 |
|
|
 |
What's New?
The latest patch to the 3.0 release is scheduled to be available for download from our Support Site in the next week. This patch, 3.0.5, addresses some minor issues, including:
- Corrected a problem with executing service requests when running SOAP.
- Applied fixes to the Summarize service to ensure that correct counts are returned when regardless of request configuration.
- Corrected the ChoicePoint model to properly process the SQL query to ensure correct execution and return of results.
- Fixed an issue that caused objects to be lost during the unmerge process.
- Applied fixes to ensure that sending Report Memo details to a browser or word processor works properly in Applet mode.
Remember to check the Support Site in the coming week to download this patch!
|
|
|
 |
 |
...that VisuaLinks is not affected by the Java plug-in security breach?
Sun Microsystems has announced a security breach in their Java plug-ins for all browsers. This flaw affects
Internet Explorer, Netscape and Mozilla (Firefox) browsers running on Microsoft Windows and Linux
(Sun is not sure about Mac OS X). More specifics can be found in the Windows and Linux exposed by Java flaw
article at silicon.com.
The security flaw will in no way affect the VisuaLinks suite. The VisuaLinks client is digitally signed
and uses no JavaScript. The risk comes from browsing a web site containing malicious code or clicking a
URL in an e-mail message that directs your browser to a malicious site.
For those clients who use Java and JavaScript enabled browsers, however; we do recommend that you
update your Java VM plug-in to version 1.4.2_06 or later, available from the Sun Developer Network Site,
before browsing the Web with Java and JavaScript enabled browsers.
|
|
|
 |
This month's article discusses some changes that have been made to the Network Miner service. As you may recall, Network Miner is used to expose networks of interconnected objects contained in the underlying database(s).
In past versions, the results shown in the Query Results Panel included a single column where all of the details for each network were shown. Often it helps to get an understanding of how the network formed in terms of the different number of object-types that were encountered. By previewing this information, it helps determine selection.
For example, using the PERSON-ADDRESS link in a model, Network Miner may return a network with 1 ADDRESS and 10 PEOPLE, which would indicate a starburst representation - essentially where all the people are connected to the same address. In certain investigations, this would be an important network to expose because the address may be a safe house for narcotics dealings. In other types of investigations, it may be avoided because it represents incomplete or erroneous data.
A different network may show 6 ADDRESSES and 4 PEOPLE. In this configuration, the investigators immediately know there are shared addresses among the people. Until the network is actually displayed, we don't know if the addresses are daisy chained among the people or if all people are connected to all the addresses. However, using common sense and prior experience with the model and data, it would most likely be some sort of close network.
The following table shows the query results of a Network Miner request in older versions of VisuaLinks. Each row represents a unique network and the counts for the different object types are appended in a single column, which makes it hard to sort and identify certain network configurations.
The following tables show what the revised query result tables look like with the different object types broken out into individual columns. A blank entry indicates there were no objects of that type encountered within that particular network. Also, the NODE and *KEY for the network are used to expose the entry point and do not have any significant meaning because all nodes are treated equally in the network.
In the following example, there is a single DCN (Document Control Number) with 2 SUBJECTS and 2 ID NUMBERS along with 1 PHONE and 1 ADDRESS. The SUBJECTS are almost certainly related, perhaps as husband and wife. These types of networks tend not to provide high-value targets and are typically discounted.
In this next table, the information was sorted based on the DCN for the financial transactions. The top network has 4 DCNs and no ACCOUNTS - which indicates that the 2 SUBJECTS were probably not regular clients of the bank(s). Additionally, with 3 ADDRESS values, the SUBJECTS are probably different people and one of the ADDRESSES is most likely a variation of one of the others. This is also confirmed with the 2 SSN-EIN numbers.
The following table is sorted based on the number of SSN-EINs contained in a network. There were also 8 SUBJECTS and 8 ADDRESSES listed on the 3 DCNS included in this network. What is unusual is that only 1 ID NUMBER and 1 PHONE were listed. This type of network could possibly represent a mortgage fraud or other type of "centralized" network controlled by one person.
|
|
 |
Structuring Financial Transactions
Many people are aware that the U.S. Government requires that certain types of information be reported when large quantities of cash are moved in or out of financial institutions (e.g., banks, savings and loans, credit unions, etc). Often people conducting high-value financial transactions will ask the bank teller "What is the dollar amount required to file a report with the government?" The response is a Cash Transaction Report, CTR, (IRS Form 4789 / FinCEN Form 104) is required to be filed for any amounts cumulatively exceeding $10,000 for a single day.
Once informed, customers often lower the amount of the transaction to less than $10,000. Generally, the new amounts deposited or withdrawn reflect values such as $9,900, $9,800, or $9,500. However, once the change in amount is made, the financial institution is obligated to file a Suspicious Activity Report, SAR, (TD F 90-22.47) without alerting or notifying the customer of this fact. The reason why this happens is because "structuring" deposits or withdraws to avoid detection is a money laundering technique.
Under Title 31 - Money and Finance, Subtitle IV- Money, Chapter 53 - Monetary Transactions, Subchapter II - Records And Reports On Monetary Instruments Transactions, Sec. 5324, Structuring Transactions To Evade Reporting Requirement Prohibited, the following conditions define the violation of this statue:
Any person who, for the purpose of evading the CTR reporting requirements,
(1) cause or attempt to cause a domestic financial institution to fail to file a report;
(2) cause or attempt to cause a domestic financial institution to file a report that contains a material omission or misstatement of fact; or
(3) structure or assist in structuring, or attempt to structure or assist in structuring, any transaction with one or more domestic financial institutions.
For more information on Title 31, refer to the Government Printing Office Access site.
Thus, "structuring" financial transactions to avoid filing requirements is a form of money laundering and subject to penalties and forfeitures under the current laws and regulations. In fact, many of the SAR submissions are based on people behaving in this fashion and our focus for this month's link chart reflects such as case.
The specific SUBJECT was identified based on her occupation (a medical profession) and her frequency of SAR filings. Although many potential targets were exposed using this approach (a filtered SUMMARIZE), this scenario is specific only to the individual selected, as shown below.
The network is extended to show the SARs (also referred to as DCNs for Document Control Numbers) on which the SUBJECT was reported. The diagram below depicts 10 individual SARS that are split into different columns based on their filing year.
The first column shows four SARs filing in 2002 and the second column shows six filings in 2003. Generally, the specific dates for her SAR filings are somewhat sporadic which generally does not reflect a legitimate or regular business practice - as defined by the SUBJECT's stated occupation. Also shown in the diagram is a single account used for all of these SAR transactions.
Each SAR supports a "NARRATIVE" which represents a detailed description, provided by the financial institution, describing the nature of the suspicious activity. For this SUBJECT, each SAR narrative similarly stated the following:
"THIS CUSTOMER HAS BEEN PREVIOUSLY REPORTED FOR MAKING LARGE CASH WITHDRAWALS JUST UNDER THE CTR REPORTING LIMIT. THIS IS UNUSUAL ACTIVITY AND MAY IMPLY THAT THE CUSTOMER IS ATTEMPTING TO AVOID CTR FILING REQUIREMENTS. THE BANK REPORTED THAT THE CUSTOMER INTENDED TO MAKE A CASH WITHDRAWAL FOR OVER $10,000, HOWEVER, ONCE INFORMED OF THE CTR FILING REQUIREMENTS, THE CUSTOMER LOWERED THE AMOUNT TO BELOW $10,000."
As was previously discussed, this type of behavior is illegal and constitutes "structuring" on behalf of the SUBJECT. From here, the ADDRESS, PHONEs, and SSNs (Social Security Numbers) are brought into the display.
As is quickly observed, the thicker lines to each of these objects indicate they were consistently referenced in each of the SARs. The ADDRESS with the thinner line showed a variation on the street name (AVE. verses AVENUE) used in one of the SARs. The fact that these objects, along with the ACCOUNT, have been consistently used tells investigators that she is not actively trying to "cover her tracks" by varying the spellings or information provided to the bank. Keep in mind, the SUBJECT does not know that these SARs are being filed on her.
The next diagram brings in other entities connected to the ADDRESSes, PHONEs, or SSNs.
Only a single object is returned - an additional SUBJECT. What investigators discover is that this new SUBJECT is actually an organization - which is the name of the medical practice for this doctor. The investigators interactively change the icon to an ORGANIZATION to more accurately convey the contents of the analysis. At this point, the investigators know that additional SARs will be exposed once the links to the ORGANIZATION are expanded.
This level, as expected, shows that here are three additional SARS, filed in 2004, using the same ACCOUNT connected to the other SARs. The investigators determine this change in behavior is due to the SUBJECT trying to layer her transactions through the medical practice so her activities are less "exposed" to government observations. Needless to say, these types of situations provide the investigators and analysts more insight to their targets.
Additional searches in the SAR database do not reveal any more data. However, the investigators check the CTR database and discover a single transaction that occurred in the year 2000.
It was most likely this event that "tipped" her off that the government required forms to be filed for amounts exceeding $10,000. From that point forward, all of her financial transactions were reported as SARs.
This multi-step, multi-source analysis clearly shows how people try to structure their transactions to avoid CTR filing requirements. If large volumes of cash are derived from legitimate purposes (e.g., restaurants, bars, churches, etc.), there should be no concern about depositing or withdrawing the money. The CTR forms are not currently used for tax purposes or any other government oversight other than to help detect and expose money laundering activities. Structuring transactions, providing false information, or trying to avoid CTR filings will result in SAR filings - which are highly scrutinized by governments throughout the world.
|
|
|
 |
|
