Skip to main content

3.5. List Management

Effective from 8/9/2021

Under Article 21.2 of Cabinet Decision 74, LFIs’ sanctions screening lists must include all names on lists issued by the UNSC and its relevant Committees (UN Consolidated List) or by the UAE Cabinet (Local Terrorist List). LFIs’ sanctions screening processes should also include searches for entities that are not themselves listed but that are owned or controlled mainly or fully by a listed person (also referred to as “shadow listed persons”). LFIs cannot conduct transactions with shadow listed persons and must freeze any funds or assets of a shadow listed person that they may hold as per Article 15 of Cabinet Decision 74. Although shadow designated persons, by their very nature, are not listed by government authorities, LFIs should develop internal lists of such persons based on their own due diligence and consideration of external sources, such as adverse media reporting. LFIs should include such a list, together with any other internal lists (such as lists of customers exited for financial crime concerns) in its sanctions screening systems and processes.

Given the dynamic nature of targeted financial sanctions, LFIs should establish and implement sanctions list management procedures that enable the institution’s sanctions screening program to adjust rapidly to changes published by sanctions authorities. The following considerations are relevant to effective list management, and each should be documented and reviewed on a regular basis, to ensure that the LFI’s chosen approach remains in line with its risk appetite and in compliance with applicable legal requirements:

 List selection: The LFI should determine which sanctions lists are relevant for screening. Lists must include, at a minimum, all names on the UN Consolidated List and the Local Terrorist List, but may also include other jurisdictional lists as well as internal lists of persons known to have a sanctions nexus, lists of geographic terms (such as cities, regions, and ports), banking terms (such as BICs), and lists of prohibited goods or prohibited securities, where applicable. Although lists issues by the UNSC or by the UAE Cabinet must be employed in the screening of all customers and transactions, as outlined above, other lists may be employed on a risk basis. For example, screening against lists of prohibited goods may be limited to the context of trade finance transactions, whereas such transactions likely would not need to be screened against sanctioned securities.
 
 Sourcing of lists: The LFI should determine which lists are to be generated internally and which lists are best sourced from external vendors, and the processes for generating and implementing such lists.
 
 List maintenance: The LFI should determine the processes for adding and removing lists or entries on internal lists, where screening is no longer required or where the result is within the institution’s risk appetite. The LFI should identify and implement appropriate controls to ensure that lists remain up to date and that only appropriate individuals can add or remove lists or list entries.
 
 Data enhancement: The LFI should determine whether certain list entries should be modified or enhanced based on additional information.
 
 Whitelisting: The LFI may consider establishing and maintaining a “white list” of customer names or other data elements that have already been flagged and cleared through thorough due diligence by the LFI as false positives. These “white lists” may be used to improve the process related to screening by leveraging the results of past due diligence and reducing the number of false positives. While the LFI should not overly rely on such a list, and must diligently and continuously screen customers and transactions in case they are implicated in the updated UN Consolidated List and Local Terrorist List, the use of such a “white list” may assist the LFI in expediting the dispositioning in case of repeated false positive matches. LFIs should have documented procedures to managing and periodically reviewing and updating those “white lists” to account for the possibility that persons on a whitelist may later become sanctioned persons. Where automated screening tools are employed, the LFI should determine the management of rules for automatically eliminating potential hits caused by the interaction of certain list terms and frequently encountered data. Where manual screening processes are employed, the LFI should establish a process for manually reviewing potential hits against the whitelist.
 
 Geographic scope of application: Where the LFI has operations in multiple jurisdictions, the LFI should determine which lists should be screened in all jurisdictions of an LFI’s operations and which, if any, could be screened only within a certain jurisdiction or several jurisdictions.
 
 Exact matching versus “fuzzy logic”: The LFI should determine which lists should be deployed within the screening filter on an exact match basis, and which should use fuzzy matching (i.e., an algorithm-based technique to match one name or other string of words where the content of the information being screened is not identical—but its spelling, pattern, or sound is a close match—to the contents on a list used for screening).
 
 Frequency of screening: The LFI should determine the frequency or the triggers for static data screening, so as to account for additions to lists and changes in customer data.
 

List management procedures should be documented and subject to periodic review to ensure that list management practices remain aligned to the LFI’s risk profile and risk appetite.