Customer Screening and Sanctions Lists

Customer Screening and Sanctions Lists

Screening compares customers, related parties, and transactions against authoritative lists to prevent prohibited dealings and to flag higher-risk relationships. CAMS distinguishes sharply between sanctions screening (a legal prohibition — you must block or reject) and PEP / adverse-media screening (risk indicators — you apply Enhanced Due Diligence, not a block).

The key lists

OFAC strict liability

U.S. Office of Foreign Assets Control (OFAC) sanctions are strict liability: a violation can occur even with no intent or knowledge. Dealing with an SDN — even an unknowing wire to a front company — exposes the institution to civil penalties. Sanctions are list-based and jurisdiction-based (e.g., comprehensive country programs), and OFAC applies the 50% Rule: an entity owned 50% or more, directly or indirectly, by one or more blocked persons is itself blocked, even if not named on the list. This is a heavily tested point.

Worked example. A customer wires funds to a company not on the SDN List, but that company is 60% owned by an SDN. Under the 50% Rule the recipient is blocked by operation of the rule; the FI must reject or block consistent with the program and report to OFAC. Treating it as 'no match' because the name is not literally listed is the classic error.

Match handling

Screening engines use fuzzy matching to catch aliases, transliterations, and misspellings (e.g., 'Mohammed' vs 'Muhammad'). Each alert is triaged:

• True (positive) match: block/reject per program, escalate, and file the required report (to OFAC for U.S. sanctions; SAR if criminal suspicion arises).
• False positive: documented as a non-match (e.g., different date of birth, place, or identifiers) and cleared with rationale.

Sanctions vs PEP vs adverse media

• Sanctions hit → block or reject. Not negotiable; no risk-rating discretion.
• PEP match → EDD. PEPs are not prohibited; apply source-of-wealth checks, senior approval, and enhanced monitoring. Status can extend to family members and close associates.
• Adverse media → investigate. Negative news (fraud, corruption allegations) feeds the risk rating and may prompt EDD or exit, but is not itself a legal block.

Common traps

First, do not conflate sanctions with PEP handling — a sanctions hit is blocked, a PEP triggers EDD. Second, the 50% Rule means an unlisted entity can still be blocked through ownership; screening must consider ownership, not just names. Third, OFAC liability is strict, so 'we didn't know' is not a defense — robust screening and a documented process are the controls. Fourth, screening must be ongoing, not just at onboarding: lists update constantly, so the entire book is rescreened when lists change. Fifth, clearing a true match because the customer is valuable is sanctions evasion.

The CAMS-correct answer blocks/rejects and reports on a sanctions hit, applies EDD on PEP/adverse-media flags, and documents every match decision.

Blocking versus rejecting

U.S. sanctions distinguish two actions that the exam tests. Blocking (freezing) applies when a transaction involves a blocked person or property: the funds must be placed into a blocked, interest-bearing account and reported to OFAC within 10 business days, and they cannot be returned without an OFAC license. Rejecting applies when a transaction is prohibited but no blockable interest is present (for example, a payment to a sanctioned jurisdiction with no blocked party): the FI refuses to process and returns it, also reporting to OFAC.

Choosing the wrong action — returning funds that should have been frozen — is itself a violation, which is why match disposition is a controlled, documented decision.

Screening scope and timing

Screening is not a one-time onboarding check. Lists update frequently, so the institution must rescreen its entire customer base when a list changes, and filter transactions in real time (especially cross-border payments) before they settle. Screening scope also extends beyond the named customer to related parties — beneficial owners, directors, signatories, and the counterparties to payments. A program that screens only the account holder but not the beneficial owners or payment counterparties has a coverage gap that the exam will flag.

Tuning and the false-positive burden

Name screening is inherently noisy because of common names, transliteration, and aliases. A filter set too sensitive can generate thousands of false positives, overwhelming analysts and creating customer friction; set too loose, it misses true matches and creates strict-liability exposure. The institution tunes matching thresholds as a governed, documented, periodically tested decision, and uses good identifiers (date of birth, place, identification numbers) to disposition matches quickly. The exam-correct view is that tuning is a deliberate risk decision, never an unsupervised technical tweak.

A worked PEP-plus-adverse-media scenario

A prospective private-banking client is a senior foreign government official (a PEP) whose name appears in news articles alleging procurement corruption, but who is not on any sanctions list. The disciplined response separates the signals: there is no sanctions hit, so no block, but the combination of PEP status and credible adverse media demands Enhanced Due Diligence — establish source of wealth, obtain senior management approval, apply enhanced ongoing monitoring, and decline or exit if the corruption concerns cannot be satisfactorily resolved.

Treating this as a sanctions block would be wrong, and treating it as an ordinary low-risk onboarding would ignore clear high-risk indicators. The CAMS principle: match the action to the list type — block on sanctions, escalate to EDD on risk indicators — and document the reasoning either way.