I agree with your comment, "that is not how you test for suspicious activity". What I propose is having the independent firm review our queries/logic of those queries/alerts/investigations and follow through SAR filings instead of the detailed card transactions. In addition, our compliance analyst also conducts BSA/AML transaction reviews during our annual program manager reviews. I would expect the independent examiner to also review a sample of that work for reasonableness. Agreed with my methodology Does that make sense?