Configuring Your Organization
Inviting Users
Adding new users to your organization is now controlled by administrators through direct invitation. To add a user, administrators can follow the steps below:
Click the Add User button on the User Management page
Provide a name, email address, and role, then click Invite User
An invitation email will be sent to the user allowing them to Complete Registration
Users that have been invited, but have not completed their registration will be displayed in the Pending Invites section. Pending Invites can be resent via email, copied for other sharing options, or revoked via the Delete Invite option.
Functionality Access Control with User Roles
To better support global teams and multi-stage compliance operations, administrators can assign users one of the following User Roles:
-
Administrator – Access to all functionality, including user management.
-
Policy Manager – Access to all functionality, except user management.
-
Manager – Access to most end user functionality, but without the ability to change organizational settings like filter sets.
-
Reviewer – An elevated end user with the ability to review escalated entities.
-
Analyst – A limited access end user whose focus is reviewing alerts. This user can also create individual entity reports.
-
Viewer – A view-only role designed for auditors.
To assign a role to an existing user, administrators can follow the steps below. The same modal is available when inviting a new user.
Click on the ellipsis icon on the user being updated and choose Edit User
In the Edit User modal, select the new role and click Save Details
Permission Details
A complete list of permissions and their descriptions is below.
| Permission Label | Description |
|---|---|
| View Organization Data | A default level of access to organization data (entities) granted to all roles except Restricted. This permission does not supersede Teams-based data access. |
| Generate Individual Reports | Allows the user the ability to generate reports other than bulk exports. |
| View Analytics | Allows access to the Analytics dashboard page. |
| Entity Decision | Enables making decisions on an Alert or Monitored entities. |
| Escalate Entity | Allows a user to escalate an entity. |
| De-escalate Entity | Allows a user to de-escalate an entity. |
| Edit Entity | Allows a user to change the search criteria of entity, e.g. customer key, entity group and filter set. |
| Entity Archive | Allows a user to archive entities. |
| Entity Unarchive | Allows a user to unarchive entities. |
| Add Screening Entity | Enables uploading records for one time Screening. |
| Add Monitoring Entity | Enables uploading records for ongoing Monitoring. |
| Uploads Archive | Allow a user to upload a file for bulk archival of entities. |
| Uploads Choose Filter Set | Users with this permission can select filter sets when uploading. Other users will use the default filter set. |
| Generate Bulk Exports | Allows a user to generate bulk exports from the Monitoring or Alerts pages. |
| Notification Groups | Allows a user to create and edit notification groups. |
| Uploads Org view | Allows a user to view all uploads across their organization. Other users will only have access to their own Uploads. |
| Global Views | Allows a user to set up Views that are visible across their organization. Other users can only create Views for themselves. |
| Edit Entity Groups | Allows a user to manage Entity Groups. |
| Edit Filter Sets | Allows a user to create, edit, and archive Filter Sets |
| Modify Block/Allow Lists | Allows a user to manage Block and Allow lists. |
| Modify Country Watchlist | Allows a user to manage the organization’s Country Watchlist. |
| User Management | Allows a user to invite users and manage their permissions. |
| Organization Settings | Allows a user to manage Organization Settings. |
| AI Control Panel | Allows a user to manage AI Control Panel. |
A mapping of User Roles to their granted permissions can be found on the User Management page by going to Account > Settings > User Management > User Roles.
Data Access Control with Teams
While User Roles control the access a user has to system functionality, such as ability to upload data or edit filter sets, Teams define which entities a user can access. For example, only specific users may be allowed access to entities from a certain jurisdiction or to employee records.
The entities and alerts that a Team has access to is configured by Entity Group. Entity Groups can be added by going to Account > Settings > Entity Groups. For further detail on Entity Groups, please see the relevant section.
To create a Team, administrators can follow the steps below:
Go to User Management > Manage Teams > Add Team
Set a team name, choose group access and any restrictions, then click Save Team
Below are a few examples of types of Team configurations along with an explanation of the access they define.
| Team | Accessible Groups | Blocked Groups | Access Explained |
|---|---|---|---|
| Team 1 | – | Group A | Users on this team have access to any current or future Entity Groups except entities that are part of Group A. |
| Team 2 | Group B | – | Users on this team have access to entities in Group B. They will not have access to Entity Groups added in the future unless this team is updated. |
| Team 3 | Group C | Group D | Users on this team have access to entities in Group C. If an entity is in both Group C and Group D, users on this team will not have access to it. |
Additional User Management
To disable an existing user click on the ellipsis at the end of their row and choose Disable User.
To revoke a user invitation, go to Pending Invites, click on the ellipsis and choose Delete Invite.
Filter Sets
Filter Sets are the primary mechanism for configuring returns and managing true and false positives according to organizational risk appetite in the Sigma360 platform. Configuring and understanding filter sets are critical steps in establishing your risk profile in Sigma360. If you have any questions, please reach out to the Customer Success team at support@sigma360.com.
Core configuration capabilities include the following components:
Match thresholds determine how a database record must match the uploaded name to display in the Matches tab. Reducing the percentage will result in a lower chance of missed risk, but will also result in more hits. Match Thresholds offer granular control over different risk categories, allowing separate threshold configurations for:
-
Sanctions
-
PEPs
-
Other risk
For each risk category, users can configure two proximity parameters: Date of Birth and Location.
Date of Birth Proximity gives users control over filtering Match results based on the proximity of the searched Entity's date of birth to a Match's date of birth:
-
_Exact Match: _Only Matches with the exact same date of birth as the searched Entity will be returned.
-
_Custom Period: _Matches will be returned within a user-defined range (1 to 5 years) around the searched Entity's date of birth.
- For example, if the user sets a 3-year custom period and searches for Joseph Smith born in 1990, results will include matches for Joseph Smith born between 1987 and 1993.
-
No Date of Birth Filter: Selecting this option will disregard the "Date of Birth" field in the search criteria, allowing results from any date of birth.
Location Proximity provides users with the control over filtering Match results based on the proximity of the searched Entity's location to a Match's location:
-
Country: Matches returned within the same country as the searched Entity.
-
_Neighboring Country: _Matches can be from the searched Entity’s country or any neighboring country.
-
_Sub-region: _Matches will include the searched Entity’s country and countries within the same sub-region.
-
_Region: _Matches will include the searched Entity’s country and others within the same broader region.
-
_No Location Filter: _Selecting this option disregards the "Countries" field in the search criteria, allowing results from any location.
To ensure a balance between capturing relevant matches and minimizing noise, consider performing both below- and above-the-line testing when implementing new filter set configurations. For instance, applying a lower match threshold for Sanctions than for PEPs and Other Risk can help reduce the risk of missing critical sanctions alerts.
**Indicators **are a unit of risk or information of interest from a compliance perspective. The indicators are generated when a search is performed and are classified into categories and sub-categories to aid filtering and monitoring. The categories are organized as follows:
-
Sanctions (SAN)** - **An entity listed on a sanctions watchlist. Available as both direct as well as association risk.
-
PEP (PEP)** - **Politically Exposed Person, current and former, organized into 3 levels. Available as both direct as well as association risk.
-
State Owned Entity (SOE)** - **An entity whose shareholders are a public authority, state, or government. Available as both direct as well as association risk.
-
Enforcement Action (ENF)** - **Any hit on a legal, regulatory or enforcement action list. Available as both direct as well as association risk.
-
Restricted Entity (RST)** - **Entities on special lists published by governments that may denote indirect nexus with sanctioned entities or other enforced trade restrictions. Available as both direct as well as association risk.
-
Association Risk (ASR)** - **Any direct or indirect relationships with oligarchs.
-
Jurisdiction (JUR)** - **Four levels of risk classification based on Sigma’s proprietary country risk model.
-
Registration Status (STA)** - **Information about an entity’s status with a corporate registry, regulator, or reputable task force.
-
Transparency (TRN)** - **Any risk related to the bearer shareholder and the Offshore Leaks database.
-
Address (ADD)** - **Known shell company, bearer shares, virtual office, corporate service provider or a sanctioned entity addresses.
-
**Country Watchlist (CWL) - **An entity's location matched with a country on the watchlist.
Within filter sets, users can select network-related indicators. Network Risk is designed to detect associated parties, individuals and Entities (via relationship types: owners or family members) and return a singular Risk Identifier to a user.
While performing a search on Sigma360, additional screens can be performed automatically against Entities that the party owns, is owned by, or is related to. Sigma360 screens for five common risks, enumerated below, to identify risks, even if the searched party is not directly listed.
-
Sanctions and PEPs: any relationship type is considered for single hop, only ownership and family relationships considered for 2 - 3 hops out.
-
Enforcement Actions, Restricted & Stated Owned Entities: only ownership and family relationships considered for 1 - 3 hops out.
| Indicator | One-Hop | Many Hops (up to 3 hops out) |
|---|---|---|
| SAN | Any relationships - Any number of results | If not 1 hop found: shortest path via Family or Ownership relationship to a single result if it exists |
| PEP | Any relationships - Any number of results | If not 1 hop found: shortest path via Family or Ownership relationship to a single result if it exists |
| RST | Shortest path via Family or Ownership relationship to a single result if it exists (max 3 hops out) | |
| ENF | Shortest path via Family or Ownership relationship to a single result if it exists (max 3 hops out) | |
| SOE | Shortest path via Family or Ownership relationship to a single result if it exists (max 3 hops out) |
Exhaustive Profile Data includes KYC information that does not carry explicitly identified risks. When checked, Matches without Indicators will be displayed on Matches Tab.
In addition to Indicators filtering, users have the ability to apply News Media filters.
-
**News Media (MED) ****- **News articles and events identified by Sigma’s News, a mass media screening solution, as well as articles verified and determined to be risky & relevant to the entity from a financial crime & reputational risk perspective.
-
Materiality scoring designed to systematically determine the significance of articles in relation to an organization's risk appetite. The score is a combination of proprietary factors including event type, key terms, publisher preference and other data. The default Materiality threshold is 0%. More information can be found in the Materiality section.
-
Entity Risk identifies a level of risk associated with mentions of entities in an article, which can be applied as a threshold through your filter set. Entity Risk is described in more detail in Entity Risk section below.
-
Event T****opics cover the most common risk categories from negative news, including reports on regulatory, legal, and fraud events, as well as cases of terrorism, arms trafficking, and cybercrime among other significant events relevant to evaluating financial crime risk.
-
Sanctions and Regulatory Violations
-
Breaches of laws or regulations that lead to penalties, fines, or operational restrictions imposed by authorities.
-
Examples: Evading trade sanctions, violating export controls, or facing major regulatory fines.
-
Terrorism
-
Unlawful violence or threats against civilians aimed at advancing political, religious, ideological, or social objectives.
-
Examples: Bombings, hostage situations, or extremist attacks intended to create fear and coerce governments.
-
-
Financial Crime
-
Illegal activities exploiting financial systems or assets through deception, manipulation, or breach of trust for financial gain.
-
Examples: Fraud, money laundering, insider trading, or running Ponzi schemes.
-
-
Corruption and Bribery
-
Misuse of entrusted power or position for private gain through unethical, dishonest, or illegal conduct.
-
Examples: Accepting bribes, giving kickbacks, or colluding to secure fraudulent advantages.
-
-
Organized Crime
-
Criminal operations by structured groups with hierarchical organization, engaging in multiple illicit activities for profit or power.
-
Examples: Mafia syndicates, drug cartels, or coordinated human trafficking rings.
-
-
White-collar Crime
-
Non-violent, financially motivated offenses committed using deceit, concealment, or violation of trust by professionals or businesses.
-
Examples: Corporate fraud, intellectual property theft, or forging financial documents.
-
-
Drug-related Crime
-
Illegal production, distribution, sale, or possession of controlled substances as prohibited by law.
-
Examples: Trafficking narcotics, operating illegal drug labs, or possessing banned drugs with intent to distribute.
-
-
Violent Crime
-
Offenses involving the use or threat of physical force that cause harm, injury, or death, including plans to commit violent acts.
-
Examples: Murder, assault, kidnapping, or armed robbery.
-
-
Weapons and Arms
-
Illegal development, possession, distribution, or proliferation of tools designed to inflict harm, excluding strictly legal military usage.
-
Examples: Arms smuggling, unlicensed firearm deals, or manufacturing prohibited weaponry.
-
-
Cybercrime and Technology Risks
-
Criminal or malicious acts exploiting digital systems or networks to cause harm, theft, or disruption.
-
Examples: Hacking, ransomware attacks, or large-scale data breaches orchestrated by cybercriminals.
-
-
Human Rights Violations and Exploitation
-
Abuses that infringe on fundamental freedoms or dignity through coercion, discrimination, or other exploitation.
-
Examples: Forced labor, human trafficking, or systematic persecution of specific groups.
-
-
Legal Risk
-
Potential financial, reputational, or operational harm arising from civil proceedings or disputes outside criminal law.
-
Examples: Contract disagreements, class action lawsuits, or large-scale intellectual property litigation.
-
-
ESG Risk
-
Negative consequences linked to environmental, social, or governance practices by an organization.
-
Examples: Major pollution incidents, privacy violations, or unethical governance decisions.
-
-
Reputational Risk
-
Events that significantly damage public perception, credibility, or stakeholder trust in an individual or entity.
-
Examples: Executive scandals, product failures sparking public uproar, or widespread social media backlash.
-
-
Environmental Crime
-
Unlawful acts harming the natural environment or violating environmental protections, resulting in ecological damage.
-
Examples: Illegal logging, toxic waste dumping, or unauthorized development in protected areas.
-
-
Political Risk
-
Adverse effects stemming from political decisions, instability, or unrest that disrupt societal order, economies, or governance.
-
Examples: Coups, expropriation of private assets, or large-scale election-related violence.
-
-
Financial Instability
-
Serious stress in financial markets or institutions undermining confidence and possibly triggering systemic disruptions.
-
Examples: Bank collapses, liquidity crises, or asset bubbles bursting across an industry.
-
-
Property Crime
-
Offenses targeting property without direct harm to persons, resulting in theft, damage, or unauthorized interference.
-
Examples: Burglary, vandalism, trespassing, or shoplifting.
-
-
Disinformation and Misinformation
-
Spreading false or misleading information, deliberately or accidentally, that influences public opinion or decisions.
-
Examples: Viral fake news, manipulated media footage, or conspiracy theories disseminated online.
-
-
Informational
-
Significant developments or announcements about people or organizations that are noteworthy but not inherently risky.
-
Examples: Leadership transitions, major business deals, or launching new products or services.
-
-
Other
-
A catch-all category for articles containing potentially relevant information but not fitting any defined category.
-
Examples: Unclassified content from preferred publishers, foreign-language texts, or articles lacking sufficient detail for a more specific tag.
-
-
-
**Languages **filter grants users the flexibility to select preferred languages for the articles, effectively minimizing noise and enhancing the relevance of the content.
-
Year of Birth Range provides users with greater control over the filtering of news articles based on the extracted year of birth in relation to the Entity's date of birth. A default has been set to 3 years. This means that articles will be excluded if the extracted Year of Birth is not within a 3-year range of the Entity's YOB. For example, Joseph Smith with a 1990 year of birth will not return an article where “Joseph Smith, aged 75” is mentioned.
-
Preferred Publishers filters restrict news to only reputable sources such as newspapers of record and government agencies.
-
Publication Date Range filter empowers users with control over how far back they want to delve into historical articles.
-
Publisher Location Proximity allows users to focus on news specifically relevant to their Entity's country, region or sub-region, providing a more targeted and customized information view. For instance, if a user selects "Only return news from publishers in Entity’s country," and the Entity is based in the United States, the articles will exclusively be shown from U.S. publishers.
Users can create and edit filter sets solely on the Settings page. Account → Settings → Filter Sets → Add Filter Set.
Users must explicitly choose each indicator they want to include in the filter set. Importantly, if no indicators are chosen, users will be unable to save the filter set.
On other pages like Investigate, Monitoring List, and Entity, users can only switch between existing filter sets and view their details.
Users can archive a Filter Set by simply clicking "Archive Filter Set" in the top right corner.
Users can set a Default Filter Set, which will be pre-filled whenever they upload an Entity manually or via bulk upload.
By clicking "Details," users can view the specifics of the Filter Set. While users can change to a different Filter Set during the upload process, they cannot edit the Filter Set itself from the upload page.
All created Filter Sets are available on the Investigate page for searching. Users can apply a created Filter Set directly, eliminating the need to manually recreate filters for each search.
Advanced Search Criteria
Advanced search criteria is a powerful tool for users to get more precise results, especially when dealing with entities that might have common names or when searching for specific types of entities within certain locations.
**Advanced Search Criteria **includes fields that are about the entity itself, such as entity type, aliases, date of birth, and operating countries. These criteria help to narrow down the search to specific attributes of the entity with the goal of getting a more accurate return.
Users can add advanced search criteria when uploading entities manually or via bulk upload using a spreadsheet. Advanced search criteria are also available in Investigate. Following example demonstrates how using advanced search criteria can significantly narrow down search results. The number of matches decreased from 12 (shown on the left side of the image) to 1 (shown on the right side) after applying advanced search criteria.
Materiality
The Materiality Model assigns a 0 to 100% score to each article in Sigma360, the higher the score, the more likely the article is material in a financial crime and name screening context. It is not a precise measure of riskiness; it is a likelihood that considers the event tag, article body, publisher trustworthiness, publish date, and the amount of global coverage about the same event from other publishers.
Materiality can be used to filter news articles on the Entity’s News tab or to sort articles on the Sigma ID page.
Filtering
In the Filter Set, users can set a threshold 0-100%. Only articles with a score above the threshold will be returned. The default is 0%. Because setting a materiality threshold will hide news from results, below-the-line testing is recommended prior to implementing it on filter set being used at scale.
Sorting
On the Entity’s News tab, users will be able to sort by most Material or least Material. The former, highest to lowest materiality, is the default.
When there are multiple articles resolved in an event, the one with the highest Materiality will be shown first by default in the reader.
Materiality is only configurable from the filter set, users can edit the Filter Set by navigating to:
**Account > Settings > Filter Sets > Edit **
Setting Materiality in the Filter Set
Users should navigate to the filter set. Drag the slider to the desired materiality threshold.
Understanding and Tuning Materiality
It is important to understand Materiality is a likelihood score. For example, a Materiality Score of 50% suggests that an article has roughly a 50/50 chance of being material.
| Score | Likelihood that the article is material |
|---|---|
| 80 to 100% | Very likely material |
| 60 to 80% | Likely material |
| 40 to 60% | Maybe material |
| 20 to 40% | Unlikely material |
| 0 to 20% | Very unlikely material |
The best Materiality threshold is dependent on organization's risk tolerance. To prevent missing material articles Sigma360 would recommend starting with 0 and then increasing over time to find the right balance of reducing noise and catching material events.
To aid in this process we provide a way to label articles as Material or Not Material. When decisioning news to be removed, users will be prompted with a feedback box, selecting “Article is not risky” will mark the article as not Material.
If you wish to analyze your past decisions to tune Materiality threshold, please reach out to Sigma360 support for detailed decision data alongside Materiality scores.
Entity Risk
The Entity Risk Model categorizes the likelihood of the Matched Entity in a Sigma News Event being directly implicated with a material risk as judged from a financial crime and adverse media screening perspective.
The Entity Risk score is not a precise measurement of risk, rather it is the probability assessment of a fine tuned large language model which is trained to evaluate the direct risk associated with a name based on the surrounding context of the article.
When available, the Matched Entity will have one of the following Entity Risk designations: Unlikely, Low, Possible, High, or Very High.
At this time Entity Risk is only available for English language articles. When unavailable the Entity Risk Potential will be Undetermined.
Entity Risk can be used to filter and sort Sigma News Events on the Entity’s News tab, Investigate’s News tab, and the Sigma ID page.
Filtering:
In the Filter Set, users can set a threshold as Unlikely, Low, Possible, High, or Very High. Only Sigma News Events at and above the threshold will be returned. Above and below the line testing is recommended prior to setting this threshold for large scale screening. Account > Settings > Filter Sets > Edit
Filtering is also available using the Entity Risk Filter dropdown anywhere Sigma News appears.
This dropdown also offers the ability to hide articles with an Entity Risk level of ‘Undetermined’.
Sorting:
Sigma News Events can be sorted by Entity Risk level in either ascending or descending order of risk, the latter being the default.
Understanding and Tuning Entity Risk:
The optimal Entity Risk threshold is dependent on organization’s risk tolerance. As the threshold is increased, the volume of Sigma News Events returned decreases. However, we recommend above and below the line testing to optimize volume reduction while maintaining an acceptable catch rate.
The simplest way to evaluate returns at various thresholds is to use the Entity Risk filtering dropdown in Investigate to analyze the returns for a sample of known adverse entities.
To aid in a larger scale statistical analysis, when reviewing Sigma News Events in an Entity’s News tab in Monitoring, a user may label an event as My entity is not risky.
If you wish to analyze your past decisions to tune Entity Risk threshold, please reach out to Sigma360 support for detailed decision data.
Managing Entity Groups
When uploading entities in bulk or manually, users have the capability to assign multiple groups.
To update the groups assigned to an Entity, users should click on the Group field.
Clicking the cross icon will remove the group.
To add a new group, users should click on the input field and a dropdown will appear.
Users should confirm the action and a new Group will be added to the list of already existing groups on the entity.
Users are able to update Groups for multiple Entities.
Users should choose a new group for selected Entities and press Save Updates.
Entities old groups will be replaced with the new ones the user chooses.
Users are able to filter Entities based on specific group combinations. For example, “Display all the entities that belong to Group A and Group B, but not Group C."
Multiple group fields are displayed in both the Entities CSV report as a column and the Entity Report, where they appear in the top section.
Entity Group deletion
Permissioned users can delete Entity Groups. Before deletion, users must ensure that no entities are assigned to the group.
To delete a group, the user should click on the trash icon.
-
If the group is assigned to a Team, the user must remove the group from the Team before deleting it. The system will not allow the user to delete the Group until the Team has been updated accordingly.
-
If the group is part of a Notification Group, it will be removed from that notification group.
If a user wants to delete a group that contains Entities, they must first move the Entities to another group before proceeding with the deletion.
Setting up Notification Groups
Users can set up Notification groups based on specific indicators connected to an entity group or individuals. Users can select the users who will get the notification, as well a cadence of daily, weekly or monthly.
Under Account > Settings > Notification Groups > Create New Group
Users can include all entity groups, even those that do not yet exist. This ensures that any newly created entity groups are automatically included by default, eliminating the need for manual updates.
Users still have the option to include only specific custom groups or individual Entities they are interested in.
Users can then select users within the organization that the notifications will be sent to.
Finish and Save will confirm the group setup.
Email Configurations
Users can configure which emails they want to receive from Sigma360. They can easily turn specific email notifications on or off, such as filter set change, entity upload confirmations, or generated report emails.
Block & Allow Lists
Block and Allow List functionality, allows users to manage lists of Entities that should be blocked or allowed within a platform. This functionality helps users reflect previous onboarding and due diligence decisions efficiently.
Accessing the Block and Allow List Functionality
To access the Block and Allow List functionality, users should log in to the platform using credentials. Once logged in, users should navigate to the **Account > Settings > Allow List or Block List **section.
To create new list users should click the 'Create New List' button.
A modal window will be displayed with a field to enter the new list name.
The new list will appear in the dropdown menu.
Users can view existing Block and Allow Lists in the Drop-down.
To add entities to an existing list, users should click the "Add an Entity" button on the screen.
Follow the on-screen prompts to select the list file from the device.
To add a single Entity to an existing list, users should navigate to the specific list and click the "Add an Entity" button, enter the Entity's details and save the changes.
To archive a single Entity from a list, users should navigate to the list, locate the Entity that needs to be removed, and click the "Archive" icon. Upon successfully archiving the Entity, the associated indicators, whether BLK (Block) or ALW (Allow), will be removed. Additionally, the Entity's score will be adjusted based on the existing indicators.
To archive a list, users should navigate to the list that needs to be removed, and click the "Archive" icon. Upon successfully archiving the list, the associated indicators, whether BLK (Block) or ALW (Allow), will be removed from all Entities. Additionally, the score of all Entities will be adjusted based on the existing indicators.
To rename an existing or newly created list, users should navigate to the specific list and click on the "Edit" icon, enter a new name and save the changes by clicking Save List.
After adding an Entity to the Block and Allow List, users must include the BLK or ALW indicator in their filter set to receive BLK or ALW alerts related to these entities.
Users can now filter by Blocklist and Allowlist indicators across the Alerts, Monitoring, and Investigate pages, making it easier to manage and track relevant entities.
Entities will be tagged with a corresponding indicator, BLK or ALW, for easy identification in Investigate, on the Monitoring Page, on Alerts page, on the Matches Tab and on Sigma ID page.
Investigate
Monitoring Page
Matches Tab
Sigma ID Page
Users can also create notification groups with Blocklist and Allowlist indicators.
When an Entity is added to the Block List, the risk score becomes 100.
If an Entity is added to the Allow List, the risk score becomes 0.
Entities that have been added to the Block and Allow List will appear as new Matches on the Entity Page. These Matches will display the corresponding indicator (BLK or ALW). A Sigma ID Page is automatically created for each Entity added to the Block or Allow list.
Country Watchlist
Country Watchlist allows users based on their operations, client base, or data to configure their watchlist by selecting countries they deem as high-risk areas. When there is a location match with any of the countries on the watchlist, users will automatically receive an alert.
Users can select countries from a dropdown menu under Account –> Settings –> Country Watchlist. The default Country Watchlist includes Russia, Iran, Cuba, Syria, and North Korea.
Users can modify this list by adding or removing countries.
Once the watchlist is configured, users must include the Country Watchlist (CWL) indicator in their filter set to receive risk alerts related to these countries.
When a match is found in a location listed in the Country Watchlist, the CWL indicator will be assigned to the corresponding Match. Additionally, if users specify a country in the Advanced Search criteria, a Country match will be added to the Matches table.