5 AML Watchlist Screening Best Practices

In brief: 

• Watchlist screening involves checking if businesses (including associated people or countries) are listed by governments or regulatory agencies as high-risk, including having conditions or prohibitions on dealing with them.
• Screening against watchlists such as INTERPOL’s Red Notices, OFAC’s sanctions list, and the FATF’s greylist & blacklist is important for both risk management and complying with AML/CFT laws.
• Other watchlist screening best practices include giving employees proper training, accounting for how data quality can affect screening, and conducting regular watchlist updates and customer re-screenings.

Businesses on sanctions lists and watchlists can be seriously risky for your company to form professional relationships with. Not only do they have a greater chance of targeting or exploiting you for crime, but associating with them at all can hurt your reputation, not to mention get you in dire trouble with financial regulators and law enforcement. These businesses — including any associated people and countries — should be approached with extreme caution, if not avoided altogether.

With thousands of watchlists in existence, though, which ones are relevant to you? Should you screen manually, use automated software, or utilize a combination of both? This article discusses answers to those questions, and describes other watchlist screening best practices.

By the end of this article, you’ll know which watchlists to screen and how to do it most effectively.

‍

Watchlist screening is a CDD function you have to perform when starting (and managing) relationships with businesses. It involves checking if a business (including an associated person or country) is on a watchlist and determining if a relationship with the business is high-risk or even illegal.

“Watchlist”, in an AML context, is a broad term. It encompasses any list published by a national or international regulatory body that denotes cautions, conditions, or prohibitions on dealing with particular individuals, groups, or territories.

‍

AML watchlist screening is important for two main reasons. The first reason concerns risk assessment and management. You need to know whether or not your customers (or their associated people or home countries) are on watchlists as part of building those customers’ risk profiles. This, in turn, helps you decide whether starting (or continuing) professional relationships with those customers is worth the risk.

The second reason concerns regulatory compliance. An entity on a sanctions watchlist is usually outright illegal to associate with, and entities on other watchlists may have strict conditions on associating with them. So you must be aware of — and abide by — these restrictions, or you could face fines, civil/criminal penalties, and reputational damage. 

Is watchlist screening required for compliance?

Yes, watchlist screening is a necessary compliance procedure for two main reasons.

The first reason is that most AML laws expect you to reasonably assess risks associated with business customers you onboard or manage. Accordingly, the potential presence of a business or related entity on a watchlist can be a major indicator of risk. You should subject all of your business customers (and their related entities) to at least some degree of watchlist screening.

Second, certain watchlists place conditions or prohibitions on dealing with specific entities. If you fail to follow these restrictions, you could be fined, face other substantial civil/criminal penalties, and have your reputation tarnished. Screening watchlists helps you avoid these unnecessary risks.

‍

Not all AML watchlists will be applicable to you, depending on what territory or industry your company is in. But there are also several watchlists that will be generally relevant, especially if you operate in multiple industries and/or have a multinational clientele. Examples include:

• INTERPOL’s Red Notices: The International Criminal Police Organization issues this list of individuals who are wanted by national law enforcement agencies, or by international tribunals, for various crimes.
• FBI’s Most Wanted lists: Lists of people sought by the US Federal Bureau of Investigation for various crimes, including terrorism, kidnapping, robbery, murder, child exploitation, and white-collar crimes.
• FATF’s JIM and HRJCA lists: The Financial Action Task Force’s “Jurisdictions under Increased Monitoring” and “High-Risk Jurisdictions subject to a Call for Action” are also commonly referred to as the “greylist” and “blacklist”, respectively. They denote countries that have substandard programs for combating money laundering, terrorism financing, and WMD proliferation financing. The “greylist” is for countries working with the FATF to strengthen their AML/CFT/CPF systems; the “blacklist” is for countries making little to no such effort.
• OFAC’s sanctions lists: The US Office of Foreign Assets Control publishes several watchlists of entities that have engaged in activities counter to US policy and security. The most well-known of these lists is the Specially Designated Nationals list, or SDN list.
• World Bank Listing of Debarred Entities: A list of individuals and firms that the World Bank has blocked from participating in projects it funds, or has applied other penalties to, due to prohibited conduct.
• UNSC Consolidated List: A consolidated list of all entities currently under sanctions regimes from the United Nations Security Council.
• BIS Lists of Parties of Concern: Watchlists from the US Bureau of Industry and Security that list entities subject to restrictions or prohibitions on the export, re-export, or in-country transfer of items from the US.

Now that you have an idea of some of the watchlists you have to screen, how do you actually go about doing so? We’ll explain in the next section.

‍

A simple way to check an AML watchlist is to go online, to the website of the government or other regulatory agency that issues the watchlist, and read the list. Many of these agencies post their watchlists online as public information, and often include some manner of search functionality to help you narrow down entity names and information faster.

The catch is you may have to do this for hundreds or even thousands of businesses (including the people involved with them and the countries they’re based in). In addition, you may have to check dozens or even hundreds of watchlists, depending on which jurisdictions and industries you serve.

An alternative is to use AML software, which can automatically check input data against several watchlists at once. However, even this isn’t a foolproof solution. Not all software will target all the watchlists relevant to you, or know how to handle information in different forms (e.g. spelling variations, typos, nicknames, abbreviations, and different alphabetical characters).

So which method of watchlist screening should you use? The next section offers a detailed breakdown of the options.

‍

AML watchlist monitoring is done one of two general ways: manually or automated. Here are the pros and cons of each, as well as a final word on which style to pick. 

Manual watchlist screening

Manual watchlist screening involves a risk team member (or members) checking entities one-by-one against various watchlists. The advantage of this method is that it saves on solution costs. However, that value is often lost in the increased labor costs of manual work.

A downside of manual screening is that it requires highly-trained and experienced risk team members who know which watchlists to screen and how to spot true positives. Also, if you have a lot of business customers to be checked, manual screening can prove prohibitively time-consuming and prone to human error. 

Automated watchlist screening 

Automated watchlist screening uses software tools to automatically match entity names and information against watchlists. The main advantage of automated screening is that, because it relies on computing, it’s able to process much more information much faster. It also cuts down on the possibility of human error.

With that said, automated screening can still miss watchlist matches — or even produce excessive false positives — if the underlying software isn’t programmed correctly. This can be easy to do, too, as the programming may need to consider a lot of contextual information (such as contractions, abbreviations, or alternate spellings) to get true matches while avoiding false ones. The software could also not even be screening the watchlists that are relevant to you.

Which one should I use?

Generally, manual screening works better at smaller companies with fewer clients. Investment in automated screening technology — and the employee training to use it properly — may not be worthwhile if you don’t have all that many customers to verify.

On the other hand, automatic screening is more suited to enterprise companies that operate in various sectors and locales. It can screen large volumes of clients against several watchlists in a short amount of time, and often with fewer errors. It may also have additional features that can better detect emerging threats.

That being said, AML watchlist screening solutions can take a significant load off of risk operations of all sizes, drastically reducing manual workloads, saving time on repetitive tasks, and increasing operational efficiency.

‍

Here are five other good guidelines to follow when setting up and running watchlist screening processes as part of business verification and KYB.

1. Select the appropriate watchlists

Picking which watchlists to screen against is a balancing act. On one hand, screening against too few (or the wrong ones) can result in missing relevant threats that can cost you in terms of reputation, criminal penalties, and other risks. On the other hand, screening too many can take up too much time and other resources, and increases the risk of false positives.

You should, of course, consider what industry (or industries) and geographical area (or areas) you operate in when selecting watchlists. Ensure the solution you use will allow you to monitor all the watchlists that are relevant to you. In some cases, it’s advantageous to have a solution that lets you select which watchlists you do and don’t want to monitor to ensure compliance while mitigating operational output.

2. Consider screening against other sources of risk-based information

Sanctions lists and other watchlists that forbid associations with other businesses (or at least place conditions on them) aren’t the only ones you need to pay attention to. Lists of politically exposed persons (PEPs) and even some news stories can foreshadow potential risks with a business, or at least someone associated with it. This is also one of the reasons why it’s important to find out who a business’s ultimate beneficial owners (UBOs) are.

Middesk’s new Enhanced Screenings add-on to our Business Verification suite can help with this. It expands our core service’s watchlist screening to include several additional national and state-level US watchlists. It also covers global watchlists like the EU Consolidated Financial Sanctions List, as well as watchlists of PEPs and their relatives & close associates (RCAs).

3. Be aware of data quality issues

Subpar data quality is something that can hamper manual watchlist screening, but it’s especially problematic for automated screening. Names of businesses and people can have many variations, including alternate spellings or spellings that use different alphabets. They could also use contractions, abbreviations, or acronyms. They could even simply have typos.

That’s why it’s important to have other identifying information about businesses (and their associated people): to tell which one is which, if their names are similar or are variants. Also, if you use automated watchlist screening software, be sure to look into how it handles non-standardized naming formats. Otherwise, you may end up flagging unrelated entities as false positives, while potentially missing entities you actually need to block. 

4. Utilize continuous updating and monitoring

As with many other business verification processes, watchlist screening isn’t a one-and-done deal. A business — or one of its associated people — may be added to (or removed from) a watchlist some time after the business is onboarded. This should prompt a review of the business’s risk profile.

Moving quickly to adjust a business customer’s risk profile — and take any necessary action — helps you avoid risk from non-compliance, reputational damage, or actions by the business itself. This requires retrieving new versions of watchlists on a regular basis, as well as checking your business customers (and their associated people) against these lists to see if they’ve been added or removed.

5. Comprehensively train risk team employees

In some respects, your watchlist screening program is only as good as the compliance team that runs it. This is especially true if you conduct all screening manually, but it remains true if your screening is mostly automated.

Compliance team members should understand how your screening system works, as well as what actions to take if it returns an alert. What type and degree of risk does the alert represent? Is it a true match or a false positive? Who should be notified if a case needs to be escalated? Everyone involved with watchlist screening should know the answers to these questions.

‍

Power up your AML watchlist screening with Middesk

Watchlist screening is a critical risk assessment process in business verification. Failing to avoid businesses — or people associated with them — on sanctions lists and other watchlists can potentially constitute a crime and land your company in serious legal trouble. It’s important to get watchlist screening right.

Middesk’s Business Verification solution helps with this by providing essential watchlist coverage for the US’s OFAC, BIS, and State Department. Our Enhanced Screenings add-on expands this coverage to other US watchlists, prominent international watchlists (EU Consolidated Financial Sanctions List, UNSC Consolidated List, Interpol Red Notices, and more), PEP & RCA databases, and adverse media coverage.

The more data you have, the more signals you have at your disposal to assess risk associated with your B2B relationships. For more information, contact our sales team.