Case #2

In Case #2, a match should be generated if the aggregate activity that an entity performs meets or exceeds specified parameters. For example, identify cases in which an account performs two or more (configurable) cash deposits in a two-day period that are each below $3,000 (configurable) and collectively sum to at least this amount.

We recommend that you create a dataset that retrieves cash transactions over the lookback period, filtering out those that are above the size limit. Implement the detection pattern as a two-row rule pattern, as shown below:

• Primary Rule: Use the dataset described above, and apply focus clustering. No constraints are required— consider all of the records from the dataset. Create aggregate bindings for:

  TOT_TRANS_AM = sum(TRXN_AM)

  TOT_TRANS_CT = count()

• Checkpoint: Test the aggregate bindings against the scenario thresholds:

  TOT_TRANS_AM > or < or >= or <= @MIN_TRANS_AM && TOT_TRANS_CT > or < or >= or <= @MIN_TRANS_CT