How address matching is extending customer screening across entity, trade, and reputational risk.
In June 2024, the U.S. Bureau of Industry and Security did something unusual. Instead of adding a company name to its entity list, for the first time it added an address.
But why? Well, certain groups under trade restrictions had worked out that if they changed their company name, now on the BIS screening list, quickly enough, they could slip past the existing BIS screening requirements. The new name sailed through. Same people, same physical office… and unsurprisingly, the same fraudulent activity.
That decision by BIS, to add a physical location rather than a legal entity, marked a meaningful shift in how trade compliance is enforced.
For compliance teams still relying on name-only screening (and that’s most compliance teams today), this creates a risk gap that their current name matching processes cannot bridge.
The dimension most screening programmes haven’t added yet
Address screening is the process of checking whether a customer, counterparty or transaction destination shares an address with a sanctioned or high-risk entity. It returns results based on address matching alone, regardless of name or entity type. Until recently, most compliance platforms didn’t offer it at all.
That matters more than it might seem. Shell companies are, by design, disposable. They exist to be created, used and discarded. A sanctioned network can spin up a new entity in days. But it rarely moves premises. The physical address is often the most persistent identifier a compliance team has to work with. It is also the one dimension most screening programmes have yet to incorporate.
Three reasons address screening matters now
The BIS entity list is the most visible driver, but it is not the only one. Address screening serves distinct compliance needs, and the regulatory pressure behind each of them is growing.
The first is BIS compliance. The BIS entity list flagged addresses as problematic in their own right, citing their “high risk involvement in unlawful diversion.” The principle is simple: if a network of shell companies keeps changing its name but operates from the same location, the location is the constant. Block the address and the evasion strategy breaks. The BIS has expanded the list from eight addresses to approximately twenty, and other regulators are watching. If address-based restrictions prove effective, expect similar approaches from OFAC, the EU and HM Treasury.
The second is trade compliance. When shipping goods to a specific address, it is not enough to validate the named recipient. The address itself may be shared with or used by a sanctioned entity. For organisations involved in cross-border trade, address screening adds a layer that name matching alone cannot provide.
The third is general screening and reputation risk. Across global sanctions lists, not just the BIS, there are thousands of high-risk addresses. When a customer or counterparty shares a registered address with a sanctioned entity, that is a risk signal regardless of whether the address appears on the BIS list specifically. For financial institutions, this extends beyond regulatory compliance to reputational protection: no organisation wants to discover after the fact that it has been doing business with entities co-located with sanctioned organisations.
How address matching at scale changes the picture
Matching against a list is the starting point. The real value is in what becomes visible when you operate at genuine scale.
Consider what that means in practice. The BIS entity list contains around twenty high-risk addresses, a number most compliance teams could theoretically manage manually. But sanctioned addresses don’t stop there. Ripjar’s Advanced Address Screening covers approximately 100,000 high-risk addresses across the BIS entity list and key global sanctions lists. At that scale, patterns that would be invisible in a smaller dataset begin to surface. A client address that returns multiple matches across different sanctioned entities is a clear signal about the network around it.
This is what screening at scale enables: not just confirming whether a single address appears on a list, but identifying which client addresses are drawing repeated matches, and what that concentration tells you about risk. The matching is probabilistic, not string-based. Specialised AI ensures precision at scale, distinguishing between a genuinely high-risk address and one that merely looks similar, so that a street in Dubai isn’t confused with a superficially similar address on the other side of the world.
Operating at this scale reveals something else that narrow list-matching cannot: early indicators of risk that haven’t yet made it onto a sanctions list. An entity sharing premises with sanctioned organisations may not be designated today. But the pattern is a signal. For compliance teams, this is the difference between saying no at the front door and having to extract yourself from a relationship after the fact.
This is where address screening shifts from a compliance checkbox to an intelligence tool. It is not just about matching an address against a list. It is about understanding what that address tells you about the network around it, and only precision matching at scale makes that possible.
What this means if you run a screening programme
Global anti-money laundering (AML) fines reached roughly $3.8 billion in 2025. Senior manager accountability regimes are expanding across jurisdictions. SM&CR in the UK. MAS Individual Accountability Guidelines in Singapore. Similar frameworks elsewhere. All of them mean the same thing: screening failures are now attributed to named individuals, not just the institution. Your Head of Compliance. Your MLRO. Your board sponsor.
In that environment, extending your screening programme to include address matching means identifying risk before it surfaces in an audit. Every address-linked connection your system can flag is one fewer gap for regulators to find.
The organisations acting now are building address screening into their infrastructure while the regulatory expectation is still forming. That is a stronger position than waiting for it to become a requirement.
What to look for in an Advanced Address Screening capability
Not all approaches are equal. If you are evaluating address screening, five things matter. The first is coverage depth: how many high-risk addresses the system holds and how frequently the list is updated. The second is scale and precision: whether the tool matches across a comprehensive universe of high-risk addresses while maintaining the matching accuracy needed to avoid conflating genuinely distinct addresses that happen to look similar.
The third is integration with your existing watchlist and adverse media screening. Two further criteria separate the leaders: configurability (whether you can tune matching sensitivity by risk appetite and customer segment) and early risk identification (whether the capability uses specialised AI to surface patterns that indicate emerging risk, beyond confirmed list matches).
In a recent deployment, Ripjar customers identified address-linked risk patterns that name-only screening had missed entirely. The matches were not speculative. They surfaced connections between apparently unrelated entities operating from the same premises as sanctioned organisations.
An important caveat
Address screening is not a silver bullet. Legitimate businesses share addresses with sanctioned entities all the time. A match on address alone does not mean wrongdoing. Where the value lies is in what repeated matches reveal: the concentration of risk around a particular address, the persistence of that address as an identifier, the additional context it provides alongside name matching, adverse media and other risk signals.
Which compliance teams will get the most from it? The ones that treat it as one dimension of a multi-dimensional risk view, not as a standalone check. Here at Ripjar, we’ve always believed that compliance should be intelligence-led, not list-led. Address screening is what that looks like in practice. Ripjar built Advanced Address Screening as part of Ripjar Screening for exactly that reason. Address data is most powerful when it compounds with entity resolution, watchlist matching and adverse media in a single, dynamic risk profile. Every decision explainable. Every audit trail intact.
The regulation is forming. The opportunity is now.
Address screening is not a single regulatory mandate. It is a capability that sits at the intersection of BIS compliance, trade screening, and broader sanctions risk management. Each of those areas is tightening independently. Together, they make address matching a dimension that compliance programmes can no longer treat as optional.
With Advanced Address Screening, you extend your capabilities beyond name-only matches to meet changing regulatory requirements across all three use cases. You also identify risk that hasn’t reached a sanctions list yet. The compliance teams adding address screening now are the ones who will already have the capability in place when the next wave of regulation arrives.
Ripjar has been ranked #20 in the Chartis Financial Crime and Compliance (FCC) 50 for 2026, marking the third consecutive year the company has placed in the top 20 of the global ranking of financial crime technology providers.
This year, Ripjar was also ranked #4 for Core Technology and recognised again for its innovation in AI, marking the third consecutive year the company has been highlighted by Chartis for advances in artificial intelligence.
Artificial intelligence is transforming how financial institutions detect and investigate financial crime. Reflecting this shift, the 2026 Chartis FCC50 report places particular emphasis on the growing use of agentic AI and generative AI, which are enabling organisations to analyse larger and more complex datasets while improving investigative efficiency.
Widely regarded as one of the most comprehensive independent evaluations of financial crime and compliance technology vendors, this year’s FCC50 ranking assessed 98 vendors, highlighting the rapid growth and innovation across the financial crime technology landscape.
Ripjar’s performance in this year’s ranking reflects the strength of the technology underpinning its platform. At the heart of the platform is a proprietary risk intelligence engine that powers entity resolution, multilingual name matching and AI driven risk classification across large and complex datasets. Built on national security heritage, the technology processes billions of structured and unstructured data points daily to uncover risk signals and connect entities across global data sources, enabling investigators to detect financial crime faster while maintaining the transparency and explainability required for regulatory compliance.
Ripjar is also applying these AI capabilities directly to investigative workflows with its Screening Assistant.
Screening Assistant uses AI to assess screening alerts, automatically close low risk matches and escalate edge cases with evidence and a full audit trail, delivering up to a 90% reduction in false positives and up to a 1,000% increase in screening efficiency. Capabilities like Screening Assistant reflect the innovation recognised by Chartis through its LLM Innovation award, demonstrating how advanced AI can transform compliance operations while maintaining governance and explainability.
“Being recognised by Chartis for both Core Technology and LLM innovation is a strong validation of the approach we’ve taken at Ripjar,”
said Joe Whitfield-Seed, Chief Technology Officer at Ripjar.
“Financial crime is a complex data and intelligence problem, especially at scale. By combining a powerful technology foundation with purpose-built AI and language models, we’re helping organisations uncover hidden risk faster and make better decisions.”
As financial crime continues to evolve and risk becomes increasingly interconnected across jurisdictions, data sources and networks, financial institutions must modernise their approach to detection and investigation.
To learn more about how organisations can adapt to this changing landscape, join our upcoming webinar, Modernising AML for a Networked Risk Landscape, where Ripjar experts will explore how advanced analytics and AI are transforming financial crime intelligence.
In 2025, several key trends defined the fincrime landscape, including a push for increased corporate transparency, a tightening of corporate ownership rules, and stronger cross-border coordination between national regulators.
Governments pursued a variety of legislative objectives focused on those goals, while global compliance teams kept pace. As we reach the end of 2025, both regulators and businesses are looking to the horizon. But now is also a great moment to take stock of the developments of the past 12 months, as well as what we need to be ready for in 2026.
To help your organisation do that, and stay ahead of regulatory change, we’ve put together a high-level guide to 2025’s key global fincrime developments.
The United States:
The BIS 50% Rule
In September 2025, the United States’ Bureau of Industry and Security (BIS) announced that it was expanding the scope of its Entity List. Under the previous regime, BIS’ export controls, focused on preventing military end use of goods, applied only to entities specifically named on the list, even though they may have had extensive business or financial connections to those named entities.
Under the new regime, known as the “Affiliates Rule” or the “50% Rule”, that loophole will be closed. BIS guidance states that “any entity that is at least 50% owned by one or more entities” on the Entity List now falls under the scope of the export controls.
Regardless of the pause, the Affiliates Rule remains a paradigm shift in US policy. In practice, that will mean more extensive beneficial ownership checks on BIS-listed entities, and the application of appropriate risk-based anti-money laundering (AML) and counter-financing of terrorism (CFT) screening standards.
The rule highlights the need to shift screening focus away from single-target resolution, and towards a network-focused approach that clarifies corporate links between organisations.
The United Kingdom:
Economic Crime and Corporate Transparency Act
Introduced in 2023, the Economic Crime and Corporate Transparency Act (ECCTA) is transforming the way that the UK tackles corporate financial crime. In 2025, ECCTA implementation continued, with key developments including:
Authorised Corporate Service Provider (ACSP) status, enabling certain professional service providers to verify clients for UK registration.
Expedited disqualification process for fraudulently registered companies.
Voluntary identity verification for individuals registering as companies.
Access to certain trust information on the Register of Overseas Entities.
Compulsory identity verification for new directors and people with significant control (PSC) will also arrive in 2025. It will expand to the existing 7 million directors and PSC in 2026.
ECCTA’s focus on ultimate beneficial ownership (UBO) checks means that firms will need to cross-reference public and private sector data, and initiate enhanced compliance against customers that fall short of satisfactory identity verification.
The European Union
AMLA
Although it has not yet assumed its direct supervisory role over EU entities, the EU’s Anti-Money Laundering Authority (AMLA) became operational on 1 July 2025. Since then, it has been working to develop operational infrastructure, and design its regulatory framework.
While there were no significant AMLA developments in 2025, EU member states continued to interpret the law and make changes to domestic AML/CFT legislation in order to align with the broader EU framework as it currently is.
Adverse media screening
AMLA will significantly increase the need for firms to practice effective adverse media screening. As AMLA expands operationally, firms will seek to elevate their adverse media screening solutions, and compliance teams will need to explore and integrate new tools capable of identifying entities efficiently on a global media landscape.
AI Regulation
The EU is building its regulatory focus on the use and safety of artificial intelligence (AI). To that end, the implementation of key legislation continued in 2025:
The EU AI Act: Introduced in July 2024, the EU AI Act will come into effect in August 2026. The Act requires firms to consider how they implement AI within their infrastructure and take appropriate compliance steps.
DORA: The Digital Operational Resilience Act (DORA) came into full effect across the EU in January 2025. The regulation requires firms to put appropriate protections in place against cyberattacks.
Financial Action Task Force
Plenary Session
The Financial Action Task Force (FATF) also focused on corporate transparency, regulator responsibility, and international cooperation in 2025. In October, the FATF published the outcomes of its most recent Plenary session, held in Paris, France. Key outcomes included:
The announcement of new time-bound and risk-based Mutual Evaluation processes, which place greater value on regulatory outcomes.
The expansion of the Guest Initiative, a programme for non-member states to share views on fincrime challenges, inform FATF strategy, and strengthen global AML/CFT cohesion.
New guidance for members regarding asset recovery and the confiscation of criminal assets. The guidance, scheduled for publication in November 2025, aims to address low levels of global asset recovery, and the rise in proliferation financing.
National Risk Assessment Toolkit
In August 2025, the FATF launched its National Risk Assessment toolkit. Highlighting the threat of cross-border money laundering, the toolkit is designed to help countries assess their money laundering threats and eliminate regulatory gaps. It sets out a range of insights, including cross-border crime figures, proceeds of crime estimates, and the most common types of predicate crimes.
2026 and Beyond
Most of 2025’s key developments are events within patterns of ongoing regulatory change, or specific milestones set out in legislation. That means compliance teams need to adjust their solutions, and their postures, with an eye on 2026 and the future.
In the UK, for example, the implementation of ECCTA is expected to continue until 2027, and include the expansion of compulsory identity verification measures, more stringent ACSP registration requirements, and stronger business prohibitions for disqualified persons.
Similarly, in the EU, AMLA’s phased introduction will see 40 obliged entities come under the regulator’s direct supervision in 2027. AMLA is expected to achieve full operational capacity in 2028; firms should have taken the relevant steps to align with the new regime by then, including integrating effective adverse media screening solutions.
In the US, FinCEN AML updates are likely. In early 2026, the regulator is expected to expand AML/CFT screening requirements to registered investment advisers (RIAs) and exempt reporting advisers (ERAs).
Key Takeaway: What 2025 Tells Us About 2026
2025 reinforced the notion that global compliance focus will move further towards transparency and data quality in 2026.
It also emphasised the importance of compliance teams’ ability to understand risk across interconnected networks. The BIS 50% rule, for example, is a US regulation, but has a global impact, and many international data providers and screening platforms are already working to ensure they interpret it accurately.
The same can be said for FinCEN and AMLA in the EU: the global impact of regulations requires compliance teams around the world to not only be aware of incoming changes to their threat environment, but be ready to adapt in 2026.
The good news is that Ripjar provides firms around the world with the power and flexibility to do that. Our platform leverages advanced analytics to cut straight through data complexity and noise, and stay ahead of AML risk, now and in the future.
Talking of the future, stay tuned for our upcoming 2026 Outlook which will go into more detail on what to look out for on the fincrime horizon.
This week, we’ve been taking part in Neurodiversity Celebration Week at Ripjar! We’re firm believers that diverse minds make us stronger as a business. Different ways of thinking have always helped us tackle challenges from new perspectives, and come up with innovative solutions to solve the toughest challenges our customers face.
How are we celebrating?
Neurodiversity hub
Following the results of our last annual Diversity Survey, which included new questions specifically on neurodiversity, we thought that Neurodiversity Celebration Week could be a great opportunity to provide more information and highlight existing initiatives more widely within the business.
This week, we’ve launched a new internal resource for all Ripar staff, pulling together a wide variety of information on neurodiversity into a central hub. This includes content on:
Different types neurodivergence and the traits often associated with them
How different forms of neurodivergence might impact people at work
The benefits of having a neurodiverse workforce
Tips for supporting colleagues and working effectively within neurodiverse teams
Details of support available at Ripjar
Links to various useful resources, including everything from relevant organisations, reports and guidance, to TED Talks, books and films.
“This is a great resource in support of a complex and challenging topic: clear, detailed and well thought-through. Whether you’re neurodivergent yourself or just want to be a better ally to colleagues, this is a great starting point to learn and understand more.” Adam Benyon, Principal Solutions Architect
Neurodiversi-tea
As many neurodivergent people find regular, short breaks more beneficial than long ones, we encouraged an afternoon break in our Cheltenham office on Wednesday, where we gathered for a “Neurodiversi-tea” with tea and cake. While enjoying our afternoon tea, we discussed our experiences of neurodiversity at work as well as sharing tips and ideas for maximising our strengths and working more effectively with each other.
“It was great to take some time out and chat openly about neurodiversity with colleagues. I loved hearing about people’s personal experiences in different workplaces, and learning more about the different strengths they see in their teams. There’s been so much enthusiasm and interest in the topic of neurodiversity – it’s obviously something people here care deeply about.” Caz Coker, Ripjar D&I Group
How does Ripjar support neurodiversity?
As a company that’s always found strength in approaching problems from different mindsets, there are lots of ways we help enable this. While these options can help neurodivergent colleagues, they are of course available to benefit neurotypical colleagues too, as everyone at Ripjar has their own preferred working styles to do their best work.
A few examples of support available to Ripjar staff include:
Flexible work location: Ripjar is remote-first, with the option to work in the office if preferred and convenient. The office also has a well-stocked kitchen and breakout space to help staff decompress and refocus between tasks. Working hours can often be adjusted to suit individual needs too.
Space to focus: We provide designated quiet spaces for staff working in the office, with private pods available for use by anyone who would benefit from them. Noise-cancelling headphones are also provided by the company to any colleagues who would like them, enabling staff to cut out background noise, or listen to music, white noise or anything else which will help them focus and work more comfortably.
Task management: Everyone has access to regular 1-to-1s with their line managers, where they can get support with work prioritisation and planning, discuss their wellbeing, and raise any challenges they’d like help with. Various tools are also used across the business to help with task management, organisation and prioritisation, and to enable staff to break down and plan tasks to suit their working styles.
“Neurodiversity is important for building strong teams, and we want everyone at Ripjar to feel supported to work in the way that suits them best. Whether that’s by providing quiet spaces, supporting staff with the right tools and equipment, or simply ensuring good communication, we’re always looking for ways to improve the experience for all our staff.” Maria Cox, Head of People Operations
Around $300 billion is laundered in the United States every year, a trend which undermines the integrity of both the US and global economies, and perpetuates ongoing criminal enterprises. To address that threat, the US government has passed strict financial regulations, and established the Financial Crimes Enforcement Network (FinCEN) as the country’s primary financial regulator.
In this post, we’re going to explore the regulatory function of FinCEN, and some of the key regulations that it is responsible for enforcing.
What is FinCEN?
FinCEN provides regulatory oversight for banks and financial institutions operating in the US.
Established in 1990, FinCEN is a bureau of the US Department of the Treasury, and is headquartered in Virginia. FinCEN’s stated mission is to “safeguard the financial system from illicit activity, counter money laundering and the financing of terrorism, and promote national security through strategic use of financial authorities and the collection, analysis, and dissemination of financial intelligence.”
FinCEN’s Role and Responsibilities
In order to fulfil its mission, FinCEN works to enforce US financial regulations by monitoring financial institutions, and collecting and analysing financial data for indications of criminal activity. It also works with other government departments, law enforcement authorities, and foreign counterparts to combat domestic and international financial crime.
In its supervisory role, FinCEN’s day-to-day duties include:
Monitoring corporate compliance with US financial regulations, such as the Bank Secrecy Act.
Collecting and analysing data and financial reports from US financial institutions.
Analysing financial intelligence, including trends and patterns, that might indicate criminal activity.
Enforcement of regulatory noncompliance penalties.
Assisting law enforcement agencies with financial investigations.
Providing compliance guidance and other educational materials to US banks and financial institutions.
Liaising with foreign counterparts and international regulators, such as the Financial Action Task Force (FATF), in the global fight against financial crime.
Key US Financial Regulations
FinCEN is responsible for supervising compliance with the US’ financial regulations, including the following key articles of legislation:
The Bank Secrecy Act
The Bank Secrecy Act (BSA) is the US’ primary article of anti-money laundering (AML) legislation. Introduced in 1970, the BSA imposes a range of AML compliance requirements on banks and financial institutions, including the implementation of customer screening, and financial reporting and record-keeping measures.
The Patriot Act
Passed in 2001 in the wake of the September 11 terror attacks, the Patriot Act is a counter-financing of terrorism (CFT) regulation, and an amendment to the BSA. The Patriot Act gives US law enforcement agencies powers to investigate financial crimes, in addition to those conferred by the BSA. Notably, the Patriot Act imposes customer due diligence (CDD) and screening obligations on financial institutions, with an emphasis on cross-border payments and business relationships.
The Anti-Money Laundering Act
When it came into effect in 2021, the Anti-Money Laundering Act (AMLA) represented the most significant reform of the US AML/CFT legislation since the Patriot Act. AMLA was introduced to address the risks posed by new technologies and criminal methodologies, but also set out increased penalties for money laundering, new protections for corporate whistleblowers, new beneficial ownership rules, and expanded international information sharing rules.
Optimising FinCEN Compliance
FinCEN applies the international AML/CFT compliance recommendations set out by the Financial Action Task Force. Following that standard, US firms must implement risk-based compliance solutions, performing risk assessments of their customers and deploying proportionate compliance responses to that risk.
Risk-based compliance solutions should involve the following measures and controls:
Customer identification: Firms must perform customer due diligence in order to identify their customers, and the beneficial owners of customer-entities.
Transaction screening: Firms should screen customer transactions for indications of criminal activity. Those indicators include unusual transaction patterns and transaction amounts, and transactions that involve high risk counterparties.
Adverse media screening: Since AML risk is often revealed in news media before it is officially confirmed, firms should implement global adverse media screening measures in order to capture changes in customer risk as soon as possible.
The US’ risk-based screening requirements, including the need to screen adverse media stories, mean that firms may have to collect and analyse vast amounts of financial data, from thousands of global data sources. To manage that burden, most firms need to lean into screening technology in order to automate as much of their screening process as possible, rather than relying on outdated manual search processes, fraught with the potential for human error.
Beyond speed, efficiency and accuracy, automated screening platforms help firms take the pressure off compliance teams, and take advantage of emerging innovations and enablers, such as AI-powered analytics. In a fast-moving compliance environment like the US, automated screening solutions offer game-changing agility, enabling firms to react quickly to regulatory trends and emerging criminal methodologies, and, ultimately, make faster, stronger compliance decisions.
Most successful banks and financial institutions understand that anti-money laundering (AML) compliance cannot be an afterthought. In 2025, regulators demand a proactive response to money laundering risk, which typically requires firms to go beyond templated screening and monitoring tools, and instead develop unique solutions that fit their operating environment.
That’s easier said than done. The risk-based AML regulatory landscape evolves constantly to account for new legislation and new criminal threats. This means that financial institutions have to reassess their compliance posture on an ongoing basis, and deal with emerging challenges and pain points as their solutions evolve.
Don’t let AML compliance challenges weigh your solution down. In this post we’re going to explore some of the key AML pain points that financial institutions face in 2025 – and provide some critical tips and insight into how to manage them.
Ongoing monitoring
A constantly changing AML risk landscape demands constant vigilance from the people responsible for spotting criminal activity. In practice, this means that financial institutions must find a way to facilitate ongoing monitoring of a range of money laundering risks, by screening customers effectively.
Two key examples of those ongoing monitoring challenges are:
Sanctions
In a turbulent geopolitical climate, governments issue new sanctions designations regularly, adding volume and complexity to the screening challenge. Russia’s 2022 invasion of Ukraine, for example, has seen Western governments issue an unprecedented amount of sanctions against Vladimir Putin’s regime – with strict liability penalties for firms that violate the rules.
The sanctions challenge is complicated by its global scope. Not only do compliance teams need to monitor sanctions lists, but peripheral data that also reveals customer risk. This means screening thousands of media sources, in foreign languages, and being sensitive to potential variations in spelling or naming convention which might confuse searches.
Politically exposed persons
It can be extremely difficult to establish whether a customer is a politically exposed person (PEP), and therefore poses a higher AML risk. PEPs are not just elected politicians, but can also include government employees, military officials, or holders of any prominent public position. Financial institutions may also seek to apply PEP risk to the family members and close associates of PEPs.
The PEP challenge doesn’t just involve detecting new PEPs following elections and other appointments, but deciding whether to declassify existing PEPs after they have left their position. Recent high profile cases have seen financial institutions face criticism for allegedly de-banking customers based on their PEP classification, or the classification of their relatives.
False positive alerts
The ongoing monitoring challenges listed above – sanctions and PEP screening – necessarily require financial institutions to collect and analyse vast amounts of customer data from internal lists, official lists, and media sources including news reports and even social media posts. In order to capture all potential threats and satisfy regulatory expectations, compliance solutions inevitably end up making incorrect risk assessments and generating false positive alerts, which need to be remediated.
Dealing with false positives is costly and time-consuming, especially if team members have to work through the alerts manually in order to establish true risk and remove incorrectly-applied alerts. It’s worth remembering that small adjustments to screening parameters can increase false positive rates significantly, slowing down the delivery of products and services, damaging customer experiences, and further draining employee attention and resources.
False negative alerts
While an over-sensitive screening solution generates higher volumes of false positive alerts, a solution that does not capture risk accurately risks generating false negatives – in which a high risk customer or transaction is incorrectly dismissed as presenting no risk. False negatives are arguably a more serious compliance consideration than false positives: solutions that generate too many false negatives expose financial institutions to unacceptable regulatory risk which can lead to legal consequences, including criminal penalties.
The difficulty in spotting false negative results is that, by definition, they aren’t flagged in any way by screening solutions. False negatives typically occur because compliance teams lack sufficient data to establish customer risk accurately, and fail to connect customer names to the data points that would help them make stronger decisions.
To manage, and prevent, false negatives, firms must first understand their common causes, which include:
Screening parameters set too narrowly or set incorrectly
A lack of high quality customer data
Compliance analyst skill deficiencies
A lack of multilingual search capabilities
Poor name matching capabilities
The de-duplication of news stories which leads to risk data being deprioritised or lost
Reliance on manual name searches, such as Google searches
Compliance teams can address the false negative challenge by testing their screening solutions regularly, and running true positive customer data through a search process as a way of validating its accuracy. It may also be useful to scrutinise historical screening alert rates: if a system experiences a sudden drop-off in AML alerts, it’s likely that an adjustment to the search process, or an algorithmic issue has affected the accuracy of the solution.
Get ahead, and stay ahead, of AML compliance challenges
It’s not enough to understand where pain points might affect your AML compliance solution. Regulators expect financial institutions to be proactive in taking the necessary steps to overcome challenges and shore up vulnerabilities.
In a complex, constantly evolving regulatory landscape, that isn’t easy. Compliance teams must capture and analyse vast amounts of risk data in order to meet their responsibilities and establish true risk – while ensuring that data doesn’t generate an overwhelming amount of false positives or, worse, false negatives.
Manual screening processes typically struggle to manage these pain points efficiently, creating delays in the delivery of products and services, piling pressure on compliance analysts, and increasing the likelihood of human error. Financial institutions must find ways to help their compliance teams manage that burden, not least by integrating technology to automate as much of the screening process as possible.
While automation isn’t a magic bullet for AML compliance friction, it can accomplish in seconds tasks that would have taken human analysts hours to complete – and so enhance the speed and accuracy of the results, and any subsequent decision-making. Even better, automated screening solutions can be tailored to specific risk appetites and risk environments, meaning compliance teams can adapt quickly to both regulatory change and emerging criminal methodologies.
Supply chains are critical to the global corporate landscape, but any reliance on a third party also comes with a level of regulatory risk, which firms must factor-in to their compliance solutions.
From breaches of anti-money laundering (AML) and counter-financing of terrorism (CFT) rules to institutional corruption, cyber-security failures, and human rights abuses, the consequences of third party risk can be just as damaging as internal regulatory failures – not least because incidents often also inflict reputational damage. Third party risks are not a low-priority issue: a focus on cybersecurity risk alone reveals that up to 98% of organisations worldwide have had a business relationship with a third party vendor that has suffered a data breach.
Awareness and understanding are key to identifying and managing third party risks, and to implementing effective mitigation measures. In this post, we’re going to examine some of the key pain points associated with third party risk management, and how firms can deal with them.
Supply chain risk
Most organisations are comfortable managing the challenges of their immediate risk environment, including carefully calibrating their screening and monitoring solutions. When it comes to the risk environments of their suppliers, however, identifying threats becomes more complicated.
Supply chains typically cross multiple borders and multiple risk environments, which complicates the risk assessment process. Not only do firms have to think about a higher volume of threat vectors, but take steps to ensure that their suppliers are operating in compliance with the relevant regulations. The complexity of a supply chain magnifies the compliance challenge: cross-border chains carry a higher likelihood of regulatory disparity, while multiple different entities make different internal compliance approaches more likely.
Key supply chain compliance risks include:
Suppliers that operate in high risk industries, such as shipping or payment services.
Suppliers that operate in jurisdictions with lower AML regulations.
Sanctions designations against persons or countries within, or connected to, a supply chain.
The presence of politically exposed persons (PEPs) within supply chain companies, or connected to them via friends or close associates.
The principles of supply chain risk management are similar to those applied to customers. That means firms must implement suitable supply chain due diligence measures, along with screening and monitoring processes, in order to assess and establish risk as accurately as possible.
Reputational risk
We’ve focused on the regulatory risks that supply chains pose, but third party risk is not just about legal consequences – it also includes reputational damage. In fact, reputational damage can occur even in cases where there is no technical breach of law, and can hurt a firm just as much as a financial penalty.
In some contexts, the mere existence of a business relationship between one entity and another can be enough to create a negative public impression, regardless of whether a client organisation has broken compliance rules. With that in mind, reputational damage is often a result of negative environmental, social, and governance (ESG) factors, which may include:
Carbon emission levels
Preservation of biodiversity and natural habitats
Ethical labour practices
Workplace diversity, equity, and inclusion
Health and safety practices
Corruption
Human rights abuses
The consequences of reputational damage can be difficult to predict, but may translate to customer boycotts, adverse media stories, and increased regulator attention. The sheer diversity of reputational concerns can be a particularly problematic factor for corporate entities with large global footprints, or with extensive supply chains. Reputational risks can be managed in the same way as other compliance concerns but, again, may require firms to extend the scope of their screening and due diligence measures.
Ongoing due diligence
The supply chain and reputational risks listed above represent ongoing compliance concerns, and mean that firms must factor them into their risk-based compliance solutions. In practice, this means treating third party relationships in a similar manner to business relationships, including performing due diligence in order to inform risk assessments.
Where conventional customer due diligence (CDD) measures help firms verify that customers are who they say they are, supply chain due diligence helps to verify that suppliers are meeting the standards that they claim to be. Supply chain due diligence is often a compliance pain point because it involves an intensive manual collection process of third party documents and information such as:
Company names, addresses, tax numbers and incorporation documents
Beneficial ownership details
Historical financial data such as tax reports
Internal risk assessment data
Internal financial data such as cash flow, debts, and liabilities
Regulatory environment information and historical AML/CFT compliance records
Supply chain due diligence should take place at the start of the supplier relationship and should be refreshed on a regular schedule to capture changes in a supplier’s risk profile. Ideally, that ongoing due diligence should be supported by peripheral compliance measures, including adverse media screening, and sanctions and watchlist screening.
Stay ahead of third party risks
Third party risks typically require firms to expand the scope of their compliance solutions, rather than taking a different approach to existing screening, monitoring or due diligence. That need adds volume to the compliance burden – a factor that can put unsustainable pressure on firms that rely on manual techniques to establish risk, such as searching for customer names on Google, or manually entering names into sanctions lists or PEP lists.
Fortunately, compliance teams have options for mitigating the challenges of third party risk, not least by supporting or (where possible) replacing manual processes with automated software tools. Automated screening software adds valuable speed to tasks that would have taken hours to complete manually, and high detail accuracy which reduces the potential for human error.
Most importantly, automated third party risk screening enables firms to dramatically boost the scope of their searches to a truly global scale. Automated name searches, for example, can cover thousands of global data sources, including news reports, sanctions lists, watchlists and more, delivering actionable intelligence in seconds, and helping firms make faster, stronger compliance decisions about every third party relationship.
Generative AI (GenAI) has the potential to reshape the financial landscape, promising to change the way we work, communicate and innovate at every operational level.
One of the most exciting compliance applications of GenAI is in the screening process, where AI innovations are enabling users to unlock the power of customer risk data. However, while GenAI is delivering benefits, it is also being used maliciously, with tech-forward criminals deploying AI tools to increase the effectiveness of money laundering schemes. In the most pernicious cases, criminals exploit GenAI to produce highly convincing counterfeit content, such as images, official documents, and even cloned voices, which allow them to bypass compliance controls and abuse the financial system.
In the face of that threat, financial institutions must understand the potential of GenAI to not only keep pace with criminals, but to become a compliance game-changer.
AML Screening: GenAI Compliance Possibilities
GenAI technology may not be suitable for every type of anti-financial crime (AFC) task, but delivers specific advantages for anti-money laundering (AML) screening solutions. GenAI tools can be integrated simply within existing frameworks, and quickly applied to a firm’s data analysis burden. The power of GenAI lies in its capability to supercharge critical screening tasks, such as customer name searches, by automatically unpicking the detail of structured and unstructured data, and delivering actionable financial intelligence in seconds.
So what are some of the possibilities of GenAI tools for AML screening?
Automation of Routine Tasks
Software automation has enhanced the speed and accuracy of critical compliance tasks across the board, but the potential of GenAI goes beyond process-efficiency. GenAI tools can automatically identify, distil, and extract meaning from seemingly-unconnected, unstructured data points, such as news stories, to build in-depth customer risk profiles or output concise prose summaries of an individual’s AML risk that inform and streamline compliance decision-making.
In fact, GenAI tools are useful for summarising a range of AML data sets, including suspicious activity reports (SAR). Deployed effectively, they can eliminate the need for manual input during the compliance process, and free up human employees to apply their skills and expertise to more value-adding tasks.
Enhanced Risk Investigations
AI tools can serve a multitude of purposes in an AML programme but are often particularly useful in risk investigations. AI-enabled analytics software, for example, can identify specific information and connections within vast, unstructured data sets that human observers may have missed – but that may change a customer’s risk profile considerably.
GenAI can push investigative possibilities even further by automatically finding, analysing and summarising data within relevant documents and online sources, including PDFs, watchlists, news stories, and social media pages. That capability promises to not only save time during the screening process but hone the focus of the investigation so that analysts can target their questions more specifically, and refine their investigative techniques.
Quality Assurance
Firms may choose to turn the focus of their GenAI analytics inwards to identify weaknesses within their screening process, opportunities to strengthen, or points at which targeted training and development may have greater impact.
This type of quality assurance (QA) application may have an end-goal of verifying completed investigations but GenAI tools could also be programmed to intervene at progressive stages to examine specific alerts, and determine whether analysts made the right decisions. After enough affirmation, and with sufficient corporate confidence, the GenAI QA process could be reversed, with AI tools completing investigations and human compliance analysts verifying their outputs.
Top 5 Ways GenAI Can Support Your Compliance Team
Enhance AML screening and automate manual tasks
In a complex regulatory environment, GenAI can streamline and simplify AML customer screening to deliver better compliance outcomes.
Generate investigative insight
GenAI tools can focus and deepen risk investigations by providing valuable data insight that human compliance teams often miss.
Continuously improve
Use GenAI to address weaknesses in your AML screening process and verify critical compliance decisions.
Reduce false positives
GenAI tools can identify and extract the most relevant risk data to build accurate customer profiles and reduce costly false positive alerts.
Make faster decisions
Use GenAI language models to create concise summaries of customer risk data, and facilitate stronger decision-making during screening.
Cutting-Edge Screening Power
As global financial compliance grows increasingly complex, GenAI tools have the potential to fundamentally change AML screening outcomes, providing enhanced screening accuracy and efficiency, and a greater depth of understanding for compliance teams.
GenAI is already delivering AML results in the real world. Ripjar’s AI Risk Profiles feature within the Labyrinth Screening platform uses machine learning technology to resolve vast amounts of unstructured risk data around a single customer profile, extracting only the most relevant information to maximise efficiency and avoid false positives. Labyrinth also includes AI Summaries, a GenAI-powered language model that adds clear, concise prose descriptions of customer risk to each profile in order to help compliance teams make faster, stronger decisions during the screening process.
Labyrinth Screening is further boosted by Ripjar’s Compliance Copilot, a GenAI-powered assistant that can support compliance teams by acting as a first line of defence in reviewing alerts and carrying out assessments.
