Handbook for buying Compliance Solution
What is Regulatory Compliance?
Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations.
– Wikipedia
In general, compliance means conforming to a specification or policy, standard or law that has been clearly defined.
Compliance in an organization is a cluster of programs, policies and procedures to comply to regulation and can be broadly classified into:
- BSA/AML Compliance
- OFAC Compliance
- IT Compliance
- E-mail Compliance
The following sections briefly update the BSA part of the compliance.
A Compliance Solution
BSA/AML Functions
Any AML compliance product should be a broader set of the following basic set of features:
- Customer Due Diligence and Know your Customer refers to customizable policies and procedures of an organization to know the customers with whom they are dealing with. KYC should support different elements based on the organization’s needs.
- Enhanced Due Diligence refers to the Customer Identification Program mandated by the USA Patriot Act. Tools within the system should allow users to prepare customized questionnaires for customer staging and proper workflow tools to validate.
- Transaction Monitoring refers to suspicious activity and fraud monitoring on customer transactions which will be mostly by the use of rules according to client need based on BSA laws, regulations and directives. The laws are based on the geographical position of the financial institution and the customer the organization deal with. The function should initiate investigations automatically using the detection mechanism and support easy-to-use tools for a detailed investigation.
- Case Management and Regulatory Reporting refers to investigation of cases and different methods of reporting the cases to different regulatory authorities.
Common functions
In addition to the above Compliance related feature, the product evaluator from the organization should also have answers to the following questions which mostly apply to any financial software applications.
- Global audience. Make out a list of countries where the product can be used. Does the product provide compliance to all the regulatory needs for that country?
- Multi-lingual. Are multiple languages supported? If yes, is multi-language support installation specific? How many languages are supported?
- User and Rights Management. How are users managed within the application? Does the application use Active Directory? Can the user be given rights based on windows rights?
- Work flow and Routing mechanisms. How can I create job functions within? How will I assign rights?
- Batch processing. Will the app allow batch and bulk processing for certain tasks? Is there a list of such processes?
- Data Import. What are the ways data can be imported? Direct from source systems through channels? Flat files? Database table transformation imports?
- Information Reporting and Data Export. What are the ways to generate reports? Is there a way to generate reports automatically?
- Tracing, Logging and Auditing. Does the application support customizable logging to direct to event viewers, flat files, databases and even sinks? Is enough information logged for auditors? For product support are there any trace switches?
- Licensing. What type of licensing is available? Is there an evaluation version? Can I buy more products in the future?
- Service and Support. What kind of customer services is provided? What are the terms and conditions?
Platform
In addition to the features, a detailed pre-requisite for the product should be obtained for the product cost statement.
- Is a dedicated server necessary? What is the Operating System? Are there any limitations in choosing the OS?
- What platform is it running on? Open source or Proprietary or Legacy? Java or .NET or PHP? Win forms or Web or both? IIS or Apache or Websphere?
- Is the application dependent on a database? Is that database free? Does the organization already have license for the database? What database edition is required by the product?
- Is the application using any third-party tool? Is a list of those third-party tools available? Do I need any email clients? How many tools are free? Any particular version? Can those tools be upgraded for free if necessary?
- Do the end-users require any plug-ins or software to run the application? What is the setup cost for installing that plug-in? Does the end user need to change any browser settings for running scripts, ActiveX, etc?
- What will be the setup cost? What kind of support is required by the organization for installation?
- Any task scheduler necessary to run jobs?
Based on the organization’s software policy, a cost sheet can be generated using the following entities.
Features Check-list
AML Product
The following table can be used to check the product feature list before evaluating a product:
Feature |
Available Yes/No |
Comments |
Web based application |
Yes / No |
List the advantages and disadvantages of having a web or windows based application over the others |
Windows based application |
Yes / No |
Identify if all the features are available in windows or web as a whole. If not list the features that are available in each mode |
Customer Due Diligence (CDD) |
Yes / No |
|
Risk classification |
Yes / No |
|
Customer risk scoring |
Yes / No |
|
Risk management |
Yes / No |
|
Enhanced Due Diligence (EDD) |
Yes / No |
|
Transaction Monitoring |
Yes / No |
|
Ready-made rules |
Yes / No |
|
Customize rules |
Yes / No |
|
Schedule monitoring |
Yes / No |
|
Case Management |
Yes / No |
|
Case Auditing |
Yes / No |
|
Case Investigation |
Yes / No |
|
Workflow management |
Yes / No |
|
Customize Pages |
Yes / No |
|
Selection filters |
Yes / No |
|
Regulatory reports |
Yes / No |
|
Suspicious Activity Report |
Yes / No |
|
Currency Transaction Report |
Yes / No |
|
Electronic filing |
Yes / No |
|
Custom regulatory reports |
Yes / No |
|
Reporting |
Yes / No |
|
Export as PDF, Excel, etc |
Yes / No |
|
Charts |
Yes / No |
|
|
Platform
The following table will help in putting up together the list of software necessary in addition to the products itself.
Component |
Description (list all the required software) |
Operating System (in Server) |
|
Database (in Server) |
|
Third Party tools (in Server) |
|
Application Server |
|
Data Access Components and Drivers |
|
Task Schedulers |
|
Office tools |
|
Email client |
|
Supported Browser |
|
File reader |
|
Report viewer |
|
Links
The following pointers can be used for reference. These web links are pointers to the AML and Banking related web sites.
- Bank Secrecy Act
- Office of Foreign Assets Control
- Federal Financial Institutions Examination Council
- Board of Governors of the Federal Reserve System
- Federal Deposit Insurance Corporation
- National Credit Union Administration
- Office of the Comptroller of the Currency
- Office of Thrift Supervision and the State Liaison Committee
- Conference of State Bank Supervisors
- American Council of State Savings Supervisors
- National Association of State Credit Union Supervisors
Your comments to this draft copy is greatly appreciated.
Can you tell me who did your layout? I’ve been looking for one kind of like yours. Thank you.
this theme is free and you can use it for your WordPress blog by downloading it from http://wordpress.org/extend/themes/inove.
Great post!