1 / 18

Compliance System Validation - An Audit Based Approach December 2012

Compliance System Validation - An Audit Based Approach December 2012. Current Challenges. Wide range of service providers and skills Inconsistent quality of the assessment and deliverables Often independent contractors are used resulting in lost continuity year to year

sitara
Download Presentation

Compliance System Validation - An Audit Based Approach December 2012

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compliance System Validation- An Audit Based ApproachDecember 2012

  2. Current Challenges • Wide range of service providers and skills • Inconsistent quality of the assessment and deliverables • Often independent contractors are used resulting in lost continuity year to year • Lacking consistent standards of performance • Findings frequently not tied to risk and potential impact • Level of independence is not always clear

  3. Terminology

  4. Need for an Audit Based Approach • Boards and management are recognizing both • Need to perform independent validations of systems and • Lack of consistent high quality “audit based” assessments in the past • Critical role of technology in BSA/AML Compliance program • Increased scrutiny by regulators • Mitigate the probability and impact of critical risk events • Avoid severe regulatory penalties and reputational risk

  5. Need for Audit Based Approach • Required by FFIEC BSA Examination Manual: • “A periodic review of the effectiveness of the suspicious activity monitoring systems (manual, automated, or a combination) used for BSA/AML compliance.” • Evaluate the system’s methodology for establishing and applying expected activity or filtering criteria • Evaluate the system’s ability to generate monitoring reports (Cases/alerts) • Determines whether the system filtering criteria are risk based & reasonable. • Validate the auditor’s reports and work papers to determine whether the bank’s independent testing is comprehensive, accurate, adequate, and timely.

  6. What is an Audit based approach?

  7. Essential Requirements for Audit Based approach

  8. Audit based approach phases

  9. Independent Validation - Components • Should be performed by qualified individuals within the FI or by a qualified third party • Should be performed annually or should match the frequency of Risk Assessment • Should consider the alignment of BSA AML System with Risk Assessment including • Customers • Geographies • Lines of Business • Products and Services

  10. Independent Validations - Coverage

  11. Technical Challenges • Assessingthe functionality of rules and that the data supports rule processing   • Logic is not always transparent • Flaws in logic processing • Too many false positives • Validating all required SWIFT Messages are being scanned • Inconsistent thresholds on rules/scenarios leading to incorrect or no alerts • Absence of data or poor data quality providing incorrect customer risk classification

  12. Organization’s Roles & Responsibilities 3rd Line of Defense 1st Line of Defense 2nd Line of Defense

  13. Keys to an Effective Validation

  14. Audit based Performance Standards • Consistent with professional practice standards • Audit procedures and testing commensurate with risk • Quality Assurance reviews • Build on knowledge of best practices • Continuous improvements methodology • Confidentiality and Security protocols • Specialized analytical tools

  15. Deliverables • Assessment Report • Key observations • Associated risks and potential impact • Recommendations for risk remediation • Significant Items Management Action Plan • Living document with significant findings • Management responses • Remedial action plan with “Ownership” and due dates • Test Work Papers and Supporting Documentation

  16. How to select a Third Party Vendor? • Should integrate three essential skillsets: • Audit expertise • Compliance & regulatory knowledge • Strong technology and in-depth product knowledge • Well defined structured process/framework that is adaptive • Completely independent • Continuity of permanent staff • Professional Certifications – CPA, CIA, CAMS CCRP etc. • Good customer references

  17. Essential qualifications

  18. Questions

More Related