Grouping alerts into existing open cases

Alert grouping

Clients can enable or disable alert grouping within their case workflows via a self-serve configuration option. This feature consolidates new risk alerts into existing open cases, addressing the issue of multiple cases for the same customer and providing a more comprehensive view of risk.

See how to manage alert grouping configuration:

If alert grouping is not enabled, when a new alert is generated, this will trigger the creation of a new case even if an open case already exists. 

NOTE: When alert grouping is enabled, new alerts will create a new case to begin grouping, rather than joining existing ones.

Here is how alerts will behave once alert grouping is enabled:

1. Alerts in customer onboarding cases

A customer onboarding case is created when a customer is screened for the first time, and any screening results (a.k.a. hits) are found. These results are placed in a screening alert and added to the case.

If monitoring is enabled for the customer and a monitoring search generates new results, a new screening alert is created:

• If the onboarding case is still open (i.e., no case decision has been made), the new alert is added to the existing onboarding case.

• If no open onboarding case exists, a new customer monitoring case is created.

• If a customer onboarding case is reopened, new alerts are added to the latest open customer monitoring case, not the reopened onboarding case.

2. Alerts in customer monitoring cases

If monitoring is enabled and new hits are found:

• A new screening alert is created.

• New screening alerts are added to an open monitoring case (unless the case has been reopened).

• If no open monitoring case exists, a new monitoring case is created

3. Alerts in transaction monitoring cases

Alert grouping is always enabled for transaction monitoring cases. There is no configuration to disable this.