The GANfather: Using Malicious GenAI Agents to Combat Money Laundering

Published in

Feedzai Techblog

9 min read3 days ago

Digital systems have become deeply integrated into many aspects of modern life, particularly within the financial sector. While digital banking simplifies day-to-day operations for clients, it also creates new opportunities for malicious actors to exploit these systems. As a result, money laundering has grown particularly prevalent due to this digital expansion.

Banks are required to monitor for money laundering activities and issue alerts when suspicious transactions are detected. Typically, monitoring is performed by rules-based legacy systems. A better approach would be to use Machine Learning models, but these usually require labeled data to train, which are mostly unavailable in this use case.

To tackle this problem, we employ advanced Generative AI (GenAI) techniques to generate synthetic data that simulates realistic money laundering activities. These synthetic examples help us identify vulnerabilities and strengthen the defense mechanisms used by banks and other financial institutions

In this blog post, we will explore the method developed by Feedzai, which leverages GenAI to tackle the challenges of detecting and preventing money laundering in today’s digital landscape. This blog post is the first of a series dedicated to the work done on GenAI by Feedzai Research in the last few years.

Problem Statement

First, let’s briefly introduce the concepts behind money laundering and the difficulties that banks face when trying to prevent it.

Money laundering is the process of concealing the origins of illegally obtained funds. Criminals cannot directly spend “dirty” money without risking exposure of their illegal activities. Therefore, they want to disguise the origins of funds before using them.

Money laundering typically involves three stages:

Placement: the money is introduced into the financial system, often in small amounts spread across various banks.
Layering: the money launderer moves the funds through a series of transactions, typically across multiple financial institutions and jurisdictions, to obscure the money’s origin.
Integration: the “cleaned” money is reintroduced into the legitimate economy, where it can be safely used by criminals.

Our work focuses on the layering stage.

Detecting money laundering is particularly challenging because each bank has a limited view of the entire financial system (see figure below). Banks can only monitor transactions in which at least one of the accounts involved is an internal account (green edges). Money launderers exploit this limitation by moving funds between different banks, ensuring each institution has minimal information. As such, the transactions most indicative of the layering process often occur between accounts of different institutions (bold green edges).

A diagram depicting the bank’s view over the network of transactions. The bank has complete visibility of the internal internal accounts and their transactions. If this transactions are made to or from accounts outside of that bank, the bank may have some visibility as well. All transactions that happen between external accounts are not visible for the bank.

We can represent these in-and-out transactions from a single bank’s perspective as a directed tripartite graph. In this graph, external source accounts transfer money to internal middle accounts, which then pass the funds to external destination accounts, creating a flow of money through the bank.

A diagram depicting the tripartite representation. There is a set of external accounts making transactions to a set of internal accounts, which in turn make transactions to another set of external accounts.

Banks are required to monitor for money laundering activities and issue alerts when suspicious transactions are detected. If they don’t comply, they can receive substantial fines from regulatory agencies.

Typically, monitoring is done by encoding the domain knowledge of experts in the form of rules that capture known patterns of money laundering. These rules often focus on individual accounts and trigger when certain thresholds are exceeded within a specific time frame, such as “total amount sent in a month” or “number of transactions in a day”, or based on location information. However, this approach often results in low detection rates and a high number of false positives.

Machine Learning models offer a different option, but these usually require labeled data to train, which is usually unavailable, incomplete, or very expensive.

The GANfather

To overcome this limitation, we leveraged GenAI to develop “The GANfather”, a method to generate examples of illicit activity and train effective detection systems without the need for labeled data. Additionally, if an existing detection system is already in place, our method can identify its weaknesses while simultaneously training a complementary detection system to protect against such attacks.

A schematic representation of the components of the solution. There is a generator that creates examples of synthetic illicit activity. These examples, plus some unlabelled data, are used to train a money laundering detector. Optionally, the generator may receive feedback from a pre-existing detection system.

We build upon a Generative Adversarial Network (GAN) by incorporating an optimisation objective and, optionally, a pre-existing detection system. The generator creates synthetic examples of suspicious financial activity. These examples are then used to train the discriminator to identify patterns of money laundering, even without labeled datasets.

Data representation

To effectively generate and detect suspicious money flows, we first need to represent the transactional data in a structured format.

Transactional data is usually represented as a table where each row corresponds to a transaction with several features. However, for the purpose of detecting money flows, we conceptualize them as a directed tripartite graph. This graph can be represented as a 3D tensor: the first dimension corresponds to internal accounts, the second to external accounts, and the third to the time window of the transactions, discretized into time units. Each cell in this tensor contains the sum of amounts transferred between the corresponding pair of accounts, during the corresponding time window.

Diagram depicting transaction data in three formats: a table, a tripartite graph and a 3D tensor.

Due to the nature of transactions, most cells in the tensor will be empty, which is not very efficient from a computational point of view. However, this representation offers a fixed-size input and output for our models, allowing us to use dense or convolutional layers in our neural networks, avoiding the complexity of recurrent layers.

Generator

With the data representation established, the next step is to generate synthetic transactional data.

This process is similar to the original GAN framework, in which a deep neural network receives a random noise vector as input and produces data in the specified format. However, unlike traditional GANs, our generator is guided by feedback from three distinct components, as shown in the figure below:

Discriminator: makes the generated data more realistic, closer to real data.
Optimisation objective: encourages the generator to produce patterns that mimic money laundering behavior.
Alert system (optional): helps the generator avoid creating patterns that would trigger an alert.

Diagram depicting the training of the generator. It receives some random noise as input and outputs synthetic examples. This examples are then processed by a discriminator, an optimisation objective and optionally an alert system. These three components provide feedback in the form of a gradient to the generator.

We will now describe each of these components in more detail.

Optimisation objective

Using the generator described above, we can create data in the intended format. But how do we teach the generator to create examples that mimic money flow patterns? To achieve this, we fall back on domain knowledge. We know that money laundering flows are typically characterized by large and similar amounts of money going in and out of the internal accounts.

Diagram exemplifying how to compute the sum of amounts of incoming transactions and the sum of amounts of outgoing transactions, to or from internal accounts.

To describe this behavior, we define the objective function as the geometric mean of the total amount of incoming and outgoing money per generated account. This simple formula naturally encourages the generator to increase the volumes of money being transferred, while maintaining a balance between incoming and outgoing totals.

GIF showing the shape of z equals geometric mean of x and y in 3D space.

Discriminator

A potential issue with the aforementioned objective is that it is unbounded, allowing the generator to increase amounts indefinitely, resulting in unrealistic data. To prevent this, we incorporate the feedback from the discriminator.

The discriminator is another deep neural network, similar to the generator, that evaluates examples and produces a score indicating the likelihood of each being real or synthetic. This component not only refines the training of the generator, making the synthetic data more realistic, but it is also useful itself. Since the real data primarily consists of legitimate activity and the synthetic data mimics money laundering behavior, the discriminator can be used as a detection system for illicit activity.

Diagram depicting the training of the discriminator. It receives either real or synthetic examples and outputs its prediction of wether it is real or not.

Alert System

Financial institutions often have systems in place to flag some suspicious patterns of money laundering. Usually this alert system is based on rules, like “every transaction above ten thousand dollars needs to be reviewed”.

If we pass the feedback of the alert system to the generator, it can learn to create examples that bypass the existing system. This approach helps identify vulnerabilities in the current systems and generates examples of money-flow behaviors that go undetected. Furthermore, since the discriminator model learns to detect these synthetic examples, it can serve as a complement to the existing alert system, improving overall detection.

Diagram depicting three types of accounts: real legitimate, real malicious and generated. Then, two decision boundaries are shown: one from the pre-existing detection system, and one from the discriminator. The discriminator’s decision boundary is circling the generated accounts. The two decision boundaries don’t overlap.

Complete architecture

To summarize, the GANfather architecture consists of:

a generator that produces synthetic examples mimicking money laundering activity;
a money flow objective that guides the generator to create realistic money flows;
a discriminator that distinguishes between real and synthetic data, forming the basis of a new detection system;
(optionally) an alert system that ensures the generated examples bypass existing detection rules, helping to identify potential gaps in current systems

Diagram depicting how the different components of the complete solution interact with each other.

Experiments and Results

Dataset

We use a real-world dataset of financial transactions, containing approximately 200,000 transactions between 100,000 unique accounts over 10 months. Some accounts are labeled as suspicious of money laundering. We built a real test set of 5,000 accounts, 184 of which are labeled positive.

The dataset includes a limited set of features: source account, target account, transferred amount, and timestamp of the transaction.

Comparison between real and generated data

First, we compare the distributions of real and generated data. Because we include the money flow objective in the loss of the generator, we expect a larger volume of money being transferred in the synthetic examples. The following figure shows the distributions of different volume-related metrics.

Three panels, each with an histogram comparing statistics real and generated accounts. The first panel shows to that generated accounts move more money than real accounts. The second panel shows that the amount per transaction is similar for both types of accounts. The third panel shows that generated account make a larger number of transactions than real accounts.

Looking at the distribution of the total amount of money flowing through the internal accounts (left panel), we see that generated accounts move much larger volumes of money than real ones. However, the center panel shows that the generator is approximating the range of the real distribution of amounts per transaction quite well. This is probably to avoid triggering rules that capture large amount transactions. Instead, the generated accounts are able to transfer more money by increasing the number of transactions significantly, when compared to the real data (right panel).

Detection performance

We generate a dataset of synthetic transactions using different pre-trained generators to increase variety. Then, we train a new discriminator to distinguish between real (unlabeled) data and synthetic examples of suspicious activity. Finally, we evaluate this discriminator using the test set with real transactions and real labels.

We compare the performance of a set of standard anti-money laundering rules against this discriminator. For a fair comparison, we adjust the model’s threshold to match the alert rate of the rules, ensuring both systems predict the same number of positive cases. We see that the model outperforms the rules in detecting suspicious transactions, even though it was trained using only generated data as positive examples.

Next, we simulate a combined detection system that triggers an alert if either the rules or the model detects suspicious activity. The results show minimal overlap between the alerts and true positives identified by the two methods, suggesting that the model captures different patterns of suspicious behavior compared to the rules. This is expected, given that the generator was trained specifically to create examples that evade the rule-based system, leading the discriminator to identify distinct patterns.

In conclusion, the discriminator effectively complements the rule-based system, resulting in a combined approach that significantly improves the detection of money laundering activities.

A diagram comparing the predictive performance of a rule-based solution against either our discriminator model or a combined solution of rules plus our model. For the same alert rate, the model has 5 percentage points higher recall and 13 percentage points higher precising than the rules. And the rules plus model solution has 16 percentage points higher recall and 6 percentage points higher precision than the rules.

Conclusion

In this blog post, we introduced a method leveraging GenAI to generate synthetic data that simulates realistic money laundering activities. This data can be used to train Machine Learning models to detect money laundering without requiring labeled data.

Our approach involves training a generator to produce examples that mimic money laundering behavior, guided by an optimization function integrated into its loss. This synthetic data is then used to train a discriminator, which learns to distinguish between real (mostly legitimate) behavior and synthetic suspicious behavior.

Our results demonstrate that, when tested on a real test set with real labels, the discriminator outperforms traditional rule-based systems in predictive accuracy and can also serve as an effective complement to them. For a more detailed explanation about our method or our experiments, please refer to the full paper.