Sanctioned Party List Screening: Ensure Compliance in Trade

A sanctioned party list contains persons and companies with whom trade is prohibited by law. Sanctioned party lists are issued by government agencies and are binding for all traders. Failure to comply with financial or trade sanctions is a criminal offence in many countries.
During sanctioned party list screening, you compare your business partner addresses with the addresses on the relevant sanctioned party lists. When you export goods, for example, you can automatically compare the consignees’ addresses with the sanctioned party list.

Lists that might be relevant to you:
Consolidated United Nations Security Council Sanctions List – UN
Consolidated list of persons, groups and entities subject to EU financial sanctions (CFSP) – EU
Consolidated list of targets – HM Treasury, UK
Denied Persons List (DPL) – US Bureau of Industry and Security
ITAR Debarred (DTC) – US State Department
Entity List (EL) – US Bureau of Industry and Security
Foreign Sanctions Evaders (FSE) – US Treasury Department
Non-SDN Iranian Sanctions Act List (NS-ISA) – US Treasury Department
Nonproliferation Sanctions (ISN) – US State Department
Part 561 List (561) – US Treasury Department
Palestinian Legislative Council List (PLC) – US Treasury Department
Specially Designated Nationals (SDN) – US Treasury Department
Sectoral Sanctions Identifications List (SSI) – US Treasury Department
Unverified List (UVL) – US Bureau of Industry and Security
List of the State Secretariat for Economic Affairs (SECO) – Switzerland

We have set up a new service at sanctions.io where we offer easy access to a consolidated database of sanction lists either through our website or using our API in your own application. REMEDYNE will provide out of the box sanction lists scans for SAP applications with its new product release REMEDYNE Continuous Monitoring 2.0 (planned release date is early 2017).

Privacy Compliant Continuous Monitoring

ERP systems lawfully collect and store data for the purpose of executing the regular business processes of a company. Privacy law covers the case of investigating on a case-by-case basis for given clues for e.g. an error or a criminal offense. However, this exemption does not cover a continuous analysis of audit data and screening for fraud evidence. (Source: “Privacy Compliant Internal Fraud Screening” by Ulrich Flegel, http://link.springer.com/chapter/10.1007%2F978-3-8348-9788-6_19)
REMEDYNE Continous Monitoring also has checks delivered by REMEDYNE that use personal data as defined by law in the EU and countries world-wide (for example, user IDs; see e.g. http://ec.europa.eu/justice/data-protection/).
To stay compliant with applicable law in your country, you can deactivate checks that use personal data.
Furthermore REMEDYNE has a built-in data protection mode that can be switched on easily and that will remove all personal data from alerts that REMEDYNE will create.

New Features in REMEDYNE Fraud Prevention

We have released version 1.4 of our SAP ERP Add-On that helps detecting and resolving fraud, errors and operational inefficiencies. With this new release we have focused on making the software even easier to use.

Drill down
Users that investigate alerts in the tool now have direct access to detailed information on master data, accounting documents, and so on. A double-click on the data in our case management transaction drills down to the related SAP transaction and immediately displays the specific information. This enables investigators to quickly access all information they need to derive a conclusion.

Workflows
In addition to the built-in and ready to use workflow to approve/reject alerts created by the system and send emails, customers can now configure workflows with complex logic, several approval steps and full activity trace. Users can also upload supporting documentation.

For more information on REMEDYNE Fraud Prevention download our white paper:
https://remedyne.de/public_html/wp-content/uploads/2015/03/REMEDYNE140_overview.pdf

REMEDYNE Fraud Prevention now SAP Certified

SAP AG has certified that REMEDYNE Fraud Prevention integrates with SAP applications. REMEDYNE’s fraud detection intelligence for ERP and the UI5 component using NetWeaver Gateway have been tested and passed certification. Both components are add-ons to NW AS ABAP. REMEDYNE is a fully integrated add-on to SAP ERP to detect and prevent fraud and errors and supporting effective case management processes to quickly resolve any issues detected. Read our press release here.

REMEDYNE – Fraud Prevention

REMEDYNE helps companies to detect, investigate, and prevent fraud and errors. The software continuously analyzes business partner and transaction data with proven analytics, and enables managers and experts to conduct an effective investigation and quickly decide on each alert and take action.
With REMEDYNE, financial losses can be prevented, and operational efficiency increased. Customers can add own checks to address specific risks.

Some key features:
– Many pre-defined checks that are based on extensive research and experience in forensics and audit
– Access to alerts anytime, anywhere, with mobile device support (UI5)
– Workflow support to investigate alerts and take action
– Easy to deploy (SAP add-on), customize, add own checks
– Pricing based on company size, no limit on number of users

WHO is the user, WHAT can he do, and can you PROVE it? – How REMEDYNE fits into the security portfolio.

These questions are the business perspective on information security. IT can deploy various solutions (tools and processes) to address these questions.
One simple taxonomy for these solutions in the SAP space is this:
– Solutions that provide a trustworthy computing environment: security patches; secure ABAP code (secure coding practices, code reviews/scans); secure system configuration (implement SAP’s security guides, use Solution Manager’s Configuration Validation); the change management process
– Authentication mechanisms (WHO?): strong passwords, or even better strong, i.e. multi-factor authentication
– Access rights, segregation of duties (WHAT?): SAP authorizations
– Confidentiality, Integrity: includes all of the above, plus encryption of communication, and protect your SAP database and backups
– Monitoring (PROVE?): SAP table logging, change documents, logs
There is another layer around these levels, that consists of supporting tools. Examples include SAP GRC Access Controls, Identity Management, Single Sign-On. Essentially, they make IT and user’s life easier and help saving money through automation.

The security controls listed above aim to provide a secure environment so that nothing bad can happen. They establish security bottom-up.
REMEDYNE and other transaction monitoring solutions are not in the list because I want to highlight their special nature, complementing your controls already in place:
REMEDYNE analyzes WHAT users actually do (not what they can do, like e.g. SAP GRC AC does) in a definitive way (PROVE). And it directly shows the impact on your business.

Fraud Prevention Solutions for SAP

SAP Fraud Management/Financial Crime Platform, Oversight, REMEDYNE. This list is not exhaustive, but those are the products that we have listed on our own website. How do they compare to each other?
SAP Fraud Management/Financial Crime Platform: big data tool, helps customers to investigate fraud patterns that are uncommon and hidden in huge numbers of transactions. Leverages SAP HANA.
Oversight: strong analytical capabilities when data from different sources has to be combined, e.g. SAP and credit card data, and comes with pre-defined checks for travel expenses and other employee expenses.
REMEDYNE: continuous audit/transaction monitoring for SAP. Checks for procurement, accounting, inventory, order-to-cash, …

Take action and fight fraud now!

Every organization is subject to fraud and loses a significant share of its revenue to errors and fraud. REMEDYNE helps you driving down this number and to increase operational efficiency.

Get in touch with us to learn more and for a demo!

Configuration Validation

SAP’s Frank Buchholz gave a highly interesting presentation at TechEd that is available for download here: https://saptechedhandson.sap.com/demo.sap.com~vi~web/content/SIS262.pdf.
I like the configuration validation feature in Solution Manager, really useful for e.g. RFC and gateway security.

Hello World!

REMEDYNE’s new website is online. Special thanks to Sebastian Klammer who helped with the corporate design and setting up our website, Sebastian is a true artist!
We shall update our website regularly, so come back and check for news. Also feel free to get in touch with feedback, ideas, or just to say hello.