ARE YOU MISSING SOMETHING?
Home > Case Studies
Our client is a global financial services provider engaged in retail, corporate, investment banking and wealth management. It has operations in 50 countries, employs approximately 130,000 people and has over 45 million customers worldwide.
As a global bank, our client must comply with international sanctions regulations. In the current regulatory climate, it is essential that they screen their customers and transactions against relevant sanctions and PEP lists, such as those produced by the US Office of Foreign Assets Control (OFAC), the UK HM Treasury and the Hong Kong Monetary Authority (HKMA). Our client uses automated software, including sanctions filters, to screen transactions and customers against sanctions lists.
Our client’s global sanctions policy, reflecting its risk appetite, documents which payment messages should be filtered against which lists. Like many of its peers, our client’s policy excludes most domestic messages from the filtering process. The sanctions policy was interpreted by the business, with the technology teams building it into the payment systems.
Having an appropriate filter in place is critical, but in recent years there has been a growing need for institutions to gain a greater understanding of the filters they use. Regulators expect institutions to know how their filters operate instead of relying on vendors. With the software automatically selecting which messages to screen, there was a risk that the filtering decision was not in line with their global sanctions policy and that they may not be able to demonstrate to regulators that all messages that required filtering were being filtered. To this end, our client wanted to understand how their screening software worked and to make sure that any sanctions filters used are operating as expected.
To identify whether there were any filtering gaps in the client’s screening software, we needed to check that the sanctions filters delivered predictable – and correct – results. Different filters were used to screen payments and trade transactions, along with other filters for screening databases, such as customers, accounts and politically exposed persons (PEPs).
A root-cause analysis was also required to help senior management understand the underlying reasons behind the potential sanctions filtering gaps.
As part of our end-to-end investigation we:
Mapped and documented the multiple messaging systems operating in the client’s highly complex global landscape.
For each system deemed in scope for the review, we extracted several million messages from the client’s data warehouse. Once extracted, we then loaded the messages into our bespoke review database.
Alongside the data extraction project, we reviewed the client’s global sanctions policy to establish the filtering rules to able applied to sanctions screening. This allowed us to build the same rules into our review database and to make an independent decision as to which messages required filtering.
We also took an extract from the sanctions filter logs to look for evidence that messages requiring filtering was logged.
Messages not presented to the filters, as required by the global sanctions policy, were identified and investigated to determine why they had been included. This involved us modelling the client’s complex message routing algorithms.
The client now has peace of mind that their sanctions filtering operations are operating as expected and that their screening tool is providing the necessary protection.
Senior management can demonstrate to regulators that they are screening all their customers and transactions against relevant sanctions lists, in line with their global sanctions policy.