Back to Portfolio
SQLTableauClaude Code

AML Risk Detection & Visualization

AMLComplianceFinancial AnalysisRisk DetectionData Visualization
View on GitHub

How I Built This with Claude Code

Claude Code was used to develop the SQL detection logic and risk scoring framework. The Tableau dashboard was built manually to provide the interactive visualization layer.

  • SQL query development: Wrote and refined AML detection queries across 5M+ transactions, covering temporal patterns, structuring detection, rapid movement flags, and round-amount anomalies.
  • Risk scoring engine: Built a composite scoring framework weighting velocity thresholds, round-amount flags, temporal spikes, and cross-currency corridor rankings into entity-level risk classifications.
  • Tableau dashboard: Built manually using Claude as a guide for layout and design best practices, then implemented directly in Tableau.

Summary

This project delivers an end-to-end surveillance solution designed to detect and visualize high-risk money laundering patterns within a global banking network. Utilizing the IBM Transactions for Anti-Money Laundering (HI-Small_Trans.csv) synthetic 2022 dataset, I engineered an interactive dashboard that uncovers $187B in high-risk exposure from over 5 million raw transactions. The tool enables investigators to pivot seamlessly from macro-level system trends to micro-level transactional spikes, effectively filtering the noise of legitimate banking to reveal illicit signals.

Core Analytical Worksheets

The analysis is structured around three core functional areas:

  1. Temporal Activity Patterns (Trend Analysis)
    • Purpose: Visualize the velocity and timing of laundering events.
    • Analysis: Aggregates millions of timestamps into hourly buckets to distinguish between Integration (massive bursts) and Structuring (high-frequency, low-value patterns).
  2. Top 10 High-Risk Corridors Heatmap
    • Purpose: Identify the highest-risk institutional corridors.
    • Insight: Isolated a critical anomaly where Bank 4 and Bank 116781 accounted for over $84B in flagged volume, highlighting a massive institutional settlement risk.
  3. Transaction Channel Analysis
    • Purpose: Determine which transaction channels are being exploited.
    • Insight: Data revealed that Electronic Transfers are the primary rails for high-value laundering within this network.

Technical Methodology & Optimization

Handling a dataset of this scale (5M+ rows) required specific architectural choices to maintain dashboard performance:

  • Data Engineering: Processed raw CSV data via SQL to ensure integrity across Bank IDs and timestamps.
  • Interactive Design: Developed Dashboard Filter Actions to allow for one-click drill-downs without filter conflicts.
  • Data Resolution: Solved grain issues by aggregating records into logical time windows, uncovering patterns invisible at the raw-record level.

The Investigation Workflow

The dashboard is designed to follow the Search, Filter, Act methodology:

  1. Search: Use the Heatmap to find the hottest bank-to-bank relationship.
  2. Filter: Click the relationship to instantly update the Time Spikes and Payment Rails.
  3. Act: Identify the specific hour and method of the spike to extract the data needed for a Suspicious Activity Report (SAR).

Limitations & Considerations

This analysis was performed on synthetic data from the IBM Transactions for Anti-Money Laundering dataset. While the queries and methodology reflect real-world AML practices, the flagged volumes (e.g., $187B) are intended to demonstrate technical capability. In a production environment, additional context such as customer profiles, historical behavior, and external intelligence would be incorporated to reduce false positives.