This rule is designed to detect instances in which a recipient declines to sign a DocuSign envelope. While recipient declines can be an everyday occurrence in legitimate business processes, the rule highlights the potential for identifying patterns of unusual behavior that could indicate issues with document validity, concerns regarding the authenticity of the documents, or even attempts at fraud. The rule monitors events from DocuSign's Connect API and triggers upon receiving a 'recipient-declined' event. It adds an essential layer of vigilance by encouraging users to track not only the frequency of such declines, but also to scrutinize the circumstances around them. Moreover, the rule provides a set of investigative steps—referred to as a runbook—for analysts to follow after a decline event is detected, enabling a structured approach to assess the situation and, if necessary, mitigate potential risks associated with these declines.