Alert Management
Alerts are the primary work items for compliance analysts. They represent compliance issues — PEP matches, sanctions hits, adverse media, identity discrepancies — that require human review and resolution.
Alert lifecycle
| Status | Description |
|---|
Open | Alert created, awaiting analyst review |
Acknowledged | Analyst has claimed and is reviewing the alert |
Resolved | Alert reviewed and resolved with an action |
False Positive | Confirmed as a false positive match |
Escalated | Escalated to a senior reviewer or manager |
Auto-triage
New alerts can be automatically triaged using AI research. The auto-triage system is configured via custom metadata:
- Alert insertion triggers the auto-triage handler
- The handler filters alerts by type and category against the triage configuration
- Eligible alerts are dispatched to an async AI research queue
- AI research analyzes the screening match against public sources
- Results are written back to the alert (assessment, confidence, false positive probability)
- If configured, the auto-disposition pipeline evaluates the results
Auto-triage is configurable per alert type and category. You can exclude specific categories (e.g., Sanctions) from auto-triage to ensure they always receive human review.
AI research
AI research provides automated analysis of screening matches. When triggered (manually or via auto-triage), the system:
- Builds a research prompt with alert details, entity context, and screening data
- Submits to a web research AI (Perplexity) for validation
- Returns a structured assessment with:
- Assessment narrative — detailed analysis of the match
- Confidence score — AI confidence in its assessment (0-100%)
- False positive probability — likelihood the match is a false positive (0-100%)
- Recommended action — suggested resolution (Approve, Decline, Escalate)
- Sources — URLs of sources consulted
Auto-disposition
Alerts with high-confidence false positive assessments can be automatically resolved:
| Condition | Action |
|---|
| FP probability >= category threshold | Auto-resolve as False Positive |
| FP probability < threshold | Leave for human review |
| QA sampling enabled | Flag a percentage of auto-dispositions for QA |
Adverse Media might auto-dispose at 90% FP probability while Sanctions Hit is never auto-disposed.
Priority scoring
Every alert receives a composite priority score (0-290 points) calculated from five components:
| Component | Max Points | Calculation |
|---|
| SLA urgency | 100 | Breached = 100, linear decay from due date |
| Risk tier | 100 | Critical = 100, High = 75, Medium = 50, Low = 25 |
| Category weight | 60 | Sanctions = 60, PEP = 45, Adverse Media = 30 |
| Match score | 10 | Screening confidence / 10 |
| Case risk | 20 | Parent case risk score / 5 |
Priority labels
| Priority | Score Range |
|---|
Critical | 200+ |
High | 120-199 |
Medium | 60-119 |
Low | 0-59 |
SLA monitoring
Each alert inherits an SLA due date based on its category and priority. A nightly batch job monitors SLA compliance:
| SLA Status | Condition | Action |
|---|
On Track | Due date > warning threshold | No action |
Warning | Within warning window | Email notification to analyst |
Critical | Due date is today | Urgent notification |
Breached | Past due date | Auto-escalate (if configured) |
Resolution actions
When resolving an alert, specify one of the following actions:
| Action | Description | Use case |
|---|
Approve | Accept the entity despite the alert | False positive or acceptable risk |
Decline | Reject the entity | Confirmed compliance issue |
Escalate | Route to senior reviewer | Complex or uncertain case |
Request Document | Request additional evidence from client | Insufficient documentation |
Approve with Conditions | Accept with monitoring or restrictions | Marginal risk, mitigated by conditions |
Bulk operations
For high-volume processing, use the bulk endpoints:
# Bulk acknowledge
curl -X POST https://api.zenoo.com/v1/alerts/bulk/acknowledge \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '{ "alert_tokens": ["alt_001", "alt_002", "alt_003"] }'
# Bulk resolve
curl -X POST https://api.zenoo.com/v1/alerts/bulk/resolve \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '{
"alert_tokens": ["alt_004", "alt_005"],
"action": "Approve",
"notes": "Batch: confirmed formatting differences."
}'
# Bulk assign
curl -X POST https://api.zenoo.com/v1/alerts/bulk/assign \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '{
"alert_tokens": ["alt_006", "alt_007"],
"assignee": "user_analyst01"
}'
Next steps
