Bridging the gap between business and IT SQA – Screening

Screening

Screening - Lists

What Lists Do I Use

Local Asset Freeze Lists: EU List HMT Asset Freeze (NI)

Extra-Territorial Lists: OFAC SDN OFAC Consolidated

Additional Risk Lists: UN CIAC UK Proscribed Terror List Section 311 AML List US Export Control Lists Dual Use Goods list Private Lists Terrorist Lists

Samantha Lewthaite

How do I get Sanctions Lists

Consolidated List

List Vendors Take the notices from regulators and combine to create profiles across regulators.

Direct Take consolidated lists

from regulators and format them for your own

matching engines.

Banks Can choose to get lists however they like.

Some get all of their lists directly.

Some get all of their lists from a vendor Some choose on a list by list basis.

What Types of Names - OFAC

8,109 Individuals

5,642 Organisations 77 Vessels

101 Planes

How Many Names are on These Lists?

4,995 names.

4,895 names.

10,369 names.

13,929 names.

Screening - Activity

What Do I Screen My Business

Payments

Cross Border

Domestic

Charity

Customers

Personal Customers

Business Customers

Their Controllers

Their Subsidiaries

Their Activity

Relationships

Employees

Directors

Correspondents

Suppliers

Contractors

Operations

Trade Finance

Asset Finance

What are the pitfalls • Data Quality • Screening throughout the relationship • Monitoring your business customers

Screening - CTRP

Targeted Sanctions

Comprehensive Sanctions

Fines Comprehensive vs Targeted

$-

$100,000,000

$200,000,000

$300,000,000

$400,000,000

$500,000,000

$600,000,000

$700,000,000

$800,000,000

$900,000,000

OFAC Fines since 2003 by Program

What Do I Screen Against

Country Name: Syria

Cities Towns Regions Ports: Aleppo Damascus Homs

Non-English Names:

알레포 アレッポ อะเลปโป Alep ܒ

Alèp Alepas Alepo Aleppo Aleppó Aleppu Beroea Halab Haleba Halep Heleb Hələb Xalab

Screening - Matching

Screening - Scenarios

Osama bin Laden Osama bin Mohammed bin Awad bin Laden

أسامة بن محمد بن عوض بن الدن

O bin-Laden

Osama bin Lasden

Усама бен Ладен Osama ibn Laden

Screening – False Positives

75 80

85

90

95

100

Stro

ng F

uzzy

M

atch

ing

Low False Positive Rate

Screening – Cycle of Doom Lower Fuzzy

Threshold

Get more Alerts

Hire Bigger Team

Worry

Fuzzy matching will never capture everything that you would ideally like. A compromise has to be found that suits your risk. If you let things outside of your risk appetite influence your fuzzy matching threshold, then you will spiral out of control.

Screening - Investigation

Screening – Investigation Chances The SQA Scale of Relative Probability

Screening – Investigation Model Decision Making

Investigative Elimination

Process Elimination

Automated Elimination

So what could possibly go wrong?

There have been some big fines

OFAC have been handing out massive fines, particularly to European Banks

Don’t Ignore The Evidence

On December 9 2010, January 7 2011, and April 7 2011, HSBC US processed payments of $11,492.86, $14,963.25, and $13,709.96 to an SDN: Husayn Tajideen. Although HSBC identified the names in the SWIFT Payments initially, and blocked the payments pending an investigation, the results of the investigation (SWIFT 195/196 messages) were not screened. The payments were released because the evidence gathered was ignored. OFAC fined HSBC $32,400

If Its Broke – Fix It, and be quick about it.

Bank of America, N.A. (Bank of America) has agreed to remit $16,562,700 to settle potential civil liability for 213 apparent violations. Between September 10, 2005 and March 31, 2009, Bank of America processed 208 transactions totalling approximately $91,192 on behalf of, and failed to properly block five accounts owned by, 10 individuals whom OFAC had previously added to its List of Specially Designated Nationals and Blocked Persons (SDN List). Bank of America demonstrated reckless disregard for U.S. sanctions requirements by failing for more than two years to adequately address a known deficiency in its OFAC screening tool that prevented the bank from identifying potential matches to individuals with multiple or multi-part last names on the SDN List; as early as October 2006, at least one official in Bank of America’s office responsible for OFAC compliance was aware of the deficiency, but the bank did not resolve the deficiency until February 2009.

When is Fuzzy not Fuzzy Enough

In 2009 CITI processed a payment for: Higher Institute for Applied Science and Technology The SDN List contains the entry: Higher Institute of Applied Science and Technology CITI subsequently improved their screening so that this case would be found if it was processed again. There were four other such instances of the filter failing to catch other non-exact names, but unfortunately these are not listed by OFAC. CITI were fined $217,841, this was considered non egregious partly because other correspondent banks blocked the payments.

Look at the Whole Case

On March 11, 2009, Deutsche rejected rather than blocked a $10,000 funds transfer originated by Intercontinental Bank Plc, Lagos, Nigeria, on behalf of Amsergs Nigeria Ltd., destined for the account of Chahar Mahal va Bakhtiary Yeast Co., Isfahan, Iran, at the Export Development Bank of Iran (“EDBI”). OFAC has designated EDBI as an SDN. Deutsche’s screening stopped the transaction for review due to a number of potential matches, including to Iran and to EDBI. A total of seven Deutsche employees, including a senior member of the review team who was the final reviewer for escalated OFAC matters, reviewed this transaction and failed to notice the reference to EDBI in the payment. Deutsche settled for $18,000.

Inglehart – Welzel cultural map of the World