Financial crime analytical systems have rules, rule types, rule categories so what are these? And when do you use one and not the other? Let’s learn about them.

Rule categories are broad classifications that group similar types of rules together based on common characteristics or objectives. They serve as a way to organize and structure rules that address similar issues or behaviours. For example, in a banking context, rule categories could include “Fraud Detection,” “AML Compliance,” or “Transaction Monitoring.” These categories represent general areas where rules are applied to monitor or control certain behaviours.

Rule types, on the other hand, are more specific definitions of the nature or logic behind a rule within a given category. For instance, within the “Fraud Detection” category, rule types could include “Transaction Velocity” (detecting rapid transactions) or “Geolocation Mismatch” (detecting transactions from unexpected locations). Rule types describe the kind of logic or method used to detect specific patterns of behaviour.

Rules themselves are the individual instructions or conditions that dictate the behaviour being monitored or actions taken when certain criteria are met. A rule might state that any cash deposit over a certain amount triggers a review, or that transactions originating from a particular jurisdiction must be flagged. These rules are the most detailed level, where specific conditions are set and monitored.

Summary:

• Rule Categories: Broad groups of similar rules (e.g., Transaction Monitoring, AML Compliance).
• Rule Types: Specific methods or logic within a category (e.g., Transaction Velocity, Geolocation Mismatch).
• Rules: The specific conditions and actions applied (e.g., flagging a transaction over $10,000).

The difference lies in the level of specificity: categories group rules, types define how the rules operate, and rules set the actual conditions.

I have covered about Rules and rule types in other articles so here, lets learn about rule categories in detail.

So firstly, how to come up with these financial crime rule categories?

When a financial institution develops rule categories, several factors come into play. The categories are typically based on a combination of elements, including the bank’s products, the type of customers it serves, the risk profile of its business operations, regulatory requirements, and external factors like industry trends and global AML risks. For example, a financial institution operating with agricultural products might have more AML rule categories in Cash-Intensive Farming Operations or Unusual Agricultural Subsidy Transactions or High-Value Equipment Purchases and Sales than a Bank operating more for city-based demographics.

Saying that lets understand a few AML rule categories.

• 30/60/90/360-Day Review:
  Periodic review of accounts within a 30/60/90/360-day window to identify suspicious or unusual activity that may indicate money laundering or fraud.
• Unusual Cash and Wire Activity:
  Monitoring for cash and wire transfers that deviate from the customer’s normal behaviour, such as large transfers to high-risk jurisdictions.
• Excessive Cash for Personal Account:
  Monitoring personal accounts that exhibit unusually high volumes of cash deposits, possibly indicative of illicit income.
• Unusual Account Activity:

          General category for any account behaviour that significantly deviates from established patterns, raising suspicions of illicit activity.

• Check Fraud: (Check fraud rules are phasing out but used to have high fraud detection rates in the past)
  Fraud involving the unauthorized alteration or forgery of checks to divert funds.
• Concealment of Funds:
  Activities aimed at hiding the source, ownership, or destination of illegally obtained funds.
• Identity Theft:
  The unauthorized use of another person’s identity to open accounts, conduct transactions, or defraud the bank.
• Unusual Cash Activity:
  Monitoring cash deposits and withdrawals that deviate from established patterns or exceed typical thresholds.
• Unusual Wire Activity:
  Alerts triggered by wire transfers that deviate from typical customer behaviour or involve high-risk jurisdictions.
• Account Takeover:

          Detecting unauthorized access or use of a customer’s account, often linked to phishing or other forms of cybercrime.

• Virtual Currency Transfers:

          Detecting transactions involving cryptocurrencies, especially in jurisdictions where regulatory oversight is minimal.

• Rapid Movement of Funds:

          Alerts triggered by quick transfers of funds between multiple accounts, a tactic often used to obscure money trails.

Conclusion:

Rule categories offer a comprehensive approach to building financial crime rules in a financial institution, covering a wide range of illicit activities across its risk tolerance level. Categories may also be used to start building up rules and naming the rules as per its category thus forming an important block in Transaction monitoring and Fraud rules engine systems.