Client Screening: First Line of Defense Against Money Laundering

AMLYZE
Author
AMLYZE
Published
Nov 20, 2024
Client screening

Financial institutions and other obliged entities must be vigilant in screening their clients, particularly during onboarding and throughout their business relationship.

That is why client screening is a crucial tool in ensuring regulatory compliance and mitigating the risks posed by money laundering, terrorism financing, and other illicit activities.

We will take a deep dive into this topic to help you understand the essence of client screening.

What is client screening

Client screening involves assessing client data against various watchlists to help financial institutions and designated non-financial businesses and professions (DNFBPs) identify high-risk individuals and entities before engaging in business transactions with them. This practice is widely used to ensure compliance with international sanctions but extends beyond sanctions screening, depending heavily on the datasets used as primary sources. These datasets may also include politically exposed person (PEP) lists, internal watchlists or blacklists, and lists published by law enforcement or regulatory agencies.

By conducting client screening, organizations can identify customers whose activities should be restricted due to international sanctions, as well as politically exposed persons (PEPs), or those flagged in negative media reports or other watchlists. This process ensures that businesses do not unknowingly facilitate illegal activities and enables them to apply enhanced customer due diligence when necessary. To quote the global standard setter Wolfsberg group, “screening should be undertaken as part of an effective Financial Crime Compliance (FCC) programme.

Key components of client screening

The company should first identify and assess its financial crime risks. It must then implement a client screening program aligned with its nature, size, and complexity. Effective client screening consists of several key components which are described here below. While all of those screening elements are mandatory for effective compliance, the depth of data sources on which those elements are based might differ in width as well as in quality.
Sources for effective screening
Sources for effective screening

1. Sanctions list screening

Decision-making bodies such as the United Nations Security Council (UNSC), European Union Council (EUC), and the Office of Foreign Assets Control (OFAC) regularly review international sanctions regimes. They also update designated persons lists as part of their mandate to impose sanctions aimed at maintaining or restoring international peace and security, among other objectives. Screening clients against these lists is the first line of defense in protecting a company’s integrity. And also ensuring compliance with international regulations. There is no question that this element is mandatory. However, the question arises as to whether an EU company should comply with the US sanctions list, given the well-known fact that the US often applies extraterritorial secondary sanctions. This is where a risk-based approach comes into play.

The Wolfsberg Group recommends considering specific factors when assessing sanctions risks. For compliance officers these are such a well-known considerations that even if woken in the middle of the night, they could easily recite risk factors such as:

  • The jurisdictions where the company is located
  • What clients the FI has – geographically-wise, where those customers are located and what business they undertake 
  • The volume of transactions and distribution channels
  • What products and services the company offers and whether those products represent a heightened sanctions risk

Related article to read: 

Sanctions Screening Process: Best Practices

2. Politically Exposed Persons (PEP) screening

PEPs are individuals who hold prominent public positions, and their relationships can pose higher risks of corruption or money laundering. An effective screening system flags PEPs. This allows businesses to implement additional scrutiny and risk mitigation measures. It also ensures compliance with enhanced client due diligence requirements defined by regulations.

Related article to read: 

Navigating the PEP Screening Landscape: an Effective Approach

3. Adverse media screening

Beyond formal sanctions lists and PEP databases, other open sources can provide valuable insights into potential risk indicators. Adverse media, or negative news coverage, can uncover vital details about individuals. Or about groups linked to financial crimes, extremism, or terrorism. Conducting media screening allows organizations to proactively identify potential risks and flag them for further in-depth investigation.

Related article to read: 

Importance of Adverse Media Screening

4. Other lists

Custom lists, such as “watchlists” or “greylists,” are maintained by financial institutions or DNFBPs. These lists identify individuals, entities, or accounts flagged as high-risk or linked to suspicious activity. They can also serve as datasets for client screening purposes. These lists form part of a company’s broader risk management and compliance framework. They are used alongside external watchlists, like international sanctions or PEPs datasets, to enhance screening effectiveness.

Challenges for client screening

If you think of screening as merely a name-matching process, think again. Effective screening involves a complex set of processes where data from multiple, often disparate, technology systems and lists is integrated and compared using sophisticated matching algorithms and rules for risk-based alert generation.

Organizations that rely on screening providers face several core challenges, which are described below.

  • Data quality

This extends beyond the quality of data inputs. Screening engines often require data from diverse systems, which can create performance issues if data quality and consistency aren’t maintained. Altogether, ensuring that datasets are accurate, complete, and frequently updated is essential for reliable screening. This requires substantial analytical work. Take few examples to better understand the complexity. 

Machine-readable sanctions lists are not promptly updated by regulatory bodies. The European Union has sometimes delayed updating machine-readable, consolidated sanctions lists for days or even weeks after designating a new entity. This necessitates direct data extraction from official regulations. Dataset providers must promptly extract and update information from these primary sources upon designation. With the new SEPA Instant Payments Regulation in the EU, timely updates are crucial to meet the regulation’s stringent requirements.

Another challenge arises in interpreting media sources accurately. For example, consider a media article mentioning Person X (a judge) and Person Y (a convicted fraudster). How should the adverse media dataset categorize these individuals? Should both be included, or only the individual with direct involvement in the fraud? Addressing such nuances often requires additional analytical research to avoid inaccuracies and ensure that only relevant individuals are flagged in the screening results.

  • Algorithm effectiveness and efficiency

Screening algorithms must balance effectiveness in detecting risks with efficiency to minimize false positives. Consistency in reducing false positives while maintaining accurate detection is critical to ensure resources aren’t wasted on irrelevant alerts. This involves complex tasks of name normalization, removing of separators, numeric symbols, aligning letters, filtering and fuzzy-matching algorithms, suppression of false positives etc.

Inconsistent or poor-quality data from internal systems or external providers can lead to inaccurate screening results. Improper parameterization of the screening engine further increases the risk of errors. These issues may result in overlooked risks or excessive false positives, undermining the screening process’s effectiveness. Additionally, malicious individuals may manipulate data to evade detection. They might alter or misspell names or use complex structures to hide identities. Screening systems must be robust enough to minimize the risk of undetected threats. However, they must work in conjunction with other compliance measures, including thorough client due diligence, to effectively manage risks.

Excessive false positives can overwhelm compliance teams, reducing their efficiency and increasing operational costs. Striking a balance between thoroughness and accuracy is crucial for an effective system.

Best practices for effective client screening

Incorporate universally recognized best practices for effective customer screening into compliance processes.

1. Integrate screening into the onboarding process

Screening should begin as soon as a customer relationship is initiated. By integrating screening into onboarding, organizations can identify risks early, avoid international sanctions breaches and to apply customer enhanced due diligence measures in a timely manner.

2. Tailor screening to associated risks

Most regulators take the position that a risk-based approach is not applicable to international sanctions detection. However, we contend that there is always room for such an approach, as outlined in the  Wolfsberg Guidance on Sanctions Screening. While it is essential that all customers should be subjected to screening  against the relevant sanctions lists, the detection algorithm’s parameters can be calibrated according to the organization’s risk exposure. However, the parametrisation of the detection algorithm might be calibrated based on the risks the organization is exposed to. 

Certain low-risk entities, like national governmental institutions (e.g., tax authorities or central banks), may be whitelisted and excluded from screening. For higher-risk customer categories, such as those in certain geographies, organizations may apply more conservative screening parameters. This approach can increase false positives but helps reduce the risk of undetected exposure to international sanctions.

3. Tailor intensity of screening 

Daily customer screening is essential for sanctions compliance, especially following any new sanctions updates. However, politically exposed persons (PEP) and adverse media screening can be managed with a more moderate approach, often conducted periodically rather than daily. Building on this, screening intensity can also be tailored based on customer risk categories. For example, higher-risk customers may warrant more frequent and rigorous adverse media screening.

4. Integrate screening results with related processes

Confirmed (or positive) hits across different lists can lead to varying compliance actions. For instance, positive hits in sanctions screening may require asset freezes, while PEP hits might trigger enhanced due diligence, and adverse media or custom list hits could prompt adjustments in risk scoring. Linking client screening results to relevant processes is essential for regulatory compliance and ensures seamless integration across workflows. This alignment enables more informed decision-making about customer relationships.

Step by step guide to client screening

By following market practice and regulatory guidance, we propose a step-by-step guide on how client screening should be conducted.

Guide to client screening
Guide to client screening

 

Define screening scope

Establish the types of risks and lists to be screened, including sanctions lists, PEP lists, and adverse media sources. Institutions should determine which customer categories and transaction types need screening based on risk assessment.

Data collection and accuracy

Gather accurate, up-to-date information about customers, and related parties (representatives, beneficial owners, management, counterparties etc.). The quality of screening results depends heavily on the completeness and accuracy of this data.

List management and updates

Regularly update datasets to maintain their accuracy. Sanctions lists must always reflect the latest regulatory changes.

Screening frequency

Determine the appropriate frequency for each type of screening. Sanctions lists typically require daily screening, while PEP and adverse media screening may be periodic, with adjustments based on customer risk level.

Automated screening systems

Use automated screening tools to match customer data against the defined lists. The system should flag potential matches (hits) for further review, with customization for different risk levels and customer categories.

Review and escalation of hits

Investigate potential matches to confirm whether they are true positives or false positives. This step may involve manual review by compliance teams, especially for high-risk or complex cases.

Compliance action based on match type

Develop specific actions based on the type of confirmed match:

  • Sanctions Match: May require immediate action, such as asset freezes or reporting to authorities.
  • PEP Match: Often prompts enhanced due diligence measures.
  • Adverse Media Match: May lead to changes in risk scoring or require ongoing monitoring.

Document and record decisions

Maintain thorough documentation of each decision, including the rationale for confirming or dismissing matches, as well as any compliance actions taken. This documentation is crucial for audits and regulatory reviews.

Periodic process review and improvement

Regularly evaluate the effectiveness of the screening process, refining it as necessary to adapt to evolving regulatory expectations and risk factors.

Measuring effectiveness and efficiency of client screening

If you want to measure the client screening process, there are two definitions you should care about – effectiveness and efficiency. It is important to balance both in order for you not to have an inadequate number of false positives while at the same time staying compliant with regulatory requirements.

Effectiveness is the term that describes how accurately the sanctions screening solution identifies similarities between the lists provided and the data screened. To illustrate, if the sanctioned individual is ‘John Doe Smith’, will the system recognize the similarity and match him with ‘John Smith’, the latter being the company’s customer?

In other words, the effectiveness rate shows the percentage of actual positives that are correctly identified or ‘hit’ by a screening test out of all (e.g., sanctioned persons) present in the population. It represents the accuracy of the screening process in detecting the true positives.

For instance, if a screening test identifies 80 out of 100 individuals/entities who are actually sanctioned, the hit rate or true positive rate would be 80%. This metric is crucial in evaluating how well a screening solution performs in correctly identifying individuals within the sanction lists.

While efficiency is the term that describes how well the sanctions screening solution discards obvious mismatches and moves on to potentially matching records. For example, if the sanctioned person is ‘John Doe Smith’, will the system discard a mismatch of ‘Jane Deed Smile’?

Related article to read:
10x improvement in sanctions screening: VIALET case

Client screening vs. payment screening

You may be wondering about the main difference between client screening and payment screening. Simply put, the core difference is in the definition itself: client screening involves screening the client at a pre-defined frequency, while payment screening involves screening the counterparty before a transaction is executed.

Both customer and payment screening are essential for protecting financial institutions from illicit activity. Although both aim to prevent financial crime, they occur at different stages. Client screening is conducted even when no transactions are taking place, whereas transaction screening is only initiated when a funds transfer (or another type of transaction) is in progress.

Related article to read:
The Heart of Transaction Screening: Understanding Its Role and Relation to Monitoring

Client screening with AMLYZE

Our advanced client screening solution is designed to optimize risk assessment through automation and precision. 

With a system that checks against global sanctions, PEP databases, negative media reports, and watchlists, we enable your organization to efficiently screen clients during onboarding and periodically. 

Powered by machine learning and leveraging over 40 unique parameters, our tool ensures accurate results, significantly reducing false positives to just 0.2%. 

Reasons to choose AMLYZE
Reasons to choose AMLYZE


With screening completed in as little as 130 milliseconds, our solution is not only thorough but also fast, integrating seamlessly with customer risk scoring to provide a complete compliance solution tailored to your needs.

Latin-based, Russian and Greek languages are supported by the algorithm. The algorithm can effectively translate and compare if required. Other languages have limited support and are dependent on data providers. 

To meet regulatory expectations, AMLYZE helps you screen customers at onboarding and periodically with your chosen data provider. Take a closer look at our client screening solution here.

About the author

AMLYZE
Author
AMLYZE
AMLYZE is a fully automated service created for the financial sector and businesses that are obliged to comply with AML/CFT regulations.

Related

What is AML
Blog

What is Money Laundering? A Quick Explanation

Explanation of money laundering and history of it, the most common techniques used and the impact it has on the economy.
by Mažvydas Miliauskas, CAMS
11 min read