Trade-Based Money Laundering Detection MCP

Trade-based money laundering (TBML) detection for compliance teams, AML investigators, and financial intelligence units — delivered as an MCP server that plugs directly into Claude, Cursor, or any MCP-compatible AI agent. This server orchestrates 14 data sources and runs five peer-reviewed forensic algorithms to identify over-invoicing, carousel fraud, phantom entities, FX layering, and sanctions-adjacent ownership chains. The output is structured evidence ready for FinCEN SAR (Form 111) filing under 31 CFR 1020.320.

TBML accounts for an estimated $500–$800 billion laundered annually through trade channels, yet most compliance programs rely on manual invoice review. This server automates the full forensic pipeline: UN COMTRADE bilateral trade queries, cross-registry counterparty verification across six jurisdictions, OFAC and OpenSanctions screening, and multi-currency FX arbitrage detection — all triggered by natural-language prompts to your AI agent, with no code required from the analyst.

What data can you access?

MCP Tools

This server exposes 8 tools. Each tool charges a per-call fee when invoked.

Why use the Trade-Based Money Laundering Detection MCP Server?

A single TBML investigation using traditional methods requires a compliance analyst to manually query UN COMTRADE, cross-reference three or four corporate registries, pull OFAC and OpenSanctions results, build a spreadsheet of exchange rate histories, and then synthesize findings against FATF typology guidance. That process takes days. A single case might cost $2,000–$5,000 in analyst time — and it still misses statistical anomalies that require chi-squared tests to detect.

This server compresses that workflow to seconds. An analyst prompts their AI agent ("screen Apex Commodities Ltd in the US–UAE gold corridor") and receives a structured JSON report with Benford p-values, Grubbs outliers by HS6 code, phantom entity probability scores, KS-test FX deviations, Markov chain absorption probabilities, and a pre-populated SAR evidence package — all referencing the exact regulatory provisions that apply.

Beyond speed, the server provides capabilities that are impossible to replicate manually:

• Benford-Grubbs-Fisher hybrid — catches systematic invoice manipulation invisible to per-transaction review
• Tarjan SCC + Johnson cycle enumeration — identifies multi-hop carousel structures that span 3–6 entities
• Absorbing Markov chain — quantifies the probability that an ownership chain eventually reaches a sanctioned jurisdiction, even through legitimate intermediary layers
• Parallel data collection — up to 14 actors run simultaneously, not sequentially

Platform benefits for teams using this server via Apify:

• Scheduling — run daily corridor monitors on a cron schedule to catch emerging patterns
• API access — trigger investigations programmatically from your case management system via HTTP
• Monitoring — receive Slack or email alerts when runs fail or return critical risk scores
• Audit trail — every run is logged with input parameters and full JSON output for compliance records
• Integrations — connect to Zapier, Make, or webhooks to route high-risk findings to your case queue

Features

• Modified Benford-Grubbs hybrid with Fisher meta-p-value — applies Benford's law chi-squared goodness of fit (df=8) on first digits of trade values, runs Grubbs' outlier test per HS6 commodity code, then combines all p-values via Fisher's method: X² = −2·Σln(pᵢ) distributed as chi-squared with df=2k
• Tarjan's Strongly Connected Components algorithm — builds a directed graph from trade records and applies Tarjan's SCC in O(V+E) time to identify closed trade loops; follows with Johnson's cycle enumeration to list all elementary cycles up to configurable depth (default: 6)
• Circularity Suspicion Index (CSI) — computed per cycle as cycle_count × avg_value_variance / node_count, providing a rank-ordered list of the most suspicious circular structures
• Phantom entity logistic regression — scores P(phantom) = sigmoid(w₀ + w₁·age_ratio + w₂·employee_ratio + w₃·address_density + w₄·web_age_gap) using four bipartite graph features derived from corporate registry and WHOIS data
• Kolmogorov-Smirnov FX arbitrage detection — computes convenience scores (deviation from covered interest parity) for each currency pair, transforms via normal CDF, and applies KS test against expected uniform distribution; flags pairs where D > critical value at α=0.05
• Absorbing Markov chain jurisdictional cascade — treats 30 FATF blacklist/greylist jurisdictions and 13 medium-risk financial centers as absorbing states; computes fundamental matrix N = (I−Q)⁻¹ and absorption probability matrix B = N·R to quantify cascade risk
• 14 parallel data sources — UN COMTRADE, OpenCorporates, GLEIF LEI, UK Companies House, Canada Corporations, Australia ABN, OFAC, OpenSanctions, Exchange Rate Tracker, Exchange Rate History, WHOIS, OECD, IMF, IP Geolocation — all called concurrently, not sequentially
• Composite TBML Risk Score (0–100) — five-dimension weighted scoring: price anomaly (20%), counterparty risk (20%), jurisdiction risk (15%), circular trade involvement (15%), volume anomaly (15%), entity opacity (15%); thresholds: 0–15 Low, 16–35 Moderate, 36–55 Elevated, 56–75 High, 76–100 Critical
• SAR evidence package aligned with 31 CFR 1020.320 — categorized evidence items (Trade Pricing, Sanctions Exposure, Corporate Opacity, Circular Trade, FX Manipulation), severity ratings (low/medium/high/critical), specific regulatory references (OFAC EO 13224, CDD Rule 31 CFR 1010.230, FATF TBML Guidance 2020), and FinCEN filing recommendations with statutory deadlines
• Per-call spending controls — each tool call checks eventChargeLimitReached before executing; set a maximum budget per session to prevent runaway costs during exploratory investigations
• Jurisdiction risk taxonomy — hardcoded sets covering 15 FATF blacklist/greylist countries (IR, KP, MM, SY, YE, BF, CM, CD, HT, KE, ML, MZ, NG, PH, ZA, SS, TZ, VN) and 13 medium-risk financial centers (AE, HK, SG, CY, MT, LU, LI, MC, AD, GI, JE, GG, IM)
• Shell company indicator detection — flags deep ownership chains (≥3 hops), secrecy jurisdiction registration (BVI, Cayman, Panama, Seychelles, Marshall Islands, Vanuatu, Samoa), recent incorporation (<6 months), missing jurisdiction data, no trade activity, excessive counterparties (>10), and shared-jurisdiction clustering

Use cases for TBML detection and AML investigation

Bank AML compliance and transaction monitoring

BSA/AML compliance officers at correspondent banks, trade finance units, and money services businesses use this server to investigate trade transactions flagged by their transaction monitoring systems. Instead of manually correlating SWIFT messages with corporate registry lookups and OFAC checks, the analyst prompts their AI agent with the counterparty name and trade corridor. The server returns a full risk assessment within minutes, with SAR-ready evidence if thresholds are exceeded. This replaces workflows that previously required three days of analyst time per case.

Export control and sanctions screening

Export compliance teams use verify_counterparty_legitimacy and screen_ownership_chain to screen new trade counterparties before shipment approval. The phantom entity logistic regression catches recently incorporated shell companies with implausible employee-to-revenue ratios, and the absorbing Markov chain quantifies indirect sanctions exposure through layered ownership structures — both patterns that rule-based systems miss. This is particularly relevant for dual-use goods subject to EAR/ITAR restrictions.

Financial intelligence unit investigations

FIUs and law enforcement financial investigators use generate_sar_evidence_package to accelerate case preparation. The tool runs the complete 5-algorithm forensic pipeline, then assembles a structured evidence dossier with exact regulatory citations (31 CFR 1020.320, OFAC EO 13224, CDD Rule 31 CFR 1010.230) and a narrative template aligned with FinCEN SAR Form 111. Cases that previously took two weeks to build are packaged in under an hour.

Trade finance due diligence

Banks and non-bank trade finance providers (factoring companies, commodity traders) use investigate_trade_pair before issuing letters of credit or documentary collections. The Benford-Grubbs analysis on UN COMTRADE data detects systematic price manipulation in the counterparty's historical trade flows — a leading indicator of invoice fraud that appears before any single transaction becomes suspicious on its own.

Carousel fraud detection for VAT and customs authorities

Tax authorities and customs agencies use map_circular_trade_network to identify carousel VAT fraud patterns where goods cycle between entities across jurisdictions to generate fraudulent input tax credit claims. Tarjan's SCC identifies the strongly connected components; Johnson's cycle enumeration lists every elementary cycle; the CSI score ranks the most suspicious loops for investigation priority.

Corporate risk and third-party due diligence

Corporate compliance teams conducting enhanced due diligence on high-risk suppliers, joint venture partners, or acquisition targets use compute_tbml_risk_score as a quantitative risk gate. A score above 56 (High) triggers escalation to the legal team. The five-dimension breakdown (price anomaly, counterparty risk, jurisdiction risk, circular trade, entity opacity) identifies which specific factor drove the rating, focusing remediation efforts.

How to use the TBML Detection MCP Server

Step 1: Connect the server to your AI agent

Add the server URL to your MCP client configuration. The server runs in Apify's standby mode — it stays warm and responds within 1–2 seconds of your first prompt.

Claude Desktop — add to ~/Library/Application Support/Claude/claude_desktop_config.json (macOS) or %APPDATA%\Claude\claude_desktop_config.json (Windows):

{
  "mcpServers": {
    "trade-based-money-laundering": {
      "url": "https://trade-based-money-laundering-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_API_TOKEN"
      }
    }
  }
}

Cursor — add to .cursor/mcp.json in your project root or ~/.cursor/mcp.json globally:

{
  "mcpServers": {
    "trade-based-money-laundering": {
      "url": "https://trade-based-money-laundering-mcp.apify.actor/mcp",
      "headers": {
        "Authorization": "Bearer YOUR_APIFY_API_TOKEN"
      }
    }
  }
}

Other MCP clients — connect to https://trade-based-money-laundering-mcp.apify.actor/mcp using the Streamable HTTP transport. Pass your Apify API token in the Authorization: Bearer header.

Step 2: Run your first investigation

Once connected, prompt your AI agent in plain language:

• "Investigate trade flows between China and UAE for gold (HS 7108) and check if Nexo Metals Ltd appears on any sanctions lists"
• "Screen Pinnacle Resources Inc for phantom entity indicators — their domain is pinnacleresources.ae"
• "Map circular trade patterns among these five entities: [list]"
• "Generate a SAR evidence package for Al Fajr Trading LLC, trade corridor US–UAE electronics, case reference INV-2026-0441"

Step 3: Review the output

Each tool returns structured JSON. Your AI agent will interpret the statistical findings (Benford p-values, KS statistics, CSI scores) and provide a plain-language summary with recommended next steps.

Step 4: Use the SAR evidence package

If generate_sar_evidence_package returns evidence items at high or critical severity, download the full JSON output from the Apify Dataset tab. The package includes regulatory references and narrative templates for FinCEN Form 111 completion — hand this to your BSA officer for review and filing within the 30-day window per 31 CFR 1020.320(b)(3).

Tool parameters

investigate_trade_pair

detect_invoice_anomalies

map_circular_trade_network

verify_counterparty_legitimacy

analyze_fx_manipulation

screen_ownership_chain

compute_tbml_risk_score

generate_sar_evidence_package

Prompt examples

Bilateral trade investigation:

Investigate trade flows between Brazil and UAE for gold (HS 7108) in 2025.
Also check if Ouro Brasil Exportadora Ltda appears on any sanctions lists.

Phantom entity screen:

Use verify_counterparty_legitimacy to screen "Nexo Global Commodities FZE"
with domain nexoglobal.ae, jurisdiction AE.

Full SAR package:

Generate a SAR evidence package for Al Fajr Trading LLC.
Trade corridor: US UAE electronics.
Domain: alfajrtrading.ae
Currencies: AED, CNY
Case reference: INV-2026-0441

Usage tips

• Start with investigate_trade_pair — it runs Benford-Grubbs and sanctions screening in a single call. Use findings to decide which specialized tools to invoke next.
• Provide the domain when verifying counterparties — the WHOIS web_age_gap feature (company age minus domain age) is one of the strongest phantom entity predictors. Without a domain, this feature defaults to a neutral score.
• Use max_records: 200 for Benford analysis — Benford's law requires a minimum of ~50 values for a reliable chi-squared test. More records improve p-value accuracy, especially for low-volume trade corridors.
• For circular trade mapping, include country names alongside companies — the network graph is richer when it can connect corporate entities to their trading-country nodes from UN COMTRADE data.
• Set a spending limit — use Apify's per-run maximum spend setting to cap investigation costs. The server respects eventChargeLimitReached and returns a clear error rather than partially completing an expensive call.

Output example

compute_tbml_risk_score response for a high-risk entity:

{
  "entity": "Nexo Global Commodities FZE",
  "tbmlRiskScore": {
    "score": 71,
    "riskLevel": "high",
    "dimensions": {
      "priceAnomaly": {
        "score": 0.82,
        "weight": 0.20,
        "weighted": 0.164,
        "detail": "Benford p=0.003 — strong deviation from expected first-digit distribution. 14 Grubbs outliers across HS codes 7108, 7113, 7115. Fisher meta chi-sq=31.4 (df=28, p=0.0031)."
      },
      "counterpartyRisk": {
        "score": 0.90,
        "weight": 0.20,
        "weighted": 0.180,
        "detail": "2 OFAC SDN matches. 1 OpenSanctions match (SDGT program). Corporate records: 0 LEI found — reduced transparency."
      },
      "jurisdictionRisk": {
        "score": 0.90,
        "weight": 0.15,
        "weighted": 0.135,
        "detail": "Registered in AE (medium-risk). BVI beneficial owner detected via GLEIF. Cayman Islands intermediate holding."
      },
      "circularTrade": {
        "score": 0.50,
        "weight": 0.15,
        "weighted": 0.075,
        "detail": "2 SCCs detected. 3 elementary cycles found, max CSI=4.17. Tarjan SCC across 8-entity network."
      },
      "volumeAnomaly": {
        "score": 0.68,
        "weight": 0.15,
        "weighted": 0.102,
        "detail": "Max single transaction 14.3x above entity mean. Spike in Q4 2024 inconsistent with prior 8-quarter baseline."
      },
      "entityOpacity": {
        "score": 0.80,
        "weight": 0.15,
        "weighted": 0.120,
        "detail": "Incorporated 8 months ago. Domain registered 6 months ago. WHOIS: registrant hidden via PrivacyGuard."
      }
    },
    "compositeScore": 0.776,
    "normalizedScore": 71
  },
  "dataSources": {
    "tradeRecords": 94,
    "corporateRecords": 23,
    "leiRecords": 0,
    "sanctionsHits": 3,
    "fxRates": 187,
    "historicalFxRates": 90,
    "oecdRecords": 7,
    "imfRecords": 4,
    "whoisRecords": 1
  }
}

generate_sar_evidence_package response excerpt:

{
  "caseReference": "INV-2026-0441",
  "entity": "Nexo Global Commodities FZE",
  "generatedAt": "2026-03-20T09:14:33.221Z",
  "sarReport": {
    "overallRisk": "critical",
    "estimatedIllicitValue": 4820000.00,
    "evidenceItems": [
      {
        "category": "Sanctions Exposure",
        "finding": "Entity \"Nexo Global Commodities\" linked to sanctioned \"Al Baraka Exchange LLC\"",
        "severity": "critical",
        "evidence": "Direct sanctions edge detected. Program: SDGT",
        "regulatoryRef": "OFAC — Executive Order 13224; 50 USC 1705(a)"
      },
      {
        "category": "Trade Pricing",
        "finding": "over-invoicing detected: United States -> UAE (HS 7108 Gold)",
        "severity": "critical",
        "evidence": "Reported unit price $64,200.00 deviates 87.3% from benchmark $34,280.00",
        "regulatoryRef": "31 CFR 1020.320 — BSA/AML Suspicious Activity Reporting"
      },
      {
        "category": "Corporate Opacity",
        "finding": "Recently incorporated entity in secrecy jurisdiction: \"Nexo Global Commodities\"",
        "severity": "high",
        "evidence": "Incorporated 8 months ago in Cayman Islands. Pattern consistent with shell company formation.",
        "regulatoryRef": "CDD Rule 31 CFR 1010.230 — Beneficial Ownership Requirements"
      },
      {
        "category": "Circular Trade",
        "finding": "Reciprocal trade detected: \"Nexo Global Commod\" <-> \"Meridian Metals Ltd\"",
        "severity": "medium",
        "evidence": "Bidirectional trade flows may indicate carousel fraud or round-tripping.",
        "regulatoryRef": "FATF Guidance — Trade-Based Money Laundering (2006, updated 2020)"
      }
    ],
    "recommendations": [
      "File SAR within 30 days per 31 CFR 1020.320(b)(3)",
      "Block transactions and file OFAC report per 31 CFR 501.603",
      "Conduct enhanced due diligence on shell entities per CDD Rule 31 CFR 1010.230",
      "Investigate carousel fraud indicators per FATF TBML Guidance (2020)"
    ]
  }
}

Output fields

compute_tbml_risk_score output

generate_sar_evidence_package output

detect_invoice_anomalies output

screen_ownership_chain output (Markov chain)

How much does it cost to run TBML investigations?

This server uses pay-per-event pricing — you pay per tool call, not per month. Platform compute costs are included.

A full investigation workflow — trade pair investigation, counterparty verification, ownership chain screen, and SAR package — costs approximately $0.175 total across four tool calls. Running 50 complete investigations per month costs under $9.

You can set a maximum spending limit per session in Apify's console. The server checks this limit before executing each tool call and returns a clear error message if the limit is reached, so investigations never exceed your budget.

Compare this to commercial TBML screening platforms that charge $500–$2,000/month for rule-based screening with no statistical algorithms. This server delivers peer-reviewed forensic methods at a fraction of the cost, with no subscription commitment.

How to call this server from code

Python

from apify_client import ApifyClient

client = ApifyClient("YOUR_APIFY_API_TOKEN")

# Full TBML risk score investigation
run = client.actor("ryanclinton/trade-based-money-laundering-mcp").call(run_input={})

# The server runs in standby mode — connect via MCP protocol instead for tool calls.
# To invoke a specific tool programmatically, POST to the /mcp endpoint:

import requests

response = requests.post(
    "https://trade-based-money-laundering-mcp.apify.actor/mcp",
    headers={
        "Authorization": "Bearer YOUR_APIFY_API_TOKEN",
        "Content-Type": "application/json",
    },
    json={
        "jsonrpc": "2.0",
        "id": 1,
        "method": "tools/call",
        "params": {
            "name": "compute_tbml_risk_score",
            "arguments": {
                "entity_name": "Nexo Global Commodities FZE",
                "trade_corridor": "US UAE gold",
                "domain": "nexoglobal.ae",
                "currencies": ["AED", "CNY"]
            }
        }
    }
)

result = response.json()
score = result["result"]["content"][0]["text"]
print(f"TBML risk assessment: {score}")

JavaScript

// Connect via MCP protocol to the standby server
const response = await fetch(
  "https://trade-based-money-laundering-mcp.apify.actor/mcp",
  {
    method: "POST",
    headers: {
      "Authorization": "Bearer YOUR_APIFY_API_TOKEN",
      "Content-Type": "application/json",
    },
    body: JSON.stringify({
      jsonrpc: "2.0",
      id: 1,
      method: "tools/call",
      params: {
        name: "generate_sar_evidence_package",
        arguments: {
          entity_name: "Nexo Global Commodities FZE",
          trade_corridor: "US UAE gold",
          domain: "nexoglobal.ae",
          currencies: ["AED", "CNY"],
          case_reference: "INV-2026-0441",
        },
      },
    }),
  }
);

const data = await response.json();
const sarPackage = JSON.parse(data.result.content[0].text);

console.log(`Overall risk: ${sarPackage.sarReport.overallRisk}`);
console.log(`Evidence items: ${sarPackage.sarReport.evidenceItems.length}`);
console.log(`Estimated illicit value: $${sarPackage.sarReport.estimatedIllicitValue.toLocaleString()}`);
for (const rec of sarPackage.sarReport.recommendations) {
  console.log(`  - ${rec}`);
}

cURL

# Invoke the invoice anomaly detection tool
curl -X POST "https://trade-based-money-laundering-mcp.apify.actor/mcp" \
  -H "Authorization: Bearer YOUR_APIFY_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "tools/call",
    "params": {
      "name": "detect_invoice_anomalies",
      "arguments": {
        "trade_corridor": "Brazil UAE gold",
        "hs_codes": ["7108", "7113"],
        "max_records": 150
      }
    }
  }'

# List all available tools
curl -X POST "https://trade-based-money-laundering-mcp.apify.actor/mcp" \
  -H "Authorization: Bearer YOUR_APIFY_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{"jsonrpc":"2.0","id":1,"method":"tools/list","params":{}}'

How this TBML detection server works

Phase 1: Parallel data collection

Every tool call that requires live data dispatches requests to multiple Apify actors simultaneously using Promise.all. The compute_tbml_risk_score and generate_sar_evidence_package tools run up to 14 actors concurrently: UN COMTRADE for bilateral trade flows, OpenCorporates for global corporate registrations, GLEIF for LEI/ownership chain data, UK Companies House, Canada Corporations, Australia ABN for jurisdiction-specific registrations, OFAC and OpenSanctions for sanctions screening, Exchange Rate Tracker and Exchange Rate History for FX analysis, OECD and IMF for macroeconomic context, WHOIS for domain intelligence, and IP Geolocation for network provenance. Each actor call has a 120-second timeout; failed calls return empty arrays so the pipeline continues without interruption.

Phase 2: Trade network graph construction

Raw data from all 14 sources is assembled into a typed TradeNetwork graph with TradeNode and TradeEdge objects. Nodes are typed as country, company, commodity, port, currency, or sanctioned. Edges carry types (exports, imports, owns, transships, fx_flow, sanctions) with weight, tradeValue, quantity, and unitPrice attributes. The graph is deduplicated using a hash-keyed node map, and sanctions edges are added between company nodes and sanctioned entity nodes identified in OFAC/OpenSanctions results. This graph is the shared input for all five forensic algorithms.

Phase 3: Five forensic algorithms

Benford-Grubbs-Fisher (invoice anomaly): Trade values are extracted and first digits are counted. A chi-squared statistic is computed against Benford's expected distribution [30.1%, 17.6%, 12.5%, 9.7%, 7.9%, 6.7%, 5.8%, 5.1%, 4.6%] with df=8. The Grubbs test is applied per HS6 code to identify individual outlier transactions (z-score exceeding the critical value at α=0.05 given sample size n). Fisher's method combines all HS6 p-values: X² = −2·Σln(pᵢ), distributed chi-squared with df=2k. The gamma function and regularized incomplete gamma are implemented analytically using Lanczos coefficients.

Tarjan SCC + Johnson cycle enumeration (circular trade): The trade edge set is used to build an adjacency list. Tarjan's algorithm runs in O(V+E) to find all strongly connected components. Johnson's algorithm enumerates all elementary cycles up to max_depth length. Each cycle receives a Circularity Suspicion Index: CSI = cycle_count × avg_value_variance / node_count. Cycles are ranked by CSI descending, with the top structures flagged for investigation.

Logistic regression phantom entity screening: Four features are computed from corporate registry and WHOIS data: age_ratio (company age vs industry median), employee_ratio (claimed employees vs revenue-implied headcount), address_density (co-registered entities at same address), and web_age_gap (company registration date minus domain registration date). The logistic regression sigmoid produces P(phantom) ∈ [0,1]. No ML training is required at runtime — the weights are pre-calibrated against FATF-documented phantom entity typologies.

KS test FX arbitrage detection: Convenience scores (deviation from covered interest parity) are computed for each currency pair using current and historical exchange rate data. Scores are transformed via the normal CDF Φ to produce uniform-distributed p-values under the null hypothesis of no manipulation. The Kolmogorov-Smirnov statistic D = max|F_n(x) − F(x)| is compared against the critical value D_α at α=0.05. Significant results (D > critical) indicate systematic FX convenience score deviations consistent with arbitrage layering. Split transactions below $10,000 that aggregate above $25,000 are also flagged for structuring.

Absorbing Markov chain jurisdictional cascade: Corporate entities and their jurisdictions form the transient states Q; sanctioned and high-risk jurisdictions (30 FATF/OFAC list members) are the absorbing states R. Ownership edges define the transition matrix. The fundamental matrix N = (I−Q)⁻¹ is computed iteratively. Absorption probabilities B = N·R give, for each entity, the probability that its ownership chain eventually reaches a sanctioned jurisdiction. This quantifies indirect sanctions exposure through legitimate intermediary layers.

Phase 4: Composite scoring and evidence assembly

The five algorithm outputs are combined into the composite TBML score using fixed weights (price anomaly 20%, counterparty risk 20%, jurisdiction risk 15%, circular trade 15%, volume anomaly 15%, entity opacity 15%). For SAR packages, evidence items are assembled, deduplicated, sorted by severity, and annotated with the exact regulatory provision that requires reporting. Recommendations include statutory deadlines (e.g., "File SAR within 30 days per 31 CFR 1020.320(b)(3)").

Tips for best results

1. Provide both entity name and trade corridor together. The most accurate investigations use compute_tbml_risk_score with all four parameters: entity_name, trade_corridor, domain, and currencies. Omitting parameters reduces the number of data sources the server can enrich.

2. Use HS codes rather than commodity descriptions when possible. UN COMTRADE returns more precise bilateral data when queried with a 4-digit or 6-digit HS code (e.g., "7108" for gold) than with a text description. Look up HS codes at the WTO tariff database before running corridor investigations.

3. Increase max_records to 150–200 for Benford analysis. Benford's law chi-squared test requires a minimum of approximately 50 values per commodity code for reliable results. Low-volume trade corridors with fewer records will return pValue=1 (conforming) by default, even if anomalies exist. More records = more statistical power.

4. Run counterparty verification before the full TBML score. verify_counterparty_legitimacy costs $0.040 and takes 20–30 seconds. If it returns zero corporate records and a sanctions match, there is little value in running the $0.045 composite score — the entity is already disqualified.

5. Use the LEI parameter when known. Providing the LEI code in screen_ownership_chain skips the GLEIF name-search step and goes directly to ownership chain retrieval, which is faster and more accurate for entities with common names.

6. Schedule periodic corridor monitors. Use Apify's scheduling to run detect_invoice_anomalies on your top 10 trade corridors weekly. Changes in the Benford p-value or Grubbs outlier count over time are more informative than a single snapshot — a trend toward non-conformity signals emerging manipulation.

7. Combine with company deep research for comprehensive due diligence. After verify_counterparty_legitimacy flags a company, feed the result into Company Deep Research for a full business intelligence report before escalating to legal.

Combine with other Apify actors

Limitations

• UN COMTRADE reporting lags — Trade data is reported by member countries with delays of 3–24 months. Investigations of very recent trade flows may return no results for some corridors. Use quarterly or annual data rather than expecting real-time figures.
• Benford's law requires 50+ records per HS6 code — Applying chi-squared with fewer observations produces unreliable p-values. Low-volume corridors will show conformsTobenford: true even if anomalies exist. The server notes this in the output, but analysts should weight Grubbs results more heavily in these cases.
• Tarjan/Johnson detect structural patterns, not illegal activity — Circular trade structures exist in legitimate business (distributors that buy back unsold inventory, triangular trade for tax optimization). CSI scores provide a suspicion rank, not a determination of fraud. Manual investigation is required to establish intent.
• Phantom entity logistic regression is a screening tool — The four-feature model (age_ratio, employee_ratio, address_density, web_age_gap) produces probability scores, not determinations. False positive rates increase for legitimately young companies, single-director structures, and shared registered office addresses (common in professional services).
• WHOIS data availability varies by jurisdiction — GDPR-compliant registrars hide registrant information for most .com, .net, and EU-country-code domains. The web_age_gap feature falls back to a neutral score when registrant data is hidden, reducing phantom entity detection accuracy.
• KS test FX deviations require historical rate data — The convenience score computation requires at least 10 historical data points per currency pair. Pairs with thin rate history will return isSignificant: false by default.
• Absorbing Markov chain accuracy scales with ownership chain data — GLEIF, UK Companies House, and OpenCorporates data coverage is uneven across jurisdictions. For entities with minimal registry presence, the Markov model falls back to jurisdiction-heuristic scoring rather than true chain traversal.
• Not legal advice — The SAR evidence package is a compliance intelligence tool. All filing decisions, materiality determinations, and regulatory submissions must be reviewed and approved by a qualified BSA/AML compliance officer or legal counsel.
• No real-time transaction data — This server analyzes public trade statistics and corporate registry data. It does not access live SWIFT messages, bank account transactions, or proprietary financial institution data.

Integrations

• Zapier — route generate_sar_evidence_package output for critical-risk cases to a compliance team Slack channel or Jira ticket automatically when triggered by an AI agent
• Make — build multi-step TBML investigation pipelines: trigger on new trade counterparty addition in your CRM → run counterparty verification → if score > threshold, escalate to case management system
• Google Sheets — export TBML risk scores for a batch of entities into a compliance tracker spreadsheet for weekly review meetings
• Apify API — integrate the MCP endpoint into your case management system or trade finance origination platform via REST API calls
• Webhooks — receive HTTP callbacks when the actor completes a run, enabling automated downstream processing of investigation results
• LangChain / LlamaIndex — embed TBML investigation capabilities in AI-powered compliance agents that retrieve, reason over, and summarize financial intelligence across investigations

Troubleshooting

Empty trade records despite a valid trade corridor — UN COMTRADE uses ISO 3-digit country codes and specific commodity code formats internally. Try reformatting your query: use "United States" instead of "US", or "840" for the US reporter code. Also check whether the specified year has been published — many countries report with an 18-month lag.

Benford analysis returns conformsTobenford: true for a known suspicious corridor — This usually indicates too few records. The chi-squared test has low power below 50 observations. Increase max_records to 200 and broaden the trade corridor query (drop the specific HS code to retrieve all commodity data for that country pair). You can also run detect_invoice_anomalies separately to see the full Grubbs per-HS6 breakdown.

verify_counterparty_legitimacy returns zero corporate records — Some entities operate under a trading name different from their legal entity name. Try the registered legal name (often visible on invoices or contracts), the holding company name, or append "Ltd", "LLC", "FZE", or "GmbH" to the query. Providing the jurisdiction parameter narrows the registry search and improves match rates.

screen_ownership_chain shows low cascade risk for a known high-risk entity — If the entity has no LEI and minimal registry presence, the Markov model defaults to jurisdiction-heuristic scoring rather than true chain traversal. Provide the LEI code if known. Alternatively, run generate_sar_evidence_package, which supplements the Markov analysis with direct OFAC/OpenSanctions hit detection that does not depend on registry coverage.

FX manipulation analysis returns isSignificant: false for a suspected manipulation case — The KS test requires at least 10 historical rate data points per currency pair. For exotic or thinly traded currencies, the exchange rate history may be insufficient. Try reducing the currency list to the two or three most relevant pairs and increasing the base_currency to match the corridor's primary settlement currency.

Responsible use

• All 14 data sources accessed by this server are publicly available: government-published trade statistics, corporate registries, official sanctions lists, and public domain registration records.
• This server is designed for legitimate AML compliance, financial crime investigation, and trade finance due diligence purposes.
• TBML risk scores and SAR evidence packages are compliance intelligence outputs. They are not determinations of guilt and must be reviewed by qualified compliance professionals before any adverse action is taken.
• Comply with applicable data protection laws (GDPR, CCPA, PIPEDA) when processing personal data derived from corporate registry or WHOIS lookups.
• Do not use this server to target individuals or entities without a legitimate compliance or law enforcement purpose.
• For guidance on the legality of accessing public data, see Apify's web scraping legal guide.

FAQ

What is trade-based money laundering, and why is it hard to detect? TBML uses international trade transactions to transfer illicit value across borders, exploiting the complexity of global supply chains and the volume of legitimate trade. Common schemes include over-invoicing (exporting $10M in goods billed at $40M to move $30M out of the jurisdiction), under-invoicing, phantom shipments, and carousel fraud. It is hard to detect because each individual invoice may look plausible in isolation — statistical methods like Benford's law and KS testing are required to identify the systematic patterns that distinguish manipulation from natural variation.

How does Benford-Grubbs-Fisher work for invoice anomaly detection? The algorithm applies three tests in sequence. First, Benford's law chi-squared goodness-of-fit (df=8) on the distribution of first digits across all trade values — legitimate data follows the logarithmic Benford distribution with ~30.1% starting with 1. Second, Grubbs' test identifies individual outlier transactions per HS6 commodity code by computing z-scores and comparing to the critical value for the sample size. Third, Fisher's method combines all HS6 p-values into a single meta-statistic: X² = −2·Σln(pᵢ), distributed chi-squared with df=2k. This catches both systematic price manipulation (Benford) and individual anomalous invoices (Grubbs) while controlling the family-wise error rate.

What is the absorbing Markov chain jurisdictional risk model? Corporate ownership chains are modeled as a Markov chain where each jurisdiction is a state. Sanctioned jurisdictions (FATF blacklist/greylist, 30 countries) and shell havens (BVI, Cayman, Panama, etc.) are designated absorbing states — once reached, the chain cannot exit. The fundamental matrix N = (I−Q)⁻¹ is computed, where Q is the sub-matrix of transitions between transient (non-sanctioned) states. The absorption probability matrix B = N·R gives, for each entity, the probability that following the ownership chain eventually leads to a sanctioned jurisdiction. This quantifies indirect sanctions exposure through legitimate intermediary layers.

Does a TBML risk score above 56 mean the entity is laundering money? No. The risk score identifies statistical anomalies and structural patterns consistent with TBML typologies described in FATF guidance. A high score warrants escalation and enhanced due diligence, not automatic adverse action. False positives occur — particularly for young companies in legitimate high-risk industries (commodities, metals trading, money services). All high-risk findings must be reviewed by a qualified BSA/AML compliance officer.

How accurate is the phantom entity logistic regression? The model produces a probability score based on four observable features. It is calibrated against FATF-documented phantom entity typologies, not against a labeled training dataset of confirmed cases. Accuracy improves when all four features can be computed (requires both corporate registry data and WHOIS data). The model has higher false positive rates for single-director companies, shared registered office addresses (common in professional services), and legitimately young startups. Use the detailed dataSources counts in the output to assess data quality before relying on the score.

Can the SAR evidence package be filed directly with FinCEN? The package provides structured evidence items, regulatory references aligned with Form 111 categories, and a narrative template. It is designed to accelerate — not replace — the compliance officer's filing process. SAR filing requires review and approval by a qualified BSA/AML compliance officer, a determination that the filing threshold has been met ($5,000 for known or suspected violations), and submission through the FinCEN BSA E-Filing System. The output is court-ready in format but requires human review and sign-off.

How many tool calls does a complete TBML investigation require? A standard investigation workflow uses 4 tool calls: investigate_trade_pair (initial assessment, $0.040), verify_counterparty_legitimacy (entity verification, $0.040), screen_ownership_chain (ownership chain, $0.045), and generate_sar_evidence_package if evidence warrants ($0.050). Total cost: $0.175. The compute_tbml_risk_score tool ($0.045) runs all five algorithms in a single call and can replace the first three calls when a comprehensive view is needed immediately.

Is it legal to access UN COMTRADE, corporate registry, and sanctions data this way? UN COMTRADE is a publicly available United Nations database published for research and policy use. Corporate registries (UK Companies House, GLEIF, OpenCorporates) provide public access to their data. OFAC and OpenSanctions are official government and NGO sanctions lists intended for compliance screening. WHOIS data is publicly published under ICANN policy. All 14 data sources are public. See Apify's guide on web scraping legality for further context.

How is this different from commercial AML screening platforms like World-Check or Dow Jones Risk? Commercial platforms focus primarily on PEP and sanctions database matching against curated proprietary lists, at subscription costs of $500–$5,000+/month. This server combines sanctions matching (OFAC + OpenSanctions) with statistical trade forensics (Benford-Grubbs invoice analysis), network analysis (Tarjan SCC, absorbing Markov chain), and multi-registry corporate verification — capabilities that most commercial platforms do not offer. It is particularly suited for trade finance TBML investigation rather than general onboarding screening. Cost per investigation is approximately $0.04–$0.05 with no subscription commitment.

Can I schedule automated corridor monitoring to detect emerging TBML patterns? Yes. Use Apify's built-in scheduler to run detect_invoice_anomalies on a fixed list of trade corridors weekly or monthly. Store the Benford p-value and Grubbs outlier count from each run and compare across periods — a trend toward statistical non-conformity signals emerging invoice manipulation before any individual transaction becomes suspicious. Connect the schedule to a webhook that posts results to your compliance team's Slack channel when anomaly scores exceed a threshold.

How long does a complete TBML risk score investigation take? compute_tbml_risk_score runs up to 14 actors in parallel with a 120-second timeout per actor. In practice, the parallel execution means the call typically completes in 60–90 seconds for most entity/corridor combinations. generate_sar_evidence_package runs the same data collection pipeline plus all five scoring algorithms, adding approximately 5–10 seconds of computation. Simple tools like detect_invoice_anomalies (single UN COMTRADE query) complete in 15–30 seconds.

What happens if one of the 14 data sources is unavailable? Each actor call is wrapped in a try/catch with a 120-second timeout. If an actor fails or times out, its result is replaced with an empty array and the pipeline continues. The dataSources field in the output reports exactly how many records each source returned, so analysts can see immediately which sources contributed data and which returned nothing. A key source returning zero records (e.g., OFAC returning nothing for a query) warrants a manual verification step rather than relying solely on the automated result.

Help us improve

If you encounter issues, you can help us debug faster by enabling run sharing in your Apify account:

1. Go to Account Settings > Privacy
2. Enable Share runs with public Actor creators

This lets us see your run details when something goes wrong, so we can fix issues faster. Your data is only visible to the actor developer, not publicly.

Support

Found a bug or have a feature request? Open an issue in the Issues tab on this actor's page. For custom TBML investigation workflows, enterprise integrations, or custom algorithm calibration, reach out through the Apify platform.