Steps 10-11: Sanctions screening
The sanctions screening requirement
All cross-border payments through Nexus will need to be screened by the PSPs involved in a payment against the sanctions lists that apply in their jurisdiction (‘sanctions screening’). In most cases, sanctions screening software used by the PSP will first compare the name of the Sender or Recipient and look for similar names on the sanctions lists. If a positive ‘hit’ is found, the software can use additional data, such as address, date and place of birth, or national identity number, to confirm whether the Sender or Recipient is actually the person on the sanctions list or just a similar name (a “false positive”).
FATF’s Recommendation 16 requires the following information to be included in cross-border payments:
For the Sender:
The name of account holder (Mandatory)
The account number
AT LEAST ONE OF THE FOLLOWING:
Address
Place and date of birth
National ID number or another unique customer identification number
For the Recipient:
Recipient (Beneficiary) Account Number
Recipient (Beneficiary) name
Additional requirements may apply in each jurisdiction. For example, a particular country might define the Creditor > Postal Address element to be mandatory.
Each IPS can define this required information in Nexus, through the Reference Data Service, so that it can be shared with PSPs.
The PSP should therefore ensure that all (pacs.008) payment instructions to Nexus include the Recipient’s name as a minimum. Failure to include this basic information will result in the payment failing the sanctions screening of PSPs and involved in the payment. Adding further information in addition to the name will reduce the likelihood of the payment triggered a false positive hit and being delayed.
Step 10: Review the data available for sanctions screening; ask the Sender for Recipient data if necessary
The PSP should now review the Creditors response to confirm whether:
Name is present (Nickname is not sufficient for sanctions screening)
At least one of the other data points specified in FAFT Recommendation 16 (see above) is present
If the Name element is blank, the PSP must display a form asking the Sender for the Recipient’s full name. (The Recipient’s name is required as a minimum, in line with FATF Recommendation 16.)
The PSP can display fields for them to enter the Recipient’s address. The PSP should check the information it received from GET /countries/{country_code}/upss to establish if these additional fields are mandatory in the Destination IPS.
Although the PSP could also ask for Date and Place of Birth and National Identity number, Recipients may be uncomfortable with sharing this information directly with the Sender. (In contrast, when the Destination PSP shares the information in response to an RFI request, the information is shared securely through Nexus and not shown to the Sender, except for the Name).
Step 11: Screen the payment against applicable sanctions lists
Before the PSP send the payment instruction the Source PSP will need to screen the Recipient against the sanctions lists applicable in the PSP’s jurisdiction. (It is assumed that the Sender will already have been screened by the Source PSP as part of the PSP’s regular KYC, AML and screening processes.)
(This step can be done later if the PSP's screening software requires a complete pacs.008 payment instruction.)
If the Destination PSP supports RFI, Nexus will already have issued an RFI to the Destination PSP during the POST /creditorrequests/ API process. So there is no need for the Source PSP to issue a further RFI to the Destination PSP at this point.
Last updated
