Watchlist management may not make as many appearances in movies as many other areas of financial crime detection and prevention technology do, but it is now vitally important that firms put these tools on centre stage.
Watchlist management is the collective term for the processes and tools used to ensure the timely and consistent delivery of all the watchlist data required for sanctions, anti-money laundering or similar forms of compliance screening. Although watchlist management is a long-established component of financial crime risk management controls, its fundamental importance has often been overlooked. However, today’s screening challenges – including growing watchlist size and complexity, the high velocity of watchlist change, and increased regulatory attention to watchlist management – are forcing firms to substantially increase their focus on improving watchlist management.
The main issue facing banks and other financial services firms is very straightforward – they need to have the most up-to-date, correct watch list data powering their financial crime risk management technology. In past times, this was a lot less difficult to achieve than it is today. However, today sanctions lists are much more volatile, and the sanctions themselves are more complex to implement.
In addition, financial firms now need to be able to manipulate their watchlist data in more complex ways, and they need to perform more intensive quality assurance and reconciliation processes on their data.
On top of this, most current control frameworks have quite a lot of replication and inefficiency because controls have simply been layered on top of each other. This is because often firms have a mix of home-grown and commercial tools in place for watchlist management that has grown organically over time – there hasn’t been a unified, strategic approach to the evolution of watchlist management in most firms.
As a result, firms are finding that maintaining the status quo is becoming increasingly difficult – there is a substantial risk of changes to watchlists or controls creating errors or even breaking the system.
Increased regulatory scrutiny
At the same time, financial firms are often struggling to get watchlist management right, regulators are increasing their level of scrutiny. In particular, regulators are looking more closely at how large banks are managing watchlist data. Also, regulators are increasing their expectations around how quickly those large banks can put sanctions changes into operations. Regulators have significantly decreased the amount of time they are allowing for changes to be deployed into detection tools. Whereas same-day or overnight turn-around times might have once been acceptable, in today’s compliance landscape regulators can expect large banks to have the latest sanctions updates ready for use within minutes of publication. It is likely that this window will continue to tighten.
Regulators want to see improvements in other aspects of watchlist management, too. For example, regulators want to see harmonisation and standardisation of processes so that the results are easy to explain and accessible. At the moment, it can take financial firms a long time to deliver evidence requested by regulators because they have to go to different systems, and then compile and align the information they retrieve because it can often be in different formats.
Current process weaknesses
Essentially, updating watchlists for sanctions changes is a data management challenge. Sanctions updates appear on the sanctions authority’s website, and the data is fetched from there. The sanctions change data is then extracted, normalised, and passed through a filtering engine. All of this can take quite a lot of time, particularly for some of the very large commercial watchlists, which can contain between three and five million records. Depending on the technology being used, it can take hours to prepare that data, and then to screen it against an institution’s client lists.
Taking a strategic approach
Faced with these challenges, many financial services firms are beginning to evolve their watchlist management programmes, to take a more strategic approach. By thinking about these challenges in a more data-led way, firms can transform watchlist management to generate higher quality, more timely data that is ready-made to support the required downstream processes.
Performing watchlist management in the cloud is a gateway to enabling transformational change in watchlist management. New-generation technologies that are built for a real-time environment are able to ping sanctions websites every few seconds, producing data files that are ready for screening in a few seconds more. Through super-fast parallel processing in the cloud, a full commercial watchlist can be integrated into a client screening process in about 20 minutes, instead of hours. And because the watchlist management data is stored securely in the cloud too, firms can perform intensive quality assurance and reconciliation on their data quickly and easily.
In addition, processes are transparent and explainable to regulators. Also, the data is all located in a single place, enabling firms to respond to regulatory requests more efficiently and comprehensively.
By moving to the cloud and using innovative approaches to data management, new purpose-built watchlist management technology enables financial firms to transform their programmes to better support their business, improve regulatory relations, enhance their ability to comply with existing sanctions programmes and respond to regulatory change.