1. Technical Scenario Descriptions
  2. How to Read the Technical Scenario Descriptions
  3. Technical Scenario Description Components

2.1 Technical Scenario Description Components

For client-created scenarios, filters, risk indicators, and thresholds can be adjusted at any time using the Pipeline Designer. To adjust out of the box scenarios, you must first copy the scenario, then configure the copied scenario.

The technical scenario description components are as follows:
  • Scenario Name
  • Data of Interest
  • Filters
  • Risk Indicators
  • Thresholds

Scenario Name

This section provides the scenario name as it displays in the user interface (UI). This is typically the scenario’s abbreviated name. This section defines the behavior that the scenario is designed to detect, and explains how this behavior pertains to a specific entity type.

Data of Interest

This section lists the types of information used by the scenario for event generation or display. Essentially, this is the data that the system uses to detect unusual or suspicious behavior.

Filters

This section lists any applicable inclusions and exclusions for the scenario, such as the focus and the exclusionary parameters. Filters represent pre-set values defined for various data points within the Data of Interest. Filters cross threshold sets and are applied equally to filter the data of interest.

Risk Indicators

Risk Indicator widget is used to configure various behavioral based risk factors for different entity types (In case of KYC it is primarily customer focused). Users can configure various risk factors using a variety of transaction types say cash transactions, wire transfers, online payments, card payments etc. This widget allows users to configure risk factors using a variety of normal operators, aggregate functions, and custom expressions.

Thresholds

This section contains tables with the tunable thresholds that are built into the scenario. Applicability of Thresholds is specified in the Focus column in the threshold table.

The following terms are used as column headers in these tables:
  • Threshold Name: This shows the threshold name that displays in the Threshold Editor in the UI.
  • Description: This provides an explanation of the threshold.
  • Focus: When applicable, this column defines the focus to which the threshold applies.
  • Frequency Period: This is the default frequency of the detection process and it is indicated in days. Typically, the frequency period is tunable. If the frequency period should be restricted, minimum and maximum values are provided.

    In general, the frequency period is used to avoid generating duplicate alerts for the same focal entity from the same scenario. Between the detection process runs on a scenario, new business data records are ingested, and then covered by the next detection process run to generate a new alert. To avoid duplicate alerts across scenario runs, a new alert must have at least one transaction which has occurred within the Frequency Period and which has contributed to the alert being generated. You can set how frequently a scenario is run through the Scheduler Service. For more information about how to schedule and run scenarios, see Using Scheduler Service.

  • Lookback Period: This is the default timespan of data monitored in each run of the detection process. In general, the Lookback Period is tunable. In cases when the Lookback Period must be restricted, the minimum and maximum values are provided. It is possible that the Frequency Period may be less than the Lookback Period.

    For example, if the Lookback Period was seven days, the scenario would lookback at the last seven days’ worth of data (including the current day), and run its detection process on that data.