Something we said? Don’t leave just yet!

For more information about latest events, news and insights, leave us your email address below.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form
Dismiss

Alert dismissal in Client Screening: do's and don'ts

Setting the right parameters, name matching policies, and discounting alerts in client screening can be difficult. Learn about Singapore’s Central Bank’s best practices.

Richard Quick
June 6, 2024

The dos and don’ts of alert dismissal in client screening

In financial crime compliance, regulators expect financial institutions to perform robust and timely assessment of name screening alerts.  Therefore, financial institutions (FIs) should evaluate and regularly review the adequacy and relevance of client screening parameters. This includes the quality of data, the FI’s risk appetite and developing policies to guide the review and alert discount process.  

Singapore’s Central Bank, The Monetary Authority of Singapore’s ‘Strengthening AML/CFT name screening practices’ paper recommends a few best practices, and recommendations for financial institutions:  

Name matching policy and scope

The scope and choice of parameter values within client screening is guided by the risk appetite of each client. This evaluation may consider factors such as legal risk, regulatory risk, reputational risk, data quality, and the nature of customers, products, and geographical areas where the organization operates. The aim is to ensure that the hits generated are limited to those representing a risk in accordance with the user's policy and stated risk appetite.

Hence an effective customer screening policy should align the scope of screening to match the risk.  If a financial institution (FI) is exclusively dealing with clients from the UK and US, it may be able to limit its screening to the lists provided by the UK and US authorities.  Where acceptable, filters can be used to exclude low-risk profiles from sanctions screening, for example minor officials.

Set parameters and attribute weights to reflect risk appetite

Identifiers such as name, date of birth and country of incorporation are attributes used to recognise and match individuals/entities against list profiles.  Typically, weights are assigned to each identifier and each person/entity is then subjected to client screening. A match score for each individual / entity is then calculated based on the degree of similarity between the information on the customer and the information in the target profile.  

Users should ensure the weights reflect the relative importance of the attributes. For instance, if the FI policy is to review all exact matches, ensure the weights are not inadvertently set so that a name can only alert with support from another additional attribute.  

Fuzzy matching

A robust fuzzy name matching engine is crucial for effective customer screening processes. It typically considers various factors, including:

  • Phonetically similar names (Amy Hawkenberry vs Aimee Hockenbury);
  • Names in foreign characters and transliterated names – This is particularly helpful to identify spelling variation and nuances lost in the translation for names not normally written in english characters: Abdul Rashid, Ab dal Rasheed;
  • Initials, truncations, missing hyphens or name components, out-of-order fields;
  • Nicknames- These could be culture and language specific: the Russian “Leo” produces “Leva,” “Lyova,” or more rarely, “Lyovushka”.  

A simplistic matching engine which only matches exact matches or those within a small edit distance can result in overlook alerts which require review.  

Token matching policy

For name matching in sanctions screening, FIs should establish their policies on token matchng differences such as order indifference, middle name weighting, and token conflict.

  • Order Indifference: Consider ‘John James’ | ‘James John’- a FI which has a robust data entry process may have the confidence to consider this match as a miss, imposing a significant score penalty for any differences in order. Conversely, an FI with minimal confidence that names have been entered in the correct order might regard this example as a strong match with minimal penalty, considering it a near exact match.
  • Middle Name Weighting: For example, ‘James Jones’ | ‘James Alexander Fred Jones’ many clients would expect a very strong match score ignoring the missing middle names. Other clients would wish to penalize the missing names more heavily.
  • Token Conflict: ‘John James Smith‘  |  ‘John Alan Smith’. In this example, the middle names conflict and clients can feel differently as to how far this conflict should reduce the match score.

Alert discounting

Accurate alert dismissal is crucial for meeting name screening requirements including having a policy to ensure that good alerts are not discussed by mistake.

Some examples of common errors taken from the Monetary Authority of Singapore’s paper include:

  • Differences in passport numbers should not be used to dismiss alerts. Passports are renewed periodically, and passport numbers are typically subject to change.
  • C/O or P.O. box addresses should not be used as identifiers to justify dismissal of alerts. Such addresses are neither permanent nor indicative of the parties’ locations.
  • The treatment of adverse news as out-of-scope solely because they’re from a regional/ local new source or solely because of their recency may be an inappropriate reason for dismissal (e.g. news older than two years).

Adequate documentation of assessments

After reviewing alerts, it is important to adequately document conclusions and evidence of verification work done (e.g. information considered, work performed, preparer and approver) so that the basis and accountability for any decision made are clear. This is for accurate regulatory reporting and audit procedures.  

For sanctions alerts, a minimum of two identifiers should be documented when dismissing an alert. To illustrate, if the two identifiers are date of birth and country of residence, it is not sufficient to simply state “Customer has different date of birth and country of residence.” The actual differentiating details need to be documented e.g. “Customer’s date of birth is 02/03/50 and he resides in Country A, while alert name’s date of birth is 03/04/70 and he resides in Country B.

Next-Gen Screening solutions, like Napier AI’s Client Screening can be used with a Regulatory Reporting Manager module, which helps compliance teams collate necessary data to build and submit high quality suspicious activity reports to the relevant enforcement agency securely and on time. This reduces the time involved in compiling suspicious activity reports, with encrypted form-building providing complete assurance against tipping-off, and auto-collation which accelerates the process.

Read more about how to build a resilient client screening programme, from Napier AI’s Chief Product Officer, William Monk

Photo by rivage on Unsplash

By clicking “Accept All Cookies”, you agree to the storing of cookies on your device to enhance site navigation, analyse site usage, and assist in our marketing efforts. View our Privacy Policy for more information.