The GANfather: Using Malicious GenAI Agents to Combat Money Laundering
Digital systems have become deeply integrated into many aspects of modern life, particularly within the financial sector. While digital banking simplifies day-to-day operations for clients, it also creates new opportunities for malicious actors to exploit these systems. As a result, money laundering has grown particularly prevalent due to this digital expansion.
Banks are required to monitor for money laundering activities and issue alerts when suspicious transactions are detected. Typically, monitoring is performed by rules-based legacy systems. A better approach would be to use Machine Learning models, but these usually require labeled data to train, which are mostly unavailable in this use case.
To tackle this problem, we employ advanced Generative AI (GenAI) techniques to generate synthetic data that simulates realistic money laundering activities. These synthetic examples help us identify vulnerabilities and strengthen the defense mechanisms used by banks and other financial institutions
In this blog post, we will explore the method developed by Feedzai, which leverages GenAI to tackle the challenges of detecting and preventing money laundering in today’s digital landscape. This blog post is the first of a series dedicated to the work done on GenAI by Feedzai Research in the last few years.
Problem Statement
First, let’s briefly introduce the concepts behind money laundering and the difficulties that banks face when trying to prevent it.
Money laundering is the process of concealing the origins of illegally obtained funds. Criminals cannot directly spend “dirty” money without risking exposure of their illegal activities. Therefore, they want to disguise the origins of funds before using them.
Money laundering typically involves three stages:
- Placement: the money is introduced into the financial system, often in small amounts spread across various banks.
- Layering: the money launderer moves the funds through a series of transactions, typically across multiple financial institutions and jurisdictions, to obscure the money’s origin.
- Integration: the “cleaned” money is reintroduced into the legitimate economy, where it can be safely used by criminals.
Our work focuses on the layering stage.
Detecting money laundering is particularly challenging because each bank has a limited view of the entire financial system (see figure below). Banks can only monitor transactions in which at least one of the accounts involved is an internal account (green edges). Money launderers exploit this limitation by moving funds between different banks, ensuring each institution has minimal information. As such, the transactions most indicative of the layering process often occur between accounts of different institutions (bold green edges).
We can represent these in-and-out transactions from a single bank’s perspective as a directed tripartite graph. In this graph, external source accounts transfer money to internal middle accounts, which then pass the funds to external destination accounts, creating a flow of money through the bank.
Banks are required to monitor for money laundering activities and issue alerts when suspicious transactions are detected. If they don’t comply, they can receive substantial fines from regulatory agencies.
Typically, monitoring is done by encoding the domain knowledge of experts in the form of rules that capture known patterns of money laundering. These rules often focus on individual accounts and trigger when certain thresholds are exceeded within a specific time frame, such as “total amount sent in a month” or “number of transactions in a day”, or based on location information. However, this approach often results in low detection rates and a high number of false positives.
Machine Learning models offer a different option, but these usually require labeled data to train, which is usually unavailable, incomplete, or very expensive.
The GANfather
To overcome this limitation, we leveraged GenAI to develop “The GANfather”, a method to generate examples of illicit activity and train effective detection systems without the need for labeled data. Additionally, if an existing detection system is already in place, our method can identify its weaknesses while simultaneously training a complementary detection system to protect against such attacks.
We build upon a Generative Adversarial Network (GAN) by incorporating an optimisation objective and, optionally, a pre-existing detection system. The generator creates synthetic examples of suspicious financial activity. These examples are then used to train the discriminator to identify patterns of money laundering, even without labeled datasets.
Data representation
To effectively generate and detect suspicious money flows, we first need to represent the transactional data in a structured format.
Transactional data is usually represented as a table where each row corresponds to a transaction with several features. However, for the purpose of detecting money flows, we conceptualize them as a directed tripartite graph. This graph can be represented as a 3D tensor: the first dimension corresponds to internal accounts, the second to external accounts, and the third to the time window of the transactions, discretized into time units. Each cell in this tensor contains the sum of amounts transferred between the corresponding pair of accounts, during the corresponding time window.
Due to the nature of transactions, most cells in the tensor will be empty, which is not very efficient from a computational point of view. However, this representation offers a fixed-size input and output for our models, allowing us to use dense or convolutional layers in our neural networks, avoiding the complexity of recurrent layers.
Generator
With the data representation established, the next step is to generate synthetic transactional data.
This process is similar to the original GAN framework, in which a deep neural network receives a random noise vector as input and produces data in the specified format. However, unlike traditional GANs, our generator is guided by feedback from three distinct components, as shown in the figure below:
- Discriminator: makes the generated data more realistic, closer to real data.
- Optimisation objective: encourages the generator to produce patterns that mimic money laundering behavior.
- Alert system (optional): helps the generator avoid creating patterns that would trigger an alert.
We will now describe each of these components in more detail.
Optimisation objective
Using the generator described above, we can create data in the intended format. But how do we teach the generator to create examples that mimic money flow patterns? To achieve this, we fall back on domain knowledge. We know that money laundering flows are typically characterized by large and similar amounts of money going in and out of the internal accounts.
To describe this behavior, we define the objective function as the geometric mean of the total amount of incoming and outgoing money per generated account. This simple formula naturally encourages the generator to increase the volumes of money being transferred, while maintaining a balance between incoming and outgoing totals.
Discriminator
A potential issue with the aforementioned objective is that it is unbounded, allowing the generator to increase amounts indefinitely, resulting in unrealistic data. To prevent this, we incorporate the feedback from the discriminator.
The discriminator is another deep neural network, similar to the generator, that evaluates examples and produces a score indicating the likelihood of each being real or synthetic. This component not only refines the training of the generator, making the synthetic data more realistic, but it is also useful itself. Since the real data primarily consists of legitimate activity and the synthetic data mimics money laundering behavior, the discriminator can be used as a detection system for illicit activity.
Alert System
Financial institutions often have systems in place to flag some suspicious patterns of money laundering. Usually this alert system is based on rules, like “every transaction above ten thousand dollars needs to be reviewed”.
If we pass the feedback of the alert system to the generator, it can learn to create examples that bypass the existing system. This approach helps identify vulnerabilities in the current systems and generates examples of money-flow behaviors that go undetected. Furthermore, since the discriminator model learns to detect these synthetic examples, it can serve as a complement to the existing alert system, improving overall detection.
Complete architecture
To summarize, the GANfather architecture consists of:
- a generator that produces synthetic examples mimicking money laundering activity;
- a money flow objective that guides the generator to create realistic money flows;
- a discriminator that distinguishes between real and synthetic data, forming the basis of a new detection system;
- (optionally) an alert system that ensures the generated examples bypass existing detection rules, helping to identify potential gaps in current systems
Experiments and Results
Dataset
We use a real-world dataset of financial transactions, containing approximately 200,000 transactions between 100,000 unique accounts over 10 months. Some accounts are labeled as suspicious of money laundering. We built a real test set of 5,000 accounts, 184 of which are labeled positive.
The dataset includes a limited set of features: source account, target account, transferred amount, and timestamp of the transaction.
Comparison between real and generated data
First, we compare the distributions of real and generated data. Because we include the money flow objective in the loss of the generator, we expect a larger volume of money being transferred in the synthetic examples. The following figure shows the distributions of different volume-related metrics.
Looking at the distribution of the total amount of money flowing through the internal accounts (left panel), we see that generated accounts move much larger volumes of money than real ones. However, the center panel shows that the generator is approximating the range of the real distribution of amounts per transaction quite well. This is probably to avoid triggering rules that capture large amount transactions. Instead, the generated accounts are able to transfer more money by increasing the number of transactions significantly, when compared to the real data (right panel).
Detection performance
We generate a dataset of synthetic transactions using different pre-trained generators to increase variety. Then, we train a new discriminator to distinguish between real (unlabeled) data and synthetic examples of suspicious activity. Finally, we evaluate this discriminator using the test set with real transactions and real labels.
We compare the performance of a set of standard anti-money laundering rules against this discriminator. For a fair comparison, we adjust the model’s threshold to match the alert rate of the rules, ensuring both systems predict the same number of positive cases. We see that the model outperforms the rules in detecting suspicious transactions, even though it was trained using only generated data as positive examples.
Next, we simulate a combined detection system that triggers an alert if either the rules or the model detects suspicious activity. The results show minimal overlap between the alerts and true positives identified by the two methods, suggesting that the model captures different patterns of suspicious behavior compared to the rules. This is expected, given that the generator was trained specifically to create examples that evade the rule-based system, leading the discriminator to identify distinct patterns.
In conclusion, the discriminator effectively complements the rule-based system, resulting in a combined approach that significantly improves the detection of money laundering activities.
Conclusion
In this blog post, we introduced a method leveraging GenAI to generate synthetic data that simulates realistic money laundering activities. This data can be used to train Machine Learning models to detect money laundering without requiring labeled data.
Our approach involves training a generator to produce examples that mimic money laundering behavior, guided by an optimization function integrated into its loss. This synthetic data is then used to train a discriminator, which learns to distinguish between real (mostly legitimate) behavior and synthetic suspicious behavior.
Our results demonstrate that, when tested on a real test set with real labels, the discriminator outperforms traditional rule-based systems in predictive accuracy and can also serve as an effective complement to them. For a more detailed explanation about our method or our experiments, please refer to the full paper.