Rules Engine API
API endpoints for managing AML detection rules, including CRUD operations and rule status toggling.
Base URL: /admin/aml/rules
Endpoints Summary
| Method | Endpoint | Description |
|---|---|---|
| GET | /admin/aml/rules | List all rules |
| GET | /admin/aml/rules/:ruleId | Get single rule |
| POST | /admin/aml/rules | Create rule |
| PUT | /admin/aml/rules/:ruleId | Update rule |
| PUT | /admin/aml/rules/:ruleId/toggle | Enable/disable rule |
List Rules
GET /admin/aml/rules
Query Parameters:
| Parameter | Type | Description |
|---|---|---|
enabled | boolean | Filter by enabled status |
ruleType | string | Filter by rule category |
Returns: Array of rule objects
Get Single Rule
GET /admin/aml/rules/:ruleId
Returns: Full rule object with all configuration details
Create Rule
POST /admin/aml/rules
Request Body:
| Field | Type | Required | Description |
|---|---|---|---|
ruleId | string | Yes | Unique rule identifier (e.g., AML-TH-002) |
name | string | Yes | Human-readable name |
description | string | No | What this rule detects |
category | string | No | Rule category |
conditions | object | Yes | Rule parameters and thresholds (JSON) |
actions | object | No | Actions when triggered |
severity | string | No | LOW, MEDIUM, HIGH, CRITICAL |
isActive | boolean | No | Enable on creation (default: false) |
priority | number | No | Evaluation priority |
Update Rule
PUT /admin/aml/rules/:ruleId
Updatable Fields: name, category, severity, description, conditions, actions, isActive, priority
Toggle Rule Status
PUT /admin/aml/rules/:ruleId/toggle
Enables or disables a rule. Returns updated rule with new status.
Rule Types (15 Categories)
| Type | Count | Description |
|---|---|---|
threshold | 3 | Transaction amount thresholds |
structuring | 2 | Transaction splitting to avoid thresholds |
velocity | 2 | Transaction frequency spikes |
behavioral | 4 | User behavior inconsistencies |
pep_related | 3 | Politically Exposed Person monitoring |
network_analysis | 3 | Fund flow graph analysis |
high_risk_transaction | 5 | ML typology patterns |
pattern_detection | 4 | Automated pattern matching |
account_lifecycle | 3 | New/dormant account monitoring |
digital_wallet | 3 | Wallet-specific (NFC, top-up) |
mobile_money | 2 | Mobile money monitoring |
vendor_specific | 3 | Vendor transaction patterns |
cft_related | 2 | Counter-terrorism financing |
regional_risk | 2 | Geographic risk (Eswatini) |
regulatory_reporting | 1 | Mandatory FIU reporting |
business_sector | 1 | Industry-specific risk |
Full Reference
See the AML Rules Catalog for all 43 rules with their parameters and current thresholds.
Conditions JSON Schema
The conditions field is a JSON object containing the rule's ruleType and type-specific parameters.
Threshold
json
{
"ruleType": "threshold",
"thresholdAmount": 4500,
"description": "Enhanced scrutiny for large transactions"
}Structuring
json
{
"ruleType": "structuring",
"thresholdAmount": 3000,
"thresholdCount": 5,
"timeWindowHours": 24,
"description": "Classic structuring to avoid CTR reporting"
}Velocity
json
{
"ruleType": "velocity",
"percentageChange": 300,
"timeWindowHours": 24,
"description": "Sudden increase in transaction activity"
}Behavioral
json
{
"ruleType": "behavioral",
"thresholdAmount": 2000,
"occupations": ["student", "unemployed", "retired", "homemaker"],
"description": "Transactions inconsistent with stated income"
}PEP Related
json
{
"ruleType": "pep_related",
"thresholdAmount": 2500,
"description": "Enhanced monitoring for PEPs"
}Network Analysis
json
{
"ruleType": "network_analysis",
"minSenders": 5,
"minTotalAmount": 10000,
"timeWindowHours": 24,
"description": "Fund consolidation pattern"
}Pattern Detection
json
{
"ruleType": "pattern_detection",
"minAmount": 3000,
"timeWindowMinutes": 60,
"similarityPercentage": 70,
"description": "Deposit-withdrawal cycle"
}Account Lifecycle
json
{
"ruleType": "account_lifecycle",
"inactiveDays": 30,
"thresholdAmount": 5000,
"description": "Dormant account reactivation"
}Digital Wallet
json
{
"ruleType": "digital_wallet",
"minAmount": 3000,
"timeWindowMinutes": 30,
"topupPercentageTransferred": 80,
"description": "Top-up-to-transfer pass-through"
}Regional Risk
json
{
"ruleType": "regional_risk",
"regions": ["Hhohho", "Lubombo", "Matsapha"],
"description": "Border regions with cross-border crime risk"
}Regulatory Reporting
json
{
"ruleType": "regulatory_reporting",
"reportingThreshold": 50000,
"description": "Mandatory FIU reporting (MLTFP Act Section 13)"
}Severity Levels
| Level | Description | Typical Response |
|---|---|---|
LOW | Minor anomaly | Log only |
MEDIUM | Moderate concern | Create alert |
HIGH | Significant risk | Block + alert |
CRITICAL | Immediate threat | Block + escalate |
Error Responses
| Status | Error | Description |
|---|---|---|
| 404 | Rule not found | Invalid rule ID |
| 400 | Invalid priority value | Invalid configuration |
Related Documentation
- AML Rules Catalog — Complete reference of all 43 rules
- Rules Engine Dashboard — Admin UI
- AML Monitoring — Alert management
- Monitoring Config API — Monitoring configuration