Setting up your Screening Process
Before starting to integrate our API or any of our integrations, it makes sense to think about and define your general screening process:
- Preparing and streamlining required data for the screening process
- Selecting relevant Sanctions and/or other watchlists
- Screening interval and trigger events
- Archiving and Case Management
- Handling Matches
- Testing your screening process
Preparing and Streamlining Your Data
Often the lack of data quality, integrity, or completeness is the reason sanction screening systems fail or suffer from poor performance. Companies need to compile and clean their KYC (Know Your Customer) information to avoid producing many false positives and to avoid failing to detect sanctioned entities during the screening process.
Data sources may be distributed across IT systems and must be mapped and identified to obtain a more holistic view of the customer base. If possible, all data sources should be linked and integrated and subject to the same quality standards by extracting, enriching, and loading the information to a single platform.
Data Points to consider for your Sanctions Screening process:
Entities | Individuals |
Name of the organization as registered | Full Name (First, Middle, Last name) |
Address | Date of Birth |
Tax ID | Country of Birth, Nationality, Citizenship |
Full name, Country of Birth, Date of Birth of all UBOs (Ultimate Beneficial Owners) | Address, Passport ID |
Defining the Relevant Sanctions Lists for Your Business
Businesses need to consider the relevant sanctioning bodies active in the countries they operate in, the territories in which they and their partnerships and alliances trade, and the currencies they are operate in.
Below are some of the most relevant Sanctions lists for businesses operating in the US and Europe:
- The UK Sanctions List (HM Treasury) applies to all individuals and legal entities within or who undertake activities within the United Kingdom and all UK nationals and legal entities established under UK law. It’s enforced and overseen by OFSI (the Office for Financial Sanctions Implementation).
- The EU Consolidated Sanctions List applies to all EU citizens or corporate entities constituted in a member state and overseen by the EU Council.
- The OFAC Sanctions List applies to all US citizens and corporate entities constituted in the US, as well as any entity that trades in US dollars, US goods, or US components or has a US parent or affiliate. The US Office of Foreign Assets Control (OFAC) is its regulatory body.
- The UN Sanctions List applies to all UN Nation-states and is overseen by the UN Council.
In addition to the above, there are a wide number of additional, country-specific regulatory bodies you might need to consider when defining your Sanctions screening process. Depending on your business exposure, this task can be quite challenging. The following resource might help determine which Sanctions regulations apply to your business: Association of Certified Sanctions Specialists
Screening Interval and Trigger Events
It’s recommended that screening takes place when establishing new relationships (onboarding), followed by regular screening either upon trigger events (transactions) and/or at predetermined intervals (daily, weekly, monthly).
Transaction screening should be performed in such a way that the transaction may be stopped before a violation occurs.
Archiving and Case Management
Generally, it is recommended to archive all your search requests for future audits. Our API response contains all the search parameters used for the search and delivers all data necessary for a comprehensive archiving and auditable process.
For managing potential matches, we recommend using either a ticketing system (such as Jira, Zendesk etc.) or, for a simpler workflow, recording all matches in an Excel or Google sheet with an email notification to the respective compliance team/manager.
This whole workflow can also be set up without any coding involved, using no-/ or low-code tools like Zapier or Make.
For a very simple workflow example using only low/no-code tools, see our doc on integrating our API using low-code platforms.
Handling Matches
It’s important to note that an alert that is generated during screening, indicating a match between a customer or business partner and a record on a sanctions list, is not necessarily an indication of a sanctions risk. It needs to be verified, confirmed, or discounted using additional information to determine whether the match is true or a false positive.
Manually review all of the client identity information you hold against the information within the sanctions list. You may also wish to approach your client for additional information.
If the individual or entity matches all of the information on the list, it is likely a positive match and needs to be reported to your internal compliance team and/or you need to file a Suspicious Activity Report (SAR). All transactions with this client or business partner should be suspended.
If you are confident that the match is a false positive, you may wish to whitelist the client’s name within your systems to avoid future matches.
For more information, please refer to the FinCen Guide on filing SARs.
Testing your Screening Setup
After you have set up your Screening Process and defined the Watchlists you want to consider for your screening, it's advisable to test your approach.
For your technical testing, you can use our Sandbox environment. For your first integration test, we are also happy to provide a temporary production API key so you can test your approach with actual Sanctions data before going live.
If you need any help during the Implementation, please don't hesitate to contact our Customer Support Team. We are always happy to help.