The core function
A risk intelligence system performs one function that no other tool in multifamily operations provides: it connects operational signals across systems and time to detect where liability is forming before it produces consequences.
This is different from what property management systems do. A PMS routes work orders and tracks completions. A risk intelligence system asks what the pattern of those work orders means when viewed across months, buildings, and complaint types.
It is also different from what reporting tools do. A reporting tool tells you how many maintenance tickets were closed last month. A risk intelligence system tells you that three of those closed tickets are connected to the same underlying condition, that a resident also filed a public review about the same issue, and that the pattern matches an exposure category that has produced claims in similar properties.
The HeyNeighbor risk intelligence engine operates through six distinct layers, each building on the previous one.
Layer 1: Signal capture
The first layer records operational risk signals from every available source: maintenance requests, resident complaints, inspection findings, incident reports, public reviews, and governance records.
Each signal is timestamped, categorized, and preserved with its full context. This is the critical difference from ticketing systems, which mark tasks as resolved and effectively archive the underlying signal. In a risk intelligence system, the signal persists regardless of whether the associated task was completed.
A maintenance request for a leaking pipe gets resolved in the PMS. In the intelligence system, the signal remains: water intrusion was reported at this location on this date. That signal will still be visible if a related condition appears weeks or months later.
Layer 2: Cross-system correlation
The second layer connects signals that arrived through different systems but relate to the same underlying condition.
In typical multifamily operations, a maintenance request lives in the PMS, a resident complaint lives in email or a portal, a public review lives on Google, and an inspection finding lives in a compliance tool. These systems do not talk to each other. The operator sees four separate items in four separate places.
Cross-system correlation identifies that these four items share a common thread: location, timing, condition type, or affected area. The correlation does not require the signals to use the same language or arrive through the same channel. It identifies structural relationships between signals that would otherwise remain invisible.
Layer 3: Pattern recognition
The third layer identifies when correlated signals form a pattern that indicates sustained or escalating exposure.
A pattern is not simply multiple signals about the same topic. It is a structural assessment of how isolated conditions are becoming repeated exposure. Pattern recognition evaluates recurrence frequency, geographic concentration, severity trajectory, and cross-system spread.
For example, three water-related signals at the same building over sixty days, arriving through maintenance, inspection, and public review channels, constitute a pattern. The same three signals spread across three different buildings over six months may not. Pattern recognition distinguishes between coincidence and convergence.
This is where the system moves from data management to intelligence. For more on how signals become patterns, see how risk signals evolve over time.
Layer 4: Threshold evaluation
The fourth layer determines when a recognized pattern crosses the threshold from notable to actionable.
Not every pattern requires leadership attention. Threshold evaluation measures each pattern against criteria that indicate real exposure: signal count, recurrence rate, severity escalation, cross-system presence, and historical precedent.
When a pattern crosses threshold, it means the system has determined that the convergence of signals represents a condition that is likely to produce consequences if not addressed. This is the trigger for escalation.
Threshold evaluation prevents two failure modes. It prevents alert fatigue by filtering out patterns that are forming but have not reached a level that warrants leadership action. And it prevents missed escalation by ensuring that patterns which have reached that level are surfaced regardless of whether anyone on the ground recognized them.
Layer 5: Leadership escalation
The fifth layer delivers a structured escalation to leadership with the full supporting record attached.
This is not a notification. It is a complete package: the identified pattern, the individual signals that compose it, the timeline of formation, the systems involved, the severity assessment, and the recommended review priority.
Leadership receives this escalation without any manual handoff. No site manager had to decide to flag it. No regional director had to ask for a report. The system identified the pattern, evaluated the threshold, and delivered the escalation directly.
This removes the dependency on individual judgment for risk visibility. The system does not replace human decision-making about how to respond. It ensures that the decision-makers have the information they need, when they need it. See how it works for a visual walkthrough of this process.
Layer 6: Continuous memory
The sixth layer preserves the full history of signals, patterns, and escalations over time.
This is the layer that most distinguishes risk intelligence from operational tools. In a PMS, history is effectively lost when tickets close. Staff turnover further erodes institutional memory. A new property manager inherits a building with no visibility into what signals have been recorded over the past year.
Continuous memory ensures that the intelligence system retains everything. A signal recorded in January is still visible and connectable in September. A pattern that was escalated in Q1 can be compared to conditions forming in Q3. Leadership has a persistent, cumulative view of risk across the portfolio.
This continuity is what makes pre-incident risk intelligence possible. Without memory, every day starts from zero. With it, patterns that form over months or years remain visible.
Common Questions
How long does it take for a risk intelligence system to start detecting patterns?
Pattern detection begins as soon as signals are captured. The system can identify patterns from historical data during onboarding and from new signals as they arrive. The depth of pattern recognition improves as more signal history accumulates.
Does a risk intelligence system generate false positives?
Threshold evaluation is specifically designed to minimize false positives. Patterns must meet multiple criteria before triggering an escalation: signal count, recurrence, severity, and cross-system presence. This filtering ensures leadership attention is directed to conditions that represent real forming exposure.
Can a risk intelligence system work with existing property management software?
Yes. Risk intelligence systems are designed to sit above existing operational tools. They ingest signals from property management systems, maintenance platforms, inspection tools, and review sources without requiring changes to existing workflows.