# Lesson 2: Suspicious Transaction Analysis - Chain-of-Thought and ReACT (SOLUTION)

## Systematic Reasoning for Financial Risk Detection

This is the complete solution for implementing Chain-of-Thought and ReACT methodologies for suspicious financial transaction analysis.

## Outline:

- **Basic Transaction Analysis**: Baseline analysis without structured reasoning
- **Chain-of-Thought Implementation**: Systematic 5-step reasoning framework
- **ReACT Framework Development**: Observation → Thought → Action cycles
- **Complex Scenario Analysis**: Multi-layered suspicious pattern analysis
- **Performance Comparison**: Evaluate different reasoning approaches

## Setup Instructions

Before starting this exercise:

1. **Install Required Packages**: Run `pip install -r ../../requirements.txt` in your terminal
2. **Configure API Key**: 
   - Open the `.env` file in the root directory
   - Replace `your_openai_api_key_here` with your actual OpenAI API key
   - Save the file
3. **Verify Setup**: Run the import and setup cells below to ensure everything works

**Note**: The notebook automatically loads your API key from the `.env` file in the root directory.

In [1]:
# Import necessary libraries
import os
from dotenv import load_dotenv
from openai import OpenAI
from IPython.display import Markdown, display
import json
from datetime import datetime

# Load environment variables from the root .env file
load_dotenv('../../.env')

True

In [None]:
# Setup OpenAI client for Vocareum environment
client = OpenAI(
    base_url="https://openai.vocareum.com/v1",
    api_key=os.getenv("OPENAI_API_KEY")  # Load from .env file
)

def get_completion(system_prompt, user_prompt, model="gpt-4o-mini"):
    """
    Function to get a completion from the OpenAI API.
    Args:
        system_prompt: The system prompt
        user_prompt: The user prompt  
        model: The model to use (default is gpt-4o-mini)
    Returns:
        completion text
    """
    try:
        response = client.chat.completions.create(
            model=model,
            messages=[
                {"role": "system", "content": system_prompt},
                {"role": "user", "content": user_prompt},
            ],
            temperature=0.7,
        )
        return response.choices[0].message.content
    except Exception as e:
        return f"An error occurred: {e}"

## Suspicious Transaction Scenarios

We'll use these transaction scenarios throughout the exercise to test different reasoning approaches:

In [3]:
# Scenario 1: Potential Structuring Pattern
scenario_1 = """
Transaction Analysis Request:

Customer: Maria Santos (Individual Account)
Account Type: Personal Checking
Account Age: 3 years
Occupation: Restaurant Manager
Monthly Income: $4,500

Recent Transaction Pattern (Past 14 days):
- 8 cash deposits: $9,800, $9,750, $9,900, $9,850, $9,700, $9,950, $9,600, $9,825
- All deposits made at different branch locations
- Deposits made by customer personally (verified by branch cameras)
- Total deposited: $78,375 over 14 days
- No significant withdrawals during this period

Customer Explanation: "Cash tips from restaurant work have been really good lately"

Additional Context:
- Restaurant typically handles $15K daily revenue
- Customer's typical monthly deposits: $4,000-5,000
- No previous suspicious activity flags
- Customer seemed nervous when questioned by branch manager

Question: Analyze this transaction pattern for potential suspicious activity.
"""

# Scenario 2: Complex Multi-Entity Pattern
scenario_2 = """
Transaction Analysis Request:

Entity Network Analysis:
- Company A: TechFlow Solutions LLC
- Company B: Digital Innovations Corp
- Company C: CloudTech Services Inc.
- Individual: Robert Chen (Owner/Officer of all three companies)

Transaction Pattern (Past 30 days):
1. TechFlow receives $2.3M wire from overseas client (Singapore)
2. TechFlow immediately transfers $800K to Digital Innovations
3. Digital Innovations transfers $750K to CloudTech Services
4. CloudTech Services transfers $700K to Robert Chen personal account
5. Robert Chen wires $650K to offshore account (Cayman Islands)
6. Process repeats with slight variations 3 more times

Business Justification: "Inter-company loans and profit distributions"

Red Flags:
- All companies registered within 6 months
- Minimal business activity outside these transfers
- Offshore destination has no clear business relationship
- Pattern designed to obscure fund trail
- Total: $8.7M moved offshore in 30 days

Question: Conduct comprehensive analysis for potential money laundering activity.
"""

print("Transaction scenarios loaded for analysis...")

Transaction scenarios loaded for analysis...


## 1. Basic Transaction Analysis

First, let's see how a basic AI assistant analyzes suspicious transactions without structured reasoning frameworks.

In [4]:
# Basic analysis without structured reasoning
basic_prompt = "You are a financial compliance analyst. Analyze the following transaction pattern for suspicious activity."

print("=== BASIC ANALYSIS - SCENARIO 1 ===")
response = get_completion(basic_prompt, scenario_1)
print(response)
print("\n" + "="*80 + "\n")

=== BASIC ANALYSIS - SCENARIO 1 ===
Based on the provided transaction pattern for Maria Santos, several factors suggest potential suspicious activity:

1. **Volume of Cash Deposits**: Over the past 14 days, Maria made 8 cash deposits totaling $78,375. This amount is significantly higher than her typical monthly deposits of $4,000 to $5,000. The sudden increase in cash deposits raises a red flag, as it deviates substantially from her established banking behavior.

2. **Source of Funds**: Maria claims that the cash deposits are from tips earned at her restaurant job. While cash tips can be a legitimate source of income, the amount deposited in such a short time frame is unusually high, especially considering her monthly income of $4,500. This discrepancy suggests that the cash may not solely be from legitimate tips.

3. **Frequency and Amount of Deposits**: The deposits are consistently high and made in a short time frame, averaging around $9,796 per deposit. This pattern of frequent, hi

## 2. Chain-of-Thought Transaction Analysis (SOLUTION)

Now let's implement systematic Chain-of-Thought reasoning with a structured 5-step framework.

In [5]:
# SOLUTION: Complete Chain-of-Thought prompt structure
cot_prompt = """
You are a Senior Financial Crimes Analyst with expertise in suspicious activity detection.

Use the following Chain-of-Thought reasoning framework to analyze transactions:

Step 1: Data Review
- Examine transaction amounts, frequencies, and timing patterns
- Review customer profile, account history, and income sources
- Identify any unusual characteristics compared to historical behavior
- Check for regulatory thresholds and reporting requirements

Step 2: Pattern Recognition
- Look for structuring patterns (amounts just below $10,000 reporting threshold)
- Identify unusual transaction behaviors or locations
- Detect layering activities or complex routing of funds
- Recognize industry-specific red flags and typologies

Step 3: Risk Assessment
- Calculate transaction volume relative to customer's stated income
- Evaluate consistency with customer's business or occupation
- Assess geographic and jurisdictional risks
- Determine overall suspicion level (Low/Medium/High)

Step 4: Regulatory Analysis
- Apply BSA/AML regulations and reporting requirements
- Consider if Currency Transaction Reports (CTR) or Suspicious Activity Reports (SAR) are needed
- Reference FinCEN guidance and typologies
- Evaluate record-keeping and monitoring obligations

Step 5: Conclusion and Recommendations
- Provide clear determination on suspicious activity level
- Recommend specific next steps (monitoring, reporting, investigation)
- Document rationale for regulatory examination
- Suggest additional investigation steps if needed

Think through each step systematically and show your reasoning clearly.
"""

print("=== CHAIN-OF-THOUGHT ANALYSIS - SCENARIO 1 ===")
response = get_completion(cot_prompt, scenario_1)
print(response)
print("\n" + "="*80 + "\n")

=== CHAIN-OF-THOUGHT ANALYSIS - SCENARIO 1 ===
### Step 1: Data Review
- **Transaction Amounts, Frequencies, and Timing Patterns**: Maria made 8 cash deposits totaling $78,375 over 14 days. Each deposit amount is just below the $10,000 reporting threshold, which is suspicious.
- **Customer Profile and Account History**: Maria has a personal checking account that has been active for 3 years. Her stated monthly income is $4,500, and her typical monthly deposits range from $4,000 to $5,000. The recent deposit pattern is significantly higher than her historical behavior.
- **Unusual Characteristics**: The total deposits of $78,375 in 14 days are inconsistent with her historical monthly deposits. Additionally, the fact that all deposits are made in cash and at different branch locations raises red flags.
- **Regulatory Thresholds**: The amounts deposited are structured to avoid triggering Currency Transaction Reports (CTR), which require reporting for cash transactions over $10,000.

### St

## 3. ReACT Framework for Investigation (SOLUTION)

Now let's implement the ReACT framework that combines reasoning with specific investigative actions.

In [6]:
# SOLUTION: Complete ReACT framework prompt
react_prompt = """
You are a Financial Crimes Investigator using the ReACT (Reasoning and Acting) framework.

For each analysis, follow this cycle:

OBSERVATION: Examine the specific details of transaction data and customer behavior

THOUGHT: Apply systematic reasoning to identify patterns and assess risk factors

ACTION: Determine specific investigative steps or regulatory actions needed

Continue this cycle until you reach a conclusion. Each cycle should build on previous observations.

Possible Actions include:
- Request additional transaction history or documentation
- Conduct enhanced due diligence on customer
- Review comparable customer profiles for benchmarking
- Consult with compliance officers or legal counsel
- File Currency Transaction Reports (CTR) if required
- Prepare Suspicious Activity Report (SAR) if warranted
- Implement enhanced monitoring protocols
- Escalate to senior management

Format your response as:
OBSERVATION 1: [what you notice]
THOUGHT 1: [your reasoning]
ACTION 1: [specific step to take]

OBSERVATION 2: [new information or deeper analysis]
THOUGHT 2: [updated reasoning]
ACTION 2: [next step]

[Continue until conclusion]
"""

print("=== ReACT FRAMEWORK ANALYSIS - SCENARIO 1 ===")
response = get_completion(react_prompt, scenario_1)
print(response)
print("\n" + "="*80 + "\n")

=== ReACT FRAMEWORK ANALYSIS - SCENARIO 1 ===
OBSERVATION 1: Maria Santos has made a total of 8 cash deposits amounting to $78,375 over the past 14 days, significantly exceeding her typical monthly deposits of $4,000-5,000. All deposits were made in cash and at different branch locations.

THOUGHT 1: The volume and frequency of cash deposits are highly unusual for a personal checking account, especially for someone with a monthly income of $4,500. The explanation of "cash tips" does not adequately justify the large sums deposited, especially considering the restaurant's daily revenue and her typical deposit patterns. The nervous behavior when questioned may indicate discomfort with the situation, suggesting potential awareness of the unusual nature of her transactions.

ACTION 1: Request additional transaction history for the past 6 months to analyze her deposit patterns over a longer period. This will help determine if this recent spike is an anomaly or part of a larger trend.

OBSERV

## 4. Complex Suspicious Activity Analysis

Let's apply both frameworks to the more complex multi-entity money laundering scenario.

In [7]:
# Test CoT on complex scenario
print("=== CHAIN-OF-THOUGHT ANALYSIS - COMPLEX SCENARIO ===")
response = get_completion(cot_prompt, scenario_2)
print(response)
print("\n" + "="*80 + "\n")

print("=== ReACT FRAMEWORK ANALYSIS - COMPLEX SCENARIO ===")
response = get_completion(react_prompt, scenario_2)
print(response)
print("\n" + "="*80 + "\n")

=== CHAIN-OF-THOUGHT ANALYSIS - COMPLEX SCENARIO ===
Let's conduct a comprehensive analysis of the transactions involving TechFlow Solutions LLC, Digital Innovations Corp, CloudTech Services Inc., and Robert Chen using the Chain-of-Thought reasoning framework.

### Step 1: Data Review
- **Transaction Amounts, Frequencies, and Timing Patterns**: 
  - The transactions involve large sums of money, with a total of $8.7M moved offshore in just 30 days. The amounts transferred between the companies and to Robert Chen's personal account are significant and consistent.
  
- **Customer Profile, Account History, and Income Sources**: 
  - All three companies are newly registered (within 6 months), which raises questions about their operational history and revenue generation capabilities. There is no evidence of substantial business activity outside of these transfers.

- **Unusual Characteristics**: 
  - The rapid movement of funds between newly established companies and the immediate transfer t

## 5. Reasoning Method Comparison

Let's compare the effectiveness of different reasoning approaches.

In [8]:
# SOLUTION: Comprehensive comparison using borderline case
comparison_scenario = """
Borderline Case for Testing:

Customer: Small Import Business
- Monthly wire transfers: $200K to suppliers in Thailand
- Business registration and licenses current
- Some documentation gaps in supplier verification
- Owner has clean background check
- Transactions consistent with import business model
- Industry research shows legitimate need for overseas suppliers

Question: Should this case be escalated for further investigation?
"""

print("=== BASIC APPROACH ===")
basic_result = get_completion(basic_prompt, comparison_scenario)
print(basic_result)

print("\n=== CHAIN-OF-THOUGHT APPROACH ===")
cot_result = get_completion(cot_prompt, comparison_scenario)
print(cot_result)

print("\n=== ReACT APPROACH ===")
react_result = get_completion(react_prompt, comparison_scenario)
print(react_result)

print("\n" + "="*80 + "\n")

=== BASIC APPROACH ===
Based on the provided transaction pattern and details, here are the factors to consider for determining whether this case should be escalated for further investigation:

1. **Transaction Volume**: The monthly wire transfers of $200K to suppliers in Thailand are significant. While they are consistent with an import business model, the volume should be monitored to ensure it aligns with the business's revenue and operational needs.

2. **Documentation Gaps**: There are noted gaps in supplier verification documentation. This is a critical red flag, as proper due diligence is necessary to ensure that the suppliers are legitimate and that the funds are not being funneled to illicit activities.

3. **Business Registration and Licenses**: The business is registered and has current licenses, which is a positive indicator. However, this alone does not mitigate the risks associated with the gaps in supplier verification.

4. **Owner Background Check**: The owner has a clea

## 6. Reflection & Best Practices (SOLUTION)

Let's reflect on the different reasoning approaches and their effectiveness.

### Which reasoning methodology was most effective for financial analysis and why?

**SOLUTION: Analysis of Different Approaches**

**Chain-of-Thought Analysis:**
- Strengths: Systematic, thorough, covers all regulatory aspects, provides clear audit trail
- Weaknesses: Can be lengthy, may over-analyze simple cases, requires substantial prompt engineering
- Best Use Cases: Complex investigations, regulatory examinations, training scenarios, policy development

**ReACT Framework Analysis:**
- Strengths: Action-oriented, iterative refinement, practical investigation steps, adapts to new information
- Weaknesses: Can be verbose, may get stuck in observation loops, requires clear action definitions
- Best Use Cases: Active investigations, case management workflows, real-time analysis, escalation decisions

**Overall Comparison:**
- Which approach provided more thorough analysis? Chain-of-Thought provides more comprehensive systematic analysis
- Which approach was easier to follow? ReACT framework provides clearer step-by-step progression
- Which approach would be better for regulatory compliance? Chain-of-Thought better meets audit documentation requirements
- How might you combine both approaches? Use Chain-of-Thought for initial analysis and ReACT for investigation workflows

## Summary

In this complete solution, we explored systematic reasoning approaches for financial analysis:

1. **Basic Analysis**: Established baseline performance without structured reasoning
2. **Chain-of-Thought**: Implemented systematic 5-step reasoning framework
3. **ReACT Framework**: Combined reasoning with specific investigative actions
4. **Complex Scenarios**: Applied reasoning to multi-layered suspicious patterns
5. **Performance Comparison**: Evaluated different approaches on same scenarios

## Key Solution Insights:

### **Chain-of-Thought Advantages:**
- **Systematic Structure**: 5-step framework ensures comprehensive analysis
- **Regulatory Alignment**: Matches examination expectations and audit requirements
- **Consistency**: Standardized approach reduces analyst variation
- **Documentation**: Clear reasoning trail for regulatory review

### **ReACT Framework Advantages:**
- **Action-Oriented**: Connects reasoning to specific investigative steps
- **Iterative Refinement**: Adapts analysis based on new information
- **Practical Application**: Guides real-world investigation workflows
- **Dynamic Response**: Adjusts approach based on case complexity

### **Best Practices for Financial Analysis:**
- **Structured Reasoning**: Use systematic frameworks to improve analysis quality
- **Transparent Process**: Maintain clear reasoning trails for audit purposes
- **Context Adaptation**: Choose appropriate reasoning approach based on case complexity
- **Action Integration**: Connect analytical reasoning to concrete next steps
- **Quality Assurance**: Build in review checkpoints and validation steps

These techniques provide valuable frameworks for building systematic reasoning into financial compliance systems! 🎉