Skip to content
BOL Conferences
Thread Options
#2196838 - 10/30/18 06:40 PM BSA/AML Monitoring
AuditLove Offline
New Poster
Joined: Jan 2015
Posts: 23
What is considered standard timeframe for a BSA software system to generate alerts from previous day's transactions?

Then, once those alerts are generated, what is considered a standard timeframe for having those alerts reviewed and cleared or sent to case?

So if there is a glitch in the monitoring system and some of the feeds to generate the alerts do not work and is not corrected for months, is it still considered timely if the alerts are then worked within 30 days of the alerts finally going through? Or should something have been done manually in the meantime? When does the clock start? From the alerts or once the transaction occur?

Return to Top
BSA/AML/CIP/OFAC Forum
#2196850 - 10/30/18 07:42 PM Re: BSA/AML Monitoring AuditLove
Sunshine Lady Offline
Platinum Poster
Sunshine Lady
Joined: Apr 2014
Posts: 673
I think you will find that everyone's BSA software is different. Our software generates alerts bi-monthly so that gives me some time to do more research. Some others might get theirs daily or weekly, but an auditor once told me that they were looking for the alerts to be worked in a timely manner and I took that to mean 7-10 days, but others may interpret this differently. I am sure that everyone on BOL does it differently.
_________________________
Define Success on your own terms, achieve it by your own rules, and build a life you are proud of. Anne Sweeney

Return to Top
#2196857 - 10/30/18 08:16 PM Re: BSA/AML Monitoring AuditLove
AuditLove Offline
New Poster
Joined: Jan 2015
Posts: 23
Thank you, Sunshine Lady!

Currently, our software runs alerts daily but also does some weekly and monthly. However, there were a few glitches that resulted in only partial alerts being able to be generated until 3-6 months later. Once generated, the BSA team worked diligently to clear the alerts or send them to case within 30 days. So I'm ok with the timing to work the alerts but wasn't sure about the fact that some of the alerts were delayed....and wondering if that's ok?

I don't see anything in the Reg that states timing of alert generation; only timing for filing the SARs within 30 days of initial detection. Yet alert generation/identification does seem to be one of 5 key components for adequate transaction monitoring for suspicious activity.

Thanks again!

Return to Top
#2196887 - 10/30/18 09:59 PM Re: BSA/AML Monitoring AuditLove
osucpa Offline
Diamond Poster
Joined: May 2011
Posts: 1,406
I think a criticism you might have is your software package was not working properly for a period of time. The examiners might ask how you are monitoring this to make sure it does not happen again.

Return to Top
#2196914 - 10/31/18 01:26 PM Re: BSA/AML Monitoring AuditLove
AuditLove Offline
New Poster
Joined: Jan 2015
Posts: 23
Thank you, osucpa!

One of the glitches was between the software and the core system; however, it also started with the manual validation of the transactions that must be done before they can be loaded into the software. The validations fell behind and after so many days the software cannot generate alerts on stale data unless the vendor resyncs.

The first question I asked was what they are doing to be sure it does not happen again. Their answer might be ok but I still am unsure of what time frame alerts need to be generated before I decide anything further.

Return to Top
#2196977 - 10/31/18 07:41 PM Re: BSA/AML Monitoring AuditLove
TryingtoComply Online
Diamond Poster
Joined: Apr 2013
Posts: 2,199
The West
If your examiners find out about this you will likely be criticized for systemic issues that could affect your ability to identify and report suspicious activity.

Is your data not being mapped automatically to your AML software? Why does a manual validation need to occur?

Your procedures should indicate how often alerts are generated and the time period for reviewing them. For example, we run our alert batch monthly and all alerts must be worked within 30 calendar days. As someone else already stated, every bank will be different as we all use different software.

But in your case, the results of your alerts is dependent on what is being mapped to the AML software. If the data doesn't get mapped, your alerts are basically worthless and your BSA risk is increased.

You might consider having a data validation audit performed by a third party.
_________________________
TryingToComply
CRCM

Return to Top
#2196988 - 10/31/18 08:03 PM Re: BSA/AML Monitoring AuditLove
P*Q Offline

Power Poster
P*Q
Joined: May 2001
Posts: 8,458
Somewhere
We have a nightly report from our vendor that reflects whether all transactions mapped correctly, if so, we get green, if not, no green and we have a concern. We review it everyday to ensure trans. are mapped correctly. And I agree with Trying, if you haven't had a system validation done by a third party, I'd suggest pronto. You don't want examiners to find issues before you know what the issues are.

Return to Top
#2197027 - 11/01/18 01:56 PM Re: BSA/AML Monitoring AuditLove
ACBbank Offline
Power Poster
ACBbank
Joined: Jul 2006
Posts: 4,344
New York City
I'm guessing that there needs to be a manual validation done as a specific AML system, usually deployed by smaller FI's, requires non-validated transactions to be validated.
_________________________
"100 victories in 100 battles isnt the most skillful. Subduing the other's military w/o battle is the most skillful." Sun-Tzu

Return to Top

Moderator:  Andy_Z