With regulators piercing into organizations culture over historical look-back exercise, it is more than important to select the right party, devise the approach, be candid about the challenges, and finally have the regulators buy-in.
If it is a chosen thirty party, credibility plays a very important role considering the geographic markets the business engages with, how the triage and assignment of alerts would occur etc.
Documentation aspects, their development and how the final deliverable s would look like are pertinent and if the engaged party does not have ready-made answers or are not able to demonstrate, then it could be venturing into troubled waters.
Another key indicator would be third party’s understanding of estimating the alerts themselves without playing down over key ones, while being cognizant of privacy laws of home country of operations.
They will need to ensure availability, access and understanding of data, and should be candid/open about such challenges. This will ensure that the look-back methodology and final deliverable s are aligned with regulatory expectations.
Regulators do expect that periodic status meetings and updates are available during their review. The purpose is not be to be blindsided when the look-back project concludes and finally conclude upon massive submission of SARs, which may not yield the right result for all parties involved.
Respecting the independence of the third party is equally important without tarnishing the communication and operating protocols.
Having said that stay engaged and consider how the results of the look-back will be integrated into the monitoring program.
The objective, however clear it may be to identify suspicious activity the need to understand customers and their activity will be a herculean task for the third party and they would indeed require assistance from you/the source organization to enhance monitoring aspects.
We need to understand that the third party would only review work objectively basis their conviction on most occasions, which is the major challenge zone for the ordering organization.
Therefore, the boundaries of their independence and your obligations need to be closely assessed before venturing and to survive the assurance and adherence under multiple and varied pressures from different corners.
Thanks, and you can connect with me @ https://ae.linkedin.com/in/rajesh-rachamalla-cams-1b46037