Compliance Rules
VINCTA uses a deterministic rules engine based on European regulatory requirements. All rules cite their legal basis and produce auditable decisions.
Risk Methodology
VINCTA calculates customer risk using a transparent, rule-based approach aligned with German GwG and AMLD6 requirements.
Risk Score Calculation
Each customer receives a risk score (0-100) based on:
- KYC verification outcome
- Transaction monitoring alerts
- Sanctions screening results
- PEP status
- Country risk factors
Vendor Risk Aggregation
When multiple vendors report on the same customer, the highest vendor risk assessment is displayed per GwG §10 risk-based approach.
Risk Classifications
| Classification | Score Range | Due Diligence |
|---|---|---|
| Low | 0-30 | Simplified (GwG §14) |
| Medium | 31-70 | Standard |
| High | 71-100 | Enhanced (GwG §15) |
Alert Aggregation
VINCTA consolidates alerts from all connected vendors into unified customer profiles.
Identity Resolution
When alerts arrive from different vendors, VINCTA matches them to a single customer identity using:
- Exact match — Email, phone number, identification number
- Fuzzy match — Name variations with confidence scoring
- Manual review — Ambiguous matches flagged for analyst decision
Supported Alert Types
| Alert Type | Source Vendors |
|---|---|
| Transaction Monitoring | Unit21, HAWK AI |
| KYC Decisions | Alloy |
| Sanctions/PEP/Adverse Media | ComplyAdvantage |
Vendor Conflict Resolution
When vendors provide conflicting assessments, VINCTA applies deterministic resolution rules.
Conservative Principle
Per GwG §10, VINCTA automatically applies the highest risk classification when vendors disagree.
Example: Customer screened by both Alloy and ComplyAdvantage:
- Alloy: Low risk (identity verified, no flags)
- ComplyAdvantage: PEP match detected
Result: Case elevated to high priority, PEP review workflow triggered.
Active Rules
VINCTA ships with 15 validated rules based on AMLD6, German GwG, and DORA requirements:
Priority Rules
| Rule | Regulatory Basis | Effect |
|---|---|---|
| PEP Priority Override | AMLD6 Art. 20(a) | Elevates PEP cases to high priority |
| High-Risk Country | GwG §15(3) | Enhanced review for high-risk jurisdictions |
| Conservative Principle | GwG §10 | Applies highest vendor risk |
Blocking Rules
| Rule | Regulatory Basis | Blocking Condition |
|---|---|---|
| Expired ID | AMLD6 Art. 13(1)(a) | Cannot approve with expired identification |
| PEP Source of Funds | AMLD6 Art. 20(b)(ii) | PEP cases require source of funds documentation |
| UBO Identification | AMLD6 Art. 13(1)(b) | Business customers require beneficial owner records |
SLA Rules
| Priority | SLA | Typical Cases |
|---|---|---|
| Critical | 4 hours | Sanctions matches |
| High | 24 hours | PEP cases, high-risk countries |
| Medium | 72 hours | Standard TM alerts |
| Low | 7 days | Simplified due diligence |
Rule Customization
Default rules can be customized per client: adjust thresholds, add client-specific rules, disable non-applicable rules, create jurisdiction variations.