Case Lifecycle
Cases are the primary unit of work in the Zenoo AML platform. Each case represents an investigation into an entity (company or person) and aggregates alerts, risk assessments, checks, and reviewer workflows.
Case types
| Type | Purpose | Typical SLA |
|---|
Onboarding | Initial customer due diligence during onboarding | 14 days |
Review | Periodic re-review of existing customers | 30 days |
Perpetual | Ongoing monitoring and continuous screening | Rolling |
Use Onboarding for new customers, Review for scheduled periodic re-assessments, and Perpetual for continuous monitoring triggered by screening alerts.
Status transitions
Cases follow a defined state machine. Only valid transitions are permitted.
| Status | Description |
|---|
New | Case created, not yet assigned or started |
In Progress | Analyst actively working on the case |
In Review | Submitted for peer or senior review |
Internal Review | Under internal compliance review or escalation |
Client Input | Waiting for the client to provide documents or information |
Closed | Investigation complete, all alerts resolved |
Escalated | Escalated to a manager due to complexity or SLA breach |
Invalid transitions
The API returns a 422 Unprocessable Entity error for invalid transitions:
{
"error": "invalid_transition",
"message": "Cannot transition from 'Closed' to 'In Progress'. Closed is a terminal state.",
"current_status": "Closed",
"requested_status": "In Progress"
}
SLA calculation
SLA due dates are automatically calculated from custom metadata based on case type and priority:
| Type / Priority | Due Days | Warning Days | Auto-Escalate |
|---|
| Onboarding / Critical | 3 | 1 | Yes |
| Onboarding / High | 7 | 2 | Yes |
| Onboarding / Medium | 14 | 3 | No |
| Onboarding / Low | 21 | 5 | No |
| Review / Critical | 5 | 1 | Yes |
| Review / High | 14 | 3 | Yes |
| Review / Medium | 30 | 7 | No |
| Review / Low | 45 | 10 | No |
SLA status
| Status | Condition |
|---|
On Track | More than warning days remaining |
Warning | Within warning threshold but before due date |
Critical | Due date is today |
Breached | Past due date |
Auto-escalation
A nightly batch job checks for SLA breaches. Cases with auto-escalation enabled are automatically:
- Set to
Internal Review status
- Assigned to the current analyst’s manager
- Flagged with an escalation reason (“SLA breach”)
- Logged in the audit trail
Closure requirements
A case can only be closed when:
- All alerts are resolved — open alert count must be zero
- Resolution notes provided — a summary of the investigation outcome
curl -X POST https://api.zenoo.com/v1/cases/cas_xyz789/close \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '{
"resolution_notes": "All checks passed. PEP match on UBO reviewed and cleared."
}'
{
"error": "closure_blocked",
"message": "Cannot close case with 2 open alerts. Resolve all alerts first.",
"open_alerts_count": 2
}
Escalation
Cases can be escalated manually or automatically.
Manual escalation
curl -X POST https://api.zenoo.com/v1/cases/cas_xyz789/escalate \
-H "Authorization: Bearer your-api-key" \
-H "Content-Type: application/json" \
-d '{
"reason": "Complex corporate structure requires senior review.",
"escalate_to": "user_manager01"
}'
What happens on escalation
- Case status changes to
Internal Review
- Case is assigned to the specified manager
- Email notification sent to the manager
- Audit trail entry created (
CASE_ESCALATION)
- Escalation date and reason are recorded
Risk score recalculation
Case risk scores are automatically recalculated when:
- An alert is resolved or created
- A risk assessment is approved
- An analyst applies a risk override
The system uses approved risk assessments as the primary source. If none exist, it falls back to an alert-based scoring algorithm.
Next steps
