A bank performs sanctions screening using some third-party software. Although the screening system appears to be working in that output is created, but the bank quite rightly wants to know if its system: addresses the bank’s risk, is effective, is efficient, is comparable to peer banking institutions.
Key Requirements for SQA Consulting
The bank requires:
- A benchmark comparison against its peers.
- Operational effectiveness figures.
- Operational efficiency figures.
- A report showing what risk is not addressed by screening – residual risk.
- A report on the screening that can be delivered to regulators.
SQA Consulting provide a Screening Assurance service based around its product Sanctions Assessment Centre. The Sanctions Assessment Centre has the capability to create test files covering different aspects of banking risk, including:
- All of the names on sanctions lists
- Manipulations of names to cover common business scenarios (such as miss-spellings)
- Geographic terms from countries of sanctions significance
- False positive tests to establish comparative efficiency
- BICs of sanctioned banks
- Vessels and Vessel IMO Number of sanctioned vessels.
The Sanctions Assessment Centre has been used at many banks and financial institutions and has an extensive set of benchmark figures. SQA Consulting uses its benchmarking graph which illustrates a comparison of both effectiveness and efficiency, akin to showing cars by top-speed and economy.
The process relies on the bank providing a live-like test environment for SQA Consulting to provide a test file for. SQA created a test file in which each and every SWIFT message had a specific traceable purpose. Each and every tag in each and every SWIFT message included a test to ensure coverage of all messages and all types of data from name specific fields to open narrative.
Key Benefits Delivered
The observation document produced after the typical 4 weeks since project start, contained observations on screening weakness, with root cause analysis, a recommendation for management, and management responses. A document such as this is exactly what a regulator is looking for, demonstrating that a thorough investigation has been conducted, and any weaknesses have plans for closure.