Decisions and Risk Outcomes
How WatchTower decides between ALLOW, REVIEW, and BLOCK.
Section
Decision model
WatchTower evaluates each transaction and produces one of three outcomes: ALLOW, REVIEW, or BLOCK.
Section
What drives the decision
- triggered monitoring controls
- rule severity
- behavioral signals
- anomaly score
- watchlist or screening hits
- organization thresholds
- linked customer and identity context when Identity is enabled
Section
How to use each outcome
ALLOW
- The transaction may continue with no immediate operational action, although it may still be recorded for analytics and reporting.
REVIEW
- The transaction requires analyst attention. This is typically where alert workflows and investigations begin.
BLOCK
- The transaction represents a higher-risk event and should be stopped or escalated according to your operating model.
Section
Operational context
Decisioning should be treated as part of a broader control framework. Institutions usually pair WatchTower’s risk outputs with internal policy, customer context, fraud and compliance review standards, analyst escalation workflows, and identity-safe evidence from Remllo Identity when that tenant is linked.
Operational connection
The decision engine is where fraud detection, transaction monitoring, identity context, and operational handling meet. A good setup connects decisions directly to alert review, case management, customer context, and reporting.
Next UpAlerts & Cases
Continue Through The DocsWatchTower Integration Guides