From alert to defensible decision.
The Loci Case Manager turns alerts, transactions, screening results, and session risk into auditable investigations: assigned, documented, reviewed, and closed with an evidence trail a regulator can follow.
Triage fast. Investigate properly.
Alert work and investigation work are different jobs. Loci gives each its own surface, with a clean handoff between them.
Who is looking at this alert, and what is the next immediate action? Claim, assign, release, and reassign flagged transactions with full assignment history. High-priority views keep the riskiest work on top.
What evidence was reviewed, what was decided, and who approved it? Group related alerts into one investigation with notes, status, SLA, maker-checker review, and a final disposition.
Safeguards you don't have to remember to apply.
The controls a compliance framework asks for are enforced by the system, not by convention.
A reviewer cannot approve their own submitted case. Maker and checker are structurally separate roles for recommended closures.
Cases cannot be closed through ordinary status changes. Closure happens through review approval or an explicit, logged admin override.
Creation, assignment, status changes, notes, evidence links, review decisions, closures, and reopenings all write append-only timeline events.
Lifecycle state and investigation conclusion are distinct fields, from NO_ISSUE and FALSE_POSITIVE through CONFIRMED_FRAUD and STR_FILED.
Every case has a clock, and everyone can see it.
SLA windows are set by priority the moment a case opens. Every case response carries its computed SLA state, so queues can be worked by urgency instead of arrival order, and breaches are visible instead of discovered.
See it in the console| Priority | SLA window | Computed state |
|---|---|---|
| Critical | 4 hours | DUE_SOON |
| High | 24 hours | ON_TRACK |
| Medium | 72 hours | ON_TRACK |
| Low | 120 hours | DUE_TODAY |
Investigations that make detection smarter.
Cases link evidence from enabled Loci surfaces such as transaction monitoring, AML screening, AccessGate/session risk, and custom sources. When a case closes as confirmed fraud, Loci updates linked transactions and fraud records, refreshes graph signals where linked data exists, and makes the outcome available to downstream detection workflows.
Flagged transactions link directly, verified against your organization, with duplicates blocked within a case.
When enabled, AML screening hits and AccessGate session risk can attach to the same investigation, so one case carries the relevant context.
Analyst-entered findings, adverse-media references, and custom sources link through the same evidence model with source and severity.
Walk one alert to a closed case.
A 30-minute walkthrough: claim an alert, build the case, submit for review, and see how confirmed outcomes update linked records.