Flagship Service
Design, tune, and prove your fraud and AML detection rules
Since the PSR’s mandatory APP-fraud reimbursement came into force, UK firms eat the cost of the fraud they fail to stop — and must be able to show their detection rules are adequate and defensible. We work both ends: designing and tuning the rules themselves, and assuring them rule-by-rule with a regulator-ready record of where you stand. Built by specialists in fraud rule-writing across all four financial-crime domains.
Rule Defensibility
ScoringDocumented rationale
Why the rule exists
Backtested
Validated pre-deploy
Performance monitored
FPR / hit-rate tracked
Named owner
Accountable individual
Mapped to obligation
PSR / SYSC / MLR 2017
A rule is only defensible when every dimension is evidenced. Missing evidence is reported as “cannot attest” — never as defensible.
The shift
Fraud is now a P&L line
Mandatory APP reimbursement turned fraud losses into a direct cost the business carries — and a question the board, the FCA, and the Financial Ombudsman now ask about your controls.
The gap
Nobody owns the full picture
Compliance sees the law, the fraud team sees the rules, data sees the gaps — and no single artifact connects the three. When a rule is challenged, firms scramble to evidence why it exists and that it works.
The standard
Defensible by design
Our method is rigorous and repeatable: the same evidence, documented the same way every time, fully traceable. That consistency is exactly what a regulator, an ombudsman, or a court needs to see — not a black box.
How a rule is judged
Six dimensions decide whether a rule is defensible
We score every rule the way a reviewer would. A rule is only defensible when each dimension is positively evidenced. Where evidence is missing, we report it as “cannot attest” — never as defensible. Missing evidence is not the same as a safe rule.
01
Documented rationale
Is there a written, approved reason this rule exists — the typology it targets and the basis for its thresholds?
02
Tested
Was the rule backtested against confirmed fraud before deployment, and is that evidence retained?
03
Monitored
Is performance tracked — hit rate, false-positive rate, alert volume — so you can show it still works?
04
Owned
Is there a named, accountable individual responsible for the rule and its outcomes?
05
Change-controlled
Are changes to the rule reviewed, impact-assessed, and recorded?
06
Mapped to obligation
Does the rule trace to the regulation it implements — PSR reimbursement, the MLRs, SYSC financial-crime expectations?
Coverage across the whole estate
All four financial-crime domains, one connected picture
Most reviews go deep in one lane. We check your rules against recognised UK typologies across every domain, so the verdict covers your whole detection estate — not just one corner of it.
APP scams
Authorised push payment fraud — purchase, investment, romance, impersonation, CEO/invoice, advance-fee and mule-receiving patterns.
AML transaction monitoring
Placement, layering, structuring, rapid movement, and the typologies behind suspicious-activity detection.
Card fraud
CNP, account takeover, testing, and the card-present and card-not-present vectors firms must cover.
Application & mule fraud
Synthetic and stolen-identity applications, first-party fraud, and money-mule account behaviour.
What you receive
A diagnosis you can act on, and a record you can defend
We diagnose and document. The diagnosis names every gap and the direction of the fix; the rule logic and thresholds that close those gaps stay with the expert. You see exactly where you stand — and have a regulator-ready artifact to prove it.
Defensibility scorecard
Every rule scored on six evidence dimensions, with a clear verdict: defensible, defensible-with-gaps, indefensible, or cannot attest.
Coverage map
Your rules checked against 43 recognised UK fraud typologies across all four domains — so you can see, by name, what you are not catching.
Estimated false-positive reduction
Where you share aggregate alert figures (not transaction data), an estimate of the false positives and analyst hours a tuning pass could remove.
Regulator-ready documentation pack
A frozen, dated, traceable record mapping each rule to the obligation it implements — the artifact you reach for when challenged.
No production data
A review you can run in an afternoon, not a six-month security project
The diagnosis works from structured descriptions of your rules and, optionally, aggregate performance counts — alerts, hits, false positives. No transaction data, no customer data, no live system access. That keeps you below the procurement and DPIA wall, so you get value fast. Any estimate is computed on the figures you provide and labelled as such — it is an advisory diagnostic, not an independent audit of your live system.
Start with the free check
See where one rule stands in 60 seconds — no data, no sign-up
The free check gives you a headline verdict on your rule practice. When you are ready for the full rule-by-rule diagnosis and the documentation pack, we run it with you. Every enquiry is treated in confidence.