Project Overview
A UK FinCrime technology company building an investigation platform for UK financial crime investigation teams...
Technology Stack
Compliance & Standards
The Challenge
A UK FinCrime technology company building an investigation platform for UK financial crime investigation teams (FCA-regulated banks and payment institutions) needed to build an AML case management and analytics platform. FCA JMLSG Guidance, NCA ELMER typologies, Proceeds of Crime Act 2002 (POCA), Terrorism Act 2000, NCA goAML (SAR submission), AUSTRAC typologies (for Australia-facing clients), UK GDPR, ISO 27001, Cyber Essentials Plus. Budget GBP120,000.
Our Approach
AML case management for financial crime investigation teams
- 1alert ingestion (ML transaction monitoring alerts received -- case created per alert),
- 2case triage (analyst reviews alert -- case classified: close, escalate, file SAR),
- 3investigation (analyst gathers evidence -- transaction history, network graph, adverse media, sanctions check),
- 4SAR decision (supervisor approves SAR filing decision),
- 5goAML submission (SAR XML submitted to NCA goAML within 24 hours of decision).
Case management SLAs
- 1alert-to-review: 24 hours (FCA JMLSG expects prompt review),
- 2review-to-close or review-to-
SAR
72 hours standard, (3) SAR-to-submission: 24 hours (POCA s.338 -- trespass to property and SAR consent regime).
TIPPING OFF prevention
case management system access restricted -- customer-facing staff cannot see investigation status.
Network graph for FinCrime
- 1entity extraction (customers, companies, beneficial owners from KYC data -- enriched with Companies House PSC, OpenCorporates),
- 2transaction graph (financial flows between entities -- edge weight = transaction amount, edge direction = money flow),
- 3network visualisation (D3.js force-directed graph -- investigator can explore entity network interactively),
- 4circular transaction detection (algorithm detects closed loops in transaction graph -- circular trade fraud signal),
- 5beneficial ownership traversal (recursive UBO search -- Companies House PSC chain -- identify ultimate human controllers). NetworkX (Python): ClickMasters uses NetworkX for graph algorithms (shortest path, community detection, centrality measures) that expose hidden relationships in financial networks.
POCA and TACT Consent Regime
POCA 2002 (Proceeds of Crime Act) and TACT 2000 (Terrorism Act) consent regime: (1) Authorised Disclosure (POCA s.338 -- bank files SAR and seeks consent from NCA before processing transaction that may constitute money laundering), (2) Moratorium period (NCA has 7 days to grant or refuse consent -- bank can proceed after moratorium expires if NCA silent), (3) SAR consent tracking (case management system tracks consent request status -- alert if moratorium approaching expiry), (4) Defence Against Money Laundering (DAML) -- bank can proceed with transaction if DAML obtained from NCA), (5) SAR statistics (annual report to board -- number of SARs, SAR-to-prosecution rate).
ClickMasters POCA consent module
automated moratorium calendar, consent status tracking, board SAR statistics report.
JMLSG and NCA ELMER Typology Alignment
JMLSG (Joint Money Laundering Steering Group)
Guidance alignment
- 1risk-based approach (case management system risk-rates each case -- high/medium/low -- determines investigation depth required),
- 2enhanced due diligence triggers (case management system identifies EDD triggers -- high-risk country, PEP, cash-intensive SIC code),
- 3customer risk appetite (case management system tracks customer risk profile over time -- deteriorating risk score triggers periodic review),
- 4NCA ELMER typologies (published NCA money laundering typologies -- circular trade, cash intensive, professional enabler -- case management tags alert to ELMER typology). AUSTRAC integration (for Australia-facing clients): AUSTRAC (Australian Transaction Reports and Analysis Centre) typologies imported -- UK financial institutions with Australian operations.
The Results
Platform live at 20 weeks, GBP112,000. 48 FCA-regulated firm clients. 280,000 cases managed in year one.
Alert-to-review SLA: 98.4% within 24 hours.
SAR-to-submission: 100% within 24 hours.
Network graph: average 8.4 entities per case investigated (was 3.2 without graph).
POCA consent tracking: zero moratorium expiry breaches.
ISO 27001 maintained.
CE Plus confirmed. 48 firms. 280,000 cases.
SLA 98.4% within 24 hours.
SAR submission 100% within 24 hours.
Network graph 8.4 entities vs 3.2 without.
Zero POCA consent breaches.
ISO 27001.
The network graph was the feature that changed how investigations are conducted.
When an analyst can see that the suspicious customer is connected to 3 other flagged entities through a chain of 5 companies, they understand the risk differently.
Before the graph, analysts saw transactions.
After the graph, analysts see networks.
Networks are how financial crime actually works. -- Head of Financial Crime, UK Payments Institution
Project Details
Related Case Studies
View AllOpen Banking AISP Platform for UK FinTech Startup
Open Banking AISP Platform for UK FinTech Startup. A UK FinTech startup needed to build an FCA-authorised Account Information Service Provider (AISP) platform that could a...
AI-Powered Customer Service Platform β UK FinTech
A UK FinTech company with 180,000 customers was spending Β£840,000/year on a 45-person customer service team, p...
Digital Banking Platform MVP β UK Challenger Bank
A UK challenger bank startup had received FCA authorisation with restriction (they could accept deposits but n...
Ready to Transform Your Business?
Let's discuss how our technical expertise can help you achieve remarkable results.