Regulators want to see financial institutions both demonstrate their ability to manage lists and to provide a documented process around this. Watchlist management technology must keep up.
The financial industry is facing increasing regulatory demands for assurance around watchlist management and sanctions screening. At first glance this might seem fairly straightforward, but for FIs operating across geographies or multiple lines of business it can quickly become complex. Moreover, for a typical organization screening multiple lists—say, an official list such as OFAC or HMT, profile-based datasets like World-Check, as well as adverse media or open source intelligence (OSINT)—the complexity of documenting and being able to demonstrate compliance with list management requirements increases further.
First, the burden of watchlist screening is increasing due to the volume and frequency with which banks are expected to update their lists. Various factors are at play here, including geopolitical drivers, frequent updates of lists and the need to screen more data. The Ukraine-Russia conflict has resulted in thousands of new entries—including vessels and aircraft in addition to individual and legal entities— being added to OFAC and other government watchlists. Regulators expect banks to ensure their reference data reflect the latest updates to watchlists, and lists can be updated at any time. OFAC in particular has signalled this responsibility by bringing actions against banks for failing to detect newly sanctioned entities because they did not update their reference lists in a timely manner—by which regulators seem to mean list updates on an intraday basis.
Second, governance of watchlist data and compliance decisions is more complex and potentially more sensitive than ever before. Firms need to navigate between the availability of grey zone open source intelligence like the Panama and Paradise Papers, rights and regulations around data privacy, and discretionary internal policies. The recent blowup around Nigel Farage’s bank account closure in the UK underlines the potential risk to a bank’s reputation when governance falters. In response to the incident, regulators have been stressing the need for a prudent risk- based approach in managing politically exposed persons (PEPs). There also appears to be a de facto freeze on the de- banking of domestic PEPs. While any banker in the UK would be familiar with Mr. Farage, governance around data, screening and reviews is essential to supporting justifiable risk decisions concerning less prominent individuals and businesses.
Third, the digital financial services revolution is bringing new watchlist screening use cases to the fore. Increasingly complex, high volume and fast transactional environments are all leading to increased regulatory demands for assurance around screening processes. Digital onboarding, which is the main focus of financial services in many markets today, essentially requires more automation in screening. Digital financial services, alternative payments and faster payments also require greater scalability and faster processing speeds for screening. The volumes that can occur in these digital environments make it all the more important, from the watchlist management perspective, that
the lists being used are up to date and thorough, have no gaps and are managed properly to handle the use case or payments scenario at issue.
Fourth, the move to an event-based monitoring approach to customer screening (perpetual KYC) is another driver that will increase the need for more robust processes in watchlist management. An increasing number of banks are looking at using adverse media in a very proactive manner to support event-driven monitoring. Moreover, event triggers are no longer limited to appearing in a sanctions or PEPs list. Regulators are increasingly calling on FIs to be on the lookout for other indications of risk, such as predicate money laundering offenses or other indications of risk for entities that have not yet appeared on official sanctions lists. Predicate offenses, which may involve criminal activity such as smuggling as well as social and governance-related offenses, are more easily picked up through adverse media and OSINT sources. All of this adds complexity to list management.
Fifth, the increasing demands on screening capabilities create an added burden for teams managing watchlists. Managing and ensuring robust processes around watchlists often requires significant manual work outside of the watchlist management module of a screening solution.
Dealing with Overscreening
Financial organizations have been going back and forth over the years on how much data is optimal for a given screening use case. KYC screening typically uses multiple lists and datasets, while transaction filtering often uses more targeted lists. More granular watchlist management controls can support a risk-based approach to screening and allow pinpointing the lists used according to the scenario, in order to avoid overscreening.
Overscreening can lead to an increased operational burden for alert investigation, impacting decisions around modernizing screening processes—and not always in a positive way. A prominent example is the difficulty FIs are facing in implementing perpetual KYC. Event-driven monitoring ideally would use large adverse media data sets to detect risks. With current technology, however, adverse media screening generates large volumes of false positive alerts, which analyst teams must deal with. This issue is influencing FIs to often only use adverse media data sets on a limited basis, namely for high-risk scenarios. Smart technologies like natural language processing (NLP)—and, eventually and inevitably, large language models—can improve adverse media screening results. At the same time, utilizing granular watchlist management controls to exploit these data sets in a more targeted way can help improve the cost/benefit issues around screening large volumes of data. This is another way in which the granularity and configurability of watchlist management controls is increasingly important.
Applying more and better technology will help FIs keep up with these increasing demands. Many screening solutions have watchlist management capabilities, but there is an imbalance between the watchlist management functions of the screening solution—which remain fairly basic—and the increasing demands being placed on the screening process itself. While newer screening solutions can handle faster rates of 500 or even 6,000 transactions per second in order to support digital financial services and faster payments, there has typically not been a corresponding enhancement of capabilities on the watchlist management side.
Watchlist management technology should provide three key functionalities. First, solutions should have the scale and speed to support as many external and internal lists and data sources as needed. Second, solutions should offer seamless and automated maintenance of these multiple lists and datasets, including frequent and timely list updates.
Third, systems should provide highly configurable controls to manage the complex ecosystem of screening data in a more granular manner. This includes orchestrating the use of different lists or combinations of lists for specific scenarios—for example payments involving a high-risk jurisdiction or business—and applying these list configurations on the fly.
Complexity of lists, complexity and volume of data within those lists and the complexity and increased scale of use cases that need to be covered by screening are all making it more imperative for financial institutions to have robust and demonstrable watchlist management processes in place. Dedicated list management technology can help manage, standardize and optimize list controls while alleviating the often highly manual operational processes around list management. This will help financial institutions more effectively cover increasingly complex and scaled screening scenarios, provide assurance for watchlist and screening processes, and improve efficiency in watchlist management as well as downstream investigation.