Risk engine
A RiskStrategy turns the finished VerificationReport (hard facts) into an advisory
RiskAssessment. The rule-based default ships in core; the AI strategy is an
optional drop-in behind the same interface.
interface RiskStrategy
{
public function assess(Counterparty $counterparty, VerificationReport $report): RiskAssessment;
}
The rule-based default
RuleBasedRiskStrategy is composed of small, pure RiskRules. The overall score is the
strongest single signal (escalation, not summation, so unrelated minor findings cannot
inflate one another), and human review is required on:
- any adverse signal, or
- any inconclusive check, or
- a score at/above the configured
reviewThreshold.
$strategy = RuleBasedRiskStrategy::withDefaultRules(reviewThreshold: 0.5);
Bundled rules:
| Rule | Fires on | Effect |
|---|---|---|
SanctionsHitRule |
adverse sanctions result |
weight 1.0, adverse -> Critical |
VatStatusRule |
failed White List / VIES | weight 0.6 |
BankAccountMismatchRule |
raw['bankAccountAssigned'] === false |
weight 0.7, adverse |
InconclusiveCoverageRule |
any inconclusive result | weight 0.2, forces review |
In this section
- Custom rules - add your own signals without subclassing.
- Country-specific scoring - score DE differently from PL.
- Custom strategy - replace the engine entirely (scorecard, ML, …).