Skip to main content

Looking for Valuant? You are in the right place!

Valuant is now Abrigo, giving you a single source to Manage Risk and Drive Growth

Make yourself at home – we hope you enjoy your new web experience.

Looking for DiCOM? You are in the right place!

DiCOM Software is now part of Abrigo, giving you a single source to Manage Risk and Drive Growth. Make yourself at home – we hope you enjoy your new web experience.

Is AML Software Testing Necessary? 5 Reasons Why Financial Institutions Need a Testing Environment

Terri Luttrell, CAMS-Audit, CFCS
June 4, 2019
Read Time: 0 min

AML software testing is critical since change is inevitable. Software systems get upgraded; new technology gets implemented. Financial institutions should have Change Management Policies that define change, as well as establish the procedures around managing change. Changes could stem from internal sources, like policies and procedures, new products, or product updates; or they could be external changes, like new compliance rules and regulations. The FFIEC IT Examination Handbook goes into more detail and states that “large and complex institutions should have a change management policy that defines what constitutes a change and establishes minimum standards governing the change process.”

While the above statement is aimed at large and/or complex institutions, smaller institutions will be examined on their change management protocols, such as how up to date their software versions are and what controls they have in place around upgrades. While a separate test environment might not have been required by examiners in the past, it is becoming more common to see this within smaller institutions.

For internal changes that relate to updates and changes to BSA/AML and fraud software, having a separate test server can give an institution the opportunity to understand the potential impact to the way BSA professionals work, the way the systems work, and isolate issues in advance without disruption to the live production environment. Even a flawless product release or upgrade could have negative consequences on an institution if one does not understand potential implications or adjustments they should make to accommodate new features and functionality.

Without adequately measuring and examining, serious repercussions can bring down more than a single department and have lasting impacts. Institutions need to be asking internally, “What cost-effective steps can we implement to ensure every product is vetted before going live and pushed into production?”

A test environment for BSA/AML and fraud software allows you to:

  • Conduct adequate above the line/below the line testing for your system parameters and other settings
  • Test the optimization and reasonableness of your risk rating module
  • Test client data feeds flowing into it
  • Ensure no bugs or other issues with new software of upgrades to existing software enter your production environment
  • Meet regulatory expectations with the FFIEC IT Examination guidelines to approve and comply with your institution’s change management policy

If you believe your institution is not currently large or complex enough to need a test environment, you must have a change control policy in place and follow it. As your institution grows, keep in mind that your change management controls will also need to be modified and grow as change occurs.

Fraud scenarios that use single- and multi-channel fraud detection? Now that's big.

Learn more
About the Author

Terri Luttrell, CAMS-Audit, CFCS

Compliance and Engagement Director
Terri Luttrell is a seasoned AML professional and former director and AML/OFAC officer with over 20 years in the banking industry, working both in medium and large community and commercial banks ranging from $2 billion to $330 billion in asset size.

Full Bio

About Abrigo

Abrigo enables U.S. financial institutions to support their communities through technology that fights financial crime, grows loans and deposits, and optimizes risk. Abrigo's platform centralizes the institution's data, creates a digital user experience, ensures compliance, and delivers efficiency for scale and profitable growth.

Make Big Things Happen.