By Paul Constanzo, Director, Professional Services, Descartes Systems Group
When it comes to denied party screening, the ideal scenario is to get 100% accuracy and certainty with threats that are easy to recognize, isolate, evaluate, and resolve.
However, the real situation is a far cry from the ideal because there are so many lists that organizations can screen against, and because these lists are not all formatted in the same way, including spelling variations, last name first or vice versa and so on.
Not having the right knowledge about the ins and outs of denied party screening lists, not to mention the right technology, could result in a high volume of false positives which consume significant operational resources—time, money, and manpower—with little benefit to the organization. The effort required to resolve false positives leads to overworked and underproductive compliance officers which also impacts customer experience, and impedes strategic decision making – after all how can you move ahead with a supplier or business partner who has been flagged, even if incorrectly?
As organizations across different industries, of varying sizes, foreign or domestic, are under increased scrutiny to comply with the multitude of sanction regimes, getting the compliance right the first time is not an option. Robust sanction screening systems can reduce the impact and rate of false positives, but it is important to note that a variety of factors – which are not all software based, cause the occurrence of false positives. In this article, we explore why false positives happen, how to minimize them, and share essential techniques to enable you achieve better compliance coverage.
In This Article:
What are False Positives in Denied Party Screening?
In the context of sanctions screening, a false positive occurs when a scanned entity initially comes up as a positive match with a denied party but is cleared upon subsequent investigation.
Compared to the general public, the number of people / entities who are sanctioned or designated on a denied party list are a small fraction, though it should be remembered that their potential for damage is huge. This means that in order to meet compliance obligations and protect the organization, the entire database of customers, partners, suppliers, staff, and any contact connected to the organization needs to be screened against these denied party lists to ensure that prohibited business relationships are neither formed nor maintained. But with names of individuals, companies and places bearing similarities, as well as the common use of aliases, and diverse cultural naming conventions, a fair degree of false positive alerts are expected to occur. The key is maintaining a healthy false positive rate in order to maintain an effective denied party screening process.
Figure 1. Challenges to Effective Sanctions Screening Impact False Positive Rates
Factors That Cause False Positives in Sanctions Screening
A question often asked is why do false positives occur and what rates can I expect? There is no ideal number that every business should aim for when looking to reduce false positive rates. Some estimates project that over 90% of the total alerts generated by a sanctions screening system are false positives. Depending on the size of the database you are screening against, this could mean thousands of incorrect results to investigate or merely a handful, but in either case it is a resource draining activity that nevertheless requires rigorous scrutiny. The prevalence of high-volume false positives in denied party screening have variegated causes which we will discuss below.
Poor Data Quality
Denied party screening can only be as effective as the information that is fed into the screening system. Incomplete data, spelling mistakes and typos, faulty data collection and organization, formatting inconsistencies, and other data errors are key contributors to the occurrence of false positives. The expression Garbage In, Garbage Out coined many decades ago, still applies today. You would have thought that more of us would be wiser. For instance, insufficient or incomplete customer data where only the name has been captured can lead to high false positives results when a restricted party shares a similar name.
In a simple example, imagine how many false positives would result if you performed a search only using the first name of your customer. In a more realistic scenario, where both name and surname are provided; without detailed information like location (city, state, country) it becomes hard to distinguish between the legitimate customer and the designated entity. The lack of distinguishing data also extends the time and effort it takes the compliance personnel to triage false alerts.
Inefficient Legacy Screening Systems and Manual Processes
The increasing volume of sanctions, their global scope as well as the velocity with which denied party lists change mean that legacy systems and manual process are ill-equipped to manage the dynamism of sanctions screening. Some of the limitations that result in inflated false positive rates include long processing times, inadequate search algorithms, inability to handle non-Latin characters or local variations of names, no support for real time data, inability to supplement internal records with additional data sources, poor workflows, limited flexibility to adapt to changes, and more.
Weak Validation Methodology
How tuned is the screening process to your business’ risk profile? This is a vital question to answer when determining the fit and performance of the solution as it applies to your organization. If your current sanction screening solution produces high false positive rates, it is an indicator of an inefficient system. While legacy systems typically lack the proper tools to tune searches in a way that supports suitable configuration and suitable contextualization of the search filters, properly calibrating search filters requires human insight.
Things to consider:
Are you screening against the right lists? Organizations struggle with choosing the right lists to screen against and sometimes take a more is better approach which only intensifies the false positive problem. For example, if you don’t deal with government contracts, why screen against a GSA exclusions list?
Figure 2. Sanctions Screening Complexity: many sanctioning bodies, many lists, many changes
Are your matching algorithms and policies calibrated to your specific risks? If search parameters are set too broad, you run the risk of the denied party screening solution returning large set of false positives. On the flipside, if the search parameters are so narrow and tight that no false positives are returned then it implies an inaccurate system, because of a high probability that true denied parties are being missed or what is called false negative results.
False negatives indicate that there is no match with a designated party, while in fact there is. The limited coverage on false negatives sometimes begs the question, are false positives worse than false negatives? Short answer, no. While False positives are an inconvenience that leads to hours of investigations gone to waste, false negatives are inconceivably dangerous, with the potential to cause incalculable damage. A well-balanced system should produce false positives within a healthy manageable range. These factors may not be present in every business, but they are worth noting in order to avoid as you implement an effective compliance system.
Approaches to Managing False Positives
Can you avoid false positives in sanctions screening? While it is impossible to completely eliminate false positives without the risk of missing true threats, it is possible to suppress and control the volume generated. At its core, denied party screening involves the processing of different datasets, and matching them against regulators sanctions list. This means an efficient and accurate screening system consists of the data fed into the system and the matching algorithm used to generate results. Striking the right balance between the data management and the data matching / search algorithm determines the rate of false positives.
Figure 3. Four dimensions of consideration to minimize the occurrence and impact of false positives
In this section we outline techniques to achieve a well-balanced screening system, and also define how an effective denied party screening software identifies real threats, delivers true positive results, and dramatically reduces false positives.
A. Use High Quality Data
You can’t screen what you do not capture. Consolidating data sources of all entities that are part of the business network is a critical fundamental piece of a successful compliance program. Data used for sanctions screening must be up-to-date, accurate, complete, and accessible. Insufficient data not only contributes to the false positive problem, but even worse also generates false negatives.
There are examples of OFAC penalties enforced on companies who failed to capture location data and as such could not perform comprehensive screening which led to transactions in sanctioned countries. Key considerations that should be addressed when preparing data for screening:
i. Data Completeness: Have you identified all parties that make up your organizations network? Do you understand the context of information captured as it pertains to sanctions screening, compliance risk, and impact to your organization? The data to be screened should be assessed for completeness, fill any identified gaps. Choose sanctions screening vendors that can provide additional information. One such is the data needed to comply with the OFAC fifty percent rule, as there are no standard lists provided by the agency with which to uncover sanctioned ownerships.
ii. Structure of Data: How does your database capture the relevant information? Are your data sources generated by staff or by customers? Examine your data for common issues and make changes to fix the issues, deduplicate and standardize the data format for consistency. For instance, names generate the most errors, ensure critical data fields, such as first, last, and middle names are compiled and mapped properly. If possible, introduce data validations rules at the data entry source – do not allow the user/operator to save an incomplete customer record.
iii. Data Consolidation and Accessibility: Data silos should be broken down, allowing stakeholders to access data in real-time, with a holistic view of the available information on entities that are to be screened.
To reduce the opportunity for false positives, it is best practice to build your sanctions screening on a foundation of structured data derived from a robust data management strategy that aligns with the guidelines shared above.
How Descartes Visual Compliance Complements Your Data Management for Reliable Results
As part of the onboarding process for our denied part screening solution, we extract a representative sample data from what you’re expecting to screen, taking note of the source of your data – structured or unstructured – and then run it through our search engine in a controlled environment to see what your hit rates are and to which sanctions lists you’re hitting against. The source of your data influences the screening filters and tuning strategy because structured data has higher integrity while unstructured data sources are error prone, (for instance customer on an ecommerce site typically use nicknames). Taking a holistic view of the data needed and working with you, the implementation team will:
- Go over our unified database of sanctions lists and help you identify the lists needed for your business. Our lists are curated by a global team of compliance content experts with extensive years of experience and in-depth knowledge.
- Ensure you have the complete data to support the screening required for your organization – besides government published list, we provide hundreds of supplemental lists and non-list-based requirements, such as negative or adverse media coverage as it pertains to compliance and politically exposed persons (PEP).
Figure 4. Dynamic nature of sanctions list necessitates instantaneous updates to Denied Party Screening Lists
Note: As sources of global sanctions lists continue to expand with new regulations, new sanctioning bodies, and constantly changing sanctions lists, Descartes Denied Party Screening software is instantaneously updated
B. Implement Robust Sanctions Screening Solutions
Good compliance address many systematic challenges of sanction screening and offer 2 key benefits: reduction in false positives and reduction in cost. Without the right solution or process in place, denied party screening can be extremely tedious, exacerbated by high false positive volumes. This creates a situation where overworked compliance personnel find workarounds often skipping required critical procedures and subverting control processes with dire consequences.
Given that convenience greatly influences behavior, a denied party screening solution that delivers minimal false positives and reduces the workload on compliance personnel is a solution that will be used with the frequency necessary to maintain optimal compliance rather than a tool to be avoided. What to look out for in denied party screening solutions that minimize false positives:
i. Configurable Search Filters: The sanctions screening platform should be easy to configure and customize to match your organization’s risk profile. The current complexities of the compliance landscape necessitate the use of automated systems with high operability, scalability, and adaptability. The vendor solution should have the capacity to quickly respond to requests for product enhancement and additional features that may improve your compliance function.
ii. Consolidated and Up-to-Date Sanctions Lists: For improved efficiency and to avoid unnecessary false positives from redundant list screening, the denied party screening vendor solution should have a unified sanctions list, that is constantly updated to match the dynamic nature of denied party lists.
iii. Detailed Testing and Validation Procedures: Keeping pace with rapidly evolving regulatory obligation means the screening solution needs to be up to par. Frequent testing provides the necessary performance insights that organizations need to assess their compliance function. The solution should support robust and multivariate testing with auditable reports.
How Descartes Denied Party Screening Software Minimizes False Positives
Our proprietary sanctions screening system is built on innovative technology that is capable of supporting detailed data structures and granularity, comprehensive and complex search engine configurations, to continuously assess and improve the screening process. Automated screening tools and Dynamic Screening keep up to date with constant changes to regulations and sanctions lists, leveraging advanced techniques to harness vast amounts of information for better compliance coverage and search refinement that minimizes false positives. Seamless integration into existing business processes and platforms, such as Salesforce CRM, delivers smart workflows that speed up alert review processes, giving back much needed time to compliance personnel for higher level operations.
Figure 5. Key elements of a robust denied party screening software
C. Adopt Efficient Search Tuning Strategies
What is search tuning? In denied party screening, search tuning is the art of tailoring search parameters with an understanding of the nature of the data it is to be applied against in order to produce reliable results that minimize false positives and enhance the management capabilities of compliance officers.
The most symbolic representation of this is a teeter totter, where on one side you have false positives and on the other side your search parameters. If you are too broad or light with your search parameters, your false positives go up but if you add more restrictions to your search parameters, like deciding you want only exact name matches, the number of your false positives drops, however, you enter the risk of missing true denied parties or false negatives.
And so, this is the decision that you have to consider, how to refine your denied party search, and reduce false positives while leaving just enough name matching likeliness to catch a true denied party without creating too much unnecessary review work? The best search tuning approach relies on good technology and a good understanding of the impact of search filters as well as good understanding of your source data.
Figure 6. Search filters tame the challenges of denied party screening and control the occurrence of false positives
There are lots of things to factor in when making decisions about search tuning strategy. We touch on some key areas below:
i. How Broad Is Too Broad A Search Term: When search categories have loose criteria which return a large number of near hits, there are many opportunities for false positive errors to occur resulting in unneeded time to review. There are different degrees of fuzzy logic that can be applied to a sanctions list search in order to improve chances of catching a denied party. In deciding how broad or how tight you want to apply these rules, the question to ask is how many letters can I be wrong on before I start matching? The answer to this goes back to what the “quality of your data” is and following a data review what are the common errors or spelling deviations you have noticed. For example, if you are screening for the word “THEIR” you can set your search parameters to be wrong on 1 letter, or expand it to 2 letters so that you match versions written with an ‘ER’ versus ‘IR’ and you can keep broadening the scope into different variations and have more characters that are wrong in order to match the targeted name. Again, remember, the broader you go, the more potential for false positives.
ii. When to Use Various Search Filters: the source or nature of your data influences the techniques to use in tuning your search. In some instances, it helps to perform a thesaurus search to detect similarities, for example Steve is the equivalent of Steven or Stephen, but if you are screening structured data with business names from purchase orders or contracts, these tend to be very accurate, and a thesaurus search might provide no benefit, because all you’re doing is introducing new sources of false positives, alternatively if the source of the screening data is an e-Commerce site, then thesaurus becomes an invaluable configuration tool.
iii. What Noise Words to Eliminate: these are generic, non-unique identifiers that you want to ignore as part of what causes false positives. Noise words could be standard business terms like ‘company’ and ‘limited’, or ‘Mr.’ and ‘Mrs.’ Depending on what you are screening and your particular industry, you should create a list of noise words that do not add distinguishing qualities to your search queries.
iv. Are Allow Lists Ideal for you: Allow List is a useful resource saving feature which exempts entities from the rules of a sanctions screening search, so that if you have the same names repeatedly coming up in false positive results, you can prescreen this name and put it on a Allow List to bypass the search and stop it from generating false positive results. This filter should be used with care as it can generate false negatives if the status of the pre-screened entity is changed on a sanctions list but not reflected in the allow list. A proper procedure should be in place to address this risk.
Figure 7. How ‘Allow Lists’ work to reduce the occurrence of false positives in Descartes denied party screening solution
On the other hand, if you’re concerned about specific activities, you can also do the opposite, with a designated list of “hot” words. You can configure specific words to trigger an alert if they’re found anywhere in the record of the entity being screened. A common use case is with the word “nuclear”, where you can decide that if an entity name has nuclear in it you want an alert to be triggered in order to have a closer look at it.
How Descartes Denied Party Screening Software Supports Search Tuning and Minimizes False Positive Rates
At Descartes, we have developed a search tuning algorithm that incorporates a whole host of search tuning capabilities and verifications that help you balance the search algorithm to generate fewer false positives. Our search engine is configurable and maintainable by you. We work with you on an appropriate search tuning strategy that meets your due diligence needs. It is not a one-size-fits-all, we configure it to fit your requirements and taking into account that your requirements can change from division to division or between data sources
We show you how to leverage data, segmentation, analytics and search algorithms for improved screening results. For instance, features like our MOTR (Multi Oriented Text Recognition) search in our denied party screening software is used to get better search coverage on screened names. The MOTR search works by breaking the name of the entity that is being searched into two-word pairs and then running that through the system for better results. Using a name like Constanzo Systems Logistics, the MOTR search function will perform a series of iterative modifications on the name, so we get three new word pairs – ‘Constanzo Systems, ‘Constanzo Logistics’ and ‘Systems Logistics’. The first two pairs may give us better true positive results but the last pair, ‘Systems Logistics’ which is made of generic words may generate high false positives and for that we can add it into a noise list, so the system doesn’t screen. These are some of the flexibilities the user can configure into the system to get better control of their false positive results.
Our denied party screening software has extensive testing capabilities, and we perform regular search tuning exercises with you, reviewing key metrics to see how we can improve and help you maintain continuous compliance. For example, if your business expands geographically or adds new products, you can proactively look out for changes in the rate of alerts to see if retuning is necessary at that stage.
Figure 8. Reducing false positives rates by applying appropriate search filters to clear data quality issues
D. Invest In Training & Development
often overlooked and underprioritized is the human element in the compliance screening process especially once advanced tools have been put in place. However, as the saying goes, a tool is only as good as our ability to use it effectively. Inadequate or poorly skilled compliance personnel may not have the appropriate knowledge to map a tuning strategy that aligns with your risk profile nor the capabilities to use the compliance technology.
Additionally, training should not be relegated to just the core compliance team as maintaining an optimal compliance posture is a company-wide effort. There are real world scenarios where a poor culture of compliance has thwarted the success of compliance efforts and resulted in significant penalties. Every employee who deals with customers, prospects, vendors, suppliers and any third-party needs to understand the compliance policies and procedures and ideally be a first line of defense.
Integrating denied party screening technologies with ERP and CRM platforms will equip sales, human resources, logistics, procurement, and any outward facing unit with access to streamlined screening process, automated workflows, accurate reporting while removing fragmented screening and duplicated efforts. A sanctions screening vendor should provide proper training and guidance especially for operational staff who are not core compliance officers.
How We Ensure You Get the Most Out of Your Sanctions Screening Solution
With Descartes, training is not a one-time thing, we offer it on an unlimited basis with your subscription. From the onboarding process, and throughout your use of our denied party screening software, our experienced customer success team will provide training and capacity-building support. They will collaborate with you to ensure you optimize the use of the system, by developing an understanding of your specific business, and guiding you through tuning the denied party screening solution so it aligns with your business needs. A summary of the support they provide:
- Help you in understanding what various search filters do and determining when you should use them and when it would be more efficient to turn them off
- They will identify the right sanctions lists and ensure you are not screening against irrelevant lists, validate the sources of your data,
- Continuous training improvement
Figure 9. Awareness of sanctions risk and the capability to perform due diligence checks is a company-wide task
An ‘all hands on deck’ approach to sanctions screening is necessary to achieve optimal compliance coverage. Descartes provides free training across an organization’s functional departments with inherent compliance and third-party risks.
As we continue to broaden the features and capabilities of our denied party screening software to match the ever-evolving demands of sanctions list screening, we will work along with you on the journey to optimal compliance.
Why Must You Address False Positives?
In denied party screening, any gaps in properly identifying sanctioned parties can be very unforgiving. To underscore this point, organizations will pay a steep operational and reputational price for compliance breaches. Aside from finding oneself in an expensive legal quagmire, this price can come in the form of revenue loss, productivity disruptions, negative press coverage from sanction violation and the social implication on brand value which can lead to a plunge in share prices, in addition to fines and penalties. Customer satisfaction, sales velocity, order processing, staff onboarding and the ability to quickly make business decisions are activities that are all at risk, when the denied party screening process is proliferated by too many false positives. To summarize the impact:
- False Positives inflate the cost of compliance
- False Positives drain resources
- False Positives can obscure real threats
- False Positives Carry Hidden Costs
- False Positives cause burnout and unproductivity
Ready to Get Your False Positives Under Control and Optimize Your Denied Party Screening Process?
Overall, the search tuning processes and approaches to minimizing false positives may sound complicated at first, but with Descartes Denied Party Screening, you have our customer success team always on hand to help you work through these decisions. Leveraging their depth of knowledge in the industry, they will take you through the next steps and empower you with the tools and understanding that you need in refining your searches for better false positive rates.
Leverage Descartes denied party screening solution to automatically combat the challenge of false positives in sanction screening with increased efficiency, accuracy, and cost-savings. The combination of our intelligent screening technology and our team of experienced subject matter experts will work with you to establish the most effective sanction screening solution for your business. Request a demo.
But don’t take our word for it, see what users are saying about our denied party screening solutions. For more information including a demo and a Trial, Contact Us. You can learn how pricing for denied party screening solutions work here.
We Answer Your Questions About Denied Party Screening
- How Much Does A Denied Party Screening Solution Cost?
- Top Red Flags to Look Out for When Selecting a Denied Party Screening Software Vendor
- How to Identify a Best-In-Class Denied Party Screening Software
- How to Manage False Positives in Denied Party Screening
- How to Effectively Compare Denied Party Screening Software Vendors
- What do Organizations in my Industry Need to be Mindful of When it Comes to Denied Party Screening and Export Compliance?
- Unforced Errors in the World of Export and International Trade Compliance Violations That You Need to Know About
- 12 Steps to Optimize Your Denied Party Screening Program
- ROI of Compliance: How Denied Party Screening Drives Value Creation for the Organization
- Top Five Best Practices to Integrated Denied Party Screening