Real-time API delivering ML-driven risk scores, geospatial analytics, and cross-attribute anomaly detection across 41,000+ US zip codes.
Choose what you need — from core AML risk factors to fully customizable scoring.
Eight ML-driven risk factors including HIDTA, HIFCA, GTO, drug trafficking, industry risk, international nexus, and trade-based money laundering — scored at the zip code level.
Cross-attribute anomaly detection comparing address, phone area code, IP geolocation, counterparty distance, and nearest branch proximity for real-time mismatch signals.
Additional enrichment layers: CBSA classifications, neighborhood data, NAICS industry statistics, elder abuse risk classification, demographic data, and gang territory mapping.
Fully configurable risk scoring. Override default risk weights to match your institution's risk appetite and regulatory posture.
Send a transaction or entity. Get back enriched risk intelligence in real time.
1B+ data points from government, financial, and proprietary sources
Standardize across zip, county, CBSA, state, and country layers
Select and transform predictive features for ML models
Train models for drug trafficking, industry risk, and anomaly detection
Return scored, tiered risk levels via API or data file delivery
// Enriched response (simplified) { "mainZipIsHIDTA": true, "mainZipHIDTARegionName": "NY/NJ", "mainZipDrugTraffickingRiskLevel": 4, "mainZipNaicsStatsRiskLevel": 3, "mainZipGeographicAMLRiskScore": 78.4, "mainZipElderlyCategory": "4-Hgh", "mainZipMilesFromSWB": 1842.3, // Geo Analytics "mainZipToPhoneStateMatch": false, "mainZipToPhoneDistanceInMiles": 412.7, "mainZipToIPStateCdMatch": false, "mainZipToIPDistance": 893.1, // Counterparty FI "counterPartyFIName": "First National", "counterPartyBranchesClosestDistanceMiles": 247.8, "counterPartyToFIStateCdMatch": false }
From onboarding to transaction monitoring to investigations.
Enrich customer profiles at onboarding with zip-level AML risk scores, industry concentrations, and demographic risk factors for proportionate due diligence.
Feed geographic risk scores and cross-attribute anomalies (address vs. phone vs. IP vs. branch) into your TMS rules and models as predictive features.
Detect when counterparties bank far from their stated address using branch proximity analysis and routing number enrichment.
Flag incoming payments to high elderly-concentration zip codes with 5-tier risk classification for targeted monitoring of vulnerable populations.
Classify transactions using authorized/unauthorized fraud taxonomy with scam subcategories — romance, investment, government impersonation, and more.
Evaluate geographic risk before opening new branches, onboarding merchant portfolios, or expanding into new markets.
Geographic enrichment replaces manual analyst lookups and binary risk flags with ML-driven, zip-code-level intelligence.
Automated NAICS prediction replaces manual industry verification on transaction alerts.
ML risk scoring at zip-code level replaces county-wide HIDTA designations.
Onboarding reduced from weeks of manual lookups to milliseconds per request.
Get started with a demo or explore the full API documentation.
Every data category in the Geographic Risk API connects to specific regulatory requirements, FinCEN advisories, and known financial crime typologies.
The FFIEC BSA/AML Examination Manual requires institutions to assess risk across four pillars. Geographic location is one of them — and the one most institutions underinvest in.
Examiners evaluate whether your institution has considered geographic locations in its risk assessment. These use cases address that requirement directly.
The FFIEC manual explicitly identifies HIDTA and HIFCA designations as geographic risk factors examiners assess. Most institutions flag these at the county level, which is too coarse — a single HIDTA county can contain zip codes with vastly different risk profiles. GeoAML scores drug trafficking risk at the zip code level using ML, replacing binary county flags with a 5-tier risk classification. The 2026 National Money Laundering Risk Assessment and DEA's National Drug Threat Assessment both reinforce the importance of granular domestic geographic risk.
The FFIEC expects institutions to calibrate due diligence to the customer's risk profile, including their geographic location. GeoAML composite risk scores can be integrated into customer risk rating engines at onboarding, enabling proportionate CDD — standard diligence for low-risk geographies, enhanced review for high-risk. This replaces the manual analyst lookups that currently bottleneck onboarding and can reduce enrichment time from weeks to milliseconds via API.
FinCEN's MSB guidance and the FFIEC manual highlight the risk posed by money services businesses, cash-intensive businesses, and non-bank financial institutions. NAICS-based industry risk scoring identifies zip codes with high concentrations of MSBs, NBFIs, gambling operations, third-party payment processors, private ATM operators, and other high-risk business types. Particularly relevant for merchant acquiring, where NAICS export codes near ports and airports can indicate trade-based money laundering vulnerability.
Border proximity is a key risk factor for drug trafficking, human smuggling, bulk cash movement, and transnational criminal organization activity.
The US-Mexico border is the primary corridor for illegal drug smuggling into the US, with associated money laundering through bulk cash, trade-based schemes, and real estate. FinCEN has issued specific alerts on oil smuggling and suspicious real estate activity along the Southwest border. The API returns precise distance in miles from any zip code to the border, enabling institutions to set risk thresholds based on their exposure. Combined with HIDTA data and drug trafficking ML scores, this creates a multi-layered border risk picture.
The US-Canada border is an emerging risk area as Canada becomes a global leader in synthetic drug production. Fentanyl precursors, synthetic opioids, and cannabis flow south, while firearms flow north. The DOJ has pursued cases involving alien smuggling across the Canadian border, and the 2025 Executive Order on border duties underscores the policy shift toward treating the northern border as a significant threat. Most competitor products omit northern border risk entirely.
TBML is a primary method used by transnational criminal organizations to launder drug proceeds. A known typology involves concentrations of import/export businesses near international airports and ports — particularly in regions like South Florida, where investigations have uncovered networks laundering drug trafficking proceeds through phantom shipments. The TBML vulnerability indicator combines NAICS data, geographic proximity to trade infrastructure, and known TBML-vulnerable areas.
Geographic intelligence adds a critical dimension to fraud detection — revealing mismatches between where customers claim to be and where their activity originates.
FinCEN's 2022 Advisory identified 24 behavioral and financial red flags and requested institutions file SARs using the "EFE FIN-2022-A002" key term. Follow-up analysis found 155,000+ EFE-related BSA reports totaling $27 billion in suspicious activity in a single year. Common scams include government impersonation (8%), romance scams (9%), tech support (10%), and account takeover (22%). The GeoExtend product identifies zip codes with high concentrations of residents aged 62+ using a 5-tier classification, enabling institutions to flag incoming payments to high-elderly areas.
A major shift is underway: street gangs are pivoting from drug trafficking to identity fraud, check fraud, and benefits fraud because sentences are dramatically lighter. From the Crips in Long Beach to Miami's Everybody Eats organization, gangs have been caught purchasing stolen identities from Russian dark web sites. The Minnesota child nutrition fraud case — $250M+ in exploited pandemic-era programs — shows how geographic concentration of fraudulent activity is a detectable signal. GeoExtend includes curated gang territory mapping across all 50 states.
Authorized push payment fraud — where victims are manipulated into sending money to scammers — is the fastest-growing fraud category. After regulatory pressure, Zelle began offering refunds for imposter scams in 2023. The API includes a Fraud & Scam Classification taxonomy distinguishing authorized fraud (manipulation, acting fraudulently, modified payment info) from unauthorized fraud (account takeover, misused accounts), with scam subcategories: merchandise, investment, property, romance imposter, government imposter, bank imposter, business imposter, and trusted party schemes.
FinCEN's alert documented a sharp increase in stolen checks being washed and re-negotiated by organized rings operating in specific geographic clusters. Geographic analytics can flag when a check is deposited far from the originating address or in a known mail-theft-active area. GeoAnalytics cross-references the customer's zip code against the counterparty's zip, phone area code, and IP address — mismatches across these dimensions are strong fraud signals for check fraud, mobile deposit fraud, and account takeover.
When a customer's address, phone, IP, and banking institution don't align geographically, that mismatch is itself a risk signal.
When a counterparty's stated address is hundreds of miles from their financial institution's nearest branch, it raises questions. The API enriches the counterparty's routing number to identify their FI, then calculates the distance to the FI's closest branch and checks for state/CBSA/zip matches. A mismatch is a known indicator of shell companies, money mules, and structuring schemes.
Money mule accounts exhibit a distinctive geographic fingerprint: rapid fund cycling, funds from unrelated sources, and geographic anomalies between address, phone, IP, and counterparties. GeoAnalytics computes address-to-phone state match, address-to-IP distance, phone-to-IP distance, and address-to-counterparty distance — providing multiple independent mismatch signals that feed directly into TMS rules or ML models.
Before opening a new branch, onboarding a merchant portfolio, or expanding into a new market, institutions need to assess geographic risk. Examiners evaluate whether the risk assessment accounts for changes in geographic locations. The full API suite provides a comprehensive risk profile for any US zip code — combining AML risk factors, demographic data, industry concentrations, and TBML indicators — enabling compliance teams to produce data-driven risk assessments in minutes.
FinCEN's 2026 healthcare fraud advisory and the Minnesota child nutrition fraud alert both illustrate how fraudulent billing and benefits abuse concentrate geographically. Healthcare fraud rings operate clusters of clinics in specific zip codes billing for services never rendered. NAICS industry data identifies unusual concentrations of healthcare providers and benefits-adjacent businesses, providing an early detection layer when combined with transaction monitoring.
See how the Geographic Risk Data API maps to your institution's specific compliance requirements.