Risk Assessment Solution (KYC/AML)
Automate the compliance processes, perform ongoing due diligence, and enable law practices to comply with regulations related to KYC (Know Your Customer) /AML (Anti-Money Laundering) / CFT (Combating the Financing of Terrorism).
Please review all requirements. Your solution must meet all 🔴 mandatory requirements to qualify.
9.01🔴
Does your solution allow for cloud-based, mobile-based and/or web-based usage?
9.02🔴
Does your solution check for/against the following lists: a) persons or entities convicted of being involved in criminal activities such as fraud, money laundering, trafficking, terrorism or supporting terrorism, corruption and/or organised crimes locally and overseas? b) Interpol red notice c) Targeted financial sanction lists, including UNSCR lists, Russia d) TSOFA Schedule A e) Politically Exposed Persons (PEPs) and their immediate family members? e.g. a politician or immediate family members of the politician in a particular country f) blacklisted persons or entities within jurisdictions which are subject to sanctions or trade embargoes issued by the UN, OFAC or other similar institutions, MHA Sanction List.
9.03
Does your solution run checks against the following, including but not limited to: a) Panama Papers, Russia Laundromat, Pandora Papers b) Adverse news in local and overseas media
9.04🔴
Does your solution allow multiple login access (for entities with many users)?
9.05🔴
Does your solution perform on-going monitoring or update the database with new blacklisted persons or entities?
9.06🔴
Does your solution provide access control features (e.g. only authenticated & authorised user can make configuration changes to the solution)?
9.07
Does your solution provide an audit trail to track modifications to the risk assessment with usernames, dates, and time stamps?
9.08🔴
Does your solution provide alerts, reporting features?
9.09🔴
Does your solution allow screening records and risk assessments to be stored and exported in a pdf format?
9.10
APIs Does your solution support integration with systems such as document management systems? Note: [1] List the solutions that your software can be integrated with
9.11
Mandatory to answer
Does your solution collect Personally Identifiable Information?
9.12
If your solution collects Personally Identifiable Information, Has your company engaged a qualified 3rd party to conduct a security vulnerability assessment of your solution in the last 12 months? If you are a reseller of the solution, please verify with your product principal that they have conducted a security vulnerability assessment of their solution by a qualified 3rd party in the last 12 months. If Yes, please indicate the name of the 3rd party assessor and date of the assessment test in the comment field, and also submit the assessment test report as supporting document. Note: [1] Qualified 3rd party include Cybersecurity companies accredited under Accreditation@SGD Programme; CREST-Certified companies or companies with equivalent certifications. Examples of equivalent certifications can include but are not limited to: Offensive Security Certified Professional (OSCP); EC-Council Certified Security Analyst (ESCA [V10]); GIAC Penetration Tester (GPEN)
9.13
Does your solution provide alerts on changes to past searches, i.e. ongoing monitoring.
9.14
Does your solution expend credits for every name search or unique name searches only?
Last updated