SlideShare una empresa de Scribd logo
1 de 16
Descargar para leer sin conexión
WHITE PAPER: COMPLIANCE




                                                                                                                                          WHITE PAPER /
                                                                                                                                          Sanction Lists – A Business Risk
                                                                                                                                          EU anti-terrorism regulation and sanction lists firmly in hand:
                                                                                                                                          options for the technical implementation of statutory provisions


                                                                                                                                          UNAVAILABLE OR UNSATISFACTORY PROCESSES FOR MATCHING CUSTOM-
                                                                                                                                          ER AND PROSPECT DATA AGAINST SANCTION LISTS - A FREQUENTLY UN-
                                                                                                                                          DERESTIMATED BUSINESS RISK ENTAILING THE PERSONAL LIABILITY OF THE
                                                                                                                                          MANAGEMENT

                                                                                                                                          The implementation of the statutory provisions of the EU anti-terror-
                                                                                                                                          ism regulation is still a widely discussed aspect in the context of
                                                                                                                                          data quality. This regulation prohibits financial services and assets
                                                                                                                                          from being made available to terrorist organizations at home and
                                                                                                                                          abroad.
                                                                                                                                          If the latest requirements of the EU anti-terrorism regulation are not
All company and product names and logos used in this document are trade names and/or registered trademarks of the respective companies.




                                                                                                                                          complied with, the consequences are predictable. For example,
                                                                                                                                          there is a danger that the entire assets of a company are frozen.
                                                                                                                                          There is even a danger of being included in one of the sanction
                                                                                                                                          lists if one of the individuals or organizations listed there is sup-
                                                                                                                                          plied. It should also be considered that there is no legal claim to be
                                                                                                                                          removed from the sanction list. Anyone who acts without a second
                                                                                                                                          thought here quickly puts the future of the entire company at risk and
                                                                                                                                          therefore also that of the employees.
                                                                                                                                          Organizations and individuals who fall foul of the EU anti-terrorism
                                                                                                                                          regulation are included in various sanction lists compiled by the
                                                                                                                                          European Union and institutions of the United States of America,
                                                                                                                                          amongst others.
                                                                                                                                          How can in-house customer master data be matched against the
                                                                                                                                          current sanction lists, in order to comply with the regulation? We
                                                                                                                                          present a practical approach which matches the current editions of
                                                                                                                                          sanction lists against the customer master data in batch or online
                                                                                                                                          processing, thereby providing you with certainty with regard to the
                                                                                                                                          EU anti-terrorism regulation.
                                                                                                                                          The statutory requirements and their effects will be outlined in the
                                                                                                                                          following. Furthermore, the relationship with the data quality in the
                                                                                                                                          conventional sense will be described. Finally, the options for practi-
                                                                                                                                          cal implementation will be considered. The implementation scenar-
                                                                                                                                          ios will be documented with examples and possible downstream
                                                                                                                                          processes will be presented.

                                                                                                                                                                                                                                  Page 1
WHITE PAPER: COMPLIANCE



Contents

               Statutory requirements                         PAGE 3


               EU sanction lists:                             PAGE 5
               Relationship with data quality

               Implementation of the matching                 PAGE 7


               Prerequisites for matching                     PAGE 9
               against sanction lists

               Requirements for the software                 PAGE 11


               Downstream processes                         PAGE 13


               Example of a complete matching operation     PAGE 14


               How to contact us                             PAGE 15


               List of references                            PAGE 15




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                   Page 2
WHITE PAPER: COMPLIANCE



Statutory requirements
The terrorist attacks of Al Qaida on the United           Here it states that the management and its author-
States of America were the catalyst for passing the       ized bodies and individuals must take reasonable
EU anti-terrorism regulation. The first UN resolution     organizational measures which ensure with suf-
was passed shortly afterwards.                            ficient probability that no offences are committed
A new aspect in these resolutions and regulations         wilfully or through negligence. The liability and
is the fact that particular organizations and individ-    obligation to notify the authorities is considered in
uals who are not always connected to individual           Article 70 of the German foreign trade regulations
states are included in the so-called sanction lists       (AWV). Reference is made here to the German
and not complete countries.                               foreign trade law (AWG), according to which the
                                                          responsible people in the company are personally
THE FOLLOWING LIST SHOWS THE MOST IMPORTANT               liable for consequences under criminal law. Such
RESPONSES TO THE TERRORIST ATTACKS OF THE 11TH            persons can only be exonerated by evidence of a
SEPTEMBER 2001:                                           functioning organization and compliance with the
                                                          requisite and appropriate supervisory measures.
–   28th September 2001: Adoption of UN reso-
    lution 1373 by the community of states                   PURSUANT TO ARTICLE 34 [ … ] THE PEN-
                                                             ALTY IS A TERM OF IMPRISONMENT NOT
–   27th December 2001: Regulation (EC) no.                  EXCEEDING THREE YEARS OR A FINE
    2580/2001 - implementation in the applica-
    ble Community Law
                                                          Finally, pursuant to Article 44 of the AWG, there is
–   27th May 2002: Regulation (EC) no.                    a general duty for anyone participating in foreign
    881/2002 - extension to specific individuals/         trade to furnish information (Puschke & Hohman,
    organizations                                         2008: 33). The executive body for examining the
                                                          duty to furnish information is the Federal Office for
–   In addition, the US legislator claims worldwide       Economic Affairs and Export Control (BAFA). It is
    validity of its export control regulations wher-      not definitively regulated which authority is respon-
    ever US goods are traded.                             sible for clarifying uncertainties about the identity
                                                          of a business partner. However, it is advisable to
The legislator has also even specified who is             make inquiries at the BAFA in such cases.
responsible for correct compliance with the above-        Apart from the BAFA, compliance with the EU anti-
mentioned resolutions and regulations.                    terrorism regulation is also checked by the German
The responsibilities for supervision on the part of the   customs authorities, the auditing service of the
company are regulated in Article 130 and Article 9        regional finance office as well as criminal prosecu-
of the German Administrative Offences Act (OWiG)          tion authorities (e. g. public prosecutor‘s offices).
and Article 14 of the German Penal Code (StGB).




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                 Page 3
WHITE PAPER: COMPLIANCE



CRIMINAL PROSECUTION
In this respect, the consequences of non-compli-       In addition to the above penalties, however, a
ance with the EU anti-terrorism regulation are well    levy on revenue (Article 73 of the StGb) and /
worth knowing. The standard penalties also extend      or a confiscation (Article 36, Section 3 of the
to German nationals located abroad. Puschke            AWG, Articles 74, 74d of the StGb) can also
& Hohmann (2008: 41 and following pages)               be expected.
explain the penalties in detail.
                                                           IN VIEW OF THE POSSIBLE PENALTIES
–   Pursuant to Article 43, Section 4 of the AWG,          AND THE CONSEQUENCES OF NON-
    the penalty is a term of imprisonment of six           COMPLIANCE WITH THE EU ANTI-TER-
    months to 5 years in the case of non-compli-           RORISM REGULATION, IT IS ADVISABLE TO
    ance with the EU anti-terrorism regulation. An         INTRODUCE SPECIFIC MEASURES WHICH
    attempt at circumvention is also liable to pros-       CONTRIBUTE TO LEGAL COMPLIANCE.
    ecution.
                                                       Other consequences are a revocation of approval
–   Pursuant to Article 43, Section 6 of the AWG,      by the responsible Customs and Excise Office, an
    the penalty is a term of imprisonment of not       increased risk evaluation in the national IT proce-
    less than 2 years if actions are carried out on    dure “DEBBI” (decentralised assessment of opera-
    a commercial basis and/or in connection with       tors), an increase in the amount of securities and/
    organized crime, the external security of the      or sureties, non-consideration for national public
    Federal Republic of Germany is threatened, the     contracts, a negative corporate image and more
    peaceful co-existence of the ethnic and cultural   frequent tax audits.
    communities is put at risk and/or the foreign      In view of the possible penalties and the conse-
    relations of the Federal Republic of Germany       quences of non-compliance with the EU anti-terror-
    are put at risk. An attempt at circumvention is    ism regulation, it is advisable to introduce specific
    also liable to prosecution in this case.           measures which contribute to legal compliance.

–   Pursuant to Article 34, Section 7 of the AWG,
    the penalty is a term of imprisonment not          All references to the current legal situation are taken from
    exceeding three years or a fine. The precise       Puschke & Hohmann (2008). The respective primary literature
    wording here is: “In cases where the offender      should be consulted for further information (see Chapter 6: List
    negligently commits such acts referred to in       of references).
    Sections 1, 2 or 4, he or she shall be lia-
    ble to a term of imprisonment not exceeding
    three years or a fine.” According to Puschke &
    Hohmann (2008: 42), this is the most relevant
    case in practice.




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                       Page 4
WHITE PAPER: COMPLIANCE



EU sanction lists:
Relationship with data quality
With regard to the practical implementation of the EU anti-terrorism regulation,
the issue of data quality should not be neglected. Four data quality and process
characteristics are relevant:

                                                       The following questions are raised in this respect:

                                                       –   How exactly does the (master) data enter the
                TRANSPARENCY                               database?


                                 FREEDOM FROM
                                                       –   What is the data source?
 UP-TO-DATENESS
                                     ERRORS
                                                       –   How is the matching against sanction lists
                                                           executed?
                   CREDIBILITY

                                                       –   Are logs generated for the matching operations
                                                           and how are they administered?

                                                       –   What is the process for updating the sanction
It should be considered that this always concerns          lists?
the quality of the in-house data and the in-house
processes. The quality and the creation process        –   How are matches dealt with?
of the respective sanction lists are not called into
question or discussed here.                            The relevant legislation already provides informa-
                                                       tion for some of these questions. However, the
TRANSPARENCY                                           question is always about whether the respective
Transparency is defined here as the knowledge          regulations are complied with.
and the traceability of all processes concerned
with data acquisition, matching against sanction       CREDIBILITY
lists, logging and downstream processes in the         Credibility is defined as the trustworthiness and reli-
case of matches.                                       ability of a particular data record. This definition
                                                       can be extended to the credibility of the processes
                                                       for matching the in-house (master) data against the
                                                       sanction lists.




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                               Page 5
WHITE PAPER: COMPLIANCE



  –   Can the data source be trusted?                       UP-TO-DATENESS
                                                            Information is up-to-date if it represents the actual
  –   Is the data source known?                             character of the described object in real-time.
                                                            Here too there are several questions about the
  –   Is the process for matching the data against the      matching against the sanction lists which should be
      sanction lists reliable?                              raised:

  –   Is the source of the sanction lists known and         –   Is the data quality of the in-house (master) data
      reliable?                                                 adequate for matching data against the sanc-
                                                                tion lists?
  –   Are the matching algorithms suitable?
                                                            –   Are the sanction lists up-to-date?
FINALLY, THE DATA QUALITY NOT ONLY
CONCERNS THE HIGH QUALITY OF THE
                                                            –   Is the technical implementation of the process
                                                                for matching data against the sanction lists up-
IN-HOUSE MASTER DATA BUT ALSO THE
                                                                to-date?
QUALITY OF THE PROCESSES
                                                            Finally, the data quality not only concerns the high
  FREEDOM FROM ERRORS                                       quality of the in-house master data but also the
  Information is error free if it corresponds to reality.   quality of the processes. This refers to processes
  With regard to the issue of freedom from errors,          which guarantee high quality of the in-house com-
  the following questions should be asked about the         pany data and processes which provide effective
  in-house data and the matching process:                   implementation of compliance with the EU anti-
                                                            terrorism regulation. It becomes quite clear here
  –   Is the master data error-free? (And is the data       that the quality of the company data plays a big
      quality monitored and optimized if necessary?)        role when it is matched against the sanction lists.
                                                            In this respect, it not only concerns the individual
  –   Has the process for (master) data acquisition         components of the address but also the name ele-
      been defined, so that suitable rules can be           ments. This fact is subsequently considered with a
      complied with?                                        few examples.

  In the case of these questions, it becomes evident        Since there is an obligation to provide verification
  that a certain quality of the master data is already      of compliance with the EU anti-terrorism regulation,
  assumed. If nothing is known about the data qual-         it is advisable to guarantee that documentary evi-
  ity or if no measures have been taken to guarantee        dence of matching is archived, so that the process
  a data quality which is high enough for reliable          characteristic “transparency” is provided.
  matching against the sanction lists, the matching
  result must be called into question.




  © UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                 Page 6
WHITE PAPER: COMPLIANCE



Implementation of the matching
Several challenges have to be overcome before matching of the company data
against the sanction lists can be successful.

These challenges relate to (a) the respective processes   Finally, a software solution is required which (a)
and (b) an appropriate technical solution for regular     reads in the various sanction lists without any
matching of the company data against the sanction         problems and (b) is characterized by high, accu-
lists which complies with the requirements of the EU      rate match recognition.
anti-terrorism regulations.
                                                             FINALLY, A SOFTWARE SOLUTION IS RE-
–   The permanent, routine validation of all the             QUIRED WHICH (A) READS IN THE VARI-
    addresses kept in a company against the sanc-            OUS SANCTION LISTS WITHOUT ANY
    tion lists should therefore be guaranteed.               PROBLEMS AND (B) IS CHARACTERIZED BY
                                                             HIGH, ACCURATE MATCH RECOGNITION.
–   Since company data normally concerns a larg-
    er volume of data, record-by-record matching
    is practically impossible. Solutions for batch        Further characteristics of this software solution: It
    processing are called for here.                       should be an intelligent expert system which uses
                                                          address-specific analyses (phonetics, fuzzy logic)
–   The various sanction lists have a heterogeneous       and country-based regulations. Individual param-
    structure. This means that the lack of stand-         etrability of the matching algorithms is also impor-
    ardization of the different files must be solved      tant, so that a high degree of flexibility is provided.
    technically. Ideally, the preparation of these
    sanction lists should be integrated in the actual
    calibration, so that the quality of the match-
    ing is not jeopardized by the heterogeneous
    structure of the sanction lists and their defective
    standardization.




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                   Page 7
WHITE PAPER: COMPLIANCE


USE SCENARIOS                                             INDIVIDUAL PROCESSING FOR EMPLOYEES IN THE
When considering a conventional customer envi-            CALL CENTER
ronment with typical processes, there are five            Whereas company data and external address lists
areas in which validation against the sanction lists      can be validated against sanction lists in batch proc-
appears to be appropriate:                                esses, the data is validated record-by-record in call
                                                          centers. Here, for example, the software validates
–   Initial clean-up and database cleansing of the        each new address to check whether it concerns a per-
    company data                                          son on the sanction lists. If there are grounds for suspi-
                                                          cion, the administrative employee receives a message
–   External lists (list rental/purchase)                 that the address cannot be entered in the system at this
                                                          point. The address is then made available for separate
–   Individual processing for employees in the call       processing. In the case of the electronic processing of
    center                                                single records, the suspect addresses of firm matches
                                                          against the sanction lists are marked fully automatically
–   Electronic processing of single records               and/or integration in the system prevented.

–   Batch processing for authorized employees             ELECTRONIC PROCESSING OF SINGLE RECORDS
                                                          Automatic matching, which is not actively perceived,
INITIAL CLEAN-UP AND DATABASE CLEANSING OF THE            is executed in thebackground during data accept-
COMPANY DATA                                              ance. Potential matches are marked in thisprocess, so
The goal of an initial clean-up and routine data-         that they can be processed by authorized personnel
base cleansing is the validation of all the persons,      at alater stage (see below). The advantage of this
organizations and addresses in the system against         application scenario isthat employees are not irritated
the latest version of the sanction lists. The result of   by possible warnings during customercontact and can
this validation is a „warning file“ which is further      continue to follow their respective processes.
processed manually or electronically. All the poten-
tial positive hits of the matching are shown in this      BATCH PROCESSING FOR AUTHORIZED EMPLOYEES
warning file. The data records must be reviewed           The batch processing of the suspicious cases can
in every case. It is recommended that database            be entrusted to specially qualified employees in the
cleansing is carried out regularly.                       company. Here the suspicious cases from the data-
                                                          base cleansing and the validation of external lists are
EXTERNAL LISTS (LIST RENTAL OR PURCHASE)                  loaded into the system and submitted to the employ-
If address data is acquired from external sources,        ees for their decision. A real-time tool is used for the
either by rental or purchase, these addresses must        actual decision; this carries out the same validations
also be validated against the sanction lists. Each        for the suspicious cases as for the batch processes
list should be checked before it is used. Suspicious      but displays them individually on the screen record-by-
cases should not be available for further process-        record. It is thereby guaranteed that the results of each
ing, irrespective of the downstream processes.            validation from the batch runs are manually validated
Examples of downstream processes include the              and ruled upon.
transfer of these addresses to the in-house system or
their use in advertising activities.




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                     Page 8
WHITE PAPER: COMPLIANCE



  Prerequisites for matching against
  sanction lists
  As already mentioned, a high quality of the com-        EXAMPLES OF ADDRESSES IN THE SANCTION LISTS
  pany data is one of the prerequisites for successful    A few examples from the sanction lists are shown
  matching against the sanction lists. Another pre-       in the following, in order to illustrate the particular
  requisite is naturally the availability of the actual   challenges for a software solution. All the examples
  sanction lists. There are two sources of supply for     are original entries from the HADDEX sanction lists.
  German address holders:
                                                          Example 1:
  –   A) Download of the EU sanction lists directly
      from the Internet (http://www.un.org/sc/             Name:
      committees/1267/consolist.shtml)                      Al-Shifa Honey Press For Industry And Commerce



  –   B) HADDEX sanction lists from the Federal            Address:
                                                            By the Shrine Next to the Gas Station
      Gazette (subject to a fee, include US lists in
      addition to the EU sanction lists)
                                                           Country/Place:
      (http://www.awr-portal.de)
                                                            QATAR/Doha

                                                           or
WHEN COMPARING THE THREE                                    YEMEN/Aden
EXAMPLES, IT BECOMES CLEAR WHY
                                                           or
NO COUNTRIES ARE STATED IN THE
SANCTION LISTS; THE MAIN FOCUS IS                           YEMEN/Sanaa

ON ORGANIZATIONS AND INDIVIDUALS                           or
WHO CAN OPERATE FROM DIFFERENT                              YEMEN/Taiz

COUNTRIES.


  The EU sanction lists must be considered in a
  matching process. US lists are optional.




  © UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                 Page 9
WHITE PAPER: COMPLIANCE



Example 2:                                                     Example 3:

 Name:                                                          Name:
  Abou El Baraa                                                  Fazul Abdullah Mohammed

 or                                                             or
  Aiadi Ben Muhammad                                             ABDALLA, Fazul

 or
                                                                Date of birth:
  Ayadi Chafik
                                                                 25.8.1972
 or
                                                                or
  Ben Muhammad
                                                                 5.12.1974
 or
  Ben Mohamed Ayadi Chafig                                      or
                                                                 25.2.1974

 Pass:                                                          Place of birth:
  E423362 deliv. in Islamabad on 15.5.88                         Moroni, Comoros
 or
                                                                Info:
  Bosnian pass 0841438 issued on 30.12.98 exp. on 30.12.03.
                                                                 Citizen of the Comoros or citizen of Kenya

 Nat.ID:
  1292931



 Addresses:
                                                              When comparing the three examples, it becomes
  London GB NW8 Park Road 129
                                                              clear why no countries are stated in the sanction
 or
                                                              lists; the main focus is on organizations and indi-
  Mouscron BE Chaussee De Lille 2830.12.03.
                                                              viduals who can operate from different countries.
 or
  München DE   80809 Helene Meyer Ring 10-1415




      © UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                              Page 10
WHITE PAPER: COMPLIANCE



  Requirements for the software
  The requirements for a suitable software can be        A further challenge is the procedure for missing
  deduced from the above examples. First of all, the     elements. In this respect, a complete address is
  software must be able to deal with „mixed stock“.      not stated in most cases. In many cases, there is
  In the context of company data, this is understood     only a place name, or only the name elements
  to be a mixture of individuals, organizations, com-    are known.
  panies and institutions.
                                                         The software must also be able to deal with single
FINALLY, AN OPTIMUM BALANCE BET-                         letters, abbreviations, acronyms and numbers (not
WEEN THE REQUIREMENTS OF THE EU                          for private individuals). The same applies to the
ANTI-TERRORISM REGULATION AND THE                        handling of synonyms, names of organizations in
OPTIONS FOR MANUAL REVIEW MUST BE                        various national languages and the processing of
FOUND.                                                   Unicode data.

                                                         For all these requirements, it must be guaranteed
  Special features of the fields of the sanction lists   that as many correct matches are obtained as pos-
  must also be considered. There are frequently a        sible. The recognition of phonetic differences and
  number of name elements which are difficult to         similarities must be ensured. Furthermore, there is a
  identify as first names or last names (in the case     high probability of recording errors, particularly in
  of private individuals). In addition, there are name   the case of foreign names. The software must also
  elements from little known cultural areas and lan-     be able to deal with such artefacts.
  guage families (Arabic or Asian names).
                                                         Finally, an optimum balance between the require-
  The handling of country-specific entries and           ments of the EU anti-terrorism regulation and the
  „embargo-typical“ entries such as Arabic first         options for manual review must be found.
  names, titles, name prefixes must also be pro-
  vided by the software solution.




  © UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                            Page 11
WHITE PAPER: COMPLIANCE



EXAMPLES OF MATCHING ALGORITHMS
Here are some more examples to illustrate the               Overhangs / Order
requirements for the software. As above, all the
examples are original entries from the HADDEX                 EL KHABIR, Abu Hafs el Masry

sanction lists.

 Acronyms
                                                              ABU HAFS

   Afghan Support Committee


                                                              Djamel Mustafa            Djamel Mustafa


   ASC Al Qaida au Maghreb islamique        AQMI


                                                              Mustafa                   Mustafa Djamel

 Synonyms

                                                            Numbers in name elements
   Grupo Salafista de Prédica e Combate


                                                              H7                        H7



   Salafist group for islamique Combat
   ASC Al Qaida au Maghreb Call and AQMI


                                                              Hadamie                   H97

 Single letters
                                                           BATCH VERSUS REAL-TIME PROCESSING
   Al Baraka Exchange L. L. C.
                                                           Depending on the type of processing, there are
                                                           various requirements for the batch software or a
                                                           real-time solution for record-by-record processing.
   L. C. Qaida au Maghreb islamique
   ASC Al Miller                                           High performance of the software and the simple
                                                           setting of individual parameters play a large role in
                                                           batch processing.
 Correspondence of individual elements                     Queries against the sanction lists must not become
                                                           a bottleneck (time, performance!) in record-by-
   Abu Bakr Al-Jaziri
                                                           record processing with a real-time solution. Load
                                                           distribution should be provided, e.g. via redundant
                                                           server processes, in the case of large numbers of
   Yasin Qaida au Maghreb islamique
   ASC Al Al-Qadi                                          addresses or a large number of individual queries
                                                           at the same time.




          = is equal to                = is not equal to


© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                   Page 12
WHITE PAPER: COMPLIANCE



Downstream processes
The processes following matching of the company             Example 1:
data against the sanction lists are just as important as
                                                             Al-Shifa Honey Press For Industry And Commerce
the matching process itself and compliance with the
data quality requirements.
If suspicious cases were found during matching, these
cases must be manually checked in every case. The           Correspond- Record_ID         Name
                                                            ence
software must provide appropriate lists and / or files
                                                            100        000370000965       Al-Shifa Honey Press For
with the data records for this purpose.                                                   Industry And Commerce
It also is important that the matching results are incor-
porated in the company data in such a way that the
matches are documented. Matches in the data should          Example 2:
therefore be marked. Furthermore, statutory data pursu-
                                                             osama bin ladin
ant to Article 70 of the AWG must be passed on to the
respective authorities.
Documentation of the validation runs is just as impor-
tant. Puschke & Hohmann (2008: 34) recommend                Correspond- Record_ID         Name
that appropriate documentary evidence of the valida-        ence

tion runs is stored for a period of three to four years.    90         000329001792       Osama bin Laden-Network
                                                            90         000329001793       Osama bin Laden-Organi-
EXAMPLES OF POSITIVE MATCHES                                                              sation

Three examples are provided to illustrate the possible      75         000833005781       Usáma bin Ládin
form of positive matches. The first data record comes       70         000329000906       Usama Bin Laden Network
from the sanction lists. The subsequent data records        70         000833005772       Bin Laden Usama
could be from the company data. The numbers under
„Correspondence“ represent the degree of similarity
and accuracy of the match. The range here is between        Example 3:
70 and 100. The record ID represents an individual
                                                             Vladimir Abramovich Kerler
number of the data record.



                                                            Correspond- Record_ID         Name
                                                            ence
                                                            81         002290004108       Kerler Vladamir Abramovich




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                  Page 13
WHITE PAPER: COMPLIANCE



Example of a complete
matching operation
The complete matching process therefore consists of the actual matching, the
generation of appropriate validation records, the generation of a list of the
suspicious cases, the marking of the suspicious cases and the non-suspicious
cases in the database, the manual checking of the suspicious cases and the
reporting of the individuals and organizations identified as suspicious to the
BAFA:

COMPLETE MATCHING OPERATION




   COMPANY DATA                                                                              COMPANY DATA
                                                                     GOOD GUYS



                       Matching against
                        Sanction lists


                                                         Suspicion




                                                                                                        No
                                                                     BAD GUYS



   SANCTION LISTS
                                                           Manual check of the        BAD
                                                            results evidence          GUY?


                                                                                       Yes



                       Validation evidence

                                                                                   Info to BAFA




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                Page 14
WHITE PAPER: COMPLIANCE



How to contact us
The Uniserv DQ Audit presents itself, in order to be able to make statements
about the status quo of the in-house data in the Compliance system.

Your first step towards implementation of the EU
anti-terrorism regulation is quite simple: Contact                 For further information
us! The link will take you directly to the contact                 please visit our web page
centre of Uniserv. We look forward to hearing                      www.uniserv.com or contact us directly:
from you and will be pleased to advise you and
help you in your project.



                                                                   We are looking forward for advising and sup-
                                                                   porting you through your project.




List of references

–   Puschke, M. (publisher) & Hohmann, H., 2008. Basiswissen Sanktionslisten. Hintergrund und Praxis der Integration von
    Sanktionslisten in Ihre Geschäftsprozesse. [Basic knowledge of sanction lists. The background and practice for the integra-
    tion of sanction lists in your business processes.] Bundesanzeiger Verlagsges. mbH, Cologne. 149pp.


–   http://bundesrecht.juris.de/owig_1968/__130.html


–   http://dejure.org/gesetze/StGB/14.html


–   http://www.gesetze-im-internet.de/awg/__34.html


–   http://www.zoll.de/e0_downloads/a1_vorschriften/a0_gesamtliste_gesetze/aussenwirtschaftsverordnung.pdf


–   Rohweder, J.P., Kasten, G., Malzahn, D,. Piro, A., Schmid, J. 2008. Informationsqualität - Definitionen, Dimensionen und
    Begriffe. In: Hildebrand, K., Gebauer, M. Hinrichs, H. Mielke, M. (Hrsg.) Daten- und Informationsqualität. Auf dem Weg
    zur Information Excellence. Vieweg & Teubner. S. 25-45.


Exclusion of liability: The contents of this White Paper were prepared with the greatest of care. However, we are unable to
guarantee that the contents are correct, complete or up-to-date.




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                              Page 15
WHITE PAPER: COMPLIANCE



Uniserv
Uniserv is the largest specialised supplier of data quality solutions in Europe
with an internationally usable software portfolio and services for the quality as-
surance of data in business intelligence, CRM applications, data warehousing,
eBusiness and direct and database marketing.

With several thousand installations worldwide, Uniserv
supports hundreds of customers in their endeavours to
map the Single View of Customer in their customer data-                                          DATA
base. Uniserv employs more than 110 people at its head-                                       MIGRATION
                                                                                               PROJECTS
quarters in Pforzheim and its subsidiary in Paris, France,                 E-COMMERCE
and serves a large number of prestigious customers in all
sectors of industry and commerce, such as ADAC, Al-               ERP

lianz, BMW, Commerzbank, DBV Winterthur, Deutsche
Bank, Deutsche Börse Group, France Telecom, Green-
                                                                                                          COMPLIANCE
peace, GEZ, Heineken, Johnson & Johnson, Nestlé,
                                                                 CRM
Payback, PSA Peugeot Citroën as well as Time Life and
Union Investment.



Further information is available                                                                 SOA


at www.uniserv.com                                              DIRECT
                                                               MARKETING                                    MDM/CDI


                                                                                              ON-PREMISE/
                                                                                              ON-DEMAND




                                                                             BI/BDW



                                                                                        CPM




Experience:                              Market position:                      Employees:
OVER 40 YEARS                            LARGEST                               MORE THAN 110 PEOPLE
                                         EUROPEAN SUPPLIER


UNISERV GmbH                                                                   Contact:
Rastatter Straße 13 • 75179 Pforzheim • Germany • T +49 7231 936-0 •           +49 7231 936-1000
F +49 7231 936-3002 • E info@uniserv.com • www.uniserv.com
© Copyright Uniserv • Pforzheim/Germany • All rights reserved.




© UNISERV GmbH / +49 7231 936-0 / All rights reserved.                                                          Page 16

Más contenido relacionado

Más de Uniserv

Data Quality Audit
Data Quality AuditData Quality Audit
Data Quality AuditUniserv
 
Data Quality and CRM
Data Quality and CRMData Quality and CRM
Data Quality and CRMUniserv
 
Qualité des données et CRM
Qualité des données et CRMQualité des données et CRM
Qualité des données et CRMUniserv
 
Data Quality et SOA
Data Quality et SOAData Quality et SOA
Data Quality et SOAUniserv
 
Data Quality meets SOA
Data Quality meets SOAData Quality meets SOA
Data Quality meets SOAUniserv
 
Data Quality und CRM
Data Quality und CRMData Quality und CRM
Data Quality und CRMUniserv
 
NEW VERSION: Data Quality und SOA
NEW VERSION: Data Quality und SOANEW VERSION: Data Quality und SOA
NEW VERSION: Data Quality und SOAUniserv
 
Anwenderbericht Volkswagen Financial Services
Anwenderbericht Volkswagen Financial ServicesAnwenderbericht Volkswagen Financial Services
Anwenderbericht Volkswagen Financial ServicesUniserv
 
SaaS – Risiko oder Chance für Softwareanbieter?
SaaS – Risiko oder Chance für Softwareanbieter?SaaS – Risiko oder Chance für Softwareanbieter?
SaaS – Risiko oder Chance für Softwareanbieter?Uniserv
 
Pour votre data quality: Osez le SaaS
Pour votre data quality: Osez le SaaSPour votre data quality: Osez le SaaS
Pour votre data quality: Osez le SaaSUniserv
 
pour votre CRM: osez la data quality!
pour votre CRM: osez la data quality!pour votre CRM: osez la data quality!
pour votre CRM: osez la data quality!Uniserv
 
SaaS – A risk or opportunity for software vendors?
SaaS – A risk or opportunity for software vendors?SaaS – A risk or opportunity for software vendors?
SaaS – A risk or opportunity for software vendors?Uniserv
 

Más de Uniserv (12)

Data Quality Audit
Data Quality AuditData Quality Audit
Data Quality Audit
 
Data Quality and CRM
Data Quality and CRMData Quality and CRM
Data Quality and CRM
 
Qualité des données et CRM
Qualité des données et CRMQualité des données et CRM
Qualité des données et CRM
 
Data Quality et SOA
Data Quality et SOAData Quality et SOA
Data Quality et SOA
 
Data Quality meets SOA
Data Quality meets SOAData Quality meets SOA
Data Quality meets SOA
 
Data Quality und CRM
Data Quality und CRMData Quality und CRM
Data Quality und CRM
 
NEW VERSION: Data Quality und SOA
NEW VERSION: Data Quality und SOANEW VERSION: Data Quality und SOA
NEW VERSION: Data Quality und SOA
 
Anwenderbericht Volkswagen Financial Services
Anwenderbericht Volkswagen Financial ServicesAnwenderbericht Volkswagen Financial Services
Anwenderbericht Volkswagen Financial Services
 
SaaS – Risiko oder Chance für Softwareanbieter?
SaaS – Risiko oder Chance für Softwareanbieter?SaaS – Risiko oder Chance für Softwareanbieter?
SaaS – Risiko oder Chance für Softwareanbieter?
 
Pour votre data quality: Osez le SaaS
Pour votre data quality: Osez le SaaSPour votre data quality: Osez le SaaS
Pour votre data quality: Osez le SaaS
 
pour votre CRM: osez la data quality!
pour votre CRM: osez la data quality!pour votre CRM: osez la data quality!
pour votre CRM: osez la data quality!
 
SaaS – A risk or opportunity for software vendors?
SaaS – A risk or opportunity for software vendors?SaaS – A risk or opportunity for software vendors?
SaaS – A risk or opportunity for software vendors?
 

Último

Unleashing the Power of Fandom: A Short Guide to Fan Business
Unleashing the Power of Fandom: A Short Guide to Fan BusinessUnleashing the Power of Fandom: A Short Guide to Fan Business
Unleashing the Power of Fandom: A Short Guide to Fan Businesstompeter3736
 
ICv2 Hobby Games White Paper 2024 - State of the Industry
ICv2 Hobby Games White Paper 2024 - State of the IndustryICv2 Hobby Games White Paper 2024 - State of the Industry
ICv2 Hobby Games White Paper 2024 - State of the IndustryDennisViau
 
Green Innovations: Wristbands Ireland's Eco-Friendly Products
Green Innovations: Wristbands Ireland's Eco-Friendly ProductsGreen Innovations: Wristbands Ireland's Eco-Friendly Products
Green Innovations: Wristbands Ireland's Eco-Friendly ProductsWristbands Ireland
 
L-1 VISA Business (Plan Sample) - Plan Writers
L-1 VISA Business (Plan Sample) - Plan WritersL-1 VISA Business (Plan Sample) - Plan Writers
L-1 VISA Business (Plan Sample) - Plan WritersPlan Writers
 
Shravan Kumaran and sanjay kumaran.pdf..
Shravan Kumaran and sanjay kumaran.pdf..Shravan Kumaran and sanjay kumaran.pdf..
Shravan Kumaran and sanjay kumaran.pdf..ranjithapriya2
 
NewBase 14 March 2024 Energy News issue - 1707 by Khaled Al Awadi_compress...
NewBase  14 March  2024  Energy News issue - 1707 by Khaled Al Awadi_compress...NewBase  14 March  2024  Energy News issue - 1707 by Khaled Al Awadi_compress...
NewBase 14 March 2024 Energy News issue - 1707 by Khaled Al Awadi_compress...Khaled Al Awadi
 
CXO 2.0 Conference (Event Information Deck | Dec'24-Mar'25)
CXO 2.0 Conference (Event Information Deck | Dec'24-Mar'25)CXO 2.0 Conference (Event Information Deck | Dec'24-Mar'25)
CXO 2.0 Conference (Event Information Deck | Dec'24-Mar'25)CXO 2.0 Conference
 
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdfCORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdfLouis Malaybalay
 
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAYLouis Malaybalay
 
HOW TO START EARNING WITH AFFILIATE MARKETING
HOW TO START EARNING WITH AFFILIATE MARKETINGHOW TO START EARNING WITH AFFILIATE MARKETING
HOW TO START EARNING WITH AFFILIATE MARKETINGNATHAN SPEAKS
 
Presented by Sabri international .......
Presented by Sabri international .......Presented by Sabri international .......
Presented by Sabri international .......SABRI INTERNATIONAL
 
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxStreamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxPaulBryant58
 
Meet Raj Shamani: A Trailblazing Entrepreneur
Meet Raj Shamani: A Trailblazing EntrepreneurMeet Raj Shamani: A Trailblazing Entrepreneur
Meet Raj Shamani: A Trailblazing Entrepreneurramya202104
 
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptBus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptendeworku
 
NVIDIA's overall business overview Presentation.pptx
NVIDIA's overall business overview Presentation.pptxNVIDIA's overall business overview Presentation.pptx
NVIDIA's overall business overview Presentation.pptxKrutik Rakade
 
Record of Module Forensic photography in
Record of Module Forensic photography inRecord of Module Forensic photography in
Record of Module Forensic photography inalexademileighpacal
 
14 march 2024-capital-markets-update eni.pdf
14 march 2024-capital-markets-update eni.pdf14 march 2024-capital-markets-update eni.pdf
14 march 2024-capital-markets-update eni.pdfEni
 
We are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionWe are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionRight Direction Aero
 
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...BilalAhmed717
 

Último (20)

Unleashing the Power of Fandom: A Short Guide to Fan Business
Unleashing the Power of Fandom: A Short Guide to Fan BusinessUnleashing the Power of Fandom: A Short Guide to Fan Business
Unleashing the Power of Fandom: A Short Guide to Fan Business
 
ICv2 Hobby Games White Paper 2024 - State of the Industry
ICv2 Hobby Games White Paper 2024 - State of the IndustryICv2 Hobby Games White Paper 2024 - State of the Industry
ICv2 Hobby Games White Paper 2024 - State of the Industry
 
Green Innovations: Wristbands Ireland's Eco-Friendly Products
Green Innovations: Wristbands Ireland's Eco-Friendly ProductsGreen Innovations: Wristbands Ireland's Eco-Friendly Products
Green Innovations: Wristbands Ireland's Eco-Friendly Products
 
L-1 VISA Business (Plan Sample) - Plan Writers
L-1 VISA Business (Plan Sample) - Plan WritersL-1 VISA Business (Plan Sample) - Plan Writers
L-1 VISA Business (Plan Sample) - Plan Writers
 
Shravan Kumaran and sanjay kumaran.pdf..
Shravan Kumaran and sanjay kumaran.pdf..Shravan Kumaran and sanjay kumaran.pdf..
Shravan Kumaran and sanjay kumaran.pdf..
 
NewBase 14 March 2024 Energy News issue - 1707 by Khaled Al Awadi_compress...
NewBase  14 March  2024  Energy News issue - 1707 by Khaled Al Awadi_compress...NewBase  14 March  2024  Energy News issue - 1707 by Khaled Al Awadi_compress...
NewBase 14 March 2024 Energy News issue - 1707 by Khaled Al Awadi_compress...
 
CXO 2.0 Conference (Event Information Deck | Dec'24-Mar'25)
CXO 2.0 Conference (Event Information Deck | Dec'24-Mar'25)CXO 2.0 Conference (Event Information Deck | Dec'24-Mar'25)
CXO 2.0 Conference (Event Information Deck | Dec'24-Mar'25)
 
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdfCORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
 
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
 
WAM Corporate Presentation Mar 12 2024.pdf
WAM Corporate Presentation Mar 12 2024.pdfWAM Corporate Presentation Mar 12 2024.pdf
WAM Corporate Presentation Mar 12 2024.pdf
 
HOW TO START EARNING WITH AFFILIATE MARKETING
HOW TO START EARNING WITH AFFILIATE MARKETINGHOW TO START EARNING WITH AFFILIATE MARKETING
HOW TO START EARNING WITH AFFILIATE MARKETING
 
Presented by Sabri international .......
Presented by Sabri international .......Presented by Sabri international .......
Presented by Sabri international .......
 
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxStreamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
 
Meet Raj Shamani: A Trailblazing Entrepreneur
Meet Raj Shamani: A Trailblazing EntrepreneurMeet Raj Shamani: A Trailblazing Entrepreneur
Meet Raj Shamani: A Trailblazing Entrepreneur
 
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptBus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
 
NVIDIA's overall business overview Presentation.pptx
NVIDIA's overall business overview Presentation.pptxNVIDIA's overall business overview Presentation.pptx
NVIDIA's overall business overview Presentation.pptx
 
Record of Module Forensic photography in
Record of Module Forensic photography inRecord of Module Forensic photography in
Record of Module Forensic photography in
 
14 march 2024-capital-markets-update eni.pdf
14 march 2024-capital-markets-update eni.pdf14 march 2024-capital-markets-update eni.pdf
14 march 2024-capital-markets-update eni.pdf
 
We are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionWe are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right Direction
 
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
 

Data Quality and Compliance

  • 1. WHITE PAPER: COMPLIANCE WHITE PAPER / Sanction Lists – A Business Risk EU anti-terrorism regulation and sanction lists firmly in hand: options for the technical implementation of statutory provisions UNAVAILABLE OR UNSATISFACTORY PROCESSES FOR MATCHING CUSTOM- ER AND PROSPECT DATA AGAINST SANCTION LISTS - A FREQUENTLY UN- DERESTIMATED BUSINESS RISK ENTAILING THE PERSONAL LIABILITY OF THE MANAGEMENT The implementation of the statutory provisions of the EU anti-terror- ism regulation is still a widely discussed aspect in the context of data quality. This regulation prohibits financial services and assets from being made available to terrorist organizations at home and abroad. If the latest requirements of the EU anti-terrorism regulation are not All company and product names and logos used in this document are trade names and/or registered trademarks of the respective companies. complied with, the consequences are predictable. For example, there is a danger that the entire assets of a company are frozen. There is even a danger of being included in one of the sanction lists if one of the individuals or organizations listed there is sup- plied. It should also be considered that there is no legal claim to be removed from the sanction list. Anyone who acts without a second thought here quickly puts the future of the entire company at risk and therefore also that of the employees. Organizations and individuals who fall foul of the EU anti-terrorism regulation are included in various sanction lists compiled by the European Union and institutions of the United States of America, amongst others. How can in-house customer master data be matched against the current sanction lists, in order to comply with the regulation? We present a practical approach which matches the current editions of sanction lists against the customer master data in batch or online processing, thereby providing you with certainty with regard to the EU anti-terrorism regulation. The statutory requirements and their effects will be outlined in the following. Furthermore, the relationship with the data quality in the conventional sense will be described. Finally, the options for practi- cal implementation will be considered. The implementation scenar- ios will be documented with examples and possible downstream processes will be presented. Page 1
  • 2. WHITE PAPER: COMPLIANCE Contents Statutory requirements PAGE 3 EU sanction lists: PAGE 5 Relationship with data quality Implementation of the matching PAGE 7 Prerequisites for matching PAGE 9 against sanction lists Requirements for the software PAGE 11 Downstream processes PAGE 13 Example of a complete matching operation PAGE 14 How to contact us PAGE 15 List of references PAGE 15 © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 2
  • 3. WHITE PAPER: COMPLIANCE Statutory requirements The terrorist attacks of Al Qaida on the United Here it states that the management and its author- States of America were the catalyst for passing the ized bodies and individuals must take reasonable EU anti-terrorism regulation. The first UN resolution organizational measures which ensure with suf- was passed shortly afterwards. ficient probability that no offences are committed A new aspect in these resolutions and regulations wilfully or through negligence. The liability and is the fact that particular organizations and individ- obligation to notify the authorities is considered in uals who are not always connected to individual Article 70 of the German foreign trade regulations states are included in the so-called sanction lists (AWV). Reference is made here to the German and not complete countries. foreign trade law (AWG), according to which the responsible people in the company are personally THE FOLLOWING LIST SHOWS THE MOST IMPORTANT liable for consequences under criminal law. Such RESPONSES TO THE TERRORIST ATTACKS OF THE 11TH persons can only be exonerated by evidence of a SEPTEMBER 2001: functioning organization and compliance with the requisite and appropriate supervisory measures. – 28th September 2001: Adoption of UN reso- lution 1373 by the community of states PURSUANT TO ARTICLE 34 [ … ] THE PEN- ALTY IS A TERM OF IMPRISONMENT NOT – 27th December 2001: Regulation (EC) no. EXCEEDING THREE YEARS OR A FINE 2580/2001 - implementation in the applica- ble Community Law Finally, pursuant to Article 44 of the AWG, there is – 27th May 2002: Regulation (EC) no. a general duty for anyone participating in foreign 881/2002 - extension to specific individuals/ trade to furnish information (Puschke & Hohman, organizations 2008: 33). The executive body for examining the duty to furnish information is the Federal Office for – In addition, the US legislator claims worldwide Economic Affairs and Export Control (BAFA). It is validity of its export control regulations wher- not definitively regulated which authority is respon- ever US goods are traded. sible for clarifying uncertainties about the identity of a business partner. However, it is advisable to The legislator has also even specified who is make inquiries at the BAFA in such cases. responsible for correct compliance with the above- Apart from the BAFA, compliance with the EU anti- mentioned resolutions and regulations. terrorism regulation is also checked by the German The responsibilities for supervision on the part of the customs authorities, the auditing service of the company are regulated in Article 130 and Article 9 regional finance office as well as criminal prosecu- of the German Administrative Offences Act (OWiG) tion authorities (e. g. public prosecutor‘s offices). and Article 14 of the German Penal Code (StGB). © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 3
  • 4. WHITE PAPER: COMPLIANCE CRIMINAL PROSECUTION In this respect, the consequences of non-compli- In addition to the above penalties, however, a ance with the EU anti-terrorism regulation are well levy on revenue (Article 73 of the StGb) and / worth knowing. The standard penalties also extend or a confiscation (Article 36, Section 3 of the to German nationals located abroad. Puschke AWG, Articles 74, 74d of the StGb) can also & Hohmann (2008: 41 and following pages) be expected. explain the penalties in detail. IN VIEW OF THE POSSIBLE PENALTIES – Pursuant to Article 43, Section 4 of the AWG, AND THE CONSEQUENCES OF NON- the penalty is a term of imprisonment of six COMPLIANCE WITH THE EU ANTI-TER- months to 5 years in the case of non-compli- RORISM REGULATION, IT IS ADVISABLE TO ance with the EU anti-terrorism regulation. An INTRODUCE SPECIFIC MEASURES WHICH attempt at circumvention is also liable to pros- CONTRIBUTE TO LEGAL COMPLIANCE. ecution. Other consequences are a revocation of approval – Pursuant to Article 43, Section 6 of the AWG, by the responsible Customs and Excise Office, an the penalty is a term of imprisonment of not increased risk evaluation in the national IT proce- less than 2 years if actions are carried out on dure “DEBBI” (decentralised assessment of opera- a commercial basis and/or in connection with tors), an increase in the amount of securities and/ organized crime, the external security of the or sureties, non-consideration for national public Federal Republic of Germany is threatened, the contracts, a negative corporate image and more peaceful co-existence of the ethnic and cultural frequent tax audits. communities is put at risk and/or the foreign In view of the possible penalties and the conse- relations of the Federal Republic of Germany quences of non-compliance with the EU anti-terror- are put at risk. An attempt at circumvention is ism regulation, it is advisable to introduce specific also liable to prosecution in this case. measures which contribute to legal compliance. – Pursuant to Article 34, Section 7 of the AWG, the penalty is a term of imprisonment not All references to the current legal situation are taken from exceeding three years or a fine. The precise Puschke & Hohmann (2008). The respective primary literature wording here is: “In cases where the offender should be consulted for further information (see Chapter 6: List negligently commits such acts referred to in of references). Sections 1, 2 or 4, he or she shall be lia- ble to a term of imprisonment not exceeding three years or a fine.” According to Puschke & Hohmann (2008: 42), this is the most relevant case in practice. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 4
  • 5. WHITE PAPER: COMPLIANCE EU sanction lists: Relationship with data quality With regard to the practical implementation of the EU anti-terrorism regulation, the issue of data quality should not be neglected. Four data quality and process characteristics are relevant: The following questions are raised in this respect: – How exactly does the (master) data enter the TRANSPARENCY database? FREEDOM FROM – What is the data source? UP-TO-DATENESS ERRORS – How is the matching against sanction lists executed? CREDIBILITY – Are logs generated for the matching operations and how are they administered? – What is the process for updating the sanction It should be considered that this always concerns lists? the quality of the in-house data and the in-house processes. The quality and the creation process – How are matches dealt with? of the respective sanction lists are not called into question or discussed here. The relevant legislation already provides informa- tion for some of these questions. However, the TRANSPARENCY question is always about whether the respective Transparency is defined here as the knowledge regulations are complied with. and the traceability of all processes concerned with data acquisition, matching against sanction CREDIBILITY lists, logging and downstream processes in the Credibility is defined as the trustworthiness and reli- case of matches. ability of a particular data record. This definition can be extended to the credibility of the processes for matching the in-house (master) data against the sanction lists. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 5
  • 6. WHITE PAPER: COMPLIANCE – Can the data source be trusted? UP-TO-DATENESS Information is up-to-date if it represents the actual – Is the data source known? character of the described object in real-time. Here too there are several questions about the – Is the process for matching the data against the matching against the sanction lists which should be sanction lists reliable? raised: – Is the source of the sanction lists known and – Is the data quality of the in-house (master) data reliable? adequate for matching data against the sanc- tion lists? – Are the matching algorithms suitable? – Are the sanction lists up-to-date? FINALLY, THE DATA QUALITY NOT ONLY CONCERNS THE HIGH QUALITY OF THE – Is the technical implementation of the process for matching data against the sanction lists up- IN-HOUSE MASTER DATA BUT ALSO THE to-date? QUALITY OF THE PROCESSES Finally, the data quality not only concerns the high FREEDOM FROM ERRORS quality of the in-house master data but also the Information is error free if it corresponds to reality. quality of the processes. This refers to processes With regard to the issue of freedom from errors, which guarantee high quality of the in-house com- the following questions should be asked about the pany data and processes which provide effective in-house data and the matching process: implementation of compliance with the EU anti- terrorism regulation. It becomes quite clear here – Is the master data error-free? (And is the data that the quality of the company data plays a big quality monitored and optimized if necessary?) role when it is matched against the sanction lists. In this respect, it not only concerns the individual – Has the process for (master) data acquisition components of the address but also the name ele- been defined, so that suitable rules can be ments. This fact is subsequently considered with a complied with? few examples. In the case of these questions, it becomes evident Since there is an obligation to provide verification that a certain quality of the master data is already of compliance with the EU anti-terrorism regulation, assumed. If nothing is known about the data qual- it is advisable to guarantee that documentary evi- ity or if no measures have been taken to guarantee dence of matching is archived, so that the process a data quality which is high enough for reliable characteristic “transparency” is provided. matching against the sanction lists, the matching result must be called into question. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 6
  • 7. WHITE PAPER: COMPLIANCE Implementation of the matching Several challenges have to be overcome before matching of the company data against the sanction lists can be successful. These challenges relate to (a) the respective processes Finally, a software solution is required which (a) and (b) an appropriate technical solution for regular reads in the various sanction lists without any matching of the company data against the sanction problems and (b) is characterized by high, accu- lists which complies with the requirements of the EU rate match recognition. anti-terrorism regulations. FINALLY, A SOFTWARE SOLUTION IS RE- – The permanent, routine validation of all the QUIRED WHICH (A) READS IN THE VARI- addresses kept in a company against the sanc- OUS SANCTION LISTS WITHOUT ANY tion lists should therefore be guaranteed. PROBLEMS AND (B) IS CHARACTERIZED BY HIGH, ACCURATE MATCH RECOGNITION. – Since company data normally concerns a larg- er volume of data, record-by-record matching is practically impossible. Solutions for batch Further characteristics of this software solution: It processing are called for here. should be an intelligent expert system which uses address-specific analyses (phonetics, fuzzy logic) – The various sanction lists have a heterogeneous and country-based regulations. Individual param- structure. This means that the lack of stand- etrability of the matching algorithms is also impor- ardization of the different files must be solved tant, so that a high degree of flexibility is provided. technically. Ideally, the preparation of these sanction lists should be integrated in the actual calibration, so that the quality of the match- ing is not jeopardized by the heterogeneous structure of the sanction lists and their defective standardization. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 7
  • 8. WHITE PAPER: COMPLIANCE USE SCENARIOS INDIVIDUAL PROCESSING FOR EMPLOYEES IN THE When considering a conventional customer envi- CALL CENTER ronment with typical processes, there are five Whereas company data and external address lists areas in which validation against the sanction lists can be validated against sanction lists in batch proc- appears to be appropriate: esses, the data is validated record-by-record in call centers. Here, for example, the software validates – Initial clean-up and database cleansing of the each new address to check whether it concerns a per- company data son on the sanction lists. If there are grounds for suspi- cion, the administrative employee receives a message – External lists (list rental/purchase) that the address cannot be entered in the system at this point. The address is then made available for separate – Individual processing for employees in the call processing. In the case of the electronic processing of center single records, the suspect addresses of firm matches against the sanction lists are marked fully automatically – Electronic processing of single records and/or integration in the system prevented. – Batch processing for authorized employees ELECTRONIC PROCESSING OF SINGLE RECORDS Automatic matching, which is not actively perceived, INITIAL CLEAN-UP AND DATABASE CLEANSING OF THE is executed in thebackground during data accept- COMPANY DATA ance. Potential matches are marked in thisprocess, so The goal of an initial clean-up and routine data- that they can be processed by authorized personnel base cleansing is the validation of all the persons, at alater stage (see below). The advantage of this organizations and addresses in the system against application scenario isthat employees are not irritated the latest version of the sanction lists. The result of by possible warnings during customercontact and can this validation is a „warning file“ which is further continue to follow their respective processes. processed manually or electronically. All the poten- tial positive hits of the matching are shown in this BATCH PROCESSING FOR AUTHORIZED EMPLOYEES warning file. The data records must be reviewed The batch processing of the suspicious cases can in every case. It is recommended that database be entrusted to specially qualified employees in the cleansing is carried out regularly. company. Here the suspicious cases from the data- base cleansing and the validation of external lists are EXTERNAL LISTS (LIST RENTAL OR PURCHASE) loaded into the system and submitted to the employ- If address data is acquired from external sources, ees for their decision. A real-time tool is used for the either by rental or purchase, these addresses must actual decision; this carries out the same validations also be validated against the sanction lists. Each for the suspicious cases as for the batch processes list should be checked before it is used. Suspicious but displays them individually on the screen record-by- cases should not be available for further process- record. It is thereby guaranteed that the results of each ing, irrespective of the downstream processes. validation from the batch runs are manually validated Examples of downstream processes include the and ruled upon. transfer of these addresses to the in-house system or their use in advertising activities. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 8
  • 9. WHITE PAPER: COMPLIANCE Prerequisites for matching against sanction lists As already mentioned, a high quality of the com- EXAMPLES OF ADDRESSES IN THE SANCTION LISTS pany data is one of the prerequisites for successful A few examples from the sanction lists are shown matching against the sanction lists. Another pre- in the following, in order to illustrate the particular requisite is naturally the availability of the actual challenges for a software solution. All the examples sanction lists. There are two sources of supply for are original entries from the HADDEX sanction lists. German address holders: Example 1: – A) Download of the EU sanction lists directly from the Internet (http://www.un.org/sc/ Name: committees/1267/consolist.shtml) Al-Shifa Honey Press For Industry And Commerce – B) HADDEX sanction lists from the Federal Address: By the Shrine Next to the Gas Station Gazette (subject to a fee, include US lists in addition to the EU sanction lists) Country/Place: (http://www.awr-portal.de) QATAR/Doha or WHEN COMPARING THE THREE YEMEN/Aden EXAMPLES, IT BECOMES CLEAR WHY or NO COUNTRIES ARE STATED IN THE SANCTION LISTS; THE MAIN FOCUS IS YEMEN/Sanaa ON ORGANIZATIONS AND INDIVIDUALS or WHO CAN OPERATE FROM DIFFERENT YEMEN/Taiz COUNTRIES. The EU sanction lists must be considered in a matching process. US lists are optional. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 9
  • 10. WHITE PAPER: COMPLIANCE Example 2: Example 3: Name: Name: Abou El Baraa Fazul Abdullah Mohammed or or Aiadi Ben Muhammad ABDALLA, Fazul or Date of birth: Ayadi Chafik 25.8.1972 or or Ben Muhammad 5.12.1974 or Ben Mohamed Ayadi Chafig or 25.2.1974 Pass: Place of birth: E423362 deliv. in Islamabad on 15.5.88 Moroni, Comoros or Info: Bosnian pass 0841438 issued on 30.12.98 exp. on 30.12.03. Citizen of the Comoros or citizen of Kenya Nat.ID: 1292931 Addresses: When comparing the three examples, it becomes London GB NW8 Park Road 129 clear why no countries are stated in the sanction or lists; the main focus is on organizations and indi- Mouscron BE Chaussee De Lille 2830.12.03. viduals who can operate from different countries. or München DE 80809 Helene Meyer Ring 10-1415 © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 10
  • 11. WHITE PAPER: COMPLIANCE Requirements for the software The requirements for a suitable software can be A further challenge is the procedure for missing deduced from the above examples. First of all, the elements. In this respect, a complete address is software must be able to deal with „mixed stock“. not stated in most cases. In many cases, there is In the context of company data, this is understood only a place name, or only the name elements to be a mixture of individuals, organizations, com- are known. panies and institutions. The software must also be able to deal with single FINALLY, AN OPTIMUM BALANCE BET- letters, abbreviations, acronyms and numbers (not WEEN THE REQUIREMENTS OF THE EU for private individuals). The same applies to the ANTI-TERRORISM REGULATION AND THE handling of synonyms, names of organizations in OPTIONS FOR MANUAL REVIEW MUST BE various national languages and the processing of FOUND. Unicode data. For all these requirements, it must be guaranteed Special features of the fields of the sanction lists that as many correct matches are obtained as pos- must also be considered. There are frequently a sible. The recognition of phonetic differences and number of name elements which are difficult to similarities must be ensured. Furthermore, there is a identify as first names or last names (in the case high probability of recording errors, particularly in of private individuals). In addition, there are name the case of foreign names. The software must also elements from little known cultural areas and lan- be able to deal with such artefacts. guage families (Arabic or Asian names). Finally, an optimum balance between the require- The handling of country-specific entries and ments of the EU anti-terrorism regulation and the „embargo-typical“ entries such as Arabic first options for manual review must be found. names, titles, name prefixes must also be pro- vided by the software solution. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 11
  • 12. WHITE PAPER: COMPLIANCE EXAMPLES OF MATCHING ALGORITHMS Here are some more examples to illustrate the Overhangs / Order requirements for the software. As above, all the examples are original entries from the HADDEX EL KHABIR, Abu Hafs el Masry sanction lists. Acronyms ABU HAFS Afghan Support Committee Djamel Mustafa Djamel Mustafa ASC Al Qaida au Maghreb islamique AQMI Mustafa Mustafa Djamel Synonyms Numbers in name elements Grupo Salafista de Prédica e Combate H7 H7 Salafist group for islamique Combat ASC Al Qaida au Maghreb Call and AQMI Hadamie H97 Single letters BATCH VERSUS REAL-TIME PROCESSING Al Baraka Exchange L. L. C. Depending on the type of processing, there are various requirements for the batch software or a real-time solution for record-by-record processing. L. C. Qaida au Maghreb islamique ASC Al Miller High performance of the software and the simple setting of individual parameters play a large role in batch processing. Correspondence of individual elements Queries against the sanction lists must not become a bottleneck (time, performance!) in record-by- Abu Bakr Al-Jaziri record processing with a real-time solution. Load distribution should be provided, e.g. via redundant server processes, in the case of large numbers of Yasin Qaida au Maghreb islamique ASC Al Al-Qadi addresses or a large number of individual queries at the same time. = is equal to = is not equal to © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 12
  • 13. WHITE PAPER: COMPLIANCE Downstream processes The processes following matching of the company Example 1: data against the sanction lists are just as important as Al-Shifa Honey Press For Industry And Commerce the matching process itself and compliance with the data quality requirements. If suspicious cases were found during matching, these cases must be manually checked in every case. The Correspond- Record_ID Name ence software must provide appropriate lists and / or files 100 000370000965 Al-Shifa Honey Press For with the data records for this purpose. Industry And Commerce It also is important that the matching results are incor- porated in the company data in such a way that the matches are documented. Matches in the data should Example 2: therefore be marked. Furthermore, statutory data pursu- osama bin ladin ant to Article 70 of the AWG must be passed on to the respective authorities. Documentation of the validation runs is just as impor- tant. Puschke & Hohmann (2008: 34) recommend Correspond- Record_ID Name that appropriate documentary evidence of the valida- ence tion runs is stored for a period of three to four years. 90 000329001792 Osama bin Laden-Network 90 000329001793 Osama bin Laden-Organi- EXAMPLES OF POSITIVE MATCHES sation Three examples are provided to illustrate the possible 75 000833005781 Usáma bin Ládin form of positive matches. The first data record comes 70 000329000906 Usama Bin Laden Network from the sanction lists. The subsequent data records 70 000833005772 Bin Laden Usama could be from the company data. The numbers under „Correspondence“ represent the degree of similarity and accuracy of the match. The range here is between Example 3: 70 and 100. The record ID represents an individual Vladimir Abramovich Kerler number of the data record. Correspond- Record_ID Name ence 81 002290004108 Kerler Vladamir Abramovich © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 13
  • 14. WHITE PAPER: COMPLIANCE Example of a complete matching operation The complete matching process therefore consists of the actual matching, the generation of appropriate validation records, the generation of a list of the suspicious cases, the marking of the suspicious cases and the non-suspicious cases in the database, the manual checking of the suspicious cases and the reporting of the individuals and organizations identified as suspicious to the BAFA: COMPLETE MATCHING OPERATION COMPANY DATA COMPANY DATA GOOD GUYS Matching against Sanction lists Suspicion No BAD GUYS SANCTION LISTS Manual check of the BAD results evidence GUY? Yes Validation evidence Info to BAFA © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 14
  • 15. WHITE PAPER: COMPLIANCE How to contact us The Uniserv DQ Audit presents itself, in order to be able to make statements about the status quo of the in-house data in the Compliance system. Your first step towards implementation of the EU anti-terrorism regulation is quite simple: Contact For further information us! The link will take you directly to the contact please visit our web page centre of Uniserv. We look forward to hearing www.uniserv.com or contact us directly: from you and will be pleased to advise you and help you in your project. We are looking forward for advising and sup- porting you through your project. List of references – Puschke, M. (publisher) & Hohmann, H., 2008. Basiswissen Sanktionslisten. Hintergrund und Praxis der Integration von Sanktionslisten in Ihre Geschäftsprozesse. [Basic knowledge of sanction lists. The background and practice for the integra- tion of sanction lists in your business processes.] Bundesanzeiger Verlagsges. mbH, Cologne. 149pp. – http://bundesrecht.juris.de/owig_1968/__130.html – http://dejure.org/gesetze/StGB/14.html – http://www.gesetze-im-internet.de/awg/__34.html – http://www.zoll.de/e0_downloads/a1_vorschriften/a0_gesamtliste_gesetze/aussenwirtschaftsverordnung.pdf – Rohweder, J.P., Kasten, G., Malzahn, D,. Piro, A., Schmid, J. 2008. Informationsqualität - Definitionen, Dimensionen und Begriffe. In: Hildebrand, K., Gebauer, M. Hinrichs, H. Mielke, M. (Hrsg.) Daten- und Informationsqualität. Auf dem Weg zur Information Excellence. Vieweg & Teubner. S. 25-45. Exclusion of liability: The contents of this White Paper were prepared with the greatest of care. However, we are unable to guarantee that the contents are correct, complete or up-to-date. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 15
  • 16. WHITE PAPER: COMPLIANCE Uniserv Uniserv is the largest specialised supplier of data quality solutions in Europe with an internationally usable software portfolio and services for the quality as- surance of data in business intelligence, CRM applications, data warehousing, eBusiness and direct and database marketing. With several thousand installations worldwide, Uniserv supports hundreds of customers in their endeavours to map the Single View of Customer in their customer data- DATA base. Uniserv employs more than 110 people at its head- MIGRATION PROJECTS quarters in Pforzheim and its subsidiary in Paris, France, E-COMMERCE and serves a large number of prestigious customers in all sectors of industry and commerce, such as ADAC, Al- ERP lianz, BMW, Commerzbank, DBV Winterthur, Deutsche Bank, Deutsche Börse Group, France Telecom, Green- COMPLIANCE peace, GEZ, Heineken, Johnson & Johnson, Nestlé, CRM Payback, PSA Peugeot Citroën as well as Time Life and Union Investment. Further information is available SOA at www.uniserv.com DIRECT MARKETING MDM/CDI ON-PREMISE/ ON-DEMAND BI/BDW CPM Experience: Market position: Employees: OVER 40 YEARS LARGEST MORE THAN 110 PEOPLE EUROPEAN SUPPLIER UNISERV GmbH Contact: Rastatter Straße 13 • 75179 Pforzheim • Germany • T +49 7231 936-0 • +49 7231 936-1000 F +49 7231 936-3002 • E info@uniserv.com • www.uniserv.com © Copyright Uniserv • Pforzheim/Germany • All rights reserved. © UNISERV GmbH / +49 7231 936-0 / All rights reserved. Page 16