GFN logo
Subscribe
GFN Risk Taxonomy/Version History

GFN Compliance Tools

GFN Risk Taxonomy — Version History

Structured updates to typology definitions, signals, control mappings, and ontology fields.

The GFN Risk Taxonomy follows a version-controlled update process.

Structural changes are documented here to support institutional transparency, model alignment, and programme governance.

Versioning Model

v2.0Major

Structural change to core pattern or typology architecture.

v1.1Minor

Addition or revision of signals, variants, controls, or detection logic.

v1.0.1Patch

Clarifications, wording refinements, or formatting improvements.

Filter by

17 entries
Sanctions Evasion via Digital Assets·Patch

v1.0.1

Sections Affected

Common VariantsRegulatory AnchoringLatest Developments

What Changed

  • Corrected FinCEN advisory reference: FIN-2022-A001 (April 14, 2022, kleptocracy advisory) replaced with FIN-2022-Alert001 (March 7, 2022, Russian sanctions evasion alert) to accurately describe the document that identified CVC as a sanctions evasion channel.
  • Fixed MiCA regulation number: corrected typographical error from (EU) 2023/1214 to (EU) 2023/1114.
  • Corrected Garantex seizure date from February 2025 to March 2025 (seized March 6–7, 2025 by U.S. Secret Service and German BKA).
  • Updated IEEPA civil penalty amount from $356,579 to $377,700 to reflect the 2025 inflation-adjusted figure.
  • Corrected attribution of 86% illicit crypto flows statistic from Chainalysis to TRM Labs.
  • Corrected Russia hash rate claim: replaced "tripled its global hash rate" with accurate characterisation (equipment demand tripled; hash rate share grew from ~11% to ~16%).

Why It Matters

Ensures regulatory citations, enforcement dates, and statistical attributions are verifiably accurate — critical for a sanctions-focused dossier where precise regulatory references inform compliance programme design.

Open Dossier →Jump to Common VariantsJump to Regulatory AnchoringJump to Latest Developments
Third-Party Payment Processor Abuse·Patch

v1.0.1

Sections Affected

Core PatternCommon VariantsSignalsRegulatory AnchoringOperational Impact

What Changed

  • Corrected FinCEN Guidance FIN-2008-G008 description to accurately reflect its subject (money transmitter definition for brokers/dealers in currency and commodities).
  • Corrected FinCEN Advisory FIN-2014-A009 description and date: November 2014 advisory on FATF-identified jurisdictions with AML/CFT deficiencies (was incorrectly described as August 2014 advisory on consumer fraud).
  • Updated Visa programme references: GBPP replaced with VIRP (Visa Integrity Risk Program, effective May 2023); VDMP replaced with VAMP (Visa Acquirer Monitoring Program, effective April 2025).
  • Updated PSD3 reference from "Proposal" to reflect provisional political agreement reached November 2025.
  • Corrected G2 Web Services corporate attribution from "now Verifi/Visa" to "now G2 Risk Solutions" (separate companies).
  • Updated Visa chargeback threshold references to reflect VAMP programme replacing legacy VDMP thresholds.

Why It Matters

Ensures regulatory citations, card network programme references, and corporate attributions are accurate and current — critical for compliance teams using dossier references to calibrate merchant monitoring programmes.

Open Dossier →
Trade-Based Money Laundering (TBML)·Patch

v1.0.1

Sections Affected

Latest Developments

What Changed

  • Corrected $312 billion CMLN figure: clarified that this represents total suspected CMLN-related suspicious activity across all methodologies (not exclusively TBML), with TBML identified as one of three principal laundering channels.
  • Revised FATF February 2026 plenary characterisation: replaced unverifiable claim about TBML being specifically "reaffirmed as a priority risk area" with accurate description of the plenary’s strategic priorities focus, noting TBML’s standing as a recognised FATF concern.

Why It Matters

Ensures the FinCEN CMLN advisory’s $312 billion figure is not misattributed to TBML specifically, and that FATF plenary characterisations are limited to verifiable official outcomes.

Open Dossier →Jump to Latest Developments
Shell Company & Beneficial Ownership Concealment·Patch

v1.0.1

Sections Affected

Regulatory AnchoringLatest DevelopmentsOperational ImpactInstitutional Failure Patterns

What Changed

  • Corrected CDD Exceptive Relief characterisation: the February 2026 order removed the requirement to re-collect BO information at each subsequent account opening, not "suspended BO identification at new account opening." First-account BO identification remains required. Updated in all affected locations.
  • Corrected EU AMLD6 beneficial ownership threshold: replaced incorrect "5% for high-risk sectors" with accurate description (threshold adjusted from "more than 25%" to "25% or more", with Commission empowered to lower to 15% for higher-risk sectors via delegated act).

Why It Matters

The CDD Exceptive Relief correction prevents institutions from incorrectly concluding that first-account BO identification is no longer required. The EU threshold correction ensures accurate compliance programme calibration.

Open Dossier →
Crypto Layering (Chain-Hopping & Mixer Abuse)·Patch

v1.0.1

Sections Affected

Operational DefinitionLatest DevelopmentsOperational Impact

What Changed

  • Corrected Bybit hack laundering path: replaced Ronin Bridge laundering chain (ETH→BNB Chain→USDD→BitTorrent Chain) with verified Bybit laundering method (approximately 72% of stolen ETH converted to Bitcoin via THORChain cross-chain swaps).
  • Corrected OKX enforcement action date from March 2025 to February 2025 and amount to $504 million.
  • Updated cumulative DPRK Lazarus Group crypto theft figure from $3 billion to $6.75 billion to reflect current Chainalysis data.
  • Updated FATF Travel Rule non-compliance statistic from 75% to approximately 70% to reflect the June 2025 targeted update (improved from 75% in the 2024 update).

Why It Matters

Ensures the highest-profile case study (Bybit, $1.5B) accurately describes the laundering methodology used, and that enforcement and compliance statistics reflect current data.

Open Dossier →Jump to Operational DefinitionJump to Latest DevelopmentsJump to Operational Impact
Rapid Transaction Velocity Abuse (Micro-Layering)·Patch

v1.0.1

Sections Affected

Latest DevelopmentsRegulatory Anchoring

What Changed

  • Updated FedNow transaction limit from $500,000 to $10 million to reflect the November 2025 increase.
  • Corrected AMLA supervisory powers timeline: AMLA became operational July 2025, but direct supervisory powers over selected high-risk obliged entities commence in 2028 (was implied as already active).

Why It Matters

The FedNow limit correction is material — the 20x increase from $500,000 to $10 million significantly expands the velocity abuse risk surface for instant payment channels and affects risk assessment calibration.

Open Dossier →Jump to Latest DevelopmentsJump to Regulatory Anchoring
Structuring & Smurfing·Patch

v1.0.1

Sections Affected

Detection PlaybookRed Flags & False PositivesRegulatory Anchoring

What Changed

  • Corrected legal standard terminology: replaced "willful structuring" and "willful intent to evade" with "structuring for the purpose of evading reporting requirements" throughout, reflecting the post-1994 Ratzlaf fix (Money Laundering Suppression Act of 1994) which removed the willfulness requirement from 31 USC § 5324.

Why It Matters

The distinction between "willful" and "for the purpose of evading" is substantive for compliance professionals: the current standard requires proof of intent to evade reporting requirements, not proof that the defendant knew structuring was a crime (the pre-Ratzlaf standard).

Open Dossier →Jump to Detection PlaybookJump to Red Flags & False PositivesJump to Regulatory Anchoring
Rapid Transaction Velocity Abuse (Micro-Layering)·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with velocity-specific metrics: transaction velocity index, round-trip compression ratio, cross-channel dispersion score, and network fan-out/fan-in ratio.
  • Added Comparative Clarity layer differentiating from Classical Structuring, Traditional Layering, and Mule Network Activity.
  • Added five-stage structural flow model covering Fund Injection through Extraction & Integration.
  • Added four variants: P2P Payment Platform Churning, Prepaid Card Load-Drain Cycling, Instant Payment Rail Exploitation, and Cross-Platform Micro-Structuring.
  • Added Detection Category column to Signals table with velocity-specific categories: Velocity anomaly, Behavioral anomaly, Network anomaly, Temporal anomaly, and Channel anomaly.
  • Regulatory Anchoring section covers OFAC Sanctions Compliance Guidance for Instant Payment Systems (September 2022), FedNow Operating Circular 8, EU Regulation (EU) 2024/886 (Instant Payments Regulation), EU AMLA, UK FCA FG24/6, UK Payment Services (Amendment) Regulations 2024, FATF R.15/R.16 (revised June 2025), FATF Professional Money Laundering Report (2018), FinCEN Funnel Account Advisories (FIN-2011-A009, FIN-2012-A006, FIN-2014-A005), FinCEN Advisory on Chinese Money Laundering Networks (August 2025), and EBA Guidelines on ML/TF Risk Factors.
  • Introduced Institutional Failure Patterns section addressing batch-cycle monitoring applied to real-time channels, siloed channel monitoring, recycled velocity thresholds from traditional banking scenarios, absence of real-time screening capability, and missing aggregate value reconstruction in investigation workflows.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with streaming real-time scoring for instant payment channels.

Why It Matters

Establishes the institutional framework for rapid transaction velocity abuse detection — the defining AML challenge of the instant payment era. As real-time payment infrastructure becomes mandatory across major jurisdictions (SEPA Instant from October 2025, FedNow expanding across US institutions since July 2023, UK Faster Payments), the gap between payment speed and monitoring speed becomes the primary vulnerability that micro-layering operators exploit. Anchored to verified enforcement actions (TD Bank $3.1B resolution citing P2P velocity monitoring as "not fit for purpose," Starling Bank £29M for financial crime control failures during rapid growth) and the current regulatory landscape including OFAC instant payment guidance, EU IPR mandatory screening requirements, and FCA payment delay powers. Addresses the critical structural gap between batch-cycle transaction monitoring architecture and the real-time, cross-channel, velocity-aware monitoring required to detect micro-layering at the speed at which it operates.

Open Dossier →
Sanctions Evasion via Digital Assets·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with sanctions-specific metrics: sanctions exposure score, jurisdictional risk index, attribution confidence level, and designated-entity proximity hops.
  • Added Comparative Clarity layer differentiating from Crypto Layering, Traditional Sanctions Evasion, and General AML Non-Compliance.
  • Added five-stage structural flow model covering Sanctions Trigger & Crypto Migration through Integration & Fiat Extraction.
  • Added four variants: State-Sponsored Crypto Theft & Laundering (DPRK Model), Sanctions-Circumventing VASP Operations, DeFi & Peer-to-Peer Sanctions Bypass, and Mining-Based Sanctions Evasion.
  • Added Detection Category column to Signals table with sanctions-specific categories: Sanctions screening anomaly, Behavioral anomaly, Network anomaly, Jurisdictional anomaly, and Velocity anomaly.
  • Regulatory Anchoring section covers OFAC Sanctions Compliance Guidance for the Virtual Currency Industry (October 2021), OFAC SDN List crypto address designations (from November 2018), IEEPA/TWEA, EO 14067, FinCEN Advisory FIN-2022-A001, FATF R.15/R.16, EU MiCA, EU TFR, EU 20th Sanctions Package, UK OFSI Cryptoassets Threat Assessment, GENIUS Act, and UN Security Council DPRK Resolutions.
  • Introduced Institutional Failure Patterns section addressing no blockchain analytics sanctions screening, batch vs real-time screening, single-regime screening, no indirect exposure assessment, and DeFi/cross-chain screening gaps.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with sanctions-specific attribution analysis.

Why It Matters

Establishes the institutional framework for sanctions evasion detection in the digital asset context — the highest-consequence compliance risk in the crypto industry, carrying strict liability under OFAC and criminal prosecution risk under IEEPA. Anchored to verified enforcement actions (Binance $968M OFAC settlement, Bittrex $24.28M, Garantex designation and seizure, Suex/Chatex designations) and state-sponsored programmes (DPRK $6.75B cumulative crypto theft, Russia's A7A5 stablecoin infrastructure processing $93.3B in 2025, Iran's IRGC-linked exchange network). Addresses the critical gap between traditional name-based sanctions screening and the blockchain-level, multi-regime, real-time screening required to detect crypto-enabled sanctions evasion at the speed and scale at which it operates.

Open Dossier →
Third-Party Payment Processor Abuse·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with processing-specific metrics: underwriting deviation index, chargeback trajectory scoring, settlement velocity ratio, and network concentration score.
  • Added Comparative Clarity layer differentiating from Traditional Money Laundering (Wire/ACH), Shell Company Concealment, and Merchant Fraud.
  • Added five-stage structural flow model covering Infrastructure Establishment through Layering & Integration.
  • Added four variants: Transaction Laundering (Factoring), Shell Merchant Processing, MCC Misrepresentation & High-Risk Concealment, and Payment Facilitator & Aggregator Abuse.
  • Added Detection Category column to Signals table with processing-specific categories: Volume anomaly, Behavioral anomaly, Underwriting anomaly, Network anomaly, and Chargeback anomaly.
  • Regulatory Anchoring section covers FinCEN BSA/AML MSB requirements (31 CFR 1022), FinCEN Guidance FIN-2008-G008, FinCEN Advisory FIN-2012-A010, FinCEN Advisory FIN-2014-A009, FFIEC BSA/AML Examination Manual (Third-Party Payment Processors), Visa Core Rules / GBPP / VIRP, Mastercard Standards / BRAM / MATCH, FATF Guidance on New Payment Methods, EU PSD2/PSD3, and NACHA Operating Rules.
  • Introduced Institutional Failure Patterns section addressing underwriting-and-forget model, chargeback-only detection paradigm, PayFac/ISO opacity, cross-merchant linkage gaps, and AML/merchant risk management silos.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with NLP-based website content analysis.

Why It Matters

Establishes the institutional framework for third-party payment processor abuse detection — a high-prevalence typology estimated to facilitate over $200 billion annually in transaction laundering in the United States alone. Anchored to verified enforcement actions (Allied Wallet $150M+ processing scheme, Wirecard EUR 1.9B fraud, Europol Operation Chargeback EUR 300M damages) and the current regulatory landscape including FinCEN third-party processor advisories, FFIEC examination guidance, and Visa/Mastercard compliance programmes (GBPP/VIRP, BRAM/MATCH). Addresses the critical structural gap between merchant onboarding compliance and continuous merchant monitoring — the gap that transaction laundering exploits by design.

Open Dossier →
Trade-Based Money Laundering (TBML)·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with trade-specific metrics: invoice-to-market deviation index, counterparty commercial substance score, trade corridor rationality index, and document consistency ratio.
  • Added Comparative Clarity layer differentiating from Traditional Financial Layering, Customs/Trade Fraud, and Shell Company Concealment.
  • Added five-stage structural flow model covering Predicate Proceeds through Integration / Proceeds Extraction.
  • Added four variants: Over- and Under-Invoicing, Phantom Shipments (Ghost Trade), Multiple Invoicing, and Black Market Peso Exchange (BMPE) & Broker-Mediated Systems.
  • Added Detection Category column to Signals table with trade-specific categories: Price anomaly, Document anomaly, Counterparty anomaly, Behavioral anomaly, and Network anomaly.
  • Regulatory Anchoring section covers FATF 2006 TBML Report, FATF/Egmont 2020 Trends and Developments, FATF 2008 Best Practices, FinCEN FIN-2010-A001, FinCEN FIN-2014-A005, FinCEN August 2025 CMLN Advisory, EU AMLDs, Wolfsberg Trade Finance Principles, APG Typology Report, and GAO-20-333.
  • Introduced Institutional Failure Patterns section addressing payment-only monitoring gaps, commodity price benchmarking absence, trade finance/AML separation, open-account trade visibility, and customs data cross-referencing deficiencies.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches with trade-specific NLP document analysis.

Why It Matters

Establishes the institutional framework for trade-based money laundering detection — the highest-volume laundering channel globally, estimated at $1.6 trillion or more annually. Anchored to verified enforcement actions (HSBC $1.92B, Wachovia $160M, Lebanese Canadian Bank $150M seizure, Khanani MLO $12B+/year network) and the current FinCEN advisory landscape including the August 2025 Chinese Money Laundering Networks advisory. Addresses the critical structural gap between financial institution payment monitoring and customs goods-flow monitoring that TBML exploits by design.

Open Dossier →
Shell Company & Beneficial Ownership Concealment·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with entity-level metrics: ownership chain depth, commercial substance index, entity network density, and jurisdictional risk weighting.
  • Added Comparative Clarity layer differentiating from Trade-Based Money Laundering, Structuring, and Mule Network Activity.
  • Added five-stage structural flow model covering Entity Formation through Integration / Extraction.
  • Added four variants: Multi-Jurisdictional Corporate Layering, Nominee Director & Shareholder Arrangements, Trust & Legal Arrangement Abuse, and Real Estate & High-Value Asset Concealment.
  • Added Detection Category column to Signals table.
  • Regulatory Anchoring section covers FATF R.24 (March 2022 revision), FATF R.25 (February 2023 revision), U.S. CTA/FinCEN BOI Rule (including March 2025 interim rule narrowing scope), EU AMLD6/AMLA, UK ECCTA 2023, and Panama/Pandora Papers impact.
  • Introduced Institutional Failure Patterns section addressing beneficial ownership resolution gaps, cross-entity linkage deficiencies, and self-certification over-reliance.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.

Why It Matters

Establishes the institutional framework for shell company and beneficial ownership concealment detection — the enabling infrastructure for virtually every major financial crime typology. Anchored to verified enforcement actions (TD Bank $3.1B, Danske Bank $2B+, HSBC $1.92B) and the current divergent global regulatory landscape: EU/UK expanding beneficial ownership requirements while U.S. domestic BOI reporting has been effectively suspended. Addresses the critical gap between CDD checkbox compliance and genuine beneficial ownership resolution capability.

Open Dossier →
Crypto Layering (Chain-Hopping & Mixer Abuse)·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with crypto-specific metrics: mixer exposure scoring, cross-chain hop count, traceability gap index, and deposit-to-withdrawal velocity.
  • Added Comparative Clarity layer differentiating from Crypto-to-Fiat Off-Ramp Abuse, Traditional Financial Layering, and Structuring.
  • Added five-stage structural flow model covering Acquisition through Off-Ramp / Integration.
  • Added four variants: Mixer/Tumbler Layering, Cross-Chain Bridge Hopping, Privacy Coin Conversion, and DeFi Protocol Exploitation.
  • Added Detection Category column to Signals table with blockchain-specific signal categories.
  • Regulatory Anchoring section covers FATF R.15/R.16, FinCEN FIN-2019-A003, Section 311 NPRM, EU MiCA, EU TFR, and OFAC mixer designations.
  • Introduced Institutional Failure Patterns section addressing blockchain analytics integration gaps, single-chain monitoring limitations, and Travel Rule compliance.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.

Why It Matters

Establishes the institutional framework for crypto layering detection — the defining AML challenge for digital asset service providers. Addresses the critical gap between traditional transaction monitoring and the on-chain, cross-chain, multi-technique obfuscation methods used by sophisticated actors including state-sponsored groups. Anchored to verified enforcement actions (Blender.io, Tornado Cash, Sinbad.io, ChipMixer, Operation Olympia) and current regulatory frameworks (MiCA, FATF Travel Rule, FinCEN Section 311).

Open Dossier →
Structuring & Smurfing·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with structuring-specific threshold-proximity and aggregate deposit metrics.
  • Added Comparative Clarity layer differentiating from Layering, Mule Networks, and Legitimate Third-Party Deposits.
  • Added five-stage structural flow model covering Accumulation through Integration / Exit.
  • Added Detection Category column to Signals table.
  • Introduced Institutional Failure Patterns section specific to structuring detection architecture gaps.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.

Why It Matters

Establishes the baseline institutional framework for structuring and smurfing detection — the most foundational AML typology and the most frequently cited in BSA/AML enforcement actions. Addresses the critical gap between single-transaction CTR monitoring and the aggregate, multi-channel, multi-actor detection required for modern placement activity.

Open Dossier →
Account Takeover (ATO)·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with ATO-specific session and recovery metrics.
  • Added Comparative Clarity layer differentiating from APP Fraud, Identity Theft (new account), and standalone Payment Fraud.
  • Added five-stage structural flow model covering Access Acquisition through Exit / Cover.
  • Added Detection Category column to Signals table.
  • Introduced Institutional Failure Patterns section specific to ATO control-point and detection gaps.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.

Why It Matters

Establishes the baseline institutional framework for account takeover detection, addressing the control-point escalation dimension that differentiates ATO from credential attacks and distinguishes it from APP fraud and payment fraud typologies.

Open Dossier →
Synthetic Identity Fraud·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section with identity-specific metrics.
  • Added Comparative Clarity layer differentiating from Traditional Identity Theft, First-Party Fraud, and ATO.
  • Added lifecycle stage model covering Identity Construction through Bust-Out / Exit.
  • Added Detection Category column to Signals table.
  • Introduced Institutional Failure Patterns section specific to synthetic identity lifecycle dynamics.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section covering rule-based, behavioral, graph, and AI-assisted approaches.

Why It Matters

Establishes the baseline institutional framework for synthetic identity fraud detection, addressing the lifecycle dimension that differentiates this typology from classic identity theft and first-party fraud.

Open Dossier →
Mule Networks·Major

v1.0

Initial Publication

Sections Affected

Operational DefinitionCore PatternCommon VariantsSignalsRed Flags & False PositivesControls MappingRegulatory AnchoringDetection PlaybookRisk InterconnectionsLatest DevelopmentsOperational ImpactInstitutional Failure PatternsStructured OntologyModel Integration Readiness

What Changed

  • Initial publication of structured dossier.
  • Introduced Behavioral Quant Framing in Core Pattern section.
  • Added Comparative Clarity layer differentiating from adjacent risk categories.
  • Replaced absolute pass-through thresholds with peer-baseline-relative logic.
  • Added Detection Category column to Signals table.
  • Introduced Institutional Failure Patterns section.
  • Added Structured Ontology Fields for detection model alignment.
  • Added Model Integration Readiness section.

Why It Matters

Establishes the baseline institutional framework for mule network detection, improving cross-segment consistency and reducing false precision risk in rule calibration.

Open Dossier →