Fraud Copilot AML Holds
When an institution enables Fraud Copilot, CoreWave screens portal postings and API money-movement requests before balances change.
If Fraud Copilot is disabled or was never explicitly enabled for an institution, the AML screening gate returns immediately and does not hold, delay, or alter portal postings or API transactions. The transaction-blocking switch is institution-scoped; it does not inherit a legacy global or appsettings enablement.
The screening gate uses the institution's active transaction rules. It checks:
- A single proposed inflow or outflow against the configured rule threshold.
- The proposed amount plus completed transactions on the account during the previous 24 hours. This catches attempts to split a large movement into smaller transactions.
When a rule matches, CoreWave creates a suspicious-transaction record, stops processing, and opens an approval named Release Fraud Copilot AML Hold.
Staff Setup
- Open System Configuration > AI Settings and enable Fraud Copilot.
- Open Fraud Monitor > Transaction Rules and configure the institution's inflow and outflow AML thresholds.
- Grant
approve-aml-held-transactionsonly to staff roles authorized to release held transactions. - Staff review holds from Operations > Approvals and supporting details from Fraud Monitor > Suspicious Transactions.
The suspicious-transaction screen shows the AML hold reference, approval ID, rule, amount, direction, and reason.
Use Reports > Regulatory Reports > AML Screening Report to export the Fraud Copilot hold audit trail, including source and destination accounts, screening reason, approval state, release time, execution time, and current hold status.
Portal Behavior
Portal postings use the existing posting workspace:
- A staff member submits a posting.
- If Fraud Copilot flags the posting, the UI displays a warning that no funds moved.
- The posting group remains Pending Approval.
- An authorized staff member approves the AML hold.
- CoreWave resumes the staged posting group automatically.
- If the institution configured ordinary posting approval, the group continues through that approval queue before balances move.
Staff do not need to edit JSON or resubmit the portal posting.
API Behavior
The AML gate applies to:
POST /api/transfer/v1/localfundtransferPOST /api/transfer/v1/outwardtransferPOST /api/transfer/v1/fundstransferPOST /api/postings/v1/posttransactionPOST /api/postings/v1/post
When a request is held, CoreWave returns 202 Accepted. No debit, credit, fee posting, lien update, or outward gateway call has occurred.
{
"status": false,
"message": "Transaction held for Fraud Copilot AML review. No funds moved.",
"data": {
"statusCode": "AML_HOLD",
"amlHold": true,
"approvalId": 842,
"amlApprovalReference": "AML-26caaadad76043d596bd",
"reason": "Fraud Copilot matched AML rule 'High Value Outflow' because the transaction amount 5000000.00 reached its outflow threshold 5000000.00."
}
}
After authorized approval, retry the same request payload with amlApprovalReference:
{
"debitAccount": "1000000001",
"creditAccount": "1000000002",
"amount": 5000000,
"narration": "Supplier settlement",
"postingsTransactionType": 3,
"amlApprovalReference": "AML-26caaadad76043d596bd"
}
Rules:
- The approval reference is bound to the original payload and endpoint.
- A changed amount, account, reference, narration, fee, or beneficiary is rejected.
- A pending or declined approval cannot release funds.
- An approval reference is one-time use. It cannot be replayed after successful execution.
API_BYPASS_APPROVALSdoes not bypass Fraud Copilot AML holds.
Integration Handling
Treat 202 Accepted with data.statusCode = "AML_HOLD" as a pending manual-review state:
- Persist
data.amlApprovalReference. - Notify the operations or compliance team.
- Wait for authorized approval.
- Retry the unchanged request with the stored reference.
- Continue normal TSQ or reconciliation after a successful retry.