How to increase the effectiveness of your Client Screening Programme

By Rupert de Ruig, Managing Director Risk & Compliance, Dow Jones

Anti-money laundering (AML) & Counter-Terrorism Financing (CTF) screening – the systematic checking of client identity details against a commercial database of names to identify risk is a simple enough task in theory.

However, the impact of an ineffective solution can cripple anti-money laundering control and lead to spiralling cost and reputation damage. Rupert de Ruig, Managing Director of Dow Jones Risk & Compliance, examines how today’s anti-money laundering and compliance officers, and industry vendors must embrace a “one step at a time” philosophy as a practical solution to the huge challenges posed by commercial watch list screening.

Anti-money laundering (AML) & Counter-Terrorism Financing (CTF) screening – the systematic checking of client identity details against a commercial database of names to identify risk is a simple enough task in theory. However, the impact of an ineffective solution can cripple anti-money laundering control and lead to spiralling cost and reputation damage. Rupert de Ruig, Managing Director of Dow Jones Risk & Compliance, examines how today’s anti-money laundering and compliance officers, and industry vendors must embrace a “one step at a time” philosophy as a practical solution to the huge challenges posed by commercial watch list screening.

Rupert de Ruig’s Client Screening white paper can be downloaded at: www.solutions.dowjones.com/watchlist/successfulscreening.

Money laundering regulation around the world, including the 3rd EU Money Laundering Directive (3rd EU MLD), requires that financial institutions have an efficient, risk-based Know Your Customer (KYC) programme in place in order to better understand the true background and risk posed by their existing and prospective customers. The consequences of doing business with the wrong person can be severe and include legal proceedings, significant financial penalties and irreparable damage to corporate reputation. In some jurisdictions the stakes are rising even higher as authorities are pursuing senior executives at firms caught up in money laundering investigations who now face a very real threat of large fines and even prison terms if their AML compliance programmes are found to be sub-standard.
   
In order to comply with the 3rd EU MLD and effectively protect themselves from risk, financial institutions are obliged to identify Politically Exposed Persons (PEPs), along with their relatives and close associates, amongst their existing and prospective customers.  PEPs, by the nature of their position and authority, can access and move around very substantial funds and in some cases may abuse this position for their personal gain, or for that of their family or other close associates. Of course, the vast majority of PEPs are not corrupt, and are in fact potentially very desirable and valuable customers for financial institutions. Nevertheless, in recent years there has been a noticeable shift in attitude towards the task of identifying and monitoring these customers. 

In the past, financial institutions may have felt it sufficient to demonstrate the minimum necessary level of compliance when it came to PEP identification. As long as they were ticking the right boxes to keep regulators happy, their job was done. A few years on, and as regulations tighten and high profile investigations involving corrupt senior politicians continue, attitudes have changed. The impact of money laundering and corruption is better understood today and the public’s tolerance of these crimes is at an all time low. Additionally, whilst notoriously difficult to detect, improving “Know Your Customer” standards also make things harder for terrorist groups and other organised criminal gangs that rely heavily on fraud and money laundering to carry out their activities. Certainly managing this risk is the #1 objective.

The importance of client screening is therefore clear, but many organisations are still struggling to put in place an effective, robust and scalable programme. The key to success is to break down this significant challenge into smaller, more manageable steps, and I will outline eight key steps below.

Using a Selective PEP Definition by Job Role

A common frustration within regulated institutions is the lack of a globally recognised PEP definition is severely impacting the effectiveness of their client screening procedures.  According to the Financial Action Task Force (FATF):

“PEPs are individuals who are or have been entrusted with prominent public functions in foreign country, for example Heads of State or of government, senior politicians, senior government, judicial or military officials, senior executives of state owned corporations, important political party officials… The definition is not intended to cover middle ranking or more junior individuals in the foregoing categories”. 

Whilst this is a valuable guide for a regulator, as the text provides a “catch-all”, it is useless to regulated firms as it does not provide the clear guidance required and is open to interpretation. However the risk-based philosophy within the 3rd EU MLD enables firms to manage this challenge by creating their own definition based on risk factors such as jurisdiction, product, and customers.

Another key challenge facing institutions is where to draw the line in terms of seniority.  Risk-adverse organisations that set the bar too low risk bringing their client screening programmes to a grinding halt and checking against hundreds and hundreds of thousands of PEPs. Setting the bar too high may let risky PEPs slip through the net. Again a risk-based Approach has a significant role to play here and you should understand where your commercial PEP list provider draws the line.

PEP screening therefore will generate significant workload and “hits” will in the vast majority of cases turn out to be “false positives”. Once hits are generated however these must be investigated, a time consuming task for already over-stretched compliance departments. By focusing at the senior level and segmenting a PEP list according to job role, an organisation can dramatically cut down on matches and dramatically increase the efficiency of their client screening programme and ensure they can consider their customers as an opportunity for growth rather than a threat to their business.

Incorporating Country and Relationship Risk

There are two factors here which can help an organisation reduce the number of names they need to screen against, again helping to reduce false positives. Adjusting their PEP definition according to country risk or the type of product/service involved is an effective way for organisations to mitigate risk whilst ensuring continued efficiency.

For example, when screening customers in low-risk countries where corruption is not a significant issue, a narrow PEP definition can be used. When screening customers in countries known for high-levels of corruption this definition can be widened. The same process can be used for high-risk versus low-risk products or services. In this way, AML professionals are able to spend their time reviewing and eliminating the matches that potentially pose the highest levels of risk.

The Transparency International Corruption Perceptions Index is an excellent source of country risk information (http://www.transparency.org/news_room/in_focus/2008/cpi2008).

Excluding Domestic PEPs

Almost all AML regulation globally specifies that domestic PEPs need not be treated as PEPs, and organisations can therefore decide not to screen against these names altogether.  Of course, this will largely depend on an organisations risk-appetite but being able to segment and remove this PEP category from the screening process will dramatically reduce the number of hits generated.

Focus on Senior PEPs

Despite the lack of a globally recognised PEP definition, regulators all agree that senior PEPs are where organisations should be focusing their efforts. In May 2008, the highly respected Wolfsberg Group (http://www.wolfsberg-principles.com/) updated their PEP FAQs to emphasise just this, stating that,

“Whilst all holders of public function are exposed to the possibility of corruption or the abuse of their position to a certain degree, those holding senior, prominent or important positions with substantial authority over policy, operations or the allocation of government-owned resources have much more influence and therefore normally pose greater risks for an Institution and should accordingly be categorised as PEPs for purposes of control or oversight frameworks.”

In accordance with this guidance, organisations seeking to improve the efficiency and effectiveness of their client screening programme should ensure that their commercial PEP list is only focused on senior PEPs. Vendors who grow their lists unnecessarily by adding in middle and junior ranking PEPs are only creating more work for their customers.  Before purchasing a commercial list it is critical to understand the PEP definition used by a provider, and to statistically test a list for the quality and scope of its data.

Culling ex-PEPs

A very common question from regulated institutions is “When does a PEP stop being a PEP?” According to the 3rd EU MLD, on a risk-sensitive basis, a PEP can stop being treated as a PEP a year after leaving office.

Ex-PEPs continue to be a risk as a corrupt one will still have their ill-gotten gains and need banks and other regulated firms to enjoy their wealth. So whilst the regulation might mean they are no longer a legal risk, they can still pose a reputational one. 

Setting internal risk-based guidelines for when to stop treating an individual as a PEP will help to reduce the number of names to be screened against so this provision in the 3rd AML directive is valuable. Regulated firms should implement a policy that ensures more prominent PEPs, such as Heads of State, their relatives and close associates, are monitored well beyond the lifetime of that PEP, whereas less powerful job role categories from regions of low corruption can be considered low risk.

Selecting Sanctions and other Official Lists in line with Risk

Commercial PEP list providers include government sanctions lists and other official lists in their databases to ensure they are offering customers a comprehensive risk management service. Some of these lists contain tens of thousands of entries and by eliminating irrelevant lists from the screening process an organisation will realise significant efficiency gains by reducing the number of hits, and therefore false positives.

Many organisations will choose to screen against all sanction lists regardless of which jurisdictions they apply to, as they will want to avoid doing business with sanctioned individuals at all costs. However, many other official lists, for example local ‘most wanted lists’, can be safely be omitted, or given much lower priority, if they do not match an organisation’s risk profile.

Using a Risk-Based Name Matching Tolerance

Names are the primary identifiers used in client screening, however, they are also imperfect identifiers. Most sanctions and official lists are in roman script and will use translated or transliterated versions of Chinese, Arabic and other names from their original script, which can often change a name affect the ability to accurately match names.  Another issue is name order or name inversion. In Hungary, for example, surnames come before first names and can again pose problems for name matching.

The effective use of name-matching software will allow organisations to look for close matches as well as exact matches to minimise the risk of letting people slip through the net because of a slight variation in the spelling of their name. Organisations can set their own rules for what level of variation constitutes a hit, and these rules can be adjusted according to perceived risk. So for low-risk countries an organisation may choose to define hits only as exact matches or those with a very low level of variation whereas in high-risk countries a higher level of variation may be permitted.

Applying High Data Standards

Commercial PEP list providers make every effort to include as much additional information in their PEP profiles to help organisations cope with the false positive challenge. This includes adding in name in original script, aliases, date of birth, middle initial, citizenship and other secondary identifiers which reduce the reliance on names, which we already know are imperfect identifiers. However, these additional identifiers can only be taken advantage of if a customer’s data is clean, accurate and complete.

When on-boarding customers collecting and storing as much additional information as possible in a way which allows it to be used in screening software will significantly reduce the number of hits generated, and in turn ensure an effective and efficient customer screening programme.

In summary, whilst screening for PEPs is a significant challenge, it is essential to have in place client screening programme that not only satisfies the regulators, but also proactively contributes to the global fight against corruption. The key achieving this is, firstly, to fully understand your organisation’s risk profile and appetite, along with the resources available.  Once these are established any combination of the eight steps outlined above can be followed to put in place a robust, sustainable and cost-efficient client screening programme.

For my white paper providing additional information on these steps please visit:
www.solutions.dowjones.com/watchlist/successfulscreening.