Functional role concept


Contents


Administrator

The administrator usually administers the application, configures users and their authorizations or deactivates users after they have left the company.
The administrator also maintains the sanction lists in the system in agreement with the compliance representatives and/or the management board.

The identification parameter need to be configured in order for the check not to become an obstacle for the general processing; and in order for the addresses to be checked to comply with the requirements.

Create a new user

Click on the menu entry Settings → User → User. Here you can see the user details that are already available.

new_image2019-3-14_12-53-19-20240328-070252.png

Click on the button Create to create a new user.

Fill the fields:

new_image2019-3-14_12-54-14-20240328-070442.png

Required fields are no logner displayed. However, enter all relevant data for a better overview.
After you have made all entries, save with the Save button in the top left corner.

You can now assign a role (authorization) to the user. Open the dropdown menu Roles:  

Role assignment part 1

Activate the checkboxes of the authorizations to assign them:

Role assignment part 2

The rule check and rule definition are a special feature and are not relevant in the basic compliance check in CargoSoft!

You can now select the notifications that the user is to receive from the SaCos server:

Notification

Meaning

Notification

Meaning

Classification Reset

Notification upon reset of a classification

Hit

Notification about a hit

Index

Notification after download of documents and lists and creation of an index

Click on the Save icon in the top left corner to finish:

Delete user data

Administrators are also able to delete login data of a user, e.g. after personnel changes.
It is no longer possible to delete user details entirely.
Instead, you can deactivate the login by activating the checkbox locked.

Sanction list administration

The administrator also configures the documents that are to be loaded. Depending on the market and compliance rules, you may need to consider other documents, e.g. embargo and/or sanction lists.

Depending on your compliance strategy, the documents for the functional domains need to be entered in the following table:

These documents are loaded periodocially (preallocation: once per day) and transferred to a search index, which can be evaluated automatically. This process can trigger the transfer of a log file to the administrator and deposits the information about the process in the archive.

Upon creation of a new domain, the system enters a sub-set of generally used embargo lists as examples into the database.

The compliance representative can decide which lists these business objects are to be checked against.

Proceed as follows to import further embargo and/or sanction list.

An embargo lists or other documents against which data are to be checked need to be entered with the following information:

Field

Function

Field

Function

name

File name incl. file format e.g. global.xml

location

URL -  address from which the file is retrieved from the internet.
    (Test this URL before entering it!)

type

Document type - This selection is pre-assigned and supports the process chain and verification management.

validation

Scheme of the document. This attribute is optional and is only required for document type XML.

The scheme have previously been entered on the Schema tab. The scheme is used for the check of the validity of the XML document.

is Active

Indicates whether the document is to be checked. If this checkbox is activated, the document will be checked. This checkbox is activated by default when you create a new list.

If a sanction list in the WWW should no longer be updated or if it is no longer available online and the compliance representative decides that this list is no longer to be used for the check, you can deactivate the check by deactivating the checkbox. Sanction lists cannot be deleted for reasons of verification management.

Finish by clicking on Save.

Identification parameter

In SaCoS you can also modify parameters for the identification of business objects.
You can configure the parameters for every type of business object to identify the objects as precisely as possible.                  

SaCoS distinguishes between the following parameter for the object identification:

1

threshold - Limit email notification

Threshold hit probability for the consideration in the business process.
Starting with this value, the system will send emails and make entries in the table for the classification (ToDo-List).

2

proximity Base - Proxomity factor

Describes the proximity of the attributes or terms of the objects in the documents.
Value 0 stands for the highest compliance of proximity of terms for a search query.
The order of terms is not taken into account. The system ensures that none other than the search terms interrupt the source.
If you increase the value (integrally), terms that are not identified are also allowed to interrupt the source.

The following rule applies:
Rounded (proximity factor/2) * number of terms → allowed interrupting terms

This allows additional gaps in the identification with an increasing number of terms.

3

fuzzy Base - Fuzzy factor

Describes the fuzziness in the attributes or terms of the objects that are to be identified.
This includes spelling variants and errors, etc. For example, a value of 0.8 defines an 80% compliance for a term to be considered in a hit.

Defining sensible parameters

By default, SaCoS contains standard settings for the object types.
These default setttings allow the system to function, but without considering specific circumstances.

Please revise these settings!

Consider the following aspects to find sensible settings:

1

Importance/risk assassment of the check in your business process

2

Data quality of the objects

3

Data qualitity of the documents or sources against which the data will be checked

4

Information structures in these documents or data sources

The qualities of data pools differ tremendously from one another, and specific application cases must be considered as well. There is therefore no standard procedure to find general guidelines.

From an IT perspective, at least a verification of the standard values or a specific optimization are required. Your compliance strategy should take the mentioned aspects into account.

Please note that these recommendations are to be understood as a first approach to the compliance strategy and application of automated checks. Please consider your individual business process and potentially configure other criteria to reach a customiized solution.

The following standard values are available by default:

Please note that these settings are not necessarily available in the system. We do not want to suggest that these values are the correct ones for your individual cases of application.

Please revise these parameters.

Archiving

Depending on your compliance strategy, documents and lists, requests, responses and log files about notifications may need to be stored and archived.

SaCoS provides these information in an archive, where you can download them and store them permanently in file servers in your company.

Make the following settings after the configuration of a new domain.

Configure archiving

As functional administrator, log in to the functional domain for which you would like to configure archiving settings. Click on the button Menu in the upper section of the mask.

A list opens.

Click on Configuration and Environment in the list that opens on the right side.

The table shows the pre-defined configuration opens. Depending on your installations, you may not see all configuration options described below:

  • ARCHIVE _KEEP - Number of days that an archive is to be kept retroactively from the current date. The default value is 7 days.

  • LOG _KEEP - Number of days that the log files, requests and responses are to be kept in the file system retroactively from the current date. The default value is 30 days.

  • ARCHIVE _NAME - Name of the archive object in SaCoS. The default value is Archive.

Data are usually archived once per day. The archives are created automatically.

Download archives

SaCoS provides the archives as tar.gz files.

Every archive has three folders on first level:

  • docs - This folder contains documents with date and time stamp.

  • log - This folder contains the log files of the notifications for hits, the update of the index and the classification resets.

  • traffic - This folder contains the search quests and responses of object identifications.

As functional administrator, log in to the functional domain for which you would like to download the archives. Click on the button Menu in the upper section of the mask.

A selection list opens.

Click on archive.

Click on the detail button of the relevant dataset new_image2019-3-14_12-38-0-20240328-071132.png

A detailed view opens:       

Open the files tab. This tab shows a list of the archives. The archives are named after the date of entry:

                                            year (4 digits) - month (with leading zeros) - day (with leading zeros) .tar.gz

new_image2019-3-14_12-39-45-20240328-071232.png Click on the Download button in the column Filename to download the archive to your client. You can now store the downloaded archives on a file server in your company.

Officer

Control the ToDo list

Hits of objects that corespond to the object structures you have defined are stored in the ToDo-List in the database. If they have been imported via the CargoSoft interface, they always have the status [unset]

In this ToDo-List, the Officer is able to classify the hit.

Before, the officer needs to make sure that this hit is a true hit or a false positive hit.

False positive hits may occur if the identification of business objects can be traced back to general attributes only - e.g. the name in case of persons. Names are rather poor identification features for persons since similarities or duplicates are frequent.

A manual classification can prevent this problem. If the name of a contact person is similar to a person in the Denied Person List (DPL) and if you can rule out that this is the person in the DPL, you can classify the hit as Good. Another check would not produce a hit and you can continue.

If the check was conducted by the officer, the object can now be classified. Double click on the button Hit Classification to see the possible features:

Select a classification and confirm by clicking Save

Validation of ToDo lists

The classification and the reset shall be considered in the compliance strategy.

User

Users only have access to the search mask. They can enter search attributes and see the corresponding hit lists. Users are not authorized to classify.

Users that would like to acces SaCoS through another application - e.g. CargoSoft - must be registered as users in SaCoS..