Pain Points of Transactions Screening Filters

20 April 2016, Bachir El Nakib (CAMS) Senior Consultant Compliance Alert LLC

The 24-hour news cycle can make it feel like crime and terrorism are a near-constant in today’s world. The funding for these activities often stems from sanction-defying transactions. These transactions pass through banks that lack the ability or the motivation to accurately screen for illicit transactions. Increasingly, governments are attempting to crack down on these payments – so lawmakers have been escalating pressure on banks to stop dangerous or sanctioned transactions that contribute to global crime.

Today, executives are now personally liable for any illicit transactions that slip through. Noncompliance to strict regulations can cost banks dearly – fines related to sanctions have cost US banks over $200 billion between 2008 and 2015.[i] In order to prevent crime and protect themselves from fines, banks need rigorous sanction-screening solution that will solve the following three pain points: 

  1. Ensuring compliance is difficult, due to the frequent change of regulations and high scrutiny by regulators
  2. Maintaining a balance of meticulous and rapid screenings is a challenge, especially without interrupting legitimate customer transactions
  3. Updating sanction lists is time-consuming and tricky, especially with an inflexible system

Ensuring Compliance is difficult

Intense regulatory scrutiny in response to terror funding and other sanctioned transactions has created immense challenges for banks. 20% of financial services have experienced enforcement actions by a regulator, and that number is likely to grow.[ii] Banks face massive fines, operational shutdowns and reputational risk, if they don’t check against regulations and ensure all informational gaps are filled before a transaction occurs. And banks are not the only ones that suffer if they do not comply – their customers are experiencing an impact from the compliance crackdown as well. A bank in Asia was ordered by regulators to completely cease operations due serious regulatory breaches and poor management oversight of bank operations.[iii] Customers expect compliance as a pre-requisite and sign of good governance to ensure that banks they are doing business with are not mixed up in criminal activities.

Maintaining a balance in rapid screening

Preventing funds from reaching sanctioned politically exposed persons (PEPs) and terrorists is difficult and comes at high operational cost for staff and IT, especially when it must be done without disrupting legitimate transactions. Inefficient screenings with high false positive rates can cripple customer relationships – holding up a large company’s payroll just once due to a false positive with an employee’s name could cause a bank to lose important businessOverly-cautious screen systems can actually flag customers who have the same name as someone on the watch list which might result in loss of customers if these names are treated as fraud.[iv]

Updating Screening Watchlists

Today, there are frequent changes to the multiple watch lists that banks need to screen against to ensure they are capturing all sanctioned entities. With growing numbers of sanction lists from numerous national, regional, and global organizations, this step becomes ever-more time-consuming. The number of entities on these lists increases with each update, as do aliases and spelling variations.

Quality of sanction lists has a direct impact on a filter’s detection capability. As lists become increasingly complicated and intertwined, they require a more sophisticated mix of screening methods and enhancement of the raw data to maintain high quality filtering. A flexible architecture and list handling system is needed to meet current standards and easily adapt to future requirements.

Addressing Transactions Screening Pain Points

Banks need a powerful screening tool in order to avoid illegal transactions, minimize disruptions of legitimate transactions, and keep up with rapidly changing watch lists.

To avoid fines without disrupting the customer experience, compare watch lists quickly while maintaining a low false positive rate. Screening solutions achieve this false positive rate by incorporating historical transaction data and trend analysis. Additionally, effective screens will be able to easily integrate with existing systems makes it so banks don’t have to significantly alter their current IT architecture to implement the solution and keep up with new requests. 

Are you really concerned how your sanctions filter working: the role and importance of strong sanctions controls cannot be underestimated. The challenge is multi-faceted: exploding data volumes; the constantly evolving sanctions landscape; differing customer, PEP and transaction screening requirements. 

Let us discuss strategies to provide you peace of mind about the implementation and operation of your sanctions filter. 

1. From regulators, Expectation is very high and till today Regulator is bit tolerant but tomorrow will not follow today as for as regulatory expectations are concerned. Now FIs really need to understand what Sanctions Filters are actually doing. So the black-box approach from vendors are no more valid, both FIs and vendors need to be open on their processes. So this is natural progression towards how well you understand requirements, how well you understand your data and how your resources are prepared & trained to use these filters.

2. It seems globally we are in same boat as for as quality standards for filtering settings are concerned. Additional pain we have in our side is you will find names of risk entities on sanction lists are embedded in our cities names, addresses, vessels and etc. So it becomes extremely difficult to deal with unstructured message filtering like SWIFT or private banking products.

3. In order to reach optimal settings for filtering, extensive testing, regression tests and model validations need to be done. Each cycle of data drops, make you learn lot of lessons related to:

- Good guys list (which of course need to be monitored strictly with expiration criteria. Rule of thumb here is "do not assume a good guy will remain good guy forever".

- False Positive ratio (you need here learning algorithms that can adopt themselves to predict exact or near false-positives). Tagging each false positive with some standards reason to later help in data mining such as volume of transactions during Christmas, Year End and seasonal transactions varies culture to culture globally.

- Segment the filtering criteria: Such as for USD traffic OFAC matters, for GBP/Euro EU list matters and UN sanctions are there for all currencies. Border areas to country requires stringent filtering settings compared to Center.

- Understand underlying mathematical model: Need to have grip on how underlying mathematical model is working. How it is treating misspellings, transpositions, initials, acronyms, synonyms, proximity.

- Noise words dictionary (like bank, the, international and etc)

For instance: SEP is short for September and it is also risk entity in OFAC, EGP is Egyptian currency and also risk entity in OFAC. These are just few rats flush out of the woodpile of OFAC but do not forget you are in the forest of sanctions and it is growing. Latest trend is Panama papers leak & Russia… Who knows next except tomorrow's breaking news. After going through multiple messages drops similar to one mentioned above, clients reach to optimal settings which depends also on external factors such as:

* Data Quality

Input that you are providing to Sanctions filters need to be went through quality assurance steps. If it is difficult to go through this data quality cycle then there should be rules in sanctions filters which can accommodate your data weakness and still provide you a reasonable score to start investigation.

* Good Case Management tool

Tool should be very much open to adapt to FIs workflow, provide comprehensive set of actions to make the investigation very much transparent in front of analysts.  It should couple with document managements, can integrate cases from other solutions such as AML, Fraud & KYC if there is need to raise suspicious cases to authorities. It should be integrated with:

* PEP feeds

BO (Beneficial Owner) feeds [to identify ultimate Beneficial Owner – How long will you live with the excuse that UBO does not belong to your FIs?

* Watch-list Management Interface

It is very crucial that how scanning algorithm deals with the risk entities found in different watch lists coming with different structures. Watch-list provider should also take one more step of quality assurance before publishing these Watch-lists.

Giving a sparse record with just two fields such as Last Name (Hassan) and then in Remarks field “Hassan is the son of Saddam Hussein's third wife and last time he was seen in Syria in 2006”. I believe such records will make sanctions filtering, a nightmare in the ME region.  As I mentioned earlier contents of Watch-lists are very crucial for designing an efficient compliance program for sanctions filtering. Clients are reluctant to perform quality assurance on Watch-lists since they believe; this exercise may tamper the Watch-lists in such a way that in some scenarios the credibility can be lost. To the some extent, Clients are correct.

Second there should be a global common structure in XML for Watch-lists. All publishers should follow this structure strictly. Definitely it will streamline the performance of sanctions filters.

* Compliance analyst head counts and training/awareness program

* Big data

If you have these sanctions filter at various points in your FIs like in real-time it is integrated with payments, in ad-hoc it is integrated with compliance, legal department, credit cards, loans, risk department and in batch-mode it is integrated with your customer repository. Now these Watch-lists are updating frequently (OFAC on average has update two times in a week), so today’s bad guy is not necessarily be bad guy tomorrow or vice versa. So need to archive results of sanctions filters in some format where you can extract interesting trends related to financial crimes.  Prepare golden data that you think that FIs will adopt future. Now point here is to validate whether your sanctions filter will work tomorrow for these upcoming changes.  We know these changes are structural and are being adopted from other products. So it will be easy for you to portray interesting sets of trends related to data, sanctions filter results and exposing weaknesses and opening a channel for your sanctions filter to learn

Sources:

[i] http://www.cnbc.com/2015/10/30/misbehaving-banks-have-now-paid-204b-in-fines.html
[ii] Global Economic Crime Survey, PwC, 2016
[iii] http://www.mas.gov.sg/News-and-Publications/Media-Releases/2016/MAS-directs-BSI-Bank-to-shut-down-in-Singapore.aspx
[iv] https://dealbook.nytimes.com/2014/06/15/bank-account-screening-tool-is-scrutinized-as-excessive/

Download File