In this article we address how we can leverage Microsoft Fabric IQ and Graph queries (preview) to combat financial fraud in Anti-money laundering (AML) use cases.
Banks and financial institutions need to detect suspicious money flows such as:
- Circular transactions (layering)
- Rapid movement of funds through multiple accounts
- Hidden relationships between accounts, customers, and merchants
Anti-Money Laundering (AML) involves methods and technologies to detect and prevent illegal fund transfers. Modern AML systems use advanced tools to spot complex patterns in financial data, helping organizations fight fraud more efficiently.
Here are some key use-cases of AML
Detection of Structuring: This refers to spotting large amounts divided into smaller transactions to evade detection. AML tools track these split transactions across accounts and beneficiaries.
Shell Companies and Trusts: AML systems detect suspicious activity using shell companies to hide illicit fund origins.
Round-Tripping and Bank Capture: These methods move funds across jurisdictions or use financial institutions for laundering. AML tools can trace these complex flows.
Real-Time Fraud Detection: Leveraging Fabric IQ Ontology (and Graph queries) can enable real-time analysis of financial transactions, helping organizations detect and respond to suspicious activities instantly.
The newly released Microsoft Fabric IQ (in preview) adds a governed semantic layer (ontology) mapping business entities & relationships across Microsoft OneLake; it integrates with Graph in Fabric to build labeled property graphs and run algorithms and GQL pattern queries. All of these can now be easiy accomplished in Microsoft Fabric.
Here is the High‑Level Flow (sequence) on how to set this up in Microsoft Fabric
Source (CSV / JSON) --> Lakehouse (Delta tables) --> Create Fabric Ontology (Semantic Graph layer) --> Create Fabric Data Agent (with Fabric Ontology as the Data Source/ Knowledge).
Once the Fabric Ontology is setup and bound to your Lakehouse data, you are now ready to perform AML Pattern Detection via Natural Language queries (via Fabric Data Agent) and GQL queries via the Fabric UI or GraphQL API. You can also represent the data and results in Power BI.
Here are the high-level steps to try these features out in Microsoft Fabric. A technical version of this will be soon available on the Microsoft Fabric Community Blog site.
1. Download the IBM AMLSim dataset to your local drive. IBM AMLSim Example Dataset. We only need 2 out of the 3 CSV files here (transactions and accounts).
a. Accounts dataset: Contains the information about all the bank accounts whose transactions are monitored.
b. Transactions dataset: Contains the list of all the transactions with information about sender and receiver accounts.
2. Create a new lakehouse (FabricIQ_DemoLH) in your Fabric workspace (FabricIQDemoWS) and make sure the checkbox for Lakehouse schemas (Public Preview) is not enabled. Then, upload the 2 sample CSV files to your lakehouse, and load each one to a new delta table. For detailed instructions on loading files to lakehouse tables, see the first three sections of CSV file upload to Delta table for Power BI reporting.
3. When your data is stored in OneLake, you can build an ontology from the OneLake data tables. That manual process involves these steps:
- Create an ontology item (call it AML)
- Create 2 entity types (aml_accounts, aml_transactions)
- Create data bindings and choose the entity type keys for the above entity types as per screenshots below:
- Create a “transfers” relationship type between entity types (aml_accounts), and bind them to source data for “transactions” as per the screenshot below
4. You are now ready to run graph queries over the graph model which was created above. Here are some sample queries using GQL (a variation of Cypher). Submit these queries on the graph model using the Query Builder or Code Editor as shown in the screenshot
a. Detect high-value transfers
MATCH (a:aml_accounts)-[t:transfers]->(b:aml_accounts)
WHERE t.amount > 1000000
RETURN a.ACCOUNT_ID AS SenderAccount,
b.ACCOUNT_ID AS ReceiverAccount,
t.amount AS TransferAmount,
t.tx_type,
t.is_fraud
LIMIT 100
b. Detect Rapid Multiple Transfers (Structuring) – this detects transfers which are designed to be just under the reporting limit of 10000 (as an example)
MATCH (a:aml_accounts)-[t:transfers]->(b:aml_accounts)
where t.amount > 9000 and t.amount < 10000
RETURN a.ACCOUNT_ID AS SenderAccount, COUNT(t) AS TransferCount, SUM(t.amount) AS TotalAmount
GROUP BY SenderAccount
ORDER BY TransferCount DESC
LIMIT 50
c. Detect Circular transactions (Money laundering loops)
MATCH (a:aml_accounts)-[t1:transfers]->(b:aml_accounts)-[t2:transfers]->(a)
RETURN a.ACCOUNT_ID AS AccountA,
b.ACCOUNT_ID AS AccountB,
t1.amount AS FirstTransfer,
t2.amount AS ReturnTransfer
LIMIT 100
d. Detect cross-border transfers
MATCH (a:aml_accounts)-[t:transfers]->(b:aml_accounts)
WHERE a.COUNTRY = 'USA' AND b.COUNTRY <> 'USA'
RETURN a.ACCOUNT_ID AS SenderAccount,
b.ACCOUNT_ID AS ReceiverAccount,
t.amount AS TransferAmount
LIMIT 100
e. Detect transfers where a fraudulent account is involved
MATCH (a:aml_accounts)-[t:transfers]->(b:aml_accounts)
WHERE a.IS_FRAUD = true OR b.IS_FRAUD = true
RETURN a.ACCOUNT_ID AS SenderAccount,
b.ACCOUNT_ID AS ReceiverAccount,
t.amount AS TransferAmount
LIMIT 100
f. Combine Multiple AML patterns
MATCH (a:aml_accounts)-[t:transfers]->(b:aml_accounts)
WHERE (t.amount > 10000 OR a.IS_FRAUD = true OR b.IS_FRAUD = true)
RETURN a.ACCOUNT_ID AS SenderAccount, b.ACCOUNT_ID AS ReceiverAccount, sum(t.amount) AS TransferAmount
GROUP BY SenderAccount, ReceiverAccount
ORDER BY TransferAmount DESC
LIMIT 200
Sample results are shown below:
5. Create Data Agent. Ontology (preview) integrates with Fabric data agent (preview), allowing you to ask questions in natural language and get answers grounded in the ontology's definitions and bindings.
Go to your Fabric workspace and create a new data agent (preview). Add the above AML ontology as a data source for the data agent. For detailed instructions, see Create a Fabric data agent (preview).
Select Agent instructions from the menu ribbon and at the bottom of the input box, add Support group by in GQL. This instruction enables better aggregation across ontology data.
Now you can explore your ontology (AML data) with natural language questions. Below is a sample of natural language questions and the results.
Q: show me the top 5 transfers
A: Here are the top 5 high-value transfers over $1,000,000:
Transaction ID: 1240091 | Amount: $21,474,836.47 | Sender Account: 6221 | Receiver Account: 1592
Transaction ID: 1241537 | Amount: $21,474,836.47 | Sender Account: 6388 | Receiver Account: 9976
Transaction ID: 1241578 | Amount: $21,474,836.47 | Sender Account: 314 | Receiver Account: 8966
Transaction ID: 1241669 | Amount: $21,474,836.47 | Sender Account: 2223 | Receiver Account: 1846
Transaction ID: 1241929 | Amount: $21,474,836.47 | Sender Account: 3287 | Receiver Account: 8104
These are the largest transfers exceeding $1 million in the dataset.
Q: show top 5 Transfers Involving Fraudulent Accounts
A: Here are the top 5 transfers involving fraudulent accounts, ranked by transaction amount:
- Sender Account: 2364 | Receiver Account: 2079 | Amount: $21,474,836.47
- Sender Account: 3234 | Receiver Account: 8056 | Amount: $21,474,836.47
- Sender Account: 2223 | Receiver Account: 1846 | Amount: $21,474,836.47
- Sender Account: 2345 | Receiver Account: 7879 | Amount: $21,474,836.47
- Sender Account: 9288 | Receiver Account: 8344 | Amount: $21,474,836.47
All these transactions involve accounts that have been flagged as fraudulent.
Q: show top 5 Cross-Border Transfers
A: No cross-border transfers were found in the available data. This means there are no transactions where the sender and receiver accounts are in different countries, or such information is not available in the dataset. If you need to adjust your search or check a different criteria, let me know!
This concludes the demonstration and example of how customers and partners can leverage the newly released Fabric IQ (in preview) to quickly analyze and visualize financial data with complex relationships using natural language. It also demonstrated how you can use graph queries (from pre-joined data in memory) without going through the complexity of performing multiple joins over relational data using SQL.