Integration Setup
1. Installation and configuration
- Log in to your Workspace Mambu Process Orchestrator (MPO) environment. Click on the Create button and select the From file option.
- Upload the JSON file with the pre-integration template. The
AML TransactionMonitoring [FinCrime] vX.X.X (YYYY-MM-DD)
folder will be available in your workspace. - Open the Common setup process process, switch to View mode and select New task. Fill all the parameters and click Add task. Wait until the task is processed (moves to the final point).
Alternatively, the following JSON data can be used as Setup. Modify it accordingly and paste into the Code editor tab. The Common setup process contains data for two config areas: ComplyAdvantage, and Mambu data.
{
"amlAlertsActions": [
{
"label": "Hard Stop",
"action": "R"
},
{
"label": "Soft Stop",
"action": "S"
},
{
"label": "No Stop",
"action": "I"
}
],
"complyAdvantageUrl": "api.[CA-tenant].tm.complyadvantage.com",
"complyAdvantageUsername": "CA username",
"complyAdvantagePassword": "CA password",
"mambuMaxRetryCount": "<number - max number of retries for the Mambu API calls>",
"mambuSchemeGLChannel": "GL code (e.g: scheme_GL)",
"mambuSuspenseGLChannel": "GL code (e.g: suspense_GL)",
"mambuTimezone": "Mambu tenant timezone",
"mambuTransitGLChannel": "GL code (e.g: transit_GL)",
"mambuUrl": "https://[tenant].[environment].mambucloud.com",
"mambuUser": "Mambu username",
"mambuPassword": "Mambu password",
"mambuWithholdGLChannel": "GL code (e.g: withhold_GL)",
"maxRetryPostTransactionInCA": "<number - max number of retries for the CA API calls>"
}
- Open the 1. Notifications setup process which can be found under “Notifications Module” folder, switch to View mode and select New task. Fill all the parameters and click Add task. Wait until the task is processed (moves to the final point).
The “Notifications Module” is a separate customisable plug-in that requires its own setup. For the FinCrime connector the default notification mechanism is via Mambu task. Notifications are sent either to the deposit account assigned user or, if no user is assigned, to a generic Mambu user.
Based on the selected notification method: task
, zenDesk
or URL
the following JSON data should be filled in the above MPO process 1. Notifications setup.
- Notification via Mambu Task
{
{
"channel": "task",
"mambuTaskAssignedUser": "<encoded key of the generic Mambu user>",
"notificationConfigReference": "notificationConfigReference", //keep this value
"webhookUrl": "-",//parameter used for the integration with other notification systems
"ZenDesk.apiKey": "-",//parameter used for the integration with other notification systems
"ZenDesk.group_id": "-",//parameter used for the integration with other notification systems
"ZenDesk.login": "-",//parameter used for the integration with other notification systems
"ZenDesk.subdomain": "-"//parameter used for the integration with other notification systems
}
- Notification via ZenDesk Ticket
{
"channel": "zenDesk",
"notificationConfigReference": "notificationConfigReference", //keep this value
"ZenDesk.apiKey": "IUbepAEuiyypiuLQOzhAQWumi8Pyww2ODVrn6Yux (ZenDesk API key)",
"ZenDesk.group_id": "450002405759 (ZenDesk User Group ID)",
"ZenDesk.login": "ZenDesk Username/Email",
"ZenDesk.subdomain": "complyAdvantagempo (ZenDesk subdomain)"
}
- Notification via Webhook URL
{
"channel": "URL",
"notificationConfigReference": "notificationConfigReference", //keep this value
"webhookUrl": "link to external notification system"
}
Notes:
- A notification is sent only if the value is set to
true
. - When notifications are set to
false
or are set totrue
but the Mambu or Zendesk ticket fails, the responses are saved in state diagrams in order to be analyzed. - To get the value for
mambuTimezone
navigate to Mambu environment Administration > General Setup > Organisation Details and copy the value of theTime Zone
field. - Allowed values for
amlAlertsActions
areR
for Rejected,S
for Suspended andI
for Ignored.
1.1. External Data Configuration
In order to allow data from systems other than Mambu to be processed and sent to ComplyAdvantage, it is necessary to:
- Set the variable
isExternalDataRequiredForAml
totrue
in Mambu Config. - Define the data model (object
externalDataUsedFields
from customization configuration):
"externalDataUsedFields": [
{
"targetId": "customer_date_of_birth",
"path": "customer_dob"
},
{
"targetId": "customer_income_sources",
"path": "customer_income.incomeSources"
}
]
- Implement the process
AML External Data
: this process calls the external service and fetches the external data in theexternalData
object and should respect the following rules:- The successful flow for this process replies to the parent process only with the
externalData
object. - Error handling for this process, when fetching of data from the external system is not working, is the customer’s responsibility; before every Final node a Reply To process node needs to be placed in order to avoid the task getting stuck in the Call Process node of the parent in MPO.
- The successful flow for this process replies to the parent process only with the
1.2. AML Alerts Actions
In ComplyAdvantage config can be defined for up to three alerts, which must be stored in descending
order based on the maximum priority action. The first alert should be the one with the higher priority from ComplyAdvantage, followed by the next one and so on.
If the third alert is stored, it’s purpose should be for analytics and reporting and not decisioning. If a transaction can be accepted or not this alert should always have the action I
for Ignored. If only two alerts are defined in ComplyAdvantage this label can be removed from the list.
The label and the action for each alert is configurable, a Hard Stop can act like a Rejected
payment or like a Suspended
payment first.
"amlAlertsActions": [
{
"label": "Hard Stop",
"action": "R"
},
{
"label": "Soft Stop",
"action": "S"
},
{
"label": "No Stop",
"action": "I"
}
]
"amlAlertsActions": [
{
"label": "Hard Stop",
"action": "S"
},
{
"label": "Soft Stop",
"action": "I"
}
]
1.3. AML Adaptor
The scope of AML Adaptor
process is to map the output payload from the payments connector to the input parameters required by the AML scheme in use, and it can be used to connect to any AML system.
Inside this process two main actions are triggered:
- In case
isExternalDataRequiredForAml
property is set totrue
in Mambu Config, thenAML External Data
process should be implemented by the client: this process calls the external service and fetches the external data in theexternalData
object and should respect the following rules: paymentData
object must be matching the ComplyAdvantage source format (payload details):
The parameters required for AML check may vary from one scheme to another, which can lead to changes in the parameters mapping. In case that the payment connector does not provide all the required parameters, API calls made from within the adaptor shall be use to retrieve them.
The following json contains an example for the mapping required between the Wise and Comply Advantage Transaction Monitoring connector.
{
data.paymentData = {
"type": "RealtimeTransaction",
"tx_type": "payment",
"tx_direction": "Outbound", //keep this value as it is used in The FinCrime logic for FX transfer
"tx_date_time": data.transactionDate,
"tx_id": data.withdrawal.encodedKey, //keep this value as it is used in The FinCrime logic for FX transfer
"reference_text": "TW transferId: " + data.twTransfer.id + ".",
"base_currency": data.twTransfer.sourceCurrency,
"base_amount": data.twTransfer.sourceValue,
"currency": data.twTransfer.targetCurrency,
"amount": data.twTransfer.targetValue,
"customer_sub_account_id": data.depositAccountId, //keep this value as it is used in The FinCrime logic for FX transfer
"customer_country": data.userAddress.country,
"customer_email": data.clientEmail,
"customer_id": data.clientEmail,
"counterparty_id": data.recipient.id,
"counterparty_country": data.recipient.country,
"counterpartyacct_account_id": counterpartyacct_account_id,
"counterparty_email": counterparty_email,
"counterparty_reference": data.payInReference
}
}
Notes: The following parameters are mandatory regardless of the AML scheme:
- "tx_id": data.withdrawal.encodedKey
;
- "tx_direction": "Outbound"
;
- "customer_sub_account_id": data.depositAccountId
;
2. ComplyAdvantage Webhook Linkage
THe MPO process 4. Alerts Analyser Router [linked to CA webhook]
URL must be linked to ComplyAdvantage’s environment in order to be able to have a final status for Suspended
payments (alerts were triggered) once a transaction is transitioned from In Review
status to Accepted
or Rejected
status and webhooks are sent by ComplyAdvantage as a result.
Note: ComplyAdvantage makes this linkage on the customer’s behalf.