Release 5 · Programme pack

AML / Sanctions / Wolfsberg Programme Controls

Programme-level financial-crime controls beyond pure SoD. These are the controls a banking regulator (FFIEC, FCA, SARB, CBK) inspects on examination — sanctions-list refresh cadence, watchlist screening completeness, PEP review, CTR/SAR filing timeliness, structuring detection, transaction-monitoring tuning, KYE staff screening, correspondent banking review.

25Controls

7Algorithmic

18Programme-config

7ERP connectors wired

1 What this pack detects

The pack covers four families of AML programme weakness. Each control fails-closed (skipped silently with a clear reason) when its required data slot is missing, so it never blocks the rest of the audit.

AML-001

Sanctions-list refresh cadence ≤24h. Stale OFAC / EU / UN consolidated lists allow ineligible parties to transact undetected. Hard alert at 24h since last refresh.

AML-002

Watchlist screening completeness. Every customer-master record must appear in the screening log; backfills exposed at this layer.

AML-003

PEP screening ≤12 months. Political-exposure status changes with elections / appointments / new sanctions; annual re-screen mandatory.

AML-004

CTR filing for cash ≥$10K. Currency Transaction Reports must be filed within 15 days; this control reconciles cash transactions against filed CTRs.

AML-005

Structuring / smurfing detection. ≥2 cash deposits per customer per day in the 85-100% of CTR threshold band — federal offence under 31 USC 5324.

AML-006

Round-amount transaction velocity. ≥5 round-amount cash transactions per customer signals layering activity.

AML-007

Pass-through accounts. Same-day in/out where outflow ≥85% of inflow — classic layering pattern.

AML-008

High-velocity merchant scenario. Acquired-merchant volume spike — 30-day rolling > 3× 90-day baseline.

AML-009

FATF high-risk-jurisdiction wires. Outgoing wires to NK / Iran / Myanmar / Syria / others — block by default, compliance override only.

AML-010

Cash-intensive business EDD. Money services, casinos, dealers in precious metals — require enhanced-due-diligence at onboarding + quarterly.

AML-011

Beneficial owner ≥25%. Legal-entity customers must have a UBO at the FATF Rec 24/25 threshold; missing UBO = shell-company indicator.

AML-012

Transaction-monitoring rule tuning. Scenarios with >95% false-positive ratio mask genuine alerts and waste compliance time. Rule tuning is an FFIEC examination expectation.

AML-013

Customer risk rating refresh. Annual review (quarterly for high-risk); stale ratings undermine risk-based monitoring allocation.

AML-014

Negative-news / adverse-media screening. Required for medium- and high-risk customers; often the earliest financial-crime signal.

AML-015

Know-Your-Employee (KYE). Bank staff in money-handling, lending, compliance roles screened against sanctions / PEP / fraud watchlists at hire + annually.

AML-016

Correspondent banking review. Annual review of every correspondent + nested-respondent relationship under Wolfsberg Principles.

AML-017

Trade-finance over-/under-invoicing. Per-commodity, per-route price variance; >25% deviation triggers TBML alert.

AML-018

Wire Travel Rule recipient metadata. FATF Rec 16 requires originator + recipient name + account + address on cross-border ≥$1000 wires.

AML-019

Dormant account reactivation EDD. Accounts dormant ≥12 months reactivating without re-KYC are common money-mule vehicles.

AML-020

Cash deposit + same-day withdraw. ≥85% of inflow — layering pattern, especially on accounts <90 days old.

AML-021

SAR filing timeliness ≤30 days. Late-filed SARs are documented at every regulatory examination as structural programme failure.

AML-022

Sanctions hit override audit trail. False-positive overrides on sanctions hits require independent dual-review per Wolfsberg.

AML-023

KYC document expiry. Expired passports / national IDs fail FATF Rec 10 ongoing-CDD; refresh 30 days before expiry.

AML-024

PEP family / associate screening. FATF Rec 12 + Wolfsberg PEP Guidance — extends to immediate family + known associates.

AML-025

Monitoring scenario coverage breadth. Fewer than 8 active scenarios is a structural weakness per FFIEC / FATF examination guidance.

2 Data slots — what to upload

The pack reads from these CSV slots. Run the V/ergent extract script for your platform — it produces stub headers for each slot. Replace the stubs with real data, or leave them as-is and the related controls fail-closed cleanly.

Slot	Source	Used by
`sanctions_list_metadata.csv`	Refinitiv WorldCheck / Dow Jones / LexisNexis admin export — last refresh ts per list	AML-001
`screening_log.csv`	Customer screening events — sanctions / PEP / negative news	AML-002, AML-014, AML-022
`pep_screening_log.csv`	PEP review log per customer with last-review date	AML-003, AML-024
`customer_master.csv`	Core banking system customer extract — risk rating, business segment, KYC currency, dormancy reactivation	AML-002, AML-010, AML-013, AML-019, AML-023
`transaction_data.csv`	Daily transaction stream from core banking — date, amount, type, customer, destination country	AML-004, AML-005, AML-006, AML-007, AML-009, AML-020
`ctr_filings.csv`	FinCEN / FIU CTR filing record	AML-004
`sar_filings.csv`	SAR detection + filing timestamps	AML-021
`beneficial_owners.csv`	UBO register — ownership %, name, customer link	AML-011
`monitoring_rules.csv`	Transaction-monitoring scenario inventory from your AML platform (Actimize / SAS / Oracle FCCM / Hawk AI / etc.)	AML-025
`monitoring_alerts.csv`	Alert volume + disposition stats per scenario	AML-008, AML-012
`staff_screening_log.csv`	HR-side KYE screening history per employee	AML-015
`correspondent_relationships.csv`	Correspondent banking relationship register with review status	AML-016
`trade_finance_invoices.csv`	Trade-finance invoice stream with reference price for variance check	AML-017
`wire_transfers.csv`	Outbound wire log including Travel-Rule recipient metadata	AML-018
`high_risk_jurisdictions.csv`	FATF black/grey list (or your firm's high-risk jurisdiction list)	AML-009

3 Where the pack runs

The AML pack is wired into all 7 ERP connectors: SAP S/4HANA, SAP Business One, Oracle Fusion ERP, Microsoft Dynamics 365, Oracle NetSuite, Sage Intacct, Sage X3, Sage 300 People. It runs automatically as part of every audit — no separate setup step. Cloud connectors (AWS, Azure) do not run the AML pack since the underlying data lives in core banking systems, not cloud infrastructure.

4 Framework citations

Every finding emitted by this pack carries 13-framework citations

Banking-specific: Wolfsberg AML Principles · FATF 40 Recommendations · FFIEC BSA/AML Examination Manual · OFAC Compliance Framework · 31 CFR (FinCEN) · EU 4MLD/5MLD/6MLD · Basel III · CBK CDD Guidelines · SARB / FIC.
Cross-cutting: COSO 2013 · COBIT 2019 · NIST CSF 2.0 · ISO 27001:2022 · CIS v8 · SOX ITGC · SOC 2 TSC · PCI DSS v4 · HIPAA · DORA · NIS2 · GDPR · Kenya DPA 2019.

5 Related

The AML pack covers programme-level controls. For role-pair SoD conflicts on banking transactions (AP/AR, treasury, lending, cards), see the Banking-Extended pack (25 Wolfsberg / FFIEC level rules) and the Cross-System SoD pack (50 multi-ERP conflict rules).