Reviewing a User Profile

User Profile

The user profile in RiskOps Lab is the central place for investigating a person, not just a single alert.

While an alert shows a specific risk signal, the profile provides a broader view of the user’s behaviour across the platform.

It brings together transactions, activity, linked entities, and alerts, allowing you to analyse the full context before making a decision.

What you see in a user profile

When you open a user profile, you get a structured view of the user and their behaviour.

This includes basic account details such as status, risk level, and key identifiers, along with supporting information like contact details and documents.

The profile is organized into several tabs:

• Transactions - movement of funds, amounts, channels, and statuses
• Accounts - financial accounts linked to the user, such as cards, bank accounts, or crypto wallets
• Access & Links - connections to other users and network-level relationships
• Activity - user actions and behavioral signals
• SOF - source of funds information
• Alerts - all alerts linked to the user
• Notes - predefined notes and historical context related to the user (read-only)

This allows you to move beyond a single signal and understand the overall behavior of the user.

How to work with the profile

The profile is designed to support a full investigation flow.

You typically:

Start by reviewing the user’s overall context, including account status and basic information.

Then analyze transactions to understand how funds move, how often activity happens, and whether patterns look unusual.

Review activity and access data to identify behavioral anomalies, unusual locations, or connections between accounts.

Check linked alerts to see whether risk signals are isolated or part of a broader pattern.

If needed, add the user to your Watchlist to track them over time.

Starting a case from the profile

You are not limited to working from alerts.

You can start a review directly from the user profile.

This is useful when:

• Risk is visible across multiple signals
• There is no single alert that captures the full picture
• You want to assess the overall risk of the user

In this case, the profile acts as an entry point for an ad hoc investigation.

Review workspace

The profile includes the same review workspace as alerts.

You can:

• Write your analysis and reasoning
• Save drafts
• Submit your case for review
• Receive feedback and update your work

The case lifecycle and statuses are the same as for alerts.

Example

Activity review: The user shows low but consistent activity over time, followed by a sudden increase in incoming transfers from unrelated third parties.
Funds are partially retained and partially transferred out to external wallets.
Red flags: Change in behavior pattern. Multiple unrelated counterparties. Partial fund outflow after aggregation
Decision: Info requested
Rationale: The activity deviates from the user’s historical pattern and involves multiple external parties. However, there is not enough information to determine whether the activity is legitimate. Additional clarification is required regarding the source of funds, relationship with senders, and purpose of outgoing transfers.

How profiles are used in training

The user profile is designed to train a different level of thinking.

Instead of analyzing a single signal, you are expected to build a full risk picture of the user.

You look at:

• Financial behavior
• Activity patterns
• Linked signals
• Historical context

This reflects real fraud and AML workflows, where decisions are rarely based on one alert alone.

Why it matters

In real investigations, alerts are only starting points.

Decisions are made based on the overall behavior of the user.

The profile in RiskOps Lab is built to simulate exactly that.

It helps you move from reacting to signals to building structured, evidence-based conclusions about user risk.