In the Anti-Money Laundering (AML) system, a risk for an address can be defined in three ways depending on the input data:

• Individual Labeling Risk ("Reported") - This is the process of assigning a category or label to an address, usually by an analyst or investigator. Information gathered from the internet, forums, police, and other sources can be used for this labeling. It includes data such as the category and the owner (Owner).
• Cluster Risk ("Cluster") - A cluster denotes a group of addresses that are linked based on certain characteristics, such as similar transactions or involvement in joint operations. A cluster can be labeled (when a category is assigned to it) or unlabeled. The risk of cluster labeling assesses the level of risk associated with addresses within a specific cluster.
• Calculated Risk ("Calculated") - This is a numerical assessment that represents the level of risk associated with a specific event, action, or entity, such as an address or transaction.

Risk Value in Different Types of Labeling

1. Individual Labeling: For individual labeling, the risk value is taken from the Category directory.
2. Cluster Labeling: Similarly, for cluster labeling, the risk value is also extracted from the Category directory.
3. Mathematical Labeling: In the case of mathematical labeling, the risk value is determined as a proportion of all incoming transactions where the transfer of funds was made from addresses with a specific labeling, or went through several intermediate steps in the transfer process.

Risk Priorities

To calculate the final risk level for an address, risk is determined based on three sources in the following order of priority:

1. Manually Labeled Risk ("Reported"): If the risk for an address has already been determined and manually labeled based on evidence, this level of risk will be used.
2. Cluster Risk ("Cluster"): If the address belongs to a cluster and a risk has been defined for that cluster, then this level of risk will be used.
3. Algorithmic Risk ("Calculated"): If no manually labeled or cluster risks are defined for the address, the algorithmically calculated risk will be used.