Case Study Banner
Functional Testing of Anti-Money Laundering at Masraf Al Rayan Bank

Functional Testing of Anti-Money Laundering at Masraf Al Rayan Bank

Functional Test Automation, Functional Testing

Business Requirement

To comply with money laundering control regulations by offering an automated process for case management, blacklist screening and online SWIFT transaction monitoring, MAR replaced their existing Anti-Money Laundering (AML) system (Risk Secure) with Omni Enterprise to overcome the limitations.

Various compliance and legislative reports are profuced as part of the automated suspicious reporting with regards to suspicious customers, transactions (of Accounts, Cards, Treasury, Trade Finance etc.), file based SWIFT Monitoring according to country specific regulations.

Major Modules in Omni Enterprise AML system:

Testing Requirements

Masraf Al Rayan worked with Testhouse to conduct both functional [System Integration (SIT), User Acceptance (UAT) & Regression] and non functional testing for the new Anti-Money Laundering (AML)

implementation to ensure that the application delivers the business needs of the Bank. MAR identified around 163 scenarios for 12 user roles that needs to be implemented in the AML system. Some of these scenarios that were implemented in the Anti-Money Lanundering system include:

Cards User

  • Maximum Cards per customer
  • Credit Card Debit Balance in excess of a particular amount
  • Count of Credit Card Purchases more than 3 times in a month internationally
  • Count of Credit Card Purchases at Particular POS more than 3 times in a month
  • Usage of Card in High Risk Countries

Multiple Usage of Card in other Countries

Branch User

  • Weekly/ Bi Weekly Rapid movement of funds
  • Large reportable transaction
  • Activities in Dormant Account
  • High Risk Accounts
  • CASH Transactions in Credit above Threshold Amount for an Individual in a Month
  • ATM CASH Deposit Trend
  • Transactions during in-appropriate or Unusual Timings like Late Night

HR User

  • Credit Transfer from Customer to Staff
  • New Account with High Velocity
  • Quaterly Cash Deposit equal to or above Threshold amount
  • Monthly Reports where credit Exceeds 150 % of salary
  • Quaterly Sum of all credits above threshold amount

Private & Corporate User

  • Weekly Rapid movement of funds
  • Repetitive Payments to or from same customer
  • Total Cheque Deposits in a day exceeds X amount
  • PEP customer transaction above X amount

Trade Finance

  • Any LC or LG for an Individual/joint type of account

Alerts

Alerts are generated in the AML system based on the specific criteria assigned for each scenarios once the EOD process is run. The alerts are prioritized in accordance with the customer risk profile rating.

Online SWIFT Module

MAR specifically have an online Swift module which provides a real time transaction monitoring. Suspicious transactions identified will be captured by the AML system real time and moved to the pending queue for the AML Unit users to take necessary action on that transaction.

Customer Risk Rating

MAR customers are provided with a customer risk rating that is calculated based on 4 parameters:

  • Business Intelligence Risk
  • Transaction Trend
  • Transaction Type
  • Scenario Risk

The risk rating model works in the background and constantly updates risk profiles through an adaptive profiling engine. The risk scores are constantly updated and deviations from the normal are monitored and recorded. The risk rating is taken on a scale of 1 to 10 with 1 being the lowest risk and 10 being the highest.

Testing Activities

  • Performed Scoping exercise and a Gap Analysis between the BRD and SOW.
  • Prepared Requirement Tracebility Matrix (RTM)
  • Test preparation and execution for SIT, UAT & Regression based on the scoping exercise.
  • Requirement Analysis is performed and the areas of testing to be done have been identified.
  • Role rights for each user role verified In the AML system.
  • Ensuring data integrity of data flow from systems
  • User role based workflow testing integration
  • Investigate alerts generated in the system specific to each user role after the EOD process.
  • Verified violated transactions for each scenario based on the transaction codes and scenario criteria associated with it.
  • Verified customer risk rating needs based on the four parameters defined to confirm whether the risk rating is properly generated in the system.
  • Verified the real time transaction monitoring in SWIFT module from various front-end channels to determine whether the transaction is properly tracked by the AML system.
  • Verifying and validating the various Management Information System reports
  • Customer screening based on the name, date of birth, passport and nationality against sanctioned lists such as World check, OFAC, UN, etc.
  • Around 2500 new test cases were prepared and executed manually using Sharepoint.
  • A total of 400 plus defects were captured during the UAT execution and exploratory testing, and are reported through Sharepoint for the development team to work on and provide fixes.

Risks & Challenges

  • Gap Analysis between BRD and Scope of Work
  • Frequent change in requirements and customizations
  • Understanding time to time change in application functionalities
  • Data integration from the source systems
  • Verifying alerts generated in the system for different customer types and against various criteria’s specific to the scenarios
  • Verifying the scenario violations by customers for the violated transactions based on transaction code
  • Confirming SDN scan results are based on the parameterization of name and overall match percentage provided in the system
  • Customer risk profile calculation
  • Real time SWIFT transaction monitoring

Application – Testing Challenges

Manual

  • Identifying the missing functionalities/bugs and reporting the same in Sharepoint.
  • Including new scenarios/test cases when new release or requirements arrive.
  • Modification of Test Cases when there is a functional change

Solution & Benefits

Testhouse consultants who have good exposure into Banking have the expertise in providing solution to the client in managing the entire product lifecycle.

  • Gathering the requirement from the client and understanding the same from Business requirement documents.
  • Identifying the test scenarios and writing test cases for the same
  • Uploading the Test cases in Sharepoint and mapping the same as per requirement matrix
  • Reporting of Defects.
  • Following up with Development team for the fixes and solutions as per business request
  • Coordination between Business users and development team