Main/

Design and Governance of Supplemental Taxonomies in AMLTRIX

Alongside the core Tactics & Techniques framework for describing money laundering (ML) methods, AMLTRIX includes six supplemental taxonomies:

  1. Risk Types
  2. Data Sources
  3. Value Instruments
  4. Services & Products
  5. Mitigations
  6. Actors

These categories enrich the who, what, and where of illicit finance, providing a deeper, holistic picture beyond the how of laundering. Below is an overview of why these taxonomies exist, how they were designed, and what compromises guided their development—along with notes on current Beta status, governance aspirations, and the importance of industry feedback.

1. Why Supplemental Taxonomies Are Needed

1.1 Enriching the Picture of Money Laundering

Focusing exclusively on techniques can obscure broader contextual factors:

  • Who is performing or facilitating them (Actors)
  • Which financial or non-financial offerings criminals misuse (Services & Products)
  • What underlying mediums store or move value (Value Instruments)
  • Where relevant evidence might exist (Data Sources)
  • Which vulnerabilities criminals exploit (Risk Types)
  • How institutions might prevent or detect them (Mitigations)

By interlinking these six taxonomies with techniques, AMLTRIX enables more practical threat modeling. Institutions can define clearer detection rules and risk-based priorities (e.g., “Red flags for high-risk product usage by a potentially exploited actor, revealed through transaction logs”).

1.2 Bridging Regulatory vs. Operational Language

Many regulators (e.g., FATF, EBA) define categories such as “Financial Institutions,” “DNFBPs,” “High-Risk Products,” or “Sanctioned Entities,” while frontline AML practitioners often need more granular or industry-specific classifications (e.g., “peer-to-peer lending,” “chain-hopping in crypto,” “crowdfunding platforms,” “nonprofit that lacks strong governance”).

The AMLTRIX supplemental taxonomies combine these top-down concepts with bottom-up operational detail, offering a common language that can be easily adapted to local or institutional contexts.

2. Key Design Principles

2.1 Focused Simplicity

Each taxonomy aims to keep categories broad but recognizable. More specific nuances can be added via sub-labels, metadata, or local adaptations. For instance:

  • Risk Types are grouped into five overarching categories (e.g., “Product Risk,” “Customer Risk,” “Channel Risk,” “Geographical Risk,” “Internal Risk”), rather than enumerating dozens of micro-risks.
  • Data Sources are assigned to one primary classification (“Transaction Logs,” “Open-Source Intelligence (OSINT),” “Customer Onboarding & Identity Data,” etc.), avoiding overlap that complicates usage.

2.2 Modularity & Interlinking

While each taxonomy can stand on its own, they become most useful when referenced together:

  • Risk Types typically link to specific techniques (e.g., layering via shell companies → “Customer Risk” from opaque ownership). They may in the future relate to other objects as well, but that remains optional.
  • Actors reference which roles (e.g., legitimate bank, illicit operator) can facilitate certain techniques.
  • Services & Products describe offerings that criminals exploit, which also appear in technique definitions.
  • Value Instruments pinpoint the mediums used (crypto, cash, securities), helping clarify how criminals store or move funds.
  • Data Sources show where investigators or monitoring systems might spot evidence (e.g., suspicious transactions in “Transaction Logs,” leads from “Open-Source Intelligence (OSINT)”).
  • Mitigations specify controls or measures (e.g., “Enhanced Due Diligence,” “Transaction Monitoring”) that reduce the effectiveness of particular techniques.

2.3 Bottom-Up + Top-Down

  • Regulatory Influence: Many definitions reflect FATF or other standard frameworks (e.g., “DNFBPs,” “PEPs,” “High-Risk Jurisdictions”).
  • Operational Experience: Real-world AML lessons shape practical categories like “Cash-Intensive Business,” “Shell or Front Company,” or “Crowdfunding Platform.”

This combined approach keeps the taxonomies relevant to both compliance mandates and day-to-day AML operations.

2.4 Future Adaptability

AMLTRIX is in Beta (as of 2025 Q2) and open to suggestions. Money laundering evolves quickly—new digital products, new cross-border payment apps, changing risk factors. These taxonomies remain high-level to accommodate ongoing refinements or expansions. Organizations may:

  • Create sub-categories or rename items for local needs.
  • Provide feedback on reclassification or newly emerging vulnerabilities via the AMLTRIX community ([email protected]).

3. Overview of the Six Supplemental Taxonomies

3.1 Risk Types

  • Scope: Five categories (Product Risk, Customer Risk, Channel Risk, Geographical Risk, Internal Risk) that reflect a common, sector-wide approach to AML risk assessment.
  • Usage: Helps institutions systematically identify which dimension a laundering technique exploits (e.g., channel risk for remote account openings, product risk for prepaid cards).
  • Linkage: Primarily referenced in technique definitions; potential future linkages to other objects remain optional.

3.2 Data Sources

  • Scope: Categorizes the repositories or information streams relevant to AML detection (e.g., “Transaction Logs,” “Customer Onboarding & Identity Data,” “Watchlists & Adverse Data,” “Open-Source Intelligence (OSINT),” “Corporate & Ownership Data,” etc.).
  • Usage: In technique definitions, clarifies where to find indicators or red flags (e.g., suspicious transaction patterns, adverse media).
  • Note: A single data source is placed into one category for clarity.

3.3 Value Instruments

  • Scope: Encompasses all recognized ways of holding/transferring value—fiat currencies, commodities, digital tokens, securities, intangible assets, etc.
  • Usage: Links to techniques to specify which mediums criminals use (e.g., “bearer shares,” “cryptocurrencies,” “precious metals”).
  • Benefit: Highlights if a particular method frequently exploits certain non-traditional assets (e.g., NFT-based laundering).

3.4 Services & Products

  • Scope: Represents offerings or platforms (bank accounts, insurance, gambling, real estate services, e-commerce) that criminals can misuse.
  • Usage: In technique definitions, clarifies how a service or product is exploited to layer or move illicit funds (e.g., “Trade Finance & Commerce Enablement,” “Crypto & Digital Asset Services,” “Real Estate & Property Services”).
  • Benefit: Pinpoints which service lines or product features (anonymity, cross-border transfers) pose ML vulnerabilities.

3.5 Mitigations

  • Scope: Catalogs controls or strategies (e.g., KYC, EDD, transaction monitoring, staff training) that reduce the risk or impact of specific laundering methods.
  • Usage: Connects directly to techniques—for each laundering approach, AMLTRIX can suggest which mitigations might disrupt it.
  • Role: Bridges the gap between knowing a technique exists and acting to prevent or detect it.

3.6 Actors

  • Scope: Classifies who may be involved—ranging from legitimate banks and law firms to criminal networks or money mules.
  • Usage: Identifies typical roles behind certain ML methods (e.g., “Shell or Front Company,” “Professional Money Launderer,” “Potentially Exploited Cash-Intensive Business”).
  • Context: A single real-world party can embody multiple roles; AMLTRIX focuses on archetypes for threat modeling.

4. Governance & Future Development

4.1 Beta Status & Community Feedback

Currently, AMLTRIX is in Beta (as of 2025 Q2). There is no official governance committee or consortium yet. However, the AMLTRIX team welcomes suggestions from regulators, financial institutions, solution providers, and industry experts at [email protected]. Examples include:

  • Adding/Revising Categories: If you have an internal classification for new fintech services or specialized instruments, share it.
  • Proposing Best Practices: If you discovered an alternate approach that better suits certain markets, AMLTRIX is open to learning.

4.2 Adaptability & Local Customization

Users are free to modify or expand AMLTRIX for their internal processes, as needed:

  • Local Extensions: For instance, subdividing “Services & Products” into narrower categories if local regulations require more detail.
  • Sharing Back: Organizations are encouraged (though not required) to share these adaptations with the broader AMLTRIX community, fueling collaborative improvement and refinement.

4.3 Not Exhaustive, Not Final

The taxonomies are not guaranteed to be comprehensive or perfectly correct for every scenario. The AMLTRIX project openly acknowledges that industry validation is key:

  • Continuous Improvement: Real-world usage, lessons from investigations, and new legislative changes can refine or alter categories.
  • Toward Maturity: As AMLTRIX moves beyond Beta, a more formal governance structure may emerge, possibly co-led with interested stakeholders to steer expansions and maintain a stable versioning process.

5. Compromises & Known Limitations

  • Simplicity vs. Specificity: Keeping top-level categories broad enables quick adoption. More detailed sub-categorizations remain optional.
  • Jurisdictional Differences: Definitions (e.g., which businesses count as DNFBPs) vary widely. AMLTRIX uses generalized terms, expecting local users to adapt where needed.
  • Static Reference vs. Dynamic Reality: These taxonomies are conceptual. They do not automatically update to reflect real-time changes (e.g., a once-legitimate service becomes illicit). Investigative or case-management systems handle such updates.
  • Best-Fit Assignments: A single item or entity might appear to match multiple categories. AMLTRIX typically enforces one main classification, with secondary tags capturing further context.

6. How They Improve Modeling of ML Techniques

All six supplemental taxonomies—Risk Types, Data Sources, Value Instruments, Services & Products, Mitigations, and Actors—enhance ML technique modeling by:

  • Adding Contextual Depth: Techniques become richer when AMLTRIX points out which risk types they exploit, who typically employs them, or which products/instruments are involved.
  • Guiding Detection & Prevention: Mitigations tie back directly to techniques. Data sources clarify where to look for red flags. Services & Products define what criminals misuse. Actors show who executes it. Risk Types highlight the vulnerability dimension (e.g., product risk, channel risk).
  • Facilitating Inter-Departmental & Inter-Organizational Communication: A shared taxonomy cuts down on confusion—everyone references consistent terms for, say, “shell companies” or “transaction logs.”
  • Supporting Risk Assessment: When you know which technique hits which risk type, and which services or instruments criminals prefer, you can calibrate your institution’s risk-based approach more precisely.

7. Conclusion

The six supplemental taxonomies in AMLTRIX—covering Risk Types, Data Sources, Value Instruments, Services & Products, Mitigations, and Actors—serve as foundational building blocks around which techniques (the core “how” of laundering) gain fuller meaning. They:

  • Unify references to the “who, what, and where” of money laundering.
  • Offer standardized but flexible frameworks to accommodate evolving threats.
  • Remain in Beta and open to community feedback, with no formal governance structure yet in place—interested parties are invited to suggest improvements or share real-world usage experiences.
  • Are not exhaustive or perfect, acknowledging that industry validation and iterative refinements are necessary for AMLTRIX to reach maturity.

By implementing these supplemental taxonomies alongside techniques, AML/CFT practitioners can achieve a more robust and context-aware knowledge graph—one that drives better detection strategies, fosters interoperability, and ultimately contributes to stronger financial crime prevention worldwide.