Part One of the guide to watchlist management provides regulatory and operational contexts to how Watchlist Management (WLM) is managed today. In recent years, financial institutions (FIs) and others with sanctions and similar regulatory compliance obligations have made significant investments in WLM control frameworks. This has resulted in tools and processes that are largely effective, if not always efficient. However, the combination of rapid changes to the sanctions landscape, new regulatory expectations, and ageing or rigid technology is creating new operational and compliance challenges that are increasingly difficult or costly to manage. Part Two reviews how technology-enabled WLM frameworks can address these new challenges to deliver improved regulatory compliance effectiveness and operational efficiency. 

Functional Checklist for Modern WLM

WLM is a collective term for a range of processes and tools that form a control framework for the delivery of watchlist data into compliance screening workflow. There is significant variance in the form and scope of WLM frameworks, which is reflective of the diversity of scale, economic purpose and risk profile of institutions with screening obligations. However, the following features are characteristic of the functional WLM requirements in a broad range of institutions:

WLM is a collective term for a range of processes and tools that form a control framework for the delivery of watchlist data into compliance screening workflow. There is significant variance in the form and scope of WLM frameworks, which is reflective of the diversity of scale, economic purpose, and risk profile of institutions with screening obligations. However, the following features are characteristic of the functional WLM requirements in a broad range of institutions: 

Data retrieval – The watchlist data files required for high volume screening typically need proactive retrieval from list publishers.

  

Two modes of retrieval are required: 

• Ad hoc: Most sanctions lists do not update to a pre-published schedule. Therefore, a WLM retrieval process must employ proactive and automated checks for new watchlist data. For the most critical sanctions data, institutions might be expected to identify, retrieve, and load new deltas within minutes of first official publication. 

• Scheduled: Some watchlists, notably those provided by commercial data providers, update on a scheduled basis. This approach requires a process that retrieves list updates on a timely basis. If a publisher is late in publication, or fails to publish a scheduled update, a process to make repeated retrieval attempts often initiates, sending an automated alert that notifies operations staff of the issue. 

Retrieval mechanisms must also consider variances in data transfer protocol, file size, file format, and download time. Retrieving all the watchlists required to meet the specific compliance requirements of an institution is likely to require the setup of several automated retrieval processes with diverse technical attributes. 

Extraction: Once retrieved, WLM should initiate automatically the extraction of compressed watchlist data. This process must consider the specific technical characteristics of every watchlist format.

Verification: Some watchlist data services, including the products of large commercial data providers, provide a checksum with every data file update. This checksum is used to verify the completeness of the data contained within a specific file. WLM tools should provide an automated process to check that the sum of the received data corresponds to the value of the checksum. In the case of a mismatch, the relevant file should be removed from the WLM process and an automated alert sent to notify operations teams of an issue. 

Validation: When watchlist data are provided in a .xml format, a WLM process will confirm that all XML watchlist data conform to the publisher's .xsd data schema. If an exception occurs, the invalid file will be removed from the WLM process and an automated alert will notify operations staff of the issue. 

Reconciliation: Many institutions with screening obligations choose to source watchlist data from specialised commercial watchlist providers. These providers aggregate and consolidate many sanctions and related lists from a wide range of sources, supplementing this official and publicly available data with additional risk content based on proprietary research. For example, a typical commercial watchlist service will contain extensive coverage of sanctions lists from many jurisdictions, together with coverage of Politically Exposed Persons (PEPs), entities related to adverse media, and other content pertinent to related sanctions or financial crime risks. Commercial watchlist services provide many operational and compliance benefits compared to internal capabilities, notably in terms of research capacity, editorial or linguistic expertise, and the efficiency of working with a consolidated data service rather than with many data services supplied in multiple formats. The extent of these benefits is expansive, not least because of vendors' demonstrable investments in data quality and delivery timeliness. This has led many institutions to rely on commercial providers as the primary source of publicly available official sanctions information. The use of commercial services as the primary data source for the watchlists required to comply with sanctions obligations is typically regarded as a proportionate and responsible approach to risk management. To demonstrate the effectiveness of a sanctions data sourcing policy, institutions can implement automated data reconciliation processes. These processes provide continuous checks and compare, for example, the original official version of a national sanctions list for completeness versus the version of that data provided in a commercial watchlist service. If there is a discrepancy between the two versions, additional processes are then required to promptly add any missing data into the screening process. In addition, institutions may anticipate the need to demonstrate controls on how reconciliation exceptions are managed. These controls may need to support real-time reporting for compliance purposes or for insights into operational performance. 

Configuration: Leading commercial watchlists address a wide range of risks. This broad scope results in very large data sets comprising several million records. Due to the ever-increasing scale and complexity, loading these large lists into screening engines can take many hours. This is a growing operational challenge as regulatory expectations for timely screening of risk data have become more demanding. However, compliance infrastructure might lack the capacity or performance to improve processing timeframes. Furthermore, large lists can also take considerable time to screen against Customer Identification Files (CIFs), exacerbating the temporal gap between the availability of new risk data and screening. The inevitable mathematical consequences of screening large watchlists against large CIFs are a significant number of alerts requiring disposition. These factors – scale, speed, and alert volumes – have led institutions to use a variety of risk-based approaches (RBAs) to manage watchlist data volume and mitigate the compliance and operational consequences of overscreening. RBAs have been permitted by various AML regulations for several years as a means to focus AML compliance resources on high risks. As such, institutions can implement various RBA strategies in WLM. For example, WLM technology can be configured for multiple specific screening scenarios. Rather than using a one-size-fits-all approach, large financial institutions can define watchlist selection criteria to deliver specific subsets of a whole watchlist that correspond to the particular screening requirements of a line of business or geography. Criteria for RBA watchlist configuration scenarios include: 

• Removal of domestic PEP data, where permitted based on regulation or regulatory guidance and on a risk-sensitive basis. 

• The exclusion of PEPs no longer in public office is determined on a risk-sensitive basis and may consider the PEP's role, country, and time period since leaving public office. 

• Sanctions lists from jurisdictions to which an institution has no obligation to screen for Politically Exposed Persons (PEPs). 

• Selection of official watchlists based on country of origin or issuing authority. 

• Defining adverse media criteria based on an institution's content definition. 

Such configurations can be automated to derive the required screening input continuously. Typical outcomes of watchlist configuration include: 

• Reduced data volume of watchlist screening input 

• Quicker processing times 

• Faster speed to compliance 

• Fewer alerts requiring disposition.

Adequate measures must be taken to ensure that these benefits do not come at the cost of compromising compliance effectiveness. Therefore, watchlist configurations are typically supported by extensive workflows and controls to ensure that the right data are derived for the correct screening scenarios and that real-time reporting is accessible and actionable. 

Transformation: Some screening technology vendors require watchlist input to be mapped into a proprietary data format. This transformation process can be provided as a feature of the screening technology, or the client institution might be required to develop independent transformation tools. In either case, a WLM process is required to hand over watchlist data in the expected format and at the expected time. Logging information for this process should be readily available. 

Distribution: The final stage of a WLM process involves transforming data to a pre-screening or screening tool, typically using an automated push process. Transformation should be confirmed proactively and logged. Resilience in the event of exceptions must be provided, with automated alerting of unexpected issues. 

Archival: The storage of watchlist screening input files in a secure location that has an accessible and timely means of data retrieval is crucial. Archiving is particularly important to address potential compliance or operational needs to recreate screening scenarios at a given point in time. 

Controls: Standardised, harmonised, effective, and comprehensive workflow controls are required for every process of a WLM system. The purpose of these controls is to provide a framework that ensures compliance standards and documents performance. Controls typically include user management features, comprehensive event logging, and multi-eye review or authorisation of sensitive processes, especially in the context of curating internal data. The effectiveness of controls should be assessed continuously. This requirement places great importance on reporting and data analytics to provide holistic and real-time insights or evidential documentation. 

Conclusion 

While financial institutions have made large and sustained investments in WLM in recent years, the scope of compliance obligations and regulatory expectations has changed significantly. Additionally, the velocity and impact of change have increased dramatically. This combination of factors is placing new operational demands on existing WLM systems. In response, financial institutions are increasingly looking at new technologies that provide: 

• Sustainable, long-term operational capacity 

• Improved compliance 

• Comprehensive control framework 

• Real-time on-demand reporting and analytics 

Institutions seeking to achieve these goals can consider enhancing existing WLM systems to meet current compliance and operational demands. Others might determine that acquiring specialised WLM technology is a more effective and sustainable use of time and resources. The latter approach can be achieved with at least three selection strategies: 

• Build and support solution using in-house resources 

• Commission a customised solution from a consultant or systems integrator 

• Procure a purpose-built product 

Selection criteria should consider the long-term effort required to support WLM in a regulatory environment that is subject to rapid change. This support includes providing timely updates in response to new compliance obligations or regulatory guidance, ensuring the ongoing compatibility of multiple watchlists, as well as responding to emerging risks as businesses seek to grow. 

A regulatory driver for enhancements in WLM is seemingly a wish to ensure that internal black (block) and white (pass) lists are created and curated effectively, and that these lists are supported with robust controls. In addition, there may also be a growing expectation that these internal lists are managed using the same tools as those used for external watchlists. This push for standardisation and harmonisation may have several profound operational impacts that require a re-evaluation of WLM system capability. 

The ability to produce evidence of both WLM processes and control frameworks via reports and management dashboards should also be considered. The ability to demonstrate compliance is especially significant in the context of growing regulatory interest in the WLM capabilities of financial institutions.