October 27, 2020
By: James Ferguson, Computer Services Inc. (CSI)*
Over the last decade, APIs have served as the prime catalyst for the expansion of today’s most popular technologies. In the simplest terms, APIs—or application programming interfaces—allow different software applications to communicate with each other. The practicality and usefulness of this type of communication is boundless, and has driven key innovations in payments, online shopping and social media platforms.
For businesses, the utility of APIs goes even further, allowing their native systems to “plug in” to helpful third-party technologies that supplement their processes and automate their work. These APIs can also be very useful for businesses within the world of denied party screening.
Modern Sanctions Screening Tools Save Time
Denied party screening, also known as watch list screening or sanctions screening, is a complex regulatory requirement prevalent to financial institutions, money services businesses, insurance and logistics companies, and other businesses identified under the USA PATRIOT Act. And while denied party screening requirements are not new, the intricacy and speed with which modern screening tools are expected to perform has increased drastically. Businesses of all sizes and industries are expected to remain compliant by conducting screens of every single transaction or interaction—in real time—without delaying the experience for the customer. That’s a tall order to fill. Luckily, that’s where modern sanctions screening tools get it right.
Most sanctions screening solutions worth mentioning have incorporated two key best practices:
- Whitelisting: The ability to identify and clear previously approved names from watch lists. For example: Jon Smith makes a transaction at a business, and his name is flagged through the screening process as a wanted money launderer named John Smith. After review, it is determined that Jon Smith and John Smith are two distinct individuals, so Jon Smith’s name is cleared. Jon’s name has now been whitelisted; so, when Jon makes his next transaction, the system will not flag him for another manual review.
- Blacklisting: The automated nature of flagging particular individuals who are on a watch list or might pose an increased risk to your organization. PEPs, or politically exposed persons, are a great example of this. Let’s use Jon as an example again: Jon has recently gained political acclaim, and thus is at an increased risk of money laundering practices. If an organization has determined that doing business with Jon poses too great a risk, it can blacklist his name. Any future interaction between Jon and the organization will automatically be denied.
The use of automated whitelisting and blacklisting in denied party screening greatly reduces the amount of time compliance professionals take to review and clear individuals who are flagged in the screening process. Today’s top sanctions screening systems can automate and retroactively apply whitelisting and blacklisting practices within the solution.
But What If Businesses Have Their Own Case Management Systems?
Some companies in need of automated screening tools are hesitant to use third-party applications because they already have an established case management system at their disposal. The value of these “homegrown” case management systems often extends beyond the realm of risk and compliance by streamlining workflows, incorporating IT ticketing or escalating and delegating tasks across the organization.
For companies with these established systems, outsourcing to a third-party provider that deals exclusively with compliance doesn’t make sense. However, most native case management systems do not incorporate the whitelisting and blacklisting elements of third-party screening solutions that save so much time and headache.
This is where APIs come into play.
Specifically, REST (Representation State Transfer) APIs allow native case management systems to utilize the whitelisting and blacklisting elements of top screening solutions. That means that companies can incorporate best practices in denied party screening without sacrificing an established case management system.
APIs Illuminate Audit Trails
A big part of remaining compliant is proving that you are, indeed, compliant. Auditors and regulators want to see a clear, concise audit trail for businesses on the hook for sanctions screening regulations. Luckily, APIs help in this arena, too. APIs allow organizations to maintain an established audit trail within their case management systems, documenting each review and determining which employee conducted that review and how the review was resolved. This type of transparency is exactly what auditors are looking for and helps to take the stress off compliance leadership.
Though APIs allow seamless interaction between our favorite social media and online shopping sites, they also are bridging the gap between established case management systems and high-powered denied party screening solutions. This “best of both worlds” approach has become increasingly popular with larger organizations whose case management systems are not as equipped to deal with the burdens of real-time sanctions screening.
Learn More About APIs in Watch List Screening
For a more in-depth look at the role of APIs in watch list screening, read our Fueling Modern Risk Mitigation with APIs white paper.
*James Ferguson has been with CSI for 10 years, and currently serves as Vice President of Regulatory Compliance