How to improve the sanctions screening process in banking

Sanctions screening helps banks prevent sanctions violations by screening customers and their transactions for sanctions list matches. This allows them to remain compliant with international sanctions, avoid penalties, and help protect the national security of the countries in which they operate. Yet banks can face challenges in sanctions screening, from outdated sanctions lists to backlogged low-risk payments that could undermine faster payment services. 

These challenges can be addressed with solutions that access updated and reliable sanctions data and configure alerts based on differentiated risks. Read on to understand the complexity of sanctions screening in banking, its benefits and challenges, and three key improvement areas firms can focus on.

What is sanctions screening in banking?

The Sanctions screening process in banking compares customer and transaction data against organizations, goods, places, and people under government-issued sanctions or watchlists. They do this to ensure they don’t facilitate sanctions violations, which can result in fines and imprisonment. 

Banks often use transaction and customer screening tools for this purpose, which may be automated or manual. 

A sanctions screening program is essential to a bank’s broader financial crime risk management strategy. Without it, the bank risks heavy penalties. For example, US banks faced over $33 million in sanctions fines and settlements in 2023 alone – more than 18 times the figure for 2022. Between 2021 and September of 2023, sanctions violations cost individual banks an average of over $4 million.

To effectively comply with anti-money laundering (AML) in banking regulations, sanctions screening should be integrated throughout the entire customer journey as part of a comprehensive and ongoing customer due diligence (CDD) process.

Sanctions screening challenges for banks

Banks must comply with their country’s sanctions regulations, including guidance by the Office of Foreign Assets Control (OFAC) in the US and the Office of Financial Sanctions Implementation (OFSI) in the UK. When facilitating cross-border transactions, they are also subject to international sanctions requirements. 

Banks face five crucial challenges in implementing compliant and effective sanctions screening processes. 

1. Processing times for faster payments

Customers increasingly expect banks to offer faster payments. Yet their rapid nature poses challenges for banks, who must continue to screen transactions according to their risks and regulatory obligations.

The Faster Payments Council defines faster payments as a payment taking anywhere from a day to seconds or less to process. It also acknowledges definitions can be more stringent than this. For example, it points out that for the Committee on Payments and Market Infrastructures of the Bank of International Settlements, a faster payment should occur on as close to a 24/7 basis as possible.

Under either definition, banks offering faster payments are under constraints regarding which services can qualify for the term. Sanctions screening solutions that are not risk-based and tailored to unique risk levels can stop or delay so many low-risk payments that the service may not qualify as a faster payment. This means that for banks to be able to offer the service while remaining compliant, a careful review of risks, processes, and existing tools and personnel is crucial.

2. Overcompliance

Sanctions violations can result in hefty fines, so banks might assume that it’s safer to be as risk-averse as possible – for example:

• Blocking all transactions involving a sanctioned country even if they aren’t prohibited.
• Blocking a refugee’s transactions because they’re citizens of a sanctioned country.
• Refusing business to a sanctioned person, when the business relationship wouldn’t violate sanctions.

But this approach, sometimes referred to as overcompliance, can violate international law and human rights, impede diplomacy and humanitarian aid, and even drive illicit economies. UN Special Rapporteur Alena Douhan urges firms to ensure their sanctions compliance program does not exceed sanctions requirements and recommends taking actions to protect the human rights of those the sanctions might affect – including ensuring they maintain legal access to life necessities and humanitarian assistance. 

3. Screening with outdated data & tools

The US Department of the Treasury’s guide on complying with OFAC requirements lists sanctions screening software failure as one of 10 key reasons sanctions compliance programs fail. Reasons for these failures include:

• Outdated sanctions list data.
• Missing data, such as SWIFT business identifier codes (BIC) for sanctioned entities.
• Ineffective name matching that misses alternative spellings.

Effective sanctions screening depends on reliable sanctions data and effective fuzzy matching techniques, which catch close but not exact name variants.

4. Divergence among sanctioning bodies

Sanctioning bodies do not always apply economic designations consistently. This inconsistency can pose a challenge for banks as they strive to comply with regulations and avoid doing business with sanctioned entities. Following Russia’s invasion of Ukraine, for example, a raft of restrictive measures was placed on Russian individuals and companies, but there was divergence among sanctioning bodies concerning who should or shouldn’t be designated. To mitigate the risk of sanctions circumvention, banks need to ensure they’re screening against quality global sanctions data gathered straight from the source so updates to sanctions lists are not missed.

5. Ineffective transliteration capabilities 

Transliteration, the conversion of names and entities from one writing system to another, is pivotal in the context of sanctions screening. Banks deal with a myriad of international customers and entities, each with names presented in diverse scripts. The challenge arises when transliteration is not executed accurately, leading to discrepancies and potential oversights in the screening process.

Consider, for instance, a scenario where a sanctioned entity’s name is originally in a non-Latin script. If the transliteration process fails to accurately represent this name in the Latin alphabet, the screening software may overlook a potential match. This can result in a critical compliance gap, exposing the bank to unnecessary risks and regulatory scrutiny. The complexity deepens as various languages and dialects contribute to the variety of names encountered in banking transactions. Inconsistent transliteration practices across different regions and languages exacerbate the challenge, making it imperative for banks to address this issue comprehensively.

To overcome the transliteration challenge, banks are increasingly turning to advanced sanctions screening solutions equipped with robust transliteration capabilities. These solutions leverage sophisticated algorithms and linguistic expertise to accurately convert names between scripts, ensuring a harmonized and precise screening process.

Tips to improve the sanctions screening process in banking

While sanctions screening can present challenges, many of the most common ones can be addressed effectively. While each firm needs to consider its own unique business environment, five common areas of opportunities we see are: 

1. Review the calibration of screening parameters 

When screening isn’t calibrated to precise risks, firms are more likely to not only over-comply but also miss risks that would have been caught with targeted parameters. It’s therefore crucial for firms to work with subject matter experts to align their screening with precise risk indicators. This approach is more effective than casting a wide net by default.

For example, rather than indiscriminately screening any person or activity from a sanctioned country, the team could evaluate signs pointing to specific sanctions violations they’re at risk for. Are the customers they serve involved in high-risk sectors, such as semiconductors, dual-use goods, or pharmaceuticals? What jurisdictions do they typically serve? Setting parameters that could detect associations between multiple precise risk factors is more likely to catch relevant activity.

Similarly, evaluate whether the screening tool in question offers features like custom fuzzy matching. Fuzzy matching parameters allow firms to catch common name variations or deliberately changed name spellings when there’s a specific need to cast a wider net. (It’s not that wider nets are always unhelpful – they should just be used in a targeted, intentional manner).

2. Review and enhance data quality

Poor sanctions data not only undermines a risk-based approach and leads to inefficiencies, but also means firms can never be sure they are operating according to the most recent regulatory requirements. In our 2023 survey on the role of tech and talent in compliance, 47 percent of firms said they wanted to improve their sanctions and politically exposed persons (PEP) data in their transaction screening solutions. A third were frustrated with a lack of real-time sanctions updates. In our 2023 State of Financial Crime report, we saw that nearly a third of firms – 29 percent – were most focused on improving their sanctions compliance.

So what does this mean for firms? Those concerned about the quality of their sanctions data can examine their current solution with the following questions: 

• How up-to-date is the solution’s sanctions and risk data?
• What process is followed to ensure the solution’s data is up-to-date? 
• If its an ongoing process, how often is the data updated? How quickly does it become available? 
• Where is the data sourced from?

3. Assess solutions against the growing complexity of global sanctions

With the rising complexity of global compliance and sanctions data, legacy solutions can struggle to keep up. Firms using outdated solutions may find they don’t update key data in a timely manner, integrate efficiently with the rest of the compliance tech stack, or monitor risk effectively.

Newer tools can use advanced screening algorithms and make data updates multiple times per day. This can help teams process sanctions risks more effectively, streamline their workflows, and ensure the process interfaces well with the broader compliance function. 

Firms looking to improve or update their current tools can look for robust sanctions data access, flexibility in risk screening levels depending on the customer or transaction type, and automation of crucial components such as daily sanctions list updates.

4. Implement entity resolution technology

Integrating advanced entity resolution technology is pivotal for refining the sanctions screening process. This technology enhances the ability to accurately identify and link entities, reducing the risk of false positives or negatives. By consolidating multiple data points and recognizing relationships between entities, banks can streamline their screening efforts and elevate the overall effectiveness of their compliance measures.

5. Integrate real-time monitoring and alerts

To bolster sanctions screening, banks should embrace real-time monitoring and alert systems. Traditional batch processing may have its merits, but the financial landscape demands a more instantaneous response to potential risks. Real-time monitoring ensures that any suspicious activities or matches are promptly identified, allowing banks to take immediate action. The integration of robust alert systems enhances agility, enabling banks to stay ahead of evolving threats and maintain compliance in dynamic environments.

Overcome challenges with advanced sanctions screening solutions

With the rise of artificial intelligence, automation, and more powerful data processing, banks looking to align their sanctions screening tools with a risk-based approach have robust options. Solutions like ComplyAdvantage’s sanctions screening and monitoring offer advantages including:

• Configurable screening alerts: Compliance teams can account for name variants or misspellings and avoid missed sanctions violations using industry-leading screening algorithms and flexible fuzzy name matching.
• Flexible alert frequency for differentiated risk levels based on onboarding: Banks can follow a granular, risk-based approach to alerts, improving accuracy and reducing false positives.
• Automated source checks for sanctions list updates: These come straight from regulators and are checked for accuracy by human experts.
• Integrated workflows, from alert remediation to case management, using REST APIs. 

By integrating reliable data, streamlined workflows, and configurable screening technology, banks can take steps to improve sanctions compliance, cost-effectiveness, and holistic risk management for their companies. Along with regular EWRAs, these central components can ensure a risk-based approach while improving customer relations by supporting higher straight-through processing (STP) rates.