8 Configuring Correlation

This section describes the concept and usage of correlation.

After the event data is loaded from OBD, OKYC, OCS, OTBAML, OSTDO, or third-party applications into ECM, you can correlate event to business entities and event to event based on business entities using configurable rule sets. This functionality is performed by the Event Correlation process. The group of events is identified for correlation-based on business entries in an application (BD, KYC, CS, TBAML, OSTDO or Third-party).

Correlation can be performed for both manual events and real-time events.

Using Business Entity Paths

The following two tables are used for configuring business entity paths:
  1. Correlation Business Path
  2. Correlation Business Entity Configuration

Correlation Business Path

The business entity paths are managed through manual interaction with the FCC_CORR_BUS_ENTI- TY_PATH table in the ECM. This table is populated with a comprehensive set of sample data paths. The following information assists in modifying the path of adding to it. The structure of the table is as follows:

Table 8-1 FCC_CORR_BUS_ENTITY_PATH (Metadata Table)

Column Name Primary Key Column Type Nullable
N_BUS_ENTITY_PATH_SKEY Y NUMBER(10) No
D_MIS_DATE
V_BUSINESS_ENTITY_PATH_NAME VARCHAR2(50) No
V_QUERY_DEFINITION_NAME VARCHAR2(50) Yes
N_BUSINESS_ENTITY_ID NUMBER(10) Yes
_FOCUS_ID NUMBER(10) Yes
V_ENTITY_TYPE VARCHAR2(50) Yes
V_QUERY_DEFINITION_NAME VARCHAR2(50) Yes
N_QUERY_DEFINITION_SKEY NUMBER(10) Yes
To correlate events to business entities, follow these steps:
  1. Define paths using the above table to perform the Event Correlation algorithm.
  2. Define whether the origin of the path should be the focus of an event or a matched record, by populating either.
  3. Establish either populating the _FOCUS_ID column (indicating that the origin should be the focus of the event), or the V_QUERY_DEFINITION_NAME column (indicating that the origin should be a matched record of the event).
  4. The destination of the path (the business entity you are trying to correlate to by executing this path) is defined by the N_BUSINESS_ENTITY_ID column.

Correlation Business Entity Configuration

Table 8-2 FCC_CORRELATION_BUS_ENTITY_CFG (Metadata Table)

Column Name Primary Key Column Type Nullable
N_BUS_ENTITY_PATH_CFG_SKEY * NUMBER(10) No
N_BUS_ENTITY_PATH_SKEY NUMBER(10) No
N_SCENARIO_MASTER_SKEY NUMBER(10) Yes
V_SCENARIO_CLASS_CD VARCHAR2(3) Yes
N_PATH_PRECEDENCE NUMBER(10) Yes
V_EVENT_TYPE VARCHAR2(3)
To configure the Business Entity path, follow these steps:
  1. Select to apply the path identified by the N_BUS_ENTITY_PATH_CFG_SKEY in this table for a certain scenario or scenario group.
  2. Populate the N_SCENARIO_MASTER_SKEY or the V_SCENARIO_CLASS_CD column to establish respectively.

    Note:

    If neither of these columns is populated, this path configuration is considered for the case of any scenario or scenario group. The “importance” or “strength” of a correlation determined by this path can vary depending on the scenario or scenario group of the case.

This is defined by the N_PATH_PRECEDENCE (the lower the number, the higher the precedence). A NULL N_PATH_PRECEDENCE indicates not to apply this N_BUS_ENTITY_PATH_CFG_SKEY to any cases of this SCNRO_ID or V_SCENARIO_CLASS_CD.

By default, For N_BUS_ENTITY_PATH_SKEY = 1004, if N_SCENARIO_MASTER_SKEY and V_SCENARIO_CLASS_CD is NULL and N_PATH_PRECEDENCE = 10 then the PATH_SKEY = 1004 will be considered for execution for all the scenario class except the below mentioned cases.

  • For N_BUS_ENTITY_PATH_SKEY = 1004, if N_SCENARIO_MASTER_SKEY is NULL and V_SCENARIO_CLASS_CD = ‘FR’ and N_PATH_PRECEDENCE = 15 then the PATH_SKEY = 1004 will be executed for ‘FR’ related scenarios
  • For N_BUS_ENTITY_PATH_SKEY = 1004, if N_SCENARIO_MASTER_SKEY = ‘114697025’ and V_SCENARIO_CLASS_CD is NULL and N_PATH_PRECEDENCE is NULL then the PATH_SKEY = 1004 will not be considered for execution
  • For N_BUS_ENTITY_PATH_SKEY = 1004, if N_SCENARIO_MASTER_SKEY = ‘114697025’ and V_SCENARIO_CLASS_CD = ‘ML’ and N_PATH_PRECEDENCE is NULL then the PATH_SKEY = 1004 will not be considered for execution.
  • For N_BUS_ENTITY_PATH_SKEY = 1004, if N_SCENARIO_MASTER_SKEY = ‘114697025’ and V_SCENARIO_CLASS_CD = ‘IML’ and N_PATH_PRECEDENCE = 13 then the PATH_SKEY = 1004 will be considered for execution only for the above mentioned ‘114697025’ and ‘IML’.

Executing Correlation Rules

You can execute the correlation using two methods - Using the Run Rule Framework and Performing Jobs.

You can run a correlation using the Run Rule Framework.

Performing Jobs

If the correlation execution fails from the Run Rule Framework, then execute it using the following steps:

Note:

Run the Event Correlation process to execute only those correlation rules that are designated as Active. Rules that are designated as Inactive is ignored and not executed.
  1. Navigate to $FIC_HOME/ficdb/bin/ficdb/bin.
  2. Execute the following script: 
    ./correlation.sh ECMINFO_1509116374374_20091226_1 a b 20091226 c ECMINFO_1509116374374_20091226_1 is V_BATCH_RUN_ID from FCC_BATCH_RUN D_MIS_DATE is the date from FCC_BATCH_RUN

Sample Correlation Rules

OFS ECM delivers the following four sample correlation rules:

  • KYC Correlation: KYC Groups events created in the past month based on a common correlated business entity. KYC Groups events created in the past seven days that are generated on one or more specified scenarios where the events share a common correlated business entity. Specified scenarios are those scenarios that identify behaviors that, in isolation or when considered as a whole, can be indicative of identity theft.
  • TBAML Correlation: TBAML Groups events created in the past month based on a common correlatedbusiness entity. TBAML Groups events created in the past seven days that are generated on one or more specified scenarios where the events share a common correlated business entity. Specified scenarios are those scenarios that identify behaviors that, in isolation or when considered as a whole, can be indicative of identity theft.
  • AML Correlation: AML Groups events created in the past month based on a common correlated businessentity. AML Groups events created in the past seven days that are generated on one or more specified scenarios where the events share a common correlated business entity. Specified scenarios are those scenarios that identify behaviors that, in isolation or when considered as a whole, can be indicative of identity theft.
  • Customer Screening Correlation: CS Groups events created in the past month based on a commoncorrelated business entity. CS Groups events created in the past seven days that are generated on one or more specified scenarios where the events share a common correlated business entity. Specified scenarios are those scenarios that identify behaviors that, in isolation or when considered as a whole, can be indicative of identity theft.
  • Third-party: Third-party Groups events created in the past month based on a common correlatedbusiness entity. Third-party Groups events created in the past seven days that are generated on one or more specified scenarios where the events share a common correlated business entity. Specified scenarios are those scenarios that identify behaviors that, in isolation or when considered as a whole, can be indicative of identity theft.