Compliance (FRAML)
Build with

Compliance is Myaza Trust's fraud and anti-money-laundering layer (FRAML). On top of KYC verification, it lets you keep watching the people and businesses you've onboarded: screen them against sanctions / PEP / adverse-media watchlists, score their transactions in real time, and run a full investigation workflow — alerts, cases, and regulatory filings — from the dashboard.

There are two sides to it:

  • The Identity Hub API — a server-to-server API you call to sync your users as monitored entities and to stream their events (transactions and actions) for scoring. See Identity Hub API and Event monitoring.
  • The Compliance dashboard — where your compliance team reviews entities, screening hits, and alerts, works cases, and files reports. Under Dashboard → Compliance.

Everything is environment-scoped (sandbox vs. production) and organization-scoped, exactly like the rest of the platform — the API key you use decides which. See Environments.

Building blocks
Build with

ConceptWhat it is
EntityA person (INDIVIDUAL) or company (BUSINESS) you monitor, keyed by your own externalUserId. Carries a KYC disposition, a risk tier, and (once resolved) a link to a global identity.
ScreeningAn ongoing check of an entity against a watchlist type — SANCTIONS, PEP, or ADVERSE_MEDIA — producing zero or more matches.
EventA transaction or action you send for scoring (POST /events). The engine returns a decision and a risk score.
SignalThe stored, scored record of an event — the monitored activity stream you browse in the dashboard. (A separate device/session signal stream is store-only.)
AlertAn investigation item opened automatically when an event scores at or above the review threshold.
CaseA grouping of one entity's alerts, tracked through investigation to a disposition.
SAR / STRA Suspicious Activity / Transaction Report drafted and filed from a case, exportable as goAML XML.

Risk & disposition vocabulary
Build with

An entity carries two independent axes:

  • Disposition — its KYC standing: PENDING, UNDER_REVIEW, APPROVED, REJECTED.
  • Risk tier — its monitoring risk posture: LOW, MEDIUM, HIGH, or UNSCORED.

Each event yields a decisionALLOW, REVIEW, or BLOCK — and a risk score from 0 to 100.

The monitoring lifecycle
Build with

An event flows through the system like this:

code
  your backend
        POST /api/identity/events
      
   Event ───score──►  Signal        (every event; browsable stream)
                        
                         decision  review threshold
                        
                      Alert          (OPEN  needs triage)
                          group an entity's alerts

                      Case           (OPEN → IN_REVIEW → CLOSED + disposition)
                        │  if reportable

                      SAR / STR      (DRAFT → FILED, exported as goAML XML)
  • Event → Signal happens on every ingested event; the signal is stored and scored.
  • Signal → Alert happens automatically when the composite score crosses your review threshold.
  • Alert → Case → SAR are manual compliance actions taken in the dashboard.

Permissions
Build with

Each Compliance area has its own permission key, so you can grant read access to one surface without the others. The server enforces these; the dashboard hides what you can't use.

KeyGrants
identity:readView individual entities, the compliance overview, and entity detail.
business_identity:readView business entities.
screening:readView screening results.
signals:readView the monitored event/signal stream.
alerts:readView alerts.
alerts:manageOpen a case from selected alerts.
cases:readView cases.
cases:manageOpen / assign / dispose cases and draft / file / cancel SARs.
monitoring:manageEdit monitoring rules (reading them is always allowed).

All case and SAR writes are audited server-side and appear in your organization's audit log (Dashboard → Audit logs).

Next steps
Build with