There is mounting pressure for businesses to fortify their systems against access by money launderers, terrorists and others whose activities may compromise foreign policy or national security.
Kevin West, a director at KPMG Forensic, says in most cases, these politically exposed people (PEP) already have sanctions in place against them. Companies need to be aware of the risks involved when dealing with these people, or face the consequences in terms of fraud or fines that can be imposed against them.
“When conducting cross-border transactions, there are sanctions screening lists, for example, the Office of Foreign Access Control, Her Majesty's Treasury, or EU lists,” says West. “When transactions are taking place, there is a requirement for companies to correctly match people against these lists.”
He says it is also important to choose the right third party provider. “The completeness of the list data that you receive impacts on the risk mitigation.”
Data integrity key
Smith highlights that important data elements, particularly for sanctions lists and PEP lists, are full name and surname, date of birth, ID number, nationality, country of residence, occupation and gender. While not all of the elements are required for sanctions lists, these additional fields help provide search elements for PEP screening.
The issue is deepened when companies migrate between systems, as companies need to be prepared to deal with data inconsistencies. Smith says this can lead to a requirement for them to undergo data remediation. “When migrating information, the legacy information needs to undergo cleaning and preparation prior to undergoing screening.”
He says systems and business rules surrounding data are vital, as these enforce the integrity of the data. “Legacy customer data is most often the issue, as migrations between systems need to ensure the legacy data is accurately transferred into newer systems. With more data, the accuracy of the screening process increases. Complete data allows for faster searches,” he explains.
Identify elimination criteria
Smith says companies need to identify primary elimination criteria, such as the ID and date of birth. These sets are inclusive to each other, as a person's ID number contains their date of birth.
Secondary elimination data is in the form of the occupation, gender, or photograph of the individual. It is important to have a clear process of investigation of potential matches and reporting and escalation of actual metrics, which is where investigative software comes in.
“PEP risk management systems use the same sanctions screening information, meaning there is a potential for a large quantity of false positives,” explains West. He says to reduce the number of false positives, the software needs to look at different fields, and make use of 'fuzzy matching'.
Fuzzy matching involves looking at different components of the string and analysing them. For example, taking the first name and the alternate spellings and abbreviations that might have been used, and looking at the misspellings of the names.
“Typically, sanctions screening occurs before PEP screening, so your sanctions list should stop the need to undergo further PEP screening. However, if they pass sanctions screening, you still need to undergo PEP screening to see if there are any enhanced actions that are required,” concludes Smith.
Share
