Best Practices
The below listed best practices are based on our experience with customers who use our smart name-matching technology (API version 2.0+).
There is no ‘one fits all’ balance between under-defining (many false positives) and over-defining (possible false negatives) the screening as this largely depends on the data quality of the business partner data as well of the specific Sanctions List and also the 'risk appetite', exposure to high-risk customers/countries and the compliance resources any organization has.
Our smart name-matching technology helps to reduce false positives without the trade-off of a higher risk of false negatives. The API returns for every search result a Confidence Score between 0 and 1, 1, meaning it's a 100% exact match. The confidence score takes several factors into consideration, which are explained below and which also can be customized based on your specific use case.
The confidence score is a weighted matching score calculated based on individual field scores for all parameters used in the search request.
For fields with the _scoring_weight suffix, you can change the relative weight of that field compared to the others for the confidence_score. We usually recommend using the default values as those are based on best practices, but depending on your specific situation, it can make sense to change them.
If a field does not have a _scoring_weight suffix, it means that only exact matches are returned for searches using that specific field.
The score_if_null parameter allows changing the percentage of the respective field weight, which is applied when there is no data in the database record for that field.
For example, if you are defining your search with name and year_of_birth - the API will score all records with a match in both fields and will then also apply a value defined in score_if_null for records that don’t have data for those fields. The data quality in Sanctions lists varies a lot: In some lists only 50% of all records have a year_of_birth field, while in other lists (for example OFAC's SDN list) 100% of all records include that data point.
The min_score parameter filters all results with a lower score than the defined threshold. We recommend starting with a 0.8 or 0.85 threshold.
For Individuals, a good approach for example, is to start with the Full Name and the Date of Birth (DOB) or Year of Birth (YOB for a ‘wider’ approach) and the Entity_Type "Individual" in your search request. Usually, these two data points are sufficient and lead already to good results with our smart matching technology. Including additional data points like Nationality, Passport IDs and/or Addresses in your search request can help reduce further the number of false positives. (If you use any of the country fields please make sure to use the country information in ISO 3166-1 alpha-2 format).
A recommendable approach for Entity screening is to use the Name of the Organization along with the Country of Residency field ( ISO 3166-1 alpha-2 format) and Entity Type = "Entity". This will usually lead to good results, and with our name-matching algorithm, you don't need to remove legal forms like LLC, INC etc.
Our database also contains vessel/aircraft names and IDs as well as Crypto Wallet Addresses, which can be searched for in the respective fields.
sanctions.io also provides the ability to screen your customers/business partners also against jurisdictions that are sanctioned, either comprehensively (embargo) or sectoral, or defined by FATF as high-risk jurisdictions.
To include this feature in your screening setup, the following simple steps are necessary:
- Include the country of residence of your business partner in your search request (country_residence field)
- Make sure the required data sources are included in the data_source field. (For example, OFAC-COMPREHENSIVE, FATF) See our comprehensive list of all Targeted Sanctions Lists and High-Risk Jurisdictions Lists in Sanctions & Watchlists.
Please refer to the recommendations above, "Screening for Individuals". For PEP screening, you just need to include the "PEP" data source in the data_sources field.
The above-discussed screening setups should be a good starting point for most organizations. The performance of this setup should be continuously analyzed and fine-tuned over time.