In previous articles, we look at our testing of sanctions screening systems, where we provide assurance over the effectiveness of a screening system and provide benchmark analysis of a system’s screening effectiveness compared against industry benchmark statistics.
In this series of articles, we will delve deeper into the test types that constitute our sanctions effectiveness testing, to highlight the comprehensive nature of this testing. This first instalment will explore exact name screening testing.
Exact Name Screening
Screening lists contain names of sanctioned entities. If a name is presented for screening exactly as provided on a screening list, we would expect a screening system to generate a sanctions alert for that name as a minimum screening requirement. There are exceptions where there are valid reasons why an exact name might not report an alert, and we will explore a few of those further on. Our approach is to expect 100% of exact names to generate a screening alert unless there is an acceptable rationale for not reporting an alert for an exact name.
Exact Name Types
During our screening effectiveness testing, we would include in our customer and payments screening testing, every exact name from every screening list that we expect a screening system to screen against, this includes all the following exact name terms:
- Personal Names
- Company or Organisation Names
- Name alternate spellings / Aliases
- Literal Names
- Sanction lists often contain poorly presented names, for example, “AHMAD (AHMED) SANTOS”. We typically parse such names to create more realistic names, here we would create 2 test cases: AHMAD SANTOS and AHMED SANTOS, but optionally we can also include names literally as they are presented on source screening lists.
- Weak Aliases
- Names in other languages
- Names in other character scripts, e.g. Greek, Cyrillic or Arabic.
- Country names, and city, town, region, and port names (CTRP) from sanctions restricted countries.
- Private Screening Lists
- An organisation may maintain their own lists of restricted names, which we can include if required.
Typically applicable for payments screening only, we also include all exact:
- Vessel Names
- Vessel IMO Numbers
- BIC Codes
- Chinese Telegraphic Codes
- Digital Wallet IDs
Name Type Screening Scope
Not all of the above names types would be within screening scope of an organisation’s sanctions screening policy. For example, the screening of weak aliases is not a regulatory requirement and an organisation will make their own policy decision whether or not to screen for these names; vessel names may not be applicable for a particular business. CTCs and Digital Wallet IDs are recent new additions to screening lists, and may not be deemed appropriate to screen for depending on an organisation’s risk appetite.
Foreign language names and names in non-Latin character scripts may or may not be within screening scope depending on the geographical areas an organisation conducts business and the nature of the customer names within the organisation.
Inclusion or exclusion of test types is configurable and we tailor our testing to match a client’s requirements.
Payments Message Types and Fields
For payments screening testing we don’t just provide a sample payment message containing an exact name to validate that the name generates an alert, but we extend this testing as follows to provide comprehensive testing of payments message screening for exact names throughout the message content:
a) We select a commonly screened payment message and field, which for SWIFT payments might typically be a SWIFT MT103 payment message with the test name populated in a 50F customer name field. Here we can be confident the MT103/50F message field will be included in screening, and we populate MT103/50F test cases with every exact name from every included list file to validate that all list exact names generate alerts as expected.
b) We also take a small sample of high-quality sanction list exact names, where we can be confident the list name would generate an alert for that name, and we generate test cases with the same name in every different payment message type and every different field within each message type.
Here, we expect the exact name to generate an alert, and it is not the name that we are testing here, rather we are validating that wherever a sanctioned name may be provided in a payment message, that screening will correctly report an alert from that payment message/field. We perform similar field coverage testing for other test types such as BIC codes, Vessel Names, Country codes etc.
Exact Name Match Results Analysis
As stated previously, we expect 100% of exact names to generate a screening alert, unless there is an acceptable rationale for not reporting an alert for an exact name.
For any exact names that do not generate alerts from screening, we review all results and identify reasons for why names may not have alerted. If the reason is acceptable, perhaps the name is a poor quality weak name, then we discount such names from our analysis, but any reasons that suggest a potential screening issue, we report for subsequent investigation and recommend potential mitigating actions to improve the screening. Hopefully the above will provide an indication of the comprehensiveness of our sanctions screening effectiveness testing. In this article, I described only our exact name tests which forms just one small part of our screening testing. We also include many other test types such as variations of personal names, fuzzy tests, and efficiency tests, which I will describe in subsequent articles.
If you are interested in talking with us about the benefits of using the effectiveness of our comprehensive sanctions testing then please contact us.