Knogin
[Developers]

Investigation Status Workflow

When a compliance team is managing two hundred active investigations simultaneously, the question of which case is in which state cannot be answered by asking individual analysts. It needs to be visible, accurate, and au

Back to All Modules
Category: InvestigationLast Updated: Feb 5, 2026
investigationcompliance

Overview#

When a compliance team is managing two hundred active investigations simultaneously, the question of which case is in which state cannot be answered by asking individual analysts. It needs to be visible, accurate, and automatically maintained. A case that sits in Active state for three weeks past its SAR deadline because a supervisor did not notice the transition requirement is a regulatory exposure. The Status Workflow module ensures that kind of gap cannot persist, automating transitions, enforcing business rules, and escalating at-risk cases before deadlines are missed.

The five-state investigation lifecycle, from Draft through Active, Under Review, Closed, and Archived, is the backbone of every investigation in the platform. The Status Workflow module manages those transitions with configurable rules, SLA monitoring, and complete audit capture, so compliance teams can demonstrate at any moment that every case is progressing correctly.

Key Features#

  • State Machine Engine: A configurable state machine orchestrates investigation lifecycles across multiple phases including triage, active investigation, review, resolution, and special states, enforcing valid transitions and role-based permissions.
  • Automated Status Transitions: Investigation milestones and events automatically trigger status changes, reducing manual updates and ensuring investigations progress through workflow phases without delays.
  • SLA Tracking and Escalation: Multiple deadline types are monitored across investigation phases with automatic escalation of at-risk cases to appropriate personnel when SLA thresholds approach or are breached.
  • Dynamic Priority Management: Priority algorithms dynamically adjust case urgency based on risk scores, regulatory deadlines, resource availability, and investigation developments for context-appropriate processing.
  • Business Rule Validation: Configurable transition prerequisites are validated before state changes, preventing invalid transitions and ensuring mandatory conditions such as evidence collection or supervisor approval are met.
  • Workflow Automation: Configurable automation rules trigger downstream actions on status changes including notifications, task assignments, report generation, and integration updates.
  • Real-Time Status Dashboards: Visual dashboards give supervisors investigation status visibility, phase progress tracking, SLA compliance monitoring, and bottleneck identification across all active cases.
  • Parallel Workflow Support: Multiple sub-investigations maintain independent status lifecycles while rolling up to the parent investigation, enabling complex multi-track case management.
  • Complete Audit Trail: Every status change is captured in an immutable audit record with timestamp, user, justification, and before/after state, supporting regulatory compliance and quality assurance reviews.

Use Cases#

  • Case Lifecycle Automation: Compliance teams automate investigation progression from new alert triage through analysis, review, decision, and closure, with automated transitions reducing manual coordination overhead.
  • SLA Compliance Management: Supervisors monitor investigation deadlines across regulatory filing requirements, internal policies, and customer commitments, with automatic escalation ensuring timely case resolution.
  • Priority-Based Case Routing: Dynamic priority adjustments ensure high-risk investigations receive appropriate attention and resources, with automatic re-prioritization as risk scores and regulatory deadlines change.
  • Regulatory Examination Documentation: Complete status history with audit trails and transition justifications provides ready documentation for regulatory examinations and compliance reviews.
  • Workflow Standardisation: Configurable workflow templates standardise investigation processes across teams and case types, ensuring consistent methodology application and quality standards.
  • Management Reporting: Real-time dashboards and status analytics enable management visibility into case volumes, resolution rates, SLA compliance, and team performance metrics.

Integration#

The Investigation Status Workflow module integrates with the platform's case management, alert management, team collaboration, and reporting systems. Status changes automatically update case timelines, trigger notification workflows, and synchronise with external case management platforms. SLA tracking connects to regulatory calendar systems, and escalation workflows route to team management and supervisor dashboards for timely intervention.

Open Standards#

  • W3C SCXML (State Chart XML): The investigation lifecycle state machine is modelled as SCXML-compliant state nodes and events, with each state and transition aligned to the W3C SCXML specification so the machine definition can be exported as interoperable XState v5 JSON.
  • BPMN 2.0 (OMG ISO/IEC 19510): Workflow graph concepts, nodes, edges, trigger and action types, and execution paths, follow Business Process Model and Notation 2.0 semantics, enabling workflow definitions to be reasoned about and exchanged with BPMN-aware tooling.
  • GraphQL (June 2018 specification): Every query, mutation, and subscription for case status rules, transition history, approver records, and workflow stage configuration is exposed through a strongly-typed GraphQL API, including cursor-based pagination and resolver-level RBAC enforcement.
  • ArcSight Common Event Format (CEF): The immutable audit trail for every status transition is exportable in CEF format (version 0), enabling direct ingestion by SIEM platforms such as Splunk, Microsoft Sentinel, Elastic Security, and IBM QRadar for correlation and compliance reporting.
  • ISO 8601 / RFC 3339: All transition timestamps, SLA deadlines, approval timestamps, and audit record creation times are stored and serialised as UTC-offset ISO 8601 strings, ensuring unambiguous, timezone-safe chronological ordering across the full case lifecycle.
  • RFC 4122 (UUID v4): Every case, status rule, transition history record, approver assignment, and workflow entity is identified by a randomly generated UUID v4, providing collision-resistant, globally unique identifiers without a central registry.
  • ISO 3166-1 alpha-3: Investigation subject and entity records carry three-letter country codes conforming to ISO 3166-1 alpha-3, supporting consistent jurisdictional attribution across multi-national investigations.

Last Reviewed: 2026-02-05 Last Updated: 2026-04-14

Ready to Build?

Get started with our APIs or contact our integration team for support.