict enforcement of internal and external compartmentalized

Information Security policy based on the Need to Know.• Provision of secure channels for dissemination of Financial

Intelligence reports to designated Law Enforcement agencies in Israel.

• Secure access for collaboration with other FIUs FIU.Net and EGMONT VPN.

Objectives of the IMPA IT B&W Project

7

Objectives of the Project (continued 2)

• Provision of access and query tools to external information resources for enrichment of ITRs / STRs data.

• Provision of preliminary semi-automatic assessment and evaluation tools, to enable creation and assignment of research tasks.

• Provision of workflow and case management and research tools e.g., • Link Analysis and inferred networks graphical presentation

• Detection, Analysis and presentation of logical entities affiliated corporations / organizations and physical entities

• Activities analysis and Correlations tool Time line graphic presentation

• Case scoring and weighing analytical tool

• ML and TF “typology” and pattern recognition tool

8

Analysis, Evaluation and Research Toolbox

• Entity File (Physical and Virtual Entity)

• Automatic Enrichment functions

• Monitored Entities lists management • Sources and targets of FTRs

• Officers in incorporated entities

• Profiling and analysis of financial activities

• Computer based analysis workflow framework

• Contextual text analysis (Taxonomy) • Names analysis and retrieval tools

• Keywords Thesaurus and “Knowledge tree”

9

Collection of Reports (1)

• CTRs are submitted on optical or magnetic detachable media.

• SARs are to be submitted in print and voluntarily as MS WORD files on optical or magnetic detachable media.

• Null reports are required from all registered financial institutions.

FINTRAC VISIT TO IMPA JAN 200710

Collection of Reports (2)

• CTRs from Money Services Providers are filed in print and submitted by hand or Fax.

• Reports on magnetic or optical media are subject to malware examination, than subject to source authentication, compliance to file structures and data validity test. (e.g., in KYC info-file full compliance with obligatory content, ID # validity)

• Discrepancy reports are prepared automatically and are processed by the relevant Collection Officer.

• Failure to submit reports regularly or frequent submission of erroneous or partial information is noted in a periodic “Non Compliance Report” which is processed by the relevant Collection

Officer in coordination with the Regulators.


Computer supported Information Processing of SAR

• Collation of involved persons and legal entities with existing records in IMPA Database and Alert to “Hits”.

• Match tests of SAR entities with lists of “Watched Persons” (e.g., Police, GSA, FIU, DEA_USA) – Alert generation.

• Individual SAR content analysis by Actimize (Rule based Engine)

• Analysis by Actimize of new SAR in view of previous activities reported in SARs and/or CTRs linked via accounts and/or entities involved. – Alert Generation.

• Review of SARs which were assigned “Alert Notice” by a human analyst, evaluation and decision about further processing

• SARs which have not raised alerts are Kept in View or “closed” (“no case”) by Senior Analyst.

LINKS INFERENCE and

Graphical Presentation Engine

Contextor by Svivot Ltd.

Actimize

Rules based Reports analysis, scoring and Alert

System


Intelligence Dissemination

• Intel Reports are initiated following:– Request for Information by Police / GSA / FIU– Internal Evaluation of accumulated Intelligence (Processed, collated,

analyzed information)

• Case Analyst prepares a preliminary case file analysis and evaluation / report for consideration by Director of Research and Evaluation .

• Criteria for initiation of Intelligence Report (IR)• IR Formation

Computer based Templates (IMPA report) tuned with GSA / CID requirements and IT systems

• IR Distribution Authorization Workflow• IRs assessment by GSA and Police CID


Computing Platform Architecture

State of Israel


Information Security

Access Control Identification and Authentication IMPA Personnel Reporters

Reporters’ Data Comm.: VPN Internet Compartmentalization “Hardening” of IT computing base Use of Digital Signature / Biometric ID Monitoring and Security related events Log

Analysis Users profiling and usage monitoring

State of Israel


Where is IMPA IT heading?

• Submission of CTR \ UAR via VPN • Design and development of Scoring and weighing

Software “Engine” for screening of CTRs and UARs pre and post collation.

• Selection and integration of advanced text search and retrieval engine for multi lingual and cultural names checks.

• Integration of Statistical Inference and Pattern Recognition Engine (e.g. SPSS Clementine)

Data CollectionData-entry, verification,

filtering and storage

Data-entry, verification, validation, filtering and storage Of Financial Reports

and complimentary official and public information

: I.T. Potentials:Moderator: Joseph (Yosi) Margalit

Data Sources Overview • Financial Transactions Reports (FTR)• Currency Transactions Report (CTR)• Suspicious (Irregular) Activities Report

(SAR)• Enrichment resources and validation

from government’s databases• Requests for Information by Law

Enforcement Entities (RFIG)• Request for Information (RFI_FIU)• Public Databases• Internet information collection

Financial Transactions Reports (FTR)

• Delivery Methods Internet VPN On-Line Transmission of batch of files via Internet VPN (e-

Mail attachment) Direct secure Broadband (ADSL) Wide Area

Network (WAN) DVD / CD_ROM Records Files

• Identification and Authentication of Reports • International Electronic Financial

Transactions – Require copy of ORIGINAL SWIFT or Alternative

Records! • Internal FIU System Data-entry, verification

and data validation, • Filtering and storage Of FTR

– Formatting of records in Database– Detecting and handling of faulty reports and

Discrepancies

Suspicious (Irregular) Activities Report (SAR) part 1

• Formatting SAR – Need for strict uniform report structure in reporting

CAMLMAC guidelines– Main Reasons for reporting (structured menu based on

items in the AML Law) (2 to 3 selections)– Secondary classification of suspicion (groups of

statements pertaining to Main Reason selected. (5-10 for each main Reason)

– Standard format for Natural and legal persons involved with link to inland account information (if relevant) (Same as in STR)

– Standard format for each single transaction reported (Same as in STR)

– Standard format for “off shore” (foreign country) Account (as in STR)

Suspicious (Irregular) Activities Report (SAR) part 2

• The Narrative part– Free text in 3 designated parts:

• Expansion of reason for suspicion • Principal persons involved and their roles in

the reported case (Must be listed in the previous section of persons involved with all information required by AML law in “Know Your Customer” section)

• Chronological development of the case Free Text

Identification and Authenticationof Reporters and Reports

• False and misleading reports are UNWANTED!

• All Reporters must be registered by their legal Regulators, prior to access to CAMLMAC reporting facilities.

• Each Reporter must nominate one or several AML Compliance Officers (AMLCO), a Natural Persons who are authorized to sign and deliver SAR / STR

• Each AMLCO is issued a “smart card” and a PKI token (in Israel the Fingerprint replaces PIN) with which all reports are signed and encrypted (RSA method), before submission to CAMLMAC

Enrichment and Validation from

official databases

• Persons validation and enrichment– Population Registers Queries (Locals and

foreign residents)

• ID number match name reported?• Immediate family circle• Legal Entities Registers (e.g., companies,

societies)

25Information Technology for FIU -

Tbilisi Georgia

Prioritizing CTR ’s and other reported indicators of suspicion

in

Suspicious Transactions Report STR

andLarge Value Transactions Reports

LVTPresented by

Yehuda Shaffer AdvocateHead of IMPA

In this presentation:

• Terms • Overview of IMPA’s sources of

information• IMPA’s Challenges and Goals of Research

and Analysis• Types of Analysis and its flow• The Basis for prioritizing and evaluation• Structural Requirements• IMPA’s Rules for alerts and prioritization• Overview of Software Packages for

analysis, prioritization and evaluation support

IMPA - Israel Money Laundering and Terror Financing Prohibition Authority

Established 2002Established 2002

450,000450,000 CTRs, 5,500 STRs per yearCTRs, 5,500 STRs per year

Staff of 25, 5M$ IT BudgetStaff of 25, 5M$ IT Budget

200200 reports disseminated per yearreports disseminated per year

2020 AML CFT indictments per yearAML CFT indictments per year

IMPAIMPA

TERMS

• SAR = Irregular Activities Reports• LVT (CTR) Large Volume, Cash and other

above threshold transactions reported by FI s

• "Logical Entity” = a group of entities (physical, incorporated or non registered group of entities) collated by analyst or associated by inference from shared attributes e.g., flow of financial activities, or address, phone, account, business, recurrent sequence of events on a time line

IMPA ’s Access to further information

• Official Central and Regional Government Resources e.g.,Population Register (Incl.

visitors and alien residents) Legal Entities RegistersVehicles RegistrationTelecom Directories Judicial Processes Records

(e.g., Courts Process and General Prosecution, criminal records, civil cases)

• Business Intelligence Resources

• Electronic (Internet) Mass Media

• Law Enforcement Agencies e.g., (Police, Customs, Inland Security)

• FIU ‘s

Insurance companies and agents

Banks

IMPA

Currencyservice

providers

Stock brokersProvident funds

ISA Foreign FIU’s

Police

Other Gov. and Private databases

Customs

Portfolio managers

Tax

IMPA’s INFORMATION SOURCES

How is the additional information used in the

Analytical process

• Entities identification and Validation of Reports

• Enrichment of reported data• Detection of suspicious

discrepancies in “entity profiles” • Linkage detection and Analysis

The Challenges

• Huge amount of information that the technologies will need to handle

• Dealing with the rapidly arriving and changing information

• Limited number of Human Analysts

The Goals

Develop real-time streaming algorithms to:

• Track information • Detect patterns and relationships even

among persons who try to hide their identities

• Perform preliminary evaluation of information

• Prioritize reported or detected “Cases” • Enrich and allocate High Priority Cases to

Human Evaluators

Types of analysis undertaken

• data mining (Enrichment) • Operational / tactical (Case

Management• Statistical (Trends, deviations) • Strategic (Sector \ Modus Operandi)

The basis for evaluating and prioritizing

Large Volume Transactions Reports

• Most reported LVT activities are legitimate business and personal financial activities

• Most LVT’s which form part of Money Laundering or Terror Funding acts have recognizable patterns

• Most persons involved in ML / TF are linked directly of indirectly and have some detectable characteristics

The basis and approach to Evaluation of Reported or Identified ( IAR (SAR \

IAR) • Most reported IAR activities contain

insufficient details to serve as grounds for criminal suspicion

• Enrichment from other available resources may support need for further investigation

• Collation of an IAR with information in the national LVT and IAR database may support need for further investigation

I.T. based solutions

and human involvement

“Technology enables us to analyze a lot of information quickly and get access quickly, but the human element is important here.” USA Homeland Security Secretary Michael Chertoff

IAR (SAR) Structural Requirements

• The report must be structured in a standard manner to enable machine dependent filtering and evaluation.

Audit and Validation of Reports

• Each Report must be audited on delivery to FIU,

• ID Data must be validated by use of methods and against government information resources

• Erroneous or incomplete reports must be returned for removal of discrepancies by the reporter’s Compliance Officer.

Stages of Analysis

when to start, continue or stop • Preliminary filtering of individual

(SAR) – Basic rules for “go ahead”, Keep In

View (KIV) or file unprocessed– Filtering structured parts and of “free

text” sections initial automatic assessment of individual report

– Collation of reported elements with FlU's database and assessment of accumulated information

Basic rules for “go ahead”, Keep In View (KIV) or report \ record

unprocessed• תרגום יוסי 2005 יולי 24טבלה ACTIMIZE דורי

2005 יולי 24 .doc

Recent Rules to Detect and Alert FINCEN guideline for small FI

• Use of accounts directly for, or on behalf of named non regulated banks e.g., VEF Banka and Commercial Bank of Syria, including its subsidiary, Syrian Lebanese Commercial Bank;

• Correspondent accounts transactions in order to prohibit indirect use by non regulated named banks.

• Provision of financial services to senior regime elements engaged in illicit activities in named countries (e.g., Belarusian)

• Correspondent Accounts of Unregulated Foreign Shell Banks

• Private Banking Accounts of "senior foreign political figure” (Review public information, including information available in Internet databases, to determine whether any "private banking" account holders are "senior foreign political figures."

Red flags of possible money laundering or terrorist financing

FINCEN guideline for small FI

• IARs and CTRs that lack business sense or apparent investment strategy,

• A reported transactions are inconsistent with the stated business or strategy of account holders or actors in it.

• The information provided by the customer that identifies a legitimate source for funds is false, misleading, or substantially incorrect or incomplete

Red flags ii

of possible money laundering or terrorist financing• The Account Holder (or a person publicly

associated with the Account) has a questionable background or is the subject of reports indicating possible criminal, civil, or regulatory violations

• The reported activities of a person exhibit a lack of concern regarding risks, commissions, or other transaction costs.

• A person is reported to attempt to or make frequent or large deposits of currency, insists on dealing only in cash, or asks for exemptions from the firm's policies relating to the deposit of cash

Analytical software packages

• Types of “EXPERT Analytical SYSTEMS” – Rules’ Based software engines ACTIMIZE – Query Tool (SQL search by Boolean formulae

e.g., Oracle Discoverer)– Compound Statistical Analysis Tools (e.g.,

SPSS Clementine, SAS Anti-Money Laundering – risk-based monitoring and alert system )

– Artificial Intelligence programs (e.g., Prologue based)

LexisNexis® anti-money laundering

I.T. based investigations tools• “One-stop solution” for anti-money laundering investigations and due diligence.

• Timesaving features:• SmartLinx™ uncovers and verifies connections

among 1.6 billion public records documents and delivers the results to you in single comprehensive report.

• LexisNexis® Sounds Like Search seeks out phonetic matches and nicknames and ranks results based on how closely they match your search.

• No mandatory search fields means you have the flexibility to start your search right away with whatever you have – a name, address, etc. – and be confident you are following every avenue.

I.T. based investigations

tools

ANTI-MONEY LUNDERING examples

I.T. based investigations tools ANTI-MONEY LAUNDERING examples

• Industry-proven scenario libraries that provide comprehensive coverage of indicative money laundering behaviors

• High Risk Geographies and Entities: Monitor activity involving high risk entities or geographies, including OFAC and SDN lists.

• Hidden Relationships: Reveal previously unknown relationships that could be indicative of efforts to launder funds.

• Anomalies in Behavior: Address sudden significant changes in transaction activity of an account.

• Money Laundering Behaviors: attempts to structure, patterns of activity in similar accounts, etc.

• Institutional Behaviors: Identify money laundering activity specific to institutional clients and accounts.

SYFACT® Investigator flexible, web-based case management

• Automated SAR FilingFiling Suspicious Activity Reports is a highly detail oriented and time sensitive function of any case management solution. SYFACT®Investigator streamlines this critical component by allowing investigators to generate the Suspicious Activity Reports (SAR) form directly from the application, saving time and ensuring a higher level of accuracy of the completed form.

• Data SegmentationSYFACT®Investigator is a unified case management solution, sharing one centralized database that allows data segmentation and separate workflows for each of the various functional areas who would be using it. The level of data sharing is configurable from revealing all case details, only the very basics, or perhaps nothing. Data segments can be based on organizational responsibility, geographical region, or functional business area.

• Information SharingInformation sharing capabilities within SYFACT®Investigator allow investigative units to segregate data and share information in a controlled environment. The collaboration model can be configured based on the organizational roles and regulatory requirements. It can also be used to support additional requirements such as regional oversight providing a broader view of all investigations.

• Flexible ReportingWith the integration of a flexible reporting engine, the reporting capabilities are almost unlimited. Reports can be launched from anywhere in SYFACT®Investigator including pre-defined reports. Customers can change these reports, or simply define additional lists, metrics and forms. SYFACT®Investigator also has semantic layers for popular third-party business reporting tools to generate flexible operational and strategic management reports and statistics.

• Graphical AnalysisSYFACT®Investigator generates interactive graphical networks of a case and presents a visualization of relations between persons, companies, bank accounts, addresses, and other objects. These relations between suspects can be researched up to '99 levels' deep without manually creating or drawing these often complex networks.

• Powerful workflow control Workflow features support the approval, sign-off, and review processes of every case. Each transition from one workflow state can be made available only to specific users, roles, or user groups based on the investigation type.Graphical workflow features combine process control with authorization rights in which multi-level approval cycles can be configured.

• Definition of the steps to be completed, and tasks to be executed, before an investigation can progress to the next phase.

• Searchable AttachmentsAny file or digital document, can be attached to a case. Includes digitized checks, digital photos, email messages, surveillance films, Word and Excel documents, scanned correspondence, etc. In addition, both attachments and most text contained within those attachments are fully searchable. Versatile search features also allow users to refine their searches by selecting additional criteria from application specific drop down menus, "wild card" or "sound like" queries.

• Case Assignments Investigations can be assigned to staff and management depending on criteria e.g., experience level, workload, type of case, or other criteria. A dashboard is provided to monitor critical elements such as case aging, due dates, and time management.

• Case Linking Internal matching engine SYFACT®Investigator helps investigators decide whether a person, company, bank account, address, or other entity already exists in your database linking cases automatically. The matching engines use powerful and configurable algorithms that eliminate redundancies that can disrupt or delay investigations.

Advanced IT solution for Mining Open Sources

for eenrichment of FIU

Databank

Presenter: Yosi Margalit, IMPA – FIU IsraelSEP 2011 Tbilisi, Georgia

The Topics

• Internet Mining Tools and technologies • Mapping of Data Mines: e.g., Social Networks

(LinkedIn, Facebook), Electronic Media, search “In depths of the hidden Internet”

• ARIS – Assets Recovery Project Basel Governance

• Multiple search Engines • Statistical tools – Transactions Pattern

recognition (Use of conventional Statistical software)

• Text Mining • Trans-cultural names detection and processing

software• Entity Extraction and “Free Text” processing


Tbilisi Georgia

Internet Mining Tools and technologies


Tbilisi Georgia

Mapping of the Internet Data resources

• Mines of links in Social Networks (LinkedIn, Facebook), • Electronic Media, • Search “In depths of the hidden Internet”

ARIS – Assets Recovery Project Basel Governance

ARIS is a tool that searches the internet and downloads documents on one or more targets (i.e., an individual or a company) fromThe public and deep internet, Analyzes these documents using Natural Language Processing (NLP) techniques Allows the user to interactively inspect the search

results and extracted information.The above figure illustrates a search performed by

ARIS on a technical level, as required for thesubsequent discussions of technical requirements

and security considerations.


Tbilisi Georgia

Multiple search Engines

What "Win Web Crawler“ will query all popular search engines, Receives from a user an expression (name of person, place, term or expression

e.g., “ALTALENA+ “Exodos” Extracts all matching URLs from search results, remove duplicate URLs, Visits those websites and extract data from there.

“Email Spider” - finds email addresses that are targeted by utilizing the Google and Yahoo search engines. Finds thousands of email addresses an hour, harvests "Starting Pages" from Google and Yahoo to find highly targeted email addresses!

Fastoise.com - Multiple Instant Search Engine. You can search directly on YAHOO!, YouTube, Bing, Twitter at the same time!

•


Tbilisi Georgia

58

"Spiders" take a Web page's content and create key search words that enable online users to find pages they're looking for.

Information Technology for FIU - Tbilisi Georgia

Benefits of conventional Statistical software

Transactions Pattern recognition

SAS Anti-Money Laundering - facilitates the critical task of suspicious activity monitoring using a risk-based approach. Applies advanced analytics and scenarios against an

institution's transactional data to identify suspicious behavior.

Once identified, the investigative function provides a seamless workflow that increases effectiveness and efficiency.

Predictive analytics solutions from SPSS Inc. (Used by FIU Poland)

– Build profiles of past account activity – Create peer groups of similar accounts – Identify when activities do not fall within the normal range for such profiles or peer

groups – Limit “false positives” by using risk-based weighting techniques – Pinpoint suspicious activity and take prompt and appropriate action


Tbilisi Georgia

Text Mining Challenges

Information overflow

Deep web

Unstructured data

Social network analysis

Multiple identities

Security


Tbilisi Georgia

Information Overflow

Number of Sites

Time2010200820062004200090th

Sites updated

periodically

RSS, News/port

al

Real time updates - WEB 3.0


Tbilisi Georgia

Designed for humans, not machines

Unable to understand context

Unable to differ between entities

Unable to understand connections

Blocks of texts

Unstructured Data


Tbilisi Georgia

Multiple Identities

No single “passport” or ID

Different screen names

Different identifiers

Variations on same identifier

Avatars*

Critical to Every Investigation


Tbilisi Georgia

Deep Web

Rich Internet application: Pages returned in response to a query or submission of a form. Difficult to navigate without domain knowledge.

Unlinked content: Pages not linked to other pages, preventing regular Web crawling programs from accessing the content

Private web: Sites requiring registration and login (password-protected resources)

Non-HTML / text content: Textual content encoded in multimedia (image or video) files or specific file formats not handled by a regular search engine

When we say Deep Web – we mean:


Tbilisi Georgia

Trans-cultural names detection and processing software

Identity UnificationName: Mood David

E-mail: [email protected]

Location: NJ USA

DOB: Jan 1973

Nickname: Moonlight78

E-mail: [email protected] Page: www.picassa.com/bm

Name: Mood David


Page: www.picassa.com/bm

Internal Entity ID: 789676

Name: Moon David


E-,ail2:[email protected]

Email3:[email protected]

Location: NJ USA

DOB: Jan 1973

Home Page: www.picassa.com/bm

Internal Databases

David Moon


Tbilisi Georgia

Entity Identity Analysis

Map multiple identities to one entity

Automatic recognition of an entity in different sites, spelling, language

View multiple identities in social network analysis, visualize links maps, etc.

Information organized into dynamic drill-down pages to view aggregated activity, statistical overviews, friends, sites, and conversations

Automatically search an entity in social networks and retrieve profile information and identifiers

Unified Identity Database


Tbilisi Georgia

Utilize social networks to expose connections and new leads

Gain insight into fields of interests

Aggregated social connections

Separated social circles

Social Network Analysis Convert the Power of Social Media into Actionable

Intelligence


Tbilisi Georgia

“Free Text” processing

Stemming

Translation

Search for name “independent of their name

spelling“

Translated search

Link related news across languages

Multi-Language Support


Tbilisi Georgia

Automatic alerts of predefined, suspicious behavior

Entity recognized in a new web site, group of

entities start to talk frequently with each

other

Found specific search term or Boolean

phrase

A bank account was entered

Specific field have changed – i.e.,: last login in a

FACEBOOK account.

Authorization system and full audit trail 71Information Technology for FIU -

Tbilisi Georgia

Putting it All Together

011-789456 022-123456

@

[email protected]@yahoo.com

@

[email protected]

om

Forum

[email protected]


Tbilisi Georgia

Dynamic Investigation Pages


Tbilisi Georgia

Enhanced workflow

Retrospective search of entire index

Concurrently handle hundreds of investigations

Create and share entities with other

investigators

Convert alerts into editable bulletins

Export data easily

Ensure optimal system performance

Security

Requirements Information

Management


Tbilisi Georgia

Open Sources data mining Security

• Requires– Appearing as any other

automated crawler (“bot”)

– No specific page visits– Simulation of human

behavior

Investigation Anonymity Malware Protection

Requires Decoupling of IT and

WEBINT systems Analysis performed on a

safe network


Tbilisi Georgia

Summary

Deep web harvesting, entering queries, user names, simulating human behavior.

Deep Web

Structuring data during the harvesting process and afterwards.

Structured Data

Visualization capabilities, scoring mechanisms, and text analytics filtering the “junk” from the relevant.

Information Overflow

Challenges Solution


Tbilisi Georgia

Summary

Recommendation systems, social circles, Aggregated social connections, etc.

Social Analysis

Unified Identity database with automatic and semi automatic unification

Multiple Identities

Anonymization, simulating human / bot behavior, Decupling of networksSecurity

Challenges Solution


Tbilisi Georgia

QUESTIONS?


Tbilisi Georgia

Yosi Margalit, Senior Strategic and IT Consultant Israeli Money Laundering and Terror Financing Prohibition Authority, [FIU ISRAEL ]

[email protected]; [email protected] Mobile: +972528804368


Tbilisi Georgia

It for fiu The Internet as a tool for financial intelligence units

Economy & Finance

reports analysis

engine analysis

link analysis

collection of reports

evaluation tools

preliminary case file

information case analyst

research tools