Is a Test Environment Necessary? 5 Reasons Why Financial Institutions Need One for Their AML & Fraud Monitoring Systems

Terri Luttrell, CAMS-Audit
June 4, 2019
Read Time: min

Change is inevitable. Software systems get upgraded; new technology gets implemented. Financial institutions should have Change Management Policies that define change, as well as establish the procedures around managing change. Changes could stem from internal sources, like policies and procedures, new products, or product updates; or they could be external changes, like new compliance rules and regulations. The FFIEC IT Examination Handbook goes into more detail and states that “large and complex institutions should have a change management policy that defines what constitutes a change and establishes minimum standards governing the change process.”

While the above statement is aimed at large and/or complex institutions, smaller institutions will be examined on their change management protocols, such as how up to date their software versions are and what controls they have in place around upgrades. While a separate test environment might not have been required by examiners in the past, it is becoming more common to see this within smaller institutions.

For internal changes that relate to updates and changes to BSA/AML and fraud software, having a separate test server can give an institution the opportunity to understand the potential impact to the way BSA professionals work, the way the systems work, and isolate issues in advance without disruption to the live production environment. Even a flawless product release or upgrade could have negative consequences on an institution if one does not understand potential implications or adjustments they should make to accommodate new features and functionality.

Without adequately measuring and examining, serious repercussions can bring down more than a single department and have lasting impacts. Institutions need to be asking internally, “What cost-effective steps can we implement to ensure every product is vetted before going live and pushed into production?”

A test environment for BSA/AML and fraud software allows you to:

  • Conduct adequate above the line/below the line testing for your system parameters and other settings
  • Test the optimization and reasonableness of your risk rating module
  • Test client data feeds flowing into it
  • Ensure no bugs or other issues with new software of upgrades to existing software enter your production environment
  • Meet regulatory expectations with the FFIEC IT Examination guidelines to approve and comply with your institution’s change management policy

If you believe your institution is not currently large or complex enough to need a test environment, you must have a change control policy in place and follow it. As your institution grows, keep in mind that your change management controls will also need to be modified and grow as change occurs.

Fraud scenarios that use single- and multi-channel fraud detection? Now that's big.
Learn more
About the Author

Terri Luttrell, CAMS-Audit

Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size. She has successfully worked with institutions in developing BSA/OFAC programs, optimizing various automated solutions, and streamlining processes while ensuring all regulatory requirements are met. As the Compliance and Engagement Director at Abrigo, Terri provides insights that contribute and support long-term banking strategies based on analysis of market and industry trends, competitor developments, and financial and regulatory technology changes. She is an audit-certified anti-money laundering specialist and a board member of the Central Texas chapter of the Association of Certified Anti-Money Laundering Specialists (ACAMS). Terri earned her bachelor’s degree in business administration, specializing in business and finance, from the University of North Texas.

Full Bio

About Abrigo

Abrigo is a leading technology provider of compliance, credit risk, and lending solutions that community financial institutions use to manage risk and drive growth. Our software automates key processes — from anti-money laundering to fraud detection to lending solutions — empowering our customers by addressing their Enterprise Risk Management needs.

Make Big Things Happen.


Looking for Banker’s Toolbox? You are in the Right Place!

Banker’s Toolbox is now Abrigo, giving you a single source for all your enterprise risk management needs. Use the login button here, or the link in the top navigation, to log in to Banker’s Toolbox Community Online.

Make yourself at home!