Skip to main content
The then clause is the decision output of your rule. It tells the FinWatch engine what to do when the conditions are met.

Verdicts

A verdict is a mandatory action keyword that represents the engine’s decision about the transaction. When to use which:
  • block: You are certain this is malicious. False positives here mean lost revenue and angry customers.
  • review: You are suspicious but not certain. A human must make the final call.
  • alert: You want to observe a pattern without impacting the customer experience. Good for new rules in shadow mode.
  • approve: Rarely used in practice. Most rules detect bad things; explicit allow rules are for override scenarios.

Risk Score

Syntax: score <float> Purpose: A numerical representation of confidence or severity, used by the risk consolidation engine to aggregate risk across multiple rules that fire on the same transaction. Key Facts:
  • Must be a valid floating-point number.
  • Recommended range: 0.0 to 1.0.
  • If omitted, defaults to 0.0.
  • The risk consolidator combines scores from all triggered rules to produce a final risk assessment.
Scoring Strategy: Example:

Reason

Syntax: reason "<text>" Purpose: A human-readable explanation of why the rule fired. This text is surfaced to:
  • Fraud analysts reviewing flagged transactions.
  • Compliance reports for auditors.
  • API responses back to the calling system.
  • Logs for debugging and monitoring.
Key Facts:
  • Must be a double-quoted string.
  • If omitted, defaults to "No reason provided".
  • Should be specific and actionable.
Good vs. Bad Reasons: Best Practice: Include the specific data point that caused the trigger in the reason string where possible. This saves analysts from having to dig through raw transaction data.