Getting started

The Counter Fraud user interface provides built-in roles and processes that are needed to triage, investigate, analyze, compile, and disposition fraud alerts and cases. Multiple user roles participate in this workflow. The Counter Fraud case management component provides task in-baskets, workflow tracking, access to analysis tools, and pre-configured reports for the existing roles.

About this task

Each organization can have a distinct set of roles, titles, or responsibilities. To illustrate the use of the Counter Fraud interface and tools, these topics present steps in the context of the roles that are provided by default with ICFM software installation.
The following scenario depicts a fictional banking event and the subsequent Counter Fraud workflow:
  1. A bank customer named Indira Hardin transfers a large sum, $25,000, to Jolene Stark.
  2. The ICFM analysis flow configured for the bank's system identifies this transfer as a risky transaction, and generates an alert.
  3. A member of the Triage team at the bank receives and reviews the alert, and decides to route the alert for further investigation. (A Supervisor might also complete this triage and assignment step.)
  4. The Investigator reviews the case, looking at Indira Hardin and Jolene Stark in the Entity Resume and Link Analysis tabs. The Investigator determines that further analysis is required and creates a task for the Analyst to provide more detailed review.
  5. The Analyst investigates further, using IAP and Analyst's Notebook® Premium tools to determine that the recipient, Jolene Stark, shares an address with Richard Gomez. Richard Gomez has multiple aliases and addresses that are similar but not exact.
  6. The Analyst saves the investigation as a chart, attaches the file to the case, and routes the case back to the Investigator.
  7. The Investigator looks into Richard Gomez, and determines that Richard Gomez is on an internal watchlist. Richard Gomez is also associated with Enriquez Gomes, another identity on the watchlist.
  8. The Investigator creates a Suspicious Activity Report, or SAR, and forwards it to a QA Analyst for review.
  9. The QA Analyst reviews the SAR for completeness and makes any necessary edits, then prepares the SAR for submission.
  10. The Investigator completes a fraud assessment on the case. The Investigator marks the transactions and parties that are known to be fraudulent so that they persist in the system and can be identified in future alerts.

This scenario provides an example of a possible instance of fraud in the banking industry. However, with a few adjustments, you can understand a similar scenario for another industry, such as insurance. In an insurance scenario, identity investigation is also relevant. Instead of a money transfer, however, the trigger event might be the filing of an insurance claim.

  • User roles
    Review descriptions of roles that are predefined in the IBM® Counter Fraud Management solution. Use these roles or customize and add roles to suit your particular fraud investigation unit. To access a role's in-basket (Tasks tab) and personal in-basket (My Tasks), select the role from the Counter Fraud desktop.
  • About state transitions
    As a case moves through its life cycle, the state of the case changes. The users who can edit the case and the available actions depend on the current state.
  • About reports
    Depending on business needs, you might consider reporting, which applies to all analysis flows, or a custom solution to report on the specific analysis conducted by a particular analysis flow.
  • Adding and reviewing documents
    ICFM roles can add documents to alerts and cases. For example, documents might be charts, correspondence, evidence, or images, such as a scanned check.
  • Adding comments
    Any predefined Counter Fraud roles are able to add comments. For example, an intake analyst on a triage team might add a comment before referring a case to an Investigator for review.
  • Adding dynamic properties
    A dynamic property is anything that might have been discovered during the case that is not already captured in the structure of the case through an existing case property. Capturing this information with a dynamic property highlights the unique aspects of an investigation.
  • Working with related objects
    Related objects are items associated with a case or alert. For example, a related object can be a physical device, a transaction, or an event.
  • Creating and working with checklists
    In investigation cases, a checklist ensures that all required work is done and helps to drive the case tasks.
  • Working with alerts
    When a Counter Fraud Management analysis flow detects properties or values that are outside the determined threshold, an alert is created in the case management system. Alerts provide information about the claim or transaction that can help a triage team determine whether further investigation is required.
  • Working with cases