Chapter 3: Defining Your Requirements
Screening System Necessities
In this chapter, you will identify your use case and define your requirements for a compliance screening system. Integration and workflows are central themes, focusing on how your screening system should be seamlessly incorporated into your internal system. Whether your primary objective is to conduct KYC onboarding, screen transactions, comply with international trade restrictions, vet suppliers and partners, ensure compliance with export controls or other concerns, use this outline to simplify the process:
1. Identify your use case
2. Determine how you will consume the data
3. Establish a workflow
4. Define how your screening system will integrate
Identifying Your Use Case
Here are some examples of common use cases to get you started.
KYC and KYB Screening
Crucial for organizations to mitigate risks associated with financial crimes. This process is integral in identifying potential threats related to money laundering and terrorist financing. This use case involves to related components:
KYC/KYB Onboarding Screening involves verifying the identity of your customers and assessing their suitability, along with the potential risks of illegal intentions toward the business relationship. The process is fundamental for mitigating financial crime risk, particularly in sectors susceptible to money laundering and terrorist financing.
KYC Rescreening is the ongoing process of periodically reassessing the risk levels of existing customers. It quickly identifies changes in a customer's risk profile or behavior.
You can explore our articles on KYC Onboarding Screening and KYC for Financial Services for more detailed insights.
In Chapter 2 we discussed the importance of comprehensive data coverage
Here’s an example to help identify specific data sets for your organization’s use case:
Shelf company data is crucial for organizations to identify and mitigate the risks associated with dormant companies that might be activated for illicit activities like money laundering, or tax evasion. Castellum.AI offers a unique database that includes these shelf companies, providing essential information to compliance teams, government organizations and investigators. This data set, not commonly found in other public databases, enables organizations to identify high-risk counterparties.
Transaction Screening
This involves screening any transaction your organization facilitates against sanctions lists and other financial crime risk data. Depending on the financial services your organization provides, this may include screening international wires, domestic transfers, card issuance or other transactions. For transaction screening, it’s important to include the senders, receivers and any intermediary parties involved in a transaction.
You can explore our article on Compliance in International Payments for more detailed insights.
Supply Chain Compliance
Screening vendors, suppliers and shipments involves screening against relevant watchlists and other financial crime risk data to ensure that your organization’s business partners are not subject to restrictions. Your screening system should enable you to quickly and accurately assess whether a vendor or supplier is linked to forced labor, subject to export controls, or linked by ownership to sanctioned individuals or entities.
For companies that process or facilitate international shipments, it’s also important to screen shipment senders, receivers, and other parties involved in a shipment to ensure your organization is not violating international sanctions or other government restrictions.
You can explore our article on Supply Chain Compliance for more detailed insights.
Investigations and Due Diligence
Conducting deeper investigations into risks associated with individuals, entities, vessels, or aircraft, subject to government restrictions like sanctions or export controls, involved in tax evasion or linked to risky corporate ownership networks. Your screening system should facilitate investigations by providing comprehensive search capabilities and enable users to identify whether a party is subject to watchlist-based restrictions or has risky relationships. This is crucial for clients conducting Enhanced Due Diligence on customers, M&A due diligence, vendor due diligence or investigations into flagged suspicious activities.
Crypto and Web3 Compliance
Real-time screening of customers and wallets to ensure crypto sanctions compliance. It includes identifying sanctioned crypto addresses, receiving automated alerts for new sanctions, and integrating this information into crypto wallet screening processes. These capabilities are essential for crypto and fintech compliance teams to monitor blockchain transaction screening, KYC onboarding and crypto wallet monitoring, ensuring safe and compliant digital asset transactions.
Lookbacks
Relevant for organizations that must validate past screening results or prepare for audits. Low false positives are critical to minimize the time and resources necessary to review these batch alerts. Lookbacks also frequently require a rapid turnaround for screening output reports containing detailed match scores and records for each data point screened.
Determining How You Access Your Compliance Data
Data Access: Determine how you will consume the data provided by the screening system. Will you require real-time alerts generated by an API integration, or do you need access to bulk data that can be independently integrated into an internal screening engine?
API Integrations involve connecting to a live data feed using an Application Programming Interface (API). It allows real-time data access, making it ideal for dynamic and time-sensitive operations. API integration is generally used for real-time screening during onboarding, rescreening and transaction screening where immediate updates and responses are critical.
Bulk Data Integrations involve importing large data sets simultaneously in a structured file format. It's not real-time but is used for comprehensive analysis or processing large volumes of data in batches. Bulk data integrations are suitable for organizations requiring an on-premise solution.
Establishing a Workflow
Design a workflow that clearly defines:
What information will you pass to your screening system;
How your screening system processes that data;
What data is generated from your screening system; and
How you integrate, review and close any alerts generated by your screening system.
Here’s an example of a workflow diagram from Castellum.AI
Integration into Your Systems
Your screening system should integrate seamlessly into your internal systems to streamline workflows and eliminate labor-intensive development. Your screening system vendor should be able to provide clear documentation on their data structure and ontology, simple API documentation and access to screening environments for your internal product and IT team to assess quickly.
Castellum.AI’s API enables users to access our entire risk database through a single API endpoint. We have public API documentation, integration instructions and a public API sandbox environment, enabling users to access our screening system immediately. The average time required to integrate our API and initiate screening is under one week.
Questions for your vendor:
How many API endpoints do we need to Integrate?
Where is your API documentation?
Do you have a public integration guide and knowledge base?
How do I access your API testing environment?
How long does it take to integrate your screening system?
This is a lot to remember, but we’ve got you covered. Download our screening system buyer’s checklist to keep track of it all when you’re assessing vendors.
