Watchlist Match and Manual Review

A Process Instance can be configured to require a manual review in the event that a match is found while searching a Watchlist. This can be useful in scenarios where you may not wish to allow or block outright and provide a manual investigation of the identity verification attempt before proceeding.

To enable this flow using the new Watchlist management, each Watchlist search activity includes a 'Search Behavior' input parameter than can be configured to allow a manual review before proceeding.

For more information on the manual review process, see the Manual Review Guide

Search Behaviors

The 'Search Behavior' input parameter controls how the activity responds to matches:

ValueMatch FoundNo MatchUse Case
BLOCKoutcome = FAILoutcome = PASSBlocklist: Fail the check if the face is found on the watchlist
ALLOWoutcome = PASSoutcome = FAILAllowlist: Pass only if the face is found on the watchlist
BLOCK_REVIEWoutcome = REVIEWoutcome = PASSBlocklist with Review: Send to review if found, otherwise pass
ALLOW_REVIEWoutcome = REVIEWoutcome = FAILAllowlist with Review: Send to review if found (match needs human verification), otherwise deny (not on allowlist)

In this guide, the BLOCK_REVIEW and ALLOW_REVIEW values will be used to enter a manual review flow.

Configuring a Manual Review Flow

The example in this document will use an IPv4 Watchlist. However, this same process is applicable to all Watchlist types. See the guides below for more information on configuring a Watchlist of each type:

Step 1 - Create a Process Definition

  1. Create a new Process Definition by navigating to Process Definitions > New Process Definition in the Backoffice application.
  2. Add a 'Create Start Event' to the Process Designer.
  1. Click the 'Start' event to open the right-side contextual menu and enter a name for the 'Name' input parameter.
  2. Add a 'Create End Event' to the Process Designer and connect it to the 'Start' event using a sequence flow arrow.
  1. Click the 'End' event to open the right-side contextual menu and enter a name for the 'Name' input parameter.

Step 2 - Record the IPv4 Address

  1. After the 'Start' event, add a 'Record IPv4 Address v1' activity to the Process Designer and use the 'Global connect tool' to connect the activity to the flow.
  1. The activity supports one configurable activity parameter. The 'Key' parameter contains an identifier used to identify the IPv4 recording attempt. By default, the Key is set to "ipv4Address1". The IPv4 record will be stored in the _signals object. For more information, see the Signal Recording of IPv4 Address section.

Step 3 - Perform Search Against Watchlist

  1. Add a 'Search IPv4 Watchlist v1' activity to the Process Designer and connect it to the 'Record IPv4 Address v1' activity using the 'Global connect tool'.
  1. The 'Search IPv4 Watchlist v1' activity includes the following input parameters:
Parameter Description Type Default
IPv4 Address IPv4 address to search (max 18 chars, e.g., "192.168.1.1") String ${_signals.ipv4s.ipv4Address1.ipv4}
Max Match Results Maximum number of matches to return (1-100) Integer ${10}
Search Behavior Determines how match results are interpreted: BLOCK (match=FAIL, no match=PASS), ALLOW (match=PASS, no match=FAIL), BLOCK_REVIEW (match=REVIEW, no match=PASS), ALLOW_REVIEW (match=REVIEW, no match=FAIL) String BLOCK
Search Key The key under which the check result will be stored in the checks object String watchlistSearch1
Watchlist Name Name of the IPv4 watchlist (max 250 chars) String Name of the IPv4 watchlist (max 250 chars)

For this example, the 'Search Behavior' input parameter will be set to ALLOW_REVIEW .

Step 4 - Configure Conditional Logic

  1. After the 'Search IPv4 Watchlist v1' activity, add a gateway that will be used for managing the directions of the flow.
  1. From the gateway, add a 'Simple Decider' and connect it using a sequence flow arrow.
  1. Click the sequence flow arrow connecting to the 'Simple Decider' to open the right-side contextual menu. Under the 'Condition', create a new 'Expression' and set the expression to ${_checks.watchlistV2.ipv4.watchlistSearch1.outcome.equals("REVIEW")} .

  1. This expression retrieves the outcome from the Watchlist search attempt and determines if the result equals "REVIEW".

    1. _checks - Access the _checks.
    2. .watchlistV2 - Access the .watchlistV2 table within the _checks object.
    3. .ipv4Address - Accesses the list of ipv4Address Watchlists collected during the Process Instance. Possible values include: facev6, documentNumber, ipv4Address, or visitorId .
    4. .watchlistSearch1 - Represents the key of the Watchlist search attempt performed in Step 3.
    5. .outcome.equals("REVIEW") - Checks to determine if the outcome of 'watchlistSearch1' is equal to "REVIEW".

  2. Select the sequence flow arrow connecting the 'Gateway' to the 'End' event. Choose the spanner icon and set the element to 'default flow'.

  1. Select the 'Simple Decider' activity and set the 'Derive Decision From' value to "REVIEW".

Step 5 - Configure Review Flow

  1. Add a 'Review Required V2' activity to the Process Definition and connect the activity to the 'Simpler Decider' using the Global connect tool.
  1. This activity will inform the end-user that a manual review is required.
  2. After the 'Review Required' activity, add a 'Process Instance Review Status Report' activity to the Process Designer. This activity is used to update the status of the Process Instance to 'review'.
  1. Add a 'Waiting for B/O review v2' activity to the Process Designer and connect the activity to the 'Process Instance Review Status Report' .

  1. This activity includes two error boundary events:

    1. Timer Boundary Event - Triggered when the process exceeds the duration set in the 'Timer' input parameter.
    2. Invalid Decision Outcome - Triggered when an invalid decision has been made for the Process Instance.

  2. For this flow, each boundary event will be connected to an 'end' event that will end the Process Instance.

  3. Add a new 'Simple Decider' activity to the flow and connect it to the 'Waiting for B/O review V2' activity. This activity can also be connected to the "For Review?" gateway.

Test and View Results

The Process Definition can be tested by creating a new Process Token.

  1. In the Backoffice application, navigate to Process Definitions > Process Tokens.
  2. From the Process Tokens landing page, select 'New Process Token'. A popup modal will appear where details of the Process Token can be defined.
  1. Scan the QR code or click the generated link to begin the process. If the IP address is a match within the Watchlist, Trust Web will present a page to signal that the process is pending further review.

Perform Manual Review

Process Instances that require a manual review can be viewed from the Backoffice application. It is also possible to action and update their statuses.

  1. In the Backoffice application, navigate to Process Instances > For Review.
  2. Using the search filters provided, find the Process Instance in the review status.
  1. A tenant with the appropriate permissions will be able to update the status of the Process Instance by first clicking on the magnifying glass next to the Process Instance to be edited.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Managing Legacy Watchlists
Edit on GitHub
On This Page
Watchlist Match and Manual ReviewSearch BehaviorsConfiguring a Manual Review FlowStep 1 - Create a Process DefinitionStep 2 - Record the IPv4 AddressStep 3 - Perform Search Against WatchlistStep 4 - Configure Conditional LogicStep 5 - Configure Review FlowTest and View ResultsPerform Manual Review