Below, you’ll find responses to the most common questions regarding ComplyAdvantage Mesh.

A. Risk Scoring

1. Is it mandatory to set up Risk Scoring ?

No, risk scoring is not mandatory. If you don’t want to use our risk-scoring capabilities, you can leave your risk models empty, and Mesh will not risk-score your customers.

B. Case Management

2. Is there a "Save Draft" feature for risk profiles?

There is currently no ‘save draft’ option available for risk models at this time. However, it is something we are looking to introduce in the future.

For now, risk models must be published at the point of creation. If published, the risk model will automatically be applied to new and monitored cases.

C. Data

3. Does ComplyAdvantage adverse media screening cover the offence categories under s.6-35(b) of the Australian AML/CTF Rules 2025 (fraud, corruption, cybercrime, tax crime, environmental crime, organised crime, sanctions)?

Yes — ComplyAdvantage adverse media screening covers the offence categories listed under s.6-35(b) of the Australian AML/CTF Rules 2025, including fraud, corruption, cybercrime, tax crime, environmental crime, organised crime, and sanctions-related offences.

For a full breakdown of how our adverse media risk categories are structured, see: https://complyadvantage.com/insights/new-adverse-media-risk-categorization/

D. User Management

4. How can users request or verify access permissions to ComplyAdvantage accounts and tenants?

In the Mesh platform, access management is fully self-service and no longer requires contacting support. System Administrators can provision users and manage permissions directly within the platform. 

• How to verify/manage: Admins can navigate to Settings (the cog icon) and select Roles and Permissions.

• Role assignment: Mesh comes with default roles (Analyst, Supervisor, and Admin), but custom roles can be created.

• Granular Access: Access is controlled at the case type level. Admins can configure roles to have "View", "View and update", or "No access" for specific case types (e.g., Transaction Monitoring vs. Customer Screening). Users whose role has no permissions for a given case type will simply not see it in their case list.

5. How do I reactivate a deactivated user account or environment?

While administrators can reactivate users in the backend (CSOM), there are known synchronization issues where AWS Cognito fails to update the user's status, leaving them deactivated on the cloud side. 

• Resolution: If an account was reactivated but the user still receives a "User is disabled" message, they should first try clearing their cache and cookies or using an incognito window. 

• Support Escalation: If local troubleshooting fails, Technical Support ([email protected]) must be contacted to manually enable the user, clear the block, or force a reset directly within AWS Cognito.

6. How do I set up or reset user access for ComplyAdvantage?

• Setting up access: You can add or remove users from your different environments by clicking the "Add" button on the top right of the Mesh platform. 

• Resetting access: Users can utilize the "Forgot Password" flow. However, if new or existing users are not receiving password reset emails, it is highly likely that their email address has ended up on a system suppression list (e.g., due to previous bounces) or their user is blocked in Cognito. 

   You will need to raise a Technical Support ticket to have their email removed from the suppression list or unblocked.

7. How do I resolve password reset failures and login authorization errors?

If users are repeatedly failing to reset their passwords or encountering authorization errors, the following common restrictions apply:

• Token Expiration: Password reset links expire exactly 15 minutes after being generated. 

• Password Requirements: Passwords must be at least 8 characters long, cannot be a commonly used password, cannot be entirely numeric, and cannot be too similar to the username or personal information. 

• 401/403 Errors and "Something went wrong": If a user attempts to log in and receives a generic "Something went wrong" or authorization error, it is frequently due to IP Whitelisting restrictions. If the user's IP address (even while on a VPN) is not allowed on that specific environment, the API will block access and fail the login.

8. Why are specific articles or sources missing from screening results and when will they be added?

The timeline for adding missing information depends heavily on the type of list:

• Sanctions & Watchlists: ComplyAdvantage systems automatically check for updates from official issuing authorities (OFAC, UN, EU, etc.) every 15 minutes. These updates are reflected in the database within a couple of hours of the official source changing. 

• Adverse Media: Adverse media articles are continuously ingested, and the expectation is that they should be searchable by the next calendar day. If specific articles are publicly available but missing from the results, this usually points to data quality concerns, such as incorrect tagging, misclassification, duplicate entities, or name resolution issues.

9. What is the status of my open support ticket investigation?

ComplyAdvantage has recently migrated its customer support ticketing system from Zendesk to Pylon. 

• How to check status: Customers and internal non-support users can track the real-time status of their open tickets by logging directly into Pylon at app.usepylon.com using their ComplyAdvantage SSO credentials.

• Within Pylon, you can filter views to see your assigned customers or your own tickets, read the current ticket status, and distinguish between internal notes and customer correspondence regarding the ongoing root cause analysis.