We are excited to launch our "Sanctions in Focus" series, featuring five concise posts that explore the challenges firms face in navigating the ever-evolving landscape of sanction management. This series will provide insights on how to strengthen your current sanction protocols, redefine your operational model, and implement cutting-edge technology to streamline and enhance labour-intensive sanction operations.
Firms are under increased pressure to have accurate and sophisticated sanctions controls that enable them to effectively mitigate sanctions risk. Since sanction operate under strict liability, firms require a precise calibration and ongoing refinement, a process known as tuning. Projective Group consultant Joe French provides an overview of sanctions tuning and articulate the need to shift the focus from merely having a system to proving its effectiveness and efficiency.
A Step-by-Step Guide to Tuning Sanctions Systems
Effective sanctions system tuning is not a one-time technical adjustment, but a structured iterative lifecycle underpinned by a risk-based approach and rigorous testing. Achieving optimal performance requires a multi-disciplinary effort involving compliance, risk, operations, and IT functions.
Effective sanctions system tuning is not a one-time technical adjustment, but a structured iterative lifecycle.
#1 Foundational Risk Assessment
The tuning process begins with a thorough understanding of the firm's specific sanctions risk exposure, considering its unique mix of customers, products, geographic footprint, and transaction types. This risk assessment informs the tuning strategy.
#2 Performance Baseline
Establishing a performance baseline, measuring effectiveness (e.g., true positive rate) and efficiency (e.g., false positive rate), is essential. This baseline provides a starting point for any tuning exercise.
#3 Selecting Parameters to Tune
This stage involves identifying the system's technical settings that can be adjusted to align with the firm's risk appetite and operational capacity. Parameters are selected following a risk-based approach, prioritising parameters that are most pertinent to a firms unique risk profile.
Example parameters include:
- Fuzzy Logic Thresholds and Algorithms: Fuzzy logic identifies non-exact matches (misspellings, aliases, manipulations, transliteration). Tuning involves adjusting sensitivity ('fuzziness') of algorithms – balancing false negatives against excessive false positives.
- Matching Rules and Logic: Tuning involves defining and refining matching rules incorporating relevant data points like date of birth, address, and UBO information (including adherence to rules like OFAC's 50% rule).
- Whitelisting, Goodlisting and Suppression Rules: Whitelisting or Goodlisting rules enhance efficiency by suppressing known low-risk false positives. Robust governance and regular review are required to avoid suppressing genuine matches as lists change.
#4 Above-the-line and Below-the-line Testing
Together, above-the-line (ATL) and below-the-line (BTL) testing form a statistical exercise to rigorously analyse and validate the chosen parameters and thresholds, such as the fuzzy logic matching score. For instance, assuming the current baseline fuzzy logic threshold is set at 85% similarity.
- ATL Testing: The threshold is increased (e.g., to 90%) in the test environment. This makes the matching stricter. The system is run against test data (e.g., historical transactions). Analysts review a sample of the additional alerts generated to assess their quality (are they identifying true potential risks?) and note the reduction in overall alert volume. The risk is potentially missing true matches due to minor variations falling below the stricter 90% threshold.
- BTL Testing: The threshold is decreased (e.g., to 80%) in the test environment. This makes the matching more lenient. The system is run again against the test data. Analysts review the additional alerts generated compared to the baseline, focusing on whether potentially suspicious activity previously missed is now being flagged (reducing false negatives). They also note the increase in overall alert volume, likely including more false positives.
- Analysis & Tuning: By comparing the results (alert volumes, true positive rates, false positive rates, types of matches missed/gained) from the baseline, ATL and BTL tests, the firm can determine the optimal fuzzy logic threshold. This optimal setting balances effectiveness (capturing true risks, informed by BTL results) and efficiency (minimising false positives to manage operational load, informed by ATL results) according to the firm's specific risk appetite and operational capacity. This analysis will allow firms to articulate the risk-based rationale for selecting the final threshold that must be documented for potential regulatory scrutiny.
#5 Continuous Monitoring & Refinement:
Tuning is an ongoing process. Firms must continuously monitor performance via MI (tracking alert volumes, false positive/true match rates, investigation outcomes). This data informs each tuning cycle. Although exact frequencies are not set by regulators, periodic and trigger events reviews are expected by regulators (FCA, BaFin, EBA, etc.) and firms must be able to demonstrate a well thought out, risk-based rationale for it.
Although exact frequencies are not set by regulators, periodic and trigger events reviews are expected.
Why Tuning is Non-Negotiable (for Financial Firms)
Optimising sanctions screening systems through careful tuning is not merely a best practice; it is a fundamental requirement for financial institutions operating in today's regulatory environment. Several critical drivers underscore its non-negotiable nature:
- Regulatory Compliance & Expectations: Global regulators (mandate effective, risk-based systems for sanctions compliance. Failure, including inadequate tuning and testing, risks severe penalties and reputational damage. Regulators increasingly expect firms to demonstrate a thorough understanding of system configuration, performance, and risk alignment.
- Risk Appetite Alignment: Every financial institution operates under a defined risk appetite, typically approved at the board level. Tuning allows firms to calibrate the sensitivity and thresholds of their screening systems to align with this appetite.
- Operational Efficiency & Cost Management: Sanctions screening, particularly the investigation of alerts, is resource intensive. False positive rates are often high, creating significant operational drag. Effective tuning directly addresses this by reducing the volume of non-productive alerts, freeing up valuable analyst time. The cost savings achieved through reduced manual reviews often significantly outweigh the investment in tuning.
Über Projective Group
Gegründet im Jahr 2006 ist die Projective Group ein führender Spezialist für Change im Financial Service Bereich.
In der Branche sind wir als umfassender Lösungsanbieter anerkannt und arbeiten partnerschaftlich mit unseren Kunden zusammen, um ganzheitliche und pragmatische Lösungen zu bieten. Wir haben uns zu einem vertrauenswürdigen Partner für Unternehmen entwickelt, die in einer sich ständig wandelnden europäischen Finanz- und Unternehmenslandschaft erfolgreich sein und wachsen möchten.
Projective Group has a deep talent pool trained in Financial Crime, Customer Due Diligence, and Sanctions. Our unique recruitment and people management approach means that we can rapidly mobilise, train, and deploy a team to support either run-the-bank activities or ad-hoc remediation or implementation projects. Our ongoing monitoring of the market environment ensures that our talent pool is always readily available and equipped to be rapidly deployed to support our clients’ emerging challenges.