Handling alerts

Updated on 24.06.24
3 minutes to read
Copy link


Setting up alert triggers and managing+assigning alerts within SEOn allows you to make investigations more efficient and better distribute workload between your fraud and AML teams. Here's everything you need to know about handling alerts within the SEON platform. 


Assigning alerts

When a new alert arises, it is automatically delegated among team members subscribed to the related alert trigger. The distribution takes into account the tasks already distributed. New tasks are assigned to whoever has the fewest pending tasks.

Once a new alert is assigned to an AML analyst, their task is to determine whether the alert, triggered by suspicious behavior, poses a genuine AML threat requiring escalation, if there's a simple explanation, or if it's a false positive.

The assigned alerts for every analyst can be found in a list view, akin to a task list where the objective is to clear the list as soon as possible.

You can also manually assign a single or multiple alerts to a colleague from the Alerts page. Select one or more alerts from the list, then use the Assign button at the bottom of the screen. 


Investigation checklists

The workflow for clearing alerts in the majority of cases and at most organizations is not ad hoc, but rather recorded in internal AML policies. This should be followed in any alert-clearing process. SEON's case management system supports this aspect of the workflow with our checklist application.

Setting up a checklist is easy: simply go to the Case management section of the Settings page and navigate to the Checklist tab. You can create separate checklists for alerts and for cases. Add your items and click Save changes once you're done.

This checklist will then appear on every Alert and Case details page you or any assignees investigate. 


Reviewing alerts

When opening the Alert details view, you can see all the related information (similarly to Transaction details) organized in tabs. 

You also have the option to upload documents related to the alert. 

All actions are recorded and listed under the Analyst log tab and can be handed in for an audit. 

On the top of the page, you can assign/reassign the alert and change its status. 


Alert statuses

A new alert will have the status 'Open,' along with an assignee, if one was added. Once an analyst begins working on an alert, they can adjust its status to 'In Progress.' 

Once the investigation is finished, the analyst has two options: marking it as a false positive or escalating it to a case. Once the analyst escalates an alert to a case, a case will be created, appearing in the cases list.