The Investigation Case

The Enrich data Step is a placeholder step. Most of the data required to perform the investigation will already be available based on the Alerts and enrichment carried out during their corresponding intake Processes. The Index data Step adds the relationship between the Alert and the investigation to the Data Link Analysis network for use in investigations.

Faced with a high number of investigations, Financial Institutions will want to utilize their investigator resources as efficiently as possible, all while meeting business goals and compliance restrictions. The priority that is calculated in the Prioritize investigation Step will mainly drive the urgency of the investigation Case, while the complexity will be used for routing to the appropriate skill level or work queue (for example, Level 1, Level 2, Level 3). Additional data can be used as part of this process to meet the Financial Institution's need.

Under set circumstances the Financial Institution may want to initially run certain actions before the core investigation tasks are completed, to reduce the impact of the potential suspicious activity. The Execute preventative actions placeholder step is intended for running such preventative actions, based on the required business logic.

Investigations conducted by Financial Institutions range in complexity and regulatory reporting needs. For example, a Currency Transaction Report (CTR) must be filed with the US regulator FinCEN for all currency transactions over $10,000. CTRs may be triggered frequently for certain segments of customers and represent a burden with manual review each time. It is therefore possible for the outcomes and resulting actions of that investigation to be determined automatically, without the need for manual triage or investigation.​ The Automatic disposition placeholder Step contains business logic and AI models to automatically determine the conclusion of the investigation and proceed directly to the Post-investigation actions Stage.​

Investigators must be able to efficiently triage Alerts in an investigation and determine the next steps, such as escalating or finalizing the investigation outcome. To make these determinations quickly, Investigators must be able to access the appropriate data without losing context. In the Triage Alerts Step, a Level 1 investigator is presented with a list of Alerts with summary data to triage. Details of each Alert are also accessible.

The work of investigators is complicated and involves making subjective decisions with outcomes that can materially impact the Financial Institution. For this reason, the necessary checks and balances must be in place throughout the process. The risk is especially high when staff members are new to their role. The Perform Quality Control placeholder Step contains logic to divert a subset of investigations to a member of staff or team that can review the Alert triaging activities. The overall Investigation is halted until the review is complete and any required feedback is addressed.​

Pega applications offer a wide array of ways to align work with investigators, both automated and manual. These include, but are not limited to, skills, workload, SLAs, and availability. The Accept investigation Step is required when more senior investigators are manually picking their own work. The Investigator confirms ownership of the Investigation Case and prevents other investigators from trying to also work on it.

In the Perform investigation Step, following triage activities, an Investigator must conduct a sufficient level of research to be able to determine if suspicious activity has taken place.

After the investigation work has been carried out, a conclusion must be made in the Finalize investigation Step, and a set of follow-up actions must be determined. An additional work area is displayed for review of the finalized conclusion. The investigator is presented with the investigation data to finalize and review. ​If a Suspicious Activity Report must be filed, then the investigator has the option to review a basic representation of that report before submitting their conclusion.​ The Money Laundering Reporting Officer (MLRO), or their manager, or an equivalent individual will review the overall investigation and either accept or reject it.

The Execute actions Step runs follow-up actions from an investigation, such as a Suspicious Activity Report.

The Provide feedback placeholder Step is used to automatically generate and submit feedback about Alerts contained within the Investigation Case to the source system, based on the required API interface of said system. ​

Note: This step would supplement any initial feedback provided via the equivalent placeholder step in the Alert Intake Case.

The Perform Quality Assurance placeholder Step allows for the creation of a manual Quality Assurance activity where a user can review any decisions made for the overall investigation. The resulting review would be used to improve this end-to-end investigation Process.​

The last Step, Wrap up, contains automated finalization activities of the Investigation Case. For example, updating Alert tracking mechanisms, updating status and synchronization of Data Link Analysis network.