COMPLIANCE
In today ’ s world , onboarding and transactions occur across various channels , from offices and the web to mobile applications , which lead to diverse data formats
of a sample of files . Rather , the substantive tests are created in a way to evaluate the entire population of records . For example , consider one required field or data element , the driver ’ s license number , which requires verification for customer identification . The questions regarding this data element are as follows .
1 . Is the field populated ? 2 . Is the data in the correct format ? 3 . Has the data been verified ? 4 . How was verification obtained ?
5 . Has the data element indicating verification been updated ?
6 . Is the data element indicating verification in the correct format ?
The 2LoD can substantively test the entire population of customer records by evaluating each of these six questions systematically across all the records . The tests can go beyond just looking at whether the fields contain data that is in the proper format . The tests can also use associated metadata for each field , for example , the time stamp for each field that indicates when it was populated . This can then be used to evaluate , across the entire data set , whether the time between the population of the driver ’ s license number and the date indicating verification of the driver ’ s license number is within the prescribed time frame and whether such time frame indicates compliance with regulatory requirements .
The issue with testing is that it is generally performed after the fact . Ongoing monitoring of processes and controls designed to prevent or detect issues is the key to success today . The 2LoD should focus on the KRIs and KPIs that the 1LoD is using to monitor performance . They should then develop and implement monitoring processes that spot the issues to be identified by the 1LoD . These processes must also monitor events that should be undertaken by the first line to address issues and then track whether they happened within the required time frames . These triggers should result in the 1LoD receiving a monitoring notification from the 2LoD that requires a response .
So , in our driver ’ s license example , if every customer that is an individual must have a driver ’ s license number that is verified within a specified time frame , the 1LoD should have the information that follows :
1 . Controls in place to either prevent the customer from being onboarded without a verified driver ’ s license .
2 . Controls in place to highlight , report and monitor those customers that have been onboarded but have yet to be verified and that address the six requirements mentioned above .
The 2LoD would monitor the performance of the 1LoD by :
1 . Substantial testing as described above to evaluate whether each customer that is onboarded has a verified driver ’ s license .
2 . Comparing the data produced by the 1LoD that highlights and reports customers that have been onboarded but not yet verified to reports independently produced by the 2LoD to address any differences and requiring a response that includes root-cause analysis .
3 . Producing reports that highlight corrective action taken by the 1LoD in response to issues self-identified by the 1LoD , as well as issues identified by the 2LoD .
This type of monitoring should be performed as close to real time as possible and on an ongoing basis . Also , the above testing scenarios need to encompass various digital channels , products and services from where the data is received by the organization . It should also account for any compliance time frames established by regulations such that regulatory deadlines are not breached .
The importance of data quality
Finally , the importance of data quality cannot be understated . The 1LoD and 2LoD need to include in their monitoring and testing programs steps to assess the quality of the data . This includes not only the data that is being collected ( e . g ., the driver ’ s license information ), but also metadata such as time stamps , triggers and related data ( e . g ., notification of missing data and data contained on reports ).
In today ’ s world , onboarding and transactions occur across various channels , from offices and the web to mobile applications , which lead to diverse data formats . Ensuring data quality across these multiple sources is impossible without robust data governance processes that include data cleansing techniques and automated data quality checks to maintain the integrity of your AML program . In essence , effective compliance risk management in today ’ s data-driven world depends on good quality data .
Stephen D . Marshall , director , FinScan Advisory Services , Pittsburgh , PA , Smarshall @ innovativesystems . com
88 acamstoday . org