Knogin
[Developers]

Graph Community Detection

A compliance team at a regional bank flags 12 accounts for unusual activity. Individually, none of them crosses a reporting threshold. Reviewed in isolation, each one looks like a small business handling moderate cash fl

Back to All Modules
Category: InvestigationLast Updated: Feb 23, 2026
investigationaireal-timecomplianceblockchain

Overview#

A compliance team at a regional bank flags 12 accounts for unusual activity. Individually, none of them crosses a reporting threshold. Reviewed in isolation, each one looks like a small business handling moderate cash flows. Then community detection runs across the transaction graph. All 12 accounts form a single tight cluster, with coordinated timing, shared counterparties, and near-identical transaction cadences. What looked like 12 separate cases is a single organised laundering ring operating across four cities.

The Graph Community Detection module identifies hidden networks, coordinated actor groups, and organised criminal structures through advanced clustering algorithms. Designed for financial crime investigators, intelligence analysts, and compliance teams, it deploys five sophisticated community detection algorithms to reveal organisational structures within transaction networks and complex relationship graphs, drawing on the Neo4j analysis layer backed by PostgreSQL as the primary data store.

Key Features#

  • AI-driven clustering achieving high accuracy that exceeds manual network analysis
  • Real-time community detection on large-scale graphs with millions of nodes
  • Coordination detection identifying organised groups through transactional patterns
  • Significant acceleration of investigation workflows, compressing timelines from months to weeks through network clustering
  • Five community detection algorithms: modularity optimisation, label propagation, hierarchical agglomerative clustering, information theory methods, and spectral clustering
  • Multi-level community structures revealing both tight clusters and broader organisational relationships
  • Incremental updates supporting real-time network evolution tracking as new data arrives
  • Asset recovery enhancement through community analysis revealing hidden assets and cash-out points

Use Cases#

  • Money Laundering Detection: Identify laundering rings and coordinated criminal financial networks through transactional pattern clustering
  • Organised Crime Intelligence: Reveal organisational structures, hierarchies, and roles within criminal networks across cryptocurrency and financial systems
  • AML Compliance: Compliance teams detect coordinated suspicious activity across customer portfolios through automated community analysis
  • International Task Force Operations: Multi-agency investigations identify cross-jurisdictional criminal organisations through network clustering

Integration#

  • Connects with the Neo4j graph analysis layer for community computation across investigation data
  • Compatible with investigation and case management platforms for automated case enrichment
  • Supports real-time updates as new network data is ingested from the platform's 153 third-party integrations
  • Export capabilities for community detection results to visualisation and reporting tools
  • Role-based access controls with comprehensive audit logging
  • Multi-tenant isolation for secure analysis across organisational boundaries

Open Standards#

  • GEXF 1.3 (Graph Exchange XML Format): Community detection results and full investigation graphs are exportable in GEXF 1.3, enabling direct import into tools such as Gephi and other open graph analysis platforms.
  • GraphQL (June 2018 Specification): All community detection queries, clustering mutations, and real-time subscription feeds are served through a GraphQL API, giving clients precise control over the shape of returned graph and cluster data.
  • openCypher: The Neo4j graph analysis layer, which executes Louvain community detection and PageRank centrality computations, is queried using the openCypher property-graph query language.
  • OAuth 2.0 / OpenID Connect: Every community detection endpoint requires a valid bearer token issued via the platform's OIDC-compliant authorisation service, enforcing tenant-scoped access on all graph operations.
  • FATF 40 Recommendations: The AML compliance and money-laundering detection use cases are aligned with FATF guidance on identifying coordinated suspicious activity, structuring investigations around the community structures FATF flags as indicators of organised layering.
  • JSON (RFC 8259): Graph node and edge properties, cluster payloads, and provenance records are stored and transmitted as JSON, providing interoperability with downstream case management and reporting systems.

Last Reviewed: 2026-02-23 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.