Most successful banks and financial institutions understand that anti-money laundering (AML) compliance cannot be an afterthought. In 2025, regulators demand a proactive response to money laundering risk, which typically requires firms to go beyond templated screening and monitoring tools, and instead develop unique solutions that fit their operating environment.
That’s easier said than done. The risk-based AML regulatory landscape evolves constantly to account for new legislation and new criminal threats. This means that financial institutions have to reassess their compliance posture on an ongoing basis, and deal with emerging challenges and pain points as their solutions evolve.
Don’t let AML compliance challenges weigh your solution down. In this post we’re going to explore some of the key AML pain points that financial institutions face in 2025 – and provide some critical tips and insight into how to manage them.
Ongoing monitoring
A constantly changing AML risk landscape demands constant vigilance from the people responsible for spotting criminal activity. In practice, this means that financial institutions must find a way to facilitate ongoing monitoring of a range of money laundering risks, by screening customers effectively.
Two key examples of those ongoing monitoring challenges are:
Sanctions
In a turbulent geopolitical climate, governments issue new sanctions designations regularly, adding volume and complexity to the screening challenge. Russia’s 2022 invasion of Ukraine, for example, has seen Western governments issue an unprecedented amount of sanctions against Vladimir Putin’s regime – with strict liability penalties for firms that violate the rules.
The sanctions challenge is complicated by its global scope. Not only do compliance teams need to monitor sanctions lists, but peripheral data that also reveals customer risk. This means screening thousands of media sources, in foreign languages, and being sensitive to potential variations in spelling or naming convention which might confuse searches.
Politically exposed persons
It can be extremely difficult to establish whether a customer is a politically exposed person (PEP), and therefore poses a higher AML risk. PEPs are not just elected politicians, but can also include government employees, military officials, or holders of any prominent public position. Financial institutions may also seek to apply PEP risk to the family members and close associates of PEPs.
The PEP challenge doesn’t just involve detecting new PEPs following elections and other appointments, but deciding whether to declassify existing PEPs after they have left their position. Recent high profile cases have seen financial institutions face criticism for allegedly de-banking customers based on their PEP classification, or the classification of their relatives.
False positive alerts
The ongoing monitoring challenges listed above – sanctions and PEP screening – necessarily require financial institutions to collect and analyse vast amounts of customer data from internal lists, official lists, and media sources including news reports and even social media posts. In order to capture all potential threats and satisfy regulatory expectations, compliance solutions inevitably end up making incorrect risk assessments and generating false positive alerts, which need to be remediated.
Dealing with false positives is costly and time-consuming, especially if team members have to work through the alerts manually in order to establish true risk and remove incorrectly-applied alerts. It’s worth remembering that small adjustments to screening parameters can increase false positive rates significantly, slowing down the delivery of products and services, damaging customer experiences, and further draining employee attention and resources.
False negative alerts
While an over-sensitive screening solution generates higher volumes of false positive alerts, a solution that does not capture risk accurately risks generating false negatives – in which a high risk customer or transaction is incorrectly dismissed as presenting no risk. False negatives are arguably a more serious compliance consideration than false positives: solutions that generate too many false negatives expose financial institutions to unacceptable regulatory risk which can lead to legal consequences, including criminal penalties.
The difficulty in spotting false negative results is that, by definition, they aren’t flagged in any way by screening solutions. False negatives typically occur because compliance teams lack sufficient data to establish customer risk accurately, and fail to connect customer names to the data points that would help them make stronger decisions.
To manage, and prevent, false negatives, firms must first understand their common causes, which include:
Screening parameters set too narrowly or set incorrectly
A lack of high quality customer data
Compliance analyst skill deficiencies
A lack of multilingual search capabilities
Poor name matching capabilities
The de-duplication of news stories which leads to risk data being deprioritised or lost
Reliance on manual name searches, such as Google searches
Compliance teams can address the false negative challenge by testing their screening solutions regularly, and running true positive customer data through a search process as a way of validating its accuracy. It may also be useful to scrutinise historical screening alert rates: if a system experiences a sudden drop-off in AML alerts, it’s likely that an adjustment to the search process, or an algorithmic issue has affected the accuracy of the solution.
Get ahead, and stay ahead, of AML compliance challenges
It’s not enough to understand where pain points might affect your AML compliance solution. Regulators expect financial institutions to be proactive in taking the necessary steps to overcome challenges and shore up vulnerabilities.
In a complex, constantly evolving regulatory landscape, that isn’t easy. Compliance teams must capture and analyse vast amounts of risk data in order to meet their responsibilities and establish true risk – while ensuring that data doesn’t generate an overwhelming amount of false positives or, worse, false negatives.
Manual screening processes typically struggle to manage these pain points efficiently, creating delays in the delivery of products and services, piling pressure on compliance analysts, and increasing the likelihood of human error. Financial institutions must find ways to help their compliance teams manage that burden, not least by integrating technology to automate as much of the screening process as possible.
While automation isn’t a magic bullet for AML compliance friction, it can accomplish in seconds tasks that would have taken human analysts hours to complete – and so enhance the speed and accuracy of the results, and any subsequent decision-making. Even better, automated screening solutions can be tailored to specific risk appetites and risk environments, meaning compliance teams can adapt quickly to both regulatory change and emerging criminal methodologies.
Supply chains are critical to the global corporate landscape, but any reliance on a third party also comes with a level of regulatory risk, which firms must factor-in to their compliance solutions.
From breaches of anti-money laundering (AML) and counter-financing of terrorism (CFT) rules to institutional corruption, cyber-security failures, and human rights abuses, the consequences of third party risk can be just as damaging as internal regulatory failures – not least because incidents often also inflict reputational damage. Third party risks are not a low-priority issue: a focus on cybersecurity risk alone reveals that up to 98% of organisations worldwide have had a business relationship with a third party vendor that has suffered a data breach.
Awareness and understanding are key to identifying and managing third party risks, and to implementing effective mitigation measures. In this post, we’re going to examine some of the key pain points associated with third party risk management, and how firms can deal with them.
Supply chain risk
Most organisations are comfortable managing the challenges of their immediate risk environment, including carefully calibrating their screening and monitoring solutions. When it comes to the risk environments of their suppliers, however, identifying threats becomes more complicated.
Supply chains typically cross multiple borders and multiple risk environments, which complicates the risk assessment process. Not only do firms have to think about a higher volume of threat vectors, but take steps to ensure that their suppliers are operating in compliance with the relevant regulations. The complexity of a supply chain magnifies the compliance challenge: cross-border chains carry a higher likelihood of regulatory disparity, while multiple different entities make different internal compliance approaches more likely.
Key supply chain compliance risks include:
Suppliers that operate in high risk industries, such as shipping or payment services.
Suppliers that operate in jurisdictions with lower AML regulations.
Sanctions designations against persons or countries within, or connected to, a supply chain.
The presence of politically exposed persons (PEPs) within supply chain companies, or connected to them via friends or close associates.
The principles of supply chain risk management are similar to those applied to customers. That means firms must implement suitable supply chain due diligence measures, along with screening and monitoring processes, in order to assess and establish risk as accurately as possible.
Reputational risk
We’ve focused on the regulatory risks that supply chains pose, but third party risk is not just about legal consequences – it also includes reputational damage. In fact, reputational damage can occur even in cases where there is no technical breach of law, and can hurt a firm just as much as a financial penalty.
In some contexts, the mere existence of a business relationship between one entity and another can be enough to create a negative public impression, regardless of whether a client organisation has broken compliance rules. With that in mind, reputational damage is often a result of negative environmental, social, and governance (ESG) factors, which may include:
Carbon emission levels
Preservation of biodiversity and natural habitats
Ethical labour practices
Workplace diversity, equity, and inclusion
Health and safety practices
Corruption
Human rights abuses
The consequences of reputational damage can be difficult to predict, but may translate to customer boycotts, adverse media stories, and increased regulator attention. The sheer diversity of reputational concerns can be a particularly problematic factor for corporate entities with large global footprints, or with extensive supply chains. Reputational risks can be managed in the same way as other compliance concerns but, again, may require firms to extend the scope of their screening and due diligence measures.
Ongoing due diligence
The supply chain and reputational risks listed above represent ongoing compliance concerns, and mean that firms must factor them into their risk-based compliance solutions. In practice, this means treating third party relationships in a similar manner to business relationships, including performing due diligence in order to inform risk assessments.
Where conventional customer due diligence (CDD) measures help firms verify that customers are who they say they are, supply chain due diligence helps to verify that suppliers are meeting the standards that they claim to be. Supply chain due diligence is often a compliance pain point because it involves an intensive manual collection process of third party documents and information such as:
Company names, addresses, tax numbers and incorporation documents
Beneficial ownership details
Historical financial data such as tax reports
Internal risk assessment data
Internal financial data such as cash flow, debts, and liabilities
Regulatory environment information and historical AML/CFT compliance records
Supply chain due diligence should take place at the start of the supplier relationship and should be refreshed on a regular schedule to capture changes in a supplier’s risk profile. Ideally, that ongoing due diligence should be supported by peripheral compliance measures, including adverse media screening, and sanctions and watchlist screening.
Stay ahead of third party risks
Third party risks typically require firms to expand the scope of their compliance solutions, rather than taking a different approach to existing screening, monitoring or due diligence. That need adds volume to the compliance burden – a factor that can put unsustainable pressure on firms that rely on manual techniques to establish risk, such as searching for customer names on Google, or manually entering names into sanctions lists or PEP lists.
Fortunately, compliance teams have options for mitigating the challenges of third party risk, not least by supporting or (where possible) replacing manual processes with automated software tools. Automated screening software adds valuable speed to tasks that would have taken hours to complete manually, and high detail accuracy which reduces the potential for human error.
Most importantly, automated third party risk screening enables firms to dramatically boost the scope of their searches to a truly global scale. Automated name searches, for example, can cover thousands of global data sources, including news reports, sanctions lists, watchlists and more, delivering actionable intelligence in seconds, and helping firms make faster, stronger compliance decisions about every third party relationship.
Sanctions requirements are growing both in their scale and complexity. Since 2022, not only have thousands of new names have been added to UK, US, and EU sanctions lists, but many new activity-based restrictions, such as the need to block comprehensively sanctioned territories in occupied Ukraine or the prohibition of services to Russia, have been introduced. Coupled with ever-more sophisticated sanctions evasion techniques, and a regulatory expectation that financial institutions should detect sanctioned activity, financial institutions need to think more creatively about their screening controls.
Sanctions screening is no longer just screening against a list of names, but also capturing additional data and applying a more proactive and intelligence-led approach. Artificial intelligence (AI) may play a significant role in this transformation. Ripjar’s recent Sanctions Masterclass, co-hosted with FINTRAIL, explored some key questions for firms building and scaling their sanctions framework.
1. How can firms detect sanctions activity using a risk-based approach?
Many regulators allow (and even expect) financial institutions to apply a risk-based approach to screening. As one of their key practical considerations for sanctions screening, financial institutions should understand how their customers, products and payment channels contribute to sanctions risk, and concentrate their resources on the areas of the business presenting the most risk.
A risk-based approach is not about having or not having a particular control, but rather dialling up or down the intensity of certain controls in line with risk. For example, some firms may concentrate payment screening efforts on cross-border transactions instead of domestic payments where the sanctions risk is lower. Every sanctions system programme needs to be unique to your inherent and residual risks.
To understand what regulators expect from firms, it is a good idea to read enforcement notices and conduct a gap analysis against your own programme, to highlight weaknesses and proactively address any gaps. For example, if a firm is fined for not screening certain payment fields, consider if you should be doing the same. It also can serve as a validation exercise to demonstrate that your systems and controls are effective and commensurate to your sanctions risk.
2. What data should firms collect for sanctions screening?
The quality of sanctions screening depends not only on the lists you screen against but also the customer and payment data you use. Firms should consider what data points they hold on customers that might indicate sanctioned activity, and incorporate these into screening. Mechanisms to measure data completeness and data lineage are an important part of your sanctions programme for ensuring you supply quality data into your tool to minimise false positives and increase efficiency.
Crucially, it is important to recognise what regulators are expecting firms to identify. Many sanctions lists will contain additional data on sanctioned persons and entities, such as email addresses and websites, which can be integrated into screening. At the same time, a customer’s IP address location may be used to block access from sanctioned jurisdictions.
Practical questions for firms building their sanctions framework
1. What data is being screened?
Do you have a clear picture of what is coming into the screening system and is it complete and validated?
2. What are you screening against?
Do you have a clear view of list management and what is provided by external parties?
3. When are you screening?
How does this tie into the risks presented by your customer profile and flow of funds?
4. Why are you screening?
Do you have a clear view of your regulatory obligations and your own internal risk appetite on which to build your framework?
Once these questions have been answered, you can then consider:
5. How are you screening?
Can you define your suppression logic, the use of machine learning and AI, and the levels of fuzzy matching?
6. How do you operationalise your screening?
How do your settings and processes inform case management, information requests, and capacity planning?
3. How can financial institutions adopt a proactive approach to screening?
Governments publish guidance to industry on the latest sanctions evasion tactics adopted by sanctioned parties. For example, as recently as September 2024, the G7 published joint industry guidance on red flag indicators of potential sanctions evasion and best practices for firms to conduct enhanced due diligence. Staying on top of evolving sanctions and regulatory guidance is one of the biggest screening challenges organisations face, and firms are expected to read such guidance and adjust their controls accordingly.
Many firms are also looking to adopt a more proactive approach in response to such guidance. While sanctions evasion typologies are unstructured data, screening software works with structured data, and the challenge for firms is to build rules to detect the behaviour called out in typologies. This requires resources and technical expertise.
4. What role can technology and AI play in keeping up with the pace of change?
Advanced screening solutions leverage technology to help firms move beyond simple name screening, and allow them to adopt a more proactive approach to screening. Technology can help link multiple data sets and digest unstructured information at scale – such as adverse media and corporate relationships – to flag potential sanctions risk.
Many firms also see a role for AI in screening, ranging from assisting with operational tasks (such as automating requests for information, and obtaining further information that a human investigator needs to resolve an alert) through to potential use cases where AI can make true match or false positive determinations.
A key challenge here is that, since breaching sanctions is a criminal offense in many jurisdictions, firms must be able to place trust in the AI and – crucially – be able to maintain oversight over the system and explain it to the regulator.
Sanctions is not a one-size-fits-all approach
In summary, the key challenge for firms is to ensure that their screening systems and approaches are aligned to their sanctions risk. Firms need to understand how their business model influences their inherent and residual sanctions risks and how this interacts with the increasingly complex sanctions landscape. Firms should use all of the data available to them – both structured and unstructured data, whether in sanctions lists or in typology reports – to inform their sanctions typologies and build out their sanctions controls. In order to do so, firms must explore how technology – such as automation, machine learning, and advanced forms of AI – can help reduce the operational burden while optimising the possibilities of detecting sanctioned activity.
Sanctions pressure is increasing in jurisdictions all around the world, with financial institutions struggling to adapt to an increased volume of regulations, and more intensive approaches to enforcement. To meet that rising sanctions challenge, financial institutions must rely on employee skills and technical resources, integrated as part of a risk-based screening solution.
In November 2024, Ripjar and FINTRAIL jointly hosted a Sanctions Masterclass on exactly that issue, with industry experts discussing some of the most significant concerns of a changing compliance landscape – and regulator expectations for managing them.
As political tensions have grown dramatically all over the world, sanctions restrictions have become a lot more complex. Financial institutions need to stay ahead with screening solutions that look to advanced technology or intelligence-led solutions.
Ciara Aitchison, FINTRAIL Director
Industry Opinion: Top Screening Challenges for 2025
During the Sanctions Masterclass, audience members were asked to share what they felt were the top sanctions screening challenges for their organisations (with the option to select up to 3). The results reflect how complicated the sanctions screening question has become for many compliance teams and highlight the need for new ways to manage risk data.
Evolving Sanctions
The Masterclass poll highlights a number of specific sanctions compliance pain points, not least the ongoing issue of evasion. But it also reflects a collective concern with the pace at which the sanctions landscape is changing.
Leading the discussion, FINTRAIL Senior Consultant & Sanctions Lead Emil Dall pointed to this change as the root of the screening burden that many firms are experiencing, identifying Russia’s invasion of Ukraine as a key driver.
“We’ve had a huge increase in the number of designations since 2022,” said Emil. “In the United Kingdom alone we’ve seen £22.7 billion worth of assets frozen because of Russia sanctions, and recorded 473 suspected breaches – up significantly from 147 at the beginning of Russia’s invasion.”
It’s not just the increasing volume of sanctions that is making life difficult for compliance teams but the type of restrictions that are being imposed. Western governments have introduced new types of sanctions restrictions, including those involving cryptocurrency wallets and crypto services, the ban on Russian banks using the SWIFT banking system, and sanctions that involve specific territories within occupied Ukraine.
“All these different types of sanctions increase the levels of controls that financial institutions require,” said Emil. “Name screening won’t necessarily help you implement these restrictions, so we need to think creatively about how we can go further.”
In this case, “thinking creatively” may require capturing a greater depth of information about a given customer, including their passport number, email address, and so on, or a deeper-dive into potential evasion strategies which have emerged as a result of the changing nature of the sanctions regulations themselves. Illustrating that point, Emil brought up the example of the designated company Aeroscan. The UK listing includes the company’s website and email domain “scan.aero”, which some screening providers may not pick up through fuzzy matching, or which may not be picked up if not screening client websites or email domain names.
Regulatory Expectations
In the face of an increasing number of regulations, and new evasion strategies, businesses rely on regulatory guidance, insight and advice as a means to support compliance efforts.
Emil noted that there has been an uptick in regulator guidance to match that need, and specifically guidance that highlights financial institutions’ primary concern: detecting sanctions evasion. In September 2024, for example, the G7 released joint guidance, for the first time ever, on preventing Russia sanctions evasion. The guidance includes a list of red flag evasion characteristics, screening best practices, and top customer due diligence (CDD) controls. The UK has also issued red alert notices more frequently since the invasion, including one targeting sanctions evasion techniques used by Russian oligarchs.
The focus on sanctions evasion techniques reflects another prominent sanctions challenge: the need to understand company ownership structures and the risk of sanctioned parties using third countries to evade restrictions. For example, news media reported on a surge in car exports to Azerbaijan, coinciding with a drop in exports to Russia as the export of luxury vehicles to Russia became prohibited.
“It begs the question of what our financial institutions are being asked to detect,” said Emil. Referring to OFAC’s Framework for Sanctions Compliance Programs, he continued, “If you ask OFAC, it goes beyond name screening and focuses on firms having policies, procedures, and controls in place to detect prohibited activity – not just preventing certain people from accessing financial services.”
That point reflects another important consideration in a changing sanctions landscape. While the volume of regulator guidance has kept pace with new rules, it is also clear that regulators “increasingly expect” financial institutions to successfully spot sanctions evasion.
“There is a growing realisation that financial institutions have a lot more data at hand which can allow them to detect sanctions activity,” said Emil, “beyond just detecting whether someone’s name is on a list.”
There is a growing realisation that financial institutions have a lot more data at hand which can allow them to detect sanctions activity, beyond just detecting whether someone’s name is on a list.
Emil Dall, Senior Consultant & Sanctions Lead, FINTRAIL
Real-world enforcement actions seem to reflect that trend:
In 2021, financial services firm Payoneer was fined over $1.4 million for multiple failures in its fuzzy matching screening controls.
In 2022, crypto service provider Kraken was fined over $300,000 for failing to screen customer IP addresses correctly during onboarding.
In 2023, Swedbank was fined over $3.4 million for not acting on location data that suggested transactions were connected to sanctions-listed Crimea.
The examples demonstrate the growing need for financial institutions to consider the risk data that they hold on their customers, and integrate that into the screening process – rather than just verifying against a list of sanctioned names.
Risk-Based Compliance
Sanctions compliance is risk-based, which means financial institutions must deploy a proportional response to the risk that their clients present. This makes the accurate assessment and understanding of risk critical on an individual-organisation basis, and means there are a number of practical sanctions screening considerations organisations must make.
In this climate, out-of-the-box screening solutions do not offer an adequate level of compliance protection, since those systems are not calibrated or tested to the specific risks of a given firm’s operational environment. Risk assessment is all the more important in an evolving sanctions landscape, where new sanctions are issued regularly, along with the emergence of new evasion techniques.
Effective risk-based compliance requires firms to look inwards, as much as to the introduction of new regulations. Emil set out questions that firms should ask themselves to strengthen their approach to risk assessment:
How can we innovate? How can we tune? How can we test and make our systems better at addressing the risk we’re facing? As sanctions risks increase globally, our screening systems must also follow suit.
Emil Dall, Senior Consultant & Sanctions Lead, FINTRAIL
With that in mind, effective risk-based compliance should also be thought of as a series of dials that apply different levels of screening intensity to different points in an organisation’s infrastructure.
In the context of customer screening, for example, that could include a dial for selecting the right lists to screen, a dial for screening adverse media, a dial for screening cadence, ongoing testing and so on. Meanwhile, in the context of fuzzy matching, there may be a dial for adjusting alert triggers in line with risk, based on client profiles, payment types, products being used, and so on.
Key Takeaway: The Value of Data
The pace of change in the modern financial landscape requires every firm to prioritise the development of a unique screening process that takes sanctions screening beyond name matching. This process must not only meet regulatory expectations, but also internal assessments of risk. Building that solution should involve careful tuning and calibration on an ongoing basis, informed by every available data point, both in official sanctions lists and published guidance, and on the customer side in records and internal documents.
That data challenge is significant, but financial institutions can make their job easier by leaning-in to the speed and efficiency possibilities of automation, and integrating cutting-edge screening technology such as Ripjar’s sanctions screening solution.
Capable of capturing thousands of data points, including sanctions lists, watchlists, and adverse media sources for further screening enhancement, Ripjar screening can be tailored to a firm’s risk appetite and environment. In a changing and challenging regulatory landscape, Ripjar gives compliance teams the power to adapt, incorporating powerful AI-supported screening features that add depth to customer name searches, enrich the quality of search data, and ultimately enhance compliance decision-making.
It’s no longer enough to simply search for a customer’s name on a sanctions list in order to meet regulatory compliance obligations.
Risk-based sanctions compliance rules – imposed in jurisdictions across the globe – ask more of compliance teams, and typically require analysts to go beyond government-issued lists, and consider a much wider range of data when making decisions. Complying with these rules also brings a number of practical considerations for organisations.
In November 2024, Ripjar and FINTRAIL hosted the Sanctions Masterclass webinar “Going Beyond the List”, assembling a panel of experts to discuss the ways that firms can harness technology to add depth to their sanctions screening processes. In that discussion, Ripjar Operational Data Science Lead Abhijith Rajan drilled down into strategies that enhance customer name searches, and how artificial intelligence (AI) tools are helping compliance teams take their screening processes beyond the limitations of traditional name matching.
Organisations tend to be conservative in the way they do sanctions screening, but there are ways that technology can help us understand things about a name.”
Abhijith Rajan, Operational Data Science Lead, Ripjar
Industry Opinions: Screening Technology Impact
The Sanctions Masterclass captured the opinions of an industry audience in a poll that focused on the specific impacts that compliance teams would like technology to have on the screening process.
The poll suggests that firms value screening efficiency and accuracy, with results weighted towards the remediation of false positives, and managing an increasingly complex and crowded regulatory environment. Scrutinising that data, Abhijith suggested that the efficiency and accuracy challenge might actually start from an over-reliance on names in the first place:
“Sometimes even names can be problematic,” said Abhijith. “You might not be allowed to screen in the script that the name is originally available in. And going from a script you might be unfamiliar with to a script you are familiar with is usually a poor process. It leads to false positives, and might end up meaning you have to build in a set of rules to assess the data.”
That challenge suggests that a new approach to screening is needed.
Traditional vs Identity-Based Sanctions Screening
Traditional screening processes, in which financial institutions attempt to match names to designations on the relevant sanctions lists, are limited for a number of reasons, including:
Having a sole focus on the names designated on sanctions lists.
High rates of false positives.
The increased likelihood of missing hidden or indirect connections to sanctioned entities, especially if screening for a common name with no additional information.
Given the expanding sanctions compliance burden, the limited scope of traditional screening can expose organisations to significant regulatory risk. Abhijith raised the prospect of a better way to screen – essentially “going from names, to identities”.
In this identity-based approach, instead of focusing on names alone, compliance teams search for customer identities, capturing the vast amount of additional risk data behind every individual.
An identity-based approach to screening:
Incorporates all available risk data.
Reduces false positives and false negatives by capturing nuance and detail.
Future-proofs compliance solutions by adapting to increasingly complex regulatory demands.
Incorporating Linked Data
We need to make sure that we’re challenging ourselves to be screening with more information.
Abhijith Rajan, Operational Data Science Lead, Ripjar
Identity-based screening requires compliance teams to enhance their search processes, typically by integrating technology tools. In this context, Abhijith suggested that the name can serve as a foundation for the effective application of screening technology:
“You can immediately look at a name and have a sense of what kind of rules should be applied to screening,” said Abhijith. “Then you can start to do intelligent things around screening. It gives you ways of building in technology and applying different rules for different customers.”
With that in mind, when screening for identities, financial institutions should move beyond only using traditional fuzzy matching, and seek to implement software that links names to other types of data. This might include considering name origins, or partial-name matches, but should extend across all available data types, including email addresses, customer behaviour, bank codes, and, importantly, adverse media.
Taken in isolation, each of these data points might offer little compliance value. Linked together, on the other hand, they help financial institutions build customer identities into ‘risk profiles’, which add critical contextual intelligence, and enhance the proactive identification of sanctions risk.
Screening software that facilitates the use of linked data helps compliance teams assemble all relevant sanctions information in one place, which not only adds efficiency to risk analysis but speeds up decision-making.
Enhancing With Adverse Media
Adverse media is particularly useful in identity-based screening, not least because sanctions evasion risk may be reported by news organisations long before governments make designations on official sanctions lists.
However, effective adverse media screening is challenging for a number of reasons, not least because of the vast amount of complex data that financial institutions must search through to find relevant risk information, and the noise that data generates – all of which can lead to an overwhelming amount of false positive alerts.
With the Sanctions Masterclass poll suggesting that false positives are a top priority for financial institutions, Abhijith again pointed to the value of technology in enhancing the sanctions screening process with adverse media, including reducing noise, refining results, and reducing false positives.
Specific adverse media applications include:
Creating and leveraging curated adverse media feeds that focus on relevant risk categories.
Screening customer profiles for matches, rather than screening articles.
Applying filters for jurisdictions, entity types, or level of activity.
Tailoring alerts for specific industries and regions.
Incorporating Relationships
Identity screening also helps firms uncover the compliance risk presented by relationships, including not only family members of sanctioned persons, but their friends and close associates.
Abhijith emphasised the importance of using risk profiles to uncover relationship connections – an approach that leans in to the capabilities of search technology to capture data, including adverse media.
“People get married, they get divorced. You want to be able to see this information updated on a regular basis,” said Abhijith. “At Ripjar, we’re comfortable extracting information around things like close familial relationships, corporate relationships, and employee relationships from media.”
Using Ripjar’s screening platform as an example, Abhijith noted that relationships can be tracked visually in graphs or networks, or simply laid out textually as part of a customer’s profile. Even better, screening software can allow compliance teams to make connections with other sanctioned entities automatically, helping financial institutions uncover potential hidden links and networks.
Understanding AI Advantages
The need to incorporate linked data, from an expansive global landscape, represents a significant administrative burden for compliance teams, not least thanks to the increased volume of false positive alerts.
Acknowledging that challenge, Abhijith pointed to the potential of AI tools to not only broaden search reach and reduce manual effort, but to enhance detection and reduce false positive rates. Some of the the key potential benefits of AI screening include:
Natural language processing (NLP) tools for the analysis of adverse media and other forms of unstructured data.
Machine learning algorithms for the detection of behaviour patterns that indicate sanctions evasion.
The incorporation of unstructured contextual data in the compliance decision-making process.
The automation of decision-making for low-risk false positive alerts.
The benefits of AI were acknowledged in the Sanctions Masterclass audience poll, that found the vast majority of attendees see a role for AI in sanctions screening.
Managing AI Challenges
“AI is complicated. It’s not a transparent process, and very often you’ll find that even people who built the software will struggle to explain why a match has happened.”
Abhijith Rajan, Operational Data Science Lead, Ripjar
While AI holds promise for sanctions screening, it’s critical that firms also remember its limitations, including – in many instances – its lack of transparency. The transparency issue is a significant consideration in the integration of AI tools, and particularly generative AI (GenAI), in screening processes, since financial institutions must be able to explain a set of results to regulators during an investigation.
“Explainability in AI has become better, and it keeps getting better over time,” said Abhijith. “We need better transparency. The audit trails need to be very clear. Regular validation and fine-tuning of AI models is critical.”
The need for explainability was a recurring theme in the Sanctions Masterclass, with other panel members expressing a desire to see GenAI develop as a component of the sanctions screening process:
“It’s explainability and reliance,” said Parminder Turna, Wise Director of Product Compliance for Sanctions & Screening. “Explainability in AI has the same risk as placing reliance on a black box vendor. I would want to be able to sit in front of a regulator and explain how I’ve implemented GenAI. I think that’s the next hurdle.”
The limitations of AI don’t mean that financial institutions should shy away from using it in compliance contexts, but instead consider how they will implement it in a way that doesn’t compromise the integrity of their search results. To that end, Abhijith suggested that AI tools should be used with “guardrails” that ensure their validation and repeatability. These might include their integration with human oversight to balance efficiency and accountability, and ensuring that compliance teams receive comprehensive training in their use.
“Copilots are very common,” said Abijinth, referencing the way that Ripjar incorporates GenAI into its search solution. “The idea is that you have a GenAI support system that’s sitting next to you and allowing you to speed up your work. You allow AI to act as your first line analyst and give recommendations that can be adopted or rejected.”
Go Beyond the List with Ripjar
Going beyond the sanctions list means embracing the opportunities and challenges of a vast and evolving data landscape, and ensuring that your compliance team has the resources, skills, and tools they need to deliver results.
Financial institutions can make that process easier by exploring the capabilities of AI-powered screening platforms – such as Ripjar’s sanctions screening solution.
Supported by cutting-edge GenAI, Ripjar’s tool is capable of screening thousands of sources in seconds, including sanctions lists, watchlists, and adverse media. Customisable to the unique needs of an organisation, it captures and connects data from evolving risk environments, incorporating powerful screening features that add depth to customer name searches, and enrich the quality of search results, in order to facilitate stronger compliance decision-making.
In 2024, geopolitical turbulence, including Russia’s ongoing invasion of Ukraine, has made the global sanctions landscape more unpredictable than ever. Meanwhile, governments are knuckling down on regulatory compliance with significant, strict liability penalties for sanctions violations.
Despite that climate, many financial institutions are struggling to match the pace and complexity of sanctions programmes. Data from a recent poll, conducted as part of Ripjar and FINTRAIL’s Sanctions Masterclass in November 2024 suggests that fewer than 30% of firms are conducting proactive, intelligence-led sanctions investigations, while over 20% are only screening customers against basic, primary data fields such as name and date of birth.
Speaking at the Masterclass event, Director of Sanctions and Screening at Wise, Parminder Turna, emphasised the need for compliance teams to go beyond basic name searches, and develop more nuanced screening strategies that capture the real risks that they face. “Every system control configuration calibration is firm-specific,” Parminder said. “While you can have rules and bounce ideas off your peers, you have to have confidence and really understand your programme.”
With that need in mind, we’ve drilled down into the detail of the Sanctions Masterclass discussion in order to draw out some of Parminder and the panel’s practical insights and advice for optimising your approach to sanctions screening.
1. Focus on the what, when, and why of screening
The complexity of the global sanctions landscape makes compliance daunting, especially for firms with broad international footprints. However, sanctions compliance gets smoother and easier when every member of the compliance team has sight of, and understands, the following compliance fundamentals: what are you screening, when are you screening, and why are you screening?
What: Your sanctions compliance team should be clear about what they’re screening customers against. That means understanding the “list landscape” and how your solution uses both internal company lists, and external lists such as politically exposed person (PEP) lists to generate alerts. Your team should also be clear about how identity and location data factors into compliance decision-making: for example, is third-party-provided location data based on your company’s risk profile?
When: In a risk-based compliance environment, teams should understand when, or in which circumstances, the sanctions screening process should be initiated. Screening triggers may involve, for example, the movement of a certain amount of money, transactions which involve certain high risk locations, or customer profiles that involve certain risk characteristics.
Why: Rather than going through the motion of browsing list entries, your compliance team should understand why the screening process is taking place. In other words, team members should understand both the regulations they’re working with (the relevant sanctions programme), and how they relate to the firm’s risk appetite. The calibration of the compliance programme can change what constitutes a ‘sanctioned jurisdiction’, and everyone needs to be clear about how that changes their screening approach.
Parminder doubled-down on the importance of screening basics during the Masterclass:
You want to go above and beyond, but sometimes it’s about the fundamentals. This is about understanding your business, your programme, and your own inherent sanctions risk. Sometimes we can lose sight of that.
Parminder Turna, Wise
2. Pay attention to detail
Since the Russian invasion of Ukraine in 2022, the volume of sanctions imposed by the West against Vladimir Putin’s regime has been unprecedented, with new restrictions imposed regularly. That pace of change, and the layers of compliance complexity it brings, means that financial institutions must stay up to date on the introduction of new measures – but also go beyond the official lists, by exploring the detail and nuance of every new regulation.
In practice, that should involve a closer examination of the regulatory texts themselves, with the goal of understanding what a regulator is looking for from obligated institutions. Firms should pull data from official sources – including press releases – map that insight to existing internal information, and use it to leverage as much information as possible from customers. You could, for example, conduct a gap analysis on every new sanction in order to keep your compliance solution as tight as possible and then, with that baseline established, uplift your screening process further through internal policies.
3. Prioritise quality and completeness
During the Masterclass, Turna referenced “garbage in, garbage out”, a phrase used regularly by data analysts to emphasise the low value of insight derived from the analysis of poor quality screening data.
In other words, compliance teams should prioritise the quality of data they’re collecting on screening targets before worrying about how they use it for decision-making.
This means validating the data that your team collects, and focusing on completeness. It’s worth remembering that the volume of sanctions data that firms must deal with in 2024 has increased by an order of magnitude – a shift that makes data completeness a challenging proposition. Not only do teams need to capture the relevant information from a global landscape of millions of data points, but analyse it effectively – and do so without overwhelming their compliance solution with false positives.
The challenges of quality and completeness demand an automated solution: firms must implement screening software that can address the challenges of their risk environment by incorporating, for example, searches of global news sources and watchlists, multi-lingual name matching, and even AI-enabled analytic tools.
The topic of enhancing screening data and taking sanctions screening beyond name matching was explored further in the Sanctions Masterclass by Ripjar’s Operational Data Science Lead, Abhijith Rajan, who outlined the benefits of moving to identity-based sanctions screening and incorporating linked data.
4. Understand how to operationalise alerts
We’ve talked about the fundamentals of sanctions screening – the what, when, and why – but what about the ‘how’ of screening? Here, ‘how’ refers to what your compliance team does when a customer name search delivers an alert. If, for example, a name search generates a hit on a sanctioned person from Iran, your team must be able to determine as quickly as possible whether that individual is a sanctions concern, or not.
If the alert is remediated as a false positive, then the transaction or business relationship may proceed. In the case of a true positive, the compliance team will need to take certain regulatory steps, not least recording and reporting details of the transaction to the authorities, and freezing the assets involved.
The precise method for dealing with a sanctions alert will vary by jurisdiction, but compliance teams must be confident that they understand their obligations wherever they operate.
5. Learn how to capture unstructured data
As part of a commitment to pursuing data completeness, compliance teams must learn to deal with unstructured data effectively. Whereas structured data, like the names designated on sanctions lists, is formatted, easily-readable, and predictable, unstructured data includes written prose in news articles, for example, social media posts, press releases, and so on.
Unstructured data is typically harder to identify and analyse than structured data but is often much more valuable, especially in a risk-based compliance environment where sanctions risk may, for example, be revealed in news media long before it is confirmed by official sources. In this context, having an adverse media search capability is a huge advantage for compliance teams seeking to be proactive about changes in risk.
Capturing unstructured data effectively, as part of a sanctions screening solution, adds to the need for firms to integrate automated search tools. That technology should have a global scope since it will need to capture millions of unstructured data points, across different sanctions lists, watchlists and media, in multiple foreign languages.
Discussing this point, Parminder raised the prospect of using AI innovations, and specifically natural language processing to this end: “I think there’s a really big opportunity to use LLMs to work on these unstructured data sets,” he said, “maybe as a detective, rather than preventive, control.”
6. Automate with understanding
On the subject of AI, it’s critical that compliance teams integrate new technology with a strong understanding not only of what it can do for the accuracy of their screening results, but how it generates those outputs. The value of AI tools (and indeed any reg-tech innovation) is predicated on their explainability to regulators since those details will be critical to the outcome of subsequent investigations.
FINTRAIL Senior Sanctions Lead Emil Dall emphasised this point during the Masterclass:
I think it’s important to keep in mind that any screening decision you make, you have to be able to explain to the regulator. So if you are using AI, you have to make sure that the governance around it is strong. Don’t pick an out-of-the-box tool and just run with it.
Emil Dall, FINTRAIL
That’s not to say that AI shouldn’t be integrated as part of the sanctions compliance process, just that financial institutions must be confident about how they use it. For some institutions, it may, for example, be more impactful to integrate AI tools for procedural tasks that would otherwise have been completed manually, such as name searches of unstructured data – rather than functions in which the tech is used in the detection or prediction of sanctions risk.
7. Evolve with your risk landscape
All measures that optimise your sanctions screening solution should be taken with the understanding that they will eventually become outdated and need to be replaced. That’s not a pessimistic take, but rather an acknowledgement of the inherent fluidity of the sanctions landscape and that no single solution can ever be ‘one and done’.
In practice, this means being ready to adapt your screening solution to your risk environment, performing gap analysis regularly to find emerging vulnerabilities, and staying up to date on industry innovations and opportunities to strengthen. In this environment, flexibility and accuracy should be priorities, and financial institutions should seek to build a screening tech stack which reflects that need.
Even with the benefit of technology, however, the sheer complexity and pace of the evolving sanctions challenge may seem overwhelming to some firms, and leave them racing to shore up gaps in their screening solutions. Parminder noted that the challenge involves managing “the operational volume of BAU alerts” generated by screening activities – which can make firms feel they don’t have the capacity “to start looking at different networks of sanctions and evasion typologies”.
However, Parminder also pointed to the huge amount of resources available to help compliance teams steer their organisations through sanctions uncertainty. He listed numerous examples during the Masterclass, including official government publications, best practice guidance, think tank articles, and alerts such as those issued by the Office of Foreign Assets Control (OFAC).
“There are so many different data sources out there in structured or unstructured formats,” said Parminder. “You can incorporate that data into a typical sanctions screening programme. Every time there’s a new designation, how many people will actually go and read the press release? There’s some really interesting information in there.”
Integrate Automated Sanctions Power
Don’t wait for practical sanctions challenges to start testing your screening solution. With regulators bringing harsh non-compliance penalties down on firms that breach restrictions, it’s more important than ever to be confident about your ability to detect and deal with risk.
Ripjar’s sanctions screening solution is designed to help financial institutions address those challenges, optimise their sanctions compliance performance, and harness global risk data to empower decision-making.
Powered by cutting-edge AI, it enables real-time name searches of global sanctions lists and thousands of media and data sources from around the world. The platform includes powerful search support features, including AI Risk Profiles which extract the most relevant information about customers, and AI Summaries, a generative AI (GenAI) feature that adds concise prose descriptions of a target customer’s AML risk to their risk profile.
Identifying risk in your client portfolio is a huge ongoing challenge, so one of the most critical questions Chief Compliance Officers (CCOs) must answer is whether to build or buy technological tools for negative news screening.
While building a tool from scratch gives an organisation total control over its development and use, it can become a burden on your time and resources. It demands specialist technical support, significant time for testing and deployment, and constant monitoring to keep it up to date with the latest technological advancements in AI and machine learning.
On the other hand, adopting a tool from a specialist vendor may reduce your level of control, but it offers technical expertise, ongoing support, and advanced, AI-led software that minimises disruption and boosts long-term efficiency.
Build: What are the limits of an in-house solution?
Many organisations will opt for an in-house solution. This provides the maximum level of control over the software, allowing firms to develop it according to exacting specifications.
But they also come with major limitations:
They can quickly become outdated with rapid technological advancements, especially surrounding artificial intelligence (AI) and machine learning, necessitating expensive and time-consuming ongoing development.
Solutions that fall behind in technology can produce overwhelming false positives, expensive backlogs, and poor client outcomes.
A lack of specialist in-house resources means tools may not perform optimally, such as with over-reliance on ‘fuzzy matching’, which often produces poor outcomes.
Sifting through false positives to account for non-optimal performance can be a lengthy task and a waste of precious human resources.
Organisations may lack the resources to promptly service an in-house system in case of an outage or other technical difficulty.
Buy: What are the advantages of an AI-led solution?
Sourcing an AI-led solution from a specialist vendor is the obvious alternative. Although many organisations may be wary of outsourcing a critical operation to a third party, they offer the kind of expertise and ongoing support some firms lack on their own.
An AI-led solution can:
Dramatically reduce false positives, provide intuitive and easy to understand analysis, and support a more robust screening capability.
Harness enormous amounts of unstructured data to produce new insights on customer risk, dramatically improve results, cut down on false positives, and overcome inefficiencies.
Give compliance teams complete oversight and control during investigations, cutting out the unnecessary middleman and ensuring more accountability, transparency, and efficiency.
Scale without necessarily needing to hire more staff members. This scalability means that AI-led tools have a positive return on investment, making the compliance function a growth enabler rather than a cost burden.
Remove redundancies and improve overall efficiency, allowing teams to focus on real instances of financial crime risk.
Furthermore, vendors specialising in AI-led technology for anti-financial crime have the resources and expertise to concentrate more effectively on technology advancements, specific regulatory requirements, and producing tools with a good and proven user interface. They also have clear roadmaps for improving their systems, often based on user feedback.
Screening Innovation: Labyrinth Screening, featuring AI Risk Profiles
CCOs must tackle a whole range of challenges when it comes to screening. Customer data can be limited and problematic, while media data can be noisy and imprecise. Many screening methods generate a large number of false positives, struggle to achieve accuracy at scale, and put a significant time burden on analysts.
Ripjar’s screening solution features AI Risk Profiles which are designed to address these challenges directly, saving analysts time and increasing accuracy in customer screening.
Data from both structured and unstructured sources is reviewed to build individual profiles for people and organisations, with advanced natural language processing extracting the most relevant items necessary to give a clear and complete view of relevant risks as quickly as possible.
AI-powered multilingual name matching and entity resolution are used to overcome screening challenges such as common or high profile names, helping ensure your organisation’s regulatory compliance by identifying risks other screening methods might miss.
This approach also captures a huge number of secondary identifiers – such as dates of birth, nationalities, locations and roles – from unstructured text.
This vast expansion of context leads to richer data and better recall. Standard watchlists are also enriched with these additional properties, improving sanctions and PEP screening accuracy.
80% of AI Risk Profiles contain secondary identifiers, which is key to reducing false positives. Testing has shown that there can be as much as a 91% reduction in false positives alongside a 5% improvement in recall.
By aggregating these properties across millions of articles, Ripjar’s screening tool can assign identifiers to entities at a scale which is simply not possible in human-curated profiles, and at an accuracy not achievable with article-based risk evaluation.
We’re proud to have been recognised as Category Leaders in the Chartis RiskTech Quadrant for KYC Solutions 2024.
Completeness of offering was assessed through criteria including KYC risk scoring, reporting and dashboarding, customer profile enrichment, customer onboarding and customer maintenance.
With an increasing industry focus on more sophisticated data use in KYC processes, the ability to integrate and fuse disparate data sources while maintaining strict data security controls was a key differentiator for Ripjar, alongside our advanced data analytics.
We were also identified as having best-in-class capabilities for enriching customer profiles with additional data, which is an area in which our screening solution adds significant value to our customers.
“Ripjar’s category leader placing in Chartis’ KYC Solutions quadrant reflects several initiatives, including expanding on its strong analytical foundations with graph analytics, artificial intelligence and more comprehensive risk profiles,” said Phil Mackenzie, Research Principal at Chartis. “In addition to this expansion, Ripjar has increased the scale and complexity of its deployments in tier one financial institutions, grown its corporate business and maintained a strong partnership strategy.”
Chartis RiskTech100 2025
The KYC Solutions quadrant isn’t our only recent recognition by Chartis. We’re delighted to be included once again in the Chartis RiskTech100, which ranks the world’s top companies in risk and compliance technology.
Our continued inclusion in the RiskTech100 is testament to our ongoing commitment to screening innovation and helping our customers meet their increasingly complex compliance responsibilities and evolving regulations.
“We’re delighted to have been recognised in Chartis’ research. Our goal is to help our customers transform the data available to them so they can efficiently and effectively take a broad view of risk. Chartis has taken the time to understand the challenges our customers face with unprecedented regulatory requirements, as well as the ways in which technology can be used to transform their screening operations,” said Gabriel Hopkins, Ripjar’s Chief Product Officer.
In July 2024, Germany’s financial supervisor, Bundesanstalt für Finanzdienstleistungsaufsicht (BaFin) updated its Auslegungs und Anwendungshinweise (AuA) which sets out compliance guidance for Germany’s Money Laundering Act, known as Geldwäschegesetz (GwG).
The draft guidance — AuA 2.0 — precedes the incoming EU Anti-Money Laundering Act (AMLA) which will introduce new anti-money-laundering (AML) and counter-financing of terrorism (CFT) rules across all member states, and change regulatory compliance obligations for many businesses. BaFin’s AuA 2.0 focuses on a number of emerging compliance risk factors, such as the rise of cryptocurrency, and includes new adverse media screening requirements.
With AMLA set to come into effect in July 2025, the window for preparation is starting to close and, while Germany’s final AML compliance landscape under the new regime is not fixed, BaFin is seeking to offer clarity to obligated entities.
Let’s take a closer look at the key points from AuA 2.0.
Mandatory Adverse Media Screening in Germany
One of the key points in the updated AuA, is BaFin’s emphasis on the need for adverse media screening. While acknowledging there is no explicit legal obligation, BaFin makes it clear that firms in Germany must include adverse media screening as part of their AML risk assessment process.
AuA 2.0 states that “screening customers using sanctions or high-risk country lists alone” is no longer sufficient, and firms must “use all knowledge available to them… for example from media analyses” in order to establish risk in accordance with international AML standards.
Insurance Holding Companies Under AML Scope
BaFin expects that Germany’s new compliance regime will expand the scope of AML regulations to insurance holding companies. As obligated entities under the GwG, insurance holding companies will have to implement AML reporting and record-keeping, and screening and monitoring obligations.
The expanded scope ensures a tighter focus on firms that are particularly vulnerable to money laundering risk, and will enhance regulatory consistency within Germany.
Outsource Oversight and Business Relationships
Where German firms outsource their AML compliance, BaFin emphasises that these organisations remain directly responsible for the function. This means that firms must ensure that third-party AML providers are capable of achieving a satisfactory level of AML compliance and, if necessary, implement internal safeguards.
BaFin also clarified the term “business relationship”, suggesting that, beyond one-off transactions, it should also apply to irregular and infrequent cases of customer contact. In these contexts, firms are expected to conduct suitable customer due diligence (CDD) in order to identify customers for AML purposes.
Risk Analysis
BaFin offers advice on the assessment process that firms are expected to conduct as part of their risk-based approach to AML compliance. AuA 2.0 sets out an explicit list of sources and guidance that firms should adhere to when conducting risk assessments, these include:
Under AuA 2.0, firms must update their customer due diligence (CDD) checks on customers more frequently, especially in higher risk cases. Under the new regime, the intervals for updating CDD checks are as follows:
Time between updated CDD check
AuA (old version)
AuA 2.0
Low risk customer
No longer than 15 years
“Risk appropriate” updates
Medium risk customer
No longer than 10 years
No longer than 5 years
High risk customer
No longer than 2 years
Annual updates
Crypto Asset AML
AuA 2.0 highlights the new AML risks posed by cryptocurrencies and virtual assets. Accordingly, under the new regime, crypto-asset service providers will fall under the scope of AML regulations. BaFin states that these firms will be expected to use blockchain analysis software in order to monitor customer transactions involving cryptocurrencies and other virtual assets.
Similarly, AuA 2.0 highlights the need for crypto-asset service providers to apply enhanced due diligence (EDD) measures when handling transactions of €1,000. EDD should also be applied when handling transactions that involve “self hosted addresses” in order to account for the elevated AML risk associated with blockchain technology.
Money Laundering Officer
AuA 2.0 clarifies the role of the Money Laundering Officer (MLO) for firms that operate across international borders. In this context, BaFin states that the MLO must carry out their supervisory activities in Germany. A cross-border firm may appoint a foreign proxy to act as MLO, but that person must carry out their MLO activities in Germany.
Further to that clarification, BaFin states that companies with fewer than 15 full time employees should factor in their AML risk exposure when deciding whether to appoint a member of their own management to the MLO role. BaFin also states that the MLO should generally not simultaneously hold the role of outsourcing or data protection officer, or be a member of the internal audit team.
Whistleblower Reporting Office
BaFin states that firms only need to establish a single internal reporting office to meet the GwG’s whistleblower requirements. It points out that the internal reporting office must facilitate confidential and anonymous reporting, to the standards set by Germany’s FIU.
Preparing for Germany’s New AML Regime
Stay ahead of AMLA compliance challenges, and prepare your organisation for Germany’s new AML regime with Ripjar’s Labyrinth Screening platform.
Powered by cutting-edge artificial intelligence, Labyrinth enables global adverse media screening of thousands of data sources, in multiple foreign languages, and delivers actionable compliance intelligence in seconds. Labyrinth’s advanced AI features promise to supercharge the screening process from end to end: identify, extract, and connect the most relevant unstructured data with AI Risk Profiles, and use AI Summaries to support high pressure compliance decision-making by generating clear, concise prose summaries of risk for each customer.
In a financial landscape progressively embracing AI as a productivity tool, generative AI (GenAI) has the potential to be a game-changer for anti-money laundering (AML) compliance. GenAI screening tools are capable of detecting patterns and relationships within data which, in compliance contexts, means identifying and analysing unstructured data and delivering financial intelligence faster than conventional screening – without the same potential for costly false positive alerts.
However, GenAI also has its challenges. Some tools have been known to deliver unreliable results or fabricate results entirely as ‘hallucinations’, while developers are often unwilling to disclose how their platforms work, which is a problem for compliance investigations. Those issues have made many firms understandably reticent about integrating GenAI in compliance, despite its advantages.
With that in mind, the best approach to GenAI integration in compliance is one based on careful consideration of available data. Equipped with the right insight and expertise, firms will not only be able to integrate innovative new tools safely, but optimise them to deliver the best compliance results. If you’re ready to explore GenAI as part of your compliance solution, let’s look at some of the most important practical considerations of that process.
What are the possibilities of GenAI integration in compliance?
Many industry observers frame AI as a game-changer in the fight against financial crime. With the potential to reshape data management and analysis, the technology offers specific anti-money laundering compliance advantages, including:
Automated analysis of structured and unstructured risk data
Automated summaries of large volumes of data as concise prose paragraphs
Identification of trends, patterns and connections within and between data sets
Quality assurance and verification of human AML compliance decisions
The possibilities of GenAI are appealing, but it’s important that compliance teams understand its limitations, not least the potential for hallucinations, and the lack of insight into how it generates outputs. Those factors mean that risk-averse firms should take a slower approach than their peers, waiting for more industry data, and regulator guidance, before deploying new AI tools.
What do regulators think about GenAI compliance integration?
Regulatory perspectives on the use of AI in compliance vary. While some regulators are seeking to impose overarching new rules frameworks to account for the rapid uptake of the technology, others are taking more principles-based approaches. Most regulators, including the Financial Action Task Force (FATF) have acknowledged the potential for AI to make compliance both easier and cheaper, but have also urged caution, pointing specifically to the need for explainability and transparency if the technology is to have a meaningful compliance impact.
While few jurisdictions have made substantive progress towards AI-specific compliance regulation, the EU has stood out by passing the Artificial Intelligence (AI) Act in May 2024. Characterised as a landmark regulation, the AI Act will be industry-agnostic, classify AI systems by the amount of risk they present, and require proportional compliance measures. Aspects of the legislation will be implemented over the course of several years up to 2030.
Practical AI Compliance Tips
As regulators find their feet, it’s important that firms keep a perspective on the GenAI horizon and don’t miss out on opportunities, or fall behind competitors. With that in mind, CFOs and their compliance teams should think ahead about how they will integrate GenAI tools successfully within existing anti-financial crime (AFC) frameworks when the time is right.
Consider the following key practical AI adoption tips:
Think about your compliance needs
GenAI innovations hold undeniable potential, but they are not compliance silver bullets. The impact of GenAI will depend on numerous contextual factors, not least the need for firms to understand the technology’s capabilities and limitations.
GenAI tools are currently best suited to the analysis and summarisation of large amounts of data, such as the results of adverse media searches. On the other hand, the technology is not as effective at running and generating the results of adverse media searches – other AI techniques are better suited to this. That factor should inform decisions about GenAI possibilities within a given business infrastructure, and means that some firms should consider a low effort, high impact integration of GenAI, before iterating to broader applications.
Don’t rebuild from the ground up
It’s important to think about current GenAI technology as a way to enhance existing compliance systems, rather than replace them. In practice, this means that you shouldn’t be rebuilding your entire tech infrastructure from scratch to accommodate GenAI tools.
In fact, most GenAI solutions are conducive to a staged and layered approach to integration which enables firms to maintain existing AFC controls as they get used to the new technology, and before committing to new compliance strategies. This option is particularly useful for transaction monitoring processes, since firms often use both traditional, rules-based systems alongside AI overlays, running outputs through the AI tool to refine results and create better screening outcomes.
Focus on data
The principle ‘good data in, good data out’ is typically reliable in screening contexts. The higher the quality of adverse media inputs, for example, the more accurate the risk profiles that firms can create for their customers. This principle applies just as much to GenAI screening tools, meaning that firms should seek to train them on robust data sets with sufficient depth and quality.
However, it’s important to remember that screening data quality will never be ‘perfect’ and firms shouldn’t wait for it to reach that hypothetical standard before deciding to integrate GenAI innovations. Consider potential use cases for GenAI integrations and prioritise data sets that will enhance the impact of your GenAI tools. If your adverse media data quality is high, for example, focus on GenAI integrations within your adverse media screening solution, and work to optimise these.
Consider the cost of expertise
GenAI adoption represents a new cost metric which must be considered alongside the context of the wider compliance budget. While larger businesses may have the in-house resources to research and deploy GenAI tools, other firms may need to consider whether to recruit new expertise or find a partner who can help them handle the process.
The projected cost of GenAI adoption should account for the speed with which the technology is developing. Firms should think about whether in-house GenAI integration is something that can be sustained over time – an effort that will require ongoing software updates, expertise and governance refreshes, and technology upgrades.
Select an effective partner
Firms that choose a third party to help manage their GenAI adoption and integration must be confident that their partner understands their compliance needs and vision, and can grow with their business.
Given the complexity of the GenAI landscape, and its pace of change, it’s important that the partnership allows for collaboration and open dialogue. You should understand how your partner will approach the design and deployment of your GenAI tools, what training will be provided, how the technology will be managed day-to-day, and what kind of post-integration support will be available.
Validate and test
The relative unfamiliarity of GenAI as part of compliance solutions means that firms must factor the validation and testing of system outputs into the adoption and integration process. The timescale for validation and testing will vary for each individual firm but should serve to ensure that the results the new tools generate align with the needs of the business. Validation and testing will also strengthen employee skills with the new technology, build confidence, and importantly, identify problems and risks.
The validation and testing process should not be limited to the pre-adoption phase. Firms should implement an ongoing testing schedule to identify emerging problems.
Empower employees
While GenAI represents a step forward in compliance automation, human compliance employees will remain critical. Human expertise will be needed to not only validate the outputs of GenAI screening, for example, but to intervene to address problems and to explain results to third parties as part of law enforcement investigations.
With that in mind, GenAI adoption should include a focus on the training and skills of users. Effective training will not only optimise the impact of new GenAI tools but ensure that the compliance team can adapt to changes, including emergent risks and innovation opportunities.
Embrace GenAI Screening Power
It’s time for CFOs to start thinking about the possibilities of GenAI, and what integration might look like in their organisations – not just in terms of advancing compliance, but staying ahead of customer expectations. Adoption and integration of GenAI promises both opportunities and challenges but the right partner can ensure firms identify and address pain points quickly, and move forward with confidence.
Built with cutting-edge AI and machine learning technology, Ripjar’s Labyrinth Screening system has proven compliance impact, enabling firms to conduct real-time global name searches across thousands of data sources, in multiple foreign languages, and deliver financial intelligence in seconds. Enhanced with GenAI innovation, and designed with decades of industry expertise, Labyrinth extracts the most relevant information from vast unstructured data sets, and uses that information to generate deep, detailed customer risk profiles with concise prose summaries, so your team can make stronger, faster compliance decisions.
AI technology is changing global banking and financial services, with new commercial opportunities, and new criminal risks, prompting governments to reconsider their positions on supervision and legislation. Regulator attitudes reflect that shift, with some supervisory bodies leading with overarching AI compliance frameworks or, alternatively, taking a principles-based approach. Meanwhile, others are holding off completely, waiting instead for more data, and more insight, to better shape their response.
AI Regulations: Compliance Challenges
The pace of AI innovation, and the diversity of regulatory perspectives, have made many firms reluctant to adopt the technology within existing compliance infrastructure. Aware of that hesitancy, both governments and supervisory bodies are working to develop their technical expertise in order to make informed decisions, and ultimately, implement better AI laws.
With that in mind, many regulators have indicated that they understand the potential of AI to enhance anti-financial crime (AFC) efforts, including the promise of powerful new capabilities to detect and prevent damaging activities such as money laundering and the financing of terrorism. The UK’s Financial Conduct Authority (FCA), for example, has stated that it is ready to “make the UK the global hub of AI innovation”, while the government of Singapore re-launched its National AI Strategy in 2024, stating that it wants the city to be “a place where AI is used to uplift and empower” people and businesses.
Regulator efforts to nurture AI innovation demonstrate a broad acceptance of the potential of the technology to enhance compliance. It also means that the regulatory landscape will continue to evolve rapidly, and that firms should be ready to adapt to changing rules.
Global Perspectives
Let’s take a look at the current AI perspectives of key global regulators.
In that document, the FATF explores the potential for AI to enhance implementation of its anti-money laundering (AML) and counter-financing of terrorism (CFT) standards, not least by making firms’ compliance efforts “faster, cheaper, and more effective”. The report focuses on the technical compliance possibilities of subsets of AI, such as machine learning and natural language processing, that can help firms screen customers against vast data sets, recognise patterns that human compliance teams might miss, make predictions and recommendations, and facilitate stronger decision-making.
While emphasising the potential for positive change, the FATF has also cautioned that AI compliance innovations must offer sufficient explainability and transparency. Those factors are critical in investigative contexts given the need for data to be scrutinised and verified by regulators, authorities and auditors.
The European Union
The EU has been relatively proactive in its approach to AI regulation, opting to develop an overarching legal framework as early as 2021. On 9 December 2023, the EU Parliament reached a provisional deal on its AI Act, which was characterised as a landmark bill and the first of its kind in the world. The EU Council adopted the AI Act on 21 May 2024, and the regulation is expected to come into effect across the EU at some point in Q3 2024.
The Act will serve as an industry-agnostic, risk-based framework that will pave the way for the EU to shape the use of AI and address its risks. The EU’s stated goal is to ensure that use of AI is “safe, transparent, traceable, non-discriminatory and environmentally friendly,” and that it continues to be “overseen by people”, rather than automation.
Under the EU’s new regime, national regulators will classify AI systems by risk, and apply proportionate compliance requirements. The EU has set out an implementation timeline for the AI Act which will see certain aspects of the legislation come into force up to 2030, including the addition of AI literacy requirements and prohibited AI practices.
The United Kingdom
The Financial Conduct Authority has characterised itself as “technology-agnostic”, pointing out that it does not regulate technology, but the use of technology and technology’s impact on financial services. The regulator has expressed a commitment to innovation in its approach to AI in compliance contexts, and revealed that it is already using AI tools to detect certain criminal activities. The FCA has invested in the development of AI compliance technology through horizon scanning, synthetic data capabilities, and a “first of its kind” digital sandbox in which firms can test their innovations safely.
It is unclear whether the UK will follow the EU’s regulatory approach but the government has indicated that it will seek to apply principles-based AI regulations and prioritise international harmonisation. In 2021, the UK government published its National AI Strategy, which included details of a proposed regulatory framework that would be “proportionate, light-touch, and forward-looking”. In February 2024, the government published a whitepaper offering further detail on its “pro-innovation approach” to AI regulation.
In April 2024, the UK government began the early-stage discussion of an AI Regulation Bill. The Bill was ultimately paused following the dissolution of the UK parliament for the 2024 general election.
The United States
There is currently no federal regulation of AI in the US, but the Financial Crimes Enforcement Network (FinCEN) has recognised the potential of the technology to enhance anti-money laundering and counter-financing of terrorism strategies, while reducing the cost of compliance. State-level AI regulation standards vary across the US with many state governments enacting, or proposing to enact, transparency-focused requirements to prevent fraud and protect intellectual property rights.
While it has not matched the regulatory pace of other world governments on AI, the Biden administration introduced the Algorithmic Accountability Act in 2022, and an Executive Order on Safe, Secure and Trustworthy AI in 2023. Both articles of legislation require firms to assess the impact of AI systems in order to ensure transparency and fairness, and to share certain information with the government.
In 2022, the Biden administration introduced a blueprint for an AI Bill of Rights. The document represents a set of principles that firms may use to govern the “design, use, and deployment” of AI systems in a manner that aligns with the rights of American citizens.
Cutting-Edge AI Screening
Ripjar’s Labyrinth Screening platform helps firms stay at the cutting-edge of AI in compliance, with proven global screening tools built on decades of regulatory expertise. Labyrinth’s AI-powered screening gives users the power to extract risk-relevant data points from millions of unstructured sources, build in-depth customer profiles in seconds, and use generative AI to create concise prose summaries of each profile in order to speed-up compliance decision-making.
Transportation factors into an array of serious criminal activities, including money laundering schemes. Where some criminals attempt to launder illegal money through the purchase of high value cars, others may use transportation networks or a vehicle itself to facilitate illegal activities including insurance fraud, county lines operations, drug dealing and people trafficking.
As transportation-linked criminality evolves, it falls to businesses, such as automobile dealers, rental companies, and logistics companies, along with their compliance teams to mount an effective response – an effort that includes implementing screening solutions to identify risks. In most cases, screening can make a huge difference to stopping transportation-linked crime, not least by surfacing adverse media that exposes the threat certain customers pose.
In the face of legislation such as the UK’s imminent Economic Crime and Corporate Transparency Act, which brings with it the new “failure to prevent fraud” offence, it’s important for automobile and transport businesses to put clear processes in place now.
Let’s take a look at some key examples of transportation-linked criminality, and explore the most effective screening strategies to help firms stay ahead of risk.
The Automobile Industry
The automobile industry generates a significant amount of revenue which makes it an attractive medium through which to disguise and transform dirty money. Beyond that potential to launder money, the car itself may also become an instrument for criminality and be used in thefts and robberies or even violent crimes.
Money Laundering in the Automobile Industry
Although the details of automobile money laundering schemes vary, certain strategies are common. Criminals purchase and then sell cars as a way to transform dirty money quickly, sometimes even inflating or deflating the transaction price to meet a required amount. These transactions often take place across different jurisdictions, with criminals buying a car in one country and selling in another as a way to exploit disparities in AML controls. In some cases, both the criminals and auto dealers may be involved in the laundering scheme, and a vehicle may not even change hands following the transaction.
Luxury cars and brands carry particularly high AML risk since they typically command extremely high prices, often far in excess of jurisdictional reporting thresholds (usually around £10,000). Once purchased, luxury vehicles can then be moved between locations, hidden, or sold on. The automobile industry is not the only target for this type of money laundering – many criminals purchase yachts as part of the same strategy, and move them between ports for resale.
Car Rental Crime Risks
Car rental companies, in particular, need to be aware of the risk of their vehicles being used in crimes, and put appropriate measures in place to stop that happening. Rental companies should be particularly aware of the risk of:
Organised crime: Many organised criminal gangs target car rental companies in order to obtain cars which can subsequently be used in crimes, including violent crimes, trafficking, and robberies. A gang will typically rent the car under a false name and credentials, commit a crime with the car, and sometimes may then even ship the car off overseas to make it much harder to trace.
Terrorism: Similarly, cars may be used in violent crimes. Terrorists may, for example, rent a car or vehicle to carry out an attack, rather than purchasing it outright, making it harder for them to be traced.
Stolen Cars and Spare Parts
Criminal activity in the automobile industry can also include the theft and sale of stolen vehicles and the trade of illicit spare parts, which may be stolen or fake. The trade of stolen cars and parts often has strong links to organised crime, and provides gangs with a lucrative source of income which must subsequently be laundered. The second half of 2023 saw a dramatic 39.5% jump in car thefts in the UK, compared to the same period in 2022. Car thefts are often predicate crimes, facilitating smuggling operations, trafficking of drugs and humans, and even violent attacks.
The internet has increased the trade of stolen cars and car parts, offering criminals possibilities to conceal their identities and complete the transfer of funds quickly. The sharp increase in online trade of stolen cars and parts has, in turn, increased scrutiny from regulators and law enforcement agencies.
Automobile Industry Red Flags
Common red flags of automobile industry criminality include:
Inconsistent, damaged, or altered customer identity information
Unwillingness or refusal to produce identifying information prior to a purchase or rental
Buyers that are particularly eager to complete transactions regardless of price
Buyers making multiple vehicle purchases or rentals in a short space of time
Discrepancies between a buyer’s income and the price of the car purchased
Purchases or rentals made on behalf of third parties, such as family members or shell companies
Adverse Media Screening Advantages
Adverse media screening can give automobile firms a significant advantage in the fight against crimes that involve their cars, products and services. In particular, searches can surface stories that link customers to organised crime, and to terrorist activities around the world. Global adverse media screening capabilities are critical in this context given the potential for criminal schemes to involve multiple countries.
Transportation-Linked Crimes
Transport linked criminality extends beyond the automobile industry, and involves a broad variety of methodologies.
County Lines Operations
County lines operations refer to a type of drug trafficking in which criminals exploit vulnerable people to transport their illegal drugs and money between locations. Transport is an integral part of this type of criminal activity since purchased drugs must be physically conveyed to buyers, often over long distances, using vehicles or public transport such as trains. With that in mind, cars are typically chosen for county-lines trafficking because they can be bought or hired relatively cheaply, often using the proceeds of crime.
A 2018 report by the National Crime Agency identified that over 60% of county lines operations use road networks to distribute drugs. Of that number, over 50% of operations involve cars or buses, with 25% of those operations using private cars, and 16% using rental cars. And it is further understood that there has been a increase in rental car involvement since Covid-19, due to changes in tactics which evolved in response to the pandemic.
County lines-related automobile purchases and rentals may differ from other criminal methodologies because criminals may not target particularly high value or high status cars as a means to transport drugs.
County lines operations may also be closely linked to human trafficking. Criminal gangs may recruit vulnerable people from outside a local area, or from a foreign country, to transport drugs on their behalf.
County Lines Red Flags
Common red flag indicators of county lines activity include:
Inconsistent, damaged, or altered identifying information during car purchases or rentals
Unwillingness or refusal to produce identifying information prior to car purchase or hire
Disparities between a buyer’s income and the car purchase they are making
Customers making multiple car purchases or hires over a short period of time
Foreign buyers or buyers with no apparent links to the location in which they are purchasing a car
Customers that are unfamiliar with the area in which they are purchasing a car
Customers that are reported missing persons or that have reappeared after a long absence without an adequate explanation
Logistics Companies
Certain criminal schemes, including money laundering, involve the targetting or exploitation of logistics and delivery companies. Cargo crime, or freight crime, refers to the theft of cargo from a logistics company, with criminals typically breaking into the delivery vehicle as it is parked, and taking the goods that it is transporting. Alternatively, criminals may steal fuel from the parked delivery vehicle for the purposes of illicit resale.
Criminals may also use logistics and delivery companies to launder money by sending high value items (such as cars and jewellery) across borders, often to jurisdictions with much lower AML requirements. In this context, criminals will typically disguise the truth about the cargo being sent in order to mislead or evade the scrutiny of authorities.
Logistics companies are also often exploited in sanctions evasion strategies, with criminals using them to evade trade restrictions and deliver prohibited items. Electronics components, for example, present a particularly high sanctions risk because of their potential for military end-use. Criminals can disguise these items as different types of cargo, and send them, via shipping companies, to sanctioned targets in other countries, including extremely high risk locations such as Russia, North Korea, and China.
With that in mind, without adequate checks on both ends of a transaction – i.e on both sender and recipient – a logistics company may inadvertently facilitate sanctions evasion, transport of prohibited goods to a sanctioned individual, or may become involved with a third-party company that violates sanctions compliance.
Logistics Red Flags
Red flag indicators of money laundering in the logistics industry include:
Manipulation of ship identification data, such as the deactivation of an Automatic Identification System (AIS)
Use of abnormal or non-optimal transport routes
Frequent registration changes, especially re-registration of ships
Irregularities in cargo or vessel identification documents
Complex ownership or management of third-party shipping companies
Irregular maritime shipping practices, such as ship-to-ship transfers
Benefits of Adverse Media Screening
Like the automobile industry, transportation-linked criminality is global in scope – a factor that increases the need for, and importance of, effective adverse media screening. Since changes in sanctions risk are typically revealed in news stories prior to official confirmation, it makes sense for screening solutions to emphasise stories about international criminal risk, such as human rights crimes.
Adverse media screening has the potential to surface a wide variety of risk data: in county lines operations, for example, compliance teams may be able to establish that they are dealing with a missing person by capturing social media data or other stories about the disappearance.
In some cases, law enforcement authorities and regulators release customer black lists to logistics firms and other transportation businesses, in order to support screening compliance. The EU, for example, publishes its list of high risk third countries that indicates jurisdictions with unsatisfactory AML controls.
Addressing Transportation Risk with Effective Customer Screening
Automobile dealers, rental companies, and other transportation-linked businesses should understand their status as potential targets for criminal schemes, and be capable of meeting regulators’ expectations. As part of this responsibility, firms must be able to capture risk accurately, at scale, and on an ongoing basis, by deploying appropriate Know Your Customer (KYC) measures, such as enhanced due diligence (EDD), transaction monitoring and, most importantly, customer screening.
Given the global scope of transportation-linked criminality, robust customer screening solutions should be a compliance priority for automobile and transport industry firms, and include tools capable of searching and analysing adverse media stories from around the world. Adverse media screening is critical to the early detection of transportation-linked criminality, not least because of the frequency with which criminals exploit disparities in international compliance rules, and involve multiple foreign persons.
The challenge for adverse media screening in the automobile industry (and beyond) is the need to capture all that risk without generating an overwhelming amount of false positive alerts that ultimately overwhelm compliance teams.
Next Generation Adverse Media Screening Solutions
Ripjar’s Labyrinth Screening platform is designed to meet the challenge of handling vast amounts of risk data, streamlining the customer name screening process, without compromising accuracy, in order to support strong compliance decision-making.
Labyrinth Screening enables searches of thousands of global media sources, including news stories, websites, and sanctions lists, in multiple languages, and delivers actionable financial intelligence in seconds. The platform is built to help firms adapt to a shifting risk landscape, and features an array of cutting-edge AI tools: AI Risk Profiles, for example, automatically build out rich, detailed customer profiles from only the most relevant data, while AI Summaries generate a concise prose summary of each profile in order to clearly highlight potential threats.
Name screening is fundamental to anti-money laundering, enabling firms to more accurately capture the level of financial compliance risk that individual customers present, and then deploy appropriate mitigation measures.
Often a regulatory requirement, AML name screening is critical in the fight against financial crime but typically involves the collection and analysis of vast amounts of structured and unstructured data, and the accurate matching of that information to specific individuals. In contexts where firms struggle to meet those obligations or to manage the screening data burden, automation often provides an advantage – if integrated effectively.
Given the critical role it plays in combating money laundering, firms must understand how to implement effective name screening – and how to optimise their screening tools as part of a wider compliance solution.
What is AML Name Screening?
AML name screening is the process of searching customer names for their designation on official sanctions lists, PEP lists and watchlists, or in negative news (adverse media) stories, in order to accurately gauge the level of money laundering risk that they present.
When firms find customer names designated on relevant sanctions or watchlists, or in negative news media, that information should generate an alert, inform the customer’s risk profile, and ultimately help the compliance team take appropriate action. This may include declining their use of services, freezing transactions or forwarding information to the authorities.
Firms may take different approaches to AML name screening:
Manual Screening
A manual name screening process involves manually searching for names in lists and datasets, or using public search engines such as Google or Bing to search customer names with the aim of identifying potential risk. Manual screening may generate usable risk data but is limited in a number of important ways. For example, a search engine’s algorithm may deliver inconsistent or incomplete results, de-prioritise critical information, or block some results under regional data laws. Manual searches may also be time-consuming and vulnerable to human error, especially in cases where large numbers of names must be checked.
Automated Screening
Firms can automate their AML name screening with software tools that are capable of searching through vast amounts of structured and unstructured data with speed and accuracy, reducing the potential for human error. Automated name screening tools allow compliance teams to tailor their searches, review thousands of global data sources in seconds, and then categorise and analyse that data to facilitate stronger decision-making.
AML Risk Data Sources
The AML name screening process typically captures risk data from the following sources:
Economic sanctions lists featuring the names of individuals, organisations and countries subject to economic sanctions imposed by governments.
Politically exposed person (PEP) lists featuring the names of elected and unelected officials such as politicians, government officials, members of the military, and so on.
Government watchlists featuring the names of persons known to pose a financial criminal risk.
Adverse media sources including established news organisations, blogs, websites, forums, and social media posts.
Why is AML Name Screening Important?
Most jurisdictions set out risk-based AML compliance requirements, which makes name screening an essential part of an effective AML solution, and critical to avoiding costly regulatory penalties.
Beyond regulatory obligations, name screening has a significant and meaningful impact in the global fight against money laundering. The value of name screening lies in both the quantity and quality of risk data that it can provide. Vital risk information gained from sanctions lists, PEP lists and watchlists can be enhanced and given additional context from adverse media results. For example, a firm may discover a news story about a customer’s involvement in a foreign money laundering investigation, containing information that may not have been reported by domestic outlets, and which may not be officially confirmed for months. Informed by that screening data, firms can adjust the customer’s AML risk profile and take appropriate action to avoid a compliance violation.
Global Screening Challenges
Although it is an indispensable part of modern compliance, global AML name screening can present administrative and practical challenges. The most common include:
Data Volume
The sheer amount of data involved in AML name screening can be overwhelming. Firms must consider their search parameters carefully, taking into account the regions and languages in which searches should be conducted, and which watchlists or news publications they need to search. Certain searches may generate a huge amount of alerts, including false positives and redundant duplicate stories, all of which need remediation.
Data Quality
Not all risk data is equal. Information from low-credibility sources, such as blogs, forums, and social media posts, is typically less reliable than information from sanctions lists, PEP lists, watchlists, and established publications such as international news organisations. The distinction between low and high quality data may be more challenging for searches carried out in foreign languages.
Language, Spelling, and Naming
Global name searches may struggle to account for the nuances of foreign languages, including naming and spelling conventions. Some cultures reverse the first name-surname order, for example, use prefixes before names, or approximate English spelling translations. Similarly, some data sources may use non-Latinate characters, such as Cyrillic or Arabic.
Aliases, Nicknames and Similar Names
Searches may misidentify customers based on the use of aliases, nicknames, and similar or exact-match names. In searches of Western news stories, for example, the name “John Smith” would, without added contextual input, generate a huge amount of similar or exact-match name alerts, while customers that use nicknames or middle-names when signing up for services may also end up confusing search tools. On the other hand, criminals may actively try to evade searches by using aliases.
AML Name Screening Best Practices
AML name screening is challenging, but firms can streamline their process by applying the following best practices as they develop and use their search solutions.
Optimise CDD
Firms should apply robust customer due diligence (CDD) measures during onboarding to verify their customers’ identities, including collecting official identifying documents such as passports. Effective CDD enriches customer risk profiles with contextual information which can, in turn, help compliance teams clarify name screening data where ambiguities and false positives emerge.
Automate Where Possible
Automation allows firms to build speed and accuracy into their AML screening process, accomplishing in seconds what would have previously taken hours to complete, and without the same potential for human error. Automated screening tools offer an array of peripheral benefits – solutions can be tailored to a firm’s business needs and risk appetite, and scaled to accommodate business growth. Automated solutions can also integrate emerging innovations, and account for multi-language screening challenges.
Risk Categorisation
It is important to implement a screening solution capable of discerning different types of risk from the content it targets, and categorising that information accordingly. Customers involved in potential financial crimes (such as fraud) may pose a different level of money laundering risk than customers involved in narcotics offences, for example, and that nuance can help firms clarify, and deploy a more efficient compliance response.
Ongoing Monitoring
AML risk screening should not become a box-ticking exercise. Customer risk profiles can change quickly as a result of elections, regulatory changes, or geopolitical events such as the conflict in Ukraine, and firms must be ready to adapt to changes in that environment. Screening solutions should continuously monitor for changes, and firms should be proactive in seeking out and capturing new risk data.
Integrate AI
AI has become a powerful weapon in the fight against financial crime. The emergence of generative AI and large language models (LLMs) is particularly valuable for name screening since it enables firms to analyse unstructured data with unprecedented speed and accuracy, across numerous language systems. AI technology is also capable of discerning different levels of risk, identifying duplicate information, and recognising non-Western characters and other translation issues.
Next Generation Name Screening
Build next generation automated name screening into your AML solution with Ripjar’s Labyrinth Screening platform. Powered by AI technology, Labyrinth Screening is capable of searching thousands of global sanctions lists, PEP lists, watchlists and adverse media sources in seconds, to deliver actionable financial intelligence that enables firms to stay ahead of regulatory risk.
Labyrinth Screening is designed to supercharge the name screening process and dramatically reduce assessment times. The platform includes Ripjar’s AI Risk Profiles tool to help teams extract only the most risk-relevant information from large volumes of data, and AI Summaries, a generative AI tool that adds concise prose summaries of that data to each customer profile.
