By Frank Cummings, CEO
Our recent blog article about the importance of integrating sanctions screening with Customer Due Diligence (CDD – KYC) generated a lot of interest—and it also generated a lot of questions. Compliance professionals asked us how to screen both well and compliantly—but without being buried in time-stealing, mind-numbing false positives.
There are two keys to make sanctions screening easy and effective: Know how to screen and what to screen.
First, know how to screen: Institute a risk-based approach to your sanctions screening, and then employ the right software tools to implement that approach. For example, to avoid the ineffective data avalanche of the catch-all approach, select automated name-matching algorithms that correlate to your geographic risk.
Here is what you do NOT want to happen: If you run the standard Soundex algorithm against a correspondent bank in South America, you would be dealing with 1,200 to 1,400 false positives on every screening. And that would multiply by the number of screened names. You could end up with 5,000 or 10,000 false positives a day—if not more—all of which have to be researched. This creates a huge cost in time, person hours, and overall energy for good compliance.
We recently had a customer who was buried in thousands and thousands of false positives because of the geographically inappropriate use of the Soundex algorithm. We showed them that by using Levenshtein Distance algorithm that was more appropriate to their geographic risk, their screening produced results that included the truly risky hits without all the false-positive ones. This meant that they found the true risk without burying themselves in unproductive processing of false positives.
So Soundex and Levenshtein Distance both have their place in a risk-based screening system, but other algorithms are essential, too. For example, AML Partners has developed proprietary name-matching algorithms to mitigate the risk of intentional attempts to work around screening detection. For instance, we created and integrated proprietary tools to remove the ability of operations personnel to insert special characters, or wrap a word around, or concatenate a word. This risk-based extension of existing practices creates better practices that help eliminate the problem of risky hits getting lost in intentional or accidental ‘noise.’ This is another good example of embracing a smarter-technology risk-based approach rather than a work-intensive and less effective catch-all approach.
If you follow this type of model, you will have solved the issue of how to scan. The other half of the equation is what to scan.
Ultimate Beneficial Owners (UBOs) are a huge challenge for 21st Century compliance, and UBOs can only be determined if you collect all the owners of a company—and who owns them and who owns them and who owns them. Obviously, this cannot be a manila-folder manual process any longer due to the magnitude of the task and the high stakes involved with international sanctions lists.
The good news is there are reliable data providers who collect this information and who can sell it to you. And better yet, we designed our software to integrate that data with your CDD collection so that sanctions screening becomes an automated and integrated part of the CDD process. Using a tool like our SURETY-CDD®, you can automatically upload beneficial owner information, board of directors, and so on, and it will be screened automatically using a variety of name-matching algorithms.
Using this approach, you have solved both sides of the screening issue—how to screen and what to screen. And best of all in terms of effective compliance, your search results present the truly risky hits with minimal false positives. Furthermore, we designed our system so that you can lower these false positives more by whitelisting reoccurring hits that fall within your parameters of your screening. Again, you zero in on the REAL risk in your customer accounts.
In summary, then, sanctions screening may be made both easy and effective by using a risk-based approach, knowing both how and what to screen, and by using the right tools.
It’s ironic, really: For institutions using the default catch-all approach to sanctions screening, software automation makes life far more difficult than it needs to be—and with less effectiveness. In contrast, forward-thinking Compliance officers are smart about what tech solutions to choose and how to implement built-in automation—for example, you combine geographically based algorithms, i.e. no Soundex in South America, with effective and safe whitelisting. And the final piece of the puzzle is a good CDD – KYC collection of all related parties—to include the collection of Ultimate Beneficial Owners provided by a reliable data company.
In a nutshell, that is complex sanctions screening made easy. And, more importantly, effective.