Alert Management
Manage AML monitoring alerts efficiently with investigation workflows, escalation procedures, and compliance documentation.
AML Alert Management
Efficiently manage, investigate, and resolve AML monitoring alerts to maintain compliance while minimising false positives and operational overhead.
Alert Lifecycle
New Alert → Investigation → Decision → Resolution → Documentation1. New Alert
Alert generated when monitoring detects changes:
- Added to sanctions list
- New PEP designation
- Adverse media coverage
- Risk status change
2. Investigation
Compliance team reviews alert:
- Verify it's the correct person
- Read source material
- Assess severity
- Gather additional evidence
3. Decision
Determine appropriate action:
- True Positive → Remedial action
- False Positive → Dismiss with reason
- Uncertain → Escalate
4. Resolution
Execute the decision:
- Freeze account
- Exit customer
- Enhanced monitoring
- Document and continue
5. Documentation
Maintain audit trail:
- Investigation notes
- Evidence collected
- Decision reasoning
- Actions taken
Alert Types
Sanctions Alerts
Trigger: Applicant added to or matches sanctions list
Severity: CRITICAL
Example:
{
"alertId": "alert_abc123",
"type": "sanctions",
"severity": "critical",
"applicantId": "app_xyz789",
"applicantName": "John Smith",
"match": {
"source": "OFAC SDN",
"name": "John Michael Smith",
"dateAdded": "2024-01-15",
"reason": "Drug trafficking",
"program": "SDNTK (Narcotics)",
"matchScore": 96
},
"actionRequired": "Immediate review and asset freeze"
}Immediate Actions:
- Freeze all assets - Do not process any transactions
- Block new activity - Prevent account access
- Notify legal/compliance - Escalate immediately
- File regulatory report - Submit to OFAC/FCA/etc. within 24 hours
- Document everything - Complete audit trail
Legal Obligation
Processing transactions for sanctioned individuals is a criminal offence. You must freeze assets immediately upon detection, even before full investigation.
PEP Status Changes
Trigger: Individual appointed to or removed from PEP position
Severity: MEDIUM-HIGH
New PEP Designation:
{
"alertId": "alert_def456",
"type": "pep_new",
"severity": "high",
"applicantName": "Jane Doe",
"change": {
"previous": "Private citizen",
"current": "Minister of Finance",
"country": "Example Country",
"dateAppointed": "2024-01-10",
"pepType": "foreign",
"riskLevel": "high"
},
"actionRequired": "Enhanced due diligence required"
}Required Actions:
- Source of wealth check - Document how PEP accumulated wealth
- Purpose of relationship - Why are they using your service?
- Transaction monitoring - Enhanced scrutiny of all transactions
- Senior approval - C-level sign-off to continue relationship
- Increased monitoring frequency - Weekly or daily checks
Former PEP:
{
"alertId": "alert_ghi789",
"type": "pep_former",
"severity": "medium",
"change": {
"previous": "Government Minister",
"current": "Former Minister (retired 2023-12-15)",
"pepStatus": "former",
"cooldownPeriod": "3 years remaining"
},
"actionRequired": "Continue enhanced monitoring for 3 years"
}Adverse Media Alerts
Trigger: New negative news coverage appears
Severity: MEDIUM (varies by topic)
{
"alertId": "alert_jkl012",
"type": "adverse_media",
"severity": "high",
"applicantName": "Robert Johnson",
"article": {
"title": "Former CEO Charged with Fraud",
"source": "Financial Times",
"date": "2024-01-12",
"url": "https://ft.com/article/...",
"excerpt": "Robert Johnson, 52, has been charged with wire fraud...",
"topics": ["fraud", "securities_violation"],
"relevanceScore": 92
},
"actionRequired": "Investigate and assess risk"
}Investigation Steps:
- Read full article - Understand complete context
- Verify identity - Confirm it's the same person (DOB, location, occupation)
- Cross-reference sources - Check multiple news outlets
- Assess severity - Indictment vs. conviction vs. investigation
- Determine impact - How does this affect risk profile?
Alert Dashboard
Alert Summary View
GET /api/v3/aml/alerts
{
"summary": {
"total": 47,
"critical": 2, // Sanctions
"high": 12, // PEP changes, high-relevance adverse media
"medium": 28, // Lower relevance adverse media, former PEP
"low": 5, // Tangential mentions
"unresolved": 19,
"overdue": 3 // Past SLA
},
"alerts": [
{
"id": "alert_abc123",
"type": "sanctions",
"severity": "critical",
"applicant": "John Smith",
"created": "2024-01-15T10:30:00Z",
"status": "new",
"assignedTo": null,
"sla": "24 hours",
"overdue": false
}
// ... more alerts
]
}Filtering and Search
GET /api/v3/aml/alerts?severity=critical&status=new&assignedTo=me
// Filters:
// - severity: critical, high, medium, low
// - status: new, investigating, resolved, dismissed
// - type: sanctions, pep, adverse_media
// - assignedTo: userId or "unassigned"
// - dateRange: created within timeframe
// - applicantId: specific customerAlert Assignment
POST /api/v3/aml/alerts/:id/assign
{
"assignTo": "compliance_officer_id",
"priority": "urgent", // urgent, high, normal
"dueDate": "2024-01-16T12:00:00Z",
"notes": "Requires immediate investigation - possible sanctions match"
}Investigation Workflow
Step 1: Review Alert Details
GET /api/v3/aml/alerts/:id
{
"alert": {
"id": "alert_abc123",
"type": "adverse_media",
"severity": "high",
"created": "2024-01-15T10:30:00Z",
"applicant": {
"id": "app_xyz789",
"name": "John Smith",
"dob": "1975-03-15",
"country": "US",
"accountOpened": "2022-06-10",
"currentBalance": "$45,230",
"transactionVolume": "$1.2M lifetime"
},
"trigger": {
"article": {
"title": "SEC Investigates Trading Irregularities",
"source": "Bloomberg",
"date": "2024-01-14",
"relevanceScore": 88
}
}
}
}Step 2: Gather Evidence
Research:
- Read complete article
- Search for corroborating sources
- Check regulatory websites (SEC, FCA filings)
- Review court records (if available)
- Google search for updates
Customer Data:
- Transaction history
- Previous AML screening results
- Communication history
- Related parties
- Account activity patterns
Add Evidence to Alert:
POST /api/v3/aml/alerts/:id/evidence
{
"type": "document",
"title": "SEC Filing - Investigation Notice",
"url": "https://sec.gov/...",
"summary": "SEC filing confirms investigation into trading patterns",
"uploadedBy": "compliance_officer_id"
}Step 3: Assess Risk
Risk Assessment Matrix:
| Factor | Weight | Your Assessment |
|---|---|---|
| Source Credibility | High | Bloomberg (credible) |
| Relevance | High | Direct mention, active investigation |
| Severity | High | SEC investigation (serious) |
| Customer Role | High | Subject of investigation |
| Recency | High | Ongoing |
| Customer Relationship | Medium | 2 years, $1.2M volume |
Overall Risk: HIGH
Decision Matrix:
| Current Risk | Action Required |
|---|---|
| Critical | Exit customer immediately, freeze assets, file SAR |
| High | Enhanced monitoring, transaction limits, senior review |
| Medium | Continue monitoring, document decision |
| Low | Note alert, dismiss if clearly false positive |
Step 4: Make Decision
POST /api/v3/aml/alerts/:id/resolve
{
"decision": "enhanced_monitoring", // or "dismiss", "exit_customer", "freeze_account"
"reasoning": "SEC investigation confirmed but no charges filed. Customer has been cooperative. Implementing enhanced monitoring with weekly reviews pending investigation outcome.",
"actions": [
{
"type": "enable_enhanced_monitoring",
"frequency": "weekly",
"reviewBy": "senior_compliance_officer"
},
{
"type": "transaction_limit",
"dailyLimit": 10000,
"monthlyLimit": 50000
},
{
"type": "file_sar",
"jurisdiction": "US",
"filedDate": "2024-01-16"
}
],
"reviewedBy": "compliance_officer_id",
"approvedBy": "chief_compliance_officer_id",
"completedAt": "2024-01-16T14:30:00Z"
}Step 5: Execute Actions
Available Actions:
| Action | Description | API Endpoint |
|---|---|---|
| Dismiss Alert | False positive | POST /alerts/:id/dismiss |
| Enhanced Monitoring | Increase monitoring frequency | POST /applicants/:id/monitoring |
| Transaction Limits | Set spending caps | POST /applicants/:id/limits |
| Freeze Account | Block all activity | POST /applicants/:id/freeze |
| Exit Customer | Close relationship | POST /applicants/:id/offboard |
| File SAR | Suspicious Activity Report | POST /applicants/:id/sar |
| Escalate | Send to senior management | POST /alerts/:id/escalate |
Escalation Procedures
When to Escalate
Mandatory Escalation:
- Sanctions hit (matchScore > 90)
- PEP with corruption allegations
- Adverse media involving terrorism or sanctions evasion
- High-value customer at risk
- Legal uncertainty
Escalation Levels:
- Level 1: Senior Compliance Officer
- Level 2: Chief Compliance Officer
- Level 3: General Counsel / CEO
- Level 4: Board of Directors (material risk)
POST /api/v3/aml/alerts/:id/escalate
{
"escalateTo": "chief_compliance_officer",
"reason": "Sanctions match score 95% - requires executive decision on account freeze",
"urgency": "immediate",
"requestedAction": "decision_on_freeze_and_ofac_filing"
}SLA Management
Service Level Agreements
| Alert Type | Target Resolution | Maximum Time |
|---|---|---|
| Sanctions (Critical) | 4 hours | 24 hours |
| PEP New (High) | 24 hours | 48 hours |
| Adverse Media (High) | 48 hours | 5 days |
| Adverse Media (Medium) | 5 days | 10 days |
| Former PEP (Low) | 10 days | 30 days |
Overdue Alerts
GET /api/v3/aml/alerts?overdue=true
{
"overdue": [
{
"id": "alert_xyz",
"severity": "high",
"created": "2024-01-10T10:00:00Z",
"sla": "48 hours",
"overdueSince": "2024-01-12T10:00:00Z",
"assignedTo": "officer_abc",
"reason": "Investigating - awaiting third-party verification"
}
]
}Automated Reminders:
- 50% of SLA elapsed → Email reminder
- 80% of SLA elapsed → SMS + email escalation
- SLA exceeded → Manager notification
False Positive Management
Common False Positives
- Name Matches: Common names (John Smith)
- Different Person: Same name, different DOB/country
- Irrelevant Mention: Person quoted as expert, not subject
- Resolved Matter: Case dismissed, acquitted, settled
Dismissal Process
POST /api/v3/aml/alerts/:id/dismiss
{
"reason": "false_positive",
"explanation": "Different John Smith - article refers to person aged 65 in Australia, our customer is 42 in UK. DOB and location mismatch confirmed.",
"evidence": [
"Verified customer DOB: 1982-05-20",
"Article subject DOB: 1959-03-15",
"Customer location: London, UK",
"Article subject location: Sydney, Australia"
],
"reviewedBy": "compliance_officer_id",
"approvedBy": "senior_officer_id" // Optional: require dual sign-off
}Audit Trail: All dismissed alerts remain in system for regulatory review.
Reporting and Analytics
Alert Metrics
GET /api/v3/aml/alerts/metrics?period=last_30_days
{
"period": "2023-12-15 to 2024-01-15",
"metrics": {
"totalAlerts": 142,
"byType": {
"sanctions": 3,
"pep": 24,
"adverseMedia": 115
},
"bySeverity": {
"critical": 3,
"high": 28,
"medium": 94,
"low": 17
},
"resolutionStats": {
"truePositive": 45, // 31.7%
"falsePositive": 89, // 62.7%
"unresolved": 8 // 5.6%
},
"averageResolutionTime": {
"critical": "3.2 hours",
"high": "18 hours",
"medium": "3.2 days"
},
"slaCompliance": "94.3%" // 134 of 142 within SLA
}
}Regulatory Reports
GET /api/v3/aml/alerts/report?format=pdf&period=2024-Q1
// Generates PDF report with:
// - All alerts for period
// - Investigation details
// - Decisions and actions
// - Dismissed alerts with reasoning
// - SAR filings
// - Compliance metricsBest Practices
- Triage by severity - Critical alerts first, always
- Document everything - Regulators will review your decisions
- Set realistic SLAs - Based on team capacity
- Train regularly - Ensure team knows escalation procedures
- Review dismissed alerts - Audit false positive decisions quarterly
- Track metrics - Monitor false positive rates to tune thresholds
- Automate reminders - Don't rely on manual SLA tracking
- Have clear procedures - Written workflows for each alert type
Compliance Checklist
For each alert, ensure:
- Alert reviewed within SLA
- Evidence gathered and documented
- Identity verification performed (not different person)
- Risk assessment completed
- Decision made and documented with reasoning
- Actions executed
- Senior approval obtained (if required)
- Regulatory filing completed (if required)
- Customer notified (if appropriate)
- Audit trail complete
Next Steps
Ready to get started?
Start with our free plan. No credit card required.