Sanctions screening is integral to AML/CFT regulation around the world and vital in the fight against money laundering and terrorism. Sanctions breaches constitute serious offenses and can result in heavy penalty fines: accordingly, banks and financial institutions must check customers against relevant sanctions lists as efficiently and accurately as possible. However, since those lists change constantly, ensuring screening processes stay up to date and effective, and avoid inefficiencies and false positives, is an ongoing challenge for obligated firms.
Given the importance of sanctions and the potential cost of noncompliance, firms should be familiar with sanctions screening best practices to ensure their AML/CFT programs deliver the results they require…
The administrative effort required to perform sanctions checks means that financial institutions must rely on technology to screen lists efficiently and in compliance with the latest AML/CFT rules. To deliver that efficiency, firms should not only seek proven, stable screening software with modern features such as fuzzy logic matching, but also plan periodic benchmarking to identify any gaps in their process and to focus ongoing investment into the right areas.
It is also useful to implement sanctions technology that can scale with changing business needs. Firms should seek screening software that can handle an increased customer and transaction volume as their business grows.
Governments and international authorities issue, update, and withdraw sanctions on a regular basis. To stay up to date with the latest sanctions developments, firms should carefully monitor public announcements from the relevant authorities, periodically updating their internal versions of sanctions lists and adjusting their screening process to fulfill any new compliance requirements. For verification of any changes, firms should maintain a control list against which new sanctions updates can be checked.
Financial institutions obtain sanctions lists and associated data from numerous sources and often engage third-party services to do so on their behalf. Regardless of how that data is obtained, best practice dictates that firms should double-check the reliability of the sources used. Generally, the authorities that issue sanctions also host up-to-date sanctions lists online, such as the UN sanctions list, the OFAC sanctions list, HM Treasury sanctions list, and the EU consolidated sanctions list.
Even when obtained from reliable sources, many sanctions lists are issued in formats that can be altered or edited easily. Firms should double-check to verify the lists they are using and ensure they have not been modified.
Depending on the territories in which a firm operates, not all sanctions lists will be relevant to that firm’s AML/CFT obligations. Similarly, some sanctions are comprehensive, which means they are issued against countries, while others are selective, meaning that they are issued against entities or individuals. To improve sanction screening efficiency and better focus their AML/CFT programs, firms should build screening processes that factor in exactly which sanctions and screening requirements apply.
Onboarding is a crucial part of both the Know Your Customer (KYC) process, and the sanctions screening process. Firms must be able to establish and verify the identities of their customers in order to understand the sanctions risk they present. In practice, this means implementing an effective customer due diligence (CDD) process at the start of the business relationship in order to collect a suitable amount of identifying information about a given customer, including their name, address, data of birth, and social security or tax number.
Since the targets of international sanctions often have similar sounding names or may be deliberately deceptive about their identities, the screening process should, where necessary, include an enhanced identification process. Enhanced due diligence measures involve a greater degree of scrutiny of a customer’s identity and, in some cases, mandate an investigatory process. In order to enrich a customer’s risk profile during onboarding, firms may seek to collect supplementary biometric information, such as voice print, fingerprint, and face scans that can be used to verify customers during future transactions.
One of the most challenging aspects of sanctions screening is the diversity of naming conventions across languages and cultures. That diversity manifests in a variety of ways, from missing vowels and contractions, to word order and the use of non-Latinate characters. In Arabic, for example, an individual’s second name is their father’s name, and 99 suffixes may be used to describe “God” following first names such as “Abdul” or “Ahmed”. Beyond cultural naming conventions, sanctions screening must also take into account the prevalent use of aliases and alternative names.
Accordingly, screening processes should be set up to accommodate the numerous naming conventions, protocols, formats, and aliases that might apply to individuals on a sanctions list. That consideration should be global in scope to account for the cultural diversity of a potential customer base.
Names on a sanctions list may be misidentified because of a lack of identifiable or distinguishing features, leaving the possibility for screening to deliver multiple hits or false positives. With that in mind, financial institutions need to be able to avoid misidentifying customers and should have a screening process capable of resolving duplicate results.
Practically, the screening process might start with a standard name search. In the case of a potential misidentification or duplicate, the next stage of the check should move onto another unique identifying feature, such as a passport number. If that information is not available, firms should move on to manual checks or even seek third-party assistance to ensure customers are correctly identified.
Technology and automation are fundamental to sanctions screening, but human expertise and analysis also play an important role. Beyond training employees to implement technology and navigate sanctions lists effectively, the screening process often generates ambiguities that can only be resolved by informed human judgment.
With that in mind, financial institutions should make the recruitment and training of capable human compliance teams a priority. Similarly, financial institutions should establish a regular schedule of sanctions training updates to ensure their employees’ specific compliance expertise remains relevant and effective.
Sanctions screening can only be effective if the information a financial institution holds on its customers is relevant, accurate and accessible. Practically, this means that firms must perform the basics of customer due diligence well and ensure that the identifying data they collect on their customers is both sufficient and of the highest quality. Further to those fundamentals, firms should practice data enrichment: building out customer profiles with secondary identifiers to add certainty and avoid false positives.