Introduction
Version 1.0 - January 2025
Regulatory guidance states that firms must complete independent testing of the effectiveness of their compliance controls. Firms that engage in third party relationships must also demonstrate appropriate compliance oversight of any third parties.
Cable’s Automated Testing tests the effectiveness of a firm’s controls and its adherence to relevant regulatory requirements. Cable ingests 100% of a firm’s customer and transaction data, processes it through an analytics engine, and tests for any single instance of a control failure. Cable’s Automated Testing can be run over a firm’s own data or that of any third party.
This document provides an overview of Automated Testing. Detailed product guides about how to use the product and features can be found here.
Removing the Need for Sampling
Cable’s Automated Testing approach removes the need for manual sampling of accounts, transactions, or other subjects. Instead of sampling a small percentage of subjects to identify any compliance issues, Cable ingests 100% of the relevant subject data and continuously tests them for compliance with each regulatory requirement, updating as new data becomes available.
Frameworks
Automated Testing is organized by Frameworks, where a Framework corresponds to a specific piece of regulation, for example the Bank Secrecy Act (US) and the Money Laundering Regulation (UK).
Each Framework consists of a series of tests, with each test corresponding to a specific required control in the regulation. For example, within the Bank Secrecy Act Framework there is a test, “all customers have provided a name”, which corresponds to the requirement in the Bank Secrecy Act for regulated banks to gather names for all customers.
Tests in a framework are based on regulatory requirements. Many tests are pre-configured based on the relevant regulations, but some tests may be configured based on the risk appetite of the firm. For example, the test “all customers have had ongoing sanctions screening every x months” can be adjusted so that “x” corresponds to a firm’s specific risk appetite.
Each relevant subject (account, transaction, dispute etc) for which Cable receives data is run against each test, with a binary pass or fail being calculated. The results of the tests are available at all times in the Cable web application.
Ingesting Data
In order to run the tests in a Framework, Cable needs to ingest 100% of the relevant data. Firms can send applicable data to Cable via API or SFTP, and Cable can pull data from systems such as Snowflake, BigQuery and Tableau via native integrations. Cable also has integrations with vendors that firms may use for various controls or integrations, such as Alloy, Syntera, Increase and Treasury Prime. Cable’s goal is to make it as easy as possible for firms to get the required data into Cable, so we work closely with our customers to find the best possible integration route.
The data required to run tests depends on the framework. For the Bank Secrecy Act framework, the required data attributes can be seen in our API docs, here. At a high level, it is all data related to the subject (account, transaction, dispute etc), and all data related to any control checks done on that subject, e.g. Customer Identification Program checks.
Ingesting PII and other sensitive data is a responsibility Cable takes very seriously. Cable is SOC 2 Type II compliant, and has been through many rigorous TPRM and VDD processes.
Investigating Issues
If a test fails, Cable generates an alert which contains the number of subjects impacted by the test failure, as well as identifiers the firm can use to investigate the alert further. The alert will capture the history for each subject (when the subject was identified as failing a test, when the subject was reviewed, when a decision was made regarding a subject) as well as a full timeline of activity tied to the alert.
As long as the alert is open, if new subjects are identified as failing the test, they will be added to the same alert. If the alert has been closed and new subjects fail the same test, a new alert will be automatically generated, along with a link to the previous alerts.
Evidencing Compliance
The Cable web application has automated dashboards and business intelligence to make evidencing compliance to stakeholders easy.