Transaction Monitoring
Evaluate transactions in real-time against configurable AML rules. When a rule triggers, an alert is created for investigation.
Evaluate a Transaction
Submit a transaction for rule evaluation:
- cURL
- Python
curl -X POST https://api.korastratum.com/api/v1/monitoring/evaluate \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID" \
-H "Content-Type: application/json" \
-d '{
"transaction_id": "txn_abc123",
"subject_id": "subj_def456",
"type": "TRANSFER",
"amount": 15000.00,
"currency": "USD",
"direction": "OUTBOUND",
"counterparty": {
"name": "Offshore Holdings Ltd",
"country": "KY"
},
"metadata": {
"channel": "WIRE",
"reference": "INV-2025-001"
}
}'
response = requests.post(
f"{BASE_URL}/monitoring/evaluate",
headers=HEADERS,
json={
"transaction_id": "txn_abc123",
"subject_id": "subj_def456",
"type": "TRANSFER",
"amount": 15000.00,
"currency": "USD",
"direction": "OUTBOUND",
"counterparty": {
"name": "Offshore Holdings Ltd",
"country": "KY",
},
"metadata": {
"channel": "WIRE",
"reference": "INV-2025-001",
},
},
)
result = response.json()
Response:
{
"transaction_id": "txn_abc123",
"risk_score": 620,
"risk_band": "HIGH",
"alerts": [
{
"alert_id": "alt_abc123",
"rule_id": "rule_001",
"rule_name": "High-value outbound to high-risk jurisdiction",
"severity": "HIGH",
"status": "NEW"
}
],
"triggered_rules": [
{
"rule_id": "rule_001",
"name": "High-value outbound to high-risk jurisdiction",
"score_contribution": 400
},
{
"rule_id": "rule_002",
"name": "Counterparty in FATF grey list country",
"score_contribution": 220
}
]
}
Monitoring Rules
Rules define conditions that trigger alerts. Each rule has conditions, a severity, and a score contribution.
List Rules
curl https://api.korastratum.com/api/v1/monitoring/rules \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID"
Create a Rule
curl -X POST https://api.korastratum.com/api/v1/monitoring/rules \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID" \
-H "Content-Type: application/json" \
-d '{
"name": "Large cash transaction",
"description": "Flag cash transactions over $10,000",
"severity": "HIGH",
"score_contribution": 300,
"conditions": [
{
"field": "amount",
"operator": "GREATER_THAN",
"value": "10000"
},
{
"field": "metadata.channel",
"operator": "EQUALS",
"value": "CASH"
}
]
}'
Rule Operators
| Operator | Description | Example |
|---|---|---|
EQUALS | Exact match | amount EQUALS 10000 |
NOT_EQUALS | Not equal | country NOT_EQUALS US |
GREATER_THAN | Greater than | amount GREATER_THAN 10000 |
LESS_THAN | Less than | amount LESS_THAN 100 |
GREATER_EQUAL | Greater than or equal | amount GREATER_EQUAL 5000 |
LESS_EQUAL | Less than or equal | amount LESS_EQUAL 500 |
IN | Value in list | country IN ["IR","KP","SY"] |
NOT_IN | Value not in list | currency NOT_IN ["USD","EUR"] |
CONTAINS | String contains | name CONTAINS "offshore" |
STARTS_WITH | String starts with | reference STARTS_WITH "SUSP" |
BETWEEN | Value in range | amount BETWEEN [5000, 50000] |
Update a Rule
curl -X PUT https://api.korastratum.com/api/v1/monitoring/rules/rule_001 \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID" \
-H "Content-Type: application/json" \
-d '{
"score_contribution": 500,
"conditions": [
{
"field": "amount",
"operator": "GREATER_THAN",
"value": "25000"
}
]
}'
Delete a Rule
curl -X DELETE https://api.korastratum.com/api/v1/monitoring/rules/rule_001 \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID"
Manage Alerts
List Alerts
# List all new alerts
curl "https://api.korastratum.com/api/v1/monitoring/alerts?status=NEW" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID"
# List high-severity alerts
curl "https://api.korastratum.com/api/v1/monitoring/alerts?severity=HIGH" \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID"
Get Alert Details
curl https://api.korastratum.com/api/v1/monitoring/alerts/alt_abc123 \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID"
Dispose an Alert
curl -X PUT https://api.korastratum.com/api/v1/monitoring/alerts/alt_abc123/disposition \
-H "Authorization: Bearer YOUR_API_KEY" \
-H "X-Tenant-ID: YOUR_TENANT_ID" \
-H "Content-Type: application/json" \
-d '{
"disposition": "TRUE_POSITIVE",
"reason": "Suspicious pattern confirmed — filing SAR"
}'
Alert statuses:
| Status | Description |
|---|---|
NEW | Alert just created |
UNDER_REVIEW | Being investigated |
ESCALATED | Escalated to senior reviewer |
CLOSED | Resolved with disposition |
Common Rule Patterns
Structuring Detection
Flag multiple transactions just below reporting thresholds:
{
"name": "Potential structuring",
"description": "Multiple transactions between $8,000-$9,999 within 24 hours",
"severity": "HIGH",
"score_contribution": 500,
"conditions": [
{"field": "amount", "operator": "BETWEEN", "value": "[8000, 9999]"},
{"field": "metadata.velocity_24h", "operator": "GREATER_THAN", "value": "3"}
]
}
High-Risk Jurisdiction
Flag transactions to sanctioned or high-risk countries:
{
"name": "High-risk jurisdiction transfer",
"severity": "CRITICAL",
"score_contribution": 600,
"conditions": [
{"field": "counterparty.country", "operator": "IN", "value": "[\"IR\",\"KP\",\"SY\",\"CU\"]"},
{"field": "direction", "operator": "EQUALS", "value": "OUTBOUND"}
]
}
Unusual Amount
Flag transactions significantly above the customer's normal pattern:
{
"name": "Unusual transaction amount",
"severity": "MEDIUM",
"score_contribution": 200,
"conditions": [
{"field": "amount", "operator": "GREATER_THAN", "value": "50000"},
{"field": "type", "operator": "IN", "value": "[\"TRANSFER\",\"WITHDRAWAL\"]"}
]
}