Is it a requirement to review the thresholds and risk rating, etc, in your automated suspicious activity monitoring software annually? We have a data validation done every 18 months by an external auditor to make sure everything feeds in correctly, etc, but is it also a requirement to review the thresholds and risk rating criteria annually to see what adjustments should be made? We had it done by Abrigo in 2020, and wondering if it's ok to wait until early 2022 to do it again.