Identity Access Support and Solutions

Identity and Access Management (I&AM) and Privileged Access Management (PAM) include provisioning, recertification, internal transfers and offboarding user access to an organization’s technology resources. Corporate and departmental user groups consist of employees and sometimes include external connectivity to customers and vendors. As a result, the complexity of account management processes increases depending on the level of risk associated with the particular user role being provisioned.

Read more

DFS 504 – Developing a Sound Risk-Based Transaction Monitoring Program

On June 30, 2016, the New York State Department of Financial Services (“DFS”) issued a Final Rule (Regulation 504) requiring regulated institutions to maintain “Transaction Monitoring and Filtering Programs.” The Final Rule applies to all banks, trust companies, private banks, savings banks, and savings and loan associations chartered under New York Banking Law and all New York-licensed branches and agencies of foreign banks.

Read more

Anticipated Behavior Profile

Financial institutions (“FI’s”) are required by Anti-Money Laundering (“AML”) regulations to perform risk-based due diligence for their customers and prospective customer. This due diligence is referred to as Customer Due Diligence (“CDD”). FI’s must perform an additional level of due diligence for customers presenting a high level of AML risk, known as Enhanced Due Diligence (“EDD”).

Read more

A Compliance Officer’s Epilogue to Panama Papers Leak

On April 3, 2015, a German newspaper ICIJ leaked 11 million files from a Panamanian law firm that specializes in setting up offshore companies. Read more about a compliance offer's view on this news.

Read more

Actimize Automation

Financial institutions receive transaction information in large data sets everyday that must be monitored. Utilizing Actimize Automation can ease the work load for all.

Read more

Sanctions and BSA Monitoring Risk for Trade Finance Activities

Trade Finance makes up a large portion of international trading and financial institutions deal with large volumes of these transactions where they all must be monitored. Looking at trade finance from a compliance and operational side there are differences that individuals must be aware of. From this point of view trade finance is not always considered when implementing BSA and OFAC procedures. A large part of this is due to the fact that trade finance is not always an automated process.

Read more

Third Party Management Risk- Program Setup

At a broad level the Third Party Management Program should define the policies and procedures along with the roles, responsibilities, ownership, controls, etc. for Third Party Management Lifecycle. As part of the program banks should create a repository of all their third party relationship information with third party criticality, controls, performance measurements, compliance testing, monitoring, reporting, etc. Additionally identify, assess, and classify, risks and controls for third party relationships.

Read more

Third Party Management Risk Intro

On October 30, 2013 the Office of the Comptroller of the Currency (OCC) issued updated guidance on third-party risks and vendor management. The OCC’s bulletin points out that its updated guidance replaces OCC Bulletin 2001-47, “Third-Party Relationships: Risk Management Principles,” and OCC Advisory Letter 2000-9, “Third-Party Risk.”

Read more

The Benefits of Using an Independent Third Party for BSA Business Line Risk Assessments

All banks are obligated to update their BSA Business Line Risk Assessments every 12 to 24 months. More frequent updates may be necessary if there are changes in client base, product/service updates or large changes within an organization. This process allows banks to fully understand underlying AML risks facing the institution.

Read more

Structuring Rules for Non-Cash activity, with limited False Positive Output

Financial Institutions are often reluctant to expand their “Structuring” rules logic beyond Cash activity into non-Cash areas like Checks, ACH or domestic and international Wires because of questionable productivity and potentially significant increases in false positive alert output.

Read more