Overview#
A financial intelligence analyst needs a new transaction monitoring rule to catch a layering pattern that has appeared in three recent SAR filings. Writing the rule as a raw query requires technical database knowledge the analyst does not have. Waiting for a technical team to build it might take a week. With natural language monitor creation, the analyst describes the pattern in plain English, reviews the generated rule, refines it through a short dialogue, and submits it for governance review, all within the same working session.
For analysts who do need granular control, the visual query builder provides full Boolean logic, nested conditions, and a comprehensive field library covering entities, transactions, networks, and risk indicators. Both paths produce the same validated, governance-ready monitor.
Diagram
flowchart TD
A{Creation method chosen} -->|Natural language| B[Analyst describes monitoring requirement in plain English]
A -->|Visual builder| C[Drag-and-drop Boolean condition builder]
A -->|Template| D[Pre-configured template selected from library]
B --> E[AI intent classification and compliance terminology parsing]
E --> F[Safety analysis: prompt injection / excessive scope / PII risk]
F -->|Issues found| G[Clarification requested from analyst]
F -->|Clean| H[Rule generated and presented for review]
G --> B
C --> H
D --> H
H --> I[Analyst reviews and refines rule]
I --> J[Sandbox test against historical data]
J --> K[Alert volume projection calculated]
K --> L{Performance acceptable?}
L -->|Yes| M[Monitor submitted to approval workflow]
L -->|No - too many false positives| N[Threshold adjustment recommended]
N --> I
M --> O[Monitor enters governance review process]Last Reviewed: 2026-02-05 Last Updated: 2026-04-14
Key Features#
Natural Language Monitor Creation#
- Plain English descriptions transformed into optimised monitoring rules through AI-powered processing
- Intent classification automatically categorises requests into monitoring pattern types
- Context-aware parsing understands compliance terminology and jurisdiction-specific requirements
- Safety analysis detects prompt injection, excessive scope, and PII exposure risks before rule generation
- Multi-iteration refinement through interactive dialogue clarifies ambiguities before deployment
- Multi-language support covering English, Spanish, French, German, Mandarin, and Arabic
Visual Query Builder#
- Drag-and-drop configuration of monitoring logic with real-time validation and syntax checking
- Boolean operators with nested condition grouping for building precise detection rules
- Pre-defined fields spanning entities, transactions, networks, and risk indicators
- Comparison operators and built-in functions for date arithmetic, aggregations, geo-distance, and risk scoring
- Save and share query templates across the organisation with version control
Monitoring Pattern Library#
- Transaction Monitoring: Detect structuring, split deposits, sudden volume increases, and threshold-based alerts
- Entity Behaviour Analysis: Identify dormant account reactivation, off-hours activity, rapid new account transfers, and fund consolidation patterns
- Network Pattern Detection: Monitor circular money flow, tightly-connected transaction groups, layering, and hub-and-spoke patterns
- Sanctions and Watchlist Monitoring: Screen against OFAC SDN lists, detect evasion through neighbouring countries, identify PEP exposure, and flag high-risk correspondent banking
- Compliance Scenario Monitoring: Track trade-based money laundering, smurfing, terrorist financing indicators, and elder financial abuse
Threshold and Schedule Configuration#
- Adaptive thresholds adjust to entity behaviour baselines automatically over time
- Configurable execution schedules from real-time streaming to daily batch processing
- Multi-dimensional filtering across amount, geography, entity type, risk score, and time window
- Historical backtesting validates monitor performance against past data before production deployment
Monitor Testing and Validation#
- Sandbox testing environment validates monitor behaviour before production deployment
- Historical data replay simulates monitor execution against past activity
- Performance estimation projects execution time and resource consumption
- Alert volume projection ensures operational readiness before submission to governance review
Use Cases#
Rapid Compliance Response#
When new regulatory guidance or emerging threat patterns require updated monitoring, compliance officers describe the requirement in natural language and submit a validated monitor for governance review within minutes.
Tailored Surveillance Programs#
Financial intelligence analysts use the visual query builder to construct precise monitoring rules reflecting their organisation's unique risk profile, customer base, and product mix.
Cross-Border Transaction Monitoring#
Compliance teams configure monitors combining multiple data sources including blockchain intelligence, sanctions lists, and geographic risk databases to detect complex cross-border patterns.
Behavioral Anomaly Detection#
Risk managers deploy monitors that establish behavioural baselines for entities and alert on deviations such as sudden changes in transaction patterns or dormant account reactivation.
Ongoing Monitor Optimisation#
Using backtesting and performance estimation, compliance teams continuously refine monitor thresholds and filters to improve detection rates while reducing false positives.
Integration#
- Approval Workflow: Created monitors automatically enter the governance and approval process before deployment
- Alert System: Monitors generate alerts that feed into the alert management and triage pipeline
- Analytics Engine: Monitor performance data drives continuous optimisation and effectiveness reporting
- Investigation Platform: Alerts from monitors link directly to investigation workflows and case management
- Blockchain Intelligence: Monitors query blockchain data sources for cryptocurrency transaction surveillance