Author: Dave Gowan

When it comes to watch list scanning, there are a variety of approaches and methods for determining whether a potential match is false or positive, but a lot also depends on the type of watch list for which the potential match has been triggered. The term ‘watch list’ itself also carries different meanings, whether the type of list is OFAC or an internal exclusion list.  Below are various types of watch lists scenarios and the application of each for a financial institution:

• OFAC List – The Office of Foreign Assets Control (“OFAC”) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. OFAC publishes lists of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific¹. This list is primarily comprised of Specially Designated Nationals List and the Consolidated Sanctions List.

• FinCEN’s 314(a) List – This program is in furtherance of Section 314(a) of the USA PATRIOT Act of 2001… FinCEN receives requests from law enforcement and upon review, sends notifications to designated contacts within financial institutions across the country once every 2 weeks informing them new information has been made available via a secure Internet web site. The requests contain subject and business names, addresses, and as much identifying data as possible to assist the financial industry in searching their records².

• PEP List – A politically exposed person (PEP) is defined by the Financial Action Task Force (FATF) as an individual who is or has been entrusted with a prominent public function. Due to their position and influence, it is recognized that many PEPs are in positions that potentially can be abused for the purpose of committing money laundering (ML) offences and related predicate offences, including corruption and bribery, as well as conducting activity related to terrorist financing (TF)³. A PEP list is a curated list of politically exposed persons, their family members, and other relations, business or otherwise, often requiring some sort of subscription to a third-party service.

• Internal Exclusion List – This is any list maintained internally by a financial institution containing the names and other identifiers of people and entities that are barred from doing business with the financial institution. There are a variety of reasons for developing and maintaining an exclusion list.

Manual screening of the various watch lists is tedious. Most obligated institutions use a watch list screening service such as SimpliRisk to apply fuzzy logic to name screening as an efficient way to handle the initial watch list process. After this automated process, it then becomes important that compliance staff are comfortable with making risk-based decisions, and this comfort level can be enhanced by understanding the information and its effects on the decision-making process. This decision-making process can be individualized based on institutional compliance knowledge or generalized using a rubric or decision tree.  Regardless of which process is used, it should be documented and understood by all stakeholders. Escalation to management for confirmation of a positive determination, along with periodic spot-checking of accuracy, are other ways to manage the decision-making process.

Depending on the type of list a potential match belongs to, determination of a match depends heavily on the amount of primary and secondary data provided by a watch list. Primary data consists of those data elements that are not usually subject to change. These elements tend to be name, date of birth, country of origin, and passport details. Secondary data tends to consist of other information considered temporary or perishable in nature, such as address details, aliases, local identification numbers, phone numbers and email and IP addresses. Organizing an approach keeping primary and secondary information in mind is integral to developing an institution’s risk-based approach to each list’s decision-making process.

Other factors in determining watch list matches tend to be subjective. This subjectivity can be distilled to a variety of internal questions one might ask, such as the likelihood of an OFAC-sanctioned entity existing inside the United States and attempting to access your financial institution by opening an account. While possible, this may not seem likely, but it is far more probable that a business entity banking with your financial institution may inadvertently attempt to transact with an OFAC-related entity. Another example can be as simple as comparing the date of birth or location for a potential PEP name match. Determining that an age disparity exists is an obvious defect in the potential match and contributes to the decision-making process. Specific to PEP, it may be well within the institution’s right to simply ask the customer or member if they are politically exposed.

While there are numerous other scenarios involving determination of potential match information, we will briefly go over secondary data and its use within the decision-making process. Address and phone number details should be considered perishable, meaning that their importance to determining a potential match does not get better with age. Address details within an institution’s database often is not as up to date as it could be. Still, an example of using secondary data can be evident when determining a match on an internal exclusion list match or a 314(a) match. Specific to addresses, an institution might find that a certain address is consistent with numerous fraud investigations. It would be well within reason to add the address involved as its own entry on an exclusion list. However, with a 314(a) match, this logic may not apply. Address details within a 314(a) match tend to be provided to assist the compliance professional in further determining whether a potential match is positive.

In summary, there is no ‘one size fits all’ approach to decisions made on watch list screening matches. For this reason, it is imperative that a compliance professional document their decision-making processes for each watch list scenario. Hopefully, this blog post has been helpful in determining an effective way of processing watch list potential matches. If you would like to discuss in greater detail, feel free to reach out to us!

¹ https://home.treasury.gov/policy-issues/office-of-foreign-assets-control-sanctions-programs-and-information

² https://www.fincen.gov/sites/default/files/shared/314afactsheet.pdf

³ https://www.fatf-gafi.org/media/fatf/documents/recommendations/Guidance-PEP-Rec12-22.pdf

In a previous blog post, I discussed how to determine high risk customers as it pertains to financial crime risk. To summarize, a risk professional can use publicly available information on crime statistics to augment the FFIEC guidance on establishing a BSA/AML Risk Assessment. Once high-risk customer segments have been determined, the next steps are gathering data and conducting analysis. There are varying methods of conducting analysis, but today I want to give an overview of a method called Peer Group Analysis.

Peer Group Analysis, in layperson’s terms, is the grouping of like businesses and entities for the purpose of comparison. From this grouping of like entities, various ratio and statistical methodologies can be applied to determine outliers. Once outliers have been isolated, analysis of these outliers is integral to learn more about the entity and their activity. Ultimately, the goal is to learn more about the business sector or determine whether the outlying activity is a consequence of suspicious activity. Once suspicious activity is determined, the associated data can provide basis for developing behavioral typologies to find other potential suspicious activity.

Now that Peer Group Analysis has been covered, I will walk through an example of a simple use case. Consider a credit union that maintains relationships with several pawn shops. Given the nature of pawn shops and the potential for high-risk activities such as dealing with precious metals and gems, short-term loan activity, and bulk cash handling, the credit union considers pawn shops to be higher risk. Once the pawn shops have been identified, the risk professional can then conduct a sampling of transactions using the same time frames, and then parse the data by transaction type.

Once parsed, the data can then be aggregated into various transaction type pools. The first thing to note is, while pooling the transactions, if the risk professional notices a transaction type that is not common to the peer group, isolate those transactions and determine causation.  Next, various methods can be used to determine outliers, but for this instance, I will begin by using the Sample Standard Deviation formula found in Microsoft Excel as function STDEV.S.

Once I have calculated the sample standard deviation, I can apply it to my data and analyze it using the Empirical Rule. This rule, while not perfect, makes the statement that within a normal distribution of values, roughly 68% of values lie within one standard deviation of the mean, about 95% within two standard deviations, and about 99.7% within three. Knowing this, the sample standard deviation can then be applied against the pooled transaction data at either two or three standard deviations from the mean or average of the data sample. I can then assume that anything outside of my choice can be considered an outlier for further review.

While not perfect, this is one method of looking at high risk relationships and determining risk within their transactional data. Harnessing the ability of business tools such as Microsoft Excel makes using these powerful statistical methods a much easier task. If you are curious to learn more, feel free to reach out for a discussion!

Charity, Unemployment, Utility and Coronavirus Treatment Scams continue to target the Elderly and Unemployed

As access to the financial system has decreased due to the COVID-19 crisis, criminal activity has increased in several areas of interest, with much involving various forms of social engineering[i] and technology. This increase is largely due to the inaccessibility of conventional banking; in turn, fraud and money laundering conspirators have had to adapt. While many of us in the Banking Compliance arena do not personally feel susceptible to these types of scams, it continues to be important to consistently communicate to our members and customers regarding schemes and the propensity for financial loss by misdeeds and misrepresentation.

The elderly are specifically susceptible to both online and in-person COVID-19 scams. Many of these scams tend to take advantage of fear by attempting to sell fake cures and preventative medicines specifically formulated for the coronavirus. Other scams are even more nefarious, involving individuals offering services such as grocery and medicine shopping and delivery, ultimately taking the funds up front from immuno-compromised or elderly persons, and disappearing without delivering the items.[ii]

An interesting twist on specific abuses of the elderly and disabled involves caretakers, nursing homes, and assisted living facilities attempting to withhold the stimulus checks of those under their care.  The Federal Trade Commission goes on to assert it is receiving reports, “facilities are trying to take the stimulus payments intended for their residents on Medicaid…requiring those people to sign over those funds to the facility…claiming that, because the person is on Medicaid, the facility gets to keep the stimulus payment.”[iii]

Meanwhile, the CARES Act[iv] is due to expire at the end of July, 2020, with the Federal Government currently deliberating on its extension. This impending expiration has given rise to many Utility Shutoff Scams, where an unsuspecting recipient receives a phone call from a scammer reporting to be a utility demanding payment from a number of methods to avoid shutoff.[v] These methods often involve the use of prepaid cards, remittance, or basic debit or credit card information over the phone. Additional CARES Act-related scams involve the pre-funding of unemployment benefits and additional stimulus payments, none of which have been approved yet.

Social Engineering tends to play a large role in many of the schemes we see today. To end on an obvious note, but if it seems to good to be true, it more than likely is!

[i] https://www.csoonline.com/article/2124681/what-is-social-engineering.html#:~:text=Social%20engineering%20definition,to%20buildings%2C%20systems%20or%20data.&text=%5B%20Learn%20what%20makes%20these%206,signing%20up%20for%20our%20newsletters.%20%5D

[ii] https://www.wlvt.org/blogs/montgomery/scammers-targeting-senior-citizens-with-new-coronavirus-scams/

[iii] https://www.consumer.ftc.gov/blog/2020/05/did-nursing-home-or-assisted-living-facility-take-your-stimulus-check

[iv] https://home.treasury.gov/policy-issues/cares

[v] https://www.consumer.ftc.gov/blog/2020/07/utility-company-calling-dont-fall-it