.

FCM Suite LINUX

Installation Guide

1
0.1 Version (October 2015)

Internet

Visit our home page: http://www.temenos.com

Temenos Company
2 Rue de lEcole-de-Chimie
CH - 1205 Geneva
Switzerland

The information presented is subject to change without notice. Temenos assumes no responsibility for
inaccuracies contained herein.

Copyright Temenos Headquarters 2007, 2016. All rights reserved.

This product contains computer software documentation which is the property of Temenos. The
information must not be made available to, or copied or used by anyone outside Temenos without its
written authorization.

Not to be used or disclosed except in accordance with applicable agreements.

2
Table of Contents

Contents
1. About This Publication ..................................................................................................................... 5
1.1. Who should read this publication .......................................................................................... 5
1.2. Related information ............................................................................................................... 5
1.3. Document pertinence ............................................................................................................ 5
1.4. Audience ............................................................................................................................... 5
1.5. Special Conventions ............................................................................................................. 6
1.6. Summary of Changes ........................................................................................................... 6
1.7. Introduction ........................................................................................................................... 6
1.8. Prerequisites ......................................................................................................................... 7
1.9. Extracting the FCM Package ................................................................................................ 7
1.10. Installing the JDK and setting up JAVA_HOME ................................................................... 8
2. Setting up the FCM database .......................................................................................................... 9
2.1. Oracle .................................................................................................................................... 9
2.1.1. Create the DB .................................................................................................................... 9
2.1.2. Populate the FCMDB schema ......................................................................................... 10
3. Deploying the FCM Suite on JBoss EAP 6.x ................................................................................. 14
3.1. Setting up the Database Connection on the Application Server ......................................... 14
3.2. Importing the Rules Bases .................................................................................................. 15
3.3. Starting and Stopping the Application Server ..................................................................... 16
3.4. Login into the FCM User Interface for the First Time.......................................................... 16
4. Setting up Screen .......................................................................................................................... 18
4.1. Loading the Public Watch lists ............................................................................................ 18
4.1.1. First configure the DB connection ................................................................................... 18
4.1.2. Download the Public Watch Lists .................................................................................... 18
4.1.3. Import the Lists ................................................................................................................ 18
4.1.4. Run the Auto-Acceptance ............................................................................................... 19
4.1.5. Review the Lists .............................................................................................................. 20
4.1.6. Export the Sanctions Lists ............................................................................................... 21
4.2. The Screening Engine ........................................................................................................ 22
4.2.1. Providing Screening Redundancy ................................................................................... 22
4.2.2. Setting up the Screening Engine ..................................................................................... 22
4.2.3. Starting the Screening Engines ....................................................................................... 22
4.2.4. Making the Application Servers aware of the Screening Engine .................................... 23
3
 4.2.5. Testing Screening Works ................................................................................................ 24
4.3. The CIF Loader ................................................................................................................... 25
5. Setting up Profile............................................................................................................................ 27
5.1. Installing the Profile Engine ................................................................................................ 27
5.2. Running the Accounts Loader............................................................................................. 28
5.3. Running the Transactions Loader ....................................................................................... 28
6. FCM Basic User Management ....................................................................................................... 29
6.1. Default Users and Roles ..................................................................................................... 29
6.2. User Management at Operations Level .............................................................................. 30
6.3. Functional access to the FCM modules .............................................................................. 31
7. Troubleshooting ............................................................................................................................. 33

4
1. About This Publication
This publication describes how to complete an installation of one or several of the FCM Suite
modules:

Screen
Profiling
KC+

1.1. Who should read this publication

This publication contains information for the person who will install the FCM. Before you perform any
of the steps documented in this publication, you must understand the general features and
requirements of FCM.
Once you have installed the FCM, you have an operational FCM environment.

1.2. Related information

For information about Temenos products, see: Temenos Company Web site
(http://www.temenos.com)

For information about related products, see:

- Alert Manager Users Guide,

- Profiling Users Guide,
- Rule Manager Users Guide,
- Reports Users Guide,
- Security Users Guide,
- KC+ Users Guide,
- Watch List Manager Users Guide,
- Web Inquiry Users Guide,
- Rule Editor Users Guide,
- Application Run Manual.

1.3. Document pertinence

This document applies to the FCM Suite projects.

1.4. Audience

This guide is intended for engineers responsible for installation and day-to-day maintenance of the
application.

5
1.5. Special Conventions

Conventions used in this guide:

Convention Meaning
Bold - Object of an action: menu names, field names, options, button names
- Commands typed at a prompt
- User input
Italic - Names of books, chapters and sections as references
- Emphasis
Monospace - Directories and subdirectories
- File names and extensions
- Process names
- Code sample, including keywords and variables within text and as separate paragraphs,
and user-defined program elements within text
<Variable> - Substitute input value

1.6. Summary of Changes

This publication contains additions and changes to information previously presented in FCM Linux
Installation Guide.

General changes -
New information -
Changed information -
Deleted information -

1.7. Introduction

This document describes how to install the FCM Suite modules on the following environments:

- Platforms
o Linux Systems

- Databases
o ORACLE

By following the approach detailed in this document, the user is able to create a standard FCM
installation.
This document is specific to build an installation on the above environment. For other environments
please contact Temenos FCM for the appropriate installation package.

6
1.8. Prerequisites

Before beginning the FCM installation process, make sure that the following prerequisites are in
place:

1. The following is installed:

- The database management system is deployed on a dedicated server or the FCM

target server platform;
- An updated version of the operating system is installed on the target server platform.

2. There is sufficient available disk space for the engines and application server on the target
platform. The minimum recommended space requirement is 10GB.
3. There is sufficient available disk space for the FCM DB on the database server. The minimum
recommended database space requirement is 50GB.
4. Administrator privileges on the database server (including DBA) and the target platform.
5. If integrated with T24, then on T24 should be installed and updated the following modules:
- IF
- VL
- VP
Important:
The DW Export application should be present and configured properly.
The Design Studio application should be installed and configured properly.

1.9. Extracting the FCM Package

The FCM package contains two zip files, one containing the JBoss application server preconfigured
for FCM and the other with the command line engines, tools, samples and documentation. The names
of the compressed files will follow this format:

FCM_os-platform_db-type_content-type_date-tag_time-tag.zip

E.g.: FCM_linux64_oracle_ui_20150824_225025.zip
FCM_linux64_oracle_engines_20150824_225025.zip

Verify that the OS-platform and DB-type match the target operating system and the database
management system in place for the FCM installation.

Unzip the packages into a directory of choice on the target machine. Ensure that there are no space
characters on the path to the FCM root folder. Once all the files are uncompressed, you should find a
FCM root directory with the follow structure:

Note: Further along this installation guide, the FCM root directory is denoted as <FCM_ROOT>.

7
1.10. Installing the JDK and setting up JAVA_HOME

The FCM suite depends on the Java SE Development Kit (JDK) to run the applications. The FCM
package includes a JDK version that has been fully certified to run all the applications. It is highly
recommended to use only the included JDK.

The JDK, including the JRE, need to be installed at the OS level by a system administrator with root
privileges. There is an rpm package provided under <FCM_ROOT>/Java, which requires installation.
jdk-7u80-linux-x64.rpm

Under a root session, install the JDK:

The JDK should be installed under /usr/java/jdk1.7.0_80

The JAVA_HOME environment variable must be set to the location where the JDK is installed. It is
necessary to set this variable once in the user session to ensure that the appropriate JDK is called for
all the FCM applications.
export JAVA_HOME=/usr/java/jdk1.7.0_80
JAVA_HOME can also be set permanently under the user profile, by adding the environment variable
in ~/.bash_profile.

8
2. Setting up the FCM database
This section describes how to set-up the database for FCM. The database creation scripts must be
run on the database server. If the database management system is installed a separated dedicated
server, copy the db_scripts folder included in the FCM suite onto a suitable location on this server.:

2.1. Oracle

Logged on the database server with a user with DBA privileges, verify if the environment variable
ORACLE_HOME is set, and the PATH includes $ORACLE_HOME/bin.

LauAmlLinOrcl(amltest):~#export ORACLE_HOME=/aml/oracle/server
LauAmlLinOrcl(amltest):~#export PATH=$PATH:$ORACLE_HOME/bin

2.1.1. Create the DB

1. To create the database call the Oracle Database Configuration Assistant:

LauAmlLinOrcl(amltest):~#dbca

2. In Oracle Database Configuration Assistant select Create Database, then click Next:

9
 3. In the Global Database Name, enter the SID for the new database. Choose an appropriate
location for the tablespaces, and make sure that the FCMDB .uses UTF-8 character set.

4. The database creation is completed:

2.1.2. Populate the FCMDB schema

1. Once the database creation is completed, go back to the Linux shell, change the directory to
<FCM_ROOT>/DB_Scripts/ORACLE.

2. Edit config.lnx. The file contains a line with 4 fields separated by space. Update this
information with the details of the FCM schema to be created.

10
 DB CONFIGURATION PARAMETERS:

SID The SID of the database created in 2.1.1.

Schema/User The common name of the schema and user to be

Name created

Password Password to be used to connect to the schema

Datastore The file location of the tablespaces where the FCM

location database components will be created.

3. Run the schema creation script:

./ORA_create_FCM_db_and_user_from_config.sh.

The master shell script is launched to populate the database with the FCM components. The
output should be as follows:

11
4. A log folder is created in /db_scripts/ORACLE/logs. The log folder will contain the
detailed output generated by the DB initialization scripts. Review the logs following the
completion of the DB schema creation script:

5. Test the connection to the database and execute the FCM DB level status script called
<FCM_ROOT>\db_scripts\ORACLE\VRDIFOP1_Differentials.sql

export ORACLE_SID=FCMDB
sqlplus model2/ABCdef01
SQL*Plus: Release 12.1.0.1.0 Production on Thu May 21 11:48:12 2015
Copyright (c) 1982, 2013, Oracle. All rights reserved.
Last Successful login time: Thu May 21 2015 11:46:09 +02:00
Connected to:
Oracle Database 12c Release 12.1.0.1.0 - 64bit Production
SQL> SET NEWPAGE NONE
SQL> SET PAGESIZE 0
SQL> SET SPACE 0
SQL> SET LINESIZE 16000
SQL> SET ECHO OFF
SQL> SET FEEDBACK OFF
SQL> SET VERIFY OFF
SQL> SET HEADING OFF
SQL> SET TERMOUT OFF
SQL> SET TRIMOUT ON
SQL> SET TRIMSPOOL ON
SQL> SET COLSEP |
SQL> spool VRDIFOP1_Differentials.txt
SQL> @VRDIFOP1_Differentials.sql
SQL> exit

6. Display the output file VRDIFOP1_Differentials.txt created in the previous step. You
should get a list of all the DB modules (see screenshot below). Check that all the modules
display the Latest Version status.

If any of the modules (other than PROFILE(1)) appears as Not Installed or is not at the
Latest Version, then a problem has occurred with the DB installation. Troubleshoot by
reviewing the DB installation logs or contact the FCM Support Team

12
13
3. Deploying the FCM Suite on JBoss EAP 6.x
The extracted FCM package includes a folder with a JBoss pre-configured to run the FCM Web
Application. It is necessary to set the database data sources to reference the FCMDB created on the
previous chapter.

3.1. Setting up the Database Connection on the Application Server

The database configuration is defined in standalone.xml file that is located in

<FCM_ROOT>/JBoss/standalone/configuration.
This configuration file defines the database connection for all data sources used by the FCM module.
The data source is a set of XML statements delimited by <datasource> and </datasource> tags.
The JBoss included in the package is pre-configured to connect to a database running on the same
host (localhost) reaching the default a Linux Server TCP/IP port 1521. The default settings must be
replaced by values that match the environments target database.

<datasource jta="false" jndi-name="java:/jdbc/com/viveo/ingissa/coreDS"

pool-name="coreDS" enabled="true" use-ccm="false">
<connection-url>jdbc:oracle:thin:@localhost:1521:FCMDB</connection-url>
<driver>oracle</driver>
...
<security>
<user-name>model2</user-name>
<password>ABCdef01</password>
</security>
...
</datasource>

Where:

DB CONNECTION PARAMETERS:

localhost Replace with the IP Address of the

database server

1521 The TCP port where the DB instance

accepts incoming connections

FCMDB The name of the FCM Database

model2 The username to login to the FCM

database

ABCdef01 The login password

Note: You need to modify all the data sources (there are 6 in total).

14
3.2. Importing the Rules Bases

The FCM application server works according to a set of workflow and interface rules. The rules bases
are XML files that contain the functional information that define:

- Access to FCM Suite modules;

- Items that appear on the screens;
- Actions that are allowed for a screen;
- Rule to transition from one screen to the next.

The FCM installation package includes a set of pre-defined rules bases that, include sufficient
functional elements for the installed FCM application to work out of the box. The default rule bases
can also be used as templates to create workflows adjusted to the particular requirements of the
business environment where the installation takes place.

The sample rules bases are located in <FCM_ROOT>/Tools/rules-cli/bin/rulebases. There

is at least one rules base for each functional module. The sample rules bases need to be imported
into the FCM system, using a rules command line tool provided in the package
<FCM_ROOT>/Tools/rules-cli.
Before importing the rules, open <FCM_ROOT>/Tools/rules-cli/bin/jdbc.properties and
configure the FCM database where the rules are stored and read by the application server.

connection.url= jdbc:oracle:thin:@localhost:1521:FCMDB
connection.username=model2
connection.password=ABCdef01
connection.driver_class= oracle.jdbc.OracleDriver

Follow the same method as with the JBoss data sources by replacing the default DB configuration
with the identifiers of the target installation database server.
Go to <FCM_ROOT>/Tools/rules-cli/bin and run rules-import-all.sh.
Review the screen output and the log file resulting from the import process.

15
3.3. Starting and Stopping the Application Server

The application server can be started by running the batch run_temenos.sh, located in bin folder
of the JBoss installation (<FCM_ROOT>/JBoss/bin/run_temenos.sh). If running on the
foreground, you will need to keep the session open while the server is running.
To stop the application server, interrupt the JBoss by pressing <Ctrl>C on the session where it is
running.

3.4. Login into the FCM User Interface for the First Time

With the FCM JBoss running and the application rules loaded into the system, it is now possible to
consult and if needed modify the rules bases on the user interface.

1. Open the http://localhost:8080/vrisk/vrules URL

2. Log in as admin1 using the password Temenos1!

Using the drop down list, verify that each FCM module has an associated active rules base. The
green flag status denotes an active rule base.

16
Below is a summary of the rules bases imported into the application:

Module Code Description Rules Base Notes

ALERT.TRN.COFI FT & CUST online 4 eyes, 2 4 eyes review active by default,

screening eyes 2 eyes can be activated
ALERT.TRN.HOBM Halt of Business No rules base Legacy module, not part of FCM, should
Management be ignored
ALERT.CIF.COFI Customer Batch 4 eyes, 2 4 eyes review active by default,
Screening eyes 2 eyes can be activated
RULES.MNGMNT Master rule base to Default Mandatory rule base, normally not
manage the rules subject to modifications
REPORT Reports Default Can be modified to meet specific
requirements
SECURITY Rules base to Default Mandatory rule base, normally not
manage security subject to modifications
ADVISOR Skips Wizard Default Optional, default rule base has no
assigned users role
WATCH Sanctions Lists Default Can be modified to meet specific
Management requirements
CUSTOMER KC+ Default Can be modified to meet specific
requirements
ALERT.PROFILING.ENTITY Profile 4 eyes, 2 4 eyes review active by default,
eyes 2 eyes can be activated
WEB_INQUIRY Web InquiryTool Default Can be modified to meet specific
rule base requirements

17
4. Setting up Screen

4.1. Loading the Public Watch lists

Watch-cli is a command line interface sub-module that allows the import, acceptance and export of
the Interdict lists, which can sometimes also be referred to as Sanctions or Watch lists. Watch-cli can
be found under <FCM_ROOT>/engines/watch-cli.

The installation package is pre-set to load the three reference Public Sanctions Lists: OFAC, UN and
EU. These lists include Financial Crimes persons and entities sanctioned worldwide. The information
is published on the organizations web sites with free access by any member of the public.

4.1.1. First configure the DB connection

Similar to the previous modules that depend on the FCM database, it is necessary to configure the
DB properties on <FCM_ROOT>/engines/watch-cli/bin/jdbc.properties. Replace the
default connection with the database identifiers that are appropriate for the installation environment.

4.1.2. Download the Public Watch Lists

You can attempt to download the latest updated Public Watch Lists from the World Wide Web.
Included in the Watch-cli module is a command script to download the OFAC, EU and UN lists:
<FCM_ROOT>/engines/watch-cli/bin/watch-lists-download.sh.

The information is obtained in XML format and stored in the /watch-cli/bin/Sanction_Lists

sub-folder with the sources clearly identifiable by the file names:

LauAmlLinSrv(amltest):/FCM/engines/watch-cli/bin/Sanctions_Lists#ls -la
total 15248
drwxr-xr-x 2 amltest amltest 4096 Aug 24 22:42 .
drwxr-xr-x 4 amltest amltest 4096 Oct 14 09:29 ..
-rw-r--r-- 1 amltest amltest 5994903 Oct 12 15:55 EU.xml
-rw-r--r-- 1 amltest amltest 7708394 Oct 7 20:49 OFAC.xml
-rw-r--r-- 1 amltest amltest 1896258 Oct 3 00:41 UN.xml

Note: The success of the download depends on the availability of an Internet link. Firewall restrictions
to these sites are also likely to play a part in preventing downloads. Confer with the customers
support team to determine how the updated lists can be obtained. In the meantime, the package
includes relatively recent pre-downloaded lists that can be used to test the initial FCM setup.

4.1.3. Import the Lists

The next step is to import the Public Lists. The import command tool will read the XML files from the
Sanction_Lists sub-folder and load the data into a staging area in the database. The staging area
is a set of DB tables containing the raw sanctions list entries resulting from the import.

18
Run the list specific import <FCM_ROOT>/engines/watch-cli/bin/watch-import-<LIST>.sh:
- EU: watch-import-EU.sh;
- OFAC: watch-import-OFAC.sh;
- UN: watch-import-UN.sh.

The import traces are logged into a log file in the /logs subfolder. The name tag of the log is always
mentioned during the execution of the process. Review the log for each source list to determine
successful completion of the import job:

4.1.4. Run the Auto-Acceptance

The auto-acceptance is a built in process that retrieves the sanctions entries already imported in the
database staging area, and processes the information to make it available in the FCM suite. The
sanctioned entries are validated and enabled in batch mode in a process designated as auto-
acceptance. This avoids the need to manually accept each imported entry on the User Interface.
Run the auto-acceptance <FCM_ROOT>/engines/watch-cli/bin/watch-autoaccept.sh

Similar to the imports, traces from the auto-acceptance are logged in the /logs subfolder. Review
the corresponding log to verify if the auto-acceptance job is successful.

Note: The first auto-acceptance can be a time consuming job depending on the numbers of imported
entries, the hardware resources available and the database latency. This may not be noticeable when
loading the Public Sanction Lists, but can become an issue with subscription lists that contain
hundreds of thousands of entries such as Dow Jones and World Check. Contact FCM Support if you
plan to load extensive lists.

19
4.1.5. Review the Lists

Review the lists to ensure they are correctly loaded into the system. Access the FCM User Interface,
and navigate to Watch List Manager -> List Management. Alternatively, type in the URL that
redirects to the Watch List Manager Dashboard: http://localhost:8080/vrisk/vwatch.

The Watch List Manager Dashboard displays the Public Lists, and the number of entries loaded from
each list. By clicking on one of the lists, you can have an overview of the sanctions persons and
entities included in the list. The Green Flag on each entry denotes that it is a valid active sanctioned
entry.

Note: In Batch Management is possible to review the status of the latest import and auto-
acceptance.

20
4.1.6. Export the Sanctions Lists

The last step in the Watch Lists batch processing is to export the sanctions information loaded in the
FCM database to an external file called giexp.tab. This file will later be used by the Screening
Engine. The export of the giexp.tab file is an integral part of the watch lists initial load and regular
update cycles.
Run the watch export on a command window to allow passing parameters into the job:

<FCM_ROOT>/engines/watch-cli/bin/watch-ingissa-export.sh --export-permutations

The process is similar to the import and auto-acceptance jobs with traces logged in the /logs
subfolder. Review the log and inspect the giexp.tab file generated in the
<FCM_ROOT>/engines/watch-cli/bin folder.

The bottom of the log file is expected to display a final count:

The giexp.dat is expected to have a date/time tag that matches the time the export finished:

The watch-export final status can also be consulted on the FCM User Interface:

21
4.2. The Screening Engine

The screening engine is the pivotal component of the online sanctions screening. It receives
transactions or customer messages from the core banking system, matches the message content
against the sanctions lists, and sends a HIT or NO HIT response back to the originator.
The native data file giexp.dat contains all the information in the sanctions lists. The screening
engine begins by loading the file and indexing the sanctions data into system memory. After the start
up sequence, the engine is available to receive screening requests on a designated TCP/IP port. It
does not communicate directly with the FCM database. Consequently, it does not depend on the DB
availability to operate.

4.2.1. Providing Screening Redundancy

The FCM package provided is pre-configured to launch two instances of the screening engine. This
provides a degree of redundancy, allowing one of the engines to handle the screening requests if the
other one is unavailable. The aim is to avoid downtime and stalled core banking operations.
For instance, when the giexp.dat is updated, the screening engine needs to be restarted to load
the latest data. During the start-up sequence, the engine cannot receive requests. Meanwhile, the
second engine instance can continue processing screening requests and avoid a service interruption.

4.2.2. Setting up the Screening Engine

The screening engine module is located in <FCM_Root>/engines/Vscan09_model2. Each

instance of the screening engine listens on a separate TCP/IP port. By default the primary engine
uses port 5123 and the fall-back instance 5124. Check if these ports are suitable for the target
environment. If not, they can be modified by editing 09vscsrv_model2_5123.sh and
09vscsrv_model2_5124.sh.
Note: The primary and fall-back screening engine instances can run on the same host or on separate
hosts for additional hardware redundancy.
Make sure the systems where the screening engines are running accept connections from the
external applications on the assigned ports. Any existing firewall must allow incoming connections on
these ports from the core banking system (T24) and the FCM user interface.
The screening engines retrieve configuration and sanctions data from <FCM_Root>/engines/data.
Copy the giexp.dat generated during the watch-export of the sanctions lists to:

copy /y <FCM_ROOT>/engines/watch-cli/bin/giexp.tab <FCM_Root>/engines/data/

4.2.3. Starting the Screening Engines

The screening engine instances can be started by running 09vscsrv_model2_5123.sh and

09vscsrv_model2_5124.sh located in <FCM_Root>/engines/Vscan09_model2. Once the
engine is started and is ready to receive incoming requests, the Start listening information is
displayed. The engines can be stopped by closing the command window.

22
4.2.4. Making the Application Servers aware of the Screening Engine
The database contains the information that allows the FCM and T24 application servers to identify
where the engines are running. It is essential to review and update this information with the correct
settings. On the DB server, used a database querying tool; select the FCM database, then run:

Select * from MODEL2.ING_PREFERENCE

Locate the following KEY_VALUEs and replace the default RAW_VALUE fields with the appropriate
information:

SCREENING ENGINE PARAMETERS IN THE FCM DB

KEY_VALUE RAW_VALUE

The IP Address of the server

/com/temenos/ingissa/alert/management/scan/host where the primary screening
engine instance is running

The TCP/IP port where the

/com/temenos/ingissa/alert/management/scan/port primary screening engine
accepts incoming connections

The IP Address of the server

/com/temenos/ingissa/alert/management/scan/host_fallback where the fallback screening
engine instance is running

The TCP/IP port where the

/com/temenos/ingissa/alert/management/scan/port fallback screening engine
accepts incoming connections

E.g.: How should look the ING_PREFERENCE table:

23
4.2.5. Testing Screening Works

The simplest and most effective way of verifying that the engine is screening messages against the
Public Sanction Lists is to make a few test cases with the Web Inquiry Tool.

Access the FCM User Interface and navigate to Web Inquiry. Alternatively, type in the URL that
redirects to the Web Inquiry Tool: http://localhost:8080/vrisk/web-inquiry/.

In Web Inquiry, select a mandator (ALL) and insert a known sanctioned person or entity.

The result should be a hit. Review the hit to confirm that there is a match between the typed name
and the sanctioned entry.

At this point you can check that the screening engine has received a connection from the FCM
application server
Back on the Web Inquiry Screen do a second control test by inserting a known name that is not in the
Public Sanction Lists.

24
The result from the Screening Engine is a NO HIT, which is the expected response. These basic tests
confirm that the Screening Module is correctly setup and functioning properly.
Note: If you receive a Connection Timed Out or Connect Refused error, then the application server
that supports the user interface is failing to reach the screening error. Revise the setup steps
described in the previous sections to determine the point of the failure.

4.3. The CIF Loader

The CIF Loader imports the customer records into the FCM database while simultaneously screening
the customer file for interdict entries. The CIF Loader is available in
<FCM_ROOT>/engine/cif_loader folder.

To configure and test the CIF loader:

a. Set up the database configuration in jdbc.properties file that is located in

cif_loader/config folder.

By default, it is setup as follows:

connection.url=jdbc:oracle:thin://localhost:1521/FCMDB
connection.username=model2
connection.password=ABCdef01_
connection.driver_class= oracle.jdbc.OracleDriver

25
 Where:

DB CONNECTION PARAMETERS:

localhost Replace with the IP Address of the database

server

1521 The TCP port where the DB instance accepts

incoming connections

FCMDB The name of the FCM Database

model2 The username to login to the FCM database

ABCdef01 The login password

Note: The default settings must be replaced by the values matching the target database.

b. Validate the CIF Loader

The package is delivered with a sample configuration that allows the import and screening of a
sample customer file T24.csv located in <FCM_ROOT>/engines/cif_loader/bin folder.

To process the customer file, run the following script:

<FCM_ROOT>/engines/cif_loader/./cif-import.sh GB0010001 -f $PWD/T24.csv -from 2

The first line of the sample file contains the column names and should be discarded when
reading into FCM (-from 2 option). The import should display traces ending with the following
or similar:

12438 [main] INFO com.viveo.cif.load.LoadingManager - Program has

processed 379
record(s) in 4 s
12439 [main] INFO com.viveo.cif.load.CifLoader - Process ended without
error

To complete the application validation, run the following command to rescan the customer
records already loaded into FCM:

<FCM_ROOT>/engines/cif_loader/cif-scan.sh GB0010001

This should display traces ending with the following or similar:

36026 [main] INFO com.viveo.cif.scan.CifScanManager - Program has

processed 451 records in 2
36053 [main] INFO com.viveo.cif.scan.CifDbScanner - Process ended
without error

26
5. Setting up Profile

This section describes the steps that need to be done for using Profile.

5.1. Installing the Profile Engine

The Profile Engine loads the transactions and accounts files for Profile, and is available in
<FCM_ROOT>engines/profile-cli folder.

To configure and test the Profile Engine:

a. Set up the database configuration in jdbc.properties file that is located in

<FCM_ROOT>engines/profile-cli/config.

By default, it is setup as follows:

connection.url= jdbc:oracle:thin:@localhost:1521:FCMDB
connection.username=model2
connection.password=ABCdef01
connection.driver_class= oracle.jdbc.OracleDriver
hibernate.dialect= org.hibernate.dialect.Oracle10gDialect

Where:
DB CONNECTION PARAMETERS:

localhost Replace with the IP Address of the database

server

1521 The TCP port where the DB instance accepts

incoming connections

FCMDB The name of the FCM Database

model2 The username to login to the FCM database

ABCdef01 The login password

Note: The default settings must be replaced by the values matching the database setup.

b. Set up the preferences

Profile engine preferences can be defined in:

<FCM_ROOT>engines/profile-cli/config/profiling.properties
You can set up:
profiling.preprocess.operationsStrategy=SINGLE_HOLDER

The possible values are:

1. ALL = All the FT transactions between accounts of the same customer are discarded.

27
 2. SINGLE_HOLDER = Discards only FT transactions between accounts where the
customer is the single holder.

5.2. Running the Accounts Loader

The Accounts Loader imports into the FCM database, the customer account information necessary for
Profile. To load the customer accounts, run the provided script:<FCM_ROOT>engines/profile-
cli/bin/accounts_loader.sh providing as a parameter the name of the input file containing the
accounts records.

The package is delivered with a sample configuration that allows importing a sample accounts file.
Import the sample file by running the loader from the <FCM_ROOT>/engines/profile-cli/bin
folder:
accounts_loader.sh T24_account_delimited.csv

Validate the process by reviewing the log file in the <FCM_ROOT>/engines/profile-cli/logs

folder.

5.3. Running the Transactions Loader

The Transactions Loader imports into the FCM database, the individual transactions processed by
Profile to calculate the aggregated customers profiling information. The transactions are loaded by
calling <FCM_ROOT>engines/profile-cli/bin/transactions_loader.sh, giving as a
parameter the name of the input file containing the transactions.

The package is delivered with a sample configuration that allows importing a sample transactions file.
Import the sample file by running the loader from the <FCM_ROOT>/engines/profile-cli/bin
folder:
transactions_loader.sh T24_transaction_delimited.csv

Validate the import by reviewing the log file in the <FCM_ROOT>/engines/profile-cli/logs

folder.

28
6. FCM Basic User Management

The FCM suite includes a security layer at the operational level managed by the JBoss which includes
the user authentication. In addition, the user access rights are defined at the functional level in the
Security Module of the FCM Suite.

6.1. Default Users and Roles

The FCM package is pre-configured with a set of default users and roles aimed at allowing the
immediate testing of the application after the initial deployment. The default users can be viewed in
the JBoss configuration file:
<FCM_ROOT>/JBoss/standalone/configuration/application-users.properties

To improve security, the user passwords in application-users.properties are not displayed in

clear-text. All the default users have been set with the same password Temenos1!.

The roles at operational level are defined in:

<FCM_ROOT>/JBoss/standalone/configuration/application-roles.properties
The possible roles are:
Ingissa-User: access to the FCM User Interface
Ingissa-Scan: reserved for the vscan built-in screening user, not to be assigned to end
users.

29
6.2. User Management at Operations Level

a) Add a user:

To create a new user at the operations level (Jboss), run the add-user tool provided in
<FCM_ROOT>JBoss/bin/add-user.sh. Follow the prompts, define the user as an application
type user, provide the username and the password, and assign the Ingissa-User role:

bash-4.2$ /home/amltest/FCM/JBoss/bin/add-user.sh

What type of user do you wish to add?

a) Management User (mgmt-users.properties)
b) Application User (application-users.properties)
(a): b

Enter the details of the new user to add.

Using realm 'ApplicationRealm' as discovered from the existing property files.
Username : admin3
Password requirements are listed below. To modify these restrictions edit the add-
user.properties configuration file.
- The password must not be one of the following restricted values {root, admin,
administrator}
- The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1
non-alphanumeric symbol(s)
- The password must be different from the username
Password :
Re-enter Password :
What groups do you want this user to belong to? (Please enter a comma separated list, or leave
blank for none)[ ]: Ingissa-User
About to add user 'admin3' for realm 'ApplicationRealm'
Is this correct yes/no? yes
Added user 'admin3' to file '/home/amltest/FCM/JBoss/standalone/configuration/application-
users.properties'
Added user 'admin3' with groups Ingissa-User to file
'/home/amltest/FCM/JBoss/standalone/configuration/application-roles.properties'
Is this new user going to be used for one AS process to connect to another AS process?
e.g. for a slave host controller connecting to the master or for a Remoting connection for
server to server EJB calls.
yes/no? no
-bash-4.2$

Verify the user has been added to application-users.properties and application-

roles.properties in <FCM_ROOT>/JBoss/standalone/configuration:

application-users.properties:

application-roles.properties:

30
b) Modify the password of an existing user:

To modify an existing user run the add-user tool provided in <FCM_ROOT>JBoss/bin/add-

user.sh. The system will detect an already existing username and prompt to change the password
or roles.
Username : admin3
User 'admin3' already exits, would you like to update the existing user password and roles
Is this correct yes/no? yes
Password requirements are listed below. To modify these restrictions edit the add-
user.properties configuration file.
- The password must not be one of the following restricted values {root, admin,
administrator}
- The password must contain at least 8 characters, 1 alphabetic character(s), 1 digit(s), 1
non-alphanumeric symbol(s)
- The password must be different from the username
Password :
Re-enter Password :

c) Delete a user:

To delete or revoke a user, either remove or comment the line with the username and password in
<FCM_ROOT>/JBoss/standalone/configuration/application-users.properties.

Remove or comment the line with the corresponding username in roles.properties.

6.3. Functional access to the FCM modules

Login to the FCM user interface with a user who has full access to the Security Module. Follow the
menus into Security, and then Manage User. Alternatively, access the user management directly on:

http://localhost:9180/vrisk/security/app/manage-users

31
The following default profiles grant access to the mentioned modules:
Operations (Alerts and Sanctions Lists):
Review of Screen and Profile Alerts, Web Inquiry, Watch Lists Management,
Screen Reports.

Support (Functional Support)

Workflow Rules Management, Profile Rules Editor and Reports, KC+, Security
Admin

SuperUser: All the above

If adding a new user, press Create User and type an exact case sensitive match of the username
added previously to application-user.properties. Assign an appropriate profile and save the
user.

If revoking a user, select the username from the access list and press Delete.
If modifying a username, remove the existing username and add the new username with the same
profile.
Verify that each of the active users listed in application-user.properties (except vscan) is
assigned to one of the profiles.

32
7. Troubleshooting

33