What is payment screening? A complete guide

Despite being one of the most important lines of defense for financial institutions (FIs), many businesses struggle to balance effective security with ease of use during payment screening. To help mitigate these challenges, this article will look at:

• What payment screening entails.
• Why it can pose significant challenges.
• How technology can help.

What is payment screening?

Payment screening is the process of analyzing, verifying, and validating every incoming or outgoing transaction. Its purpose is to understand the risk of impropriety or criminal activity in any given payment. By screening payments, FIs can rapidly decide whether to escalate a potentially illicit transaction or allow a legitimate payment to go through.

This allows firms to remain compliant with anti-money laundering and counter-terrorist financing regulations (AML/CFTF) worldwide while protecting their customers and themselves from criminal attempts to siphon money or abuse payment rails. Because of this, FIs of all sizes must be able to screen every type of digital payment, from standard credit card transactions to faster payment schemes like FedNow and Instant SEPA credit.

The difference between payment screening, transaction monitoring, and transaction screening

Transaction monitoring refers to all the activities an FI undertakes to observe, record, and respond to customer interactions with its services. Transaction screening looks at individual transactions, such as payments, before they’ve been approved to stop especially high-risk activity. Payment screening is a facet of transaction screening, but it only deals with payments before they are processed. 

Each screening process involves similar steps but can vary based on the specific risk factors involved in the transactions being screened. 

Payment screening regulations

Payment screening is necessary because FIs worldwide are subject to many regulations and recommendations to tackle criminal activity like money laundering, terrorist financing, and fraud.

These regulations vary between jurisdictions, but they invariably require that firms demonstrate a capacity to monitor and screen payments. Prominent regulations include:

• The Second Payment Services Directive (PSD2) in the EU
  An integral European regulation established in 2018 for electronic payment services, PSD2 aims to improve the conditions for more consumer choice while simultaneously reducing fraud. The call for Strong Customer Authentication (SCA) is central to its directive.
  Notably, the UK remains aligned with the guidelines and recommendations in PSD2 to maintain steady relations with the EU.

• The Electronic Fund Transfer Act (EFTA) in the US
  Several federal agencies, including the Securities and Exchange Commission (SEC), Federal Deposit Insurance Corp (FDIC), Consumer Financial Protection Bureau (CFPB), the Federal Trade Commission (FTC), as well as state-run agencies, oversee the regulation of financial activity in the US.
  However, EFTA has played a central role in establishing the rights, responsibilities, and liabilities of consumers and those who offer payment services.

• The Payment Services Regulations 2017 (PSRs 2017) in the UK
  This primary legislation governing payment services in the UK aims to improve consumer protection and competition among FIs. It’s changed the requirements for client documentation, communicating with clients, and offering assistance to victims of fraud.
  In line with the EU’s calls for SCA, the Financial Conduct Authority (FCA) set out further rules for banks and payment service providers in 2021 that establish this requirement.

• Regulations on the supervision and administration of nonbank payment institutions in China
  Coming into effect on May 1, 2024, new regulations will bring modern digital payment providers under the scrutiny and rules of the Ministry of Justice and the People’s Bank of China (PBOC).
  The rules aim to strengthen user information protection and the general protection of users in light of the recent popularity of hundreds of new payment services and providers in the region.

Common risks associated with payments

Some common issues to look out for when processing payments include:

• Identity theft: This is when a criminal steals personal information and banking details to make purchases online, masquerading as an institution’s customer.
• Friendly fraud: This is when a customer uses their own card to make a purchase but then disputes the charge with the FI without a legitimate reason to do so.
• Authorized push fraud: This is when criminals coerce or manipulate victims into depositing money into their accounts through unscrupulous means.
• ‘Clean’ fraud: This is when a criminal uses customer credentials to make a purchase but then uses stolen payment information to evade fraud detection protocols. It’s particularly hard to detect.
• Money laundering: This is when a customer or criminal makes payments as part of a larger conspiracy to obfuscate the origin or destination of money in a bid to make that money seem legitimate.
• Terrorist financing: This is when a payment is made to a specific party for the purposes of financing terrorist activity while disguising itself as a more innocuous transaction.

The core elements of a payment screening process

An effective payment screening process involves coordinating several different components. These include:

• A clearly-defined risk-based approach (RBA): As is the case with all anti-money laundering and counter-terrorist financing (AML/CTF) efforts, firms need to translate their risk tolerance into clear policies and procedures. Both what needs to be done and the thresholds beyond which this might change need to be laid out in explicit detail.
• Clean, up-to-date, connected data: To ensure optimal screening decisions are being made at scale, businesses need the data informing those decisions – customer histories, third-party inputs, sanctions data – to be reliable. This is particularly essential when trying to automate the payment screening process but just as vital for escalations.
• Updated employee training: Whether they’re implementing automation in the screening process or handling exceptions when they arise, employees need to be routinely trained in the most relevant procedures, scenarios, and regulations. It’s equally important that this training is constantly updated and aligned with the firm’s risk-based approach.
• Intuitive, intelligent technology: Payment screening software needs to update as rapidly as data feeds do while still being intuitive enough to ensure compliance teams can manage cases at speed. This requires a combination of automation and interface design.
• Continuous auditing processes: To continue improving the payment screening process, firms need an independent function dedicated to auditing every aspect of it. The goal should be to identify weaknesses, suggest changes, and oversee the prompt implementation of these improvements.

How does the payment screening process work?

Once the initial payment message has been sent or received, the payment screening process begins. The diagram below details how ComplyAdvantage’s payment screening solution works, and the process can be broken down into five distinct stages.

Stage 1: Customer authentication and data verification

During the initial stage of a transaction, it is essential to gather all relevant data related to the payment message for validation. This includes the transaction amount, information about the sender and receiver, their respective locations, and any other essential details required for the payment to proceed smoothly.

Similarly, it’s important to verify the authenticity of the customer credentials to ensure that only legitimate transactions are processed. Therefore, both sets of data need to undergo a rigorous authentication process backed by robust technology and security protocols to minimize the risk of fraudulent activities.

Stage 2: Risk-based customer due diligence

Next, a risk assessment needs to be conducted to determine the probability of criminal activity based on the various degrees of customer due diligence outlined in the firm’s risk-based approach and how they apply to the specific customer in question.

This involves an evaluation based on the customer’s previous patterns of transacting, generalized patterns in historical data that indicate crime, the jurisdictions in question, and any other notable suspicions.

Stage 3: Sanctions, watchlist and PEP screening

Then, businesses need to scan sanctions lists, watchlists, and politically exposed person (PEP) lists (maintained by regulators worldwide) to identify potential matches with the sender, receiver, or related organizations.If the payment is legitimate, these initial checks should take only a few milliseconds. However, if there is any indication of illegitimacy, then the case must be escalated.

Stage 4: Escalation

If any of the preceding three stages raises a red flag that warrants further review, businesses will then escalate the payment in question to a dedicated team that specializes in conducting enhanced due diligence (EDD) processes. If this specialized team agrees that the payment is suspicious, it may be declined at this stage. However, after further review, the payment may be approved for processing.

Stage 5: Reporting

Finally, if a payment, sender, or receiver is flagged as suspicious, the firm needs to supply the corresponding documentation to the relevant authorities immediately.

More importantly, businesses also need to maintain regular and detailed records of all these stages regardless of the outcome of any investigation for auditability and collaboration with regulators.

The challenges of payment screening

Payment screening helps FIs overcome some serious risks. However, given the complexity of all the moving pieces involved in these procedures, it brings unique challenges, including:

• Speed: Through the lens of customer experience, the biggest challenge with payment screening is that it threatens the speed at which customers can get what they want. The value proposition for digital financial services is increasingly about convenience, so legitimate payments need to be validated in milliseconds.
• False positives: Operationally, one big challenge compliance teams face with payment screening is being swamped by false positives. Inadequate screening errs on the side of caution and stops even mildly suspicious transactions, but this overburdens the compliance team and severely hinders most customers’ experience.
• Staying up-to-date with sanctions lists: One of the biggest challenges for payment screening is to be able to continuously update watchlists, sanctions lists, and PEP lists from around the world. A fast screening process is ultimately no better if it’s unable to keep up to date with the latest developments in international crime.
• The complexity of the process: For the compliance teams escalating and reporting on cases, payment screening can create a convoluted workflow, given the number of moving parts involved. Professionals can quickly become tied in knots between disparate data feeds and applications for cases, relationships, and reporting.
• Maintaining auditability: At a regulatory level, payment screening presents firms with an additional challenge in terms of documentation. Ideally, every step is naturally recorded and made available for later review. But in reality, many firms struggle to provide the kind of transparency auditors need.

The importance of technology in payment screening

Given these challenges, firms must leverage advanced applications of technology like artificial intelligence (AI) and machine learning (ML) to automate and scale aspects of their payment screening processes. By automating fundamental steps like customer authentication and sanctions screening, firms can come closer to that necessary balance between speed and security.

Even when cases are escalated and need manual review, software can play an integral role in providing compliance teams with an intuitive workflow for rapidly managing anomalies.

Similarly, software can help teams document the necessary parts of each screening process so that they don’t have to undertake additional retrospective effort when reporting to regulators.

Payment screening with ComplyAdvantage

FIs of all sizes rely on ComplyAdvantage for intelligent, swift payment screening at scale. The platform uses a proprietary search matching algorithm to extract the full name and date of birth (if available) of the entity to be screened against an up-to-date and human-validated sanctions database. Firms can customize the payment screening platform to screen any entity, not just the counterparty, as long as a unique identifier is provided. 

Among the top benefits experienced by firms using Payment Screening by ComplyAdvantage include:

• The ability to process 99 percent of transactions in under half a second through the use of data-optimized screening algorithms, cloud technology, and integrated data and case management.
• Reduced false positives using risk-optimized matching algorithms, allowing compliance teams to focus on real threats.
• System-wide updates every hour based on market-leading data from human-validated sanctions lists, watchlists, and PEP lists, even during crises.