As an Electronic Money Institution licensed by the Bank of Greece and offering services including electronic wallets, IBAN-connected accounts, and card payment processing, OTE/COSMOTE Group Payments faces significant regulatory pressure to implement robust Anti-Money Laundering (AML) measures in line with relevant regulations.

The payment service provider ecosystem is particularly vulnerable to money laundering schemes due to the volume of transactions, potential for anonymity, and cross-border nature of many payments. Traditional rule-based AML systems generate excessive false positives (often exceeding 95%) while still missing sophisticated laundering techniques that deliberately stay below detection thresholds.

With regulatory fines for AML non-compliance reaching into millions of euros and the potential for criminal liability, improved detection capabilities represent both a compliance necessity and a competitive advantage.

This pilot will integrate CyberAId’s advanced technologies to create a multi-layered AML detection system that significantly improves accuracy while reducing false positives. Based on a combination of graph-based network analysis, advanced anomaly detection, and LLM-powered contextual reasoning, the solution will detect sophisticated money laundering patterns that traditional systems miss, particularly in e-wallet and card payment ecosystems. The following use cases are envisaged.

This use case implements advanced graph analytics to map transaction networks and detect hidden relationships indicative of money laundering. The system will build dynamic transaction graphs connecting entities across COSMOTE Payments’ e-wallet and card payment ecosystems, identifying suspicious patterns such as structuring (breaking large transactions into smaller ones), smurfing (using multiple accounts for transfers), and layering (moving money through multiple accounts to obscure origins).

By analysing temporal patterns, relationship depths, and transaction velocities, the system will detect coordinated activities that might indicate organized money laundering operations. The solution will particularly focus on identifying shell company activities and nominee accounts through unusual transaction patterns and behavioural inconsistencies, while maintaining a low false positive rate through contextual validation.

This use case focuses on enhancing AML detection through the integration of CyberAId-MONITOR log analysis capabilities with transaction monitoring systems. The solution will ingest diverse data sources including transaction logs, authentication events, and API access patterns into Wazuh, applying custom detection rules optimized for AML use cases. The system will implement multi-stage correlation rules that connect user behaviours, device information, and transaction patterns to identify coordinated activities across seemingly unrelated accounts.

Based on eBPF-based monitoring, the solution will gain deep visibility into system-level activities that might indicate compromise of payment processing systems, a common vector for sophisticated money laundering operations. The Wazuh integration will provide audit trails for regulatory compliance, which will generate detailed evidence packages for suspected money laundering cases, notably cases that meet regulatory requirements for suspicious activity reporting.

This use case leverages CyberAId’s LLM orchestration layer and DIÓSCURI digital twin technology to transform AML alert investigation through advanced contextual analysis and scenario simulation. The system will create a secure digital replica of the payment processing environment within the DIÓSCURI digital twin, allowing investigators to safely simulate and analyse suspicious transaction patterns without risking production systems. By recreating transaction flows within this virtualized environment, investigators can trace money movements, test hypotheses about potential laundering patterns, and visualize complex networks that might otherwise remain hidden.

The LLM orchestration layer will automatically gather relevant context for each alert, including historical customer behaviour, transaction patterns, and relationship networks, presenting this information through an intuitive interface with natural language explanations. This combination of simulation capabilities and AI-driven analysis will significantly reduce false positives while providing investigators with powerful tools to understand sophisticated laundering mechanisms. The system will also generate investigation narratives and supporting documentation for regulatory filings based on insights gained through the digital twin simulations, ensuring detailed and accurate reporting.