Contract Skill — A ready-to-use MOVA HITL workflow. Requires the openclaw-mova plugin.

MOVA AML Alert Triage

Submit a transaction monitoring alert to MOVA for automated L1 triage — with typology matching, sanctions screening, and a human compliance decision gate backed by a tamper-proof audit trail.

What it does

1. 1. AI triage — checks sanctions lists (OFAC/EU/UN), PEP status, transaction burst patterns, customer risk rating, prior alert history, and typology matching (structuring, layering, smurfing, etc.)
2. Risk snapshot — surfaces anomaly flags and triage recommendation
3. Human decision gate — compliance analyst chooses: clear / escalate to L2 / immediate escalate
4. Audit receipt — every decision is signed, timestamped, and stored in an immutable compact journal

Mandatory escalation rules enforced by policy:

• - Risk score > 85 → mandatory human escalation
• Sanctions hit → immediate escalation, no exceptions
• PEP flag → mandatory L2 escalation

Requirements

Plugin: MOVA OpenClaw plugin must be installed in your OpenClaw workspace.

Data flows:

• - Alert data + customer ID + transactions → api.mova-lab.eu (MOVA platform, EU-hosted)
• Customer data → sanctions screening (OFAC, EU, UN — read-only, no data stored)
• Customer ID → risk rating and prior alert history (read-only)
• Audit journal → MOVA R2 storage, cryptographically signed
• No data is sent to third parties beyond the above

Quick start

Say "triage AML alert ALERT-1002" and provide the alert details:

CODEBLOCK0

Demo

Step 1 — Alert submitted: TM-STRUCT-11, risk 91, RISK HIGH flag

Step 2 — AI analysis: structuring typology matched, risk 91/100, escalate_l2 decision

Step 3 — Audit receipt + compact journal with full compliance event chain

Why contract execution matters

• - Escalation rules are policy, not prompts — risk_score > 85 and sanctions hits trigger mandatory gates that cannot be bypassed
• Full typology matching — AI identifies structuring, layering, and smurfing patterns against your transaction monitoring rules
• Immutable audit trail — when a regulator asks "who cleared or escalated ALERT-1002 and why?" — the answer is in the system with an exact timestamp and reason
• AMLD6 / FATF ready — AML decisions require the human oversight, full explainability, and documented decision chain required by AMLD6 and FATF guidance

What the user receives

Output	Description
Risk score	0–100 assessment with threshold evaluation
Typology match

Rule ID + description (structuring, layering, etc.) | | Sanctions check | OFAC / EU / UN screening result | | PEP status | PEP flag with category | | Customer risk | Risk rating, burst intensity, jurisdiction risk | | Anomaly flags | rapidtransfer, newbeneficiary, highburst, sanctionshit, pep_flag | | Findings | Structured list with severity codes | | Prior alerts | Historical alert count | | Recommended action | AI-suggested triage decision | | Decision options | clear / escalatel2 / immediateescalate | | Audit receipt ID | Permanent signed record of the compliance decision | | Compact journal | Full event log: triage → sanctions → human decision |

When to trigger

Activate when the user:

• - Mentions an alert ID (e.g. "ALERT-1002")
• Says "triage this alert", "review AML alert", "check transaction monitoring alert"
• Provides customer and transaction data for compliance review

Before starting, confirm: "Submit alert [alert_id] for MOVA L1 triage?"

If details are missing — ask once for: alert ID, rule ID, risk score, customer ID, customer jurisdiction, triggered transactions.

Step 1 — Submit alert

Call tool mova_hitl_start_aml with:

• - alert_id, rule_id, rule_description, INLINECODE6
• INLINECODE7, customer_name, customer_risk_rating (low/medium/high), customer_type (individual/business), customer_jurisdiction (ISO country code)
• INLINECODE12: array of INLINECODE13
• INLINECODE14: boolean, sanctions_match: boolean
• INLINECODE16: optional array of prior alert IDs

Step 2 — Show analysis and decision options

If status = "waiting_human" — show AI triage summary and ask to choose:

• - clear — Clear as false positive
• escalatel2 — Escalate to L2 analyst
• immediateescalate — Immediate escalation — freeze account

Show recommended option if present (mark ← RECOMMENDED).

Call tool mova_hitl_decide with:

• - contract_id: from the response above (NOT the alert ID)
• INLINECODE21: chosen decision
• INLINECODE22: analyst reasoning

Step 3 — Show audit receipt

Call tool mova_hitl_audit with contract_id.
Call tool mova_hitl_audit_compact with contract_id for the full signed event chain.

Connect your real AML systems

By default MOVA uses a sandbox mock. To route checks against your live infrastructure, call mova_list_connectors with keyword: "aml".

Relevant connectors:

Connector ID	What it covers
INLINECODE29	PEP & sanctions screening (OFAC, EU, UN)
INLINECODE30

Transaction history from core banking |
| connector.policy.aml_rules_v1 | AML rule engine / typology rules |
| connector.risk.jurisdiction_v1 | Country FATF risk classification |

Call mova_register_connector with connector_id, endpoint, optional auth_header and auth_value.

Rules

• - NEVER make HTTP requests manually
• NEVER invent or simulate results — if a tool call fails, show the exact error
• Use MOVA plugin tools directly — do NOT use exec or shell
• CONTRACTID comes from the movahitlstartaml response, not from the alert ID