Skip to main content
The Rule Builder is a four-step wizard that walks you through creating a transaction monitoring rule — from defining conditions to activating in production. You can open it by clicking Create Rule on the Transaction MonitoringRules page, or by copying a template into your workspace.

Step 1: Define conditions

Conditions describe the pattern you want to detect. Each rule has one or more condition groups connected by OR logic (“any path matches”). Within a group, individual conditions are combined with AND or OR logic.

Adding a condition

Each condition targets an entity and a property, then applies an operator and a value:
FieldDescription
EntityThe data source: transaction, client, wallet, or bankAccount.
Entity relationshipFor non-transaction entities: evaluate the sender, receiver, or all participants.
PropertyThe field to inspect (e.g., amount, riskTier, country).
OperatorThe comparison: equal, greaterThan, in, between, and others.
ValueThe threshold or target value.

Aggregation conditions

For pattern detection over time — like velocity checks or cumulative thresholds — add an aggregation to a condition:
FieldDescription
Aggregation operatorsum, count, avg, min, max, percentile, and more.
Aggregation propertyThe field to aggregate (e.g., amount).
Time windowThe lookback period: in_the_last 24 hours, all_time, between two dates, etc.
FiltersNarrow the aggregation scope (e.g., only WITHDRAW transactions).
The aggregated result is then compared using the regular operator and value fields. For example: “SUM of amount where type = WITHDRAW in the last 24 hours is greater than 50,000.”

Condition groups

Click Add Group to create an additional condition path. Groups are connected with OR logic — if any group matches, the rule triggers. Within a group, you choose whether conditions combine with AND (all) or OR (any).
See the Conditions reference for the complete list of operators, entities, aggregation options, and time windows.

Step 2: Configure response

Choose what happens when the rule matches a transaction.

Alert priority

Set the priority for generated alerts:
PriorityWhen to use
HighPatterns requiring immediate analyst attention.
MediumSuspicious activity that should be reviewed promptly.
LowInformational signals for batch review.

Halt transaction

Toggle between two response modes:
  • Alert only — Create a compliance alert for analyst review. The transaction proceeds normally.
  • Alert + Halt transaction — Create an alert and freeze the transaction until an analyst reviews it.
Halting transactions blocks settlement until the alert is resolved. Use this for high-confidence rules where false positives are rare.

Step 3: Test

Before activating, test your rule against historical transactions to understand its impact. The Rule Builder includes a built-in testing step — see Testing rules for details on batch testing, single-transaction evaluation, and interpreting results.

Step 4: Review and activate

The final step displays a summary of your rule:
  • Basic info — Name and description.
  • Formula — A human-readable representation of your conditions (e.g., “IF amount > 10,000 AND customer risk = HIGH”).
  • Response — Alert priority and whether transactions are halted.
If everything looks correct, click Activate Rule to start evaluating live transactions.
Draft rules are auto-saved. You can close the builder and return later — your progress is preserved.

Updating active rules

When you edit a rule that is already active, Corsa creates a new version behind the scenes. Your changes are not applied until you click Publish Updates. You can optionally provide an audit reason explaining the change. This reason is recorded in the rule’s audit log for compliance traceability.

Creating rules via API

You can also create and manage rules programmatically. See the Rules & Evaluation API for full endpoint documentation. Endpoint: POST /v1/rules 
POST /v1/rules
Content-Type: application/json

{
  "name": "High-risk withdrawal detection",
  "description": "Alert on large withdrawals by high-risk customers",
  "conditions": {
    "all": [
      {
        "entity": "client",
        "property": "riskTier",
        "operator": "equal",
        "value": "HIGH"
      },
      {
        "entity": "transaction",
        "aggregationProperty": "amount",
        "aggregationOperator": "sum",
        "aggregationTimeType": "in_the_last",
        "aggregationTimeValue": 1,
        "aggregationTimePeriod": "days",
        "aggregationFilters": [
          {
            "property": "type",
            "operator": "equal",
            "value": "WITHDRAW"
          }
        ],
        "operator": "greaterThanInclusive",
        "value": 50000
      }
    ]
  },
  "actions": [
    {
      "type": "CREATE_ALERT",
      "config": {
        "category": "TRANSACTION_MONITORING",
        "priority": "HIGH",
        "status": "NEW"
      }
    }
  ]
}

What’s next?

Conditions reference

Full reference for operators, entities, aggregations, and time windows.

Testing rules

Validate your rule against historical transactions before activating.

Rules & Evaluation API

Manage rules programmatically via REST API or SDK.