Screening vs. Investigation: Where is the Human in the Loop?
by Lauralee Dhabhar, on Mar 28, 2023 8:48:56 AM
Risk-based screening and investigation are essential elements for security and compliance processes across a wide range of industries. Whether you are an analyst in a financial institution, a non-profit, or a federal agency, you are most likely implementing a process to assess potential threats from entities both upon initiation and throughout the lifecycle of a relationship or agreement. While organizations may have different methodologies for screening and investigation, where and how technologies such as GOST are implemented remains consistent.
Screening encompasses the initial process of reviewing large amounts of data to identify any suspicious or unusual patterns or behaviors. Traditionally, this involves checking an individual’s information against a variety of databases, including sanction lists, politically exposed persons (PEP) lists, and internal watchlists. However, as criminal behaviors evolve and advanced technology opens the doors to unstructured data, AI tools are becoming a screening standard. This is where GOST shines with the ability to screen 1M+ entities a day across the open and deep web as well as any traditional list inclusions.
While these checks used to be time-consuming and labor-intensive requiring hundreds of man-hours, one analyst can manage tens of thousands of cases in a matter of an hour. The availability of unstructured data coupled with AI-driven risk scoring allows analysts to filter out only the most high-risk cases for investigation.
Investigation involves examining flagged materials to determine if the risk indicated is current and applicable to your organization. This activity is usually carried out by trained investigators who use a range of techniques that can be as simple as confirming the validity of your screening system’s scoring or as complex as in-depth evidence gathering. Investigation is generally a manual process as it requires a judgment call to be made. While technology can automate cumbersome tasks like shorting through millions of data points or filing Suspicious Activity Reports (SARs), contextualized decision-making remains a human function.
The key to a strong risk and compliance program is not decision-making technology. It is technology-assisted decision-making. Whether you operate an AML program at a bank or manage third-party risk for a corporation, investigation should always have a human in the loop.