Skip to content
BOL Conferences
Thread Options
#2019365 - 06/09/15 08:19 PM OFAC lists
Trees Offline
Power Poster
Joined: Apr 2005
Posts: 4,013
Two part question.
We use Bridger. We currently have numerous lists that are scanned against our database. In addition to the SDN lists with have FBI ists, lists from other countries, BIS lists, etc. etc. In chatting with another bank recently, I learned that banks are not actually expected to have every list that exists, that, for OFAC purposes, we are supposed to scan for matches on the SDN lists. Please confirm your understanding of which lists we are expected to be using when we scan for matches.

The 2nd part of this questions. Lists including names, SSNs and dates of births are easy to work. Other lists do not include dates of birth. So, we have a dilemma. We look at names. They match then we move on to potential for a match. We look at the time the person was a customer with us, etc. so, on a risk basis we feel that someone living in our community for 10 years would unlikely be a true match. However, we would be interested in your process for dealing with "matches" that you can't quickly determine that they are false matches.

Thanks!

Return to Top
BSA/AML/CIP/OFAC Forum
#2019382 - 06/09/15 08:45 PM Re: OFAC lists Trees
edAudit Offline
Power Poster
edAudit
Joined: Jul 2008
Posts: 4,796
You are here
1) from a fraud perspective why would you not wish to know if the customer is on the FBI list as a crook.

2) most of the time it is not a direct 100% match and those who are a google search of the bad guy usually brings up the info and a picture.
_________________________
Opinions can be considered as coming from anywhere but my employer.

CAMS


Return to Top
#2019438 - 06/10/15 12:53 PM Re: OFAC lists Trees
ACBbank Offline
Power Poster
ACBbank
Joined: Jul 2006
Posts: 4,344
New York City
1. As far as I'm aware, you are not required to screen bank customers against any list, including OFAC's SDN List. However, there are many good reasons to do so, including you do not violate US sanctions, permit a serious illegal actor to open an account, etc. List screening is risk based and should be addressed in your OFAC/Sanctions Risk Assessment.

2. We don't use Bridger, but have the same issue with World Check. The procedure I implemented has three different types of results. Negative, Positive and Possible. Negative hits are easy enough and don't require further discussion. Possible and even positive matches may not require further work either, depending on the source list. Would you investigate a possible match to the SDN List? Absolutely. The 311 List ? Yes. However, when you get into some of the more obscure lists, how far you go to disposition a hit is risk based. Can I live with a possible match to a guy who didn't pay his taxes in Ireland 5 years ago? Yes I can.
_________________________
"100 victories in 100 battles isnt the most skillful. Subduing the other's military w/o battle is the most skillful." Sun-Tzu

Return to Top
#2019444 - 06/10/15 01:01 PM Re: OFAC lists Trees
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
Some vendors gratutiously add sundry lists to give some "value added" information. The perception of value is their own. My personal favorite is the FBI's Most Wanted list. (At one time I could find 3 of the names in the Louisville phone book. I sincerely doubt they are the same people.)

As ACB notes, a bank has the right to conclude that it is a gross waste of time to chase these things down. If you reach that conclusion, suggest the vendor take out "the extra stuff" and just give you what you asked for.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#2019458 - 06/10/15 01:31 PM Re: OFAC lists Trees
Trees Offline
Power Poster
Joined: Apr 2005
Posts: 4,013
Thanks, all. Personally, the US lists, for the most part, are easy to review and code as they include birth dates and/or SSNs. The SDN lists generally have enough info to verify matches. We were having a lot of problems with the obscure lists, esp. if they don't have info. This is particularly true of the lists that provide a name, a bunch of reference codes (like trail references or similar) that requires reading through the info and, even then its not always enough info to make a decision.

We need to create a process for reviewing the lists and determining how we will proceed with the not so obvious matches. Translated this means a risk based process.

Return to Top
#2019468 - 06/10/15 01:46 PM Re: OFAC lists Trees
edAudit Offline
Power Poster
edAudit
Joined: Jul 2008
Posts: 4,796
You are here

We need to create a process for reviewing the lists and determining how we will proceed with the not so obvious matches. Translated this means a risk based processwhatever the regulator will accept process.


Fixed

If it was truly a risk based approach you would scan very little if anything.
_________________________
Opinions can be considered as coming from anywhere but my employer.

CAMS


Return to Top
#2019514 - 06/10/15 03:21 PM Re: OFAC lists Trees
Buddy the Elf Offline
Platinum Poster
Buddy the Elf
Joined: May 2002
Posts: 975
first lily pad on the right
We also use Bridger and they do provide a TON of lists; as Ken stated, "value added" information. But all they do is create false positives and a lot of unnecessary, extra work.

Our risk-based approach allowed us to whittle down scanning only the lists we identified as applicable in our risk assessment. We also changed the scores to ensure that we didn't get overwhelmed with false positives. We have real-time scanning (used by tellers and new accounts) and we have a weekly batch scan and we use different lists for each. The real-time scan does not include PEPs but we do include that in our weekly scanning.
_________________________
CAMS

Return to Top
#2019674 - 06/10/15 09:04 PM Re: OFAC lists Trees
Trees Offline
Power Poster
Joined: Apr 2005
Posts: 4,013
edAudit: Said that wrong. We need to come up with procedures that describe, in detail, our review [process. Easy false hits versus how to handle potential matches but where, based on our customer info, we are pretty certain that the match is a false match.The risk based refers to how we will proceed through the match. Easy response=OK.

Return to Top
#2019676 - 06/10/15 09:07 PM Re: OFAC lists Trees
Elwood P. Dowd Offline
10K Club
Elwood P. Dowd
Joined: Aug 2001
Posts: 21,939
Next to Harvey
Again, rather than build a mechanism to deal with the vendor's excesses, just ask them to take all of the garbage out and just give you what you want.
_________________________
In this world you must be oh so smart or oh so pleasant. Well, for years I was smart. I recommend pleasant.

Return to Top
#2019789 - 06/11/15 02:27 PM Re: OFAC lists Trees
Buddy the Elf Offline
Platinum Poster
Buddy the Elf
Joined: May 2002
Posts: 975
first lily pad on the right
Trees, you have the ability to choose which lists you want to scan against, provided you have that level of security authority. It's not something that Bridger has to deal with for you- you can manipulate it at your institution to fit your needs.
_________________________
CAMS

Return to Top
#2019869 - 06/11/15 04:29 PM Re: OFAC lists Trees
Trees Offline
Power Poster
Joined: Apr 2005
Posts: 4,013
Agreed. Prior to asking Bridger to remove certain of the lists, I wanted to see whether or not we were along in the world to discontinue checking every list every which way. Then, with what is left, we will update our written procedures (we have some but not robust enough) describing when we will use the lists and how we will make our determinations.

Return to Top

Moderator:  Andy_Z