Integrating sanctions.io using Low-code Platforms

Integrating sanctions.io with your CRM system

Your CRM system is the single source of truth for all your customer and business partner data; hence, it is a great place for integrating your Sanctions screening process. In this article, we will explain how you can integrate a simple Sanctions screening process and even use your CRM system as a simple case management tool without any coding involved.

Define your Screening Process and Workflow

Screening processes and workflows differ naturally between different organizations but we will use a very basic example for a simple and straightforward process:

• Perform a sanctions screening based on the Full Name of our business partner right when the information is entered or updated in Pipedrive AND also regularly once a month for all existing records.
• If there is a match:
  • Record the search query and the results from the sanctions.io API in an Audit Trail spreadsheet (Google Sheet)
  • Update the Sanctions flag in Pipedrive to “Blocked”.
  • Send an Email notification to a predefined user or user group
• The compliance team can ‘whitelist’ the business partner by changing the Sanctions flag in Pipedrive to “Whitelisted” – this will exclude the record from future screenings

Tech Stack

For our example, we will use

• Pipedrive as our CRM system
• Google Sheets for our Audit Trail spreadsheet
• Integromat/MAKE as our low-code ‘engine’
• Our sanctions.io API

Preparations

Setting up Pipedrive

In order to we can use Pipedrive also as our case management tool for Sanctions screenings, we need to add a custom field, “Sanctions flag,” that will allow us to flag a person or organization as ‘blocked’ or ‘whitelisted’. This field needs to be created for both the person and also for the organization object.

Setting up an Audit Trail spreadsheet in GSheet

For Audit and transparency reasons you want to record all your Sanctions matches including the search query and respective results. We are using GSheet for this and have set up the following structure:

Column Headers in GSheet: Timestamp, Pipedrive ID of respective person or organization, Search Query, Result Names, Result Alternative Names, Result Addresses

Create your “Scenarios” in Integromat/MAKE

Integromat (now MAKE) is an awesome low-code automation and workflow tool which we will use for this example. But you can also use similar tools such as Zapier or even more advanced enterprise tools such as Appian.

In total, we will need four different Scenarios:

• Sanctions check whenever a Person is added or updated
• Sanctions check whenever an Organization is created or updated
• Regular Sanctions check once a month for all Person records
• Regular Sanctions check once a month for all Organization records

a) Sanctions Check whenever a Person is added or updated in Pipedrive

This scenario will perform an API call to our sanctions.io API each time a new person has been created or any person has been updated.

By including also all updates we make sure that we also cover transaction screenings – but this can be different in your process. Since we use Pipedrive as our single source of truth we also record any transaction in our Pipedrive system and hence this will automatically trigger a new Sanctions screening as well.

As you can see above our Integromat Scenario only contains seven process steps:

• The process is triggered by any new or updated Person record
• It will perform an API call to our sanctions.io API for all records that are not flagged as “blocked” or “whitelisted”. (This example only uses a simple Name search without any fuzzy algorithm or additional information. Finding the optimal search approach depends on your ‘risk appetite’, the number of false positives and resources to investigate, and risk exposure in your specific market.)
• Formatting the API results into JSON bundles that we can work with in the next steps
• If there is a match it will update the Sanctions Flag field in Pipedrive with “Blocked”
• It then will iterate through all matches and record these in our Audit Trail GSheet
• At the same time, it will send an email notification to a pre-defined contact that it has detected a Sanctions match

b) Sanctions Check whenever a new Organization is added or updated

This scenario looks exactly the same as in a) except we changed the trigger to fire whenever a new Organization is added or updated and also changed the fields to be updated in Pipedrive to the Organization fields. The rest of the process is exactly the same.

c) Regular Sanctions checks once a week for all Persons and Organizations

In order to optimize our process and reduce the risk of doing business or interacting with any sanctioned party, we also perform regular checks (once a week) for all Persons and Organizations in our CRM system – independent of any transactions. In Integromat we basically copied the two scenarios above and just changed the trigger to time-based (every Monday) and integrated an Iterator step in order to go through all records and perform the process one by one.