The quality of data is extremely important in compliance — it can mean the difference between effective screening and producing unnecessary false positives. Quality data increases the efficiency of screening processes and allows for better matching results overall. Compliance integration with internal systems in a seamless manner is also necessary in order to assure enhanced risk management.
In this article, we’re going to examine some case studies of compliance screening issues and how they were resolved. These are excellent models for any organization to use and apply to their own internal systems. Common compliance screening problems include:
Some of the most common compliance problems are with data extraction issues. Good data is crucial if risk is to be managed properly.
One common problem that institutions face is a multiple date formats. A U.S.-owned multinational bank might have offices all over the world, with dates formatted differently depending on the country of the person entering the information. In the United States, we write June 7, 1983 as 6/7/83 — however, in other countries it is written as 7/6/83. This causes a problem with consistency and could lead to duplicates or a real hit being missed due to misinterpretation of the date. There are also issues with invalid or “dummy” dates, such as 0000, which are often used as placeholders when information is unknown. Dummy dates can be eliminated by requiring all data fields to be entered, and not left blank with placeholders. This will drastically improve the quality of the data.
These issues can be resolved by implementing a process to reformat the dates to yyyymmdd or ddmmyyyy to standardize the date order. If varying date formats are common, it is also helpful to conduct frequent analyses to stay on top of the issue.
A Lloyds underwriter and a global gaming company had problems with their screening process not being able to distinguish between a person and an organization. It was matching every name against both organization and person lists and creating unnecessary false positives.. Their solution was to utilize data dictionaries to determine whether the entity was a person or a company, which allowed them to apply the appropriate matching criteria based on the type of record. This step dramatically reduced their false positive rate.
It is also important the data extraction is standardized across customer and compliance data. Many of these problems can be fixed with a procedure that ensures the system is collecting only the data it needs.
Matching processes are improved when the data quality is enhanced.
We know that the quality of the data determines whether or not false positives are generated. One major financial services firm was dealing with over 50 million customers to screen, and due to their poor data quality, they were getting an unmanageable amount of false positives. This was in addition to duplicate records that appeared because of initials, ambiguous names, and using the wrong matching data.
The solution to this issue required a consulting session — coupled with a technology solution — that fixed the data quality issue and removed the duplicate alerts. By implementing these procedures, the match quality improved and the number of alerts requiring review was significantly reduced, This decreased the number of work hours needed, and ultimately, the financial cost of sorting through and dealing with bad data.
Bad data can also lead to false positives related to Politically Exposed Persons (PEPs). When a U.S.-based retail and commercial bank screened against PEPs and their associates, they got a large amount of false positives. This institution wanted to reduce their PEP false positives without increasing their risk. This problem was resolved by creating two lists: one that matched against only PEP lists, and another that matched against PEP and sanctions lists. This allowed them to apply different matching rule sets based on the type of PEP.
Not only did this decrease the number of PEP false positives, it also gave the bank better knowledge of their PEP customers — and how to make decisions regarding these clients accordingly.
There are many ways to integrate compliance into your internal workflow — depending on your situation.
Compliance needs to be successfully integrated into a company’s internal system if risk is to be mitigated, but, at the same time, business must continue as usual. When a U.S.-based Property and Casualty (P&C) insurance provider wanted to ensure prompt payment of claims to customers, they knew they would need an accurate way to manage risk during this process. They opted to integrate FinScan into their claims management system and can now immediately search their clients against the OFAC list and determine if there is a hit or not. This allows them to decrease their risk and keep their customers happy with quicker payouts.
Every customer applying for a credit card appreciates a quick turnaround on their application. When a mid-size Canadian bank wanted to assure faster — and safer — customer onboarding, FinScan was integrated into their credit card approval process. They wanted customers to be happy with the turnaround time, but they also needed to ensure that compliance checks were in place.
When this process was implemented, it provided real-time compliance and even allowed the bank to turn the credit card applicant number into a customer number, which reduced duplicates in their screening. Customers can now apply directly online at the bank’s website and get an instant result.
A large international insurance company wanted to submit smaller, periodic batches of customer records and receive immediate results as to their screening status. They were able to utilize a custom HTML web service that sent these batches to the compliance department for review. This created a process for a periodic review of records that did not interrupt their regular business flow and allowed them to fulfill their risk management obligation.
Example 8 — Screening by Specific Projects
Some companies require screening on a case-by-case basis and may have different names each time. A Latin American construction company needed to reduce their risk when it came to hiring employees, vendors, and contractors for different projects. They implemented a mini batch project that allowed them to upload names and conduct a one-time screen. This gave them instant results and provided detailed reports for auditors at the same time.
As these case studies emphasize, nothing is more important in compliance than good data. Data quality determines whether your compliance team will be stuck sorting through false positives or efficiently moving through your screenings. In addition, efficient integration of your compliance systems with the internal processes of your company is key to more effective risk management and increased customer satisfaction.