Introduction

The External Searches feature within the system facilitates the ongoing monitoring of entities against various sanction lists, PEP lists and adverse media sources. The system provides two main sources against which searches can be made:

• Searches against EU, UN and ARB sanctions – this is provided as standard within the InScope-AML software (referred to in this document as ‘free sanction list’).
• Searches against the sanction, PEP and adverse media lists maintained by Acuris Risk Intelligence via our partner StartKYC – which is optional, and adopted and paid for at the discretion of the licensee.

N.B. ARB sanctions are only applicable to Maltese clients.

Module Overview

Regardless of which sources are configured, the system follows the below process:

• Upon creation of a new entity in the system, a specific search profile is attached to the entity. This search profile determines what external source(s) will be used, as well as a number of parameters, such as monitoring frequency and matching precisions.
• Once an entity is associated with a search profile, the system runs the specific search in the background. In the case of free sanction lists, results are available within a few minutes, while searches made against StartKYC may take up to 48h depending on time the entity profile is created.
• Once a search is completed, the system creates a new search record against the entity and if there are any hits, a warning shown on the main dashboard of the system is generated. If ongoing monitoring is enabled, the system performs regular checks against the sources and whenever new hits are found, a new search record is opened and warnings are generated and displayed on the dashboard.
• A warning generated as part of the External Searches feature can only be cleared once a user with appropriate permissions reviews the hits and closes the search. When closing the search, a comment is always mandatory. 
• Custom fields can be specifically created to be filled in as part of a search closure. This could be used to specify what information is to be manually extracted by the reviewer as part of the process. For example, custom fields such as Has Sanctions or Is PEP can be created, and the user acting as reviewer will have to specify their values based on the hits reviewed. These custom fields could then be linked to appropriate risk scores, or trigger enhanced due diligence.
• Once a search is closed, it cannot be re-opened (unless the Allow Re-Opening of Searches option is configured on the account) and the record cannot be modified.

Entity Status

All entities within the system have an assigned status that determines whether warnings are generated or not. This applies to all warnings (e.g. expiry of ID document, missing details, etc.).  This status is determined as follows:

• For onboarding or serviced entities: warnings are always generated;
• For terminated entities: warnings are generated until the date specified by the user (which could be after the termination date);
• For non-clients: warnings are only generated if the entity is within the structure of an onboarding or serviced entity or a terminated entity for whom warnings are still being generated.

Free Sanction Searches

Sources and Ongoing Monitoring

The source of EU, UN and ARB sanctions searches is the publicly available XML files published by their respective bodies:

• Consolidated list of persons, groups and entities subject to EU financial sanctions – available here: https://webgate.ec.europa.eu/europeaid/fsd/fsf
• United Nations Security Council Consolidated List – available here: https://www.un.org/securitycouncil/content/un-sc-consolidated-list
• Court Orders notified by the Courts of Criminal Jurisdiction of the Maltese Islands to ARB – available here: https://assetrecovery.mt/court-orders/

The system is configured to check if these lists have been updated, on a daily basis. This is done via a workflow that runs outside office hours, typically at around 3h00 in the morning (although this could be different on some installations of InScope-AML). If a new file is found on either server, the file is downloaded, parsed and saved to a local database. The system then goes through all entities saved within the system and compares each entity to the sanctioned entities, generating the relevant warnings when hits are found.  Note that on certain installations of InScope-AML, not all entities can be processed within a single nightly run and this process can be spread across multiple days.

Hit Comparison

During this process, the system has to determine:

• Whether an entity within the system database is a match with a particular sanctioned entity;
• Whether the match constitutes a new match that was not previously reviewed by an user in the system;
• Whether a previously reviewed match has been updated such that new information can be presented to the user.

If any of the above three criteria are found to be true, a search record is created for the entity, and the relevant warning is generated. 

The following rules are applied when comparing an entity within the system database with a sanctioned entity:

• When comparing an individual, the system considers a combination of first name, last name, date of birth, nationality, country of residence and ID card number; 
• For companies and organizations, the name and country of registration are used;
• When comparing textual elements (e.g. names), partial matches that account for minor spelling mistakes are considered;
• For companies or organizations, terms that are commonly found in company names (e.g. the word “Limited” are ignored);
• The output of this matching process is a score that specifies how confident the system is that the entity within the system database is the sanctioned entity being compared to. A score of 100 indicates that there are perfect matches across a number of fields;
• If the score is above a defined threshold, the system considers this to be a hit.

If the hit has already been reviewed by the user, the system determines whether anything has changed that might require it to re-open the search and alert the user. For companies, a hit is considered to be different if the name or country of registration is different to that previously reviewed by the user. For individuals, there are two approaches that can be used:

• Simplified Comparison: The new hit is compared against the previously reviewed hit along with the first and last name, the nationality, the country of residence, the ID document type/number and issuing country or the date of birth;
• Enhanced Comparison: Using this approach, a hit is considered to be worth re-considering if there are changes to other elements within the sanctioned entity’s details such as quality of alias, ID card issue or expiry date, and full address.

Providing that an entity belongs to a search profile that supports free sanction searches, the system carries out sanction searches on a regular basis as described above.  However, if an entity is not enabled for warnings, no warnings are generated.

StartKYC Searches

The system supports two types of StartKYC searches:

• Manual Searches that provide a single instantaneous result. Each manual search uses 1 StartKYC credit;
• Automatic Monitors that provide a first result within a number of hours but then provide regular updates (depending on the monitoring frequency set) for a year. 

For more information about what sources are used by StartKYC, please review the material posted on www.startkyc.com or contact them for more information.

Automatic Monitors

If automatic monitors are set up, the system is configured to receive updates from StartKYC such that, when a new result is found, StartKYC sends a message to InScope-AML, which triggers a new search record being opened against the entity, and a warning generated accordingly. If no new results are sent by StartKYC for an extended period of time, InScope-AML requests an update from StartKYC to ensure that there have been no new results against the monitored entity.

Once an automatic monitor is set up, it is automatically renewed by StartKYC every year, and a credit is used up upon every renewal. Automatic monitors are only created for entities that are enabled for warnings. If an entity that was enabled for warnings stops being enabled for warnings, or its search profile changes such that it is not eligible for StartKYC searches, then the monitor is deleted a few days/weeks before it is due for an automatic renewal by StartKYC.  This ensures that if an entity’s status is changed in error and then the error is corrected immediately, no new monitor is created and no additional credits are used.

Configuration Options

Configuration of External Searches can be carried out at various levels.

Search Providers

The Search Provider screen enables system administrators to configure which search providers (free sanctions and/or StartKYC) are configured.  In the case of StartKYC, the system administrator will need to supply the relevant API username and passwords, provided by StaryKYC, in order to link their StartKYC account to InScope-AML.

Search Profiles

The Search Profiles screen enables system administrators to configure a number of profiles that determine what searches are carried against subsets of the entities defined within the system. A search profile specifies the following:

• For EU, UN and ARB sanctions:
  • Whether sanction searches are to be carried out at all;
  • Whether a simplified comparison is to be used when identifying if a sanction hit has changed;
  • The accuracy threshold. Note that the ideal value set here should be determined by system administrators after reviewing a number of results returned by the system and evaluating what percentage works best for them.  Since sanction searches and StartKYC use different matching rules, the threshold values may need to be set differently. In terms of EU, UN and ARB sanctions, we do not recommend setting this accuracy threshold to a value that is less than 85%.
• For StartKYC:
  • Whether manual searches or automatic monitors are allowed;
  • The monitor threshold;
  • The monitor frequency (e.g. daily, weekly, monthly).

Once a profile is set up, system administrators can select a segment (a subset of entities within the system) for whom this segment is automatically applied to. This can be used to define rules such as:

• Enabling StartKYC searches on UBOs above a certain threshold, while keeping UBOs below the threshold set up for free sanction searches.
• Setting the sanction threshold to a higher value for local individuals, while setting a lower value for foreign individuals.

Permissions

The following permissions allow users to interact with the External Searches in different ways:

• System Administrator: Can set the configuration options for Search Providers and Search Profiles.
• Manual External Searches / Override Profiles: Can run manual searches or change the search profile for a specific entity.
• Check Entity External Searches: Can do the first review of the external search results.  
• Approve Entity External Searches: Can approve the closure of the external search after a first review detailed.

Error Handling

In addition to generating warnings for hits, the system also provides the following information:

• If a generic error occurs while running nightly updates (e.g. the EU, UN and ARB server is inaccessible), the respective workflow is marked as failed, and the user is encouraged to either restart the workflow to try again or contact InScope-AML support desk for assistance.
• If an error occurs while running an external search on a particular entity, a warning is generated against that entity.