For many compliance professionals, openly discussing compliance-related subjects on social media is viewed as taboo. Concerns around potential legal violations, airing perceived missteps, or simply a desire to maintain a professional image often hinder the open exchange of expertise and insights. This caution, while understandable, stifles the flow of shared knowledge and limits opportunities for evolution and innovation.

With this guide, we’re addressing this discussion head-on to provide practical insights on building effective sanctions operations, including:

• Measuring your exposure
• Key inputs of match determination
• Alleviating friction with non-customer (3rd party) sanctions screening

Accurately Measuring Sanctions Exposure

The first step in any sanctions operation is understanding the extent of your exposure. To get this right, it helps to separate risk into distinct components.

Understanding Your Transactions

Dive deep into your customer data to understand the following:

• Where customers are located
• The source and destination of funds
• The products you offer
• Countries involved for accounts and clients
• The types of accounts you offer

This depth of understanding sets the foundation for proactive risk management.

Digging Deeper into Geographic Risk

Compliance professionals should consider other factors that affect geographic risk. There are countries that have meaningful trade relations with sanctioned countries or even shared borders. For example, Chinese banks are specifically named in North Korea sanctions, and as a practical matter, when you are reviewing a partial match on a name for an SDN subject to Venezuela sanctions, if the given address was in Colombia you may consider “a closer look”, rather than dismissing the match.

Similarly, domestic payments are often ignored or de-prioritized as less risky compared to international ones, but it’s a good idea to approach them with the same rigor. Compliance folks are often surprised to learn that U.S. persons and entities can be found on the Office of Foreign Assets Control (OFAC) and U.S. Dept of Commerce and U.S. Dept. of State lists.

Understanding Legal Distinctions

Unlike Bank Secrecy Act reporting, OFAC, and sanctions regimes more generally, do not have a de minimis reporting limit, meaning that even a $1 transaction with a sanctioned party can have serious consequences. The practical consideration here is to identify where your AML program has implemented value-based thresholds — particularly related to identity verification and transaction monitoring. These thresholds could create blind spots (and sanctions-related exposure) for interactions (or transactions) that occur “below threshold”.

The Three Main Inputs of Matching

At the core of every sanctions operation is a matching exercise consisting of three critical levers: input source data, matching parameters (the software), and reference data (the sanctions lists).

Input Source Data Quality

Verified, clean, and comprehensive source data is the bedrock of successful sanctions operations, facilitating accurate matching and more efficient separation of partial matches. Feeding messy and incomplete data into your screening software is a surefire way to expend precious compliance resources on unnecessary false-positive matches, missing real sanctions risk, and aggravating otherwise good customers by delaying their transactions.

The Matching Parameters (aka “Software”)

Algorithms generate false-positive alerts even with quality data inputs. To logically optimize matching, it is essential to define and document what elements are considered to determine a match. For example, how much of an address and its components must be considered and present before it is raised as a match? (i.e. Street number, street name and street suffix, or some other permutation/combination address fields.) Documenting and understanding the application of “fuzzy logic” is often woefully inadequate. If you’ve set your “fuzzy matching” to 85%, do you know what that actually means? Inquiry and testing are essential elements of understanding the matching logic.

We recommend that screening utilizes validated and “verified” input data, which creates automation opportunities but, more importantly, identifies potential issues “upstream” — for example, birth dates in the wrong century.

Staying Up to Date with Reference Data (Sanctions Lists)

Updates to sanctions lists are subject to the whims of their government owners. Depending on the political environment, there may be long periods of stasis or several updates within consecutive days. Compliance professionals need to have reliable mechanisms to confirm that their software is utilizing the most up-to-date lists. Where companies use 3rd party screening software, this responsibility is often implicitly expected of the software vendor. In these situations, it is good practice to periodically verify that the vendor-provided lists are actually up-to-date. Trust, but verify!

Non-Customer (3rd Party) Screening

Sanctions screening for customers can be tricky, but for non-customers, it is often downright awkward. The key to solving this awkwardness is implementing a user-friendly method of effectively gathering requested supplementary identifying information.

The Challenge

Companies often lack verified details about non-customers involved in transactions (for example, the “beneficiary” or “payee” of a payment), which results in screening tools generating alerts that cannot be dispositioned.

In practice, this requires contacting customers for more information about their beneficiary, introducing additional friction to the transaction process.

Practical Solutions

Collecting verified information on non-customers can, and potentially should, leverage existing tools and processes used to collect and verify customer information.

For online providers, this can be achieved by providing a link for a data collection form to the customer to be forwarded to the external counterparty. This allows the external counterparty to upload or fill in the required information themselves.

Any input data or documents could also be validated with the same tools and rigor used to verify customer information before being used to disposition the watchlist match. A variation on this, when contact information of the non-customer is already provided, is to initiate the outreach described above directly to the non-customer.

The Power of Holistic Sanctions Screening Software

To conduct smooth and accurate sanctions operations, companies must understand their exposure, maintain quality data, and implement practical solutions for non-customer (3rd Party) screening.

This all starts with having the right software. Solutions must be holistic and customizable, allowing analysts to quickly build any monitoring method needed to better serve all stakeholders.

To discover how tools like Sandbar can simplify your AML processes and streamline your compliance workflows, book a demo today.