December 5, 2016
By Santosh Talada*
The increased complexity of sanctions coupled with an ever-increasing number of blacklisted entities has made it hard for financial institutions and corporations to keep track of and monitor clients and partners. Even when using automated watch list filtering tools to catch transactions and business dealings with sanctioned entities, costly mistakes can be made as enforcement actions have shown.
Since 2003, financial institutions, corporations and individuals have received fines and paid settlements totaling in the billions of dollars for violating US economic sanctions. Some of these cases, mostly against European banking giants, were egregious, and involved so-called “stripping”. This is a practice by which wire transfer information such as customer names, bank names, vessels and addresses, are intentionally removed in order to hide the true – sanctioned- identity of the sender or recipient, and bypass watch list screening filters that otherwise would have triggered an alert.
Yet, unlike the “stripping cases”, in some other instances, the filters were not manually tricked, but failed to catch illicit transactions because of technical flaws.
National Bank of Pakistan case ups the ante
In June 2015, the National Bank of Pakistan paid a $28,800 penalty to US Treasury for apparent violations of US sanctions programs.
In this case, the prohibited transactions were mistakenly processed due to a software failure. Violations of sanctions laws were enforced so strictly that the institution was punished anyway.
The US Treasury Department’s Office of Foreign Assets Control (OFAC) stated that the New York branch of the bank processed wire transfers totaling $55,952 for the sanctioned Kyrgyzstan airline, Kyrgyz Trans Avia. OFAC blacklisted Kyrgyz Trans Avia in 2013 after authorities alleged the airline helped Iran acquire aircraft which may have been used to deliver weapons for the war in Syria.
The bank’s sanction screening tool failed to detect the name of the account name “LC Air company Kyrgyztransavia” as belonging to Kyrgyz Trans Avia account, OFAC said.
What is watch list screening?
Many governments as well as international organizations and regulators maintain lists of persons and entities subject to sanctions or those suspected of weapons proliferation, terrorism, drug trafficking, or money laundering, with whom all or certain transactions may be prohibited.
These targeted sanction lists are often referred to as “restricted party lists”, “designated persons lists”, or “watch lists.”
Automated screening
Watch list screening technology enables the user to vet new and existing business partners against these lists in order to facilitate compliance with sanctions laws, thus mitigating potential reputational risks associated with doing business with prohibited entities.
Watch list screening is an ongoing process starting with so-called “client on-boarding”, or the stage at which client information is gathered, and runs throughout the duration of the client’s relations with a financial institution on a periodic basis and categorizes the client by risk rating/type of customer.
Some of the well-known screening applications/service providers are Norkom, Oracle Watch List Screening (OWS), and Electronic Verification System(EVS) watch list screening solutions.
Similar to watch list screening applications, some companies offer watch list databases which include “do not touch” lists, plus Politically Exposed Persons (PEP’s), and other high risk individuals and organizations throughout the world. Providers of these databases include World Check by Thomson Reuters, and Regulatory Data Corp, just to name a few.
In the following paragraphs, the World Check database is used as an example in order to illustrate the screening process and facilitate understanding of below mentioned techniques at each stage of the client-business relationship.
Watch list screening for new clients
When a New to Bank (NTB) client’s name is screened against the World Check Database, all the potential and partial matches will trigger the profile and the watch person list. When a certain watch list is triggered, the client’s profile should be screened against that list and, in the event of a potential match, more due diligence should be performed. This exposes potential risk to the institution, and whether or not the company should on board the client.
Let us consider a client named “David John” who is being on boarded. Before on boarding any new client, a process called ‘name screening’ is performed. This involves comparing the NTB client’s details against the total list of profiles available in the World Check database.
Example: There are 2,800 profiles available in the World Check Database, so the system compares the NTB client name David John “ against those 2,800 profiles and creates a list of full and partial name match profiles. Partial matches would include names such as: “John Malcolm David”, “John David Maurice”, “David Richard”, “John Wresley”, “David Partners LLC”, and “John Right Ltd”. This list is called a Watch Person List”.
If the client is a company, the same mechanism is performed by the system and will trigger all partial and full name match profiles.
While performing this task, the following information also needs to be verified: Tax Identification No, place of active business operations, nature of business, date of incorporation, as well as whether the company is dissolved or in an active state.
If a potential match is found, and there is no chance of mitigating the apparent risk after doing an internet search, then the client’s profile would be considered a potential risk to the institution.
‘Periodic’ screening
Once a new client or partner successfully completes the client on-boarding the client is also screened on a periodic basis.
Periodic screening, or how often a client is re-screened, depends upon the type of customer as well as the risk rating of the client, which can be either low, medium or high risk for anti-money laundering or other financial crime risks. Risk ratings are subjective, and can vary from institution to institution, industry to industry.
In addition, financial institutions and companies have their own reasons for periodic screening depending on regulatory requirements, the group’s policies and procedures, their country’s political regime and various other factors.
Reverse, forward and event driven screening
Generally speaking, periodic screening can be categorized into three unique types: Reverse screening, forward screening and event-driven screening.
Reverse screening: Screening is done by comparing an institution’s database (i.e. list of client details) against the World Check database. Applications like Norkom or OWS trigger an alert in the event of a partial or potential match.
Example: An institution has 400 client profiles and the World Check database has 2,800 profiles. In reverse screening, the system compares the institution’s 400 profiles against the World Check database list of 2,800 profiles and trigger alerts in the event of any partial or potential match.
Forward screening: The opposite of reverse screening. Screening is done by comparing the watch list database against an institution’s database, which triggers any potential or partial matches.
Example: the system compares the World Check Database’s 2,800 profiles against the institution’s list of 400 profiles and triggers an alert in the event of potential or partial match.
Forward screening takes place if there is any change in the Bank’s customer name, nationality (dual citizenship) or any alias name added. The changed name would be compared against the names listed in world check. If system identifies any potential or partial name match, then an alert would be triggered.
Similarly in reverse screening, if there is any name change, nationality (Dual Citizenship) or any alias name added to the any of the person in World Check database, it runs against the Bank’s customers database list and system triggers an alert in the event of potential or partial name match. Either way, the results will be same in the form of alerts. In order to mitigate risk, the bank needs to identify whether it is conducting business with a risky client.
Event driven screening: A review is triggered by an event. The institution should clearly define moments and signs that will prompt the screening. This includes a change of address, a change of industry classification in the Chamber of Commerce, or a suspicious or unusual activity picked up by transaction monitoring tools, such as potential money laundering, terrorist activities, corruption, fraud or negative news.
Working on an alert
Once a profile is ‘triggered’, it is compared against the information on the watch person list to determine whether it is a real or false match. A financial institution may, for example, require two static evidences, or client identification information such as date/place of birth or nationality, in order to discount the alert and close it as a “false match”.
Let us consider the profile of David John (a bank’s client)
DOB is 14 April 1960, Place of Birth: New York
Nationality: USA, Occupation: Entrepreneur
Watch list person details are follows:
Watch list person 1: “John Malcolm David”
DOB is 27 July 1954, Place of Birth: Unknown
Nationality: German, Occupation: Lawyer
Watch list person 2: “John David Maurice”
DOB: Unknown, Place of Birth : New York
Nationality: USA, Occupation : Unknown
Watch list person 3: “David Richard”
DOB is 30 August 1984, Place of Birth: Ontario
Nationality: Canadian, Occupation: Mayor
When ones compares the client’s profile against the watch list, it is evident that watch list person 1 and watch list person 3 are a “False Match” as their date/place of birth, nationalities do not match.
For Watch Person 2, however, there are no immediate indicators to confirm the profile is a “false match”. As both nationality and place of birth match the client’s, this would be considered a “potential match”, and, as such, the alert would have to be escalated for further investigation.
Web searches and further steps
Most often, in the next level of investigation, a web search of escalated alerts can be performed in order to further assess the level of risk. It is important to document this review with, for example, screenshots of websites that have been used as part of the investigation in order to discount the alert as a “false match” or, alternatively, to report it as a “potential match”.
In case of potential match, relevant procedures should be followed to exit, block or report the customer or to retain basing on organization’s policies and procedures and adhering to both local and international laws and regulations.
New York rule
Watch list screening tools and protocols have recently received close attention from regulators. The Department of Financial Services, a New York regulator, issued a new rule in June, that expanded the responsibility of New York State banks to detect money laundering, and terrorist financing.
The rule clarifies that banks must regularly test their “watch list filtering program,” as some banks previously failed to update data and verify its effectiveness.
Examples of deficiencies in the screening process, include:
- Insufficient capacity to assess alerts;
- Filtering criteria that are too loose, generating too many “false positives”;
- Filtering criteria that are too strict, potentially missing real hits (false negatives);
- Closing alerts without proper investigation due to back log;
- Excluding certain transactions from the filtering process without first assessing the risk this poses;
- The company has no access to older alerts that have already been investigated or closed;
- Watch list filtering is not carried out frequently and not clearly scheduled;
- Persons and entities on the suppression list are not screened periodically or when changes are made to the lists;
- No up-to-date sanctions lists are used.
The new rule takes effect January 1, 2017.
The benefits of watch list screening
The main benefits of using a watch list screening process to vet new clients and partners are:
- mitigating the institution’s financial crime and sanctions risk;
- knowing with whom the institution is actually conducting business; and
- ensuring that the institution is complying with both local and international laws and regulations.
Avoiding these mandates could lead to an institution failing to the meet the requirements set forth by national and international laws and regulations, ultimately facing potentially costly fines, reputational harm, or a number of legal repercussions.
*Santosh Talada is a Certified Anti-Money Laundering Specialist, and works at a fi