Knogin
[Developers]

Profile Relationship Mapping

A financial crime investigator is trying to understand how funds moved from a suspected fraud account to a series of seemingly unrelated recipients across four jurisdictions. The transaction data alone shows individual t

Back to All Modules
Category: InvestigationLast Updated: Feb 5, 2026
investigation

Overview#

A financial crime investigator is trying to understand how funds moved from a suspected fraud account to a series of seemingly unrelated recipients across four jurisdictions. The transaction data alone shows individual transfers. What it does not show is that six of the recipients share a registered address, three are connected by a corporate ownership chain two layers deep, and two others appear together in communications intercepts from a separate case. Individually, these signals are weak. Mapped together as a network, they describe a coordinated cash-out operation.

The Profile Relationship Mapping module builds and maintains this kind of graph continuously, using Neo4j for relationship storage alongside PostgreSQL as the primary data store. It runs graph algorithms to find hidden connections, detect suspicious patterns, and identify the key nodes in criminal or financial networks that would otherwise remain invisible in tabular data.

Open Standards#

  • STIX 2.1 (OASIS): Entity profiles and relationship indicators are serialised to and from STIX 2.1 Structured Data Objects (Indicator, Report, Relationship), enabling bidirectional exchange of network intelligence with external threat platforms.
  • TAXII 2.1 (OASIS): Relationship and threat intelligence data is distributed and consumed via an async TAXII 2.1 polling client, allowing automated ingestion from external feeds into the relationship graph.
  • GEXF 1.3 (Graph Exchange XML Format): Relationship networks are exported in the open GEXF 1.3 format for interoperability with external graph analysis and visualisation tools such as Gephi.
  • openCypher / Cypher Query Language: Neo4j graph traversal for pathfinding, community detection, and centrality analysis is expressed in the openCypher-compatible Cypher language, enabling portability across graph database implementations.
  • GraphQL (June 2018 Specification): All relationship graph queries, mutations, and structural scoring are exposed through a GraphQL API, providing a typed, introspectable interface for client applications and integrations.
  • MITRE ATT&CK: Profile entities carry a mitre_attack_id field, allowing relationship networks to be annotated and filtered by adversary tactics, techniques, and procedures from the MITRE ATT&CK framework.
  • ISO 8601: All temporal attributes on relationships and entities, including start dates, end dates, and provenance timestamps, are stored and transmitted in ISO 8601 date-time format.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Key Features#

  • Rich Relationship Data Model: A comprehensive graph structure represents entities and their relationships across multiple types including family, employment, ownership, financial, communication, co-location, associate, and transaction connections, each with temporal context, confidence scoring, and provenance tracking.
  • Automated Relationship Discovery: A multi-stage extraction pipeline identifies direct relationships from structured data sources such as corporate registries, transaction logs, and communication records, then discovers inferred relationships from behavioural patterns and co-occurrence signals with tiered confidence scoring.
  • Relationship Enrichment: Discovered relationships are automatically enhanced with strength scoring based on frequency, recency, duration, bidirectionality, and intensity, plus risk indicators including suspicious patterns, rapid formation, and financial red flags.
  • Centrality and Influence Analysis: Graph algorithms calculate degree, betweenness, closeness, eigenvector, and PageRank centrality measures to identify key intermediaries, influential actors, highly connected individuals, and entities that can rapidly propagate information or funds through networks.
  • Community Detection: Clustering algorithms identify tightly-knit groups within networks, revealing potential fraud rings, money laundering schemes, organised crime structures, and related corporate groups, with density, cohesion, and risk scoring for each detected community.
  • Pathfinding and Connection Tracing: Shortest path, all-paths, and k-shortest-paths algorithms reveal hidden connections between entities, supporting investigations into fund flows, concealed ownership chains, criminal associations, and supply chain risk.
  • Suspicious Pattern Matching: Predefined and custom pattern searches detect circular payment flows, rapid fund distribution, structuring, nominee networks, shell company chains, smurfing, and round-tripping schemes across the relationship graph.
  • Interactive Network Visualisation: Configurable visualisation tools render relationship networks with multiple layout algorithms, colour-coded risk indicators, adjustable node sizing, interactive exploration, filtering, and support for ego network, financial flow, corporate structure, and criminal network map views.
  • Relationship Risk Scoring: Each relationship receives a composite risk score based on the risk profiles of connected entities, suspicious pattern indicators, and contextual factors, with bridge relationship identification and cluster membership tracking.

Use Cases#

  • Criminal Network Mapping: Investigators map suspects, associates, locations, and communication patterns to visualise organised crime structures, identify leaders through centrality analysis, and detect coordinated groups through community detection.
  • Money Laundering Investigation: Financial flow analysis traces fund movements through multiple layers, detects circular payment patterns and layering schemes, and identifies intermediaries and mule accounts used to obscure the origin of funds.
  • Beneficial Ownership Analysis: Pathfinding algorithms traverse complex corporate ownership chains to identify ultimate beneficial owners, detect nominee shareholder arrangements, and reveal concealed control structures through multiple entity layers.
  • Fraud Ring Detection: Community detection and pattern matching capabilities identify coordinated groups of entities committing fraud, revealing shared addresses, devices, phone numbers, and financial connections that indicate collusion.
  • Due Diligence Network Review: Compliance teams explore the relationship networks of customers and counterparties to identify undisclosed associations with sanctioned entities, politically exposed persons, or high-risk individuals before establishing business relationships.
  • Investigation Link Analysis: Investigators discover hidden connections between investigation subjects through second-degree relationship analysis, shared contacts, common locations, and overlapping organisational affiliations.

Integration#

The Profile Relationship Mapping module integrates with the platform's profile management, investigation management, risk scoring, and watchlist screening systems. Relationship data feeds into entity profiles, investigation workspaces, and due diligence workflows. The module connects to corporate registries, transaction systems, and communication platforms for automated relationship extraction, and network analysis results integrate with graph visualisation tools for interactive exploration across investigations.

Ready to Build?

Get started with our APIs or contact our integration team for support.