02.0 Kor.ai Bayesian Risk Engine - ravkorsurv/kor-ai-core GitHub Wiki

Kor.ai Bayesian Risk Engine β€” Full Design Blueprint

1. Core Model Structure

Shared foundational nodes used across all risk types:

  • Trader_Intent_Likelihood
  • Trade_Anomaly_Detected
  • News_Sentiment_Relevance
  • Price_Sensitive_Info_Seen
  • Comms_Indicative_Language
  • PnL_Anomaly_Pattern
  • Trade_Cluster_Abnormality
  • Market_Impact_Metric
  • Order_Lifecycle_Manipulation

These nodes serve as building blocks and allow for composability between models.

2. Risk Type-Specific Node Sets

2.1 Insider Dealing

  • PreEvent_Positions_Accumulated
  • Unexplained_PreAnnouncement_Trades
  • Private_Info_Accessed
  • Behavior_Change_Prior_Event
  • Communication_Matching_Event
  • HR_Access_Role_Change
  • Event_Relevance_To_Position
  • FrontRunning_Pattern

2.2 Spoofing

  • Quote_Layering_Pattern
  • Order_Cancel_Ratio
  • Best_Bid_Ask_Spoof_Signal
  • Quote_Depth_Skew
  • Price_Reversion_Post_Cancel
  • Time_Interval_Quote_Lift
  • Trade_Follow_Intent

2.3 Wash Trading

  • Matched_Counterparty_Pairs
  • Short_Term_Roundtrip_Detection
  • Same_Beneficial_Owner
  • Intentional_No_Economic_Change
  • Linked_Accounts_Trade_Matching
  • BackToBack_Timestamp_Signal

Each risk type can extend or override shared components as needed.

3. Composability via Submodules

Node submodules that can be composed across risk types:

Market Context Module

  • Market_Volatility_Spike
  • News_Relevance
  • Unusual_Volume

Comms Module

  • Keywords_Indicative_Of_Collusion
  • Frequency_Increase
  • Message_Timing_To_Event

Trade Pattern Module

  • Anomalous_Timeslice_Behavior
  • Trade_Reversal_Pattern

Submodules enable modular BN design and promote reuse across risk types.

4. Scoring and Inference

Scoring Logic:

  • The risk score is inferred as P(Risk=True | Evidence)
  • Scores are binned into: Low, Medium, High, Critical

Each node includes:

  • Prior probability (default belief)
  • Conditional Probability Table (CPT)
  • Dependencies on parent nodes

Model outputs include:

  • Activated nodes
  • Probability path explanation
  • Backward inference (abduction) for β€œwhat caused this alert?”

5. Explainability Layer

Outputs for each alert:

  • Human-readable case notes (AI-generated)
  • Explanation of activated nodes
  • Mapping of raw inputs β†’ BN evidence
  • Rationale for risk score
  • Node graph snapshot (optional for UI)

This ensures regulatory transparency and supports STOR decisioning.

6. Future Extensions – Pluggable Nodes

See: [11.7 Future Extensions – Kor.ai Bayesian Risk Engine](https://github.com/ravkorsurv/kor-ai-core/wiki/11.7-Future-Extensions-%E2%80%93-Kor.ai-Bayesian-Risk-Engine)

Optional plug-in nodes:

  • Historical_STOR_Lookalike β€” pattern match to prior alerts
  • KYC_Risk_Overlay β€” firm-wide KYC score
  • Voice_Trade_Sentiment β€” NLP of voice channels
  • Case_Escalation_Heatmap β€” downstream review metadata
  • Peer_Behavior_Deviation β€” peer clusters, drift detection
  • Macro_Event_Correlation β€” correlates to global events (e.g., OPEC)

Extensions are modular and attachable to core models without affecting stability.

7. Model Architecture and File Structure

BN Component JSONs

  • Located under: bayesian-models/components/

Model-level JSONs (CPTs and relationships)

  • Located under: bayesian-models/models/

Payload examples

  • Located under: bayesian-models/payloads/

Structure:

bayesian-models/
β”œβ”€β”€ components/
β”‚   β”œβ”€β”€ Shared/
β”‚   β”œβ”€β”€ InsiderDealing/
β”‚   β”œβ”€β”€ Spoofing/
β”‚   β”œβ”€β”€ WashTrading/
β”œβ”€β”€ models/
β”‚   β”œβ”€β”€ InsiderDealingModel.json
β”‚   β”œβ”€β”€ SpoofingModel.json
β”œβ”€β”€ payloads/
β”‚   β”œβ”€β”€ insider_case_medium.json
β”‚   β”œβ”€β”€ spoofing_case_high.json

8. Deployment and Runtime

  • Supports both Agena Cloud API and pgmpy-based local inference
  • Node obfuscation enabled via mapping dictionary
  • ETL layer converts raw surveillance data into BN payloads
  • Alerting engine processes output score + explanation

All models are versioned and test cases maintained in the test suite.

9. Governance and Version Control

  • Each risk model has a semantic version (v1.0.0, v1.1.0, etc.)
  • CPTs reviewed quarterly by product owner + model lead
  • All changes linked to Jira change ticket or STOR control request
  • Model rationale, evidence rules, and scoring logic are audited

Let me know once you've pasted it in β€” I can link it to your TOC or suggest where in the wiki it fits best.