Setting custom anomaly detection thresholds

Defines the acceptable range of variation between transaction amounts. With 5%, transactions within this percentage of each other are flagged as similar.

For example, a $100 transaction would match with transactions between $95 - $105.

The period in which the system looks for similar transactions. This creates a rolling 30-minute window where patterns are analyzed. Any similar transactions that occur within this timeframe are grouped together for analysis.

The number of similar transactions needed to trigger an alert. At least three transactions meeting the amount and time criteria must occur before the system flags suspicious activity.

The degree to which transactions must match across various characteristics to be considered similar. At 70%, transactions must share a significant number of attributes, such as transaction type or location, but don’t need to be identical.

The percentage of a deposit that, if withdrawn quickly, triggers an alert. For example, with a 70% setting, withdrawing $700 or more from a fresh$1,000 deposit would be flagged as suspicious.

The threshold amount that activates monitoring. Only deposits equal to or larger than $1,000 will be tracked for immediate withdrawal patterns. Smaller transactions are excluded from this check.

The monitoring period after a deposit. This creates a 5-minute window during which quick withdrawals are scrutinized. The system watches for withdrawal attempts during this short period after the qualifying deposit.

The waiting period enforced after flagging suspicious activity. Once an alert is triggered, the system continues enhanced monitoring for 24 hours to prevent repeated attempts at suspicious withdrawal patterns.

The maximum percentage of funds that can be distributed to multiple accounts in a short time. For example, if $1,000 is received, distributing more than$800 across multiple accounts would trigger an alert.

The maximum number of times funds can be received from the same source within the monitoring window. This helps identify unusual patterns of repeated deposits from a single origin.

Similar to source frequency, this limits how many times funds can be sent to the same destination. This helps catch potential money laundering patterns where funds are being funneled to specific accounts.

Only transaction amounts of 100 or more are monitored for these patterns. This threshold helps focus on meaningful transactions while ignoring small, routine transfers.

The number of different entities involved in the transaction chain that triggers monitoring. With a setting of 1, the system tracks patterns involving even a single counterparty.

The minimum number of separate transfers needed to trigger the fan-out detection. At least 5 different transfers must occur within the time window to be considered a potential fan-out pattern.

The time period during which the system monitors for fan-out patterns. All relevant transfers must occur within this 60-minute window to trigger an alert.

The number of days an account must be inactive before being flagged as dormant.

The threshold balance that triggers dormancy monitoring. Only accounts holding $100 or more are tracked for dormancy.

A customizable list of words or phrases that may indicate suspicious activity. You can add specific terms relevant to your business that, when detected in transaction descriptions or messages, should trigger additional scrutiny.

The number of keyword matches required to trigger an alert. With this set to 1, even a single occurrence of a suspicious word or phrase will flag the transaction for review.

This tells the system how far back to check for unusual trends. This helps establish what’s “normal” for each customer.

This defines the minimum number of transactions needed before we can determine what is unusual.

It determines how far a transaction amount can deviate from the typical pattern before being flagged as unusual. For example, if a customer typically transfers $1,000, and the deviation multiple is set to 3, transactions over$3,000 might trigger an alert.

This only flags transactions above this amount. It helps to ignore small everyday transactions.

These countries require the most stringent monitoring and may have specific transaction restrictions. Transactions involving these countries automatically trigger an anomaly and enhanced due diligence protocols.

A secondary tier for countries that present significant but not extreme risk levels. These countries require elevated monitoring but may have less stringent controls than the highest risk category. The platform allows adding countries that warrant careful attention but don’t need the most intensive scrutiny.

The lowest tier of the risk-based system, used for countries that require monitoring above standard levels but don’t present major concerns. This creates a graduated approach to risk management.

The minimum risk level that triggers enhanced monitoring for individual PEPs. When an individual’s calculated risk score exceeds 70%, they receive additional scrutiny. This score is typically based on factors like their political position, transaction patterns, and connection to high-risk activities.

The minimum percentage of ownership or control by PEPs that triggers organizational screening. If PEPs own or control 25% or more of an organization, that entity receives enhanced monitoring. This helps identify organizations that might be used as vehicles for moving funds on behalf of politically exposed persons.