The sanctions screening process

The process of sanctions screening is simple in theory and difficult in practice. The first step is to compare the full name of the Sender or Recipient against the names of all the people and entities on the sanctions lists. In theory, this just a comparison between two strings of text, but reality is more challenging:
“While this concept sounds simple, it can be complex when it comes to determining what actually constitutes a “true match” across a range of variables such as alphabets, languages, cultures, spelling, abbreviations, acronyms and aliases. When screening is automated, additional complexities are introduced such as “fuzzy matching” algorithms, workflows and match rules.” (See Wolfsberg Group Guidance on Sanctions Screening)
Banks are generally not permitted to use a simple “100% match”, because this would make it too easy for sanctioned individuals to sidestep the sanctions controls, for example by misspelling one character, changing the order of names, or using initials instead of names. Instead, banks use “fuzzy logic matching”, which compares how close the two names are to ensure that similar names still trigger alerts. For example, if there is an international terrorist called “Jonathan Smith”, payments to “Jon Smith” or “Johnathan Smith” may also be flagged because they may be attempts to pay the person on the sanctions list. Sophisticated screening software may also compare names that “sound like” other names and will be aware of common nicknames for formal names (eg Robert is often shortened to Bob).
Where the screening process finds a potential match, the screening software will trigger an “alert”. The bank can then use further information about the Sender or Recipient to establish if the alert is a “false” match or “true” match. A false match occurs where the names are similar, but the Sender/Recipient is not the actual sanctioned person or entity. For example, “John Smith”, born in 1999, is likely to be a different person to “Jonathan Smith” born in 1958.
As defined by FATF Recommendation 16, additional information that can be used to eliminate false matches includes:
  • Postal address
  • Date and place of birth
  • A national ID number or other unique identifier
If this information is already included in the payment instruction, the bank’s sanction screening software may be able to confirm that the alert is a false match and approve the payment to go through.
In more complex cases, alerts require manual intervention – a review by a member of staff who will make a judgement on whether the intended Sender/Recipient is the person on the sanctions list, based on the information they have available. The member of staff may also request further information from the other bank, in a Request-for-Information process. These RFIs will be received by the other bank’s compliance department, where they wait for a member of staff to find and provide the further information. On average, in traditional cross-border payments, an alert against the sanctions list will lead to a delay of up to 24 hours whilst the payment is manually reviewed. (Source: Lexis Nexis, KYC & Sanctions Remediation).