A risk flag is a structured indicator in an Evidence Pack that identifies a discrepancy, anomaly, or data point requiring attention. Risk flags are surfaced from source checks and included in the Evidence Pack at both the source-check level and the pack level.
What triggers a risk flag
Risk flags are raised when source data contains something that does not match an expected pattern, contradicts another source, or falls outside normal parameters. Examples include:
- An active security interest on an asset the counterparty claims is unencumbered
- An ABN that is registered but the GST registration has lapsed
- A trading name on an invoice that does not match the ABN holder on the ABR
- An AFSA insolvency record on a director of the counterparty entity
- A mismatch between the ACN on a PPSR search and the ACN on the ABR record
What a risk flag contains
- Flag type: the category of discrepancy (for example, encumbrance, identity mismatch, status change)
- Severity: an indication of how significant the flag is, from informational to critical
- Source: which source check raised the flag
- Description: a plain-language explanation of what was found
- Timestamp: when the underlying source check ran
Why agents need this
Agents need structured risk indicators to decide what to do next. An agent that receives an unstructured narrative description of a source result has to parse it to extract actionable information. A structured risk flag tells the agent exactly what was found, how significant it is, and which source it came from, so the agent can route appropriately: continue, escalate to a human reviewer, or block the workflow.
Risk flags also give agents a way to explain their decisions. An agent escalating a transaction to a human reviewer can reference specific risk flags rather than summarising a narrative. Cited, not inferred.
How Hoist uses this
Risk flags appear in the riskFlags field of an Evidence Pack and within individual source check results. Flags are structured so agents can filter, sort, and route on them without parsing free text. At S1-gate, risk flags are included in fixture-backed Evidence Packs so agent workflows can be tested against realistic flag patterns before live source data is available at S2-gate.
What Hoist does not infer
A risk flag is not a verdict. It does not mean a transaction is unsafe, fraudulent, or should be declined. A security interest on an asset may be expected and disclosed. An ABN with a lapsed GST registration may be operating a GST-exempt activity. Hoist surfaces the flag; the agent, the operator, and the human reviewer determine what it means for a given transaction. For flags that cannot be resolved from source data alone, the Evidence Pack includes a human review item.
Related terms
- Evidence Pack: the bundle that contains all risk flags from a verification request.
- Source check: the individual verification step that generates a risk flag.
- Human review item: an action required when a risk flag cannot be resolved from source data alone.
- PPSR: source of encumbrance-related risk flags.
- NPII: AFSA insolvency index; source of insolvency-related risk flags.
- ABN: business identifier whose status can generate risk flags on mismatch or lapse.
- AFSA: authority whose search certificates underpin PPSR-related risk flags.