CN114238414A - Monitoring method and device for suspicious transaction data of money laundering prevention - Google Patents
Monitoring method and device for suspicious transaction data of money laundering prevention Download PDFInfo
- Publication number
- CN114238414A CN114238414A CN202111594374.7A CN202111594374A CN114238414A CN 114238414 A CN114238414 A CN 114238414A CN 202111594374 A CN202111594374 A CN 202111594374A CN 114238414 A CN114238414 A CN 114238414A
- Authority
- CN
- China
- Prior art keywords
- data
- money laundering
- file
- suspicious
- transaction
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2455—Query execution
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/20—Information retrieval; Database structures therefor; File system structures therefor of structured data, e.g. relational data
- G06F16/24—Querying
- G06F16/245—Query processing
- G06F16/2458—Special types of queries, e.g. statistical queries, fuzzy queries or distributed queries
- G06F16/2471—Distributed queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q40/00—Finance; Insurance; Tax strategies; Processing of corporate or income taxes
- G06Q40/02—Banking, e.g. interest calculation or account maintenance
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Business, Economics & Management (AREA)
- Finance (AREA)
- General Engineering & Computer Science (AREA)
- Databases & Information Systems (AREA)
- Data Mining & Analysis (AREA)
- Accounting & Taxation (AREA)
- Computational Linguistics (AREA)
- Strategic Management (AREA)
- Economics (AREA)
- Marketing (AREA)
- Development Economics (AREA)
- Technology Law (AREA)
- General Business, Economics & Management (AREA)
- Fuzzy Systems (AREA)
- Mathematical Physics (AREA)
- Probability & Statistics with Applications (AREA)
- Software Systems (AREA)
- Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
Abstract
The invention relates to the technical field of information, and provides a method and a device for monitoring suspicious transaction data of anti-money laundering. The scheme includes that a data source detection task is used for realizing system clock scanning and obtaining the data preparation condition of an upstream system, when the upstream system generates a file containing money washing data sent by a client in a file sharing area, the data is marked to be prepared, otherwise, the waiting is continued; when a file generated by an upstream system in a file sharing area is searched, data extraction is carried out, and anti-money laundering data are obtained, wherein the anti-money laundering data comprise customer data, transaction data and account data; generating the basic data table according to the money laundering data; and calling an anti-money laundering suspicious model to screen the data of the basic data sheet to generate a screening result.
Description
Technical Field
The invention relates to the technical field of information, and provides a method and a device for monitoring suspicious transaction data of anti-money laundering.
Background
With the rapid development of Chinese economy, financial technologies represented by big data, cloud computing and block chains are being deeply applied in the financial industry. The financial industry greatly enhances the data calculation capability, makes breakthrough progress on the credit evaluation capability and effectively improves the risk management. The enhancement of the business capability of financial institutions promotes the rapid development of the types, speed and efficiency of services provided by the financial institutions, and the amount of transaction data generated each day is continuously increased. The difficulty of accurately identifying suspicious subjects in mass data increases.
The suspicious transaction monitoring accumulates and introduces multi-channel customer information, once the account transaction situation is matched with the suspicious transaction monitoring model, an intelligent suspicious transaction monitoring system established by data can automatically give an early warning, and an artificial intelligence technology analyzes the behavior characteristics of the customer according to the past track of the customer, finds out abnormal transactions from the transaction behaviors of the customer, finds out illegal criminal behaviors hidden behind, can well make up the limitation of the monitoring modes of model screening, list monitoring and artificial discrimination, and can rapidly improve the effectiveness of money laundering work of financial institutions. The abnormal transaction behaviors of the customers are comprehensively analyzed, and the internal and external mass data related to the customers can be effectively integrated by acquiring different data from different data sources, so that the abnormal transaction information of the customers can be effectively and deeply analyzed and processed. This technology becomes more reliable, faster, and more cost effective than human judgment and human capital. And (4) carrying out works such as abnormal behavior early warning and the like in the system, and helping to manually define the novel money laundering crimes in time. Meanwhile, the artificial intelligence can also finish the daily anti-money laundering data detection, collection, identification and the like of all people who finally benefit from identification, account entry and the like.
The technology is applied to the field of suspicious transaction monitoring of money laundering, and the problems that the transaction data volume of a financial institution received by a money laundering database is greatly increased along with the suspicious transaction monitoring, and the transaction number monitored every day is frequently innovated are effectively solved.
Disclosure of Invention
The main problem to be solved by the scheme is as follows:
and (4) authenticity guarantee: the verification links are added in the data transmission, storage and processing processes, so that the file quantity and file fields are prevented from being lost, and the situation that the basic logic of field information is wrong and the data analysis quality is directly influenced is avoided.
In order to solve the problems, the invention adopts the following technical scheme:
a method of monitoring anti-money laundering suspicious transaction data, the method comprising:
step S1, a data source detection task realizes system clock scanning by using java.util.timer, and obtains the data preparation condition of an upstream system through the flag quantity of data preparation, when the upstream system generates a SYM _ YYYYYYYMMDD.ok file containing money laundering data sent by a client in a file sharing area, the flag data is completely prepared, otherwise, the upstream system continues to wait;
step S2, when the upstream system generates a SYM _ YYYYYMMDD.ok file in the file sharing area in the step S1, data extraction is carried out to obtain anti-money laundering data, and the anti-money laundering data comprise client data, transaction data and account data;
step S3: generating the basic data table according to the date, the transaction type and the transaction channel corresponding to the money laundering prevention data;
step S4: calling an anti-money laundering suspicious model to screen the data of the basic data sheet to generate a screening result;
step S5: executing SQL sentences according to rules by using the screening result, determining suspicious transactions, and loading clients meeting requirements to an anti-money laundering case table;
and step S6, aggregating and counting the data in the anti-money-laundering case table, filing information, cleaning data, carrying out foreground display on the client, then manually screening cases by inline service personnel, judging suspicious cases, namely reporting to a pedestrian, and removing the suspicious cases.
In the above technical solution, the extracting the data source task data includes: the step 2 comprises the following steps:
step 2.1, creating a stealth file, namely creating a daemon process at the background, creating an empty file am.sok by the daemon process, opening the file through an open () function, calling a unix system command ulink to forcibly cancel a hard link of the file to enable the file to be in a stealth state, and changing the file to be always existed unless the daemon process is abnormally exited or exists, wherein the main function of the step is to prevent the background daemon process from being repeatedly executed and simultaneously establish an am.sok socket service;
step 2.2, the daemon scans whether SYM _ YYYYYMMDD.ok is created in a specified file area according to the time of 5-minute training, wherein YYYYMMDD is the date needing loading, if the file is scanned, the value of an i _ ready variable rewritten in the daemon is 1, and if not, the value is 0 by default;
step 2.3, the money laundering client initiates an inquiry message by accessing the aml.sok socket service, the daemon process sends the value of i _ ready to the money laundering client after receiving the inquiry message, if the value of i _ ready is 0, the money laundering client enters a sleep mode for 15 minutes, if the value of i _ ready is 1, ftp data access is initiated, and a SYM _ yyyymmdd.ok file is obtained from an upstream system, so that the money laundering data of a client, including a client, an account, a transaction data file and a control file, can be obtained, wherein the data file is used for analyzing a money laundering model, and the control file describes the size of the corresponding data file, the MD5 value and configuration information of each data field.
In the above technical solution, step 3 includes:
step 3.1, firstly, acquiring the date of the current data to be acquired by accessing a calendar mc00_ datatime;
and 3.2, comparing the MD5 value obtained by performing MD5 calculation on the client, the account and the transaction data file with the corresponding client, account and transaction control file, wherein if the MD5 values of the client, the account and the transaction data file are consistent, the number and the fields of the data file are consistent with those of an upstream system, and the authenticity of a system data source is ensured through the step, so that the authenticity of the whole system is ensured fundamentally.
And 3.3, comparing the field configuration information in the control file with each field configuration information recorded in a configuration table mc00_ ds _ tables, if the field configuration information is consistent with the configuration information recorded in the configuration table mc00_ ds _ tables, directly loading the file for use, if the field configuration information is inconsistent with the configuration information recorded in the configuration table mc00_ ds _ tables, adjusting a corresponding table in the database, calling an automatic script to adjust the basic table to be consistent with the configuration information in the control file, calling a shell script according to a java program and the configuration table mc00_ ds _ tables, and loading the upstream data file into a metadata table of the money laundering database. The timeliness of system adjustment is guaranteed through the steps, meanwhile, the robustness of the system is improved, individual upstream system fields are changed, and the system is adjusted greatly without manual intervention.
shell script configuration description:
userid--ORACLE username/password
control-control file
Log-recorded log file
Representing data files after control files, replacing files with independent data files if the files are independent data files
bad data file, record wrong unloaded data
The data-data file, the data parameter can only specify one data file, if the control file also specifies the data file through the infile and specifies a plurality of data files, the sqlldr is loaded firstly when executing
The data files specified by the data parameters are controlled to be ignored when the data file specified by the first infill in the files is ignored, but the data files specified by the subsequent infills are continuously valid
discard-discarded data files, which by default do not occur, must be specified
discardmax-maximum allowed to discard data (all defaults)
skip-number of records to be skipped, from the first line in the data file, the number of lines to be skipped is calculated, for the case of multi-table loading, if there is a while condition judgment, or multi-table loading under the direct path, if the number of records to be loaded is different, the parameter is invalid.
error-allowed number of error records, and if it exceeds, the task is terminated
In the above technical solution, in step 4, the money laundering suspicious model is executed in parallel by multiple nodes, and the specific algorithm is as follows:
4a, performing hash calculation on the client number in the money laundering data, and evenly distributing the client data in a plurality of calculation nodes;
4b, associating the account table through the client table, and distributing the account data to the same computing nodes as the corresponding clients;
4c, associating the transaction table through the account table, and distributing the transaction data on the same computing nodes as the corresponding accounts and the clients;
4d, the customer, the account and the transaction data of the anti-money laundering are scattered in a plurality of computing nodes, so that the parallel computation of the data is realized, the computation efficiency of the suspicious rules of the anti-money laundering is improved, but broadcast noise among multiple nodes needs to be prevented, therefore, the three steps of the steps 4a, 4b and 4c are executed, and the customer, the account and the transaction data of the same customer are distributed in the same computing node, so that the broadcast communication among the computing nodes is avoided from a data level, and the efficiency of data distribution computation is improved.
In the above technical solution, the step 4 of calling the money laundering prevention suspicious model to perform data screening on the basic data sheet, and the generating of the screening result includes: and calling a corresponding money laundering prevention suspicious model by using a preset calling rule to screen the data of the basic data sheet to generate a screening result, wherein the screening result comprises suspicious transaction data, suspicious customer information and suspicious account data.
The anti-money-washing calling rules are divided into two types, namely a large-amount monitoring rule and a suspicious monitoring rule, wherein the large-amount monitoring rule is personal or enterprise transaction data which are published by people banks and need to be reported, and the suspicious monitoring rule is a money-washing monitoring rule which is specified for 8 types of telecommunication anti-fraud, underground money, wading, gambling, illegal collection, reimbursement, illegal cash register and illegal tax evasion. The anti-money laundering rule is executed by executing various types of proprietary storage processes on the database.
A device for monitoring suspicious transaction data against money laundering, comprising:
the system comprises a data source detection module, a data source detection task, a data source detection module and a data source detection module, wherein the data source detection task realizes system clock scanning by using java.util.timer, and acquires the data preparation condition of an upstream system through the flag quantity of data preparation;
the data extraction module is used for extracting data to obtain money laundering data when an upstream system is searched to generate a SYM _ YYYYMMDD.ok file in a file sharing region, wherein the money laundering data comprises client data, transaction data and account data;
basic data table module: generating the basic data table according to the date, the transaction type and the transaction channel corresponding to the money laundering prevention data;
a screening module: calling an anti-money laundering suspicious model to screen the data of the basic data sheet to generate a screening result;
a table writing module: executing SQL sentences according to rules by using the screening result, determining suspicious transactions, and loading clients meeting requirements to an anti-money laundering case table;
and the screening module aggregates and counts data in the anti-money-laundering case table, performs information archiving and data cleaning, performs foreground display on the client, then performs case screening, judges that the case is suspicious, reports the case to the people and eliminates the case if the case is not suspicious.
In the above technical solution, the extracting the data source task data includes: a data extraction module:
step 2.1, creating a stealth file, namely creating a daemon process at the background, creating an empty file am.sok by the daemon process, opening the file through an open () function, calling a unix system command ulink to forcibly cancel a hard link of the file to enable the file to be in a stealth state, and changing the file to be always existed unless the daemon process is abnormally exited or exists, wherein the main function of the step is to prevent the background daemon process from being repeatedly executed and simultaneously establish an am.sok socket service;
step 2.2, the daemon scans whether SYM _ YYYYYMMDD.ok is created in a specified file area according to the time of 5-minute training, wherein YYYYMMDD is the date needing loading, if the file is scanned, the value of an i _ ready variable rewritten in the daemon is 1, and if not, the value is 0 by default;
step 2.3, the money laundering client initiates an inquiry message by accessing the aml.sok socket service, the daemon process sends the value of i _ ready to the money laundering client after receiving the inquiry message, if the value of i _ ready is 0, the money laundering client enters a sleep mode for 15 minutes, if the value of i _ ready is 1, ftp data access is initiated, and SYM _ YYYYYMMDD.ok files are obtained from an upstream system, so that the money laundering data of the client can be obtained.
In the above technical solution, the basic data table module:
step 3.1, firstly, acquiring the date of the current data to be acquired by accessing a calendar mc00_ datatime;
and 3.2, calling a shell script according to the java program and the configuration table mc00_ ds _ tables, and loading the upstream data file into the metadata table of the anti-money laundering database.
In the above technical solution, in the screening module, the money laundering suspicious model is executed in parallel by multiple nodes, and the specific algorithm is as follows:
4a, performing hash calculation on the client number in the money laundering data, and evenly distributing the client data in a plurality of calculation nodes;
4b, associating the account table through the client table, and distributing the account data to the same computing nodes as the corresponding clients;
4c, associating the transaction table through the account table, and distributing the transaction data on the same computing nodes as the corresponding accounts and the clients;
4d, the customer, the account and the transaction data of the anti-money laundering are scattered in a plurality of computing nodes, so that the parallel computation of the data is realized, the computation efficiency of the suspicious rules of the anti-money laundering is improved, but broadcast noise among multiple nodes needs to be prevented, therefore, the three steps of the steps 4a, 4b and 4c are executed, and the customer, the account and the transaction data of the same customer are distributed in the same computing node, so that the broadcast communication among the computing nodes is avoided from a data level, and the efficiency of data distribution computation is improved.
In the above technical solution, the screening module calls a money laundering prevention suspicious model to perform data screening on the basic data sheet, and generating a screening result includes: calling a corresponding money laundering prevention suspicious model to screen the data of the basic data sheet by using a preset calling rule to generate a screening result, wherein the screening result comprises suspicious transaction data, suspicious customer information and suspicious account data; the anti-money-washing calling rules are divided into two types, namely a large-amount monitoring rule and a suspicious monitoring rule, wherein the large-amount monitoring rule is personal or enterprise transaction data which are published by people banks and need to be reported, and the suspicious monitoring rule is a money-washing monitoring rule which is specified for 8 types of telecommunication anti-fraud, underground money, wading, gambling, illegal collection, reimbursement, illegal cash register and illegal tax evasion. The anti-money laundering rule is executed by executing various types of proprietary storage processes on the database.
Because the invention adopts the technical scheme, the invention has the following beneficial effects:
1. and (4) authenticity guarantee: the verification links are added in the data transmission, storage and processing processes, so that the file quantity and file fields are prevented from being lost, and the situation that the basic logic of field information is wrong and the data analysis quality is directly influenced is avoided.
2. And (3) ensuring timeliness: and the data modification linkage prompt function is enhanced, and once the field information is modified by the front-end service system, the back-end data warehouse is informed to start a rechecking and modifying mechanism in time.
3. The high efficiency is ensured: by comprehensively applying the automatic database partitioning technology, a single database computing node is expanded to theoretically infinite computing nodes, and the computation efficiency of the anti-money laundering model is greatly improved.
Detailed Description
Hereinafter, a detailed description will be given of embodiments of the present invention. While the invention will be described and illustrated in connection with certain specific embodiments thereof, it should be understood that the invention is not limited to those embodiments. Rather, modifications and equivalents of the invention are intended to be included within the scope of the claims.
Furthermore, in the following detailed description, numerous specific details are set forth in order to provide a better understanding of the present invention. It will be understood by those skilled in the art that the present invention may be practiced without these specific details.
Step S1, the data source detection task obtains the upstream system data preparation condition, and the system clock scanning is realized by using java
In step S2, data task extraction is performed.
Step S3, anti-money laundering data is acquired, the anti-money laundering data including customer data, transaction data, and account data. Wherein the anti-money laundering data is obtained through an upstream business system.
And step S4, standardizing the anti-money laundering data to generate a basic data table.
And step S5, calling an anti-money laundering suspicious model to screen the data of the basic data sheet, and generating a screening result. And screening out data which accord with the description of the anti-money laundering suspicious model as a screening result during data screening.
And step S6, determining suspicious transactions by using the screening result. And further determining suspicious transactions according to the screening result.
Step S7, manger: and calculating after batch, aggregating and counting data required by anti-money laundering, filing information and cleaning data.
Wherein the suspicious transaction comprises:
1. the reason of the customer fund account is unknown, cash mode payment close to the standard of large-amount cash transaction frequently occurs, and the suspicion of evading person large-amount transaction monitoring exists.
2. The customer transfers funds from a plurality of bank accounts and collects the funds into one account to transfer out.
3. The customer transfers funds from one bank account in a centralized way and transfers the funds from a plurality of accounts in a dispersed way.
4. The customer makes fund subscription and redemption in a short period of time, and the transaction fee cost is not considered.
5. Long-term idle fund accounts are suddenly enabled for unknown reasons and a large number of fund transactions occur in the short term.
6. The same customer information as the blacklist, the high-risk region clearing list and the foreign government bill.
7. The client entrusted source is abnormal, a plurality of client transactions occur in the same entrusted source (MAC, IP or mobile phone), and the transaction behaviors are similar.
8. The client delegated source is anomalous, there are multiple delegated sources, and the transaction is large.
9. The client occupation and asset scale and the transaction scale are abnormal.
10. The age of the client is abnormal with the size of the assets and the size of the transactions.
11. The customer frequently takes abnormal trading behaviors of high buying and low selling and continuous loss.
12. After the customer changes the deposit and management bank, a large amount of assets are transferred to the changed deposit and management bank in a short time.
13. Broker customers frequently trade in large securities and commission rates are higher than market standards.
14. The client trades the national stock to the system listing stock entrusted price abnormally, and the price deviates greatly.
15. The same business (except for the business of client entrusted stocks and fund in the field) frequently occurs for a plurality of times in one day for clients.
16. And the client modifies the key information of the certificate and then conducts fund transfer.
17. The customers have multiple transactions with each other as counterparties in the same day, and the transaction amount is large, the proportion is high, and the abnormal situation of the transaction of the counterpoint is possible to exist.
18. The mutual transaction counter-parties can transact for a plurality of times within one day between the accounts with certain relevance, and the transaction amount is large.
19. The client changes the deposit bank for many times in a short period and takes out the fund.
20. The high-school risk level customers have multiple transactions as counterparties of mutual transaction within one day, the transaction amount is large, and abnormal conditions of the transaction of the counterpoint are possibly existed.
Checking the anti-money laundering data: the extraction of the data source task data comprises the following steps: and scanning the preparation state of the data source, judging whether the preparation of the data source data is finished, specifically, the data date range which can be scanned is automatically maintained by the system without manual intervention.
The anti-money laundering data includes: the anti-money laundering data are acquired from a plurality of upstream business systems in the form of data files, and the system can automatically split task list tasks according to frequency. And trigger one by one from low to high according to the frequency.
Standardizing the anti-money laundering data, and generating a basic data table comprises: generating the basic data table according to the date, the transaction type and the transaction channel corresponding to the money laundering prevention data, and respectively generating the basic data table according to the data sources when generating the task list
Calling an anti-money laundering suspicious model to screen the data of the basic data sheet, wherein the step of generating a screening result comprises the following steps: and calling a corresponding money laundering prevention suspicious model by using a preset calling rule to screen the data of the basic data sheet to generate a screening result, wherein the screening result comprises suspicious transaction data, suspicious customer information and suspicious account data. The anti-money laundering basic data table covers all the client, account and transaction running information of the financial institution. The anti-money laundering rule is the money laundering characteristic which is accorded by the information of the customer, the account and the transaction flow.
Using the screening results, determining suspicious transactions includes: and sending the screening result to a business operating system, and screening suspicious transaction data, suspicious customer information and suspicious account data by using the business operating system to determine suspicious transactions.
Establishing the configuration of the anti-money laundering suspicious model by using a preset establishment rule; when each trigger condition of one trigger is met, the trigger is triggered, the corresponding task is activated, and the corresponding task can be sent into an execution queue. Before the triggered task is sent into the execution queue, the system judges the configuration of the task splitter, if necessary, the task is split, and data desensitization and test are carried out on the money laundering suspicious model.
The business function of the system covers the core work of the anti-money laundering supervision requirement; the foreground monitoring and management of the extraction, conversion and loading processes of the system use risk monitoring data are realized, and the foreground monitoring and management mainly comprises the functions of business data source management, data extraction script management, data loading script management, data unloading script management, data table management, data script conversion management and the like.
The data processing part completes the integration and analysis of the anti-money laundering data based on an anti-money laundering application calculation area established by a DATAWARE data warehouse platform and a SHELL + SQLLDR script language technology. And loading the bank transaction data and the account data which are generated every day into the anti-money laundering basic data sheet through the data operation scheduling platform. The data job scheduling platform is a batch job automation management tool, and different conditions for triggering batch job execution can be configured according to different scenes. These conditions include: timed execution, job dependent execution.
In a commercial bank IT system, the anti-money laundering data is a big-end product of integrating bank customer data, transaction data, and account data. The method has the characteristics of large data volume, wide data related range, complex service background and the like. Data generated by the upstream business system is loaded into the data warehouse in a data file form every day. The data warehouse processes the original data according to the dimensions of date, transaction type, transaction channel and the like to form an anti-money laundering basic data table. According to the real money laundering cases and the money laundering law at the central bank, the commercial bank combines the characteristics of self business data and summarizes various money laundering scene data screening logics according to the principles of case characterization, characteristic indexing and index modeling. The data screening logics form various types of data of suspicious transactions of money laundering, if the data can be screened from the money laundering data taking the basic data table of money laundering as the core.
The data screening logic is the anti-money laundering suspicious model. The anti-money laundering system realizes the model screening condition by adopting SQLLDR script language according to different types of suspicious models. And forming an anti-money laundering operation flow by using the SHELL + SQLLDR script operation according to the mutual dependency relationship through the data warehouse data operation scheduling platform. The anti-money laundering operation flow screens out suspicious data (comprising suspicious transaction data, suspicious customer information and suspicious account data) at the end of each day, and transmits the suspicious data to a business operation system through a file transmission component.
The business operating system is designed and implemented based on the J2EE technical architecture. And one part of the system realizes the anti-money laundering business process processing and the personnel interaction through a uniform JAVA display interface, the realization of the interface function depends on the transaction processing of a server, and the business display is carried out based on the transaction condition returned by a back end. The server is an application flow system based on J2EE architecture and modular design, receives a service request sent by the presentation layer, completes the specific implementation of business logic, and returns a result to the presentation layer. On the aspect of report data display, a flexible report mode is utilized to support business personnel to define a report format and a visual graph display mode independently, query of detail data is supported, and meanwhile, a fixed report meeting the supervision requirement is generated based on the particularity of the money laundering business.
Data processing is the core business logic implementation of risk monitoring rule processing, and the data processing will meet the following requirements:
1. newly imported transaction data can be continuously, stably and accurately processed on time every day;
2. ensuring the correct relation between the associated data from the time and the service logic;
3. the data processing of the background does not influence the normal use of foreground functions;
4. ensuring the integrity and consistency of the transaction;
5. each specific business logic should be organized in the system in a pluggable way, and a new business logic can be expanded;
6. the efficiency is improved as much as possible, and the I/O throughput and the network load pressure are reduced;
because the money laundering prevention suspicious transaction model is centered on 'customers', in order to verify the correctness of the suspicious transaction model, the data without desensitization is required to be used for testing and tuning. In order to satisfy the data security of commercial banks and the anti-money laundering test requirements, the construction of anti-money laundering laboratories is very necessary.
Purpose of anti-money laundering laboratory: the method is mainly used for application scenarios such as model development, model verification, data analysis and the like of the anti-money laundering business monitoring model. The laboratory assists the business in data analysis and mining through tools such as SAS tools. Typical behavior characteristics can be defined by data mining modeling, behavior patterns, transaction scenes and the like are established to form a risk identification and quantification system, risk points and monitoring ideas are solidified by applying mature risk modeling methods and tools, and the system assists in carrying out instant discrimination analysis and continuous monitoring and early warning, and the model laboratory has the following characteristics:
and (3) data analysis: by analyzing the basic situation of the data in the line, the basic data distribution and indexes are known, the business rule, the client characteristics and the behavior habit are mastered, and a reference basis is provided for model definition, optimization and risk analysis.
Model definition: the online design of the model is realized, and an interfacing flexible customization tool is provided.
And (3) model verification: and realizing model simulation calculation and result examination based on real data.
Model auditing: and realizing the auditing flow management of the model design process.
Putting the model into production: and the production release management of the model design process is realized.
Model tracking: and continuously tracking and analyzing the operation result and the state of the model, and providing a model optimization suggestion.
The laboratory accesses the production data of the source system from the data warehouse and loads the data periodically with a month period.
Many suspicious transaction models for money laundering are designed and implemented according to the guiding principle of a supervisor, and are combined with massive bank transaction data, customer information and account data to analyze and integrate, extract case characteristics, and quantify indexes of the characteristics, so that the suspicious transaction models are formed by fixing the modes of the suspicious transaction models. Therefore, the suspicious transaction model can be managed and optimized, and the actual commercial bank assets are formed.
A data calculation task monitoring platform (a monitoring platform for short) is arranged in the system, and due to the fact that the types of the anti-money laundering suspicious transaction models are various, the related service data are different. In order to enable the orderly batching of numerous suspicious transaction models, a data monitoring platform needs to be carefully configured. The monitoring platform should have multiple management functions. The monitoring platform is an automatic management tool for batch processing operation. A batch process is referred to as a scheduling job. A scheduled job is normally executed only if the preconditions (called input dependencies) are all satisfied. A dispatch job, after execution is complete, generates a success flag (called an output dependency). The representation of the success flag may be varied, such as generating a file, writing a success record in a library table, and so forth. These output dependencies are typically used for subsequent jobs. And the subsequent operation can be executed after the successful mark of the preorder operation is monitored.
When one scheduling job is abnormal in the execution process and needs to be terminated, the monitoring platform provides a suspension function, and the specific implementation mode can be a 'process killing' mode. The number of reruns of the job is the number of times the batch program is re-executed, and "re-executing the batch" requires that the batch code be written to support multiple executions. In the aspect of manual processing and screening of the whole process, the automatic processing process of data interaction between the suspicious data from the data warehouse anti-money laundering application calculation area to the business operation system is realized. And establishes the whole flow of manual processing such as 'suspicious case discrimination', 'suspicious transaction confirmation', 'customer due-employment investigation', 'customer fund transaction link diagram', and the like.
The anti-money laundering suspicious model screens the anti-money laundering data, determines suspicious transactions according to the screening result, solves the problems of data dispersion, insufficient data analysis and early warning capability and the like in the anti-money laundering working field, and improves the monitoring efficiency and the monitoring accuracy of anti-money laundering monitoring, thereby greatly improving the detection quality in an enterprise range.
The data acquisition module is used for acquiring anti-money laundering data, and the anti-money laundering data comprises customer data, transaction data and account data;
the data standardization module is used for standardizing the anti-money laundering data to generate a basic data table;
the data screening module is used for calling an anti-money laundering suspicious model to carry out data screening on the basic data sheet and generate a screening result;
and the suspicious transaction module is used for determining suspicious transactions by using the screening result.
The data acquisition module comprises: and the data acquisition unit is used for acquiring the anti-money laundering data from a plurality of upstream business systems in the form of data files.
The data normalization module comprises: and the data standardization unit is used for generating the basic data table according to the date, the transaction type and the transaction channel corresponding to the anti-money laundering data.
The data screening module comprises: and the data screening unit is used for calling the corresponding money laundering prevention suspicious model to perform data screening on the basic data sheet by using a preset calling rule to generate a screening result, and the screening result comprises suspicious transaction data, suspicious customer information and suspicious account data.
Using the screening results, determining suspicious transactions includes: and sending the screening result to a business operating system, and screening suspicious transaction data, suspicious customer information and suspicious account data by using the business operating system to determine suspicious transactions.
The device of the invention also comprises: the model establishing unit is used for establishing an anti-money laundering suspicious model by utilizing a preset establishing rule; and the desensitization test unit is used for performing data desensitization and test on the anti-money laundering suspicious model.
Claims (10)
1. A method for monitoring suspicious transaction data against money laundering, the method comprising:
step S1, a data source detection task realizes system clock scanning by using java.util.timer, and obtains the data preparation condition of an upstream system through the flag quantity of data preparation, when the upstream system generates a SYM _ YYYYYYYMMDD.ok file containing money laundering data sent by a client in a file sharing area, the flag data is completely prepared, otherwise, the upstream system continues to wait;
step S2, when the upstream system generates a SYM _ YYYYYMMDD.ok file in the file sharing area in the step S1, data extraction is carried out to obtain anti-money laundering data, and the anti-money laundering data comprise client data, transaction data and account data;
step S3: generating the basic data table according to the date, the transaction type and the transaction channel corresponding to the money laundering prevention data;
step S4: calling an anti-money laundering suspicious model to screen the data of the basic data sheet to generate a screening result;
step S5: executing SQL sentences according to rules by using the screening result, determining suspicious transactions, and loading clients meeting requirements to an anti-money laundering case table;
and step S6, aggregating and counting the data in the anti-money-laundering case table, filing information, cleaning data, carrying out foreground display on the client, then manually screening cases by inline service personnel, judging suspicious cases, namely reporting to a pedestrian, and removing the suspicious cases.
2. The method of claim 1, wherein the extracting of the data source task data comprises: the step 2 comprises the following steps:
step 2.1, creating a stealth file, namely creating a daemon process at the background, creating an empty file am.sok by the daemon process, opening the file through an open () function, calling a unix system command ulink to forcibly cancel a hard link of the file to enable the file to be in a stealth state, and changing the file to be always existed unless the daemon process is abnormally exited or exists, wherein the main function of the step is to prevent the background daemon process from being repeatedly executed and simultaneously establish an am.sok socket service;
step 2.2, the daemon scans whether SYM _ YYYYYMMDD.ok is created in a specified file area according to the time of 5-minute training, wherein YYYYMMDD is the date needing loading, if the file is scanned, the value of an i _ ready variable rewritten in the daemon is 1, and if not, the value is 0 by default;
step 2.3, the money laundering client initiates an inquiry message by accessing the aml.sok socket service, the daemon process sends the value of i _ ready to the money laundering client after receiving the inquiry message, if the value of i _ ready is 0, the money laundering client enters a sleep mode for 15 minutes, if the value of i _ ready is 1, ftp data access is initiated, and a SYM _ yyyymmdd.ok file is obtained from an upstream system, so that the money laundering data of a client, including a client, an account, a transaction data file and a control file, can be obtained, wherein the data file is used for analyzing a money laundering model, and the control file describes the size of the corresponding data file, the MD5 value and configuration information of each data field.
3. The method for monitoring suspicious transaction data of money laundering according to claim 1, wherein step 3 comprises:
step 3.1, firstly, acquiring the date of the current data to be acquired by accessing a calendar mc00_ datatime;
step 3.2, MD5 calculation is carried out on the client, the account and the transaction data file, the obtained MD5 value is compared with the corresponding client, account and transaction control file, and the MD5 values of the client, account and transaction data file are consistent, so that the quantity and the field of the data file are consistent with those of an upstream system;
3.3, comparing the field configuration information in the control file with each field configuration information recorded in a configuration table mc00_ ds _ tables, if the field configuration information is consistent with the configuration information recorded in the configuration table mc00_ ds _ tables, directly loading the file for use, if the field configuration information is inconsistent with the configuration information recorded in the configuration table mc00_ ds _ tables, adjusting a corresponding table in a database, calling an automatic script to adjust a basic table to be consistent with the configuration information in the control file, calling a shell script according to a java program and the configuration table mc00_ ds _ tables, and loading an upstream data file into a metadata table of the money laundering database;
4. the method for monitoring suspicious transaction data against money laundering according to claim 1, wherein in step 4, the suspicious model of money laundering is executed in parallel by multiple nodes, and the specific algorithm is as follows:
4a, performing hash calculation on the client number in the money laundering data, and evenly distributing the client data in a plurality of calculation nodes;
4b, associating the account table through the client table, and distributing the account data to the same computing nodes as the corresponding clients; 4c, associating the transaction table through the account table, and distributing the transaction data on the same computing nodes as the corresponding accounts and the clients;
4d, the customer, the account and the transaction data of the anti-money laundering are scattered in a plurality of computing nodes, so that the parallel computation of the data is realized, the computation efficiency of the suspicious rules of the anti-money laundering is improved, but broadcast noise among multiple nodes needs to be prevented, therefore, the three steps of the steps 4a, 4b and 4c are executed, and the customer, the account and the transaction data of the same customer are distributed in the same computing node, so that the broadcast communication among the computing nodes is avoided from a data level, and the efficiency of data distribution computation is improved.
5. The method for monitoring suspicious transaction data against money laundering according to claim 1, wherein the step 4 of invoking suspicious models against money laundering to perform data screening on the basic data table, and the generating of the screening result comprises: calling a corresponding money laundering prevention suspicious model to screen the data of the basic data sheet by using a preset calling rule to generate a screening result, wherein the screening result comprises suspicious transaction data, suspicious customer information and suspicious account data; the anti-money-washing calling rules are divided into two types, namely a large-amount monitoring rule and a suspicious monitoring rule, wherein the large-amount monitoring rule is personal or enterprise transaction data which are published by people banks and need to be reported, and the suspicious monitoring rule is a money-washing monitoring rule which is specified for 8 types of telecommunication anti-fraud, underground money, wading, gambling, illegal collection, reimbursement, illegal cash register and illegal tax evasion. The anti-money laundering rule is executed by executing various types of proprietary storage processes on the database.
6. A device for monitoring suspicious transaction data against money laundering, comprising:
the system comprises a data source detection module, a data source detection task, a data source detection module and a data source detection module, wherein the data source detection task realizes system clock scanning by using java.util.timer, and acquires the data preparation condition of an upstream system through the flag quantity of data preparation;
the data extraction module is used for extracting data to obtain money laundering data when an upstream system is searched to generate a SYM _ YYYYMMDD.ok file in a file sharing region, wherein the money laundering data comprises client data, transaction data and account data;
basic data table module: generating the basic data table according to the date, the transaction type and the transaction channel corresponding to the money laundering prevention data;
a screening module: calling an anti-money laundering suspicious model to screen the data of the basic data sheet to generate a screening result;
a table writing module: executing SQL sentences according to rules by using the screening result, determining suspicious transactions, and loading clients meeting requirements to an anti-money laundering case table;
and the screening module aggregates and counts data in the anti-money-laundering case table, performs information archiving and data cleaning, performs foreground display on the client, then performs case screening, judges that the case is suspicious, reports the case to the people and eliminates the case if the case is not suspicious.
7. The method of claim 6, wherein the extracting the data source task data comprises: a data extraction module:
step 2.1, creating a stealth file, namely creating a daemon process at the background, creating an empty file am.sok by the daemon process, opening the file through an open () function, calling a unix system command ulink to forcibly cancel a hard link of the file to enable the file to be in a stealth state, and changing the file to be always existed unless the daemon process is abnormally exited or exists, wherein the main function of the step is to prevent the background daemon process from being repeatedly executed and simultaneously establish an am.sok socket service;
step 2.2, the daemon scans whether SYM _ YYYYYMMDD.ok is created in a specified file area according to the time of 5-minute training, wherein YYYYMMDD is the date needing loading, if the file is scanned, the value of an i _ ready variable rewritten in the daemon is 1, and if not, the value is 0 by default;
step 2.3, the money laundering client initiates an inquiry message by accessing the aml.sok socket service, the daemon process sends the value of i _ ready to the money laundering client after receiving the inquiry message, if the value of i _ ready is 0, the money laundering client enters a sleep mode for 15 minutes, if the value of i _ ready is 1, ftp data access is initiated, and SYM _ YYYYYMMDD.ok files are obtained from an upstream system, so that the money laundering data of the client can be obtained.
8. The method of claim 6, wherein the basic data table module:
step 3.1, firstly, acquiring the date of the current data to be acquired by accessing a calendar mc00_ datatime;
and 3.3, calling a shell script according to the java program and the configuration table mc00_ ds _ tables, and loading the upstream data file into the metadata table of the anti-money laundering database.
9. The method for monitoring suspicious transaction data against money laundering according to claim 6, wherein in the screening module, the suspicious model against money laundering is executed in parallel by multiple nodes, and the specific algorithm is as follows:
4a, performing hash calculation on the client number in the money laundering data, and evenly distributing the client data in a plurality of calculation nodes;
4b, associating the account table through the client table, and distributing the account data to the same computing nodes as the corresponding clients;
4c, associating the transaction table through the account table, and distributing the transaction data on the same computing nodes as the corresponding accounts and the clients;
4d, the customer, the account and the transaction data of the anti-money laundering are scattered in a plurality of computing nodes, so that the parallel computation of the data is realized, the computation efficiency of the suspicious rules of the anti-money laundering is improved, but broadcast noise among multiple nodes needs to be prevented, therefore, the three steps of the steps 4a, 4b and 4c are executed, and the customer, the account and the transaction data of the same customer are distributed in the same computing node, so that the broadcast communication among the computing nodes is avoided from a data level, and the efficiency of data distribution computation is improved.
10. The method as claimed in claim 6, wherein the screening module calls a suspected money laundering model to perform data screening on the basic data table, and generating the screening result includes: calling a corresponding money laundering prevention suspicious model to screen the data of the basic data sheet by using a preset calling rule to generate a screening result, wherein the screening result comprises suspicious transaction data, suspicious customer information and suspicious account data; the anti-money-washing calling rules are divided into two types, namely a large-amount monitoring rule and a suspicious monitoring rule, wherein the large-amount monitoring rule is personal or enterprise transaction data which are published by people banks and need to be reported, and the suspicious monitoring rule is a money-washing monitoring rule which is specified for 8 types of telecommunication anti-fraud, underground money, wading, gambling, illegal collection, reimbursement, illegal cash register and illegal tax evasion. The anti-money laundering rule is executed by executing various types of proprietary storage processes on the database.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111594374.7A CN114238414A (en) | 2021-12-24 | 2021-12-24 | Monitoring method and device for suspicious transaction data of money laundering prevention |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111594374.7A CN114238414A (en) | 2021-12-24 | 2021-12-24 | Monitoring method and device for suspicious transaction data of money laundering prevention |
Publications (1)
Publication Number | Publication Date |
---|---|
CN114238414A true CN114238414A (en) | 2022-03-25 |
Family
ID=80762385
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111594374.7A Pending CN114238414A (en) | 2021-12-24 | 2021-12-24 | Monitoring method and device for suspicious transaction data of money laundering prevention |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114238414A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117688063A (en) * | 2023-12-14 | 2024-03-12 | 慧安金科(北京)科技有限公司 | Clue mining method and system applied to back money laundering |
CN118037298A (en) * | 2024-02-21 | 2024-05-14 | 湖北经济学院 | Anti-money laundering suspicious transaction monitoring system |
CN118134636A (en) * | 2023-12-26 | 2024-06-04 | 东华软件股份公司 | Self-checking early-warning engine tool for counter-money-laundering abnormal data of financial institution |
-
2021
- 2021-12-24 CN CN202111594374.7A patent/CN114238414A/en active Pending
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN117688063A (en) * | 2023-12-14 | 2024-03-12 | 慧安金科(北京)科技有限公司 | Clue mining method and system applied to back money laundering |
CN118134636A (en) * | 2023-12-26 | 2024-06-04 | 东华软件股份公司 | Self-checking early-warning engine tool for counter-money-laundering abnormal data of financial institution |
CN118037298A (en) * | 2024-02-21 | 2024-05-14 | 湖北经济学院 | Anti-money laundering suspicious transaction monitoring system |
CN118037298B (en) * | 2024-02-21 | 2024-09-24 | 湖北经济学院 | Anti-money laundering suspicious transaction monitoring system |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11163670B2 (en) | Data records selection | |
CN111127200A (en) | Method and device for monitoring suspicious transactions of anti-money laundering | |
Kuhn et al. | Learning from WorldCom: Implications for fraud detection through continuous assurance | |
CN114238414A (en) | Monitoring method and device for suspicious transaction data of money laundering prevention | |
US10817813B2 (en) | Resource configuration and management system | |
CN107103548A (en) | The monitoring method and system and risk monitoring and control method and system of network behavior data | |
US20060080281A1 (en) | System and method of continuous assurance for internal control | |
CN111915316B (en) | Method and device for monitoring suspicious transactions, computer equipment and storage medium | |
CN112612813B (en) | Test data generation method and device | |
CN112669039B (en) | Knowledge graph-based customer risk management and control system and method | |
CN110109905A (en) | Risk list data generation method, device, equipment and computer storage medium | |
CN112598513B (en) | Method and device for identifying stockholder risk transaction behaviors | |
CN111091358A (en) | Unified processing method and system for multiple payment channels | |
CN111861487A (en) | Financial transaction data processing method, and fraud monitoring method and device | |
CN111833182A (en) | Method and device for identifying risk object | |
CN111738824A (en) | Method, device and system for screening financial data processing modes | |
CN117437001A (en) | Target object index data processing method and device and computer equipment | |
CN111932368A (en) | Credit card issuing system and construction method and device thereof | |
CN115907835A (en) | Big data wind control and assistant decision analysis method based on commercial draft information | |
CN116228402A (en) | Financial credit investigation feature warehouse technical support system | |
CN114708090A (en) | Bank payment business risk identification device based on big data | |
US11647048B2 (en) | Real-time feedback service for resource access rule configuration | |
CN114723548A (en) | Data processing method, apparatus, device, medium, and program product | |
CN114493858A (en) | Illegal fund transfer suspicious transaction monitoring method and related components | |
CN113837885A (en) | Construction method of financial anti-fraud service database and financial anti-fraud service system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |