An Accountable or Reporting Institution –
Board of directors, senior management or person exercising the highest level of authority must have adequate oversight over the process of implementing the ATMS, alert management, adequacy of rules and scenarios implemented including testing. Alerts generated by the ATMS’s must be reported to the Centre within the prescribed period.
Must have adequate resources to manage the volume of alerts generated. Such resources must have the required level of skill. Responsibilities for reviewing, investigating and reporting of alerts must be defined.
Must document all investigations and decisions taken relating to alerts generated by the ATMS and kept in a manner readily accessible to Regulators.
Must ensure that Where a suspicious or unusual transaction or activity is detected by a reporter in an instance other than through the ATMS, the reporter must ensure that the ATMS detection rules are developed and implemented to enable future detection of similar scenarios via the ATMS.
Make provision for manual reports from internal stakeholders and not solely rely on ATMS.
Ensure that the detection methodology and effectiveness of an ATMS are validated and tested at least annually. Configuration changes must follow a governance process and have full audit trail capabilities. The detection methodology including, algorithms, scenarios, threshold settings or rules used by the ATMS must be sufficient to address the associated money laundering and terrorist financing risks applicable to the institution.