System Validation
Forvis Mazars professionals can validate the programming of the automated transaction monitoring system used for suspicious activity monitoring and reporting purposes. Validation services include assessing the accuracy and integrity of the transaction monitoring system and whether the application is functioning as intended. Accordingly, validation services would include the following procedures (as applicable):
- Identification of the types of customers, products, and services that are included within the automated account monitoring system and whether there are any exclusions
- Identification of the system’s methodology for establishing and applying expected activity or profile filtering criteria and for generating monitoring reports, and a determination if selected filtering criteria are considered reasonable
- Analysis of available filters/rules that are not used and whether additional filters/rules would enhance monitoring consistent with the Bank’s risk profile
- Testing whether selected filtering criteria’s reported output continues to be reliable
- Transaction testing that will include sampling transactions and other data from the bank’s source systems for confirming accurate inclusion in the automated system
- Testing whether the system’s automated risk scoring is applied appropriately to enable identification of higher risk customers
- Testing whether OFAC screenings include current SDN and Consolidated Non-SDN lists and encompass the entire database
- Testing whether 314(a) (information sharing) search names are imported and applied to the entire database appropriately
- Review of the vendor program assurances and status of applicable upgrades
- Review of change/access/maintenance controls for the monitoring system
Whether system modifications or filtering changes over the assessed period are considered appropriate.