A Framework for Decoding Sanctions Screening Results

Whether you use AML software or perform manual name screening, sanctions screening outcome interpretation is not limited to segregating screening outcomes into usual categories, such as those needing regulatory reporting and those requiring no action. Each match has a distinct implication, and the criteria for its analysis, disambiguation, and categorisation are based on the degree of similarity or distinction with key identifier details of the customer and sanctioned individual or entity. This blog provides a framework for decoding sanctions screening results so that you can categorise them into Perfect Match, Partial Match, False Match, and No Match.

A Framework for Decoding Sanctions Screening Results

What is Sanctions Screening?

Sanctions Screening is a process through which the names of prospective and existing customers, who can be natural persons or legal entities, are matched against names available in relevant and applicable sanctions lists to check if any of the customer names match those contained in the sanctions list.

What is Sanctions Compliance Program?

Financial Institutions, DNFBPs and VASPs operating in the UAE must have in place a Sanctions Compliance program that documents the Targeted Financial Sanctions (TFS) compliance measures, such as Sanctions Screening methodology, tools, and measures. Such a Sanctions Compliance Policy would generally elaborate upon the measures taken to assess sanctions-related risk by the regulated entity considering the regulatory framework in UAE concerning sanctions compliance and set rules and steps for conducting and disambiguating screening matches.

What is Targeted Financial Sanctions (TFS) ?

Targeted Financial Sanctions (TFS) are restriction measures imposed by UAE requiring Designated Non-Financial Businesses and Professions (DNFBPs) to freeze funds with other assets of any existing or prospective customer whose name is found in any of the:
  • Local Lists, including UAE local terrorist lists issued by the Cabinet and sanctions lists containing names of natural persons and legal entities linked to the Financing of Terrorism (FT) or Proliferation Financing (PF) of weapons of mass destruction.
  • Sanctions lists issued by the United Nations Security Council Resolutions (UNSCRs). The names of relevant UNSCRs for DNFBPs in UAE, according to Circular No. (2) of 2022 for implementation of Cabinet Decision No. 74 of 2020 are Resolutions 1718 (2006), and 2231 (2015) and following resolutions.
Also, read about aligning your business with global sanctions lists.

Why is Sanctions Screening important for AML compliance and fighting ML/TF/PF?

  • To ensure that prospective and existing customers do not bring along Money Laundering (ML), FT and PF risks to the regulated entity.
  • To identify if any prospective or existing customers appear in any of the relevant sanctions lists and report them to the UAE Financial Intelligence Unit (UAE FIU) through the goAML portal, ensuring regulatory reporting compliance obligation.
  • To ensure compliance with sanctions screening regulatory requirements prescribed in applicable Anti-Money Laundering and Counter Financing of Terrorism (AML/CFT) and TFS regulations in UAE.
Also, read the role of sanctions in achieving international peace and security.

What are the Common Sanctions Screening Outcomes?

Sanctions Screening process usually generates four types of outcomes, namely:

1. Perfect Match

The name of the customer matches completely with the screening outcome generated through screening across relevant Sanctions Lists. A complete match is also known as a full match, or complete match, or an exact match.

2. Partial Match

The name of the customer partially matches the screening outcome generated through screening across relevant Sanctions Lists.

3. False Match

The name of the customer does not match with the screening outcome generated through screening across relevant Sanctions Lists.

4. No Match

Screening the name of the customer across relevant Sanctions Lists generates no or zero outcomes.

Sanctions Screening Process

The Sanctions Screening Process is carried out by taking the following steps such as:

1. Subscription to relevant and applicable Sanctions Lists

The FIs, DNFBPs, and VASPs are required to subscribe to the Executive Office for Control & Non-Proliferation (EOCN) mailing list to receive updates as to the addition and deletion of names in the sanctions list.

2. Collection of Key Identifier details

The DNFBPs are required to collect information to input data for conducting sanctions screening, such as in the case of:

a. Natural Person:

  • Name
  • Aliases
  • Date of Birth
  • Nationality
  • ID or Passport information
  • Last known address
b. Legal Entity:
  • Name
  • Aliases
  • Address of Registration
  • Address of branches, if any
  • Other relevant information

c. Ultimate Beneficial Owner (UBOs) of Legal Entity

  • Same as that of a natural person

3. Name Screening

Upon collection of key identifier information, all there’s left to do is to enter the key identifier details of the customer into the appropriate fields given in the Sanctions Screening software and execute the name-match command, doing so, will trigger the sanctions screening software to start searching the customer name entered across various relevant and applicable sanctions list to which the DNFBP is subscribed to.

The name-matching process can also be undertaken manually by searching through the relevant sanctions lists.

4. Screening Outcome Generation

Once the name-matching process is executed by the name screening software, screening outcomes will be generated, depending upon the type of filters and match percentage accuracy threshold settings configured into the sanctions screening software.

5. Screening Outcome Disambiguation

Finally, the analytical role of a Screening Analyst comes in; the screening outcomes generated by the sanctions screening software need to be segregated and organised by the screening analyst into the following categories:
  • Perfect Match
  • Partial Match
  • False Match
  • No Match
Enabling the regulated entity to deploy adequate AML/CFT Customer Due Diligence (CDD) measures and imposing TFS freezing measures if the need arises, based on the framework for decoding sanctions matches.

Decoding Sanctions Screening Matches: A Step-by-Step Guide

Usually, in a large-scale organisation, distinct roles and responsibilities are assigned to relevant personnel, such as having a dedicated Screening Analyst to decode sanctions screening results. However, a small business, usually having very few or no employees, requires the owner or founder to take responsibility for decoding sanctions screening results.

Also read, risks of unaddressed matches in sanctions screening.

Decoding the Sanctions Screening Results requires the person entrusted with screening matches disambiguation to conduct the following measures:

1. Initial Assessment:

When attempting to decode sanctions screening results, an initial assessment needs to be carried out. Ideally, this can be commenced by segregating screening results into potential matches and obvious false matches.

2. Verification and Validation:

The potential matches derived need to be examined for further verification of potential matches with the key identifier details of the customer collected by the regulated entity.

This verification process would entail careful comparison between the key identifier details of the customer and those mentioned in the profile of a potential match. Based on comparison, the degree of similarity between customer details and the screening outcomes generated can be validated.

Followed by verification, the validation of such findings is carried out with the help of government-issued customer identification documents or copies of the same available with the regulated entity. Examples include a Passport or Emirates ID for a natural person as a customer and a trade license or the certificate of registration of the legal entity.

The validation process helps in determining whether the potential match can be classified as:

  • Perfect Match
  • Partial Match
  • False Match
  • No Match

3. Risk-Based Approach (RBA):

The fundamentals of RBA dictate that risk mitigation measures must be applied in proportion to the extent of risk faced by an entity. In the AML/CFT and TFS compliance context, adopting RBA would mean that a business applies ML/FT and PF risk mitigation measures, such as Standard Due Diligence, Simplified Due Diligence, and Enhanced Due Diligence (EDD) based on the degree and extent of ML/FT and PF risk posed by the customer to the business.

Sanctioned individuals and entities pose a high degree of ML/TF/PF risks, and hence, the regulated entities are obligated not to establish a business relationship with them, apply freezing measures and submit a Funds Freeze Report (FFR). Further, in the case of partial matches, the risks could be higher, and hence, the regulated entities are required to submit a Partial Name Match Report (PNMR) with the UAE FIU.

4. Escalation:

Depending upon the severity of the sanctions screening outcome finding, the case can be escalated internally to the AML Compliance Officer or Money Laundering Reporting Officer (MLRO).

5. Documentation:

The regulated entity must document all the procedures, steps, methodologies, tools, sanctions lists subscribed to, verification findings, and validation exercises carried out while conducting match disambiguation and the sanctions compliance process.

6. Regulatory Reporting:

Depending upon the screening outcome, if a perfect match or partial match is found, such an observation and finding must be reported through the goAML portal by the regulated entity within 5 calendar days of such an observation.

7. Record-Keeping:

To ensure compliance with record-keeping requirements imposed by relevant regulators, regulated entities conducting Sanctions Screening must maintain all records of their Sanctions Compliance Program, including sanctions screening results, screening disambiguation findings, and CDD measures taken for the prescribed period.

Let us now delve into decoding screening results based on customer profile and details of potential match found during sanctions screening process.

Decoding Sanctions Screening Results: Perfect Match

Decoding Sanctions Screening Results when there is a Perfect Match requires the person conducting screening outcome disambiguation to know how the perfect match outcome is derived. A perfect match outcome is derived when all key identifier parameters of the customer match the screening outcome in totality.

Understanding the Sanctions Screening Perfect Match Disambiguation Matrix

Understanding the Perfect Match disambiguation matrix is quite straightforward. The comparison between the customer profile and screening outcome would visually appear like the matrix given:
In a Perfect Match scenario, all the key identifier parameters of sanctions screening outcome and the customer profile are compared with one another. The conclusion of such comparison is that both the customer profile and sanctions screening outcome have been found to match exactly with one another, resulting in the initiation of the regulatory reporting process by the regulated entity conducting sanctions screening.
Note:
  1. The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the sanctions screening outcome.
  2. For a sanctions-perfect match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions Perfect Match

Upon finding a perfect match because of sanctions screening, the regulated entity is required to:
  • Freeze the assets of the sanctioned customer within 24 hours and prevent making any funds or services accessible to them.
  • File a Funds Freeze Report (FFR) on the goAML portal within 5 calendar days of becoming aware that the customer has been sanctioned.
In case a prospective customer is found to be a perfect match, the regulated entity is required to:
  • Reject or avoid onboarding the prospective customer.
  • File a Funds Freeze Report (FFR) on the goAML portal within 5 calendar days of becoming aware of the customer being sanctioned.
While taking the above measures, regulated entities must ensure that they do not let prospective or existing customers become aware of such a perfect match outcome.

Decoding Sanctions Screening Results: Partial Match

Decoding Sanctions Screening Results when there is a Partial Match requires the person conducting screening outcome disambiguation to know how partial match outcomes are usually found. Partial match outcomes are found only when the name of the customer matches partially with that of the screening outcome as either due to lack of further information, the match disambiguation exercise on remaining key identifying factors cannot be concluded or only limited key-identifier details match, such as first name only.

Understanding the Sanctions Screening Partial Match Disambiguation Matrix

The partial match disambiguation comparison between the customer profile and screening outcome would visually appear like the matrix given:
In a Partial Match scenario, upon a comparison of all the key identifier parameters of sanctions screening outcome and the customer profile, only the partial name of the customer matches with that of the screening outcome. Some of the reasons for partial name match are as follows:
  • Lack of complete information with screening data, sanctions data aggregator, or the DNFBPs themselves, where the screening analyst can neither confirm nor deny the potential match as perfect match or no match.
  • Lack of validating documents such as government-issued identification cards or licenses (in case of a legal entity customer) that can help rule out a potential match result as no match or perfect match. Also, upon request, the customer fails to provide or avoids providing additional or missing validation documents, or repeated requests for the same might result in ‘tipping off’ the customer.
  • Though the regulated entity is in possession of validating identifying documents or the screening aggregator provides such information through their database, the authenticity of such information or documentation is questionable due to identifying documents appearing to be forged or tampered with, resulting in inconclusive findings, often the photographs match, date of birth or age matches, and the partial name matches but remaining information is different. Such a situation can be the result of forged or tampered documents or identity theft, making it impossible to decide whether the match is a perfect match or no match.
The conclusion of comparison is that both the customer profile and sanctions screening outcome match only on the aspect of partial name and are inconclusive on the status of match likelihood of other key identifier parameters. Resulting in the initiation of a partial name match regulatory reporting process by the regulated entities conducting sanctions screening.
Note:
  1. The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
  2. For a partial match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are potentially the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions Partial Match

Upon coming across a partial match, the regulated entity is required to:
  • Suspend all transactions with existing customers and prospective customers with immediate effect and maintain the suspension of the business relationship until further instructions from the UAE FIU.
  • File a Partial Name Match Report (PNMR) on the goAML portal within 5 calendar days.
While taking the above measures, the regulated entity must take care of tipping off provisions and ensure that it doesn’t let prospective or existing customers become aware of the partial name match outcome and its regulatory reporting.

Decoding Sanctions Screening Results: False Match

False match outcomes are found when the customer’s name initially generates a screening outcome. However, upon comparing the customer profile and screening outcome, the screening analyst conducting screening disambiguation can conclude that the potential match is a false match.

Understanding the Sanctions Screening False Match Disambiguation Matrix

The false match disambiguation comparison between the customer profile and screening outcome would visually appear like the matrix given:
In a False Match scenario, upon a comparison of all the key identifier parameters of sanctions screening outcome and the customer profile initially appear similar or sanctions screening software has generated the false screening outcome due to the following factors:
  • Customer data quality and uniformity issues, due to which the screening software is generating false matches.
  • Algorithmic errors in the screening tool result in the generation of false matches.
  • The fuzzy match threshold is set too low while conducting sanctions screening.
  • Lack of knowledge as to what nationalities, languages, and cultures the screening data and customer details belong to, leading to not setting screening parameters accordingly.
  • Lack of fine-tuning the screening parameter filters or lack of customizability of the screening tool.
  • Outdated screening data and lack of whitelisting.
Note:
  1. The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
  2. For a false match, it is not necessary to possess all the information outlined in the above example. The key is to satisfy oneself that the customer and the name appearing in the sanctions list are not the same. The screening analyst must document his findings and conclude the match type.

AML/CFT Regulatory Requirements Around a Sanctions False Match

When a False Match is found during sanctions screening, no regulatory reporting or compliance measures need to be initiated. The regulated entity can onboard the potential customer or continue the business relationship as usual with an existing customer upon finding a false match.

Sanctions Screening Best Practices to Avoid Unusually High False Matches

As a best practice measure, the regulated entities can analyse if the occurrence of false matches is normal or higher than usual, based on its experience and acceptable thresholds. If false matches appear higher than normal, the regulated entities must take measures to minimise false matches by taking measures such as:
  • Re-tuning the sanctions screening tool
  • Opting for a better sanctions screening tool with a proven record of least false matches.
  • Opting for whitelisting certain repetitive false matches, but with caution.
  • Conducting a sanctions screening software testing and validation exercise or conducting an AML software audit to identify the cause of false matches.
  • Ensure that the sanctions screening tool is customisable to modify rules and re-set match percentage parameters.
Thinking of changing your sanctions screening software because of its inability to detect false matches? Read Switching Sanctions Screening Software: Pain or Gain?

Decoding Sanctions Screening Results: No Match

When conducting sanctions screening of a customer across sanctions lists generates no result, then such lack of screening outcome is also known as ‘No Match’. This simply means that the screening exercise generated no results, and the customer’s name does not appear in any of the sanctions lists to which the regulated entity has subscribed.

Understanding the Sanctions Screening No Match Disambiguation Matrix

The no-match screening result between the customer profile and screening outcome would visually appear like the matrix given. However, such a matrix happens in the background of the screening software process, and the illustrative matrix helps visualise how a no-match result is generated by screening software. This happens when, on all customer key identifier parameters and names available in the sanctions list, the screening software is unable to find any remotely matching outcome.
Note:
  1. The human element is always required in disambiguating sanctions matches. The screening analyst may rely on the information available and his professional judgment to conclude the screening outcome.
  2. Sanctions Screening software must be properly tested, leaving no room for false negatives.

AML/CFT Regulatory Requirements Around a Sanctions No Match

When there are no matching results while conducting sanctions screening, the regulated entity may onboard such a customer and conduct CDD according to its customer onboarding policy or may continue the business relationship as usual in case of an existing customer relationship.

Conclusion

The Sanctions Screening Compliance is not merely limited to conducting sanctions screening and regulatory reporting if needed. Businesses in UAE, such as DNFBPs, need to understand the intricacies of why sanctions screening is required in the first place, the laws governing sanctions compliance, and the methodology and process of conducting sanctions screening to be able to decode the sanctions screening outcomes with the framework illustrated effectively.

Regulated entities must also understand their rights and obligations in the event of every possible type of sanctions screening outcome generated, and they must be equipped with personnel and know-how to ensure AML compliance that a possible screening outcome requires, be it filing FFR, PNMR, or proceeding with customer onboarding, as the need be.

About the Author

Linkedin

Pathik Shah

FCA, CAMS, CISA, CS, DISA (ICAI), FAFP (ICAI)

Pathik is a Chartered Accountant with more than 26 years of experience in governance, risk, and compliance. He helps companies with end-to-end AML compliance services, from conducting Enterprise- Wide Risk Assessments to implementing the robust AML Compliance framework. He has played a pivotal role as a functional expert in developing and implementing RegTech solutions for streamlined compliance.

Reach Out to Pathik