Dollar bills.
Photo: Sharon McCutcheon via Unsplash

Hunting sanctions evaders with network analytics

Protocol Enterprise

Hello and welcome to Protocol Enterprise! Today: how financial investigators are tracking down people and companies trying to evade Russian sanctions, Intel goes to Europe, and only the most worthy may undertake the Cloud Quest.

Spin up

Buy your software developers some coffee tomorrow morning: According to CircleCI’s annual State of Software Delivery report, the peak time for activity on its software deployment service is between 6 a.m. and 7 a.m. PT on Wednesdays.

How network analytics detect sanctions evaders

The war in Ukraine has been devastating to human lives in that country and the surrounding region. But its ripple effects are felt around the world, including inside complex analytics systems used to determine exposure to financial fraud and money laundering.

Companies are scrambling to determine whether they’re at risk of financial fraud connected to the dozens of Russian nationals and oligarchs recently added to the U.S. Treasury Department’s sanctions list, said Clark Frogley, head of financial crime solutions at Quantexa. Hint: They usually don’t use their real names.

The Treasury Department issued an alert on March 7 advising financial institutions to be on the lookout for efforts to evade U.S. sanctions implemented in connection with Russia’s invasion of Ukraine.

  • As a result, one financial institution used Quantexa’s entity resolution technology to identify companies in Cyprus and the British Virgin Islands that were owned by an individual on the sanctions list.
  • To identify them, the organization’s sanctions team conducted a search for sanctioned entities across its customer database, identifying two of them.
  • The Quantexa system discovered more clues when an entity linked to a sanctioned individual tried to conduct several international wire transfers using accounts in jurisdictions associated with Russian financial flows, but with no clear economic or business rationale.
  • In cases like these, the banks involved likely attempted to stop the transactions, filed a suspicious activity report to regulators and assessed whether to take further actions.

Some traditional approaches to detecting fraud tend to focus on isolated incidents, but Quantexa’s approach uses network analytics to give context to individual actions taken by bad actors.

  • The system automatically generates a contextual network, a graph indicating the connective tissues linking target entities with other suspicious shell operations or individuals.
  • Frogley described a typical scenario: “When you go in and look at the exposure, you see that person is not only a sanctioned individual, here's the company that our customers have been doing business with [and] he's 100% owner of that company. But guess what? He's also the primary shareholder of these other three companies that they've been doing business with or these other two customers that we weren't even looking at,” he said.

To enable entity resolution, the software — used by customers on premises rather than in the cloud — rapidly analyzes customer and transaction data, but it finds clues from other sources, too.

  • Data from SWIFT wire transfer messages is extracted to reveal account numbers and types of transactions (think mortgage payments or payroll payments).
  • The system also uses third-party data sources such as private company data and risk data from Bureau van Dijk’s Orbis and RDC Grid.
  • But even financial records data revealed through journalistic investigations of the leaked Pandora and Panama Papers can help provide corroborating evidence.
  • “It's nothing you're going to make a decision on,” said Frogley. “But it can be a reinforcing piece of information that this is an individual that I'm concerned about.”

In general, the company believes that providing more context to fraud detection can reduce false positives that nab the wrong people or stop legitimate transactions, annoying businesses and consumers.

  • Frogley said false positives are so accepted throughout the financial industry, they fail to stop the problems they’re meant to stop.
  • “You're not stopping human trafficking. You're not stopping wildlife trafficking, you're not stopping money laundering. You're just checking the box from the regulatory perspective of doing what you're required to do, but it's not truly getting to the heart of the problem.”

— Kate Kaye (email| twitter)


Dataiku is the only AI platform that connects data and doers, enabling anyone to transform data into real business results — from the mundane to the moonshot. Because AI can do so much, but there's no soul in the machine, only in front of it. Without you, it's just data.

Learn more

Intel’s European adventure begins

Intel sketched out the scope of its new investments in the EU Tuesday, committing up to 80 billion euros ($87.7 billion) in funding across a new factory site in Germany, a new French research and development facility, additional manufacturing in Ireland — where it already operates a factory — and investments in Italy, Poland and Spain.

Unlike Intel, TSMC has been less eager to commit to a big new fab project in Europe. During the company’s most recent earnings call, chairman Mark Liu said the company was still assessing a potential site. To make it worthwhile, TSMC likely also needs an ecosystem of supporting businesses, talent and infrastructure, as it has in place in Taiwan.

But Taiwan’s government has become quite interested in Europe. It recently announced a commitment of $1.2 billion of tech investments in Lithuania, spread across a $200 million investment fund and $1 billion for loans for various projects.

— Max A. Cherney (email | twitter)

Cloud quest? Cloud quest

Who says Amazon is bad at video games? AWS released a Sim-City-meets-CompTIA “role-playing learning game” Tuesday called AWS Cloud Quest: Cloud Practitioner that promises to teach players basic cloud skills while they save a virtual city from falling into disrepair.

“As a Cloud Practitioner, you’ll venture on a journey to help the citizens in town transform their city by using cloud computing!” declared the trailer for Cloud Quest, which sounds like a rejected Sierra Entertainment title from the 1980s. If it gets slow over the summer Protocol Enterprise will do a full review.

— Tom Krazit (email | twitter)

Around the enterprise

Google’s Stadia cloud gaming service never really got off the ground, and it will evolve into a Google Cloud enterprise gaming service, Google announced Tuesday.

Oracle extended the window for its proposed $28 billion acquisition of Cerner for the second time, setting an April 13 deadline amid antitrust review.

Oracle also unveiled new cloud infrastructure services that push back against the idea of “cloud native,” encouraging cloud laggards to move their applications without rewriting them.

MongoDB and AWS have moved pretty far beyond their war of words a few years ago over open-source software and cloud databases, announcing an expanded partnership.


Dataiku is the only AI platform that connects data and doers, enabling anyone to transform data into real business results — from the mundane to the moonshot. Because AI can do so much, but there's no soul in the machine, only in front of it. Without you, it's just data.

Learn more

Thanks for reading — see you tomorrow!

Recent Issues