What is Regulatory Compliance?

Regulatory compliance describes the goal that corporations or public agencies aspire to in their efforts to ensure that personnel are aware of and take steps to comply with relevant laws and regulations.

– Wikipedia

In general, compliance means conforming to a specification or policy, standard or law that has been clearly defined.

Compliance in an organization is a cluster of programs, policies and procedures to comply to regulation and can be broadly classified into:

• BSA/AML Compliance
• OFAC Compliance
• IT Compliance
• E-mail Compliance

The following sections briefly update the BSA part of the compliance.

A Compliance Solution

BSA/AML Functions

Any AML compliance product should be a broader set of the following basic set of features:

• Customer Due Diligence and Know your Customer refers to customizable policies and procedures of an organization to know the customers with whom they are dealing with. KYC should support different elements based on the organization’s needs.
• Enhanced Due Diligence refers to the Customer Identification Program mandated by the USA Patriot Act. Tools within the system should allow users to prepare customized questionnaires for customer staging and proper workflow tools to validate.
• Transaction Monitoring refers to suspicious activity and fraud monitoring on customer transactions which will be mostly by the use of rules according to client need based on BSA laws, regulations and directives. The laws are based on the geographical position of the financial institution and the customer the organization deal with. The function should initiate investigations automatically using the detection mechanism and support easy-to-use tools for a detailed investigation.
• Case Management and Regulatory Reporting refers to investigation of cases and different methods of reporting the cases to different regulatory authorities.

Common functions

In addition to the above Compliance related feature, the product evaluator from the organization should also have answers to the following questions which mostly apply to any financial software applications.

• Global audience. Make out a list of countries where the product can be used. Does the product provide compliance to all the regulatory needs for that country?
• Multi-lingual. Are multiple languages supported? If yes, is multi-language support installation specific? How many languages are supported?
• User and Rights Management. How are users managed within the application? Does the application use Active Directory? Can the user be given rights based on windows rights?
• Work flow and Routing mechanisms. How can I create job functions within? How will I assign rights?
• Batch processing. Will the app allow batch and bulk processing for certain tasks? Is there a list of such processes?
• Data Import. What are the ways data can be imported? Direct from source systems through channels? Flat files? Database table transformation imports?
• Information Reporting and Data Export. What are the ways to generate reports? Is there a way to generate reports automatically?
• Tracing, Logging and Auditing. Does the application support customizable logging to direct to event viewers, flat files, databases and even sinks? Is enough information logged for auditors? For product support are there any trace switches?
• Licensing. What type of licensing is available? Is there an evaluation version? Can I buy more products in the future?
• Service and Support. What kind of customer services is provided? What are the terms and conditions?

Platform

In addition to the features, a detailed pre-requisite for the product should be obtained for the product cost statement.

• Is a dedicated server necessary? What is the Operating System? Are there any limitations in choosing the OS?
• What platform is it running on? Open source or Proprietary or Legacy? Java or .NET or PHP? Win forms or Web or both? IIS or Apache or Websphere?
• Is the application dependent on a database? Is that database free? Does the organization already have license for the database? What database edition is required by the product?
• Is the application using any third-party tool? Is a list of those third-party tools available? Do I need any email clients? How many tools are free? Any particular version? Can those tools be upgraded for free if necessary?
• Do the end-users require any plug-ins or software to run the application? What is the setup cost for installing that plug-in? Does the end user need to change any browser settings for running scripts, ActiveX, etc?
• What will be the setup cost? What kind of support is required by the organization for installation?
• Any task scheduler necessary to run jobs?

Based on the organization’s software policy, a cost sheet can be generated using the following entities.

Features Check-list

AML Product

The following table can be used to check the product feature list before evaluating a product:

Platform

The following table will help in putting up together the list of software necessary in addition to the products itself.

Links

The following pointers can be used for reference. These web links are pointers to the AML and Banking related web sites.

• Bank Secrecy Act
• Office of Foreign Assets Control
• Federal Financial Institutions Examination Council
• Board of Governors of the Federal Reserve System
• Federal Deposit Insurance Corporation
• National Credit Union Administration
• Office of the Comptroller of the Currency
• Office of Thrift Supervision and the State Liaison Committee
• Conference of State Bank Supervisors
• American Council of State Savings Supervisors
• National Association of State Credit Union Supervisors

Your comments to this draft copy is greatly appreciated.