When it comes to watch list scanning, there are a variety of approaches and methods for determining whether a potential match is false or positive, but a lot also depends on the type of watch list for which the potential match has been triggered. The term ‘watch list’ itself also carries different meanings, whether the type of list is OFAC or an internal exclusion list. Below are various types of watch lists scenarios and the application of each for a financial institution:
- OFAC List – The Office of Foreign Assets Control (“OFAC”) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United States. OFAC publishes lists of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. It also lists individuals, groups, and entities, such as terrorists and narcotics traffickers designated under programs that are not country-specific1. This list is primarily comprised of Specially Designated Nationals List and the Consolidated Sanctions List.
- FinCEN’s 314(a) List – This program is in furtherance of Section 314(a) of the USA PATRIOT Act of 2001… FinCEN receives requests from law enforcement and upon review, sends notifications to designated contacts within financial institutions across the country once every 2 weeks informing them new information has been made available via a secure Internet web site. The requests contain subject and business names, addresses, and as much identifying data as possible to assist the financial industry in searching their records2.
- PEP List – A politically exposed person (PEP) is defined by the Financial Action Task Force (FATF) as an individual who is or has been entrusted with a prominent public function. Due to their position and influence, it is recognized that many PEPs are in positions that potentially can be abused for the purpose of committing money laundering (ML) offences and related predicate offences, including corruption and bribery, as well as conducting activity related to terrorist financing (TF)3. A PEP list is a curated list of politically exposed persons, their family members, and other relations, business or otherwise, often requiring some sort of subscription to a third-party service.
- Internal Exclusion List – This is any list maintained internally by a financial institution containing the names and other identifiers of people and entities that are barred from doing business with the financial institution. There are a variety of reasons for developing and maintaining an exclusion list.
Manual screening of the various watch lists is tedious. Most obligated institutions use a watch list screening service such as SimpliRisk to apply fuzzy logic to name screening as an efficient way to handle the initial watch list process. After this automated process, it then becomes important that compliance staff are comfortable with making risk-based decisions, and this comfort level can be enhanced by understanding the information and its effects on the decision-making process. This decision-making process can be individualized based on institutional compliance knowledge or generalized using a rubric or decision tree. Regardless of which process is used, it should be documented and understood by all stakeholders. Escalation to management for confirmation of a positive determination, along with periodic spot-checking of accuracy, are other ways to manage the decision-making process.
Depending on the type of list a potential match belongs to, determination of a match depends heavily on the amount of primary and secondary data provided by a watch list. Primary data consists of those data elements that are not usually subject to change. These elements tend to be name, date of birth, country of origin, and passport details. Secondary data tends to consist of other information considered temporary or perishable in nature, such as address details, aliases, local identification numbers, phone numbers and email and IP addresses. Organizing an approach keeping primary and secondary information in mind is integral to developing an institution’s risk-based approach to each list’s decision-making process.
Other factors in determining watch list matches tend to be subjective. This subjectivity can be distilled to a variety of internal questions one might ask, such as the likelihood of an OFAC-sanctioned entity existing inside the United States and attempting to access your financial institution by opening an account. While possible, this may not seem likely, but it is far more probable that a business entity banking with your financial institution may inadvertently attempt to transact with an OFAC-related entity. Another example can be as simple as comparing the date of birth or location for a potential PEP name match. Determining that an age disparity exists is an obvious defect in the potential match and contributes to the decision-making process. Specific to PEP, it may be well within the institution’s right to simply ask the customer or member if they are politically exposed.
While there are numerous other scenarios involving determination of potential match information, we will briefly go over secondary data and its use within the decision-making process. Address and phone number details should be considered perishable, meaning that their importance to determining a potential match does not get better with age. Address details within an institution’s database often is not as up to date as it could be. Still, an example of using secondary data can be evident when determining a match on an internal exclusion list match or a 314(a) match. Specific to addresses, an institution might find that a certain address is consistent with numerous fraud investigations. It would be well within reason to add the address involved as its own entry on an exclusion list. However, with a 314(a) match, this logic may not apply. Address details within a 314(a) match tend to be provided to assist the compliance professional in further determining whether a potential match is positive.
In summary, there is no ‘one size fits all’ approach to decisions made on watch list screening matches. For this reason, it is imperative that a compliance professional document their decision-making processes for each watch list scenario. Hopefully, this blog post has been helpful in determining an effective way of processing watch list potential matches. If you would like to discuss in greater detail, feel free to reach out to us!