A key part of running a business is managing risk. One major risk to manage? Unsavory customers, including people and businesses you do not want to do business with.
That’s where watchlist screenings come into play. Part of the broader Know Your Customer (KYC) process, watchlist screenings are a critical way to make sure you know who your customers and users are — and whether or not you should be doing business with them
Below, we take a closer look at what a watchlist screening is, the different types of watchlists you should be checking against, and how the process works. We also discuss how watchlist screenings fit into the broader compliance or risk assessment framework, and provide best practices to guide you as you build your watchlist screening strategy.
What is a watchlist screening?
A watchlist is a database, list, or electronic record that contains information about people, companies, and other organizations deemed for one reason or another to be high-risk. While the information will vary from source to source, watchlist data often includes:
- Names and aliases
- Biometrics (fingerprints, portraits or photos)
- Taxpayer ID numbers (TIN, SSN)
- Nationality
- Date of birth
- Addresses
- Contact information (phone and email addresses)
- Additional information on a case-by-case basis, such as criminal records, connections to other individuals, etc.
Given this, a watchlist screening is the process of taking customer information and comparing it against the records contained within one or multiple watchlists to better understand who that customer is and what risks they might pose to your business. This is typically done as a part of the customer onboarding or account creation process.
While global watchlist screening is an integral part of Anti-Money Laundering (AML), any business can conduct watchlist screenings to ensure that they do not do business with criminals or other high-risk individuals.
Watchlist screenings are also sometimes called watchlist checks or, in the context of AML, an AML screening.
Types of watchlists
Watchlists come in many different varieties, and may contain different information depending on the source and the type of risk that a person or organization may pose. Below are five types of watchlists to consider screening against:
1. Sanctions lists
When a government sanctions a person or organization — typically due to geopolitical tensions, human rights abuses, or violations of international law — it will add that entity to a sanctions list in an attempt to remove them from the global financial system and make it difficult for them to access and move funds. Generally speaking, in order to do business in a given jurisdiction, you will need to ensure that you are not also doing business with any person or organization listed in a sanctions list maintained by that nation. Some important sanctions lists to know of include those maintained by the following government agencies:
- Office of Foreign Assets Control (OFAC) — US
- European Commission — EU
- United Nations Security Council — UN
- Office of Suspension and Debarment (OSD) — World Bank
2. Politically-exposed persons (PEP) lists
A politically-exposed person (PEPs) is an individual that either holds a position of authority in a government, agency, or political organization or who is closely associated with such an individual (i.e., family and friends). Because PEPs hold significant influence, they are considered to carry increased risk of money laundering, bribery, corruption, and related financial crimes. PEP lists are databases maintained by governments or organizations that contain information about these individuals.
3. Adverse media lists
Adverse media refers to any media source (news, television, radio, internet, social media) about an individual or business that might indicate risk. Examples might include a news article about one or your customers being previously arrested for accepting a bribe, or a social media post where the individual admits to engaging in harassment. Adverse media checks involve inspecting a variety of sources, including databases, for mentions of the individual paired with certain keywords.
4. High-risk jurisdictions lists
A high-risk jurisdiction is any country, state, or territory that is deemed to carry high risk of money laundering or the criminal financing of terrorism. Due to the increased risk of doing business with individuals located in these jurisdictions, many companies simply choose to avoid doing so — or else make use of heightened monitoring. The Financial Action Task Force (FATF) maintains a comprehensive list of such jurisdictions, as do many governments.
5. Terrorist watchlists and wanted persons lists
Many government and intergovernmental agencies maintain lists of individuals who are either wanted for terrorism and other serious crimes, or who are connected in some way with such individuals. Generally speaking, it’s a good idea to ensure that the individuals your business engages with are not on these lists. A few important terrorist global watchlists or wanted persons lists include:
- FBI most wanted list
- Interpol wanted persons list (Red Notices)
- Department of Homeland Security Terrorist Watchlist
Why is watchlist screening important for businesses?
Watchlist screening is perhaps most important for any business that is subject to anti-money laundering (AML) regulations, and for a simple reason: It’s required.
AML laws and regulations exist to make it more difficult for criminals to launder money through the global financial system. Watchlist screenings are a key part of the risk-based approach to AML recommended by the FATF. Failure to ensure compliance or conduct appropriate screenings can result in significant penalties and fines, including jail time and even the sanctioning of your business.
But even if your business isn’t subject to AML laws, watchlist screenings can often prove valuable. They can, for example, help with risk assessment to avoid the reputational damage that might come from doing business with a known criminal or other scandalous figure. Likewise, screenings increase the likelihood that you might catch fraudsters or other criminals that might be trying to leverage your business or platform to carry out fraud.
How watchlist screening works
Watchlist screening can vary as a process from organization to organization, but generally speaking, it will look something like this:
- Information collection: You collect identifying information (name, date of birth, contact information, etc.) and evidence (government-issued ID, selfie, documents, etc.) from the individual, business, or organization looking to open an account or otherwise do business with you.
- Identity verification: Using the information and evidence gathered, you verify the identity of the individual and/or business via your Know Your Customer (KYC) and Know Your Business (KYB) processes. This will typically involve some combination of government ID verification, document verification, database verification, and selfie verification.
- Watchlist screening: Once the identity has been verified, the information you collected from the individual or business — often the name, taxpayer ID number, and date of birth, at a minimum — is scanned against one or multiple local or global watchlists looking for a match.
- Match notification: If a match is detected, you are notified of it so that you can determine next steps. This may involve opening a manual review to ensure that the watchlist data match is accurate and that it isn’t a false positive. Alternatively, it may involve initiating other forms of enhanced due diligence (EDD) as established in your AML processes.
Automated vs. manual watchlist screening solutions
Whether you conduct your watchlist screenings manually or via an automated solution will ultimately depend on your volume — i.e., the number of screenings you need to conduct — and your resources.
Generally speaking, manual screenings are incredibly difficult to implement at scale and — as with many manual processes — are prone to human error, often producing too many false positives or false negatives. With this in mind, automated solutions have become the norm for most organizations. These solutions integrate with a variety of data sources and rely on artificial intelligence and machine learning to quickly scan the data contained within them looking for a match.
Best practices for watchlist screening
Watchlist screenings can be a powerful addition to your due diligence processes, but there are steps you can take to make them even more powerful.
1. Fine-tune your match requirements
How strictly should a person’s name match a record in a watchlist in order to trigger a positive or warrant further investigation? Should a positive result be triggered only when there is an exact match, or should it also be triggered when a match is “fuzzy;” i.e., when it contains a typo or is a close (but not exact) match to a record?
Generally speaking, enabling fuzzy matches will result in more individuals being flagged as potential risks — including false positives — but it will result in fewer high-risk individuals slipping through the cracks undetected. Exact matches, on the other hand, may result in fewer false positives, but could introduce more risk to the equation.
There is no right or wrong answer to this question. Ultimately, it’s something that only you can answer, based on your business’s risk tolerance and conversion goals.
2. Look for a solution that supports diverse scripts
It’s sometimes easy to forget the fact that not everyone uses the same alphabet, script, or writing system. While the Roman alphabet is ubiquitous in the United States, Europe, and much of the world, other alphabets — including Arabic, Cyrillic, Chinese, Japanese, and many more — also exist.
In selecting a watchlist screening solution, it’s important to choose one that is capable of supporting a diverse array of these scripts. This is especially critical if you operate in multiple jurisdictions around the world, or if you are concerned about foreign nationals who might appear on a watchlist.
3. Seek comprehensive coverage
Watchlist screenings are only as effective as they are comprehensive. The more sources you check against and the more comprehensive the coverage of those databases, the more likely you are to identify a high-risk individual during your onboarding or KYC processes.
Ultimately, it’s up to you to decide which types of watchlists you screen against and which sources you prefer. But this is one of those times that more is usually going to be better than less.
4. Embrace ongoing monitoring
Finally, it’s important to note that watchlists are not static lists. They are constantly changing as people and organizations are added and removed. Many politically-exposed persons, for example, often lose that status 12-18 months after they leave office. Meanwhile, an individual on a terrorist watchlist may be dropped off of that list for any number of reasons depending on the outcome of an investigation.
With this in mind, watchlist screenings aren’t something that you should just do during onboarding and then never again. After all, ongoing monitoring is a core tenet of most AML requirements. In most cases, watchlist screenings should be conducted continuously according to a schedule defined by your compliance and risk teams.
Persona’s watchlist screenings
Here at Persona, we understand the important role of watchlist screenings in a broader anti-money laundering (AML), KYC, and identity verification strategy.
With Persona, you can screen your users against more than 100 global sanctions and warning lists, more than 5,000 PEP lists, and against more than 400 million media publications — on top of address lookups, phone and email risk reports, and social media lookups designed to help you assess user risk.
Our flexible identity platform gives you the power to design the watchlist screening strategy that makes the most sense to your business. Decide which lists and sources you screen your users against. Configure match requirements (including fuzzy match, equivalent name match, date of birth match, and country match) to reduce false positives and control risk. Establish an automated schedule for recurrent screenings. Do all of this within the broader context of an IDV solution built to help your business get and stay compliant.
Ready to learn more about how Persona can help you get watchlist screenings right? Request a free demo today.