Level 1 vs Level 2 Investigations

“Two heads are better than one”, as the old saying goes. However, in anti-money laundering and risk review, “four eyes are better than two” might be a more appropriate axiom. This is where the process of first-level and second-level reviews come in when conducting Transaction Monitoring investigations in order to mitigate the risk of financial crime. As Sigma continues to grow, it is establishing a firm niche within this multi-tiered review process.


The first-level review is sometimes referred to as an “Alert Investigation,” and in which, an analyst reviews the alerts generated by the financial institution’s Transaction Monitoring system (TMS). In order to conduct a Level 1 Investigation, the sources an analyst may utilize in their investigation include a mix of internal data (customer records, payment data, etc.) and external data (public domain searches, government databases, etc.), which may include access to third-party databases (such as Sigma Terminal, World Check, LexisNexis). Utilizing this data in their investigation, the analyst should, at minimum, establish the nature and purpose of the business relationship or the intended transaction (including the source of funds). Following the Level 1 investigation, and once the analyst has all the necessary information to mitigate the alert by determining it poses no concern, then the analyst is able to close the alert. If not, then the alert would require further investigation, which results in the creation and the escalation of the case for a second-level review.

The second-level review, sometimes referred to as a “Case Investigation”, is where an analyst reviews the findings of the first-level investigation and conducts a further analysis of the activity that resulted in the TMS alert. These investigations typically require the procurement of additional data, whether from other internal functions or from tools and/or systems that a first-level analyst may not necessarily have access to. If a second-level analyst is unable to obtain the required information (from both internal and external sources) in order to mitigate the alert, and/or whether the second-level review determines that the activity may be unusual and/or suspicious, then the analyst may recommend the filing of a Suspicious Activity Report (SAR) to the regulator.

Yet, as the volume of TMS alerts and SARs continue to rise, constraining both financial institutions and regulators, there is a growing recognition that adopting new technology can enhance the effectiveness and efficiency of BSA/AML compliance programs. In fact, according to a recent best practices publication by the Hong Kong financial regulator, a financial institution’s “AML/CFT systems should support integration of information and data from external sources as a means to enhance the targeting and mitigation of specific ML/TF risks.” For example, clients of Sigma Ratings are utilizing the alert management capabilities of Sigma’s Terminal and API offerings,  which provides automated multi-variable screening, categorization and scoring for tens of thousands of alerts in a matter of a few minutes. The result is actionable insights across 60+ risk factors and commonly used typologies to help compliance teams and investigation firms operate more efficiently, and make decisions more effectively and confidently. Most importantly for those utilizing a multi-tiered review process, the technological capabilities optimizes case distribution and improves level 1 and level 2 team performance.

These sorts of third-party data sources are essential in answering the critical questions a financial institution may have about a transaction. Is this a business and, if so, where and when was it incorporated? Who are the controlling interests in it? Is there negative news about the customer or are there, perhaps unknown links between them and criminal elements or sanctioned entities? Answering these questions can be an onerous task, but if third-party data can be leveraged effectively, the time- and cost-savings cannot be understated. 

By providing an all-in-one platform that aggregates this information and provides risk scores for entities and associated events, Sigma seeks to add agility and reliability to this second-level review. As we’ve mentioned before, legislative shifts like the Anti-Money Laundering Act of 2020 will establish “public priorities” that will inform how FIs and MSBs will be examined by the regulators going forward. Hence, institutions will need to blend specialized knowledge with public data in more creative and comprehensive ways than ever before and Sigma is excited to be on this forefront. 



Are you ready to see what Sigma can do for you? Request your Demo Today!

Request a Demo

Related Resources:

State of the Unit

This month, a new report titled the ‘True Cost of Financial Crime Compliance Global Report’ revealed that [..]

Read More

Putting You On Notice

Corruption and money laundering go hand-in-hand.  

Read More

A Digital Cold War: Dual Use & The New Frontier

Last month, the announcement of Germany’s arrest of a businessman suspected of purchasing “sophisticated [..]

Read More
Sigma Loading