After an alert gets triggered and falls into an agent's queue, it is time to investigate and resolve it.
- The first steps of the alert investigation follow the same procedure. Head over to your Alerts page and go to the My Alerts tab:
- Select the alert you want to investigate.
- Select Go to Alert Page ->
- From the Alert pane, investigate the alert.
Possible steps in the investigation process include:
Review flagged entities-- this is the time to decide if the flagged entities are fraudulent or not. You can also whitelist entities from the rule if needed.
View prior activity-- these are alerts that were either triggered by the same rule at another time or other rules that triggered the flagged entities. They may be of relevance to your investigation, especially if an entity has been flagged numerous times. This also includes prior Case and SARs associated with the entities.
Review flagged transactions-- these are the transactions that specifically triggered the mode (rule) logic.
Follow the investigation checklist-- this is a customizable list of steps that agents must follow before alerts can be resolved/escalated.
Review the network analysis-- presents potential PII overlaps and issues with the flagged entities in the alert.
Add documents-- you can add relevant documents such as IDs, contracts, and more in this tab.
Fill out narratives-- are required texts that are typically templates that organizations fill out for all alerts.
Add notes-- are small messages that can be passed between agents or information added during the alert review process.
Review the audit trail-- this is a list of all agent actions recorded for audit purposes.
View custom data -- this is the custom data associated with the transactions, instrument and entities.