In the current geopolitical environment, global sanction programs are on the rise and the same is true of sanction penalties and fines. Sanction programs today are being used as a foreign policy tool. In the past 10 years, a total of $27 billion in fines has been imposed against financial institutions for non-compliance with AML, KYC and sanctions regulations. $11.52 billion was levied in 2015 alone making it the most punitive year for fines.
Today’s sanction screening applications use text comparison rules to flag suspicious transactions. Word-based search without any intelligence leads to a pile of false positives – transactions that look suspicious but are not. Based on our experience with multiple banks, about 98-99 % of alerts are false positives with only 1-2 % of alerts from real suspects requiring further investigations.
This mounting challenge of false positives is caused due to the lack of a unique identifier for the screening process. Typically, the matching is based on the name of the individual, company, vessel, and location. Names can be spelled or transliterated in different ways making this process more inefficient. Another challenge is that transaction messages (Payments and Trade) are not perfectly structured with objectively defined line-wise information. In a fuzzy matching process, the name of an individual can be misidentified and flagged for review against a place on the watch list. Amplifying this problem is the growing number of sanction activities, resulting watch lists, and their immediate compliance requirement.
In a large global bank, 100+ resources are employed to tackle these false positives. This manual process ends up delaying transactions causing customer dissatisfaction. False negatives are another concern that cannot be taken lightly as they may potentially lead to sanction violations. This problem is magnified for large banks with multi-currency customer transactions spread across the globe.
Banks today, are struggling to create a fine balance between the below mentioned conflicting stakeholder requirements:
- Pressing need for the banks to reduce TCO
- Group compliance & board’s mandate to ensure zero breach
- Regulatory expectation of enhanced compliance measures
- Growing customer need for immediate on demand services
Here is the recommended framework to tackle this challenge and to achieve an optimal result:
Test: Perform testing on sanction screening application and its configurations regularly to ensure right data is populated and screened, watch lists are regularly updated and fuzzy logic and suppression rules are working effectively. Ongoing testing and calibration of sanctions screening application is one of the best practices to ensure compliance.
Cleanse & Re-Configure: The banks should launch a project to analyze past data in order to identify patterns and to create rules and suppression logics. In our past experiences, we have seen a reduction of up to 50% of false positives through this approach.
Here are some recommendations to achieve optimal results:
- Adopt a risk-based transaction screening approach. The compliance officers should decide and configure the lists to match. Banks can configure screening at message field/type level to simplify it further. Also, applicable tolerance or severity can be configured differently based on categories of transactions. For example –SEPA transactions can have different levels of severity than SWIFT or trade transactions.
- “Good guys” list or whitelisting should be done based on historical patterns to bypass recurring false hits improving straight-through processing.
- Over screening is another area to focus on for efficiency gain. As long as the bank is confident of its customer screening controls, they need not screen their customers in payments (remitter or beneficiary). Transactions among bank’s affiliates (group banks) need not be screened at both ends (origination and destination).
Applicability of sanction regimes should be determined by the Compliance Office for configuration. Barring the US regime, which is extra-territorial, most of the sanction lists applicability is limited by factors like jurisdiction, citizenship, and currency.
Adopt Intelligence: To achieve Real-Time Sanction screening, banks should leverage cognitive solutions to complement the core transaction filtering application. Such solutions need to have a well-trained engine with Natural Language Processing & Named Entity Recognition capability to extract the information from varied payment message formats such as SWIFT, SEPA, ACH, CHAPS etc. Information should be extracted in a structured manner (names of companies, individuals, locations and vessels) to enable meaningful comparison with the sanctioned entities. The solution should leverage APIs, Web scraping, and RPA to collate external data points to aid in disambiguation. It should also possess self-learning capabilities to learn from historical data improving straight-through processing.
Compliance costs for the banks are substantial and growing as we navigate through shifting regulatory landscapes. The banks need to not only meet the rising sanctions compliance demands but also the ever-increasing expectations from the customers for real-time service without a rise in TCO. Defining the risk appetite and adopting a risk-based approach along with investments in intelligent and self-learning solutions will go a long way towards achieving real-time sanction screening.