Real-time API delivering ML-driven risk scores, geospatial analytics, and cross-attribute anomaly detection across 41,000+ US zip codes.
Choose what you need — from core AML risk factors to fraud detection and fully customizable scoring.
Send a transaction or entity. Get back enriched risk intelligence in real time.
1B+ data points from government, financial, and proprietary sources
Standardize across zip, county, CBSA, state, and country layers
Select and transform predictive features for ML models
Train models for drug trafficking, industry risk, and anomaly detection
Return scored, tiered risk levels via API or data file delivery
// Enriched response (simplified) { "mainZipIsHIDTA": true, "mainZipDrugTraffickingRiskLevel": 4, "mainZipGeographicAMLRiskScore": 78.4, "mainZipElderlyCategory": "4-Hgh", "mainZipToPhoneStateMatch": false, "mainZipToIPDistance": 893.1, "counterPartyBranchesClosestDistanceMiles": 247.8 }
From onboarding to transaction monitoring to investigations.
Enrich customer profiles at onboarding with zip-level AML risk scores and demographic risk factors.
Feed geographic risk scores and cross-attribute anomalies into your TMS rules and models.
Detect when counterparties bank far from their stated address using branch proximity analysis.
Flag incoming payments to high elderly-concentration zip codes with 5-tier risk classification.
Classify transactions using authorized/unauthorized fraud taxonomy with scam subcategories.
Evaluate geographic risk before opening new branches or expanding into new markets.
Geographic enrichment replaces manual analyst lookups and binary risk flags.
Automated NAICS prediction replaces manual industry verification.
ML risk scoring at zip-code level replaces county-wide designations.
Onboarding reduced from weeks to milliseconds per request.
Get started with a demo or explore the full API documentation.
The core AML risk engine. Scores every US zip code across drug trafficking, financial crime designations, border proximity, industry risk, and trade-based money laundering.
Each factor contributes to a composite GeoAML Risk Score and Level, calculated from machine learning, curated intelligence, and expert features.
High Intensity Drug Trafficking Areas designated by ONDCP. Scored at zip-code level, not county.
High Intensity Financial Crime Areas with elevated money laundering activity.
FinCEN-issued orders imposing additional reporting on specific areas.
Distance to the US-Mexico border. Primary corridor for drug smuggling.
ML-derived risk within HIDTA and non-HIDTA regions. 5-tier classification.
NAICS-based industry risk. MSBs, CIBs, NBFIs, TPPPs, and more.
Cross-border payment probability risk indicators.
TBML vulnerability. Import/export concentrations near ports and airports.
Binary flag — entire county is HIDTA or not. No differentiation between high-crime urban zip and quiet suburban one. Massive over-alerting.
5-tier risk classification at zip level using ML across the KYG framework. Processes 1B+ data points for granular, defensible risk scores.
Request a demo to see how zip-code-level ML scoring compares to your current approach.
Purpose-built risk indicators for elder exploitation, gang-driven fraud, impersonation scams, check fraud, and out-of-jurisdiction banking.
Distance between customer zip and their FI's closest branch. When a counterparty banks hundreds of miles from their stated address, it signals shell companies, nominee accounts, or money mule operations. Includes branch count by state/CBSA, FI asset size, charter type, and de novo status.
5-tier classification of zip codes by elderly population concentration (Very Low → Very High). Enables enhanced monitoring on payments to retirement-heavy areas. FinCEN's trend analysis found 155,000+ EFE reports totaling $27B in one year — scams accounted for 80% (impersonation, romance, tech support, account takeover). Elderly category data includes demographic breakdown by zip for age 62+.
Flags when a counterparty's FI has no branches near their stated address. Combines routing number enrichment with geographic distance calculations. A customer in rural Montana banking through a South Florida institution is a pattern associated with structuring, layering, and third-party money laundering.
Curated gang territory data across all 50 states. Street gangs are pivoting from drug trafficking to identity fraud, check fraud, and benefits fraud because sentences are dramatically lighter. From the Crips to Miami's Everybody Eats organization, gangs have been caught purchasing stolen identities from dark web sites. Geographic overlay of transaction patterns against known gang-active regions adds a detection layer that traditional AML systems miss.
Flag incoming payments to High/Very High elderly concentration zips. Cross-reference with counterparty distance — a wire from a distant, unknown sender to a high-elderly zip is a stronger signal than local activity. Common scam types: government impersonation (8%), romance (9%), tech support (10%), account takeover (22%).
When clusters of identity fraud, check fraud, or benefits fraud originate from known gang-active zip codes, that spatial correlation is a detection signal invisible to traditional transaction monitoring. The Minnesota child nutrition fraud case ($250M+) showed how geographic concentration of fraudulent activity is detectable.
Fraud & Scam Classification taxonomy: authorized vs. unauthorized, with scam subcategories including romance, government, bank, and business impersonation. Geographic mismatch between victim and beneficiary adds a scoring dimension.
FinCEN documented stolen checks washed and re-negotiated by organized rings in specific geographic clusters. When a check is deposited far from the originating address, GeoAnalytics cross-attribute matching provides multiple independent fraud signals.
See how GeoFraud indicators integrate with your existing detection stack.
When a customer's address, phone, IP, and banking institution don't align geographically, that mismatch is itself a risk signal.
State match, CBSA match, and distance between customer zip and phone area code.
Country, state match, and distance between customer zip and geolocated IP.
State match and distance between phone area code reference and IP geolocation.
State, CBSA match and distance between customer and counterparty.
State, CBSA, zip match between counterparty address and their FI.
Miles to counterparty FI's nearest branch. Plus branch distribution by state and CBSA.
See how cross-attribute matching catches what single-dimension monitoring misses.
Enrich customer and counterparty records with phone, IP, address, bank routing, branch proximity, legal entity intelligence, and ML-driven NAICS prediction.
State, latitude, longitude from phone area code for geographic comparison.
Country, region, city, zip, lat/lng, timezone from IPv4/IPv6.
CBSA, neighborhood, demographics, county/state normalization.
FI name, city, state, FDIC class, charter, assets, deposits, net income, branch count, de novo, community bank flag.
Nearest branch distance, distribution by state/CBSA, total branch count.
Individual vs. business NLP classification from counterparty name.
FFIEC frames entity risk by sector, structure, and address. FinCEN's shell-company and BEC guidance make these control points explicit.
There is no official regulatory blacklist of NAICS codes, but FFIEC expects a sector-based risk model. High-risk sectors include MSBs/NBFIs, cash-intensive businesses, independent ATM operators, and entities where source of funds, licensing, or business purpose is hard to validate. FFIEC notes that independent ATM operators are not automatically high risk, but higher risk arises when cash replenishment comes from unknown sources. Our data flags MSB registration status and concentration by zip code.
FinCEN's shell-company guidance identifies transacting businesses that share the same address or provide only a registered agent's address as a suspicious indicator. FFIEC repeats this in its red-flags appendix. A registered-agent address is not illegal, but it becomes a risk indicator when combined with no real operating footprint, mismatched goods vs. transaction activity, opaque beneficial ownership, many entities at one address, or recent formation followed by unusual payment activity.
FinCEN's BEC advisory describes schemes where criminals impersonate legitimate counterparties. The 2024 joint notice on Mexico timeshare fraud specifically identifies scammers using real or fake websites, business names, addresses, and registrations to appear legitimate. Newly formed entities that mimic established business names, domains, or registration patterns are squarely within the fraud red-flags regulators expect firms to detect.
Cross-reference counterparty names against a curated watchlist of cryptocurrency exchanges, DeFi platforms, and virtual asset service providers for enhanced monitoring under FinCEN's virtual currency guidance.
When NAICS codes aren't available, our NLP model predicts them from entity name and address — then flags high-risk AML and fraud sector codes automatically.
Country code risk lists also available for international nexus scoring.
A practical control framework combining sector, entity, address, impersonation, and behavioral risk dimensions.
MSB/NBFI, cash-intensive, independent ATM, export/import, payments-adjacent. NAICS-driven risk tiering rather than a hard blacklist.
New formation, no web presence or newly created domain, no verifiable operating footprint, ownership opacity.
Same address as many unrelated entities, RA-only address, mismatch between state of formation, claimed operations, and transaction geography.
Similar name to established business, near-match web domain, altered branding, inconsistent tax/licensing/contact data.
Early wire activity, high-velocity inbound/outbound funds, beneficiaries unrelated to stated business purpose.
Phone, IP, bank, legal entity, and NAICS intelligence — all from one API call.
Override default risk factor weights to calibrate geographic risk scores to your institution's specific regulatory posture.
A Southwest border bank weights border proximity differently than a Northeast community bank. GeoDynamic lets you set the weights.
Override HIDTA contribution to composite risk.
Override HIFCA contribution.
Override Southwest Border weighting.
Override Geographic Targeting Order contribution.
Adjust tier boundaries for drug trafficking risk.
Adjust NAICS-based industry risk tiers.
Adjust cross-border risk tiers.
Adjust TBML vulnerability scoring.
GeoDynamic adapts to your regulatory posture and business model.
All products available as structured data files for your data warehouse, risk rating engine, or analytics platform.
Standard pipe-separated for direct database ingestion.
Comma-separated for spreadsheet and analytics tools.
Native Excel for compliance teams and analysts.
Fixed-width for legacy system integration.
Custom formats tailored to your integration requirements.
Files delivered as delta updates or full refreshes, uploaded to your specified location or via secure transfer. Frequency is configurable.
We deliver in the format your systems require.
Every data category connects to specific regulatory requirements, FinCEN advisories, and known financial crime typologies.
The FFIEC BSA/AML Examination Manual requires institutions to assess risk across four pillars. Geographic location is one — and the one most institutions underinvest in.
GeoAML scores drug trafficking risk at zip code level using ML, replacing binary county flags with 5-tier classification.
Composite risk scores integrate into customer risk rating engines at onboarding for proportionate due diligence.
Identifies zip codes with high concentrations of MSBs, NBFIs, CIBs, TPPPs. NAICS export codes near ports indicate TBML vulnerability.
Precise distance from any zip to the border, combined with HIDTA and drug trafficking ML scores.
US-Canada border emerging as synthetic drug corridor. Most competitors omit this entirely.
TBML vulnerability indicator combining NAICS data, trade infrastructure proximity, and known vulnerable areas.
5-tier elderly concentration classification. 155,000+ EFE reports filed in one year.
Gang territory mapping across all 50 states for geographic overlay detection.
Fraud & Scam Classification taxonomy: authorized vs. unauthorized with scam subcategories.
Cross-attribute matching provides multiple independent fraud signals.
Counterparty FI branch distance analysis. Mismatches indicate shell companies and mule networks.
Multiple independent mismatch signals: address-to-phone, address-to-IP, phone-to-IP distances.
Comprehensive risk profile for any US zip code in minutes.
NAICS data identifies unusual concentrations of healthcare providers in specific zip codes.
See how the API maps to your compliance requirements.
Data Derivatives builds geographic risk intelligence infrastructure for the financial services industry.
The FFIEC requires institutions to assess risk across products, services, customers, and geography. Most invest heavily in the first three and treat geography as an afterthought — flagging entire counties as HIDTA or non-HIDTA and calling it done. The result is over-alerting, manual analyst lookups, and binary risk flags that examiners increasingly view as inadequate.
We aggregate data from hundreds of government, financial, and proprietary sources — DEA, FinCEN, Census, FDIC, NAICS, ONDCP — normalize it across zip, county, CBSA, state, and country layers, then apply machine learning to produce risk scores at the zip code level. The result is a KYG pipeline that replaces weeks of manual research with millisecond API responses.
Two decades of financial crime compliance, data engineering, and machine learning.
Built AML/fraud systems at major US banks. Designed 3,000+ fraud detection rules — then used ML to reduce them by 60%. Background spans software implementation, consulting, and fintech with deep expertise in BSA/AML transaction monitoring, case management, and regulatory reporting.
MBA with quantitative focus. Hands-on: REST APIs, supervised ML for NAICS prediction (NLP), unsupervised ML clustering for geographic risk regions, ML-automated trading. Full AWS stack — S3, Lambda, API Gateway, EC2, DynamoDB, SageMaker, Glue, Athena.
Invited speaker on geographic risk at conferences in London, Paris, Singapore, Toronto, Kuala Lumpur, and across the US. Regular contributor to ACAMS publications. The methodology behind this API has been presented to regulators and compliance teams worldwide.
Whether you're evaluating the API, need sample data, or want a custom demo — we're here.
New York, NY
We typically respond within one business day. For demos, we walk through the API using your institution's geographic footprint.
POST a transaction with customer, counterparty, address, phone, IP, and routing data. Get back enriched geographic risk intelligence in real time.
A flat JSON object with transaction context, entity details, and optional fraud classification. PII fields are SHA-256 hashed.
transactionId, transactionDateTimeUTC, transactionType, transactionMethod, moneyInOut, amount, currencyCd
mainEntityId, mainEntityName, mainEntityType, mainRoutingNumber, mainAccountNumber
mainEntityAddressLine1/2, mainEntityCity, mainEntityStateCd, mainEntityZipCd, mainEntityCountryCd, mainPhoneAreaCd, mainPhoneNumber, mainEmail
counterPartyName, counterPartyAddressLine1/2, counterPartyCity, counterPartyStateCd, counterPartyZipCd, counterPartyRoutingNumber, counterPartyAccountNumber
sessionId, ipAddress
fraudClassPartyPaymentInitiation (AUTHORIZED / UNAUTHORIZED), scam subcategories, deception type
Enriched geographic risk intelligence organized into structured sections. Over 190 fields across 8 response objects.
Geography, HIDTA/HIFCA/GTO flags, border distances, drug trafficking risk (ML), NAICS industry indicators (MSB, NBFI, CIB, TPPP, PSP, NGO, gambling, embassy, correspondent bank), TBML vulnerability, elderly category, composite AML risk score and level
Mirrors Main Zip Enriched for the counterparty's geography — same risk factors, NAICS indicators, and composite scoring applied to the counterparty's zip code
Cross-attribute geographic comparison: zip-to-phone, zip-to-IP, phone-to-IP, zip-to-counterparty, counterparty-to-FI match flags and distances
State code, latitude, longitude derived from phone area code
Country, region, city, zip, latitude, longitude, timezone from IPv4/IPv6 geolocation
Institution name, city, state, FDIC classification, charter type, assets, deposits, net income, office count, de novo status, community bank flag, CFPB flag
Total branches, closest branch zip & distance in miles, distinct zip count, matched zip count, distribution by state and CBSA
Entity type, legal type, DBA name, NAICS code/sector, crypto flag, formation date, registered agent details (name, address, state match, shell indicator), entity status, foundation type, assets, income, revenue, NMLS ID, URL, and business description
Contact us for credentials and your sandbox environment.
POST to /geo-analytics with your transaction payload.
Parse enriched fields into your TMS, CDD engine, or data warehouse.
Move to production with full field documentation and support.
Complete field-level documentation, sample payloads, and integration guides available upon request.
We typically respond within one business day. If you requested a demo, we'll reach out to schedule a walkthrough using your institution's geographic footprint.