Regulators and supervisors around the world are becoming increasingly more proactive in the current ever-changing sanctions environment and are conducting more frequent sanction screening Thematic Reviews to improve the quality of their AML/CFT supervision. This in turn is putting additional pressure on financial institutions (“FIs”) to ensure that their sanction screening systems are performing correctly and in accordance with a firm’s risk appetite.
AML Analytics carried out the first ever sanction screening Thematic Review in the world in 2014. Since then, we have assisted with many more Thematic Reviews across the globe, including the first ever transaction monitoring Thematic Review for the Bank of Jamaica in 2021.
Our unique SupTech or “Supervisory Technology”, used as an integral part of Thematic Review testing, ensures that regulators receive insight and understanding about the prevalent and emerging risks in their market.
To date we have completed over 30 Thematic Reviews around the world, testing the systems of over 500 regulated entities with over 900 screening systems included in the scope of Thematic Reviews so far. Many more are scheduled for 2023 and beyond.
Sanction screening system testing establishes the effectiveness and efficiency of a system and is a vital tool for regulators to ensure that a regulated entity is meeting compliance requirements, minimising its exposure to financial crime risk and has robust detection systems in place.
The aim is to understand the overall level of effectiveness and efficiency of each client and transaction screening system in scope, with particular attention placed on these key considerations:
- Does the system generate an alert when a sanctioned name is screened?
- Are the fuzzy logic matching rules, configuration and threshold settings of a system effective so that an algorithmically manipulated sanctioned name generates an alert?
- Are the levels of false positives from a system within manageable levels for the regulated entity?
- And finally… is system performance in line with the regulator’s expectations?
There are a number of common findings and trends that have become apparent to AML Analytics following our extensive work with so many regulators. The most pertinent of these observations are as follows:
- Unmanipulated sanction names are frequently undetected by FIs for long periods of time
- Vendors are tasked with managing the risk of an FI, without any awareness or understanding by the FI itself of any system settings
- Alert levels of sanction screening systems are often tuned to an FI’s existing resource capacity as opposed to being tuned to match an FI’s defined risk appetite
- Jurisdictionally relevant sanction lists are often not included in a screening system’s configuration
- New systems are rarely tested before implementation
- Testing (UAT) environments often do not mirror the production environments
- Screening systems rarely generate alerts to a sanctioned name if a system has not been tuned for a year or more
During a Thematic Review, we are frequently asked which sanction screening tool is the best. Most tools use similar technologies and work more or less in the same way however our experience shows that the key to optimum system effectiveness and efficiency is how the tool is used and how well it is understood by its operators.
If a screening system is not performing as expected, it will normally be due to one or more of the following reasons:
- Poor system configuration
- The system is being used with “out of the box” factory settings
- The system’s rules and settings have not been updated to suit the changing risk appetite of the FI
- The system has not been upgraded with essential system updates
- Too many sanction sources are being screened, denoting poor list management
- The list provider is not fully up to date.
- An FI’s sanction list feed is not being kept up to date according to their list provider’s sanction list updates
As a company, we have tested most of the sanction screening solutions on the market and have seen many examples of the same solution being used by multiple FIs with a completely different performance outcome every time. This shows that it is how a system is used and not the actual system itself which is surely encouraging news for regulators and regulated entities alike who can jointly work together with transparency to raise screening standards in a market by ensuring that screening solutions are understood, tuned frequently and operate in line with risk appetite.