Skip to content
BOL Conferences
Thread Options
#2262481 - 11/15/21 04:06 PM Annual requirement? Automated monitoring program
J_G Offline
Gold Star
Joined: Dec 2010
Posts: 256
Is it a requirement to review the thresholds and risk rating, etc, in your automated suspicious activity monitoring software annually? We have a data validation done every 18 months by an external auditor to make sure everything feeds in correctly, etc, but is it also a requirement to review the thresholds and risk rating criteria annually to see what adjustments should be made? We had it done by Abrigo in 2020, and wondering if it's ok to wait until early 2022 to do it again.

Return to Top
#2262544 - 11/16/21 03:51 PM Re: Annual requirement? Automated monitoring program J_G
ACBbank Offline
Power Poster
Joined: Jul 2006
Posts: 4,308
New York City
This depends on the risk profile of your bank. There are institutions that look at their parameters and perform full model validations on a 12 month cycle. There are other institutions who conduct these activities every 18-24 months.
"100 victories in 100 battles isnt the most skillful. Subduing the other's military w/o battle is the most skillful." Sun-Tzu

Return to Top
#2263282 - 12/07/21 05:44 PM Re: Annual requirement? Automated monitoring program J_G
JackieW Offline
New Poster
Joined: May 2019
Posts: 20
The FFIEC BSA AML manual states in regard to automated monitoring systems, "Once established, the bank should review and test system capabilities and thresholds on a periodic basis. This review should focus on specific parameters or filters in order to ensure that intended information is accurately captured and that the parameter or filter is appropriate for the bank's particular risk profile." No specific timeframe is noted but based on discussion with other banks, an annual review process of filters/paramaters seems to be a good starting point. However, a more frequent timeframe may be appropriate for your organization.

Return to Top
#2263308 - 12/08/21 12:15 PM Re: Annual requirement? Automated monitoring program J_G
praBSA Offline
Gold Star
Joined: Aug 2018
Posts: 348
Agree with all of the above. It should be based on your bank's risk profile. My last bank was a small community bank with very low risk and we had an independent review every 2 years but I reviewed alert efficiency and criteria annually.

Return to Top
#2263328 - 12/08/21 03:43 PM Re: Annual requirement? Automated monitoring program J_G
edAudit Offline
Power Poster
Joined: Jul 2008
Posts: 4,794
You are here
There is usually two parts to this, one is a Model Validation to determine if the model is working as designed and the other is Model Tuning to determine if the parameters are appropriate for your institution. Most of the places I have worked hade one every other year unless there was a major change to the model. In which case it was more frequent.

I have also seen multiple tuning throughout the year and an annual validation for a very complex institution. There is simply no one size fits all for this as long as you can justify your process.
Opinions can be considered as coming from anywhere but my employer.


Return to Top

Moderator:  Andy_Z