In 2024, geopolitical turbulence, including Russia’s ongoing invasion of Ukraine, has made the global sanctions landscape more unpredictable than ever. Meanwhile, governments are knuckling down on regulatory compliance with significant, strict liability penalties for sanctions violations.
Despite that climate, many financial institutions are struggling to match the pace and complexity of sanctions programmes. Data from a recent poll, conducted as part of Ripjar and FINTRAIL’s Sanctions Masterclass in November 2024 suggests that fewer than 30% of firms are conducting proactive, intelligence-led sanctions investigations, while over 20% are only screening customers against basic, primary data fields such as name and date of birth.
Speaking at the Masterclass event, Director of Sanctions and Screening at Wise, Parminder Turna, emphasised the need for compliance teams to go beyond basic name searches, and develop more nuanced screening strategies that capture the real risks that they face. “Every system control configuration calibration is firm-specific,” Parminder said. “While you can have rules and bounce ideas off your peers, you have to have confidence and really understand your programme.”
With that need in mind, we’ve drilled down into the detail of the Sanctions Masterclass discussion in order to draw out some of Parminder and the panel’s practical insights and advice for optimising your approach to sanctions screening.
1. Focus on the what, when, and why of screening
The complexity of the global sanctions landscape makes compliance daunting, especially for firms with broad international footprints. However, sanctions compliance gets smoother and easier when every member of the compliance team has sight of, and understands, the following compliance fundamentals: what are you screening, when are you screening, and why are you screening?
What: Your sanctions compliance team should be clear about what they’re screening customers against. That means understanding the “list landscape” and how your solution uses both internal company lists, and external lists such as politically exposed person (PEP) lists to generate alerts. Your team should also be clear about how identity and location data factors into compliance decision-making: for example, is third-party-provided location data based on your company’s risk profile?
When: In a risk-based compliance environment, teams should understand when, or in which circumstances, the sanctions screening process should be initiated. Screening triggers may involve, for example, the movement of a certain amount of money, transactions which involve certain high risk locations, or customer profiles that involve certain risk characteristics.
Why: Rather than going through the motion of browsing list entries, your compliance team should understand why the screening process is taking place. In other words, team members should understand both the regulations they’re working with (the relevant sanctions programme), and how they relate to the firm’s risk appetite. The calibration of the compliance programme can change what constitutes a ‘sanctioned jurisdiction’, and everyone needs to be clear about how that changes their screening approach.
Parminder doubled-down on the importance of screening basics during the Masterclass:
2. Pay attention to detail
Since the Russian invasion of Ukraine in 2022, the volume of sanctions imposed by the West against Vladimir Putin’s regime has been unprecedented, with new restrictions imposed regularly. That pace of change, and the layers of compliance complexity it brings, means that financial institutions must stay up to date on the introduction of new measures – but also go beyond the official lists, by exploring the detail and nuance of every new regulation.
In practice, that should involve a closer examination of the regulatory texts themselves, with the goal of understanding what a regulator is looking for from obligated institutions. Firms should pull data from official sources – including press releases – map that insight to existing internal information, and use it to leverage as much information as possible from customers. You could, for example, conduct a gap analysis on every new sanction in order to keep your compliance solution as tight as possible and then, with that baseline established, uplift your screening process further through internal policies.
3. Prioritise quality and completeness
During the Masterclass, Turna referenced “garbage in, garbage out”, a phrase used regularly by data analysts to emphasise the low value of insight derived from the analysis of poor quality screening data.
In other words, compliance teams should prioritise the quality of data they’re collecting on screening targets before worrying about how they use it for decision-making.
This means validating the data that your team collects, and focusing on completeness. It’s worth remembering that the volume of sanctions data that firms must deal with in 2024 has increased by an order of magnitude – a shift that makes data completeness a challenging proposition. Not only do teams need to capture the relevant information from a global landscape of millions of data points, but analyse it effectively – and do so without overwhelming their compliance solution with false positives.
The challenges of quality and completeness demand an automated solution: firms must implement screening software that can address the challenges of their risk environment by incorporating, for example, searches of global news sources and watchlists, multi-lingual name matching, and even AI-enabled analytic tools.
The topic of enhancing screening data and taking sanctions screening beyond name matching was explored further in the Sanctions Masterclass by Ripjar’s Operational Data Science Lead, Abhijith Rajan, who outlined the benefits of moving to identity-based sanctions screening and incorporating linked data.
4. Understand how to operationalise alerts
We’ve talked about the fundamentals of sanctions screening – the what, when, and why – but what about the ‘how’ of screening? Here, ‘how’ refers to what your compliance team does when a customer name search delivers an alert. If, for example, a name search generates a hit on a sanctioned person from Iran, your team must be able to determine as quickly as possible whether that individual is a sanctions concern, or not.
If the alert is remediated as a false positive, then the transaction or business relationship may proceed. In the case of a true positive, the compliance team will need to take certain regulatory steps, not least recording and reporting details of the transaction to the authorities, and freezing the assets involved.
The precise method for dealing with a sanctions alert will vary by jurisdiction, but compliance teams must be confident that they understand their obligations wherever they operate.
5. Learn how to capture unstructured data
As part of a commitment to pursuing data completeness, compliance teams must learn to deal with unstructured data effectively. Whereas structured data, like the names designated on sanctions lists, is formatted, easily-readable, and predictable, unstructured data includes written prose in news articles, for example, social media posts, press releases, and so on.
Unstructured data is typically harder to identify and analyse than structured data but is often much more valuable, especially in a risk-based compliance environment where sanctions risk may, for example, be revealed in news media long before it is confirmed by official sources. In this context, having an adverse media search capability is a huge advantage for compliance teams seeking to be proactive about changes in risk.
Capturing unstructured data effectively, as part of a sanctions screening solution, adds to the need for firms to integrate automated search tools. That technology should have a global scope since it will need to capture millions of unstructured data points, across different sanctions lists, watchlists and media, in multiple foreign languages.
Discussing this point, Parminder raised the prospect of using AI innovations, and specifically natural language processing to this end: “I think there’s a really big opportunity to use LLMs to work on these unstructured data sets,” he said, “maybe as a detective, rather than preventive, control.”
6. Automate with understanding
On the subject of AI, it’s critical that compliance teams integrate new technology with a strong understanding not only of what it can do for the accuracy of their screening results, but how it generates those outputs. The value of AI tools (and indeed any reg-tech innovation) is predicated on their explainability to regulators since those details will be critical to the outcome of subsequent investigations.
FINTRAIL Senior Sanctions Lead Emil Dall emphasised this point during the Masterclass:
That’s not to say that AI shouldn’t be integrated as part of the sanctions compliance process, just that financial institutions must be confident about how they use it. For some institutions, it may, for example, be more impactful to integrate AI tools for procedural tasks that would otherwise have been completed manually, such as name searches of unstructured data – rather than functions in which the tech is used in the detection or prediction of sanctions risk.
7. Evolve with your risk landscape
All measures that optimise your sanctions screening solution should be taken with the understanding that they will eventually become outdated and need to be replaced. That’s not a pessimistic take, but rather an acknowledgement of the inherent fluidity of the sanctions landscape and that no single solution can ever be ‘one and done’.
In practice, this means being ready to adapt your screening solution to your risk environment, performing gap analysis regularly to find emerging vulnerabilities, and staying up to date on industry innovations and opportunities to strengthen. In this environment, flexibility and accuracy should be priorities, and financial institutions should seek to build a screening tech stack which reflects that need.
Even with the benefit of technology, however, the sheer complexity and pace of the evolving sanctions challenge may seem overwhelming to some firms, and leave them racing to shore up gaps in their screening solutions. Parminder noted that the challenge involves managing “the operational volume of BAU alerts” generated by screening activities – which can make firms feel they don’t have the capacity “to start looking at different networks of sanctions and evasion typologies”.
However, Parminder also pointed to the huge amount of resources available to help compliance teams steer their organisations through sanctions uncertainty. He listed numerous examples during the Masterclass, including official government publications, best practice guidance, think tank articles, and alerts such as those issued by the Office of Foreign Assets Control (OFAC).
“There are so many different data sources out there in structured or unstructured formats,” said Parminder. “You can incorporate that data into a typical sanctions screening programme. Every time there’s a new designation, how many people will actually go and read the press release? There’s some really interesting information in there.”
Integrate Automated Sanctions Power
Don’t wait for practical sanctions challenges to start testing your screening solution. With regulators bringing harsh non-compliance penalties down on firms that breach restrictions, it’s more important than ever to be confident about your ability to detect and deal with risk.
Ripjar’s sanctions screening solution is designed to help financial institutions address those challenges, optimise their sanctions compliance performance, and harness global risk data to empower decision-making.
Powered by cutting-edge AI, it enables real-time name searches of global sanctions lists and thousands of media and data sources from around the world. The platform includes powerful search support features, including AI Risk Profiles which extract the most relevant information about customers, and AI Summaries, a generative AI (GenAI) feature that adds concise prose descriptions of a target customer’s AML risk to their risk profile.
Watch the Sanctions Masterclass recording on demand