Q&A – Challenges and Best Practices of AML Screening – Part 1: The Importance of Data

Below are audience questions and our presenters’ answers from the FinScan webinar, “Challenges and Best Practices of AML Screening — Part 1: The Importance of Data,” January 30, 2020. We’ve also included poll results from the live webinar.

Currently, which software solutions are the best in terms of screening?

There are many commercial screening software products on the market, but we recommend software that has the following capabilities:
  • The software should be able to handle bad data and address your data quality issues.
  • The software should have a granular matching algorithm so that you can easily specify what kind of alerts you want to see. Also, having a transparent matching algorithm makes it much easier to configure and fine tune the matching rules.
  • The software should have sophisticated compliance list integration capabilities. It should be able to take advantage of all the data in the compliance lists. It should also allow you to pick and choose which data matters to your risk-based approach and block out the “noise” that you don’t care about during the screening and alert review processes. How the software is integrated with the list database could also affect the timeliness of your list data updates and how quickly you can run your batch screening.

We have found that these three capabilities are crucial to reducing false positives and accurately identifying the risk you need to be alerted to. These are capabilities that FinScan focuses on to help our clients achieve the best screening results.

What are some of the best practices to prevent false positives?

Just like when you are building a house, it’s important that you start with a solid foundation. In the screening process, you need to address your underlying issues. This means making sure your input data is free of errors and prepared and optimized for the best screening results. Advanced screening systems should include a strong data quality capability as part of screening process. See the previous answer for more information on the best practices that we at FinScan deploy to help prevent false positives for our clients.

How can we minimize human error when the client provides the information?

Intelligent tools can identify data quality issues and address them as part of the screening process. However, there might occasionally be data quality issues that cannot be fixed, such as missing data and dummy data. In this case, knowing the level of quality of your data and accounting for the condition of your data in your matching process can greatly reduce your exposure to risk as well as minimize the amount of false positives you will get. In addition, knowing these issues also allows you to go back to other departments that are gathering the data, e.g., onboarding/account opening – and provide feedback on their processes.

In most FIs, which department is responsible for data accuracy? Operations team? IT team? Compliance team?

The departments that are responsible for data accuracy might vary depending on the institution. There could be an IT department, an AML IT team, or even a separate Data team to take care of the data for the entire institution. However, no matter which team is responsible for data accuracy, we believe that Compliance needs an easy lever to control their own data quality since the data within a company is usually not built for compliance purposes. Rather, the standards are established for Marketing, Customer Service, or other operational purposes. Compliance has specific data needs. If the screening process misses a real hit or the screening system generates too many false positives due to poor quality data that is not optimized for compliance needs, Compliance often is the one that is responsible for the consequences of the bad data. This is the reason why FinScan conducts a compliance-specific data optimization step as part of the overall screening process.

Poll results

What challenges do you face when trying to address your data issues for compliance purposes?

What would be the best practice to verify addresses?

The best way to verify addresses is using an Address Verification System (AVS). These systems have databases of valid addresses that they check against to make sure an address is not only in an acceptable format, but is a registered address in the country provided. We offer an AVS called PostLocate® that is an up-front processing tool for verifying addresses.

One rather large root problem not mentioned with Data Quality is with the first line of defense, the LOBs (Lines of Business), not obtaining all the proper KYC information in the first place. Training is either not getting through or not understood, and senior leaders at the top of the Business do not stress the importance of, and issues with, not complying with these policies and rules. Compliance is everyone’s business!

We agree with your comment! Because Compliance cannot always influence how things are done in the first line of defense or the LOBs, it’s important for them to have their own tool to control the quality of their input data that impacts the compliance processes. Here at FinScan, that is what we try to provide – a Data Quality tool built for compliance purposes that is easily controlled at the compliance level (e.g., watch list screening).

Let’s say two areas of an organization are screening the same individual. Is this a valid scenario? If yes, will that be termed as duplicate screening as well?

Yes, this is a very valid scenario and is a case of duplicate screening. FinScan connects the duplicate alerts so that when one person is reviewing a hit, that person can know where else in the company that same hit has come up or will come up. This provides a holistic view of the alert and your risk exposure.

One question regarding DOB – There is often discrepancy with DOB formats in American and EU formats (MM/DD/YYYY) and (DD/MM/YYYY). Screening twice with the two formats creates more duplicates. Any comments to avoid this?

This is why we recommend standardizing your DOB to match the format that your list data is in. You need an apples-to-apples comparison between your customer data and the regulatory list data. Otherwise, you will generate excessive false positives or miss a real hit. The first step is to conduct a data analysis on your customer or internal data to understand the consistency or lack thereof within your data. Then you can get a better feel for how to standardize it. FinScan can help you standardize the DOB formats across your organization and also match the format to that of the list data for an accurate comparison. This will eliminate the need to conduct duplicate screening and will minimize the risk of missing real hits and creating false positives.