Marble

The open-source, self-hostable fraud detection and AML compliance engine that gives fintechs full control over their detection rules, data, and investigations.

550stars
84forks
Custom / Unknown
HTML

Marble is a real-time decision engine for fraud prevention and anti-money laundering (AML) compliance, designed for fintechs, banks, crypto exchanges, and payment platforms that need transparent, flexible, and data-sovereign compliance tooling. Unlike closed-box platforms from Feedzai, Actimize, or ComplyAdvantage, Marble exposes every rule, threshold, and data model to the compliance team — no black boxes, no vendor lock-in on your own data.

At its core, Marble lets teams define a custom data schema that mirrors their existing data warehouse — whether that means wallet addresses for crypto, SWIFT transactions for banks, or card purchases for embedded finance. Detection rules are built through a no-code rule editor that draws on this live schema, and decisions are computed in real time as transactions arrive via API. Screening against global sanctions, PEP, and adverse media lists is powered by OpenSanctions data, fully self-hostable using Yente and Motiva.

The investigation workflow brings alerts, case history, customer timelines, and context data together in a unified case manager. AI assistance accelerates level-1 review by auto-generating risk assessments and case summaries. Embedded analytics track detection program performance, and raw data is available via direct database access for any BI tool.

Marble supports both self-hosted deployment on any infrastructure and a managed SaaS option. The open-source core includes transaction monitoring, sanctions screening, case management, and API ingestion. Enterprise features — including SSO, IP whitelisting, advanced audit logs, AI case review, analytics, and the license key system — require a commercial license from Checkmarble.

What You Get

  • No-Code Rule Builder - Define detection rules using a visual editor that understands your custom data model — no SQL or code required, and rules deploy in minutes rather than weeks.
  • Real-Time Transaction Monitoring - Evaluate every transaction against your rule set at ingestion time via REST API, with decisions returned synchronously for blocking workflows or asynchronously for alert queues.
  • Sanctions & PEP Screening - Screen customers, counterparties, and payments against OpenSanctions-sourced global watchlists with fuzzy matching, continuously updated multiple times daily.
  • Continuous Monitoring - Automatically re-screen your entire customer base whenever watchlists update, surfacing new matches without manual intervention or batch job management.
  • Unified Case Manager - Investigate alerts in a single workspace with case annotation, document uploads, customer timelines, rule evaluation details, and team inbox management with configurable RBAC.
  • AI-Assisted Investigations - Get automated level-1 case risk assessments (escalate / investigate / likely false positive) and AI-generated case summaries to accelerate analyst triage.
  • Embedded Analytics & BI Access - Monitor detection program performance through built-in dashboards and connect your BI tools (Power BI, Tableau, Metabase) directly to the underlying Parquet data via blob storage.
  • Audit Trail - Maintain immutable, searchable logs of all scenario publications, custom list changes, case actions, and user activities to satisfy regulatory audit requirements.
  • Enterprise Governance - Role-based access control with an Analyst role (case-only access) and an Admin role, SSO via OpenID Connect, IP whitelisting, and SOC 2 Type II certification.

Common Use Cases

  • Crypto exchange building its first AML program - A fast-growing exchange ingests wallet transactions and on-chain data into Marble’s custom schema, creates rules for high-velocity transfers and darknet address matches, and screens all users against OFAC and EU consolidated lists — entirely on-premise so no transaction data leaves the exchange’s infrastructure.
  • BaaS platform managing compliance for embedded fintech clients - A Banking-as-a-Service provider like Treezor runs Marble as the shared AML layer across hundreds of embedded fintech clients, with per-client rule sets and isolated case manager inboxes, replacing a brittle in-house system that couldn’t keep up with client growth.
  • Payment card issuer with a non-standard risk profile - A neobank for teenagers or a corporate expense card platform needs rules that account for parental controls, spend categories, and merchant-level context — data points that off-the-shelf AML tools can’t ingest without expensive ETL work. Marble’s flexible schema handles it natively.
  • Regulated fintech seeking regulatory audit readiness - A licensed payment institution configures Marble’s immutable audit logs and scenario versioning to demonstrate to regulators that detection rules are documented, change-controlled, and have a clear approval trail — capabilities that are otherwise custom-built or missing in legacy platforms.
  • Compliance team automating manual screening queues - An AML team spending hours daily on manual SWIFT screening switches to Marble’s continuous monitoring, which automatically re-screens the full customer book on each watchlist update and only surfaces new matches as alerts, cutting the manual workload by over 80%.

Under The Hood

Architecture

Marble is organized as a three-tier service architecture: a Go REST API handling all synchronous business logic and decision computation, a Go background worker executing scheduled jobs (sanctions re-screening, CSV batch ingestion, data offloading), and a TypeScript/Remix frontend acting as the user-facing web application. The three services are loosely coupled — the worker and API both read from and write to PostgreSQL, using a PostgreSQL-backed job queue (riverqueue) to coordinate work without a separate message broker. The API applies a layered internal architecture with HTTP handlers delegating to use-case services that depend on repository interfaces, giving Go’s interface system to invert dependencies cleanly. The central architectural innovation is the tenant-configurable schema: each organization defines its own table structure through the UI, and the rule engine evaluates rules dynamically against those runtime-defined schemas stored in PostgreSQL, enabling radically different customer data models to coexist on the same infrastructure.

Tech Stack

The backend is written in Go with Gin as the HTTP framework, using pgx and sqlc-generated type-safe queries against PostgreSQL 16 (with the PostGIS extension for geographic data). Job scheduling runs through riverqueue, a PostgreSQL-native job queue that eliminates the need for a separate message broker. Redis provides distributed caching and session state. Authentication is handled via Firebase Auth with JWT verification, supporting both email/password and OAuth sign-in through Google and Microsoft. Sanctions screening integrates Yente (OpenSanctions’ indexing engine) and Motiva (open-source high-performance screening engine) backed by Elasticsearch 9.x. Blob storage (for CSV ingestion, case documents, and analytics Parquet exports) is abstracted to support GCS, S3, Azure Blob, and any S3-compatible provider. The frontend is TypeScript with Remix, deployed as a Node.js server. Observability uses Sentry for error tracking and Segment for product analytics.

Code Quality

The project demonstrates mature engineering discipline for a ~2-year-old open-source product. The use of sqlc for database access eliminates runtime SQL errors through compile-time query validation — a deliberate choice that trades flexibility for correctness. The release cadence is aggressive: 79+ tagged releases averaging more than one per week since launch, with a documented version support policy for PostgreSQL, Elasticsearch, and Motiva. The CONTRIBUTING guide, CLA process, and active Slack community signal a well-organized open-source operation. Comprehensive installation documentation covers quick start, production deployment (baremetal and container), data offloading, Firebase setup, and version upgrade paths, reflecting extensive investment in operator experience. The separation of backend and frontend into independent repositories with their own release cycles allows each to be versioned, tested, and deployed independently.

What Makes It Unique

Marble’s most defensible technical distinction is its no-code, tenant-configurable data model. Rather than requiring customers to ETL their transaction data into a fixed canonical schema, Marble allows each tenant to define arbitrary table structures and relationships through the UI — and the rule engine evaluates rules against those live schemas at decision time. This means a crypto exchange’s wallet topology and a card issuer’s merchant category codes are first-class citizens of the rule language, not afterthoughts bolted onto a normalized intermediate format. Combined with the fully self-hostable sanctions screening stack (OpenSanctions data + Yente + Motiva + Elasticsearch, all deployable via Docker Compose), Marble is arguably the only platform where a fintech can run a production-grade, continuously updating sanctions screening program entirely within their own infrastructure — no data sent to third-party screening APIs.

Self-Hosting

Marble is released under the Elastic License 2.0 (ELv2), which is a source-available license rather than an OSI-approved open-source license. The practical implication is significant for self-hosters: you can run Marble internally for your own organization’s compliance operations, modify the source, and distribute modified versions internally. However, you may not offer Marble as a hosted or managed service to third parties — meaning SaaS providers or system integrators cannot build a Marble-powered product they charge customers to access. The license also prohibits circumventing or removing the license key functionality, which gates certain Enterprise features.

Operationally, self-hosting Marble requires meaningful infrastructure expertise. A production deployment needs a managed PostgreSQL 16+ database with the PostGIS extension, a Firebase project for authentication, Redis for caching, a blob storage bucket (GCS, S3, Azure, or S3-compatible) for case documents and data offloading, and — if sanctions screening is needed — an Elasticsearch 9.x cluster plus the Yente and Motiva services. Checkmarble explicitly recommends against using the bundled Docker Compose postgres image in production and suggests managed database services. Teams must manage their own uptime, backups, PostgreSQL vacuuming, and upgrades following Checkmarble’s version support policy. The roughly weekly release cadence means upgrade planning is a recurring operational task.

The free, self-hosted tier covers core transaction monitoring, the no-code rule builder, manual and batch ingestion, the case manager, and sanctions screening. The commercial license adds AI case review, integrated analytics (Metabase-powered dashboards), SSO via OpenID Connect, IP whitelisting, advanced audit log access, custom branding, and direct support from the Checkmarble team. Checkmarble also offers a fully managed SaaS deployment for teams that prefer not to run the infrastructure. The trade-off versus managed alternatives is the standard self-hosting bargain: you get data sovereignty and no per-seat SaaS markup, at the cost of infrastructure ownership and no SLA-backed support unless on a paid commercial agreement.

Join founders buildingwith open source

Opinionated takes, migration guides, cost-saving tips, and insights from the open source ecosystem.

Subscribe on Substack

No spam. Unsubscribe anytime.

Join 750+ subscribers
No spam. Unsubscribe anytime.

Search