Individual PEP and Sanction Screening - Developers Documentation

## Overview AML/PEP and Sanction screening is crucial for regulated institutions to identify and manage risks associated with their customers. Automated screening improves operational efficiency by reducing manual labor and increasing accuracy. This service helps institutions comply with legal and regulatory requirements, avoiding hefty fines and legal issues. Our platform offers real-time access to many global PEP (Politically Exposed Persons) and Sanction lists, significantly increasing geographic coverage and improving the quality/reach of the screening. We have streamlined compliance processes by consolidating various critical lists, including global PEP lists, Government Sanction Lists, Anti-Terrorism Lists, CIA Lists, and bespoke geographic lists. The platform includes advanced monitoring features, ensuring continuous surveillance and updates. This comprehensive approach provides our clients with the most up-to-date and relevant information, aiding in making informed decisions and maintaining compliance with international regulations. ## Usage ### Use cases #### Onboarding a new user Regulated entities most often are required to perform a PEP/Sanction check before providing any financial services, for most, due to the nature of the business – this will happen immediately upon registration and verification of identity of the user. Non-regulated entities can also benefit from performing this check to avoid reputational damages and build trustworthy ecosystem of users, especially if they interact with each other. #### Event triggered check Most jurisdictions have a specific threshold that necessitates a check to be performed – 10.000 EUR. This threshold is often used to identify transactions that may require further scrutiny to prevent money laundering, terrorist financing, and other illicit activities. It’s important to note that financial institutions and businesses may also conduct these checks based on other risk factors, such as the nature of the transaction, the profile of the customer, or any unusual activity detected #### Monitoring Regulated financial institutions are required to keep KYC/AML data of their users up to date. For long-term customers or recurring customers, it is often best to set up monitoring. The system will monitor updates automatically and will send those across in case there has been changes to AML data of a user. This enables you to avoid provisioning services to no longer safe customer, as you always have the latest data available. All sources are screened constantly, and profiles created or updated promptly. The system will send updates daily, after 00:00 GMT. The processing time for new sanction releases varies depending on the number of names and the amount of information available for each profile; however, the expectation is that the update is completed within 72 hours. In most cases it is completed within 30 minutes to several hours of release of a new sanction list. ### Best practice To ensure that the results you receive are aligned with your risk appetite and regulatory requirements, there are program specific settings set up by ZignSec’s Support for each authentication key. These settings define the search and, if applicable, monitoring parameters for all sessions addressed to the respective authentication keys. To set up multiple mappings of these settings, ZignSec’s Support will issue a set of authentication keys (Prod and Test) for each preset separately. The list of parameters and default settings for the parameters are below: #### Default criteria - general rules: - close match algorithm is used, with the 80% threshold (it’s possible to configure threshold or switch to exact match, link to references [[Match algorithm]] ); - deceased persons are excluded from results (it’s possible to include); - no dob tolerance configured (it’s possible to configure to still return persons with date of birth +- 1-9 years, to handle potential discrepancies in the registries) - Data breach enabled (If Email is provided - will return results of known breaches and scope of data leaked) - country-based filters - match residence country (can be ignored). NOTE: it’s not always a residence country, it can be other country related to the person stored in the registry (for instance: person has a passport of the country, or has a business there), so the persons not linked to the given country are eliminated from the results; - no jurisdictions/countries ignored (it's possible to setup a list of PEP jurisdiction countries to exclude) - no country-based FATF jurisdiction risk rating information included into the response (it’s possible to include) If you have specific requirements, please review our risk-based recommendations: #### Low risk tolerance Suits operations of a well-developed company with powerful analytics, back office and trained personnel to perform further analytics in-house and maintain a reliable paper trail of performed KYC and comprehensive review. Matches at this level are typically consumed via API into analysis tools on the client’s side for their own decision-making algorithms and workflows. Configuration: - Default + - dob tolerance: 5 years - Country-based FATF risks: included #### Medium risk tolerance Retrieving only hits that have a significant probability of being true positive. Suits fully automated solutions that need a reliable result of the screening and automated filtering of false positives, with minimal interruptions and therefore delays for further processing & review. The system filters the matches based on DoB, country and Jurisdictions / Risk applicable to your business. Matches at this level are typically reviewed manually by our customers Configuration: - Default + - dob tolerance: 1 year (consider sending year of birth instead of exact dob) - Close match threshold 100% #### High risk tolerance Retrieving only hits that are highly likely to be true positive. Suits fully automated solutions that require a definitive and final result of the screening. This screening provides less false positives compared to the Medium recommendation at the cost of potentially missing some of the risk profiles. The core difference is lack of any fuzzy matching logic search through aliases enabled in Exact match type, and in combination with the rest of the filters, the matches returned with this preset are strictly necessary to be reviewed to be able to provide any financial service to the customer with such a hit. Oftentimes, matches at this level are considered significant to justify automatic denial of the service to the end-user by our customers. Configuration: - Default + - Exact match ### Watchlist – person/scan You can scan for PEP & Sanction, Law Enforcement, Regulatory Enforcement checks and Adverse Media search for an individual person. The more information you can provide for the person will enable more targeted matches and improve the results returned. You’ll get the best results providing: - 2-letter country code defining the person resident country, or the country linked to the person somehow (i.e. person has business in the country) - Person name - For international (English) names it’s recommended to send name parts, at least - First name - Last name - If you only have full name – send it as a - Full name - For non-latin characters the search will be done using full name, so please send as much as possible for this case - The date of birth - Ideally – send the exact dob (in ISO format, details are listed in the technical part of this document) - Or at least year of birth - The gender - It’s also possible to send provider-specific data in the request, please contact our support if you’re interested in this option ![[PersonScan.png]] ### Watchlist – person/monitoring Monitoring session is initiated same way as the person/scan ![[PersonMonitor.png]] Please follow recommendations from the previous section regarding the data to provide to get the best results (Country code + {name parts | full name} + date of birth [+ gender]). Ongoing monitoring is a convenient way to access and manage monitoring of individuals, review outcome of monitoring scans and perform risk assessment for due diligence. Detected changes in profiles which match monitored individuals will indicate the type of change (new matched profile, updated profile details of matches, or removed matches). Monitoring checks are performed daily, within the first few hours after 00:00 GMT. When changes detected you will be notified via [webhook](#_Webhooks) (please contact our support to setup webhook for your account). [Status of matches](#_Monitoring_update) indicate the type of change. ![[DailyUpdates.png]] A person added to the monitoring is subscribed to updates for one year. If a person is not removed from the monitoring the subscription automatically extends for another year and will be invoiced the first day of the new subscription period. The criteria for monitoring updates are determined based on the settings used during the subscription for monitoring referred above in the /person/scan section and will apply the same filtering logic to any new hits. Changes to known hits will be reported i.e. in case of updates to information and/or removal. The monitoring updates will also consider and return the Due Diligence status of the known hits to skip reviewing records that have already been reviewed previously. ### Due diligence Decision, risk, author and comment can be set for individual match and for the whole session. Any integer values can be used for the “decision” and “risk” except reserved values. You will get due diligence information in session response and webhooks. Due diligence status retains previous decisions made on matches and allows to speed up the process of review in the event of receiving monitoring updates. Session decision reserved values: 0 - **NotReviewed** session has not been reviewed 1 - **ReviewUpdates** session was updated and needs to be reviewed 2 - **Approved** session is approved, it’s safe to onboard the person 3 - **Declined** session is declined, it’s not safe to onboard the person Match decision reserved values 0 - **NotReviewed** match has not been reviewed 1 - **ReviewUpdates** match was updated and needs to be reviewed 2 - **Match** the current match confirmed, the match is the person under check 3 - **NoMatch** the current match classified as a wrong (not a) match 4 - **NotSure** not sure if the current match matches the person under check Risk reserved values 0 - **NotDefined** risk is not defined 1 - **Low** low risk, it’s safe to onboard the person 2 - **Medium** medium risk, the decision (whether to onboard the person or not depends on your policies) 3 - **High** high risk- it’s not recommended to onboard the person Session and match decision will be set to 1 (**ReviewUpdates**) when update received. ## Core Functionalities ### Environments We maintain environments you can use: - **Test (TEST) Environment**: `https://test-gateway.zignsec.com/api/v5/sessions/watchlist/ - **Production (PROD) Environment:** `https://gateway.zignsec.com/api/v5/sessions/watchlist/` ### Authentication Each request to our API should be authenticated by sending your subscription key in the “Authorization” header. Our support creates subscription keys for you (a pair for each environment), and it’s highly recommended to regularly rotate the keys (currently it’s done by sending a support request, but please let us know if you’d like to automate it). If you need different configurations, it’s possible to register multiple tenants and configure them differently. ### REST API #### Headers | Header | Description | Required | | ------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------- | | Authorization | This header parameter is the subscription key you received from ZignSec during the registration process. Example: Authorization: 123456add0cff22873c428e987654321 | Yes | | Content-Type | Specifies the media type of the request body data. Set to application/json if JSON object. | Yes | #### OpenAPI specification and documentation ##### Live documentation [https://gateway.zignsec.com/api/v5/openapi/watchlist/](https://gateway.zignsec.com/api/v5/openapi/watchlist/) ##### OpenAPI specification It’s recommended to use REST client code generation from the openapi specification: [https://gateway.zignsec.com/api/v5/openapi/watchlist/watchlist.json](https://gateway.zignsec.com/api/v5/openapi/watchlist/watchlist.json) ##### Recommended client code generation tools For .NET we recommend NSwagStudio ([https://github.com/RicoSuter/NSwag](https://github.com/RicoSuter/NSwag)), for other stacks – OpenAPI Generator ([https://github.com/OpenAPITools/openapi-generator](https://github.com/OpenAPITools/openapi-generator), [https://github.com/OpenAPITools/openapi-generator-cli](https://github.com/OpenAPITools/openapi-generator-cli)) ## Watchlist #### API Endpoints ##### Create session POST /api/v5/sessions/watchlist/person - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/Watchlist/Watchlist_CreateSession](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/Watchlist/Watchlist_CreateSession) ##### Get session details GET /api/v5/sessions/watchlist/person/{sessionId} - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/Watchlist/Watchlist_GetSessionById](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/Watchlist/Watchlist_GetSessionById) ##### Update session decision Allows to set decision and risk for the session. POST /api/v5/sessions/watchlist/person/{sessionId}/decisions - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/Watchlist/Watchlist_UpdateSessionDecision](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/Watchlist/Watchlist_UpdateSessionDecision) ##### Update match decision Allows to set decision and risk for the individual match. POST /api/v5/sessions/watchlist/person/{sessionId}/matches/{matchId}/decisions - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/Watchlist/Watchlist_UpdateMatchDecision](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/Watchlist/Watchlist_UpdateMatchDecision) ##### Webhooks Every time session state changed, we send a webhook (see our common Webhook documentation), with the structure described in the live documentation: [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/callbacks/Watchlist_Callbacks_SessionEvent](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/callbacks/Watchlist_Callbacks_SessionEvent) #### Session State ##### DTO Overview Session state is described by WatchlistSession data transfer object (dto). ![[Pasted image 20241105152127.png]] ##### Session Status ![[SessionStatus.png]] #### Session Result Watchlist session result describes - “matches” - List of matched persons - “webSearchResults” - List of adverse media results on the web using Google search engine - “dueDiligence” - Due diligence information Main information in person match - General information (firstName, middleName, lastName, age, gender, dateOfBirth) - Locations - List of locations for the person - Categories - Full descriptive categories of the person (see Ref A) - Nationalities - List of nationalities for the person - Images - List of URL links to the pictures of the person, if available - Roles - List of roles of the PEP profile - LinkedPersons- List of individuals associated with the person - LinkedCompanies - List of companies associated with the person ## Watchlist monitoring Allows to add person to ongoing monitoring. #### API Endpoints ##### Create session POST /api/v5/sessions/watchlist/person/monitoring - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_CreateSession](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_CreateSession) ##### Get session details GET /api/v5/sessions/watchlist/person/monitoring/{sessionId} - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_GetSessionById](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_GetSessionById) ##### Update session decision Allows to set decision and risk for the session. POST /api/v5/sessions/watchlist/person/monitoring/{sessionId}/decisions - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_UpdateSessionDecision](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_UpdateSessionDecision) ##### Update match decision Allows to set decision and risk for the individual match. POST /api/v5/sessions/watchlist/person/monitoring/{sessionId}/matches/{matchId}/decisions - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_UpdateMatchDecision](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_UpdateMatchDecision) ##### Monitoring events Returns a list of events that happened during monitoring GET /api/v5/sessions/watchlist/person/monitoring/{sessionId}/events - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_GetEvents](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_GetEvents) ##### Delete monitoring Removes person from monitoring DELETE /api/v5/sessions/watchlist/person/monitoring/{sessionId} - [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_Delete](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/WatchlistMonitoring/WatchlistMonitoring_Delete) ##### Webhooks Every time session state changed, and monitoring update received, we send a webhook (see our common Webhook documentation), with the structure described in the live documentation: [https://gateway.zignsec.com/api/v5/openapi/watchlist/#/callbacks/WatchlistMonitoring_Callbacks_SessionEvent](https://gateway.zignsec.com/api/v5/openapi/watchlist/#/callbacks/WatchlistMonitoring_Callbacks_SessionEvent) #### Session State ##### DTO Overview Session state is described by WatchlistMonitoringSession data transfer object (dto). ![[Pasted image 20241105152213.png]] ##### Session Status ![[Pasted image 20241105152224.png]] #### Session Result Watchlist session result describes - “matches” - List of matched persons - “webSearchResults” - List of adverse media results on the web using Google search engine - “dueDiligence” - Due diligence information (see Ref A) Main information in person match - General information (firstName, middleName, lastName, age, gender, dateOfBirth) - Locations - List of locations for the person - Categories - Full descriptive categories of the person (see Ref A) - Nationalities - List of nationalities for the person - Images - List of URL links to the pictures of the person, if available - Roles - List of roles of the PEP profile - LinkedPersons- List of individuals associated with the person - LinkedCompanies - List of companies associated with the person ##### Monitoring update During monitoring update PepPersonMatch dto will hold match update status Possible values are: - “NoChanges” - No changes - “New” - New match - “Updated” - Updated match - “Removed” - Removed match If status is “Updated” the “old” object will be set. It represents profile details before the update. ![[Pasted image 20241105152256.png]] ### Examples Please find examples in the ZignSec - Watchlist Examples postman collection (available on the docs site or our support can share it by request). [[VL11]](#_msocom_11) ## References ### Ref A – Categories Within the service, profile records in watchlists are categorised into the following main categories and subcategories. #### Politically Exposed Person (PEP) Tiers Individuals who hold prominent public positions and may be at a higher risk for corruption. PEPs may be further categorised into 3 different tiers depending on their level of risk exposure: | **Category** | **Description** | | ------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | PEP Tier 1 | Represents: - Head of state and their deputies - Head and members of government (national level in unitary states; sub-federal/state level in federations; supranational level European Commission, Europe Council) and their deputies - Heads and top commanders of the armed forces - armed forces joint command members, commanders of the main branches of the armed forces - Members of the legislature (national level in unitary states; sub-federal/state level in federations; supranational level European Parliament) - Heads and members of last-instance courts (supreme, constitutional, high, European Court of Justice, specialised courts) - Heads and members of central banks and court of auditors (national level in unitary states; sub-federal/state level in federations; supranational level European Court of Auditors) - Party leaders and executive council members (Parties represented in the national parliament of unitary states and in the federal and sub-federal parliaments in federations) | | PEP Tier 2 | Represents: - Senior diplomats (ambassadors, high-commissioners, charge d'affaires, permanent representatives) - Heads and board members of the executive bodies of international organisations established by treaty (the highest governing bodies of ARI list of organisations) - Members of the board of directors of SOEs, top executives (C-level) - Senior officials (e.g. high-ranking civil servants, director generals, directors, heads of units) of agencies and boards appointed by the head of state, the government (cabinet and ministries) and the parliament - Members of executive (e.g. governor, prefect) bodies at sub-national level in unitary states and below sub-federal level in federal jurisdictions - Members of legislative (e.g. aldermen, councillors) bodies at sub-national level in unitary states and below sub-federal level in federal jurisdictions - Mayor of capital city and large municipalities (megapolis) - Judges, justices, magistrates, prosecutors, attorneys in courts with jurisdiction at sub-national level in unitary states and below the sub-federal level in federations - Commanders of major national military units (battalions, brigades, flotillas, bases) | | PEP Tier 3 | Represents: - Middle ranking diplomats (minister-counsellors, councillors, 1st Secretaries and 2nd Secretaries) and low-ranking diplomats (attaché) - Mayor, council member and senior officials of medium to small municipality. | #### Relatives and Close Associates (RCA) Relatives or Close Associates refer to individuals who have a close relationship with a politically exposed person (PEP). This can include family members such as spouses, children, parents, siblings, as well as close friends, business associates, and other individuals who have a significant connection to the PEP. #### Profile of Interest (POI) Profile of Interest is a category designed to capture legacy data of PEPs who served on relevant PEP positions more than 12 months ago, as well as legacy data of profiles which no longer fits the new Reputational Risk Exposure methodology. #### Special Interest Persons (SIP) Special Interest Persons refer to individuals who have been identified as being involved in activities that may pose a higher risk for money laundering, terrorism financing or various financial related crimes. These are grouped into the following subcategories. Here is your content formatted as a table: | **Category** | **Description** | | --------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **Sanctions Lists** | Persons appearing on official financial sanctions lists who are involved, or suspected of being involved, in illegal activities. | | **Law Enforcement** | Persons appearing on an official law enforcement public domain site as either wanted, investigated, or arrested by an official law enforcement body or the police; or individuals or entities charged, prosecuted, convicted, and/or sentenced by a competent criminal court that constitutes a criminal act. | | **Regulatory Enforcement** | Persons listed on an official regulatory enforcement public domain site against whom official regulatory administrative action has been taken by a government or independent regulatory agency responsible for the supervision and oversight of specific administrative regulations or rules for breaches of said rules and regulations. | | **Bribery & Corruption** | Persons involved or alleged to have been involved in criminal activity relating to bribery and corruption, including being bribed, bribing another person (including facilitation payments), bribing a foreign public official, failure of a relevant commercial organization to prevent bribery, and corrupt practices. | | **Cyber Crime** | Persons involved or alleged to have been involved in criminal activity relating to cybercrime, including identity theft, scams, hacking, and credit card or payment fraud. | | **Disqualified Directors** | Individuals that have been disqualified from acting as company directors (for UK only). | | **End Use Control** | Incidents involving entities engaged in exporting dual-use or military technology, posing a risk of breaching non-proliferation rules. End users may be foreign entities utilizing exported items, not intermediaries but purchasers or financiers. | | **Environmental Crime** | Systematic, willful acts that harm the environment for personal gain, including resource exploitation, damage, or theft in violation of laws. This includes polluting air, soil, or water to gain profit or avoid costs, and trafficking endangered species, illegal logging, or dumping hazardous waste. Such crimes often adversely affect the environment and human life. | | **Financial Crime** | Persons involved or alleged to have been involved in criminal financial activities, including fraud, money laundering, tax offences, embezzlement, currency counterfeiting, high-value theft, insider trading, unexplained wealth orders, or failure to comply with financial regulations. | | **Fugitive** | Persons who flee jurisdiction or prison to avoid arrest, prosecution, imprisonment, or giving testimony in criminal proceedings. | | **Gambling** | Illegal gambling operations involving systematic, organized activities that may include illicit fund flows, potentially supporting organized crime or terrorism financing. Excludes unorganized or low-risk gambling activities. | | **Human Rights Violation** | Individuals or groups violating fundamental rights recognized by international agreements or national laws. This includes crimes against humanity such as genocide, apartheid, enslavement, and persecution. Such violations can exacerbate political instability and conflict. | | **Insolvency** | Individuals declared bankrupt or insolvent (for UK and Ireland only). | | **Interstate Commerce Violation** | Unlawful purchase, sale, or exchange of goods or services across state borders in violation of interstate laws, including extraterritorial legal breaches. | | **Labour Violation** | Violations of laws protecting employee rights, such as child labor laws, union rights, and collective bargaining. Excludes non-material labor claims and civil disputes. | | **Modern Slavery** | Individuals involved in human trafficking and exploitation, including labor and sex trafficking. | | **Narcotics Crime** | Individuals involved or suspected of being involved in narcotics-related crimes, such as drug production, trafficking, and distribution. | | **Organised Crime** | Individuals involved or suspected of involvement in organized crime, including arms trafficking, smuggling, or involvement in crime syndicates. | | **Pharma Trafficking** | Systematic trafficking of fake or illicit pharmaceuticals, excluding small-scale drug sales. Includes organized trade, distribution, or manufacture of counterfeit medical products. | | **Piracy** | Criminal acts such as violence or theft committed at sea by private vessels against others for personal gain, covered under universal jurisdiction. Includes maritime piracy in international waters. | | **Reputational Risk** | Individuals alleged to be involved in activities posing reputational risks. | | **Unauthorized Incident** | Actions by entities engaging in regulated activities without proper authorization or licensing. | | **War Crime** | Individuals indicted or charged with war crimes, including violations of the laws of war, atrocities against civilians, or the use of weapons of mass destruction. Examples include genocide, murder, and the unlawful destruction of property. | | **Other** | Offenses related to the above categories without evidence of official action by relevant authorities. | | **Custom Watchlist** | Individuals listed in an organization’s custom watchlist. |