Navigating the Pitfalls of Sanctions Screening

By Francesco Crocetto | 26 October 2015

The hefty penalties received by financial intermediary corporations (FICs), including HSBC, Standard Chartered, and PayPal, show that regulators pay close attention to the Anti-Money Laundering (AML) and Sanctions Compliance. In particular, the risks for FICs who fail to ensure an adequate sanctions screening process are high, in terms of penalties as well as damage to reputation.

In recent years, there has been an important evolution in sanctions screening tools. Financial intermediaries have gradually abandoned manual controls and first generation “black-box” tools because they were incapable of providing comprehensive monitoring and metrics. Additionally, these tools often showed large technological and functional gaps. Adhering to compliance programs, both domestic and international, presents a real challenge for brokers and suppliers. Despite improvements, many difficulties are still hiding around the corner making implementation of a solid and flexible Sanction Screening system an imperative.

My name is mud

One of the largest challenges is comparing “dirty data” with “dirty data.” In most instances, the FICs data contain gaps and inconsistencies, which can occur for a number of reasons. Frequently, a central repository is lacking and layers of data are consolidated from information originating on different systems. The inability to go back to the original information only exacerbates this issue. In an effort to diminish the problem, some FICs have arranged unique chronological archives. However, this is not an adequate or catchall solution.

Things go from bad to worse when you take into consideration the Sanctions List, from which data matches must be made. Comparison between, for example, the OFAC's SDN, European and United Nations lists shows data quality is erratic and poorly structured with a high number of incomplete records. There are often inconsistencies in nomenclature, such as abbreviations for Senior / Sr. or Incorporated / Inc. Trying to first detect and then match already dirty files against these incongruous lists becomes a losing game.

Spelling it out

The second challenge is transliteration. Transliteration is the transcription of text according to an alphabetical system different from the original, for example from Cyrillic, Greek, Hebrew, or Arabic text into a Latin-based alphabet. The challenge of transliteration is more important than you might think at first – in the Western world most names are constructed in Roman characters while a good number of these names originate from non-Latin language environments. This means that names in Russian, Arabic, Chinese, Thai, Korean, and many other languages, must be transliterated from their mother tongue into Roman characters. Since there are many phonemes in these languages without a corresponding sequence in Latin characters there are then many different ways of transliterating the same name. As a highly cited example, the name of the former Libyan leader has been written in several different ways:

  1. Gaddafi
  2. Qadhafi
  3. Kaddafi
  4. Gadhafi
  5. Ghathafi
  6. Qaddafi
  7. Ghadafi

Accounting for all variations on spelling within the system while maintaining accuracy in data matching can become overwhelming and still not eradicate the problem.

Name dropping… or adding

Challenge number three arises from cultural differences. For instance, in Spanish cultures, people use four or five names combining both matrilineal and patrilineal surnames. If a person uses only two or three of these names, screening algorithms may not detect them. In many Asian cultures, surnames are written before “first” names and there are many common family names, like "Kim" in Korea. A loophole occurs when a matching algorithm fails to detect these cultural differences, which allows a sanctioned person to hide from the screening system by slightly changing their name.

So many names, so little time

A fourth challenge is created by the profusion of results caused by commonly found names in a Sanction List. For many companies, this becomes a very real problem when the system generates more “hits,” especially alerts for false positive matches, than the entire organisation can materially evaluate. Looking at just the OFAC's SDN list there are:

  • 176 entities containing "Gonzalez"
  • 693 entities containing "Abdullah"
  • 132 entities containing "Garcia"
  • 108 entities containing "Muhammed"
  • 198 entities containing "Kim"

Totals only increases with each additional list used in the process. Evaluating multiple hits costs time and money. FICs naturally want to reduce false positive hits generated during screening.

Gaming the System

Compounding each of these singular issues are occurrences of deliberate manipulation. Many people know they are on the Sanctions list(s) and intentionally try to hide their identity to avoid being blocked. These people will alter the spelling of their name using a variety of techniques:

a. Transliteration
b. Cultural aspects
c. The concatenation of some their names
d. Alteration of other information, such as date of birth

How to overcome the challenges

A sanctions screening strategy should be composed of several steps. Choice of supplier, program calibration, and choice of evaluation process for each hit are all critical pieces to the solution. In our experience, the screening technology selected should incorporate features that:

  • Manage the expected data volume to avoid dangerous bottlenecks
  • Provide a technical infrastructure within acceptable operating cost
  • Make comparisons based on "fuzzy logic" by implementing specific algorithms recognised as effective, for example Levenshtein or SoundEx
  • Search not only for matches on names but also on secondary criteria such as date of birth, citizenship and identification numbers
  • Allow automatic updating of lists without the need for manual operations
  • Contain an operating process for the validation of hits with the ability to store completed validation work for future reference
  • Function independently from user-selected lists, whether public and internal lists, and must meet risk analysis requirements relevant to each FIC.
  • Calibrate fuzzy logic results with consideration to statistical analysis and feedback from production

It is also vital for financial intermediaries to activate a validation process in the Screening System. This validation can be done by extracting a statistically valid sample of names of its customers, creating variants and permutations of these names, and executing a series of screenings to verify the quality of hits produced.

To achieve maximum performance in delivering a comprehensive Sanctions Screening service – helping customers fulfill anti-money laundering compliance requirements imposed by regulators to customers – TAS Group teamed up with Netech, a specialist in AML for the banking sector. The Sanction Screening ensures effective screening processes for payments while preventing sanctions risks and loss of reputation. It is a real-time feature.

By Francesco Crocetto, Head of Swift Area and Swift Service Bureau, TAS Group

Co-authored by Silvano Esposito, Senior Manager at NETECH, expert in anti-money laundering and sanctions screening systems. NETECH offers services to help financial intermediaries evaluating risks and managing screening processes through various specific solutions. Since its foundation in 2003, NETECH has developed consulting services and software for the financial sector, with particular attention to anti-money laundering and anti-terrorism tools. Every day about 87 million transactions are controlled with the technology developed by Netech.

Become a bobsguide member to access the following

1. Unrestricted access to bobsguide
2. Send a proposal request
3. Insights delivered daily to your inbox
4. Career development