Risk-gate engine · illustrative
Live Engine
The R = w × c risk gate deciding field-level access to dormant-account PII: admit, redact, or block before any query is built.
illustrative · not live
CRDB BANK · TANZANIA
BOT Dormant Accounts
Demo data · illustrative only
▲
Illustrative scenario · demo data only
Illustrative for the Banking / AML lens. These decisions show how the R = w × c risk gate evaluates access to dormant and segregated account PII. The engine runs live on Postgres for the Transit MRO scenario; the CRDB scenario is not yet wired to live seeded data.
Request Interception Layer · Dormant-account PII access · R = w × c
1 admit · 1 redact · 2 block
| Request | Decision | R / T | Returned | Why |
|---|---|---|---|---|
| Read basic account status on a dormant account | admit | 4 / 10 | [{"status":"segregated"}] | admitted |
| Read balance + last-known-address on a segregated account | redact | 8 / 10 | [{"balance":"TZS ····"}] | restricted aggregation: balance + address; address redacted, balance returned |
| Read device geolocation + balance on a segregated account | block | 12 / 10 | — no SQL run | restricted aggregation: geo-metadata + balance; R = 12 > T = 10 |
| Bulk read of balances across 500+ dormant accounts in a short window | block | 16 / 10 | — no SQL run | bulk read across 500+ accounts; R = 16 > T = 10 — bulk-exfiltration guardrail |
A blocked request never reaches SQL — the gate decides before any query is built. Redaction drops the field by projection. Every decision is reproducible and machine-readable.