Main/

Quality Assurance and Control

Quality Assurance and Control is a procedural measure that ensures an FI’s AML/CFT program remains reliable, consistent, and aligned with evolving regulatory requirements. It involves structured, routine reviews of existing controls, regular testing (e.g., sampling transaction monitoring outputs or verifying data feeds), and maintaining feedback loops to identify and resolve procedural gaps. By embedding self-assessment or internal reviews into daily operations, institutions can stay vigilant to weaknesses, confirm that compliance activities (such as staff training completion) are tracked, and continuously refine their AML/CFT processes. This proactive approach preserves the effectiveness of risk detection, fosters robust oversight, and fortifies the institution’s overall defense against money laundering and terrorism financing threats.

[
Code
M0028
]
[
Name
Quality Assurance and Control
]
[
Version
1.0
]
[
Application Level
Strategic
]
[
Functional Category
Organizational & Internal Controls
]
[
Client Lifecycle Stages
Not Directly Related (Pre-Interaction)
]
[
Created
2025-01-23
]
[
Modified
2025-04-02
]

Client Lifecycle Stages

CL0001
|
Not Directly Related (Pre-Interaction)
|

Generally an enterprise-level measure that underpins the entire AML framework, not tied to a specific client contact point. Could arguably be ongoing all the time, but from a client-lifecycle perspective, it’s “outside” direct customer interaction.

Mitigated Techniques

T0012.002
|
Digital Document & Transaction Manipulation
|

Maintain a robust review process that regularly samples electronic transaction records, comparing them with original source files or external confirmations to detect unexplained discrepancies. By systematically verifying data accuracy and integrity, institutions can quickly uncover attempts to tamper with or falsify digital documents.

T0026
|
Automated Transaction Systems
|

Implement continuous QA reviews and tuning of AML rules to reduce false negatives in detecting repetitive or scheduled small-value transfers. Run controlled scenario tests to pinpoint weaknesses in threshold-based alerts and incorporate new typologies linked to automated layering. Ensure that data from diverse payment channels is consistently validated and reconciled for accuracy.

T0150
|
Cryptojacking
|

Regularly review and test AML/CFT and cybersecurity controls to ensure they detect cryptojacking behaviors and wallet flows. Scenario-test monitoring rules against emerging typologies, and update detection logic as new campaigns or mining payout methods are identified.

References

  1. Financial Action Task Force (FATF) & Organisation for Economic Co-operation and Development (OECD). (2018). Guidance for a Risk Based Approach: Life Insurance Sector. FATF/OECD. http://www.fatf-gafi.org/publications/fatfrecommendations/documents/rba-life-insurance.html

  2. The Wolfsberg Group. (2023).CBDDQ Glossary. The Wolfsberg Group. https://wolfsberg-group.org/resources/