ComplyGenics will perform end-to-end validation of all your models and filtering thresholds used by the BSA monitoring systems in order to ensure that all customers, accounts and transactions are captured, and the systems are adequately detecting potential suspicious and sanctioned activity.
We will start by reviewing your latest risk assessment, AML/ATF policies and procedures, latest system review report, audit comments and remediation efforts documents, if any, and identified monitoring scenarios.
Additionally, we will review governance and management oversight, policy and procedures governing changes to transaction monitoring and filtering program to ensure that changes are identified, managed, controlled, and reported.
ComplyGenics will ensure that your risk assessment fully represents your organization risks and your risk appetite. We will ensure that all your products and services have been risk assessed for potential use for money laundering and/or terrorism finance, your customer types are well defined and understood, all geographies where your organization and your customers operate are covered, and that your controls and processes are properly mitigating identified risks.
We will identify all your customer, account and transaction systems and make sure that all data is fed into your monitoring systems. We will validate all data flows from source to destination, ETL processes and validate that ETL controls are adequate to guarantee accurate data delivery to AML systems.
Transaction Monitoring Program
We will evaluate your transactions monitoring program, ensuring that it meets your risk assessment, BSA/AML detection scenarios and threshold values are designed to detect potential suspicious or illegal activities. We will do end-to-end testing of the transaction monitoring program, including a review of data governance, data mapping, transaction types, detection-scenario logic and model validation. We will review the documentation that articulates the institution’s current detections scenarios and ensure that the underlying assumptions, parameters, and thresholds are accurate and address the scenarios identified on the policies.
We will validate that the technology, processes and tools for matching names is based on the Bank’s risk assessment. Perform an end-to-end testing of the filtering program, review of the data matching, and whether or not the matching thresholds are appropriately set within the logic used by the technology, that the documentation that articulates the intent and design of the filtering programs and tools is available and up to date, that on-going analyses to assess the logic and performance of the technology for matching names and thresholds settings are appropriate. Additionally, will ensure that policies and processes to manage changes and updates to the negative and white lists are appropriate.