In this article we discuss a framework for managing sanctions screening efficiency. Often, the process of improving efficiency is seen as a technical problem, but at every step, we see the critical importance that the role of policy and risk appetite play in this problem.
Training, Governance and Controls
Perhaps sometimes overlooked when addressing efficiency, appropriate training and effective governance and controls play a very significant role in achieving a cost-effective and risk-managed screening environment. The key components to this are:
Well defined policy
Understanding regulatory obligations and defining a detailed risk appetite is critical to both efficiency and risk management of sanctions. Implementing a risk-based approach can help to prioritize resources and focus on the areas of highest risk. Assessing the level of risk associated with different types of transactions, such as those involving high-risk jurisdictions or specific currencies is part of this.
Well trained team
Providing training to employees on the importance of sanctions compliance, how to identify high-risk transactions, and how to use the screening tools and software can help to ensure that the screening process is conducted efficiently and effectively.
Governance and controls
Continually adapting and improving by monitoring the performance of people, processes and technology and ensure that policy is maintained and execution is in line with risk-appetite.
Regularly reviewing and auditing the sanctions screening processes and procedures can help to identify and address any issues or gaps in compliance. This will help to ensure that the process is working as intended and that any necessary adjustments can be made in a timely manner.
List Selection
Name screening is a combinatorial problem and alerts grow rapidly with the size of the target list. Ensuring that the lists selected for screening are appropriate for the regulatory jurisdiction is an important step in reducing the number of alerts raised. It’s also the case that alerts raised against unnecessary profiles will by definition always be false positives.
List selection can be a more difficult process when using a list provider. Often profiles are connected in an attempt to provide a more holistic view of the data. This can result in additional non-sanction-related names being added and care should be taken to ensure that these are not part of the target set. Unfortunately, not all versions of the major list-vendors’ products are capable of making this distinction.
List Filtering
List filtering is the process of pre-emptively eliminating names from lists that will ultimately not result in interesting alerts. The most obvious example of this is to eliminate weak aliases. In one institution this was found to immediately reduce the alert rate by over 30%.
List filtering is a matter of risk appetite. There are common measures taken, but ultimately it is down to the institution to justify the removal of names from the sanctions lists. Some common examples are the removal of single word individual aliases and the removal of very short (e.g. three letter) company names.
Screening Configuration
Screening configuration refers to what type of data to screen in what field. A common example of this may be to not screen against vessel data in a beneficiary field. Where filters are capable of adopting a field-by-field approach to screening, it can be extremely valuable to help reduce the screening combinations and therefore the overall alert rate.
Whilst this is always a risk appetite decision, there are moves towards standardising some of these decisions, notably in the Payments Market Practice Group and Wolfsberg Group endorsed publication by SWIFT “Guiding principles for screening ISO20022 payments”.
Filter Settings
Many filters are equipped with numerous controls to enable screening behaviour to be refined. In the case of Fircosoft, there are tens of “algorithms” that can be enabled or disabled to change the behaviour of the filter covering such things as matching when first name is not present, the use of various synonyms, name order variations or whether to match ID data.
It is important to align the choices of parameter setting to a defined policy with a rationale for each setting.
Whitelisting
Whitelisting certain individuals or entities that are known to be low-risk can help to prevent unnecessary alerts from being generated. For example, an institution might choose to whitelist its existing customers or suppliers that have been screened and cleared in the past.
Whitelisting should be accompanied by a regular review process to maintain the list.
Suppression Rules
In addition to whitelisting, filters often provide capabilities to implement more complex suppression scenarios. The most sophisticated of these “business rules” allow the flexibility to supress an alert for a particular list entry based on the matched word and in which field the match occurs.
The cost of this flexibility is the burden of maintaining these rules. It is necessary to have periodic review processes in place that examine the ongoing relevancy, effectiveness and risk of these rules. In the worst case it is possible to unintentionally mask desirable alerts if care is not taken.
Auto-closure
Software to automatically review and close alerts based on predefined rules and criteria is becoming more popular. These systems will automatically close alerts that do not meet certain criteria such as a high risk level or a recent transaction history.
Typical rule based systems that effectively replicate script-based procedures that Level 1 alert handlers may follow can help reduce staffing requirements and eliminate mistakes. More increasingly, Machine Learning and/or Artificial Intelligence based systems have had some success in this area.
However, it is important to note that the auto-closure process should be subject to regular reviews and audits to ensure that it is working as intended. Applied too aggressively, it could result in the closure of alerts that require further investigations, which could lead to compliance breaches.
Conclusion
Maintaining a well-tuned filter is not just a matter of false positive reduction – there are significant risks involved in every configuration decision. Jointly assessing the impact to both effectiveness and efficiency of each choice and, above all, aligning these choices to policy and risk appetite is critical to success.
Deep Lake specialises in advanced analytical techniques and expert business knowledge to provide deeper insight into screening environments. Contact us to find out more about our products and services.
