For Compliance Administrators and Compliance Officers.
For a full explanation of how the eComms permissions model works, see How the eComms permissions model works.
Overview
When eComms Review processes a message, it evaluates the message against active detection policies and generates an alert for each policy breach found. Each alert is tagged with exactly one scope — either a specific User Group or the account level — and access to that alert is strictly limited to users with explicit purview over that scope.
How alerts are scoped
Determining which groups apply
When a message is processed, the system checks which User Groups each participant belongs to, based on the Groups field on each user's profile. A message involving participants from multiple groups is associated with all of those groups, and each group's detection policies are evaluated independently.
If no participants belong to any User Group, the message is evaluated against account-level detection policies only.
Alert generation
If a detection policy for a given group finds a breach, one alert is generated and tagged with that group. If account-level policies find a breach, one alert is generated and tagged as account-level. A single message can produce zero, one, or multiple alerts — one per scope whose policies were breached.
Each alert carries exactly one tag — either a specific User Group or the account level. That tag is displayed as the Supervision Group on the Alert Detail panel.
Who can see an alert
Access to an alert is strictly scoped to its single tag. There is no overlap between group-level and account-level access for alerts.
Alert scope | Who can see it |
Tagged with a specific User Group | Admins; Supervisors assigned to that User Group |
Account-level (<Account>) | Admins; Supervisors designated for users not in a group |
Example: Jane is a member of Group1. John has no group assignment. Jane sends John a message that is flagged under Group1's detection policy. The alert is tagged with Group1. Only Admins and Supervisors assigned to Group1 can see this alert — the Supervisor designated for users not in a group has no access to it. If instead the breach was detected under an account-level policy, the alert would be tagged as account-level and visible only to Admins and Supervisors designated for users not in a group.
Alert assignment
An alert can optionally be assigned to a specific individual to indicate who is taking ownership of the review. Assigning an alert to one person does not restrict access for other users who have purview over that alert's scope. All eligible users retain the ability to view and act on the alert regardless of assignment.
If the Automatic assignment of unassigned Alerts setting is enabled in Account Defaults, any unassigned alert is automatically assigned to the first Supervisor or Admin who opens it. If an alert is already assigned, this setting has no effect.
Common use cases
Account-level only setup — No User Groups are configured. All alerts are account-level. Only Admins and Supervisors designated for users not in a group can see them. This is the recommended starting point for most firms.
Group-based supervision — A firm configures separate User Groups for two trading desks. Each group has its own detection policies and assigned Supervisors. An alert tagged with Desk A is visible only to Desk A Supervisors and Admins — Desk B Supervisors cannot see it.
Mixed-participant message, group policy breach — A message involves one participant in Group1 and one with no group. The breach is detected under Group1's policy. The alert is tagged with Group1 and is visible only to Group1 Supervisors and Admins.
Mixed-participant message, account-level policy breach — Same message, but the breach is detected under an account-level policy. The alert is tagged as account-level and is visible only to Admins and Supervisors designated for users not in a group.
Alert delegation — A senior supervisor assigns a specific alert to one reviewer using the Assigned to field. Other Supervisors with purview over that alert's group retain full access.