In 2015 OFAC penalized the National Bank of Pakistan for apparent violations of U.S. sanctions programs resulting from a software failure. According to OFAC, the bank’s New York branch processed wire transfers after its sanction screening tool failed to detect the name of the account — LC Air company Kyrgyztransavia — as belonging to Kyrgyz Trans Avia, a blocked entity.
On January 1, 2017, the New York Department of Financial Services issued a risk-based banking rule. The new rule expands banks’ responsibility to detect money laundering and terrorist financing. Included is a specific clarification that regulated banks must consistently “test their watch list filtering program” due to previous failures to update data and test the effectiveness of their systems.
The New York rule also requires banks to adopt either an annual board resolution or senior officer compliance finding stating that documents, reports, certifications and opinions of officers and other relevant parties have been reviewed by the board of directors or senior official to certify compliance with the regulation. This requirement became effective as of April 15, 2018.
The 2015 OFAC action and New York’s new rule illustrate the importance of cleansing, parsing, restructuring and validating data prior to screening.
Many due diligence screening tools rely on “fuzzy logic” (also known as “fuzzy matching”), a type of multiple-valued logic that only accounts for partial truth values. The fuzzy logic is used to conduct “precision” and “recall” measurements on the back end, which ultimately help users assess relevancy of potential matches and apply specific result terms when conducting remediation of a particular record.
“Exact” and “inexact” name matching can be performed using fuzzy matching algorithms. Fuzzy matching helps lead to more accurate identification — even when data is misspelled, incomplete, or sometimes missing.
Systems that use fuzzy logic can reduce false positives by capturing variations in data inputs. But fuzzy logic and fuzzy matching can fall short when dealing with native languages and character sets where information is held in multiple writing systems.
Oracle’s Guide to Effective Watchlist Screening explains that “techniques such as transliteration can be used to convert from one writing system to another using character-level rules, but more complex languages such as Arabic will require the use of transcription and variant matching logic to accurately identify all potential name equivalencies.”
In other words, making sure all possible matches are captured when screening global data of individuals and entities requires additional layers of data preparation and processes that allow for converting non-native data into its native form — a function that is not captured in systems that rely on fuzzy logic.
Newer systems avoid the problems posed by transliteration and translation by incorporating linguistic analysis and name recognition to reduce false positives, while generating alerts on entities that change their names to evade detection.
Lindsay Columbo, Esq. is a founder of eSpear LLC, a developer of due diligence and sceening solutions, where she serves as the Global VP of Compliance & Support Services. She previously served as Associate Corporate Counsel, Global Ethics & Compliance for Brightstar Corp. a SoftBank company headquartered in Miami, Florida. She can be contacted here.