REGULATORY COMPLIANCE MANAGEMENT SYSTEM
Scott Logic worked with a leading UK Retail Bank to develop a regulatory compliance management system for the Financial Crime Team.
.NET REPLACEMENT OF LEGACY SYSTEM
We developed a Regulatory Compliance Management System for use by the client’s Financial Crime team to manage Dispensations, Waivers, Exceptions and Breaches against the Sanctions, Anti-Money Laundering and Anti-Bribery & Corruption Group policies.
- ASP.NET 3.5
- Castle Windsor
- SharePoint 2007
- SQL Server 2008
The client’s legacy system for capturing regulatory compliance events had been written using Microsoft InfoPath running inside Microsoft SharePoint. The client had determined that the existing solution could not support the addition of the client’s new and future requirements.
A new system was planned as a replacement, with all existing data to be migrated to the new system. The development also called for many additional features to support new reporting requirements, such as those from the US Department of Justice.
DESIGNED FOR TESTING AND EXTENSIBILITY
Scott Logic provided the entire development team for the project, working alongside the client’s product owner and infrastructure team who were based in London.
During the initial design process for the migration we decided to use a Model-View-Presenter design pattern for the ASP.NET WebForms pages that make up the site. SharePoint 2007 doesn’t support the use of ASP.NET MVC and using the standard ASP.NET WebForms design pattern wouldn’t have allowed a unit testing suite to be developed that tested all of the existing functionality. Our comprehensive test suite allowed the development team to continue with adding new requirements secure in the knowledge that the existing functionality would not be impacted.
As part of the development process we developed a series of PowerShell scripts to automate the deployment process. These scripts allowed the system to be deployed and undeployed very easily on the multiple platforms on which the application runs (our test environment, the client’s test environments, and the client’s live environment). As well as copying the necessary files the scripts also performed all the configuration steps that were required for the system.
It was clear to us that extensibility was key for the new system. Due to the nature of regulatory compliance there can be frequent changes to the data required to meet reporting requirements for the various jurisdictions that the client operates in (such as the Dodd-Frank Wall Street Reform and Consumer Protection Act in the United States). We designed the system to ensure that any changes that were required were simple to make.
Usability was a major requirement at all stages of the project. The users of the system are members of the client’s regulatory compliance team and needed to have a system that was easy enough for them to use, but powerful enough to meet the requirements of their business processes.
IMPLEMENTATION OF NEW REQUIREMENTS
Once the initial migration was completed we worked with the client team to gather a full list of new requirements and prioritised these using an Agile delivery process. This allowed the client to manage the UAT process on their infrastructure while we concurrently implemented the new features.
We carried out the migration and implementation of the entire system including:
- Event management. The system allows the seven different types of compliance event to be recorded and managed through the client’s business processes.
- Diarised actions. Based upon the data for a compliance event the system automatically diarises actions for any follow ups that are required for the compliance event.
- Reporting module. The compliance events added to the system can be searched based upon the entire set of criteria available. Results from the search can be exported in Excel format for use by the client in their business processes.