Rules Engine
The Rules Engine manages 43 AML detection rules that trigger alerts based on transaction patterns, user behavior, and regulatory requirements.
Overview
- 43 rules across 15 detection categories
- Enable/disable individual rules via toggle
- Configure thresholds and parameters per rule
- Real-time rule evaluation on every transaction
- DB-enforcement layer for critical checks
Rule Categories (15)
| Category | Count | Description |
|---|---|---|
threshold | 3 | Transaction amount thresholds |
structuring | 2 | Transaction splitting detection |
velocity | 2 | Transaction frequency spikes |
behavioral | 4 | User behavior inconsistencies |
pep_related | 3 | Politically Exposed Person monitoring |
network_analysis | 3 | Fund flow graph analysis |
high_risk_transaction | 5 | ML typology pattern detection |
pattern_detection | 4 | Automated pattern matching |
account_lifecycle | 3 | New/dormant account monitoring |
digital_wallet | 3 | Wallet-specific patterns (NFC, top-up) |
mobile_money | 2 | Mobile money monitoring |
vendor_specific | 3 | Vendor transaction patterns |
cft_related | 2 | Counter-terrorism financing |
regional_risk | 2 | Geographic risk (Eswatini regions) |
regulatory_reporting | 1 | Mandatory FIU reporting |
business_sector | 1 | Industry-specific risk |
Full Reference
See the AML Rules Catalog for complete details on all 43 rules including their parameters and thresholds.
Rules Dashboard
Statistics
| Stat | Description |
|---|---|
| Total Rules | All configured rules (43) |
| Active Rules | Currently enabled rules |
| Disabled Rules | Rules turned off |
| Alerts Today | Alerts triggered today |
Table Columns
| Column | Description |
|---|---|
| Rule | Name and rule ID (e.g., AML-TH-002) |
| Type | Rule type classification |
| Category | Detection category |
| Severity | LOW, MEDIUM, HIGH, CRITICAL |
| Status | Toggle switch for enable/disable |
| Actions | Edit, View Statistics, Delete |
Severity Levels
| Level | Description | Typical Response |
|---|---|---|
| LOW | Minor anomaly | Log only |
| MEDIUM | Moderate concern | Create alert |
| HIGH | Significant risk | Block + alert |
| CRITICAL | Immediate threat | Block + escalate |
Rule Configuration
Rule Form Fields
| Field | Type | Required | Description |
|---|---|---|---|
| Rule Name | text | Yes | Display name for the rule |
| Rule ID | text | Yes | Unique identifier (e.g., AML-TH-002) |
| Rule Type | select | Yes | One of 15 rule categories |
| Severity | select | No | Alert severity when triggered |
| Description | textarea | No | What this rule detects |
| Conditions | JSON | Yes | Parameters and thresholds |
| Active | toggle | No | Enable/disable the rule |
Conditions JSON
Each rule type has specific parameters in the conditions JSON field. Examples:
Threshold rule:
json
{
"ruleType": "threshold",
"thresholdAmount": 4500,
"description": "Enhanced scrutiny for large transactions"
}Structuring rule:
json
{
"ruleType": "structuring",
"thresholdAmount": 3000,
"thresholdCount": 5,
"timeWindowHours": 24,
"description": "Classic structuring to avoid CTR reporting"
}Network analysis rule:
json
{
"ruleType": "network_analysis",
"minSenders": 5,
"minTotalAmount": 10000,
"timeWindowHours": 24,
"description": "Multiple senders to single recipient"
}Rule Actions
| Action | Description |
|---|---|
| Edit | Modify rule configuration |
| Toggle | Quick enable/disable |
| View Statistics | Rule performance metrics |
| Delete | Remove rule permanently |
API Endpoints
| Endpoint | Method | Description |
|---|---|---|
/admin/aml/rules | GET | List all rules |
/admin/aml/rules/:ruleId | GET | Get single rule |
/admin/aml/rules | POST | Create rule |
/admin/aml/rules/:ruleId | PUT | Update rule |
/admin/aml/rules/:ruleId/toggle | PUT | Toggle rule status |
Related Documentation
- AML Rules Catalog — Complete reference of all 43 rules
- AML Monitoring — Alert management
- Risk Profiles — Customer risk scoring
- Rules Engine API — API reference