4. Robust internal list management controls
Internal lists are used industry-wide to identify individuals outside of risk appetite and manage alert volumes for regular false matches. The ongoing management of these internal lists, however, has proven to be problematic. There are ever-increasing list additions, often with a lack of rationale as to why the entry was added, how or when it can be removed, or how it should be actioned if a true match is identified.
The use of technology, whether it be a designated case management system or a workflow tool, is a key element in ensuring better practice for ongoing list management. Moving away from email approvals and countless unmanaged spreadsheets throughout the firm is key to achieving effective internal list management. A centralized, single source of internal lists, with enforced capturing of rationale, approval processes and regular reviews to ensure list currency, will ensure a healthier, auditable function.
Rohan Basu, Senior Manager, Financial Intelligence Unit at TSB Bank, clarifies the historical challenge of internal list management and how technology can treat the problem.
Historically, organizations have used their internal lists (particularly blacklists) to add on any suspicions or customers they want to track without applying a level of rigor or oversight. It has often involved non-sanctions or even non-Financial Crime staff adding list entries for a variety of reasons that are not documented or controlled. Technology can be a simple way to resolve a future manual tick-back exercise or a lapse in governance by building tools and controls with a centralized workflow, approval process and automated audit trail.
5. A defined policy, standard and screening risk appetite
Third-party list providers are often comprehensive in the breadth of their offerings; however, they provide little guidance on what specific watch lists FIs should screen against. Ultimately, the decision is a choice only the FI can make, usually influenced by its geographical exposure, countries they interact with and customer demographic.
Effective list management is dependent on an enforced policy. A clearly defined global sanctions policy should determine which lists are screened against at a minimum across the group, with local addenda providing additional requirements on a case-by-case basis. This allows not only effective documentation of screening risk appetite but also the rationalization of lists that fall out of scope, thereby ensuring the generation of relevant alerts.
6. PEP and relative or close associate definition and list rationalization
The rationalization of lists is as relevant for PEPs as it is for sanctions. A clear internal definition of a PEP and what constitutes a relevant relative or close associate (RCA) is crucial in managing alert volumes by removing list entries that fall outside of this scope.
There are multiple ways of tackling this task – from the broad stroke removal of whole sub-categories of PEP from the list being consumed to using advanced technologies such as natural language processing (NLP) to identify and categorize key words within the records information. NLP presents a unique opportunity to extract maximum insight from free text fields in lists – information often ignored by many screening engines. This unstructured data often provides context to a PEP’s status and identity, including approximate age, role history and description of connections to other named entities, strengthening any judgement on whether a given entity falls inside or out of risk appetite.
Jeremy Round, Managing Director, SQA Consulting, provides further insight into how the EU’s Fifth Money Laundering Directive may further affect this issue.