Part of the customer due diligence process is finding out whether a customer or his beneficial owners, UBO or representative appears on a sanctions list or is designated as a person holding a prominent political office (PEP). You should also check whether any negative publicity is known about the person (adverse media check). This can be done manually by grabbing the sanctions lists yourself, asking the client directly whether he is a PEP and using online search engines to search for negative publicity. However, it can also be done by purchasing an automated ‘name screening’ tool that screens your clients against sanction and PEP lists, possibly supplemented by other lists. There are even tools on the market that additionally screen for country risk, sector risk and entity risk.
Unreliable and expensive
In practice, carrying out automated screening is less reliable ánd more expensive than it seems at first glance. There are several reasons for this. To be able to rely on adequate client screening, more is needed than just setting up a screening system. Besides knowledge of relevant laws and regulations, it is important to identify which processes are relevant. In this respect, the availability and quality of data are crucial.
Below, we map out which trade-offs are important in the choices to set up and/or optimise customer screening.
1. Set your starting point against the legal obligation
Legally, the context (i.e. what type of customers you have, what countries you and your customers operate in, what type of products you offer, etc.) forms the basis on which you must establish the risks of money laundering and terrorist financing, and then take appropriate action.
The law does not prescribe in what way you must conduct screening, as long as the screening is done adequately. However, you do need to take fuzzy matching into account in your Sanction screening.
DNB has already indicated in 2016 that ‘fuzzy matching’ between 70% and 85% for Sanctions screening is the industry standard. (DNB Q&A Sanctions law for non-life insurers, August 2016). That is, not only matching may be done on 100% similarity of terms, but for example on 70%, 85% similarity. This is due to phonetic and/or administration errors in name, date of birth, etc., which puts institutions at risk of possible hits on client names, as well as incoming and outgoing transactions not being investigated. DNB considers using a 100% match a bad practice. In general, we see that a matching percentage of 85% is used in automated tooling, but we also see that institutions often only assess a 100% match. However, DNB may require that if you only assess 100% matches, you make this explicit in the risk appetite.
2. Manual or automated screening?
Map out in what way screening takes place in your company and what this means for the expected quality and for the efficiency of the screening process. Based on this, you can make the choice to want to adjust the process.
The pitfalls of manual screening
In manual screening, after identification and verification of the client and its UBO, a PEP statement is often requested from the client. After this, one manually checks EU and NL sanction lists and via online search engines for negative publicity. This is a time-consuming and error-prone process. Indeed, it is not always clear whether the information is adequate and what conclusions can actually be drawn on the basis of that information. Building in quality controls can support this approach. It can also lead to the choice of using automated tools.
Challenges for large institutions
Larger institutions often use automated tools. These may be linked to CRM systems and distributed across different processes. These tools support UBO screening, PEP check, adverse media check and screening against Sanctions lists. In practice, the variety of screening processes and systems combined with the lack of logical workflow management can lead to time-consuming handling of various false-positive alerts. And again, it is not always clear what conclusions can be drawn.
3. Determine which processes are relevant
The next step is to do a stakeholder analysis (sales, IT, account management, support, etc.) and map out the processes together with those various stakeholders. When choosing an automated solution, it is important to have a clear idea of what exactly needs to be automated. The following questions will help:
- How are CDD processes currently compartmentalised; across which departments and across which systems?
- To what extent do processes need to be updated?
- At what point do you have the necessary information to complete the Know Your Customer (KYC) process?
- What screenings are you doing now, in what ways and what controls are now in place?
- Who owns the different processes?
- What relevant input comes from which people or departments?
This requires relevant staff to have sufficient knowledge of doing client research and clear working procedures. We can help you carry out stakeholder analysis and process mapping.
4. Determine the quality of the (source) data
Map out what customer data you need for screening and whether you can access this data to a sufficient extent. Based on this, you can take measures to improve data quality and thus ultimately increase the effectiveness of screening.
You can examine the data from the following dimensions:
- Completeness of data: are all the data you need available and accessible?
- Correctness of data: are all data current, and are they adequately maintained?
- Unique data: are all customer data unique enough and linked together?
We often see that client information is captured in multiple places, is not linked or sometimes even completely missing. This is especially in companies that have taken over customer portfolios, or are working with outdated customer systems and/or large data volumes. If the customer then purchases a new product, for example, it may be identified as a new customer, resulting in the same customer being assigned multiple risk ratings. This creates the risk of screening outcomes on the same customer being treated differently. We therefore recommend considering a unique customer identifier.
One possible solution to missing data is to purchase data from an external data provider. We can help with issues such as: how to deal with discrepancies, which data can and may be overwritten, matching terms used within your company with the data providers’ terms, which data fields to use, etc.
More and more national and international parties are entering the market with customer screening solutions. These technological applications are marketed as Regulatory Technology (RegTech).
The tools differ in features such as a handy app, a clear alert handling system or an easily configurable list management system. But there are also differences in the degree of workflow support Regtech tools can provide in an onboarding and monitoring exercise. Think of variations from mere screening against set lists, uploading identity proofs, doing additional fraud checks to integration with transaction monitoring. In addition, there are clear quality differences in PEP and adverse media lists used by a provider. We can help you select a tool and the required features and provide implementation support.
Want to know more?
Conducting customer research and screening properly is of great importance to your organisation. You can do this in different ways, as long as the research is done adequately.
Our specialists have detailed knowledge of financial laws and regulations, and the experience to support in their application like no other.
We can help you with:
- An analysis of your organisation and its compliance with the Wwft and Sanctions Act requirements;
- Drafting, improving and implementing customer screening policies and procedures;
- Provide practical support for your procurement or furnishing issue.
Read more about our client due diligence services, or contact us for more information.