Case Overview
Earlier risk detection, built to survive examination
Our models caught suspicious activity sooner, reduced false positive alerts, and preserved full lineage for regulatory review.
IBM HI-Small transactions processed
Classifier parameters
Validation ROC-AUC
Streaming scoring interval
Rules-based screening missed the patterns that matter
Rules-based screening misses graph-shaped patterns like structuring, fan-out, and layering while analysts manually review 8-10 million monthly transactions across fragmented systems. High-risk alerts stall before disposition, and SAR submissions take 3-4 weeks from first trigger. Compliance leadership needs to surface suspicious activity earlier, without sacrificing the evidence quality regulators demand.
Measured Outcomes
Earlier detection, measured in the first production cycle
Counter-level metrics from the initial rollout period across compliance speed, review quality, and pattern coverage.
SAR turnaround time
4 hours
-95%Before: 3-4 weeks
False-positive review load
12% lower
-12%Before: Baseline
Pattern classes detected
4 topologies
+4 typesBefore: Rules only
Validation quality trend (ROC-AUC)
Implementation Detail
Architecture used in production
The deployment keeps scoring, pattern extraction, and analyst decisions tightly coupled without sacrificing governance requirements.
Data Pipeline
Cleans IBM HI-Small source rows, normalizes timestamps and currency values, and yields reproducible fixtures for model training and replay.
Classifier Scoring
Scores transaction descriptors with class weighting and negative undersampling to keep the extreme class imbalance trainable.
Pattern Engine
Detects structuring, fan-out, fan-in, and cycle motifs using graph windows and emits explainable evidence bundles for analysts.
Review & Retrain
Persists analyst dispositions and promotes nightly retrained models into the registry with threshold and metric lineage attached.
4 weeks rollout timeline
Week 1
Data ingest and baseline benchmark
Connected transaction exports, profiled class imbalance, and validated baseline rule precision/recall envelope.
Week 1
Data ingest and baseline benchmark
Connected transaction exports, profiled class imbalance, and validated baseline rule precision/recall envelope.
Week 2
Model fine-tuning and thresholding
Fine-tuned the scoring model and calibrated alert thresholds against validation cohorts and review capacity.
Week 2
Model fine-tuning and thresholding
Fine-tuned the scoring model and calibrated alert thresholds against validation cohorts and review capacity.
Week 3
Graph detector integration
Integrated topology detection and analyst pattern context into queue-level triage workflows.
Week 3
Graph detector integration
Integrated topology detection and analyst pattern context into queue-level triage workflows.
Week 4
Production rollout and governance handoff
Activated governed model version, enabled audit-ready dossier export, and scheduled retraining cadence.
Week 4
Production rollout and governance handoff
Activated governed model version, enabled audit-ready dossier export, and scheduled retraining cadence.