Knogin
[Developers]

Monitor Creation and Configuration

A financial intelligence analyst needs a new transaction monitoring rule to catch a layering pattern that has appeared in three recent SAR filings. Writing the rule as a raw query requires technical database knowledge th

Back to All Modules
Category: CollaborationLast Updated: Feb 5, 2026
collaborationaireal-timecomplianceblockchain

Overview#

A financial intelligence analyst needs a new transaction monitoring rule to catch a layering pattern that has appeared in three recent SAR filings. Writing the rule as a raw query requires technical database knowledge the analyst does not have. Waiting for a technical team to build it might take a week. With natural language monitor creation, the analyst describes the pattern in plain English, reviews the generated rule, refines it through a short dialogue, and submits it for governance review, all within the same working session.

For analysts who do need granular control, the visual query builder provides full Boolean logic, nested conditions, and a comprehensive field library covering entities, transactions, networks, and risk indicators. Both paths produce the same validated, governance-ready monitor.

Open Standards#

  • GraphQL (June 2018 specification): All monitor creation, retrieval, and update operations are exposed through a GraphQL API, with typed mutations and queries matching the monitor domain contract.
  • FATF 40 Recommendations: The built-in monitoring pattern library directly encodes FATF typologies including structuring, layering, smurfing, terrorist financing indicators, and PEP exposure detection as first-class rule templates.
  • OFAC SDN / UN Security Council Consolidated List: Sanctions and watchlist monitors screen against the OFAC Specially Designated Nationals list and the UN Consolidated Sanctions List, ingested in their published formats.
  • FollowTheMoney (OpenSanctions FtM) data model: Watchlist entity data consumed by sanctions monitors is normalised into the open FollowTheMoney schema, preserving source attribution, SWIFT BIC, and LEI identifiers across jurisdictions.
  • ISO 8601: All monitor schedule timestamps, next-run calculations, and audit timestamps are represented and parsed as ISO 8601 date-time strings.
  • Cron expression syntax (POSIX / Vixie cron): Monitor execution cadence is configured via standard five- or six-part cron expressions, enabling schedules from real-time streaming to daily batch runs.
  • BCP 47 / IETF language tags: Natural language monitor creation supports rule authoring in multiple languages identified by BCP 47 locale codes (en, es, fr, de, ar, zh), enabling jurisdiction-appropriate compliance terminology parsing.
  • RFC 4122 (UUID version 4): Every monitor, monitor execution run, and generated proposal is assigned a globally unique RFC 4122 version 4 identifier for traceability across the governance workflow.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Key Features#

Natural Language Monitor Creation#

  • Plain English descriptions transformed into optimised monitoring rules through AI-powered processing
  • Intent classification automatically categorises requests into monitoring pattern types
  • Context-aware parsing understands compliance terminology and jurisdiction-specific requirements
  • Safety analysis detects prompt injection, excessive scope, and PII exposure risks before rule generation
  • Multi-iteration refinement through interactive dialogue clarifies ambiguities before deployment
  • Multi-language support covering English, Spanish, French, German, Mandarin, and Arabic

Visual Query Builder#

  • Drag-and-drop configuration of monitoring logic with real-time validation and syntax checking
  • Boolean operators with nested condition grouping for building precise detection rules
  • Pre-defined fields spanning entities, transactions, networks, and risk indicators
  • Comparison operators and built-in functions for date arithmetic, aggregations, geo-distance, and risk scoring
  • Save and share query templates across the organisation with version control

Monitoring Pattern Library#

  • Transaction Monitoring: Detect structuring, split deposits, sudden volume increases, and threshold-based alerts
  • Entity Behaviour Analysis: Identify dormant account reactivation, off-hours activity, rapid new account transfers, and fund consolidation patterns
  • Network Pattern Detection: Monitor circular money flow, tightly-connected transaction groups, layering, and hub-and-spoke patterns
  • Sanctions and Watchlist Monitoring: Screen against OFAC SDN lists, detect evasion through neighbouring countries, identify PEP exposure, and flag high-risk correspondent banking
  • Compliance Scenario Monitoring: Track trade-based money laundering, smurfing, terrorist financing indicators, and elder financial abuse

Threshold and Schedule Configuration#

  • Adaptive thresholds adjust to entity behaviour baselines automatically over time
  • Configurable execution schedules from real-time streaming to daily batch processing
  • Multi-dimensional filtering across amount, geography, entity type, risk score, and time window
  • Historical backtesting validates monitor performance against past data before production deployment

Monitor Testing and Validation#

  • Sandbox testing environment validates monitor behaviour before production deployment
  • Historical data replay simulates monitor execution against past activity
  • Performance estimation projects execution time and resource consumption
  • Alert volume projection ensures operational readiness before submission to governance review

Use Cases#

Rapid Compliance Response#

When new regulatory guidance or emerging threat patterns require updated monitoring, compliance officers describe the requirement in natural language and submit a validated monitor for governance review within minutes.

Tailored Surveillance Programs#

Financial intelligence analysts use the visual query builder to construct precise monitoring rules reflecting their organisation's unique risk profile, customer base, and product mix.

Cross-Border Transaction Monitoring#

Compliance teams configure monitors combining multiple data sources including blockchain intelligence, sanctions lists, and geographic risk databases to detect complex cross-border patterns.

Behavioural Anomaly Detection#

Risk managers deploy monitors that establish behavioural baselines for entities and alert on deviations such as sudden changes in transaction patterns or dormant account reactivation.

Ongoing Monitor Optimisation#

Using backtesting and performance estimation, compliance teams continuously refine monitor thresholds and filters to improve detection rates while reducing false positives.

Integration#

  • Approval Workflow: Created monitors automatically enter the governance and approval process before deployment
  • Alert System: Monitors generate alerts that feed into the alert management and triage pipeline
  • Analytics Engine: Monitor performance data drives continuous optimisation and effectiveness reporting
  • Investigation Platform: Alerts from monitors link directly to investigation workflows and case management
  • Blockchain Intelligence: Monitors query blockchain data sources for cryptocurrency transaction surveillance

Ready to Build?

Get started with our APIs or contact our integration team for support.