Home » THE SPIDERS WEB OF THREAT DETECTION: How to find out which threats you are catching?

THE SPIDERS WEB OF THREAT DETECTION: How to find out which threats you are catching?

When I think about transaction monitoring rules, I like to imagine a mess of spider’s webs – overlapping and tangled together. The webs are so large and tangled that they catch many flies, more than the spiders can eat. Attracted by the success of the first spiders, more build new and overlapping webs, catching ever more insects. The spiders must work hard to identify which are flies they can eat. Some flies get eaten, some don’t, some remain there rotting for some time. The clever flies, notice the fly graveyard and by-pass the webs all together. They are never caught.  

So, the webs are transaction monitoring rules, and the flies are the criminals…. you’re with me, right? 

Each web catches multiple flies  

I often speak to both customers and tech providers about designing transaction monitoring rules. It is common for this to be a very challenging exercise, particularly when it comes to designing rules that target a particular criminal activity or threat. Or even just understanding what level of coverage each individual rules gives you against criminal activity. This challenge seems to be paramount when it comes to deploying up-and-coming new detection techniques.  

Detection rules such as ‘cash deposit – large sums accumulated over time‘ span multiple threats, this could a sign of human trafficking but also BEC fraud. While ‘frequent and extensive payments of passenger tickets, e.g., rental of vehicles‘ could be sexual exploitation or forced labour.  

In other words, it is almost impossible for those designing rules to be clear which flies they are catching, and which are soaring on by.  

Many flies to one web and many webs to one fly 

Let’s bring the challenge to life. Imagine designing a targeted transaction monitoring rule for sexual exploitation. Some examples of transactional risk indicators could include ‘high proportion of cash deposits and withdrawals, unusual late-night activity, transfers in-coming and immediately withdrawn, high proportion of payments for hotels/serviced accommodation/transport, lack of other lifestyle payments‘. These are all potential signs of sexual exploitation but depending on how you combine these risk indicators to form detection rules, you could also be detecting illegal waste trafficking, cash smuggling, or forced labour.  

Without mapping the relationship between transactional risk indicators and threat type, you cannot be completely clear on what other types of criminal activity each is picking up.  

There are many organisations that have made valiant efforts to map transaction monitoring rules to threats. Resulting in a very complicated spreadsheet, with multiple colours and many merged cells attempting to map the many to one and one to many relationships. A huge headache!  

Detangling the webs  

To detangle the mess of spider webs, we need to be clear on the rules we have in place, and which threats they are covering.  

The key is to use technology to make the link between individual transactional indicators and the threats they are associated with. There are too many connections to do this manually and it is a huge challenge to keep track of this yourself.  

Imagine a database of financial crime threats and risks, where each individual transactional risk indicator is linked to the threats it is relevant to. With just a few clicks you could find out which threats your transaction monitoring rules are covering…  


Overview of Acuminor’s database of financial crime threats and risks.

Curious to find out which threats your transaction monitoring rules are covering? Or interested to understand more about how these data points can be connected to via API?

Send me a message on Linked in or email to harriet@acuminor.com 

Harriet Shaw

Business development executive

About Acuminor 

The methods used by criminals is constantly evolving and each organisation faces different risks as a result. With help of expertise and powerful technology, Acuminor’s risk analysis platform provides unique insights into threats and risks from money laundering, terrorist financing and sanction violations. This enables you to know your risks and reduce them before it’s too late.