The Definitive Guide to Customer Screening

Powered by Dow Jones, LSEG World-Check and Lexis Nexis

In this guide we explain the process and components of customer screening. We look at what screening involves, the technologies used to do it, and which common screening pitfalls you should be aware of.

KYC360 is an award-winning AML compliance platform, which enables hundreds of businesses, regulators and law enforcement agencies around the world to onboard, screen and manage the risk of their customers and stakeholders throughout their life cycle.

The KYC360 team also runs the world’s leading AML knowledge portal, visited daily by thousands of AML professionals; and KYC360’s founder, Stephen Platt, is widely regarded as one of the world’s leading experts in financial crime prevention.

What is Customer Screening?

Screening is the process of dynamically comparing the data you hold on customers, prospective customers, suppliers and counterparties against third-party data for risk management purposes. Data you might want to screen against includes: Structured data, including sanctions, PEP (politically exposed person) and watch lists Unstructured data, in the form of adverse media.

Why screen?

The principal objectives of screening are to manage the risk of doing business with ‘bad actors’ (such as sanctioned or wanted persons) and to identify customers or prospective customers who pose an elevated risk of criminality (such as PEPs) so that appropriate action can be taken to manage risk through, for example the application of enhanced due diligence (EDD).

The over-arching aim is to manage your organisation’s exposure to money laundering, terrorist financing or any other form of predicate criminality such as bribery and corruption, or tax crimes. In recent years, there’s been an increasing focus on the benefits of reputational risk management through adverse media screening which compares customers against less formal data sources for early indications of potential risk. These indicators might include information about an individual prior to the commencement of a criminal process, or to them becoming subject to sanctions.

Which businesses need to screen their customers? 

The types of business that are legally required to screen their customers vary between jurisdictions. In nearly all countries there is an ‘AML regulated sector’ and businesses that fall within its ambit are required to screen as part of their Know Your Customer (KYC) obligations. 

The types of business commonly included in the regulated sector include:

If you are unsure whether your business is regulated for AML purposes your industry body or trade association will be able to clarify the rules that apply to you.

Screening is also widely employed by businesses that fall outside the AML regulated sector to help protect against the risk of reputational damage that might arise from doing business with certain customers or becoming inadvertently involved with some form of predicate criminality. Bribery and corruption, for example, is particularly acute in the natural resources, armaments and pharma industries.

Screening technologies

Every screening solution is comprised of two components:

A screening engine - the technology that runs the data analysis and produces the results.	The external data against which user customer data is compared.

The data is the fuel that drives the engine, and a screening engine is only as good as the fuel that’s put into it. There are three types of screening tool:

• Point/Manual screening – this form of screening tool requires users to manually input the name of the customer they wish to screen. The tool then outputs the results on a customer-by-customer basis.
• Batch screening - a screening engine to which customer names are uploaded and screened automatically with whatever regularity the business determines (normally overnight). The engine outputs result in relation to all customers for which there are potential screening matches.
• Adverse media screening - screening against adverse media sources can be done either as a one-off action or as part of a batch process. It takes into account a much broader set of source data, helps to provide early warning of issues that may arise - or warning of issues that don’t fall within the scope of traditional screening categories - but carries with it the risk of high numbers of false positives if not done correctly.

The challenge for businesses wishing to optimise their compliance performance is to firstly identify what kind of screening they’re required to undertake, either by the regulatory environment or investor expectations. Then they need to identify the best screening engine technology combined with the best quality data so that they benefit from the most accurate results whilst reducing the number of false positives.

Input Data Quality Assessment

At KYC360 we know that screening results are directly impacted by the quality of input data. If you put rubbish in, you are more likely to get rubbish out. The better quality the data that is input into a screening engine the fewer false positives and the more true matches will result allowing you to focus on the signal of risk without the distraction of noise. Most screening providers rely just on algorithms to compensate for poor data quality but at KYC360 we also help you to identify and correct defects in your input data through a self-service data quality assessment tool that comes as part of our Batch screening module.

KYC360 is the only screening provider in the world to offer this functionality as a core component of its screening solution because we recognise that there cannot be effective screening without stringent quality control of input data.

The input data quality assessment function will check and provide you with a report on any data quality issues giving you the chance to take remedial steps and optimise your screening results.

Why screening matters

Failing to screen customers leaves your business open to a host of consequences, from fines and reputational damage to the criminal prosecution of staff and directors. Breaching sanctions— by doing business with a sanctioned individual or entity—is a criminal offence in almost all jurisdictions.

Increasingly harsh penalties are being applied by regulators and prosecutors to businesses that fail to screen customers adequately or fail to risk rate them appropriately. Regulators don’t even need to demonstrate that an organisation has been exposed to criminality through their customer’s activities – it is enough simply to show that its AML controls were inadequate.

Breaching sanctions by doing business with sanctioned individuals or entities is a criminal offence. In the UK for example prison terms of up to 7 years can be imposed in addition to unlimited fines for organisations that have failed to take precautions to prevent sanctions breaches.

In 2014 the New York Department of Financial Services fined Standard Chartered Bank $300m only two years after a penalty for the same amount was imposed for the bank’s role in facilitating breaches of US sanctions against Iran. The second fine was imposed because of the bank’s failure to detect a large number of potentially high-risk transactions for further review even though no actual criminality was identified. This was a salutary lesson for the entire financial services industry and emphasised the criticality of effective customer screening.

Financial crimes are not victimless.

From violent drug traffickers to fraudsters targeting vulnerable people in online scams, the ability to move illicit money without getting caught is central to a vast range of criminal activity. If your business enables it, you are facilitating the movement of money which may ultimately result in great human suffering (this conclusion was at the heart of a $1.9bn fine imposed on HSBC bank in 2012 by the US for laundering money belonging to Mexican drug cartels).

Breaching financial sanctions can also have a profound impact on international politics. As the UN recently reported, North Korea is able to fund its nuclear programme by means of a sophisticated network of shell companies and money laundering techniques, through which North Korean businesses were able to continue trading with the rest of the world.

Adverse media screening can provide early warning of these risks and also indicate a host of other risks posed by suppliers or customers to the reputation or good standing of your business. In an age where the social consciousness of consumers has become increasingly important, this has assumed a new significance.

Screening is not a panacea. But it is a critical first step in ensuring that your business doesn’t become a conduit for criminal money. Failing to screen leaves your business open to a host of consequences, from fines and reputational damage to the criminal prosecution of staff and directors.

What sources should I screen against?

As a minimum you should screen against sanctions lists, PEP lists, and government watch/blacklists.

Sanctions Individual countries and multinational bodies (e.g., the EU and the UN) impose sanctions measures to pressure other countries or organisations to change their behaviour. Sanctions can apply to individuals, specific businesses or whole nations. Breaching a sanctions measure, or assisting another party to do so, is nearly always a criminal offence. Businesses must scan customers against sanctions lists issued by all the jurisdictions in which they are operating or to which they have operational links, in addition to lists issued by multinational bodies.  Although the sanctions regimes are published by some of those states that employ them, it’s still important to use a high-quality data provider, because in many instances a sanctions regime will identify only an individual and not all of the entities connected to that individual - all of which will nonetheless fall within the ambit of the sanctions measure. That’s where a high-quality data provider such as Dow Jones or LSEG World-Check will assist in identifying these linkages for you.	Politically exposed persons Politically Exposed Persons (PEPs) are individuals who hold or have held a significant public function. This function might give them influence over, for example, the spending of taxpayer money or the allocation of contracts by state owned enterprises. As such, they are regarded by the Financial Action Task Force as a category of individuals which is more susceptible than most to engaging in bribery and corruption, and money laundering activity.  Screening providers maintain databases of millions of global PEPs, and Relatives and Close Associates (RCAs). Nearly all jurisdictions require their regulated sectors to establish if applicants for business are PEPs and to profile and treat them as high risk.
Watchlists Watch lists or blacklists are official lists of individuals and companies which may pose a greater financial crime risk owing to their past behaviour. They may include lists of wanted criminals or suspects, lists of persons disqualified from holding directorships or holding executive positions in the finance industry or lists of persons convicted of particular crimes. Watch lists don’t capture every criminal offence and are not a comprehensive source for criminal records. KYC360’s data sources track over 4,500 global watch lists maintained by bodies ranging from Interpol to national financial regulators and prosecutors.	Adverse media Screening an individual for adverse media coverage involves looking for any negative mentions of them in news media and wider open-source information. Adverse media screening could reveal that, for example, a potential customer was convicted of a criminal offence but not one deemed sufficiently relevant to financial crime to merit their inclusion on a watch list. Or you might find that an individual is in the process of being tried for an offence which would be relevant to financial crime - just that proceedings have not yet concluded. In some jurisdictions, adverse media screening is reserved for enhanced due diligence checks – but it is good practice to carry out basic adverse media screening for all customers, particularly as it can reveal information not included on official sanctions, PEP and watch lists. In recent times, regulators’ expectations have increased, and many financial services businesses are now seeking to carry out continuous adverse monitoring, at least in relation to their higher risk customers.

The Screening Cycle

When should you screen?

The answer to this question depends upon how robust you want your compliance program to be. Historically there were two approaches: Manual screening at onboarding and periodically thereafter for example at annual review Manual screening at onboarding and periodic review AND automatic overnight batch screening of all customers Some organisations are now choosing to augment overnight batch screening with automatic adverse media screening of some or all of their customers.

The more rigorous the approach, the less is left to chance. Events impacting customer risk can occur very rapidly, so the sooner businesses can be alerted to a change in the risks presented by a customer the better.

The danger with not overnight batch screening customers is that a business is oblivious to a customer’s inclusion on a sanction, PEP or watch list or some adverse media until the next time they conduct a manual screen - perhaps several months or years later.

In those circumstances it can be very difficult for a business to demonstrate that it had undertaken sufficient KYC on the customer. In the worst cases it can lead to allegations that the business facilitated criminality through inadequate customer risk management processes.

When to conduct enhanced due diligence

Enhanced due diligence (EDD) means investigating a customer more thoroughly than you would in regular screening. In most jurisdictions, in the course of regular screening, you will be required to conduct EDD when you have identified that you’re dealing with a high-risk customer.

The form your EDD takes should depend on the nature and severity of the risk. It can vary from an adverse media check, to investigating corporate structures linked to an individual, to verifying income sources.

EDD should leave you confident that any risk has been mitigated and is unlikely to affect your business. Red flags that might lead you to carry out EDD include:

• A customer is a PEP or is on a watch list (PEP status alone isn’t sufficient to reject a customer: the majority of PEPs are not engaged in corrupt activities, though they should be treated as high risk)
• A customer has adverse media associated with them relating either to financial crime risk or to reputational risk for your business.
• A customer told you something during onboarding which causes you concern, such as an unusual, proposed activity profile, or that they have family links to risky jurisdictions.

Always document both the EDD you carry out and the rationale behind any resulting actions.

Interpreting results

Confirm that the results do indeed relate to your customer. If you are unsure of the accuracy of the match, then use metadata such as passport number, date of birth, country of origin and so on.

If you get a name match that is close but not identical, check the metadata to ensure it isn’t an alias for your customer.
Sanctions, PEP and watch lists are drawn from databases compiled by experienced data providers about individuals or corporates who pose some form of risk Adverse media searches pull in material from all of the search-able web.

In analysing adverse media search results, it is important to consider the provenance of each result. Does it come from a well-regarded, widely read news organisation? Or is it drawn from a smaller blog or website, the output of which may be less reliable? Unmoderated blogs or results from small, local news outlets, aren’t necessarily irrelevant but you should seek to corroborate any information gleaned from them against other sources.

A result that says ‘this person is involved in bribery’ is easy to interpret. Other types of result—a complex corporate structure from a ‘KYB’ (Know Your Business) data provider, for example — may not be. Your staff will need a degree of understanding of money laundering ‘hotspots’ and methodologies in order to assess risk effectively and should be trained accordingly.

Avoiding common screening pitfalls

There are a few common pitfalls to be aware of along the way.

	“We know our customers.” Businesses often develop a false sense of security about the risk profile of a particular customer or group of customers. This could be because they have met the person in question, have a longstanding professional relationship with them, or because the business and the customers are in the same jurisdiction. This attitude of “we know our customers”, especially amongst more senior staff who have an historical relationship with some individuals and personally vouch for them (think old boys’ network), can lead to red flags being overlooked. In addition, the failure to recognise the risks associated with your own jurisdiction is a particularly common pitfall. Also, don’t forget that customer risk can change over time. A person who has been low risk for many years may become high risk owing to a change of job, moving abroad or being elected to political office. If you don’t batch screen them, you may not find out about their change in risk profile until it’s too late!
	Insufficient frequency of screening Historically, adverse media screening has been an activity that takes place periodically, typically at onboarding and review points within a relationship. Carrying out this activity only once every two- or three-years risks missing important information about changes to a customer’s status. Increasingly businesses are seeking to automate adverse media screening using new technology to ensure that they will always be aware of changes to a customer’s status as soon as they are reported.
	Lack of staff knowledge Many frontline staff have a limited understanding of the ways in which their business can be abused by criminals. Staff often report that they would not feel confident analysing a customer’s rationale and activity in relation to a particular product — let alone whether the rationale and activity are consistent with one another, or fit expected norms. Developing staff understanding of the money laundering risks faced by your business is not expensive. Along with initial screening and risk-based transaction and profile monitoring, it should be a core element of your financial crime prevention strategy. Effective KYC requires much more than verifying that customers don’t have a criminal record. It’s not always possible to fully ‘know’ each customer, but training staff to know what the wrong sort of customers might look like will pay handsome dividends.
	Evidencing your work Under almost all regulatory regimes, businesses are obliged to keep good records of compliance- related work. Document not only any screening you carry out but also any decisions you took on the basis of it (e.g., “we collected the following results and discounted them for this reason…”; “we made the following assessment of this adverse media report …”). Include minutes from relevant meetings. Printed, filed reports are hard to search and tend to go missing; we recommend storing everything in a document management system, or at least on an appropriate shared server.  Modern batch screening technology should create a complete evidence trail automatically, showing all actions taken by your staff including adverse media searches carried out, so that the data is stored securely in one place, can easily be retrieved, and can also be analysed for management information purposes.

How KYC360’s platform optimises your screening process

Download a PDF copy of this guide to help you on your journey.

Screening from KYC360   

Whether you need to do the occasional ad-hoc screening check, or monitor millions of customers overnight, KYC360 has the right solution for you. Our unique and award-winning 3D risk-based approach to screening ensures that your false positives are minimised with no compromise on true matches. 

Our focus on enabling you to generate rapid return on investment allows you to deploy and configure the solution in minimal time.
The KYC360 screening solution is integrated with data sets from all the world’s leading data providers including Dow Jones, World-Check and Lexis Nexis allowing you maximum flexibility and optionality.

KYC360 is the first and only screening solution to employ meta-data improvement techniques to increase the accuracy of input data used as the source for screening. This results in a reduction in false-positives by two-thirds compared to major competitors.

Whether utilised onsite or as a SaaS solution with fully featured API our screening solutions generate significant operational efficiencies whilst boosting your compliance performance.

Learn more

Part of the KYC360 Customer Lifecycle Management Platform Screening is part of the end-to-end KYC360 modular CLM platform allowing you to seamlessly integrate customer onboarding flows with screening and pKYC. By adopting the platform, your business can consolidate its system stack and benefit from significant operational efficiency gains, improved decisioning and MI.  Comply and Outperform with KYC360. Learn more