Referenced in our Newsletter Volume 3, Issue 11 - November 2004
Finished Intelligence (Proactive Analysis)
The following example was derived from a review of the SAR-MSBs (Suspicious Activity Reports - Money Services Businesses) dealing with all addresses located in
the 90210 ZIP code. The nature and structure of SAR-MSB filings were covered in the
August 2004 and
October 2003 newsletters.
The SAR-MSB database contains over 80 addresses in the 90210 ZIP code - made popular by the TV series with the same name. A partial
sample of the result set from the database is shown below. As can be seen, not all the CITY attribute values show this as
Beverly Hills because there are abbreviations including B H as well as L A and there are even values for Harbor City and South Gate.
The ZIP_SUSP_LAT and ZIP_SUSP_LONG were calculated using the DisambiguatorĀ® function for ZIP code centroid.
Selecting all the values in the results set presents each of the unique addresses as is shown in the diagram below.
In these examples the specific values (e.g., street names/numbers) are hidden from view.
At this point the data is "walked" one level to show the additional connections. In the SAR-MSB model, ADDRESSes are
directly connected to SUBJECTs which is shown as the large circle shown to the right of the ADDRESSes. Newly displayed
data is always ordered according to the number of connections - thus, there is a SUBJECT shown near the 11:30 position
that reveals multiple connections (shown with additional spacing before/after the object).
Clearly, this indicates we have a potential target entity to pursue. What is difficult to see in above diagram is whether
or not any of the ADDRESSes are connected to multiple SUBJECTs. By initiating a redraw of all the data in the display, the
following diagram emerges, which quickly reveals that there are instances of multiple connections between SUBJECTs and ADDRESSes.
The next-to-last network is of most interest because it contains a SUBJECT with connections to 5 ADDRESSes within
the 90210 ZIP code. Immediately, we know that there will also be a minimum of at least 5 SAR-MSBs because a SUBJECT
can only list one ADDRESS per SAR-MSB. Looking closely at the ADDRESSes shows that they represent the same location -
with slight variations in the street name, abbreviations, and numbers which are hidden from the label in this example.
These 5 ADDRESSes can be merged together into a single object to help clean up the screen real estate (no pun intended) in the view.
Other important visual clues to notice in this diagram include the link thickness. The thick blue link between the
SUBJECT and the ID NUMBER indicates that all 5 of the SAR-MSB transactions supported this connection (e.g., the
driver's license was presented as the identification in each of the transactions). The thick brown line from the
SUBJECT to the PHONE shows consistency for listing a particular work number in the transaction.
Finally, the SSNEIN (Social Security Number / Employer Identification Number) with the red "X" exposes the improper
use of a SSNEIN referenced in a DEATH-MASTER file (a database of over 90 million records of deceased people).
Interestingly, the thicker line to this particular SSNEIN shows repeated use of the same number, which represents
intentional use of this number, as opposed to a typo or transposition error. The second SSNEIN is off by one digit
from the other SSNEIN.
At this point, we have a "well-qualified target" to pursue under a full and formal investigation. Since there is a
lot of repetitive information in the display, it can be reorganized and presented in a much more refined format.
As shown below, we have merged together all of the SAR-MSB objects into a single entity with a label showing the
total amount and the date range of the transactions. Additionally, we performed an
HTTP Search (Google) to generate
the embedded map, created a legend, and added additional text annotations to clarify the content. The final result
is shown below as a well-presented diagram with full back-up and documentation.
To summarize, the following steps were performed to identify this target:
1) Query all ZIP codes = 90210
2) Walk the 80+ ADDRESSes out 1 level
3) Select the network with the largest SUBJECT to ADDRESS ratio
4) Expand out an additional level
5) Consolidate similar/duplicated objects
6) Add the title, legend, map, and labels
7) Save results / print
|
