How to make the most of your screening outputs

How to make the most of your screening outputs

Published: 27 August 2025

In Ripjar’s recent Compliance Masterclass, co-hosted with FINTRAIL – now available to watch on demand – a panel of industry experts from FINTRAIL, Ripjar, Wise and Nomura explored all stages of the sanctions screening process, providing insights, advice and best practice on how to make the most of your screening outcomes. Here’s a round-up of some of the key takeaways from the session.

The importance of accurate screening outputs

In today’s regulatory environment – where data on sanctioned parties, politically exposed persons and entities who may present a higher risk of financial crime is ever-expanding – screening plays a vital role in detecting bad actors. 

However, financial institutions face a mounting challenge: how to effectively manage ever-increasing screening alert volumes to identify and act on genuine risks without getting buried in false positives. To create efficient screening outcomes, financial institutions need to rethink the end-to-end process: not only how screening alerts are generated, but how they are investigated and resolved.

Screening alerts alone don’t dictate what action should be taken for a specific customer or transaction. Rather, they serve as the entry point for further investigation. As noted by the Wolfsberg Group, “the generation of an alert is not, by itself, an indication of sanctions risk.”

Accurate and auditable screening outcomes are crucial for two reasons:

  1. They allow you to detect potential financial crime risk and any resultant actions that need to be taken. 
  2. The allow you to further tune and calibrate your screening system to generate better and more precise screening alerts in future.

Implementing an end-to-end alert process

Regulators are increasingly scrutinising alert handling processes, demanding not just that alerts are generated, but that they are managed, investigated, and documented with precision and consistency.

The European Banking Authority, for example, recently established standards on how it expects firms to carry out screening alert reviews, and in the UK regulatory standards focus on proper record keeping of resolved alerts.

Regulatory expectations

The EBA’s guidance states that policies and procedures should include:

  • Steps for starting to investigate all alerts generated.
  • Rules for the documentation of any decision taken in respect of alerts.
  • Measures to investigate alerts, such as procedures to assess and deal with indeterminate cases.
  • Different levels of review to be carried out in line with risk, by implementing at least a review by two people in relation to higher risk situations.

In the UK, JMLSG Part III 4.102 notes how firms should review screening alerts, including:

  • The process should be documented in writing.
  • Firms should keep an appropriate audit trail about every likely match.
  • A record of who made the decision and on what grounds.

A screening alert on its own will not define the screening outcome. Analysis is needed to confirm whether the alert is a match, whether funds need to be frozen, if the customer relationship needs to be terminated, if the customer’s risk rating needs to be increased, or if law enforcement needs to be contacted.

Key to reviewing screening alerts is having consistent disposition and decision-making throughout the firm, no matter how big or small, in order to comply not only with regulatory requirements but also the firm’s risk appetite. This could be achieved through:

  • Categorising alerts as high, medium or low risk based on the type of alert (sanctions, PEP or adverse media) and the strength of the hit (exact match or a fuzzy match).
  • Adoption of decision trees to ensure investigators review alerts in the same manner.
  • Identifying and escalating higher risk alerts – for example a nexus to high risk countries or exposure to certain high-risk industries – for expert review. 
  • The use of the “four eyes” principle to ensure that at least two independent reviewers assess high-risk cases.

Many firms use a tiered approach for alert review and decisioning, whereby an alert will pass through several layers of review. For example, whereas all screening alerts will be reviewed by ‘Level 1’, and may need to be escalated to ‘Level 2’ for additional confirmation, the final determination of whether or not an alert is a true match and presents a risk to the firm may not occur until it is escalated to and reviewed by senior stakeholders at ‘Level 3’. 

Documenting each step of the alert review process is crucial, not just for good practice, but for demonstrating robust governance. ‘Level 3’ decision-makers must be able to review the analysis and investigation already conducted, ensuring decisions are well-informed, defensible to regulators, and easily auditable. Clear documentation also streamlines escalations, reduces duplication of effort, and strengthens the overall quality of financial crime risk management. Furthermore, a clear audit trail of resolved alerts may be relevant for regulatory follow up or reporting. 

Setting screening systems up for outcome success

Screening outcomes typically fall into four buckets:

  1. True Positive: Correct escalation of a real risk.
  2. False Positive: Incorrectly raised alert, which is later de-escalated.
  3. True Negative: Correct non-match.
  4. False Negative: Missed match and therefore an undetected risk for the firm.

In an ideal world, firms will be able to clearly identify and focus on true positives while ignoring false positives which carry no true risk exposure and lead to extra and unnecessary work. At the same time, firms will want to ensure that true risks do not slip through screening undetected. However, that is not always the case, and financial institutions face a number of AML compliance challenges in this area. As sanctions lists in particular expand, firms face rising false positives while spending less time detecting genuine alerts.

Understanding the root of false positives is not a one-off exercise but an ongoing process. Firms should continuously analyse data from past alerts to identify common triggers, refine matching logic, and adjust their thresholds. Leveraging historical alert data in this way not only reduces noise but also improves the precision of screening systems, enabling investigators to focus on genuine risks. Using past alerts to support ongoing tuning of screening systems can be done in two different ways:

  • Examining false positives: By analysing which types of alerts consistently lead to false positives, firms can refine their matching algorithms, exclude irrelevant data sets from screening, or apply different rules to specific client segments and thereby develop more precise rules for alert generation. 
  • Examining false negatives: “Below the line” testing – the process of examining unseen alerts below the matching threshold set by the firm – to better understand what systems might be missing and whether the firm missed any false negatives.

Finally, effective screening outcomes are fundamentally dependent on two components: screening the correct watchlist data against high-quality customer data. At a minimum, firms should screen against any watchlists that they are legally required to comply with (for example sanctions lists) and lists relevant to their jurisdiction (for example PEP lists and specific adverse media lists). At the same time, customer data should also be of a good quality and consistency to ensure efficient screening alerts are generated.

Screening outcomes and AI

AI offers powerful possibilities in screening by rapidly analysing screening alerts to detect patterns, identify high risk alerts, and support enhanced decision-making. For example:

  • Enrichment of alerts: AI can be used to pull out additional data points (such as location data or beneficial ownership data) to provide further context to a screening alert which would otherwise only contain limited information. This can aid investigators in arriving faster, and more efficiently, at screening decisions. 
  • Identifying high risk alerts: AI can be used to score and identify higher risk alerts that should be prioritised for review, due to a combination of the strength of the screening alert, the list it is matching against and the potential regulatory consequences. 
  • Dealing with false positives: In certain situations, AI can even be used to auto-close alerts that are clearly false positives. Firms should note that where AI is used to make decisions, regulators expect firms to be able to demonstrate full governance and oversight over the AI’s decision-making remit. 

From alerts to action

As regulatory scrutiny increases on how firms are conducting screening, firms must consider not only how they are generating screening alerts but also how they are reviewing these alerts and arriving at the right screening outcomes. 

In summary, here are three things firms should do to ensure their screening process is set up for outcome success:

  1. Undertake ongoing testing and tuning to understand the root of false positives. Analyse data from past alerts to identify types of alerts consistently leading to false positives to refine matching algorithms and rules going forward.
  2. Screen the correct data. Carefully select the watchlists to be screened against, and ensure that the customer data used for screening is of sufficient quality to generate relevant screening alerts.
  3. Create documented procedures for alert review and escalation. Establish clear, written procedures for how alerts are reviewed and escalated (for example, through decision trees and prioritisation of high risk alerts), including who makes decisions and on what grounds.

Watch the full masterclass on demand

Watch Now

Newsletter

Related Articles

FATF financial inclusion guidance

FATF Financial Inclusion and AML/CTF Guidance 2025: Key Takeaways

  • Blog
  • 4 mins read
EBA Guidelines 2025

EBA Guidelines 2025: Preparing For New Sanctions Screening Rules

  • Blog
  • 4 mins read
3P60

Introducing Ripjar 3P60: Complete third-party risk management 

  • Blog
  • 5 mins read