GARG-AML against Smurfing: A Scalable and Interpretable Graph-Based Framework for Anti-Money Laundering

TL;DR

GARG-AML targets scalable, interpretable smurfing detection by assigning each node a score derived from the density structure of its second-order neighbourhood. It provides both undirected and directed variants, with the core idea expressed via block-wise densities in the second-order adjacency, yielding a score in $[-1,1]$ that captures resemblance to pure smurfing patterns. An optional extension incorporates tree-based learners using GARG-AML scores and neighbor statistics to boost detection power. The method is validated on large synthetic networks and two open-source IBM-like datasets, achieving state-of-the-art performance with strong scalability and interpretable features suitable for integration into existing AML workflows. The work emphasizes practical deployment, parallelizable computation, and cross-institution data-sharing considerations to improve real-world smurfing detection.

Abstract

Purpose: This paper introduces a novel graph-based method, GARG-AML, for efficient and effective anti-money laundering (AML). It quantifies smurfing risk, a popular money laundering method, by providing each node in the network with a single interpretable score. The proposed method strikes a balance among computational efficiency, detection power and transparency. Different versions of GARG-AML are introduced for undirected and directed networks. Methodology: GARG-AML constructs the adjacency matrix of a node's second-order neighbourhood in a specific way. This allows us to use the density of different blocks in the adjacency matrix to express the neighbourhood's resemblance to a pure smurfing pattern. GARG-AML is extended using a decision tree and gradient-boosting classifier to increase its performance even more. The methods are tested on synthetic and on open-source data against the current state-of-the-art in AML. Findings: We find that GARG-AML obtains state-of-the-art performance on all datasets. We illustrate that GARG-AML scales well to massive transactions graphs encountered at financial institutions. By leveraging only the adjacency matrix of the second-order neighbourhood and basic network features, this work highlights the potential of fundamental network properties towards advancing fraud detection. Originality: This paper uses only basic network features and expert knowledge on smurfing to construct a performant AML system. The originality lies in the translation of smurfing detection to these features and network representation. Our proposed method is built around the real business needs of scalability and interpretability. It therefore provides a solution that can be easily implemented at financial institutions or incorporated in existing AML solutions.

Figures (22)

• Figure 1: The two smurfing patterns described in the literature starnini2021smurfaltman2024realistic; as scatter-gather (left) and gather-scatter (right).
• Figure 2: Example of a smurfing pattern. $A$ is the node that will receive the score. The first-order neighbours ($B, C, D$) are shown in purple, and the second-order neighbour ($E$) is shown in green.
• Figure 3: The directed version of the smurfing pattern example, extended with an additional sending node ($A'$) and receiving node ($E'$). Nodes at level 0 are put in blue, at level 1 in purple and at level 2 in green.
• Figure 4: Illustration of a random network in which three different methods of injecting smurfing patterns are presented. The solid lines indicate nodes and edges of the original network, whereas the dotted lines indicate injected nodes and edges that correspond to smurfing.
• Figure 5: The pipeline of the GARG-AML method.