mova-aml-triage
> **Contract Skill** — A ready-to-use MOVA HITL workflow. Requires the `openclaw-mova` plugin.
# MOVA AML Alert Triage
Submit a transaction monitoring alert to MOVA for automated L1 triage — with typology matching, sanctions screening, and a human compliance decision gate backed by a tamper-proof audit trail.
## What it does
1. **AI triage** — checks sanctions lists (OFAC/EU/UN), PEP status, transaction burst patterns, customer risk rating, prior alert history, and typology matching (structuring, layering, smurfing, etc.)
2. **Risk snapshot** — surfaces anomaly flags and triage recommendation
3. **Human decision gate** — compliance analyst chooses: clear / escalate to L2 / immediate escalate
4. **Audit receipt** — every decision is signed, timestamped, and stored in an immutable compact journal
**Mandatory escalation rules enforced by policy:**
- Risk score > 85 → mandatory human escalation
- Sanctions hit → immediate escalation, no exceptions
- PEP flag → mandatory L2 escalation
## Requirements
**Plugin:** MOVA OpenClaw plugin must be installed in your OpenClaw workspace.
**Data flows:**
- Alert data + customer ID + transactions → `api.mova-lab.eu` (MOVA platform, EU-hosted)
- Customer data → sanctions screening (OFAC, EU, UN — read-only, no data stored)
- Customer ID → risk rating and prior alert history (read-only)
- Audit journal → MOVA R2 storage, cryptographically signed
- No data is sent to third parties beyond the above
## Quick start
Say "triage AML alert ALERT-1002" and provide the alert details:
```
https://raw.githubusercontent.com/mova-compact/mova-bridge/main/test_aml_ALERT-1002.png
```
## Demo
**Step 1 — Alert submitted: TM-STRUCT-11, risk 91, RISK HIGH flag**
**Step 2 — AI analysis: structuring typology matched, risk 91/100, escalate_l2 decision**
**Step 3 — Audit receipt + compact journal with full compliance event chain**
## Why contract execution matters
- **Escalation rules are policy, not prompts** — risk_score > 85 and sanctions hits trigger mandatory gates that cannot be bypassed
- **Full typology matching** — AI identifies structuring, layering, and smurfing patterns against your transaction monitoring rules
- **Immutable audit trail** — when a regulator asks "who cleared or escalated ALERT-1002 and why?" — the answer is in the system with an exact timestamp and reason
- **AMLD6 / FATF ready** — AML decisions require the human oversight, full explainability, and documented decision chain required by AMLD6 and FATF guidance
## What the user receives
| Output | Description |
|--------|-------------|
| Risk score | 0–100 assessment with threshold evaluation |
| Typology match | Rule ID + description (structuring, layering, etc.) |
| Sanctions check | OFAC / EU / UN screening result |
| PEP status | PEP flag with category |
| Customer risk | Risk rating, burst intensity, jurisdiction risk |
| Anomaly flags | rapid_transfer, new_beneficiary, high_burst, sanctions_hit, pep_flag |
| Findings | Structured list with severity codes |
| Prior alerts | Historical alert count |
| Recommended action | AI-suggested triage decision |
| Decision options | clear / escalate_l2 / immediate_escalate |
| Audit receipt ID | Permanent signed record of the compliance decision |
| Compact journal | Full event log: triage → sanctions → human decision |
## When to trigger
Activate when the user:
- Mentions an alert ID (e.g. "ALERT-1002")
- Says "triage this alert", "review AML alert", "check transaction monitoring alert"
- Provides customer and transaction data for compliance review
**Before starting**, confirm: "Submit alert [alert_id] for MOVA L1 triage?"
If details are missing — ask once for: alert ID, rule ID, risk score, customer ID, customer jurisdiction, triggered transactions.
## Step 1 — Submit alert
Call tool `mova_hitl_start_aml` with:
- `alert_id`, `rule_id`, `rule_description`, `risk_score`
- `customer_id`, `customer_name`, `customer_risk_rating` (low/medium/high), `customer_type` (individual/business), `customer_jurisdiction` (ISO country code)
- `triggered_transactions`: array of `{transaction_id, amount_eur}`
- `pep_status`: boolean, `sanctions_match`: boolean
- `historical_alerts`: optional array of prior alert IDs
## Step 2 — Show analysis and decision options
If `status = "waiting_human"` — show AI triage summary and ask to choose:
- **clear** — Clear as false positive
- **escalate_l2** — Escalate to L2 analyst
- **immediate_escalate** — Immediate escalation — freeze account
Show `recommended` option if present (mark ← RECOMMENDED).
Call tool `mova_hitl_decide` with:
- `contract_id`: from the response above (NOT the alert ID)
- `option`: chosen decision
- `reason`: analyst reasoning
## Step 3 — Show audit receipt
Call tool `mova_hitl_audit` with `contract_id`.
Call tool `mova_hitl_audit_compact` with `contract_id` for the full signed event chain.
## Connect your real AML systems
By default MOVA uses a sandbox mock. To route checks against your live infrastructure, call `mova_list_connectors` with `keyword: "aml"`.
Relevant connectors:
| Connector ID | What it covers |
|---|---|
| `connector.screening.pep_sanctions_v1` | PEP & sanctions screening (OFAC, EU, UN) |
| `connector.aml.transaction_history_v1` | Transaction history from core banking |
| `connector.policy.aml_rules_v1` | AML rule engine / typology rules |
| `connector.risk.jurisdiction_v1` | Country FATF risk classification |
Call `mova_register_connector` with `connector_id`, `endpoint`, optional `auth_header` and `auth_value`.
## Rules
- NEVER make HTTP requests manually
- NEVER invent or simulate results — if a tool call fails, show the exact error
- Use MOVA plugin tools directly — do NOT use exec or shell
- CONTRACT_ID comes from the mova_hitl_start_aml response, not from the alert ID
标签
skill
ai
