-
Notifications
You must be signed in to change notification settings - Fork 3
Expand file tree
/
Copy pathoutput.json
More file actions
385 lines (362 loc) · 20.2 KB
/
output.json
File metadata and controls
385 lines (362 loc) · 20.2 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
{
"status": "success",
"input": {
"case_id": "CASE_2026_00145",
"generated_at": "2026-02-11T12:05:00Z",
"institution": "Demo National Bank",
"customer_kyc": {
"customer_id": "CUST991200",
"full_name": "Rakesh Patel",
"dob": "1988-02-21",
"pan": "ZXCVB1234Q",
"aadhaar_last4": "1109",
"occupation": "Retail Shop Owner",
"declared_annual_income": 420000,
"risk_category": "Medium",
"address": "Ahmedabad, Gujarat, India",
"kyc_last_updated": "2024-06-10"
},
"account_profile": {
"account_number": "XXXX5521",
"account_type": "Savings",
"opened_date": "2017-04-11",
"average_monthly_balance": 65000,
"average_monthly_credit": 90000,
"average_monthly_debit": 88000,
"usual_transaction_pattern": "Small retail deposits"
},
"alerts": [
{
"alert_id": "ALERT_22001",
"type": "Layering Pattern",
"description": "Funds routed across multiple intermediary accounts",
"trigger_time": "2026-02-10T11:02:00Z",
"severity": "Critical"
},
{
"alert_id": "ALERT_22002",
"type": "Rapid International Transfer",
"description": "Funds exited to high-risk jurisdiction",
"trigger_time": "2026-02-10T11:15:00Z",
"severity": "High"
}
],
"transactions": [
{
"tx_id": "L1",
"timestamp": "2026-02-10T10:50:00Z",
"from_account": "ACC_A",
"to_account": "XXXX5521",
"amount": 300000,
"currency": "INR",
"channel": "NEFT",
"country": "India"
},
{
"tx_id": "L2",
"timestamp": "2026-02-10T10:55:00Z",
"from_account": "XXXX5521",
"to_account": "ACC_B",
"amount": 300000,
"currency": "INR",
"channel": "IMPS",
"country": "India"
},
{
"tx_id": "L3",
"timestamp": "2026-02-10T11:00:00Z",
"from_account": "ACC_B",
"to_account": "ACC_C",
"amount": 300000,
"currency": "INR",
"channel": "IMPS",
"country": "India"
},
{
"tx_id": "L4",
"timestamp": "2026-02-10T11:06:00Z",
"from_account": "ACC_C",
"to_account": "HK_NODE_8821",
"amount": 300000,
"currency": "INR",
"channel": "SWIFT",
"country": "Hong Kong"
}
]
},
"risk": {
"risk_score": 70,
"classification": "High",
"breakdown": {
"customer_risk": 12,
"alert_risk": 25,
"geographic_risk": 8,
"pattern_risk": 0,
"transaction_risk": 25
}
},
"threshold": 50,
"evidence_generated": true,
"evidence": [
"Customer KYC risk category is Medium.",
"Declared annual income is ₹4,20,000.",
"Customer occupation is Retail Shop Owner.",
"Alert 'Layering Pattern' with severity 'Critical' triggered at 2026-02-10T11:02:00Z.",
"Alert 'Rapid International Transfer' with severity 'High' triggered at 2026-02-10T11:15:00Z.",
"1 foreign transaction(s) detected.",
"Foreign country(ies) involved: Hong Kong.",
"Funds were transferred outside India.",
"Total transaction volume is ₹12,00,000.",
"Average monthly credit is ₹90,000.",
"Total transaction volume exceeds declared annual income.",
"Total transaction volume exceeds expected annual credit based on account profile.",
"4 transactions occurred within a one-hour window starting at 2026-02-10T10:50:00+00:00.",
"On 2026-02-10, same-day inflow of ₹3,00,000 and outflow of ₹3,00,000 detected."
],
"sar_generated": true,
"sar": {
"sar_summary": "Rakesh Patel, a retail shop owner, conducted a series of rapid, high-value transactions totaling INR 3,00,000 on 2026-02-10. Funds were received, immediately layered through intermediary accounts, and then transferred to Hong Kong. This activity triggered critical and high-severity alerts for layering and rapid international transfer, and is inconsistent with the customer's profile and declared income.",
"subject_profile": {
"customer_id": "CUST991200",
"full_name": "Rakesh Patel",
"dob": "1988-02-21",
"pan": "ZXCVB1234Q",
"aadhaar_last4": "1109",
"occupation": "Retail Shop Owner",
"declared_annual_income": 420000,
"risk_category": "Medium",
"address": "Ahmedabad, Gujarat, India",
"kyc_last_updated": "2024-06-10",
"account_number": "XXXX5521",
"account_type": "Savings",
"opened_date": "2017-04-11",
"average_monthly_balance": 65000,
"average_monthly_credit": 90000,
"average_monthly_debit": 88000,
"usual_transaction_pattern": "Small retail deposits"
},
"risk_assessment": {
"customer_risk_category": "Medium",
"alert_severity": "Critical (Layering Pattern), High (Rapid International Transfer)",
"overall_risk": "Elevated"
},
"suspicious_indicators": [
"Layering Pattern: Funds routed across multiple intermediary accounts (ALERT_22001, Critical severity).",
"Rapid International Transfer: Funds exited to Hong Kong, a foreign jurisdiction (ALERT_22002, High severity).",
"Total transaction volume of INR 3,00,000 significantly exceeds declared annual income of INR 4,20,000.",
"Total transaction volume of INR 3,00,000 significantly exceeds average monthly credit of INR 90,000.",
"Rapid movement of funds: Same-day inflow and immediate outflow of INR 3,00,000.",
"Four transactions occurred within a one-hour window on 2026-02-10.",
"Funds transferred outside India to Hong Kong."
],
"transaction_analysis": "On 2026-02-10, account XXXX5521 received INR 3,00,000 via NEFT (tx_id: L1) at 10:50:00Z. Five minutes later, the entire INR 3,00,000 was transferred out via IMPS (tx_id: L2) to ACC_B at 10:55:00Z. This amount was subsequently routed from ACC_B to ACC_C (tx_id: L3) at 11:00:00Z, and then from ACC_C to HK_NODE_8821 in Hong Kong via SWIFT (tx_id: L4) at 11:06:00Z. The total transaction volume of INR 3,00,000 for this rapid series of four transactions, completed within 16 minutes, significantly exceeds the customer's declared annual income of INR 4,20,000 and average monthly credit of INR 90,000. This same-day inflow and outflow of a large sum deviates from the account's usual pattern of small retail deposits.",
"narrative": "Rakesh Patel, customer ID CUST991200, a Retail Shop Owner with a declared annual income of INR 4,20,000, maintains Savings Account XXXX5521, opened on 2017-04-11. The account's usual transaction pattern is small retail deposits, with an average monthly credit of INR 90,000. The customer's KYC risk category is Medium, last updated on 2024-06-10.\nOn 2026-02-10, a series of four transactions totaling INR 3,00,000 occurred within a one-hour window, specifically between 10:50:00Z and 11:06:00Z.\nAt 10:50:00Z, INR 3,00,000 was credited to account XXXX5521 from ACC_A via NEFT (tx_id: L1).\nFive minutes later, at 10:55:00Z, the entire INR 3,00,000 was debited from account XXXX5521 and transferred to ACC_B via IMPS (tx_id: L2).\nThis was followed by a transfer of INR 3,00,000 from ACC_B to ACC_C via IMPS (tx_id: L3) at 11:00:00Z.\nFinally, at 11:06:00Z, the INR 3,00,000 was transferred from ACC_C to HK_NODE_8821 in Hong Kong via SWIFT (tx_id: L4).\nThis sequence of transactions triggered a 'Layering Pattern' alert (ALERT_22001) at 11:02:00Z, classified as Critical severity, due to funds being routed across multiple intermediary accounts.\nA 'Rapid International Transfer' alert (ALERT_22002) was subsequently triggered at 11:15:00Z, classified as High severity, as funds exited to Hong Kong, a foreign jurisdiction.\nThe total transaction volume of INR 3,00,000 for this single event significantly exceeds the customer's declared annual income of INR 4,20,000 and the average monthly credit of INR 90,000. The same-day inflow and outflow of INR 3,00,000 is inconsistent with the customer's declared occupation as a Retail Shop Owner and the usual transaction pattern of small retail deposits.",
"recommended_action": "File a Suspicious Activity Report. Further investigation into the source of funds (ACC_A) and the beneficiaries (ACC_B, ACC_C, HK_NODE_8821) is recommended. Review of all associated accounts and transactions for similar patterns."
}
}
///////////////////////////
{
"status": "success",
"input": {
"case_id": "d2108626-493b-4590-a16a-2b86a42b32d0",
"generated_at": "2026-02-11T12:30:00Z",
"institution": "Demo National Bank",
"customer_kyc": {
"customer_id": "d2108626-493b-4590-a16a-2b86a42b22d0",
"full_name": "Sanjay Kumar",
"dob": "2000-01-14",
"pan": "AAZPK5522T",
"aadhaar_last4": "2233",
"occupation": "Student",
"declared_annual_income": 0,
"risk_category": "High",
"address": "Patna, Bihar, India",
"kyc_last_updated": "2023-11-02"
},
"account_profile": {
"account_number": "XXXX4401",
"account_type": "Savings",
"opened_date": "2023-12-01",
"average_monthly_balance": 5000,
"average_monthly_credit": 7000,
"average_monthly_debit": 6000,
"usual_transaction_pattern": "Minimal student spending"
},
"alerts": [
{
"alert_id": "ALERT_44001",
"type": "Mule Funnel Activity",
"description": "Account receiving and forwarding funds for multiple entities",
"trigger_time": "2026-02-10T13:12:00Z",
"severity": "Critical"
}
],
"transactions": [
{
"tx_id": "M1",
"timestamp": "2026-02-10T12:00:00Z",
"from_account": "ACC_P1",
"to_account": "XXXX4401",
"amount": 200000,
"currency": "INR",
"channel": "UPI",
"country": "India"
},
{
"tx_id": "M2",
"timestamp": "2026-02-10T12:05:00Z",
"from_account": "XXXX4401",
"to_account": "ACC_P2",
"amount": 200000,
"currency": "INR",
"channel": "UPI",
"country": "India"
},
{
"tx_id": "M3",
"timestamp": "2026-02-10T12:10:00Z",
"from_account": "ACC_P2",
"to_account": "XXXX4401",
"amount": 200000,
"currency": "INR",
"channel": "UPI",
"country": "India"
},
{
"tx_id": "M4",
"timestamp": "2026-02-10T12:20:00Z",
"from_account": "XXXX4401",
"to_account": "DUBAI_NODE_888",
"amount": 200000,
"currency": "INR",
"channel": "SWIFT",
"country": "UAE"
}
]
},
"risk": {
"risk_score": 98,
"classification": "Critical",
"breakdown": {
"customer_risk": 20,
"alert_risk": 25,
"geographic_risk": 8,
"pattern_risk": 20,
"transaction_risk": 25
}
},
"threshold": 50,
"evidence_generated": true,
"evidence": [
"Customer KYC risk category is High.",
"Declared annual income is ₹0.",
"Customer occupation is Student.",
"Alert 'Mule Funnel Activity' with severity 'Critical' triggered at 2026-02-10T13:12:00Z.",
"1 foreign transaction(s) detected.",
"Foreign country(ies) involved: UAE.",
"Funds were transferred outside India.",
"Circular fund flow pattern detected among accounts.",
"Total transaction volume is ₹8,00,000.",
"Average monthly credit is ₹7,000.",
"Total transaction volume exceeds declared annual income.",
"Total transaction volume exceeds expected annual credit based on account profile.",
"4 transactions occurred within a one-hour window starting at 2026-02-10T12:00:00+00:00.",
"On 2026-02-10, same-day inflow of ₹4,00,000 and outflow of ₹4,00,000 detected."
],
"sar_generated": true,
"sar": {
"sar_summary": "Sanjay Kumar, a student with a declared annual income of INR 0, engaged in high-value transactions totaling INR 800,000 on 2026-02-10. This activity included rapid receipt and forwarding of funds, a circular fund flow pattern, and an international transfer to the UAE, which is inconsistent with the customer's profile and usual transaction pattern. A 'Mule Funnel Activity' alert was triggered.",
"subject_profile": {
"customer_id": "d2108626-493b-4590-a16a-2b86a42b22d0",
"full_name": "Sanjay Kumar",
"dob": "2000-01-14",
"pan": "AAZPK5522T",
"aadhaar_last4": "2233",
"occupation": "Student",
"declared_annual_income": 0,
"address": "Patna, Bihar, India",
"kyc_last_updated": "2023-11-02",
"account_number": "XXXX4401",
"account_type": "Savings",
"opened_date": "2023-12-01",
"average_monthly_balance": 5000,
"average_monthly_credit": 7000,
"average_monthly_debit": 6000,
"usual_transaction_pattern": "Minimal student spending"
},
"risk_assessment": {
"risk_category": "High",
"alerts_triggered": [
"Mule Funnel Activity"
],
"inconsistencies": [
"Customer's declared annual income of INR 0 is inconsistent with a total transaction volume of INR 800,000 within a single day.",
"Customer's occupation as a student is inconsistent with high-value, rapid, and international fund movements.",
"The observed transaction pattern of rapid receipt and forwarding of funds, including an international transfer, deviates significantly from the declared usual transaction pattern of 'Minimal student spending' and average monthly credit of INR 7,000."
]
},
"suspicious_indicators": [
"Account received and forwarded funds for multiple entities, triggering a 'Mule Funnel Activity' alert.",
"High-value transactions totaling INR 800,000 are inconsistent with the customer's declared annual income of INR 0 and occupation as a student.",
"Rapid movement of funds: INR 400,000 inflow and INR 400,000 outflow detected on the same day (2026-02-10).",
"Circular fund flow pattern detected among accounts ACC_P1, XXXX4401, and ACC_P2.",
"International transfer of INR 200,000 to UAE (DUBAI_NODE_888) detected.",
"Total transaction volume of INR 800,000 significantly exceeds the customer's declared annual income of INR 0 and expected annual credit based on an average monthly credit of INR 7,000."
],
"transaction_analysis": "On 2026-02-10, four transactions totaling INR 800,000 were processed through account XXXX4401 within approximately one hour. The activity commenced at 12:00:00Z with an incoming UPI transfer of INR 200,000 from ACC_P1. This was followed by an outgoing UPI transfer of INR 200,000 to ACC_P2 at 12:05:00Z. Subsequently, an incoming UPI transfer of INR 200,000 was received from ACC_P2 at 12:10:00Z. The final transaction was an outgoing SWIFT transfer of INR 200,000 to DUBAI_NODE_888 in UAE at 12:20:00Z. This represents a same-day inflow of INR 400,000 and outflow of INR 400,000, demonstrating a rapid turnover of funds and a circular fund flow pattern involving multiple accounts, culminating in an international transfer.",
"narrative": "Sanjay Kumar, born 2000-01-14, is a student with a declared annual income of INR 0. His KYC was last updated on 2023-11-02, and he is categorized as a High-risk customer. Account XXXX4401, a savings account, was opened on 2023-12-01. The usual transaction pattern for this account is described as 'Minimal student spending', with an average monthly credit of INR 7,000.\n\nOn 2026-02-10, a series of four high-value transactions, totaling INR 800,000, occurred within approximately one hour, which is inconsistent with the customer's profile and usual account activity.\nAt 12:00:00Z, account XXXX4401 received INR 200,000 via UPI from ACC_P1.\nAt 12:05:00Z, INR 200,000 was transferred via UPI from account XXXX4401 to ACC_P2.\nAt 12:10:00Z, account XXXX4401 received INR 200,000 via UPI from ACC_P2.\nAt 12:20:00Z, INR 200,000 was transferred via SWIFT from account XXXX4401 to DUBAI_NODE_888 in UAE.\n\nThis activity demonstrates a same-day inflow of INR 400,000 and outflow of INR 400,000. A circular fund flow pattern was detected among accounts ACC_P1, XXXX4401, and ACC_P2. The total transaction volume of INR 800,000 significantly exceeds the customer's declared annual income of INR 0 and the expected annual credit based on the average monthly credit of INR 7,000. An alert for 'Mule Funnel Activity' (ALERT_44001) was triggered at 2026-02-10T13:12:00Z, indicating the account is receiving and forwarding funds for multiple entities. The presence of an international transfer to UAE further raises concerns regarding the nature and purpose of these transactions.",
"recommended_action": "Further investigation and enhanced monitoring of the subject's account and related activities are recommended."
}
}
///Prompt
Generate a highly realistic AML investigation case in STRICT JSON format.
⚠️ Output ONLY valid JSON. No explanation text.
Follow EXACTLY this schema:
{
"case_id": "...",
"generated_at": "...",
"institution": "...",
"customer_kyc": { ... },
"account_profile": { ... },
"alerts": [ ... ],
"transactions": [ ... ]
}
Requirements:
1. Make transaction network COMPLEX and GRAPH-DEPENDENT:
- Use at least 15–25 transactions.
- Include layering (3–5 hops).
- Include circular fund routing (money eventually returns to origin via different path).
- Include split-and-merge structuring (1 amount → split into 3 → merged again).
- Include pass-through behavior (same amount within 10 minutes).
- Include cross-border transfers via 2 jurisdictions.
- Include at least 2 intermediary shell accounts.
- Include 1 account that acts as both receiver and sender multiple times.
2. Make it HARD for rule-based detection:
- Slightly vary amounts (299,800; 300,200; etc).
- Spread transactions across multiple hours.
- Use different channels (NEFT, IMPS, SWIFT, RTGS, Online).
- Mix legitimate-looking retail deposits with suspicious activity.
- Add noise transactions that look normal.
3. Ensure the suspicious pattern is ONLY clearly visible if someone:
- Traverses graph paths
- Detects multi-hop fund flow
- Detects circular return to origin
- Detects structuring across accounts
4. Customer profile:
- Medium income individual
- Declared income much lower than total suspicious volume
- Realistic Indian KYC details
5. Alerts:
- Add 3–4 alerts:
- Layering Pattern
- Structured Deposits
- Rapid Movement
- Cross Border Escalation
6. Ensure:
- All accounts referenced in transactions exist in flow
- Timestamps are chronological
- At least 1 transaction chain is 4 hops deep
- Total suspicious flow > 15x declared annual income
7. Currency: INR
8. Use realistic names and Indian geography.
Output ONLY JSON.