Using Low-Code Platforms
Your CRM system is the single source of truth for all your customer and business partner data and hence it is a great place for integrating your Sanctions screening process right there. In this article, we will explain how you can integrate a simple Sanctions screening process and even use your CRM system as a simple case management tool without any coding involved.
Screening processes and workflows differ naturally between different organizations but we will use a very basic example for a simple and straightforward process:
- Perform a sanctions screening based on the Full Name of our business partner right when the information is entered or updated in Pipedrive AND also regularly once a month for all existing records.
- If there is a match:
- Record the search query and the results from the sanctions.io API in an Audit Trail spreadsheet (Google Sheet)
- Update the Sanctions flag in Pipedrive to “Blocked”.
- Send an Email notification to a predefined user or user group
- The compliance team can ‘whitelist’ the business partner by changing the Sanctions flag in Pipedrive to “Whitelisted” – this will exclude the record from future screenings
For our example, we will use
- Pipedrive as our CRM system
- Google Sheets for our Audit Trail spreadsheet
- Integromat/MAKE as our low-code ‘engine’
- Our sanctions.io API
In order that we can use Pipedrive also as our case management tool for Sanctions screenings we need to add a custom field “Sanctions flag” that will allow us to flag a person or organization as ‘blocked’ or ‘whitelisted’. This field needs to be created for both, the person and also for the organization object.
For Audit and transparency reasons you want to record all your Sanctions matches including the search query and respective results. We are using GSheet for this and have set up the following structure:
Column Headers in GSheet: Timestamp, Pipedrive ID of respective person or organization, Search Query, Result Names, Result Alternative Names, Result Addresses
Integromat (now MAKE) is an awesome low-code automation and workflow tool which we will use for this example. But you can also use similar tools such as Zapier or even more advanced enterprise tools such as Appian.
In total we will need four different Scenarios:
- Sanctions check whenever a Person is added or updated
- Sanctions check whenever an Organization is created or updated
- Regular Sanctions check once a month for all Person records
- Regular Sanctions check once a month for all Organization records
This scenario will perform an API call to our sanctions.io API each time a new person has been created or any person has been updated.
By including also all updates we make sure that we also cover transaction screenings – but this can be different in your process. Since we use Pipedrive as our single source of truth we also record any transaction in our Pipedrive system and hence this will automatically trigger a new Sanctions screening as well.
As you can see above our Integromat Scenario only contains seven process steps:
- The process is triggered by any new or updated Person record
- It will perform an API call to our sanctions.io API for all records that are not flagged as “blocked” or “whitelisted”. (This example only uses a simple Name search without any fuzzy algorithm or additional information. Finding the optimal search approach depends on your ‘risk appetite’, the number of false positives and resources to investigate, and risk exposure in your specific market.)
- Formatting the API results into JSON bundles that we can work with in the next steps
- If there is a match it will update the Sanctions Flag field in Pipedrive with “Blocked”
- It then will iterate through all matches and record these in our Audit Trail GSheet
- At the same time, it will send an email notification to a pre-defined contact that it has detected a Sanctions match
This scenario looks exactly the same as in a) except we changed the trigger to fire whenever a new Organization is added or updated and also changed the fields to be updated in Pipedrive to the Organization fields. The rest of the process is exactly the same.
In order to optimize our process and reduce the risk of doing business or interacting with any sanctioned party, we also perform regular checks (once a week) for all Persons and Organizations in our CRM system – independent of any transactions. In Integromat we basically copied the two scenarios above and just changed the trigger to time-based (every Monday) and integrated an Iterator step in order to go through all records and perform the process one by one.
- All Integromat scenarios above (just email us and we are happy to send this over to you)