The job of Quantifind’s Graphyte platform is to resolve entities and then label them with risk. These labels identify something about a person or organization that our customers should know in order to minimize the risk that the entity poses to their business or mission. The threats of risk exposure are diverse, from banks that care about financial crimes regulations, to government agencies that care about malign, international actors, to investors who care about financial stability. Where they do overlap, they often use different, inconsistent terminology from different work cultures. And yet, it is essential to recognize that in the real world, all of these risks correlate and are interwoven. Financial instability can lead to financial crimes, which in turn create national security issues. Wildlife trafficking networks correlate with weapons trafficking networks, and use the same infrastructure and people. By taking a collective approach, we hope to set standards that support collective identification and intervention of crimes across our stakeholders.
To cover the interests of this broad set of stakeholders in a way that recognizes their commonality, Quantifind has authored a unified, comprehensive risk taxonomy, with detailed “Risk Cards” that document the explicit definitions for each risk, including example entities, terms, and datasets. Here we describe our process for creating a unified approach to risk that spans many customers.
Out of Many Risk Ontologies, One
You can infer what law enforcement and defense agencies care about most from their websites. The figure below shows a collection of website navigation menus, including domestic (FBI, DHS), international (Interpol, UN) and financial crimes organizations (FATF and FinCEN Guidelines), which effectively illustrate their differences, commonalities, and emergent patterns. Most care about “Terrorism”. Some have elevated concerns that are absent on others, e.g., Interpol’s inclusion of “Cultural Heritage Crime”. All of them reflect slight differences in choices of names and how topics are organized. In Quantifind’s combined ontology, we take all of these into account, and create a labeling scheme that considers each element in these constituent approaches.
While any such effort will inevitably be subjective, the act of unifying these ontologies is reminiscent of attempts to build grand unified theories of nature. While constructing the periodic table for the first time, Mendeleev was able to identify gaps and predict several elements, and their matching properties, which of course were eventually discovered. Similarly, while trying to unify quantum mechanics and relativity, Dirac was able to predict the discovery of antimatter. Finally, Maxwell’s Equations brilliantly unified previously disparate phenomena of electricity, magnetism, and light into one coherent theory that fits on a t-shirt.
In contrast, our effort here (unifying arbitrary man-made perspectives on man-made bad behaviors) is a far cry from such natural beauty for many reasons, but the underlying processes of unification bear similarities. In all cases, the key insights were to look at old concepts from new, orthogonal perspectives, with multiple experimental investigations and vantage points. In our case, this comes from viewing threats, or risks, from the perspectives of not only financial regulators, but law enforcement and intelligence officers. Viewing them from not only the perspective of investors, but of environmentalists.
In the next section, we propose a unification schema that indulges not only physicists’ dreams of unification, but also their penchant for gambling. Einstein may have said that “God does not play dice with the universe”, but, in terms of standards, it is difficult to come up with something more universal than people playing cards.
A memorable and useful way to categorize risks is to map them to the social classes harmed by these risks. One of the oldest taxonomies for class divisions in society, dating to medieval times, is the suits in a deck of playing cards. We map this old schema to categories of risk as follows:
- Diamonds corresponded to the merchant class, so we assign that to “Financial Crimes Risk”
- Spades to the military class, mapping to “National Security Risk”
- Hearts to the clergy class, mapping to “Financial Health Risk” (hearts symbolize health in any case).
- Clubs to the agricultural class (workers rights and the environment), which naturally maps to the field of “ESG Risk” standing for Environmental-Social-Governance.
With this co-opted scheme, we organized a sample of the aggregated risks into a deck of cards as seen below.
While there is plenty to quibble about in terms of the choices that were made on what does (and does not) get included and how things are organized or sorted, it is nevertheless a useful exercise in asserting that global risks can and should be organized in a similar way. The same is true for any ontology; choices have to be made. When it comes to entity risk screening, governments, regulators, and banks are often reticent or unprepared to make those choices themselves, and inconsistent when they try. Also, these risks will evolve over time, and any risk screening technology must embrace that fluidity to let the schema change as the world does (e.g., “High Risk Industry” can be updated to include cryptocurrency, NFTs, and related technologies). In the educational spirit of the Risk Cards discussed in the next section, the movie recommendations assigned to each risk serve as a memorable introduction to what each risk is essentially about.
Another opportunity provided by a global risk taxonomy is collaboration. Risk Cards, as defined in a previous post, can be vehicles to facilitate collaboration between domain experts, data scientists, and information consumers to create models that comprehensively identify signals and assess the relevance of those risks. These cards help “train the trainers” by operationally defining each risk and setting machine learning models up for measurable success and validation. Furthermore, the approach goes a long way towards establishing a transparent, responsible approach to AI by clearly documenting definitions of risk targeted by the model.
Taking the taxonomy and documentation yet another step further, by integrating this comprehensive risk schema with a comprehensive knowledge graph that fuses information from a large number of OSINT data sets, Quantifind hopes to help unify our various customers and partners to map and disrupt criminal networks across the globe. At Quantifind, we use these risks in KYX “Know Your X” workflows where X can be any entity of interest, including customers (KYC), suspects, sources, vendors, or adversaries.
If you are interested in Quantifind’s comprehensive risk platform or getting access to the complete set of risk cards, please email firstname.lastname@example.org.