Four eye principle in PROD env

AnushaS4 — Wed, 01 Dec 2021 08:46:45 GMT

We are busy with the SAS AML 7.1 implementation and the client is requesting a maker /checker functionality.

Example: AML Scenario can be created/edit by one user and then he checker must review the changes and then only activate the scenario. The client requests that this be done in the prod environment.

Under the roles capability, this does not exist, as scenarios default to active status and there is no way to force the maker to activate.

We are able to cater for this requirement using the Dev and PROD, but in the same environment, there are challenges.

Has anyone does this before?

Thanks

Anusha

Re: Four eye principle in PROD env

Maarten_at_SAS — Mon, 06 Dec 2021 15:20:32 GMT

Hi - seems like you asked the same question as part of another thread. https://communities.sas.com/t5/Fraud-AML-and-Security/User-Management-and-Custom-User-and-groups/m-p/780301#M797

Ou response focused on the checker maker requirement for case investigation. I, now, read that your question focuses on the activation of alert.

SAS AML 7.1 does not support checker maker functionality at the level of scenario administration, but we do keep an audit trail of changes to the scenario status (amongst other things). Additional safeguards will have to be built in to your business processes. There is no out-out-of-the-box functionality to support this requirement and custom-configuring it in this version of SAS AML (7.1) will be relatively complicated and costly. Our current version of AML (8.3) provides you with much better options to build in safe-guard processes, like checker and maker functionality.

topic Four eye principle in PROD env in Fraud, AML and Security Intelligence

Four eye principle in PROD env

Re: Four eye principle in PROD env