Transaction Monitoring

Transaction Monitoring provides real-time surveillance of blockchain addresses, alerting your compliance team when transactions meet configurable risk or value thresholds. This enables ongoing due diligence and continuous compliance as required by AML/CFT regulations.

How It Works

1. Add Addresses — Register addresses for monitoring via the dashboard, API, or CSV upload.
2. Configure Rules — Set alert thresholds based on risk score, transaction value, counterparty type, or sanctions exposure.
3. Real-Time Detection — The platform continuously scans monitored addresses for new on-chain activity.
4. Alert Delivery — When a transaction matches a rule, an alert is generated and delivered through your configured channels.
5. Review and Action — Compliance officers review alerts, mark them as true/false positives, and take appropriate action.

Alert Types

| Alert Type | Trigger | Default Threshold | |---|---|---| | High-Risk Counterparty | Transaction with an address scoring above the risk threshold | Risk score >= 70 | | Sanctions Match | Transaction involving a sanctioned address | Any match | | Large Transaction | Transaction exceeding the value threshold | Configurable (e.g., $10,000) | | Mixer/Tumbler Interaction | Funds sent to or received from a known mixer | Any interaction | | Darknet Market | Interaction with a known darknet marketplace | Any interaction | | Fraud/Scam Exposure | Interaction with addresses flagged for fraud or scams | Any interaction | | Structuring Detected | Pattern of transactions just below a reporting threshold | Automated detection | | Dormant Address Reactivation | Activity on an address that has been inactive for an extended period | Configurable (e.g., 180 days) |

Alert Channels

Alerts can be delivered through multiple channels simultaneously:

• Dashboard — Alerts appear in the Monitoring section of the web dashboard with filtering and search.
• Email — Configurable email notifications to one or more compliance officers.
• Webhook — JSON payloads sent to your endpoint for integration with internal systems (SIEM, case management, etc.).
• Telegram — Instant alerts via the @BA_ScreenBot.
• API Polling — Query the /monitoring/alerts endpoint to retrieve pending alerts programmatically.

Configuring Rules

Rules can be configured at the organization level or per monitored address.

Organization-Level Rules

These apply to all monitored addresses by default:

• Minimum risk score threshold for alerts
• Minimum transaction value threshold
• Counterparty categories to flag (e.g., mixers, gambling, unhosted wallets)
• Sanctions list selection

Address-Level Overrides

Individual addresses can have custom rules that override organization defaults:

• Higher or lower risk thresholds
• Custom value thresholds
• Specific counterparty categories to watch

Alert Lifecycle

Each alert moves through the following statuses:

1. New — Alert has been generated and is pending review.
2. In Review — A compliance officer has opened the alert.
3. Escalated — The alert has been escalated to a senior compliance officer or MLRO.
4. Resolved - True Positive — The alert was confirmed as a genuine risk event.
5. Resolved - False Positive — The alert was reviewed and determined to be benign.

Monitoring Limits

| Plan | Monitored Addresses | Alert Retention | |---|---|---| | Starter | Up to 50 | 90 days | | Professional | Up to 500 | 1 year | | Enterprise | Unlimited | Unlimited |

API Integration

Add addresses for monitoring and retrieve alerts via the REST API:

# Add an address for monitoring
POST /v1/monitoring/addresses
{
  "address": "0x1234...abcd",
  "blockchain": "ethereum",
  "label": "Customer Wallet #42"
}

# Retrieve alerts
GET /v1/monitoring/alerts?status=new&limit=50

See the API documentation for the full endpoint reference.