financial-crime-governance

Drafts an enhanced due diligence escalation pack for a higher-risk customer profile (PEP, private banking, foreign correspondent, cash-intensive business, complex ownership, MSB-affiliated, sanctions-adjacent, high-risk jurisdiction nexus, or event-driven trigger). The pack assembles beneficial-ownership chain, derogatory information, source of wealth and source of funds, customer rationale, expected versus actual activity, sanctions-screening posture, conduct-risk indicators, ongoing-monitoring plan, and decision options for the EDD committee. Produces a review artifact only; the EDD committee or designated approver makes the relationship decision. Best for: - A baseline CDD review has flagged EDD escalation and the next artifact is the pack the EDD committee will review. - Periodic refresh on an existing high-risk customer where ownership, activity, derogatory information, or jurisdictional posture may have shifted. - Event-driven refresh triggered by adverse media, sanctions exposure, ownership change, or a regulatory inquiry. - The pack-of-record basis for a relationship-exit deliberation. Not the right tool when: - Baseline CDD has not run; use `cdd-risk-review` first. - The work is alert disposition or SAR decision QA; use `sar-decision-qa`. - The work is a single adverse-media hit triage with no broader EDD context; use `negative-news-triage`. - The work is sanctions-match disposition; use `sanctions-screening-qa`. - The decision being asked for is the final retention, restriction, or exit decision. The skill produces review artifacts; the EDD committee or designated approver decides.

Triages an adverse-media or negative-news hit set against a specific customer or entity for identity confidence, source reliability, recency, materiality to financial-crime risk, and downstream routing. Produces a triage memo and a structured triage record that downstream artifacts (cdd-risk-review refresh, edd-escalation-pack, sar-decision-qa, sanctions-screening-qa) can consume. Does not change customer ratings, file SARs, exit relationships, or re-tune monitoring scenarios. Best for: - Adverse-media hit triage at onboarding, periodic refresh, or event-driven refresh on a named customer. - Bulk triage over a periodic adverse-media re-scan output where the volume is dominated by common-name false matches. - Pre-EDD triage feeding into an EDD escalation pack. - Pre-SAR-decision triage where adverse media is part of an alert's evidence basis. Not the right tool when: - The work is sanctions-screening match disposition rather than adverse media; use `sanctions-screening-qa`. - The hit is already triaged and the next artifact is the EDD pack or the SAR-decision QA; use `edd-escalation-pack` or `sar-decision-qa`. - The work is media-monitoring program design or vendor evaluation; use `vendor-diligence` (in `third-party-operational-resilience`) for the vendor work. - The decision being asked for is a final risk-rating change, an EDD escalation, an exit, or a SAR filing. The skill produces triage artifacts; humans decide.

Quality-reviews a sanctions screening program against named regulatory frames: list-management governance, customer and transaction screening configuration, match-logic and fuzzy-threshold tuning, list-update timeliness, alert disposition documentation, false-positive rationale, escalation paths, 50 Percent Rule and sectoral-sanctions handling, and cyber-evasion exposure. Reads each sampled alert disposition for documented rationale, decision-maker independence, and 50%-rule assessment; produces a second-line QA memo with material findings, evidence-needed items, and recommended decision checkpoints with named owners. Does not approve list configuration, tune match logic, file blocking or rejection reports, close alerts, or make match-or-no-match decisions. Best for: - Periodic sample QA over customer-screening and transaction-screening alert dispositions within a defined review window. - Pre-validation review of screening configuration evidence to scope the next validation cycle. - Pre-exam readiness review of sanctions program documentation against the OFAC Framework five components and the FFIEC OFAC section. - Targeted review after a list-update event (new SDN designations, new sectoral programs, FSE designation changes, virtual-currency-adjacent designations). - Targeted review of sanctions-evasion exposure via cyber and tech (virtual currency, ransomware, mixers, identity manipulation). Not the right tool when: - The work is a sanctions program risk assessment as a whole (this skill reviews QA evidence; the program risk assessment is a different artifact). - The work is AML transaction-monitoring review (use `aml-model-monitoring`; sanctions is real-time list-match, not behavioral). - The work is screening-engine model validation, threshold calibration, or BTL testing (use `aml-model-monitoring`; this skill cross-references but does not redo). - The work is customer beneficial-ownership documentation (use `cdd-risk-review`; the screening QA cross-references for 50 Percent Rule aggregation reads). - The decision being asked for is whether to release, block, reject, or report a transaction or relationship. The skill produces QA artifacts; the sanctions officer (and the firm's escalation chain) decides.

Quality-reviews a SAR or no-SAR decision file against named SAR rules and the FFIEC SAR examination expectations. Reads the alert chronology, investigation steps, evidence considered, disposition, decision rationale, continuing-activity posture, and confidentiality controls; produces a QA memo with material gaps, reviewer findings, and a routing recommendation to the named decision forum. Does not file, decline to file, amend, or close any SAR; SAR filing is a regulated act reserved to the BSA officer or designee. Best for: - Second-line QA over a sample of closed alerts (filed and unfiled) within a defined lookback window. - Targeted review of high-risk alert types (structuring, trade-based, layering, sanctions-adjacent, fraud typology, cyber-event-related). - Review of continuing-activity posture against the firm's documented SAR program (the 90-day continuing-SAR cadence the industry uses is firm policy, not a BSA-rule requirement; the QA reads adherence to the program the firm has, not a uniform external standard). - Pre-exam readiness review of SAR decision documentation against the FFIEC SAR section. Not the right tool when: - The work is alert-generation governance (transaction-monitoring scenario tuning, segmentation, threshold changes); use aml-model-monitoring. - The work is the underlying CDD or EDD posture of the customer rather than the alert decision; use cdd-risk-review or edd-escalation-pack. - The work is a single adverse-media triage rather than a SAR decision; use negative-news-triage. - The decision being asked for is whether to file, amend, or supplement a SAR. The skill produces QA artifacts; the BSA officer decides.

Reviews ongoing-monitoring evidence for an AML transaction-monitoring system, scoping which components of the stack sit inside the model-risk perimeter under the joint interagency model-risk supervisory guidance and which are deterministic rules outside it. Reads data quality, customer segmentation drift, scenario inventory and tuning evidence, below-the-line testing, alert volume and productivity trends, threshold-change governance, and validation evidence; produces a second-line monitoring memo that opens with a model-scoping read and a program-level review, carries the monitoring evidence in named structured sections, and closes with material findings, evidence-needed items, and recommended decision checkpoints with named owners. Does not approve scenario changes, set thresholds, sign off on validation conclusions, or QA individual SAR decisions. Best for: - Annual or quarterly second-line monitoring memo on a production AML transaction-monitoring system. - Pre-validation review scoping what the next validation cycle should cover. - Post-tuning review of a scenario or threshold change and the evidence chain supporting it. - Pre-exam-readiness review of monitoring documentation for the BSA/AML examination. Not the right tool when: - The work is the validation cycle itself; use `validation-plan` in `ai-governance-model-risk`. - The system is being intaked, tiered, or papered as a model card for the first time; use `ai-use-case-intake`, `ai-risk-tiering`, and `model-card-builder` in `ai-governance-model-risk`. - The work is QA over individual SAR decisions downstream of the alerts; use `sar-decision-qa`. - The work is sanctions-screening monitoring; use `sanctions-screening-qa`. - The decision being asked for is approval of a scenario change, a threshold change, or a validation conclusion. The skill produces review artifacts; humans decide.