5th February 2020
Sanctions Screening Best Practices
Sanctions screening is integral to AML/CFT regulation around the world and vital in the fight against money laundering and terrorism. Sanctions breaches constitute serious offenses and can result in heavy penalty fines: accordingly, banks and financial institutions must check customers against relevant sanctions lists as efficiently and accurately as possible. However, since those lists change constantly, ensuring screening processes stay up to date and effective, and avoid inefficiencies and false positives, is an ongoing challenge for obligated firms.
Given the importance of sanctions and the potential cost of noncompliance, firms should be familiar with sanctions screening best practices to ensure their AML/CFT programs deliver the results they require…
The administrative effort required to perform sanctions checks means that financial institutions must rely on technology to screen lists efficiently and in compliance with the latest AML/CFT rules. To deliver that efficiency, firms should not only seek proven, stable screening software with modern features such as fuzzy logic matching, but also plan periodic benchmarking to identify any gaps in their process and to focus ongoing investment into the right areas.
It is also useful to implement sanctions technology that can scale with changing business needs. Firms should seek screening software that can handle an increased customer and transaction volume as their business grows.
Financial institutions obtain sanctions lists and associated data from numerous sources and often engage third-party services to do so on their behalf. Regardless of how that data is obtained, best practice dictates that firms should double-check the reliability of the sources used. Generally, the authorities that issue sanctions also host up-to-date sanctions lists online, such as the UN sanctions list, the OFAC sanctions list, HM Treasury sanctions list, and the EU consolidated sanctions list.
Even when obtained from reliable sources, many sanctions lists are issued in formats that can be altered or edited easily. Firms should double-check to verify the lists they are using and ensure they have not been modified.
Onboarding is a crucial part of both the Know Your Customer (KYC) process, and the sanctions screening process. Firms must be able to establish and verify the identities of their customers in order to understand the sanctions risk they present. In practice, this means implementing an effective customer due diligence (CDD) process at the start of the business relationship in order to collect a suitable amount of identifying information about a given customer, including their name, address, data of birth, and social security or tax number.
Since the targets of international sanctions often have similar sounding names or may be deliberately deceptive about their identities, the screening process should, where necessary, include an enhanced identification process. Enhanced due diligence measures involve a greater degree of scrutiny of a customer’s identity and, in some cases, mandate an investigatory process. In order to enrich a customer’s risk profile during onboarding, firms may seek to collect supplementary biometric information, such as voice print, fingerprint, and face scans that can be used to verify customers during future transactions.
One of the most challenging aspects of sanctions screening is the diversity of naming conventions across languages and cultures. That diversity manifests in a variety of ways, from missing vowels and contractions, to word order and the use of non-Latinate characters. In Arabic, for example, an individual’s second name is their father’s name, and 99 suffixes may be used to describe “God” following first names such as “Abdul” or “Ahmed”. Beyond cultural naming conventions, sanctions screening must also take into account the prevalent use of aliases and alternative names.
Accordingly, screening processes should be set up to accommodate the numerous naming conventions, protocols, formats, and aliases that might apply to individuals on a sanctions list. That consideration should be global in scope to account for the cultural diversity of a potential customer base.
Names on a sanctions list may be misidentified because of a lack of identifiable or distinguishing features, leaving the possibility for screening to deliver multiple hits or false positives. With that in mind, financial institutions need to be able to avoid misidentifying customers and should have a screening process capable of resolving duplicate results.
Practically, the screening process might start with a standard name search. In the case of a potential misidentification or duplicate, the next stage of the check should move onto another unique identifying feature, such as a passport number. If that information is not available, firms should move on to manual checks or even seek third-party assistance to ensure customers are correctly identified.
Technology and automation are fundamental to sanctions screening, but human expertise and analysis also play an important role. Beyond training employees to implement technology and navigate sanctions lists effectively, the screening process often generates ambiguities that can only be resolved by informed human judgment.
With that in mind, financial institutions should make the recruitment and training of capable human compliance teams a priority. Similarly, financial institutions should establish a regular schedule of sanctions training updates to ensure their employees’ specific compliance expertise remains relevant and effective.