Answer:
There is not a one-size-fits-all frequency for tuning BSA/AML/OFAC systems. The frequency depends on several factors, including regulatory expectations, significant changes in business operations, risks, and system performance. However, Supervisory Guidance on Model Risk Management and best practices suggest the following guidelines for model tuning:
- Annual Tuning – Financial institutions are expected to perform comprehensive system tuning at least once a year. This includes reviewing risk parameters and transaction monitoring thresholds to ensure they reflect the current risk profile of the institution.
- Ad-Hoc Tuning – In addition to annual reviews, tuning may also be conducted on an as-needed basis. This might occur after:
- Changes in products, services, customer base, or geography.
- Identification of false positives or negatives that suggest the system’s thresholds or rules are too strict or loose.
- Regulatory changes or updates to OFAC Sanctions lists.
- Regulatory exams or audits that indicate gaps or deficiencies in the current system.
- Ongoing Monitoring and Alerts – While tuning can be a periodic task, financial institutions should continuously monitor the system’s performance. Alerts and exceptions should be regularly reviewed to determine if system tuning is necessary to address any emerging risks or inefficiencies.
Remember to document any tuning efforts – this gives your institution governance credit, as well as creating documentation for a system of internal controls.
