Getting Started with Assurance

An introduction to Cable Assurance and how to use it to manage your financial crime controls and requirements

In a nutshell, Cable provides automated assurance of your financial crime controls and requirements.

We ingest your customer and/or transaction data, process it through our analytics engine, and continuously test for any regulation breaches, control failures, or other risks.

If we find any, we surface them for you as “Trails” in the Cable web app. The “Assurance page” provides you with a real-time view of your financial crime health.

This has several benefits over more traditional approaches (e.g. dip sample testing):

  • we test 100% of your accounts
  • we test all the time
  • we identify not only any potential problems with your controls, but also how many customers/transactions are impacted, so you can take informed action

Guide to Using Cable

If Cable identifies any issues as a result of automated testing, then these are surfaced in the “Paper Trails” section in the Cable app for your team to investigate.

Types of Trails

What do the Paper Trail tags mean?

Each Paper Trail has a coloured tag showing what type of Trail it is. Trails can be Breaches, Failures, Risks, or QA

How does Cable determine which type of Trail to surface?

  • Breaches: Cable agrees with you in advance on the regulatory requirements your company must adhere to. If we find something in the data that indicates one of those requirements is not being met, we’ll surface a Breach. You can see the full list of requirements Cable is currently offering assurance over in the Assurance page
  • Failures: Your company has given Cable a list of their controls and Cable is testing to ensure that they are working as expected. If we find something in the data that indicates the control has failed, we’ll surface a Failure. You can see the full list of controls Cable is currently testing in the Assurance page.
  • QA: Your company has given Cable a list of requested parameters for QA samples. QA is used when human review is required (something that cannot be tested automatically).
  • Risks: anything else! This is the widest bucket - we can flag specific behaviour you’d like us to monitor and we’ll also identify any risky behaviour or trends we detect.

Sample size

Cable tests 100% of the data that is provided and surfaces the relevant accounts depending on the type of Trail.

  • Breaches: 100% of the accounts are surfaced
  • Failures: 100% of the accounts are surfaced
  • Risks: this may vary depending on the risk we’ve identified. For basic Risks, we’ll surface all the relevant accounts (ie account owners with invalid emails). For Risks showing an increase over time, we’ll surface the relevant accounts within the specified time period.
  • QA: Your company sets the sample size for QA for each Trail. You can see the relevant sample size in the yellow parameter box inside each Trail.

How to review different types of Trails

Breaches and Failures

Cable provides automated Assurance over your financial crime controls and lets you know if we’ve identified that one is not working as expected or that you may have breached a regulatory requirement.

When reviewing a Breach or Failure, ask the following:

  • Is the Trail accurate? (ie is the date of birth invalid)
  • Did we believe this behaviour would be prevented but it was able to occur? (a control failure)
  • Do the specific accounts require remediation? Why or why not?
  • Do you understand how this occurred? Ie was a control not working as expected or was this actually a control gap?

For both Breaches and Failures, it’s possible that you will not have any concerns with the individual accounts or that they have already been remediated. It’s important to make sure you’re reviewing whether a Failure actually occurred - for example, if the account was onboarded with an invalid DOB, this may indicate a failure in the onboarding flow, even if the DOB was eventually collected.

Risk

Cable will also surface issues if we identify behaviour that could indicate financial crime risk. Unlike Breaches and Failures, the default assumption is that controls are working as expected.

When reviewing a Risk, ask the following:

  • Is this risky?
  • If so, do the specific accounts require any remediation?
  • Does this indicate a control gap we want to consider closing?

If you do not believe the risk warrants remediation, you may not need to review 100% of the accounts surfaced.

QA

The content and cadence of QA Trails are set by your team as are the questions/answers for each review.

When reviewing a QA Trail,

  • Answer the specific questions for each account or transaction
  • Add comments whenever there are negative findings or when you identify trends.
  • Your closing comment should address whether there are any actions needed and a qualitative summary of the findings (the Trail will automatically provide a summary of the stats).

Trail Actions

Account Status & Comments

When reviewing an account, mark the status as “in review.” This allows your team members to work from the same Trail without duplicating reviews.

For each account, you should determine whether or not remediation is needed. Is the issue that Cable identified present on that account? Is change required?

Log your decision by selecting “remediated” or “no remediation”. If you are remediating some accounts but not all, be sure to capture your rationale in the comments.

To add a comment, click anywhere on the account row to expand the details to find the Add comment button. You can add multiple comments and tag team members as well by typing in @[user name]. You will not be able to edit or delete comments after you post it.

Create Action Items

As you’re investigating accounts flagged in paper trails, you can add actions, set a due date, and assign them to yourself or other team members. Actions added across all paper trails will be consolidated in a list on the Actions tab in the left navigation menu.

Closing a Trail

When you are ready to close a Trail, you’ll be prompted to answer whether the source of the issue has been resolved.

  • Yes - we identified an underlying issue that contributed to this breach/failure/risk occurring and it has been fixed. We would not expect this to occur again.
  • No - there is an issue that contributed to this occurring but it has not been fixed. This could occur again.
  • Temporarily - there is an issue that contributed to this occurring and we’ve implemented a temporary (likely manual) solution that should cover us for now. This could still occur again.
  • Not an issue - there was no issue. This was not a breach or failure and we do not believe there is any risk.

Your closing comment should provide context around what you identified - if this was an issue that has been fixed, link to the ticket/document or add details about the solution. If this is still undergoing investigation, add all the relevant info. If you’re selecting not an issue, add context on how you determined that.

Anatomy of a Trail

  1. Title: what issue occurred. The number in the title indicates how many accounts have not yet been reviewed. This includes any accounts that are in the “Unreviewed” or “In Review” status.
  2. Total: how many total items have been affected by this issue. Items can include accounts, beneficial owners, cardholders, transactions, etc
  3. Tags: type of Trail and area of the fincrime framework
  4. Open: length of time the Trail has been open
  5. Priority: to be set by your team
  6. How many times this issue has occurred: If there was a previous Trail for this same issue, we’ll link directly to the older Trail
  7. Owner: assign an owner
  8. Item list: Identifiers for the subject of the Trails (customers, beneficial owners, accounts, transactions)
  • Expanding a row will show you the entire audit history (when the account was added to the Trail and who updated the status)
  • The right side shows the timeline of the Trail - when it was raised, who was assigned as the owner and any comments you’ve left.
  • You can tag team members in the comment which will trigger notifications for them.
  • If you include an Item ID in your comment, you can search for that specific ID in the item list.

Using Reports

You can create automated reports via Cable by selecting any relevant Trails to add to a Report.

  1. From the Paper Trails or Reports page, select Create new report from the top right corner.
  2. Add a title for your report - this is how it will appear in your saved reports list.
  3. Select which Trails you’d like to include in the report. You can filter by type of Trail, toggle to view closed Trails, or search by the name/key words.
  4. Click “Download Report” at the bottom of the page. This will save the report and trigger the download as a docx file.

Report content includes:

  • The title you entered above
  • The date and person who created it
  • A summary including:
    • the number of Trails
    • the date range they cover
    • their status
    • the number of impacted accounts
  • A detailed overview of each Trail, including:
    • number of days the Trail was open / when it was opened
    • current status
    • breakdown of accounts by status (unreviewed, remediated, no remediation)
    • the owner of the Trail and contributors
    • the latest comment (hint: this is why you should write detailed closing comments)

You can add any context or other details to the report in the editable .docx file

Pro tip: If your report is about QA Trails, you may also wish to include a screenshot from the QA Dashboard