Campaigns & Governance

To effectively manage fraud intelligence, we need to look at the world through two different lenses at the same time: the Tactical view and the Strategic view.

This system is designed with two distinct tools to handle these needs: Active Campaigns and the Governance Taxonomy. This guide explains how they function and why linking them creates a more powerful intelligence workflow.

1. Active Campaigns (The Tactical View)

• Target Audience: Analysts, Investigators, AI Models

• Speed: Fast (Weekly / Daily changes)

Fraud evolves rapidly. Scammers change their scripts, switch payment methods (e.g., specific crypto wallets), and invent new hooks (e.g., "Pig Butchering").

An Active Campaign is a flexible, immediate "filter" that you define to catch these specific threats. It uses detailed technical signals—like specific "Intent" or "Technique" tags generated by our AI—to group cases together.

• Example: "Crypto-Romance Winter 2025"

• Goal: Detect and stop a specific wave of attacks happening now.

2. Governance Taxonomy (The Strategic View)

• Target Audience: Executives, Policy Teams, Auditors

• Speed: Stable (Quarterly / Annual updates)

While tactics change, the fundamental nature of the crime—and the policy needed to address it—remains stable. Is it Human Trafficking? Is it Financial Fraud? Policies and reporting structures rely on these stable categories to track trends over years, not days.

The Governance Taxonomy is a fixed hierarchical tree of high-level categories used for long-term reporting and compliance metrics.

• Example: "Financial Facilitation" or "Human Trafficking > Labor Exploitation"

• Goal: Consistent reporting and policy alignment over time.

3. Linking Them Together

The true power of the system comes when you link these two concepts. When creating a Campaign, you can associate it with a Governance Category.

This creates a "Golden Thread" that connects daily operations to high-level strategy:

1. Automation: You focus on the complex, messy work of detecting specific threats (the Campaign). The system automatically "credits" those detections to the correct high-level bucket (the Taxonomy).

2. Agility: You can change your detection rules every day to keep up with scammers without breaking the quarterly reports that leadership relies on.

3. Clarity: Everyone speaks the same language. The specific technical wins mapped by Analysts automatically feed the correct strategic metrics viewed by Executives.

How to use it

When configuring a Campaign in the Analyst Console:

1. Browse campaigns: The Campaigns page shows a card grid with campaign name, description, and linked governance taxonomy IDs.

2. Create a campaign: Click New Campaign, enter the Name and Description.

3. Governance Assignment: The taxonomy selector is displayed but currently disabled pending the multi-axis taxonomy UI update. Once enabled, you will select high-level governance categories to link tactical detections to strategic reporting.

4. Save: Your campaign is now live and visible in the campaign list.

Threat Campaign Intelligence (Sprint 3)

In addition to manually created campaigns, the platform now auto-detects Threat Campaigns by clustering cases that share entity overlaps. These are surfaced on the Intelligence → Campaigns page alongside manually governed campaigns.

Key differences between governance campaigns and threat campaigns:

See Threat Campaigns for the full campaign intelligence user guide.