Alerts, cases & SARs
Build with

This is the investigation half of Compliance — where flagged activity becomes a decision. Events that score high raise alerts; your team groups an entity's alerts into a case, investigates it, and — where reportable — files a SAR or STR. All of it lives under Dashboard → Compliance, and every write is audited server-side.

Alerts
Build with

An alert is opened automatically when an event scores at or above your review threshold. Review alerts under Compliance → Alerts (alerts:read).

FieldNotes
DecisionThe event's decision — typically REVIEW or BLOCK.
Risk scoreThe score that triggered it (0–100).
StatusOPEN, RESOLVED, or DISMISSED.
ReasonsThe rules that contributed, each with a score and a detail string (e.g. amount 48000 > 10000).

The list shows each alert's entity, decision, risk score, status, and how many cases it belongs to.

Alerts appear here when transaction scoring flags an event for review or block.

Opening a case
Build with

To investigate, select alerts from a single entity and open a case (alerts:manage). The dialog lets you name the case (defaults to Investigation — N alert(s)) and add a summary of why it's being opened. All alerts must belong to the same entity — a case is scoped to one subject.

Cases
Build with

A case groups one entity's alerts and tracks the investigation to a conclusion. Manage cases under Compliance → Cases (cases:read to view, cases:manage to act).

AttributeValues
StatusOPENIN_REVIEWCLOSED.
DispositionSet when closed: CLEARED (false positive), CONFIRMED (fraud/ML), ESCALATED (needs senior review), INCONCLUSIVE.
AssigneeA team member, or unassigned.
AlertsThe grouped alerts; add more of the entity's alerts at any time.

From a case you can assign it, add alerts, edit its title/summary, and dispose it — set the disposition and a closing summary, which moves it to CLOSED.

Open a case from the Alerts view to start an investigation.

SARs & STRs
Build with

When a case is reportable, draft a regulatory filing from it (cases:manage):

AttributeValues
Report typeSAR (Suspicious Activity Report) or STR (Suspicious Transaction Report).
StatusDRAFTFILED, or CANCELLED.
ReferenceYour external filing reference (e.g. the regulator's number), set when filing.

The lifecycle:

  1. Draft — choose SAR or STR and a reason. The report is generated server-side in goAML format.
  2. Review & export — inspect the goAML payload on the SAR detail view and export it as XML for submission to your FIU/regulator.
  3. File — record the external reference and file path; the SAR moves to FILED.
  4. Cancel — a DRAFT can be cancelled if it's no longer needed.

Audit
Build with

Every case and SAR write — open, assign, add-alerts, dispose, draft, file, cancel — is recorded in your organization's audit log (Dashboard → Audit logs), with the actor and timestamp.