Risk Scoring

Kora Compliance calculates a composite risk score from 0 to 1000 based on watchlist matches, country risk, subject profile, and configurable risk factors.

Risk Bands

Band	Score Range	Typical Decision
`LOW`	0–250	APPROVE
`MEDIUM`	251–500	APPROVE_WITH_MONITORING
`HIGH`	501–750	REVIEW_REQUIRED
`CRITICAL`	751–1000	BLOCK

Risk bands are configurable per tenant via the Risk Bands API.

How Scores Are Calculated

The risk engine evaluates multiple risk categories and combines them into a weighted composite score.

Risk Categories

Category	Code	Description
Screening Results	`SCREENING`	Watchlist match results (sanctions, PEP, adverse media)
Country Risk	`COUNTRY`	Jurisdiction-based risk (FATF lists, sanctions programs)
Customer Type	`CUSTOMER_TYPE`	Individual vs business entity
Product Risk	`PRODUCT`	Product/service type risk
Channel Risk	`CHANNEL`	Delivery channel (wire, cash, digital)
Transaction	`TRANSACTION`	Transaction characteristics
Behavior	`BEHAVIOR`	Behavioral patterns
Velocity	`VELOCITY`	Transaction frequency and velocity
Industry	`INDUSTRY`	Industry/sector classification
ML Prediction	`ML_PREDICTION`	Machine learning model predictions

Scoring Process

Match scoring — Each watchlist match contributes based on match strength and source type
Factor evaluation — Risk rules are evaluated against the subject and transaction data
Weighted aggregation — Each factor's score is weighted and summed
Band classification — The composite score maps to a risk band

Match Score Contribution

Match Type	Strength	Typical Score Contribution
Sanctions	EXACT	800–1000
Sanctions	STRONG	600–800
Sanctions	POSSIBLE	300–500
PEP	EXACT	600–800
PEP	STRONG	400–600
PEP	POSSIBLE	200–400
Adverse Media	STRONG	200–400
Adverse Media	POSSIBLE	100–200

Country Risk Factors

Countries are flagged based on international risk lists:

Flag	Description	Score Impact
FATF Black List	Countries with strategic AML deficiencies	+300–500
FATF Grey List	Countries under increased monitoring	+150–300
EU High-Risk List	EU's list of high-risk third countries	+150–250
Sanctions Program	Country under comprehensive sanctions	+400–600

Risk Factor Configuration

Each risk factor has a code, weight, and score contribution:

{
  "code": "SANCTIONS_MATCH",
  "name": "Sanctions List Match",
  "category": "SCREENING",
  "weight": 0.8,
  "is_active": true,
  "metadata": {
    "min_match_score": 0.75
  }
}

View Risk Factors

curl https://api.korastratum.com/api/v1/risk-factors \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID"

Update Risk Factors

Adjust weights and activation to match your risk appetite:

curl -X PUT https://api.korastratum.com/api/v1/risk-factors \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "factors": [
      {
        "code": "SANCTIONS_MATCH",
        "weight": 0.9,
        "is_active": true
      },
      {
        "code": "PEP",
        "weight": 0.7,
        "is_active": true
      },
      {
        "code": "HIGH_RISK_COUNTRY",
        "weight": 0.5,
        "is_active": true
      }
    ]
  }'

Configure Risk Bands

Customize the score thresholds for each risk band:

View Current Bands

curl https://api.korastratum.com/api/v1/risk-bands \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID"

Update Band Thresholds

curl -X PUT https://api.korastratum.com/api/v1/risk-bands \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "bands": [
      {"level": "LOW", "min_score": 0, "max_score": 200},
      {"level": "MEDIUM", "min_score": 201, "max_score": 450},
      {"level": "HIGH", "min_score": 451, "max_score": 700},
      {"level": "CRITICAL", "min_score": 701, "max_score": 1000}
    ]
  }'

Decision Rules

Risk bands map to automated decisions by default, but you can configure custom rulesets:

View Rulesets

curl https://api.korastratum.com/api/v1/rulesets \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID"

Create a Custom Ruleset

curl -X POST https://api.korastratum.com/api/v1/rulesets \
  -H "Authorization: Bearer YOUR_API_KEY" \
  -H "X-Tenant-ID: YOUR_TENANT_ID" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "High-risk jurisdiction override",
    "description": "Block all subjects from sanctioned countries regardless of score",
    "rules": [
      {
        "field": "subject.country",
        "operator": "IN",
        "value": ["IR", "KP", "SY", "CU"],
        "decision": "BLOCK",
        "score_contribution": 800,
        "priority": 1
      }
    ]
  }'

Example Scoring Breakdown

For a screening result with a sanctions match:

{
  "risk_score": 750,
  "risk_band": "HIGH",
  "risk_factors": [
    {
      "factor": "SANCTIONS_MATCH",
      "category": "SCREENING",
      "weight": 0.8,
      "score": 800,
      "description": "Strong match on OFAC SDN list (score: 0.94)"
    },
    {
      "factor": "HIGH_RISK_COUNTRY",
      "category": "COUNTRY",
      "weight": 0.5,
      "score": 300,
      "description": "Subject country (IR) on FATF black list"
    },
    {
      "factor": "ENTITY_TYPE",
      "category": "CUSTOMER_TYPE",
      "weight": 0.2,
      "score": 100,
      "description": "Entity type carries higher base risk than individual"
    }
  ]
}

Composite calculation: (800 × 0.8) + (300 × 0.5) + (100 × 0.2) = 640 + 150 + 20 = 810 → normalized to risk band CRITICAL.

Risk Bands​

How Scores Are Calculated​

Risk Categories​

Scoring Process​

Match Score Contribution​

Country Risk Factors​

Risk Factor Configuration​

View Risk Factors​

Update Risk Factors​

Configure Risk Bands​

View Current Bands​

Update Band Thresholds​

Decision Rules​

View Rulesets​

Create a Custom Ruleset​

Example Scoring Breakdown​