A Guide to Watchlist Management (WLM) – Part One

A Guide to Watchlist Management (WLM) – Part One

WLM
WLM

CHRISOL CORREIA

12 May 2023

Watchlist Management

Watchlist Management

Watchlist Management

Watchlist Management

Watchlist Management

Watchlist management (WLM) is a collective term for the processes and tools used to retrieve, check and prepare watchlist data for use in a screening engine. Whilst a long-established component in financial crime risk management controls, WLM is an often-overlooked activity.

 However, the operational challenges of today's compliance environment - growing watchlist size, the increasing scope of regulatory purpose and the high velocity of change - is compelling institutions to reassess WLM performance and capacity.

In context, this document provides a summary of WLM definitions, an assessment of changing regulatory requirements and the subsequent effects on operations. Part Two of this document focuses on the functional requirements of systems designed to meet contemporary WLM challenges.

Definition

Watchlist Management (WLM)

The collective term for the processes and tools used to ensure the timely and consistent delivery of all the watchlist data required for sanctions, AML or similar compliance screening.

In this context, the creation of watchlist data is a precursor to WLM; and screening is a subsequent activity of WLM. Therefore, this document is focused on WLM processes and technology, not content curation or name matching.

Watchlists

Watchlists in customer or transaction screening. Watchlists include:

  • Sanctions and other official lists: Public domain information published by governments, regulators, central banks, intelligence or law enforcement agencies and international organisations.

  • Private lists: Risk lists are published by official organisations or trade associations and circulated privately to selected institutions.

  • Commercial: Private sector data services that research and aggregate comprehensive risk information. Typically includes sanctions, PEP and adverse media coverage.

  • Black or block lists: Lists are designed to prevent the provision of services to individuals or entities with a high-risk profile. Built internally and unique to an organisation.

  • White or pass lists: Internal lists created by an institution to reduce operational friction caused by persons or entities having similar names to unrelated risk factors, or that are a pre-approved exception to a screening policy.

Example of a basic sanctions WLM process

A government agency adds new targets to its sanctions list.

An obligated institution’s WLM process must:

  • identify proactively the availability of a sanctions list update, within a timeframe commensurate to the institution’s risk profile

  • retrieve and extract the new data

  • transform the data into the format required by incumbent screening technologies

  • distribute the new watchlist data to screening operations

  • repeat the above using an automated continuous process, with auto-logging, exception handling and alerting

WLM in operation

WLM is an established activity in large Financial Institutions and common in entities with screening obligations. It is often provided as a native feature of screening solutions. Functionality is typically limited to automated retrieval from the disparate public, private, commercial or internal watchlist sources, followed by ETL that delivers watchlist data into the format required by the incumbent screening technology. These formats are often proprietary to a particular software vendor. Institutions may need to implement retrieval and ETL tasks for every different screening solution in use.

Efficient watchlist management strategies play a vital role in financial crime risk management controls, ensuring that screening processes remain robust and effective. 

Typical challenges of these scenarios include:

  • Complexity. Multiple screening solutions wired for point-to-point retrieval from multiple watchlist data sources

  • Duplication. Tasks replicated several times by different technologies in a screening solution stack

  • Disparity. Solution-specific WLM processes with little harmonisation of data quality assurance or workflow

  • High maintenance. Reliance on manual processes to plug gaps in enterprise-wide capabilities

  • Limited insights. Diversity of processes results in operations intelligence or regulatory reporting that are based on incomplete or old data

Despite these challenges, institutions have invested significantly in WLM technologies and staff, resulting in operational capabilities that are most effective, but not necessarily efficient. In parallel, commercial watchlist data vendors have developed robust and resilient processes to ensure that data is delivered to customers on a timely basis and to the required standards of accuracy and completeness.

However, the growing operational challenge of ensuring effective, continuous and consistent standards of compliance effectiveness is making it increasingly difficult for financial institutions to sustain or enhance the performance or efficiency of contemporary WLM.

What’s changed?

New compliance obligations

Over the years, the scope, scale and complexity of the data required for sanctions and AML compliance screening have increased steadily. In response, institutions have made sustained investments in technology, people and processes to ensure that screening operations deliver effective compliance in a manner that is operationally efficient. However, since the Russian invasion of Ukraine in 2022, the velocity, complexity and scale of the pace of change have increased exponentially, putting new and sustained pressure on WLM controls.

Evolving regulatory expectations

Not only have watchlists expanded significantly in scale and complexity, but the update frequency of many lists has also increased dramatically. This new sanctions landscape has led to new regulatory expectations of how institutions should ensure:

  • new watchlists, or watchlist deltas, enter screening operations promptly and without any loss of integrity

  • all required watchlist data is current and complete at any given time

  • evidence that the resilience of WLM systems is tested regularly

  • timely up-to-date reporting of all the above is available on demand

In response, institutions are now reviewing WLM infrastructure in the context of these expectations to make sure that adequate measures are in place to manage today’s compliance obligations effectively.

Operational constraints

WLM tools are fragmented across diverse geographies and lines of business; or spread over several screening technologies, particularly in large financial institutions. This tactical or organic heritage makes standardisation and harmonisation of processes very difficult. Additionally, there is a critical dependency on the native WLM features of screening technology. Institutions must ensure that screening vendors are investing continuously in WLM to ensure frictionless compliance, whilst also delivering the additional technical capacity that is required to manage increased list data volumes and complexity.

Growing demand for risk-based approach screening

The adoption of risk-based approaches to screening has been growing for years. The concept has many compliance benefits, including the prioritisation of the highest risks first. There are also operational drivers for implementing the concept, notably in client screening. The combination of increasing data volumes and risk types, particularly in large commercial watchlist services, has resulted in challenges that are progressively acute:

  • File size and processing time: Large watchlists can contain profiles for several million risk entities and this size increases every day. Many WLM and screening solutions struggle to process these large files quickly, particularly those reliant on older technologies that can take considerable time to import large volumes of data for screening.

  • Over-screening: Screening large watchlists against large customer lists will, inevitably, create a large number of potential matches. The disposition of these matches, the majority of which are false positives, is a time-consuming and expensive task. In this context, a risk-based approach to screening, using only the data required for a specific screening scenario, rather than all the data supplied in a commercial watchlist file, would reduce over-screening by “one-size-fits-all” screening and lower false positive volumes. However, many WLM tools do not have the functionality to segment and filter large watchlist files for increasingly specialised screening scenarios.

Summary

The combination of new regulatory obligations, evolving regulatory expectations, the constraints of incumbent technology and the imperative of achieving efficiencies presents a significant and sustained operational challenge that many contemporary WLM controls struggle to manage. While processes might be relatively effective, much WLM technology is inefficient, difficult to assure and has limited capacity for future needs.

Part Two of the guide to watchlist management discusses how institutions can implement innovative technologies for WLM that deliver greater compliance effectiveness and improved operational efficiency.

Watchlist management (WLM) is a collective term for the processes and tools used to retrieve, check and prepare watchlist data for use in a screening engine. Whilst a long-established component in financial crime risk management controls, WLM is an often-overlooked activity.

 However, the operational challenges of today's compliance environment - growing watchlist size, the increasing scope of regulatory purpose and the high velocity of change - is compelling institutions to reassess WLM performance and capacity.

In context, this document provides a summary of WLM definitions, an assessment of changing regulatory requirements and the subsequent effects on operations. Part Two of this document focuses on the functional requirements of systems designed to meet contemporary WLM challenges.

Definition

Watchlist Management (WLM)

The collective term for the processes and tools used to ensure the timely and consistent delivery of all the watchlist data required for sanctions, AML or similar compliance screening.

In this context, the creation of watchlist data is a precursor to WLM; and screening is a subsequent activity of WLM. Therefore, this document is focused on WLM processes and technology, not content curation or name matching.

Watchlists

Watchlists in customer or transaction screening. Watchlists include:

  • Sanctions and other official lists: Public domain information published by governments, regulators, central banks, intelligence or law enforcement agencies and international organisations.

  • Private lists: Risk lists are published by official organisations or trade associations and circulated privately to selected institutions.

  • Commercial: Private sector data services that research and aggregate comprehensive risk information. Typically includes sanctions, PEP and adverse media coverage.

  • Black or block lists: Lists are designed to prevent the provision of services to individuals or entities with a high-risk profile. Built internally and unique to an organisation.

  • White or pass lists: Internal lists created by an institution to reduce operational friction caused by persons or entities having similar names to unrelated risk factors, or that are a pre-approved exception to a screening policy.

Example of a basic sanctions WLM process

A government agency adds new targets to its sanctions list.

An obligated institution’s WLM process must:

  • identify proactively the availability of a sanctions list update, within a timeframe commensurate to the institution’s risk profile

  • retrieve and extract the new data

  • transform the data into the format required by incumbent screening technologies

  • distribute the new watchlist data to screening operations

  • repeat the above using an automated continuous process, with auto-logging, exception handling and alerting

WLM in operation

WLM is an established activity in large Financial Institutions and common in entities with screening obligations. It is often provided as a native feature of screening solutions. Functionality is typically limited to automated retrieval from the disparate public, private, commercial or internal watchlist sources, followed by ETL that delivers watchlist data into the format required by the incumbent screening technology. These formats are often proprietary to a particular software vendor. Institutions may need to implement retrieval and ETL tasks for every different screening solution in use.

Efficient watchlist management strategies play a vital role in financial crime risk management controls, ensuring that screening processes remain robust and effective. 

Typical challenges of these scenarios include:

  • Complexity. Multiple screening solutions wired for point-to-point retrieval from multiple watchlist data sources

  • Duplication. Tasks replicated several times by different technologies in a screening solution stack

  • Disparity. Solution-specific WLM processes with little harmonisation of data quality assurance or workflow

  • High maintenance. Reliance on manual processes to plug gaps in enterprise-wide capabilities

  • Limited insights. Diversity of processes results in operations intelligence or regulatory reporting that are based on incomplete or old data

Despite these challenges, institutions have invested significantly in WLM technologies and staff, resulting in operational capabilities that are most effective, but not necessarily efficient. In parallel, commercial watchlist data vendors have developed robust and resilient processes to ensure that data is delivered to customers on a timely basis and to the required standards of accuracy and completeness.

However, the growing operational challenge of ensuring effective, continuous and consistent standards of compliance effectiveness is making it increasingly difficult for financial institutions to sustain or enhance the performance or efficiency of contemporary WLM.

What’s changed?

New compliance obligations

Over the years, the scope, scale and complexity of the data required for sanctions and AML compliance screening have increased steadily. In response, institutions have made sustained investments in technology, people and processes to ensure that screening operations deliver effective compliance in a manner that is operationally efficient. However, since the Russian invasion of Ukraine in 2022, the velocity, complexity and scale of the pace of change have increased exponentially, putting new and sustained pressure on WLM controls.

Evolving regulatory expectations

Not only have watchlists expanded significantly in scale and complexity, but the update frequency of many lists has also increased dramatically. This new sanctions landscape has led to new regulatory expectations of how institutions should ensure:

  • new watchlists, or watchlist deltas, enter screening operations promptly and without any loss of integrity

  • all required watchlist data is current and complete at any given time

  • evidence that the resilience of WLM systems is tested regularly

  • timely up-to-date reporting of all the above is available on demand

In response, institutions are now reviewing WLM infrastructure in the context of these expectations to make sure that adequate measures are in place to manage today’s compliance obligations effectively.

Operational constraints

WLM tools are fragmented across diverse geographies and lines of business; or spread over several screening technologies, particularly in large financial institutions. This tactical or organic heritage makes standardisation and harmonisation of processes very difficult. Additionally, there is a critical dependency on the native WLM features of screening technology. Institutions must ensure that screening vendors are investing continuously in WLM to ensure frictionless compliance, whilst also delivering the additional technical capacity that is required to manage increased list data volumes and complexity.

Growing demand for risk-based approach screening

The adoption of risk-based approaches to screening has been growing for years. The concept has many compliance benefits, including the prioritisation of the highest risks first. There are also operational drivers for implementing the concept, notably in client screening. The combination of increasing data volumes and risk types, particularly in large commercial watchlist services, has resulted in challenges that are progressively acute:

  • File size and processing time: Large watchlists can contain profiles for several million risk entities and this size increases every day. Many WLM and screening solutions struggle to process these large files quickly, particularly those reliant on older technologies that can take considerable time to import large volumes of data for screening.

  • Over-screening: Screening large watchlists against large customer lists will, inevitably, create a large number of potential matches. The disposition of these matches, the majority of which are false positives, is a time-consuming and expensive task. In this context, a risk-based approach to screening, using only the data required for a specific screening scenario, rather than all the data supplied in a commercial watchlist file, would reduce over-screening by “one-size-fits-all” screening and lower false positive volumes. However, many WLM tools do not have the functionality to segment and filter large watchlist files for increasingly specialised screening scenarios.

Summary

The combination of new regulatory obligations, evolving regulatory expectations, the constraints of incumbent technology and the imperative of achieving efficiencies presents a significant and sustained operational challenge that many contemporary WLM controls struggle to manage. While processes might be relatively effective, much WLM technology is inefficient, difficult to assure and has limited capacity for future needs.

Part Two of the guide to watchlist management discusses how institutions can implement innovative technologies for WLM that deliver greater compliance effectiveness and improved operational efficiency.

Watchlist management (WLM) is a collective term for the processes and tools used to retrieve, check and prepare watchlist data for use in a screening engine. Whilst a long-established component in financial crime risk management controls, WLM is an often-overlooked activity.

 However, the operational challenges of today's compliance environment - growing watchlist size, the increasing scope of regulatory purpose and the high velocity of change - is compelling institutions to reassess WLM performance and capacity.

In context, this document provides a summary of WLM definitions, an assessment of changing regulatory requirements and the subsequent effects on operations. Part Two of this document focuses on the functional requirements of systems designed to meet contemporary WLM challenges.

Definition

Watchlist Management (WLM)

The collective term for the processes and tools used to ensure the timely and consistent delivery of all the watchlist data required for sanctions, AML or similar compliance screening.

In this context, the creation of watchlist data is a precursor to WLM; and screening is a subsequent activity of WLM. Therefore, this document is focused on WLM processes and technology, not content curation or name matching.

Watchlists

Watchlists in customer or transaction screening. Watchlists include:

  • Sanctions and other official lists: Public domain information published by governments, regulators, central banks, intelligence or law enforcement agencies and international organisations.

  • Private lists: Risk lists are published by official organisations or trade associations and circulated privately to selected institutions.

  • Commercial: Private sector data services that research and aggregate comprehensive risk information. Typically includes sanctions, PEP and adverse media coverage.

  • Black or block lists: Lists are designed to prevent the provision of services to individuals or entities with a high-risk profile. Built internally and unique to an organisation.

  • White or pass lists: Internal lists created by an institution to reduce operational friction caused by persons or entities having similar names to unrelated risk factors, or that are a pre-approved exception to a screening policy.

Example of a basic sanctions WLM process

A government agency adds new targets to its sanctions list.

An obligated institution’s WLM process must:

  • identify proactively the availability of a sanctions list update, within a timeframe commensurate to the institution’s risk profile

  • retrieve and extract the new data

  • transform the data into the format required by incumbent screening technologies

  • distribute the new watchlist data to screening operations

  • repeat the above using an automated continuous process, with auto-logging, exception handling and alerting

WLM in operation

WLM is an established activity in large Financial Institutions and common in entities with screening obligations. It is often provided as a native feature of screening solutions. Functionality is typically limited to automated retrieval from the disparate public, private, commercial or internal watchlist sources, followed by ETL that delivers watchlist data into the format required by the incumbent screening technology. These formats are often proprietary to a particular software vendor. Institutions may need to implement retrieval and ETL tasks for every different screening solution in use.

Efficient watchlist management strategies play a vital role in financial crime risk management controls, ensuring that screening processes remain robust and effective. 

Typical challenges of these scenarios include:

  • Complexity. Multiple screening solutions wired for point-to-point retrieval from multiple watchlist data sources

  • Duplication. Tasks replicated several times by different technologies in a screening solution stack

  • Disparity. Solution-specific WLM processes with little harmonisation of data quality assurance or workflow

  • High maintenance. Reliance on manual processes to plug gaps in enterprise-wide capabilities

  • Limited insights. Diversity of processes results in operations intelligence or regulatory reporting that are based on incomplete or old data

Despite these challenges, institutions have invested significantly in WLM technologies and staff, resulting in operational capabilities that are most effective, but not necessarily efficient. In parallel, commercial watchlist data vendors have developed robust and resilient processes to ensure that data is delivered to customers on a timely basis and to the required standards of accuracy and completeness.

However, the growing operational challenge of ensuring effective, continuous and consistent standards of compliance effectiveness is making it increasingly difficult for financial institutions to sustain or enhance the performance or efficiency of contemporary WLM.

What’s changed?

New compliance obligations

Over the years, the scope, scale and complexity of the data required for sanctions and AML compliance screening have increased steadily. In response, institutions have made sustained investments in technology, people and processes to ensure that screening operations deliver effective compliance in a manner that is operationally efficient. However, since the Russian invasion of Ukraine in 2022, the velocity, complexity and scale of the pace of change have increased exponentially, putting new and sustained pressure on WLM controls.

Evolving regulatory expectations

Not only have watchlists expanded significantly in scale and complexity, but the update frequency of many lists has also increased dramatically. This new sanctions landscape has led to new regulatory expectations of how institutions should ensure:

  • new watchlists, or watchlist deltas, enter screening operations promptly and without any loss of integrity

  • all required watchlist data is current and complete at any given time

  • evidence that the resilience of WLM systems is tested regularly

  • timely up-to-date reporting of all the above is available on demand

In response, institutions are now reviewing WLM infrastructure in the context of these expectations to make sure that adequate measures are in place to manage today’s compliance obligations effectively.

Operational constraints

WLM tools are fragmented across diverse geographies and lines of business; or spread over several screening technologies, particularly in large financial institutions. This tactical or organic heritage makes standardisation and harmonisation of processes very difficult. Additionally, there is a critical dependency on the native WLM features of screening technology. Institutions must ensure that screening vendors are investing continuously in WLM to ensure frictionless compliance, whilst also delivering the additional technical capacity that is required to manage increased list data volumes and complexity.

Growing demand for risk-based approach screening

The adoption of risk-based approaches to screening has been growing for years. The concept has many compliance benefits, including the prioritisation of the highest risks first. There are also operational drivers for implementing the concept, notably in client screening. The combination of increasing data volumes and risk types, particularly in large commercial watchlist services, has resulted in challenges that are progressively acute:

  • File size and processing time: Large watchlists can contain profiles for several million risk entities and this size increases every day. Many WLM and screening solutions struggle to process these large files quickly, particularly those reliant on older technologies that can take considerable time to import large volumes of data for screening.

  • Over-screening: Screening large watchlists against large customer lists will, inevitably, create a large number of potential matches. The disposition of these matches, the majority of which are false positives, is a time-consuming and expensive task. In this context, a risk-based approach to screening, using only the data required for a specific screening scenario, rather than all the data supplied in a commercial watchlist file, would reduce over-screening by “one-size-fits-all” screening and lower false positive volumes. However, many WLM tools do not have the functionality to segment and filter large watchlist files for increasingly specialised screening scenarios.

Summary

The combination of new regulatory obligations, evolving regulatory expectations, the constraints of incumbent technology and the imperative of achieving efficiencies presents a significant and sustained operational challenge that many contemporary WLM controls struggle to manage. While processes might be relatively effective, much WLM technology is inefficient, difficult to assure and has limited capacity for future needs.

Part Two of the guide to watchlist management discusses how institutions can implement innovative technologies for WLM that deliver greater compliance effectiveness and improved operational efficiency.

Latest blogs