Monitoring Rules
How WatchTower controls are organized and how teams manage rule behavior.
Control families
Rules are grouped into practical monitoring families such as screening, velocity, movement, trends, and data quality.
Custom rule support
Add institution-specific rules without losing the built-in WatchTower monitoring baseline.
Operational governance
Manage rule lifecycle alongside thresholds, alerts, reporting, and audit visibility.
How rules are organized
WatchTower groups monitoring controls into operational families so teams can understand why a transaction triggered and how each control fits into the wider detection model.
Current control families
- screening
- geography
- value and structuring
- velocity
- counterparty behavior
- movement and pass-through behavior
- trend shifts
- account state
- grouping overlays
- data-quality checks
Built-in and custom controls
WatchTower combines a broad built-in monitoring library with custom rules for institution-specific patterns and tuning. Teams can start with a strong baseline, then refine detection around business-specific risk signals.
- built-in controls for default monitoring coverage
- custom rules for institution-specific risk logic
- draft and active states for rollout control
What teams can do today
- review the rule catalog
- create custom rules
- keep rules in draft before rollout
- activate or deactivate controls
- update rule status
- delete rules that should no longer be used
Recommended operating model
Treat rules as operational controls, not isolated logic. The best WatchTower setups connect rule changes to alert operations, reporting, and threshold governance.
Pair rule changes with
- threshold review
- alert handling procedures
- analyst workflow
- reporting and performance review
- auditability and change tracking
Start with the built-in rule library first. Once traffic is flowing and your team understands the alert patterns, add custom rules for tighter thresholds, channel or corridor logic, and institution-specific escalation conditions.