AML / Financial Crime Runbook (OpsCrux + WatchCrux)

This runbook describes how CueCrux detects and reviews potential financial‑crime abuse related to CRUX redemptions and contribution rewards. It aligns with Terms 9A/9B and the Economy “Redemption & Guardrails”.

1) Scope and Roles

  • OpsCrux: Case management, KYC/KYB reviews, payout approvals, holds/clawbacks, SAR/STR decisions.
  • WatchCrux: Continuous alerting on AML signals; receipts replay; evidence capture and audit trail.
  • WebCrux: User comms (holds/requests), UI banners, and identity submission flows.

2) Triggers (WatchCrux AML Flags)

  • Velocity anomalies (earn→redeem cycles, high payout frequency/amount).
  • Circular reuse graphs (dense subgraphs of mutual citations across accounts).
  • Multi‑account indicators (shared IPs/devices, overlapping telemetry).
  • Excessive same‑domain citations (gaming domain diversity).
  • Payout anomalies (beneficiary mismatch, high‑risk geos, new accounts).
  • KYC/KYB gaps or expired documents.

3) First‑Time Payouts

  • Enforce a 7–14 day hold post‑request.
  • Require KYC (individual) or KYB (organisation) including beneficial owners; verify payout account ownership.
  • Sanctions/PEP screening; auto‑deny on hits pending manual review.
  • Confirm source‑of‑CRUX via receipts replay (verified contributions only).

4) Rolling Limits

  • Base limits by plan (Starter/Pro/Team/Enterprise) and Trust Score bands.
  • Example policy (illustrative):
    • Starter: £/Crux equivalent cap N per 30 days; 1 payout per 14 days.
    • Pro: cap 2N per 30 days; 1 payout per 7 days.
    • Team: pooled caps with per‑user sub‑limits; 3 payouts per 7 days.
    • Enterprise: contract‑defined; custom alerts.
  • Escalate on spikes >2× rolling mean or on cross‑border payouts without prior approval.

5) Case Workflow (OpsCrux)

  1. Case opened with alert context (graph snapshots, receipts, telemetry).
  2. Identity/business verification checked; missing items requested via WebCrux.
  3. WatchCrux replays referenced receipts; results attached to case.
  4. Decision options: Approve, Approve with reduced amount, Hold (T+7), Deny + Clawback, Close as false positive.
  5. User notified with explanation where permissible.
  6. All actions logged with immutable receipts; metrics exported.

6) Clawbacks & Freezes

  • Initiate clawback for fraud, chargebacks, or misrepresentation; freeze remaining CRUX.
  • Suspend non‑critical features or connector access if abuse is confirmed.
  • Notify Compliance; file SAR/STR where required.

7) Records & Retention

  • KYC/KYB, payout verification, alerts, and decisions retained up to 5 years (see Privacy “AML & KYC Retention”).
  • Access limited to vetted staff; all access audited.

8) Review & Tuning

  • Quarterly tuning of thresholds, Trust Score effects, and WatchCrux feature selection.
  • Post‑incident reviews for all confirmed cases; update this runbook accordingly.

For users: redemption is available only for CRUX earned from verified contributions. Subscriptions/promotions do not cash out. Holds and checks protect the community and the solvency of the CRUX economy.

Table of Contents