Hello,

AML 7.1 does not have workflow similar to 6.3.  7.1 does have custom queues functionality. Here's an overview:

•Queues are used to control user access to entities (customers or external parties), cases, reports and CDD Reviews.

•An entity that alerts can be routed to a new queue or to another queue while remaining in the original queue.  This allows simultaneous review of entity alerts by different users.  For example, the watchlist team reviews the watchlist alert while the standard review team reviews other alerts.

•Queues can be configured so that the Alert Generation Process (AGP) will route entities to a particular queue.  The UI will use the information when displaying triage lists to users.

•In addition to the entities referenced above, alerts also can be assigned to a particular queue during AGP routing.

Queue Access

•Users have access to a queue and to the items in the queue only with membership (direct or inherited) of the role that is configured for the queue access.

•Roles are used by the investigation UI to filter items that a particular user may access.  In addition, REST services are also performing additional validation for alerts to ensure only authorized users can access a particular item.

Entity triage

•If AGP routing to queues is enabled for entities then The “All entities”, “My entities” and “Available entities” lists will only display the entities from queues for which a user as access rights and where the entities have not been assigned to any queue. Ownership control (assignment to specific user) works the same way as it worked before HF5 was applied.

•Entities might be assigned to multiple queues.  For example, an entity is assigned to the Watchlist queue and the Employee queue for review.  A user who has access rights to both queues will see the entity listed twice in the entity triage page, once for each queue. The alert count and aggregated amount will reflect the total count of all alerts for the entity.

•

Cases, Reports, and CDD Reviews Triage

•Triage lists for cases, reports and CDD reviews will display only the items from queues for which a user has access rights or items that have no queue assigned.

Alerts

•AGP routing to queues can be also be enabled for alerts. If an alert is assigned to a queue, logic in the UI and REST services will validate users have access rights to the alert.  

•If a user does not have access rights to the queue, the user will be unable to open the alert from the UI or select the alert for triage. This is controlled in the Admin tab with the enforceQueuesForAlerts preference.

•As additional security, customers may enable alerts filtering so that alerts are hidden from users who do not have access rights. This is controlled in the Admin tab with the hideAlertsFromUnauthorizedQueues preference.

Entity details page

•All alerts for an entity are displayed on the entity details page.  However, only alerts from the queues that a user has access rights may be triaged (i.e., closed, suppressed, added to a case).

•If a user without access rights attempt to select an alert in a queue where they do not have access rights, a warning message will be displayed indicating the user is not authorized to view the content.

•Double-click of alerts is also not allowed.  For example, the alert details page cannot be opened for alerts in queues where a user does not have access rights.