6 Alert Assigner Editor

The Alert Assigner Editor allows the application Administrator to view and modify the rules used to assign ownership of alerts.

The Alert Assigner Editor allows you to perform the following tasks:

  • Select a focus and then create, modify, or delete a rule
  • Change the Default Owner
  • Define Role-Based Assignment Limits

Each alert generated within the application is assigned an initial owner before it is available for analysis. The application automatically determines an appropriate owner (a user or group of users) for each alert based on the initial assignment logic you configured or configured for your firm. Initial assignment logic is composed in a set of operations that evaluate various attributes of the alert or its focal entity. For example, scenario, score, focal entity, or related entities.

Yo ucan add, modify, or delete assignment rules. The following elements are combined to form a set of logic against which the alerts are evaluated:

  • Each assignment rule is defined as an attribute (either an attribute of an alert, or an attribute of the focal entity), an operator, and a value.
    The following table shows a sample of an alert assignment rule.

    Table 6-1 Sample of an Alert Assignment Rule

    Precedence Assignment Rule Type Assignment Rule
    1 Focus
    • Alerts with focus domain code conly are assigned to the Brokerage pool.
    • Alerts with focus domain code d, e, or deare assigned to the Banking pool.
    2 Focus and Scenario
    • Alerts with focus domain code d, e, or de and generated by scenario High Risk Transactions – High Risk Counter Party (AC) to the Wires pool.
    • Alerts with focus domain code d, e, or de and generated by scenario Single or Multiple Cash Transaction – Possible CTR (CU) to the Structuring pool.
    • Alerts with focus domain code d, e, or de and generated by scenario Networks of Accounts, Entities (AC) or Rapid Movement of Funds – All Activity (CU) to the General pool.
    3 Default All alerts that do not meet other rules are assigned to the AML Risk Management pool.
  • Each assignment rule consists of an operation set that identifies a grouping of rules of which it is a member.
  • Operations are logical expressions that can be used to evaluate alerts (for example, alert score > 50). A set of operations based on the same attribute (for example, score) are grouped into an operation set.
  • All operations within an operation set must be mutually exclusive and should collectively cover the entire spectrum of values for a given attribute.
  • Each operation specifies the next step that is applied to alerts that satisfy the operation. This next step is either an owner for the alert, or the next operation set, or branch, to further evaluate the alerts.
  • Each alert is evaluated against the operations within operation set one (1). Each alert then branches out based upon the next operation set specified for the operation within Operation Set one (1) that they satisfy. Each alert continues through a chain of operation sets until it satisfies an operation for which an owner has been specified. Alerts that do not reach an operation that they satisfy and for which an owner has been specified, will be assigned to the Default Owner.

Note:

  1. Manually posted alerts, generated by the alert correlation process, are not assigned to the default owner that is specified through the assignment editor. Refer to the Behavior Detection Administration Guide, for more information.
  2. The following attributes of the Admin Tools and Alert Owner Parameters fail to load automatically during installation and must be manually updated:
    • Attribute 1 Value
    • Attribute 4 Value
    • Attribute 5 Value
    • Attribute 8 Value

      To update the Attribute 1 Alert Owner parameter in the Manage Common Parameters page, select the Used for Design parameter category and the Alert Owner parameter name.

      To update the Attribute 4, Attribute 5, and Attribute 8 Admin Tools parameters in the Manage Common Parameters page, select the Used for Design parameter category and the Admin Tools parameter name

Accessing the Alert Assigner Editor

Navigate to the Alert Assigner Editor by selecting Alert Management Configuration in the Administration menu, then selecting the Alert Assigner Editor option.