Positive News for Negative News Screening

Positive News for Negative News Screening

The Wolfsberg Group has produced a publication to help firms find a common industry practice to conducting negative news screening, to support the fighting of financial crime across financial institutions. The Wolfsberg Group is an association of thirteen global banks which aims to develop frameworks and guidance for the management of financial crime risks. The Group can be misconstrued as a Tier 1 club, where their guidance is not proportionate to other financial services firms. This opinion is dated, and all firms should pay attention to the Group’s ‘Frequently Asked Questions’ and ‘Standards’, as when it comes to combating financial crime; we are only as strong as our weakest link.

For years firms have been tackling with the requirement around screening. Why? Because the act of conducting customer or payment screening is not a regulatory requirement. And so, along with a number of other key financial crime compliance controls, it is left to a firm’s interpretation, with no single agreed approach. However, it is of course an integral part of identifying whether customers, or customer’s connected parties, are either sanctioned, politically exposed or alleged or convicted criminals. Sanction and politically exposed person (PEP) screening has become second nature when conducting customer due diligence (CDD), given the requirement to conduct enhanced due diligence (EDD) on PEPs, and the financial penalties firms can incur if conducting business with sanctioned parties. However, negative news (also referred to as adverse media, adverse news and negative media) screening has, in our experience, been more varied across the financial services sector. Such varied approaches include:

• Conducting negative news screening (NNS) for all clients using screening tools and manual internet search engines
• Conducting NNS on a risk based approach, with a focus on higher risk clients
• Conducting NNS without purpose because the PEP and sanctions screening tool includes it
• Not conducting NNS

If you drew the standard of CDD across firms in recent years on a graph, you would see a considerable upward curve following firms’ continued improvement of their frameworks. This uptick in standards has seen greater verification of identity, better documenting of purpose and intended nature of the relationship, expected account activity, understanding source of wealth and enhanced monitoring. These are all paramount controls to help firms understand who their client is. However, it is not bullet proof – and like all armour, if one piece is ineffective or weak, then you can still get hurt. And in a world where non-face to face relationships are more prominent, it is important firms utilise all controls available to help mitigate the risk of facilitating financial crime. One of those, is knowing whether the customer has been involved in any criminal activity, to enhance the firm’s awareness of potential financial crime risk, and who they are conducting business with.

Further, it can help provide additional information and context to identified unusual or suspicious activity, as well as form an opinion to support other controls such as source of wealth and source of funds. So the question is, why would firms not conduct NNS? For many firms, it’s because of time, resource, cost and value. Conducting CDD is time consuming, the days of obtaining a passport and a utility bill and ticking a box noting KYC as complete are long gone. Consequently, this leads to requiring more resource to undertake CDD, which could be used elsewhere; which leads to a rise in costs. The cost of compliance is certainly lower than cost of non-compliance, but in this current economy, all firms are concerned about what the future holds. Lastly, if 99.9% of customers are good, is NNS actually going to add value What is the value versus cost?

The answer is, NNS is a valuable tool which should not be discarded simply because it may increase time, resource and cost – with the caveat that NNS is not a one-size fits all approach but must be used effectively through a risk based approach. Three words that all financial crime compliance professionals must adhere to. And there are a large number of other important questions firms should ask themselves, before jumping in and conducting NNS.

1. What is the firm’s risk based approach? This should not simply be tied to the customer risk assessment (CRA), and only conducting NNS for higher risk customers, but the firm’s business-wide risk assessment should be effectively used, and how identified inherent risks need to be managed effectively across customers, countries, products/services, delivery channel and transactions risks. For example, what inherent risks does the firm’s customer base expose the firm to? Large corporates are heavily scrutinised and will likely have some negative news which is freely available. On the other hand, retail customers (individuals) and smaller companies have a much lower public profile.

2. What sources are firms willing to accept media from? Media is rife with ‘fake news’, and so only reliable sources should be accepted. Therefore, firms should spend time in assessing different media options, and avoid being too vague, i.e. “well-known media outlets”.

3. What should be included as negative news? Adverse media can come in many forms, some considerably more serious than others. For example, human trafficking versus a civil penalty such as a speeding fine. It is important that firms comprehend and implement risk categorisation and segmentation to offences which are going to put them at risk of facilitating financial crime. Therefore, crimes which may cause reputational risk, such as a customer convicted of arson, may need to be thought of differently. Further, the maturity of the offence, the ‘risk stage’ will need to be considered, such as whether the customer is alleged to have carried out a crime or been convicted. The firm must have a process which fits the approach but has the flexibility to be assessed on a case-by-case basis as well.

4. How can NNS be conducted? There are different ways in which NNS can be carried out, such as through the use of a customer screening tool, with most firms using the screening tool utilised for PEP and sanctions screening. This can either be conducted manually, by typing the party into the tool, or automated with names of customers and connected parties being pulled from other systems. Other NNS methods can include using internet search engines, using ‘search strings’ to identify specific crimes, as well as the stages of the crime, to help focus on the firm’s approach to assessing negative media.

5. Is Google, or a search engine alike, actually useful? The short answer is yes. The more complicated answer is that internet search engines cannot be used without specific controls to ensure they are effective. This includes:

• Avoid using full words, otherwise this narrows the key words. For example, using the key phrase “tax eva” will pick up both tax evasion, tax evade and tax evader. 
• Utilising the risk based approach agreed earlier, decide on which crimes and what stages of crime you are most interested in. In our experience, having all predicate offences of money laundering and all financial crimes is the minimum. Understanding what language the search needs to be conducted in. The search string may need to alter language if the customer is based in a different location.
• Be aware of the limitations that internet search engines can bring, such as content being subject to local, country-specific data protection regulation, allowing removal of un-favourable information.
• Understanding the functionality of the search engine, so that users are able to appropriately conduct advanced searches, in order to use it effectively and not be overburdened with a significant number of false positives.

6. What needs to be created when developing an NNS framework? When setting up NNS controls, it is imperative that firms do not simply do so without creating the necessary controls around it to ensure maximum effectiveness. This includes documenting detailed procedures to provide searchers with the necessary guidance to carry out the NNS; from conducting the search, to investigating, to stipulating specific rationale for escalating and discounting of potential hits. Roles and responsibilities should be documented so that it is clear who has the responsibility to not only carry out the search, but also who has responsibility for making decisions on escalated negative media surrounding the customer. Appropriate training should be delivered to those with responsibilities, and management information should be compiled to provide senior management with appropriate oversight of the risks such media brings to the firm.

7. How often should NNS be conducted? This should be guided by a firm’s business-wide risk assessment, based on the firm’s inherent customer risk profile. If a firm utilises a screening system, which conducts ongoing screening on a regular basis; this is likely to be either daily, weekly or monthly depending on the firm’s customer risks. Consequently, conducting a manual search in the tool at periodic review or a trigger event review is rendered redundant. However, firms may wish to think about applying a manual internet search engine search at periodic or trigger event for higher risk customers, as an additional bit of due diligence; one part of a firm’s enhanced due diligence framework.

8. How can firms be confident in the approach – All firms should have a quality control (QC) and quality assurance (QA) framework of its of systems and processes. QC is a 4-eye check on a conducted control at the event, i.e. once an analyst has completed CDD on the customer, an individual checks the file to ensure all requirements have been satisfied, such as NNS. QA is for the firm’s Compliance team to conduct, when reviewing a sample of controls as part of the firm’s compliance monitoring programme. The Firm’s QA should include a sample review of newly onboarded CDD files, which will include NNS, as well as ongoing NNS conducted on a frequent basis. The size of the sample and the frequency of the 2^nd line of defence QA, will again depend on the firm’s business-wide risk assessment.

In conclusion, NNS is a tool which all firms should utilise in some fashion, but appropriate controls need to be developed to help it be effective and proportionate to a firm’s inherent risk profile.