Integration Setup

1. Installation and configuration

  1. Log in to your Workspace Mambu Process Orchestrator (MPO) environment. Click on the Create button and select the From file option.
  2. Upload the JSON file with the pre-integration template. The AML TransactionMonitoring [FinCrime] vX.X.X (YYYY-MM-DD) folder will be available in your workspace.
  3. Open the Common setup process process, switch to View mode and select New task. Fill all the parameters and click Add task. Wait until the task is processed (moves to the final point).

Setup

Alternatively, the following JSON data can be used as Setup. Modify it accordingly and paste into the Code editor tab. The Common setup process contains data for two config areas: ComplyAdvantage, and Mambu data.

{
    "amlAlertsActions": [
        {
            "label": "Hard Stop",
            "action": "R"
        },
        {
            "label": "Soft Stop",
            "action": "S"
        },
        {
            "label": "No Stop",
            "action": "I"
        }
    ],
    "complyAdvantageUrl": "api.[CA-tenant].tm.complyadvantage.com",
    "complyAdvantageUsername": "CA username",
    "complyAdvantagePassword": "CA password",
    "mambuMaxRetryCount": "<number - max number of retries for the Mambu API calls>",
    "mambuSchemeGLChannel": "GL code (e.g: scheme_GL)",
    "mambuSuspenseGLChannel": "GL code (e.g: suspense_GL)",
    "mambuTimezone": "Mambu tenant timezone",
    "mambuTransitGLChannel": "GL code (e.g: transit_GL)",
    "mambuUrl": "https://[tenant].[environment].mambucloud.com",
    "mambuUser": "Mambu username",
    "mambuPassword": "Mambu password",
    "mambuWithholdGLChannel": "GL code (e.g: withhold_GL)",
    "maxRetryPostTransactionInCA": "<number - max number of retries for the CA API calls>"
}
  1. Open the 1. Notifications setup process which can be found under “Notifications Module” folder, switch to View mode and select New task. Fill all the parameters and click Add task. Wait until the task is processed (moves to the final point).

Notifications Setup

The “Notifications Module” is a separate customisable plug-in that requires its own setup. For the FinCrime connector the default notification mechanism is via Mambu task. Notifications are sent either to the deposit account assigned user or, if no user is assigned, to a generic Mambu user.

Based on the selected notification method: task, zenDesk or URL the following JSON data should be filled in the above MPO process 1. Notifications setup.

  • Notification via Mambu Task
{
    {
    "channel": "task",
    "mambuTaskAssignedUser": "<encoded key of the generic Mambu user>",
    "notificationConfigReference": "notificationConfigReference", //keep this value
    "webhookUrl": "-",//parameter used for the integration with other notification systems
    "ZenDesk.apiKey": "-",//parameter used for the integration with other notification systems
    "ZenDesk.group_id": "-",//parameter used for the integration with other notification systems
    "ZenDesk.login": "-",//parameter used for the integration with other notification systems
    "ZenDesk.subdomain": "-"//parameter used for the integration with other notification systems
}
  • Notification via ZenDesk Ticket
{    
    "channel": "zenDesk",
    "notificationConfigReference": "notificationConfigReference", //keep this value
    "ZenDesk.apiKey": "IUbepAEuiyypiuLQOzhAQWumi8Pyww2ODVrn6Yux (ZenDesk API key)",
    "ZenDesk.group_id": "450002405759 (ZenDesk User Group ID)",
    "ZenDesk.login": "ZenDesk Username/Email",
    "ZenDesk.subdomain": "complyAdvantagempo (ZenDesk subdomain)"
}
  • Notification via Webhook URL
{    
    "channel": "URL",
    "notificationConfigReference": "notificationConfigReference", //keep this value
    "webhookUrl": "link to external notification system"
}

Notes:

  1. A notification is sent only if the value is set to true.
  2. When notifications are set to false or are set to true but the Mambu or Zendesk ticket fails, the responses are saved in state diagrams in order to be analyzed.
  3. To get the value for mambuTimezone navigate to Mambu environment Administration > General Setup > Organisation Details and copy the value of the Time Zone field.
  4. Allowed values for amlAlertsActions are R for Rejected, S for Suspended and I for Ignored.

1.1. External Data Configuration

In order to allow data from systems other than Mambu to be processed and sent to ComplyAdvantage, it is necessary to:

  • Set the variable isExternalDataRequiredForAml to true in Mambu Config.
  • Define the data model (object externalDataUsedFields from customization configuration):
   "externalDataUsedFields": [
        {
            "targetId": "customer_date_of_birth",
            "path": "customer_dob"
        },
        {
            "targetId": "customer_income_sources",
            "path": "customer_income.incomeSources"
        }
    ]
  • Implement the process AML External Data: this process calls the external service and fetches the external data in the externalData object and should respect the following rules:
    • The successful flow for this process replies to the parent process only with the externalData object.
    • Error handling for this process, when fetching of data from the external system is not working, is the customer’s responsibility; before every Final node a Reply To process node needs to be placed in order to avoid the task getting stuck in the Call Process node of the parent in MPO.

1.2. AML Alerts Actions

In ComplyAdvantage config can be defined for up to three alerts, which must be stored in descending order based on the maximum priority action. The first alert should be the one with the higher priority from ComplyAdvantage, followed by the next one and so on.

If the third alert is stored, it’s purpose should be for analytics and reporting and not decisioning. If a transaction can be accepted or not this alert should always have the action I for Ignored. If only two alerts are defined in ComplyAdvantage this label can be removed from the list.

The label and the action for each alert is configurable, a Hard Stop can act like a Rejected payment or like a Suspended payment first.

"amlAlertsActions": [
        {
            "label": "Hard Stop",
            "action": "R"
        },
        {
            "label": "Soft Stop",
            "action": "S"
        },
        {
            "label": "No Stop",
            "action": "I"
        }
    ]

"amlAlertsActions": [
        {
            "label": "Hard Stop",
            "action": "S"
        },
        {
            "label": "Soft Stop",
            "action": "I"
        }
    ]

1.3. AML Adaptor

AML Adaptor

The scope of AML Adaptor process is to map the output payload from the payments connector to the input parameters required by the AML scheme in use, and it can be used to connect to any AML system.

Inside this process two main actions are triggered:

  1. In caseisExternalDataRequiredForAml property is set to true in Mambu Config, then AML External Data process should be implemented by the client: this process calls the external service and fetches the external data in the externalData object and should respect the following rules:
  2. paymentData object must be matching the ComplyAdvantage source format (payload details):

The parameters required for AML check may vary from one scheme to another, which can lead to changes in the parameters mapping. In case that the payment connector does not provide all the required parameters, API calls made from within the adaptor shall be use to retrieve them.
The following json contains an example for the mapping required between the Wise and Comply Advantage Transaction Monitoring connector.

{
data.paymentData =  {
        "type": "RealtimeTransaction",
        "tx_type": "payment",
        "tx_direction": "Outbound", //keep this value as it is used in The FinCrime logic for FX transfer
        "tx_date_time": data.transactionDate,
        "tx_id": data.withdrawal.encodedKey, //keep this value as it is used in The FinCrime logic for FX transfer
        "reference_text": "TW transferId: " + data.twTransfer.id + ".",
        "base_currency": data.twTransfer.sourceCurrency,
        "base_amount": data.twTransfer.sourceValue,
        "currency": data.twTransfer.targetCurrency,
        "amount": data.twTransfer.targetValue,
        "customer_sub_account_id": data.depositAccountId, //keep this value as it is used in The FinCrime logic for FX transfer
        "customer_country": data.userAddress.country,
        "customer_email": data.clientEmail,
        "customer_id": data.clientEmail,
        "counterparty_id": data.recipient.id,
        "counterparty_country": data.recipient.country,
        "counterpartyacct_account_id": counterpartyacct_account_id,
        "counterparty_email": counterparty_email,
        "counterparty_reference": data.payInReference
    }
}

Notes: The following parameters are mandatory regardless of the AML scheme:
  - "tx_id": data.withdrawal.encodedKey;
  - "tx_direction": "Outbound";
  - "customer_sub_account_id": data.depositAccountId;

2. ComplyAdvantage Webhook Linkage

THe MPO process 4. Alerts Analyser Router [linked to CA webhook] URL must be linked to ComplyAdvantage’s environment in order to be able to have a final status for Suspended payments (alerts were triggered) once a transaction is transitioned from In Review status to Accepted or Rejected status and webhooks are sent by ComplyAdvantage as a result.

Note: ComplyAdvantage makes this linkage on the customer’s behalf.