By Richard Smokorowski, Senior Implementation Consultant, Global Trade Intelligence, Descartes Systems Group
A growing number of businesses are exploring and adopting automated denied party screening solutions that manage the complexities involved with regulatory and trade compliance.
The benefits derived from this transformation, such as reduced cost and streamlined processes, more than advocates for its necessity.
In this article, we will discuss integration best practices to help you better understand the requirements, potential challenges, and major pitfalls to avoid as well as the ways to plan for a successful implementation project for your automated denied party screening solution.
Key Takeaways
- The risk of enforcement actions for violating sanctions and international trade regulations is very high, with potentially large fines and costly reputational damage.
- The complex and constantly changing regulatory environment means that complying via manual methods is a laborious, error-prone, and inconsistent process that exposes the business to risk of non-compliance.
- For practical and legal reasons, organizations need to boost their compliance efficiency with the capabilities that automated integrated denied party screening software offers.
- Successfully integrating an automated screening solution is easily achievable with 5 key best practices including strategic planning, business alignment, and cross-functional collaboration.
- With expert support from industry leading vendors like Descartes, the barrier to implementing automated denied party screening is low and the benefits are high.
So, when does it make sense to automate denied party screening? The answer is always. No matter how large or small your business is, automating denied party screening eliminates gaps in your sanctions compliance processes. It takes manual work out of compliance activities like searching for restricted or denied parties, boosts the performance of your due diligence efforts, and improves the productivity and experience of your compliance officers.
While the risk of operating without a robust tech-driven denied party screening program is extreme in today’s complex regulatory landscape, many organizations face challenges in successfully executing an automation and integration project. Most of these challenges are the result of poorly defined requirements, unprepared teams, constrained resources, inadequate understanding of their compliance obligations, and unclear remediation workflow. Additionally, a badly executed automation project can leave organizations struggling to manage ongoing compliance risks in an efficient and cost-effective manner. Before we look into the building blocks of what makes an integration project a success, let us go over some basics.
- What is Integrated Denied Party Screening and Why Do You Need it?
- Best Practices and Benefits
- Plan: Conduct In-Depth Analysis and Define the Future Denied Party Screening Process
- Coordinate and Collaborate: Bridge Any Gaps Between the Technical and Business Team
- Focus on Business Outcomes: Identify the Full Spectrum of Processes You Need to Integrate With
- Consult Experts: Match the Right Denied Party Screening Vendor to Your Needs
- Manage Talent: Embrace the Need to Upskill for Ongoing Success
- Descartes Denied Party Screening Integrates with All Major Business Systems
What is Integrated Denied Party Screening and Why Do You Need it?
Integrated denied party screening is a solution that leverages the power of automation and integration to enable organizations to perform screening and other compliance activities directly within the business systems they use to execute their day-to-day tasks such as customer onboarding, sales, order processing etc. With integrated compliance solutions, the denied party screening software can be embedded into off-the-shelf ERP (such as SAP, Oracle, and NetSuite) and CRM systems (like Salesforce) as well as homegrown / inhouse systems.
Figure 1: Common Types of Business Systems that Integrate with Denied Party Screening Software
Becoming more and more popular every single year, businesses are investing the time and the money to do the integration work up front to save their compliance teams from having to do all of the extra work manually screening names one by one when they could have the capability of screening automatically from whatever business system they might be working with.
Compliance procedures that are not automated and directly integrated into CRM, sales platform, orders and invoicing systems, or anything that facilitates business interaction with 3rd parties is a risk exposure and violation waiting to happen. With automated integrated screening, you have a comprehensive screening program in place to catch any ‘bad actors’ that may try to slip into your business network, because your due diligence is happening quickly and seamlessly on a day-to-day basis. You do not have to rely on someone remembering to perform screening, and you do not require huge manpower to manually screen, the integrated solution takes care of all of that. This helps to optimize workflow and speed up processes while maintaining compliance with regulations.
To adopt this new set of compliance capabilities, organizations and industry-leading vendors employ several approaches that ensure proper integration of their business applications and denied party screening software. Among these, the top 5 best practices include extensive planning, coordination and collaboration with multi-functional teams, aligning the design of the screening solution with key business goals, engaging the right vendor partner to deploy robust solutions while also upskilling their internal compliance teams.
Let’s explore each best practice and their benefits in detail.
Best Practices and Benefits
1. Plan
Conduct In-Depth Analysis and Define the Future Denied Party Screening Process
Be well prepared for what you want the outcome of a successful integrated denied party screening solution to be. This begins with documenting your organizational requirements from an operational, regulatory, and risk tolerance perspective. The detailed document should highlight all elements that must be established, managed, and working in harmony for automated denied party screening to be integrated successfully within the business and deliver on the desired outcomes.
To start with, you need to predetermine on your end before speaking to a vendor such details as your maturity level for integrated denied party screening in order to avoid overspending or underutilizing a solution. Do you have the right use case for it? A common need for making the crossover from manual to automated is when the data volume to be screened proves challenging to process quickly.
People often ask, when exactly should I make the crossover from manual screening to automated screening? There is not one single number, but looking at the effectiveness and efficiency of your compliance program should guide that decision.
A plan to automate your denied party screening processes should always be in your long-term goals. However, for companies with lower screening volume who don’t necessarily have a budget, technical infrastructure, or skills to automate, a manual solution may work as long as the employees follow the workflow correctly. On a small scale, perhaps screening only 10 entities per month, companies can muscle through it manually with a small team. But as operations scale from ten screenings to 40 or more, that manual approach breaks down. Human error becomes a consistent factor and productivity begins to take a hit, especially over the long run when the chances of human error increases because of the monotonous and tedious nature of the work .
Another detail to consider in the planning phase is whether you have the right infrastructure to integrate with. Is everything paper based or do you have a CRM/ERP platform. The right technical infrastructure can help lower the overall cost of integrated denied party screening and speed up the entire project. For instance, with Descartes integrated denied party screening, if an organization has implemented a CRM platform like Salesforce, we have an out-of-the-box solution such that the organization does not even need a technical team to install and it can take as little as a day to complete an automated integration with our software. So even if your screening volume is low, this is a cost-effective way to start screening automatically via Salesforce.
Finally, your plan must have answers to questions such as who will be involved in screening? What needs to be screened? When should screening happen? Who will review the results? What should be done when name matches are generated? Are things put on hold or blocked?
A lot of these internal discussions need to happen before a purchase is made, else it slows down the integration because an automated denied party screening solution cannot be completed without having these decisions on the front end.
2. Coordinate and Collaborate
Bridge Any Gaps Between the Technical and Business Team
In our experience, one of the biggest hurdles to a successful compliance software integration project is not having the technical team and the compliance team working together – that is a recipe for disaster. We have seen this play out in two ways:
- When the technical team puts together integration without the compliance team, the IT team may focus excessively on the technology without consideration for how the solution should work from a risk and compliance perspective. While a focus on mission and speed are essential, this disconnect often results in a failure to implement key internal controls and strong workflows.
- On the other hand, we also find that projects stall because the compliance / legal / business team have gone ahead to purchase the solution and then hand it over to the IT group without pre-notification with the risk of technical complexities being overlooked. Often times also their IT group is either short-staffed or too busy or lacking the right resources to take on the integration project right away.
Having the coordination between the business / purchasing team and the IT team will ensure that the integrated denied party screening project does not slow down, and that the desired solution does not fall short of what the business needs it to be. All parameters need to be set and agreed upon by both the business unit and the technical team. Additionally, given that compliance risks exist across many organizational functions, companies with an enterprise-wide approach to compliance where there are multiple groups involved such as legal, compliance, procurement, marketing etc., there needs to be clear leadership, and decision making so that the different ideas of how things are going to work can be made without hindering progress.
Figure 2: Multiple Business Units are Responsible for Complying with Sanctions
3. Focus on Business Outcomes
Identify the Full Spectrum of Processes You Need to Integrate With
A strong trade and regulatory compliance program should cover operational, tactical, and strategic activities so as to deliver the protection that businesses need today while supporting growth objectives. The integrated solution should be designed with emphasis on enabling business priorities and enhancing compliance.
Your integrated denied party screening solution must have the capability to cater to a wide range of scenarios and business systems which your organization relies upon to carry out various tasks. Risks run across every part of a business, so an enterprise-wide approach identifies risks not just at the business unit level, or the process level, but at the specific activity level. For example, in the sales process, screening for denied parties while prospecting prevents the organization from engaging ‘bad actors’ even at that early stage.
To deliver this level of protection, the organization will need to integrate denied party screening with any internal systems it uses to drive the sales process such as Salesforce or other CRM platforms. It is a critical step to examine all business processes for exposure in order to capture the internal and external sanctions compliance risks that are unique to your organization.
At Descartes, we are seeing more and more companies integrating into multiple systems because they want to make sure that any gaps in their compliance program are closed. There have been scenarios where customers have Microsoft Dynamics as their ERP in one part of the world, while they use SAP in a different region to screen orders and shipments at a transaction level, and then Salesforce in yet another region. We have bridged and integrated these platforms into one unified solution with a single interface.
Other business applications that Descartes denied party screening frequently integrates with include NetSuite, Oracle, HR software like Workday, and PeopleSoft. Clients have also integrated denied party screening into their own internal proprietary systems, so it doesn’t have to be an off the shelf system, it can be something that you have created or developed internally in your own environment. As long as the platform can programmatically make web service calls, we don’t have any issues integrating with them.
Tip: When integrating into a system, it is vital to be cognizant of the quality of data to be captured within the system because it is a significant factor that affects the accuracy and relevancy of your denied party screening results. For instance, if you’re integrating with an internal application like PeopleSoft or Salesforce, you have direct control over your data quality because your employees are responsible for creating these accounts and contacts. Whereas with systems like ecommerce platforms, the data entry is being done by customers who sometimes will use nicknames and provide incomplete data. With these sorts of challenges, implementing some type of controls to help data quality is essential.
4. Consult Experts
Match the Right Denied Party Screening Vendor to Your Needs
Your denied party screening software vendor should be able to provide a platform-agnostic solution that easily integrates into your technology ecosystem whether it is based on off-the-shelf or homegrown systems.
Companies are sometimes worried or apprehensive about taking on integration projects because of concerns about the level of effort and resources required. While it is true that some integration projects can be huge endeavors that are labor-intensive and potentially disrupt existing systems, in the context of integrating denied party screening, this should not be the case.
Figure 3: High Level Overview of How Integrated Screening Works
Now, we lay out some of the common concerns and explain how a best-in-class solution address these.
- How long should an integration project take? A client once anticipated that it would take 500 hours of coding to integrate with denied party screening software–this should be nowhere near an acceptable timeline. Their estimate was understandably based on previous experience with another vendor but integrating with our screening software is much more simplified. While each project is different and giving a single timeline is nearly impossible, in ballpark generalities from our experience it can take as little as 1 business day with simple integrations like sanction screening in Salesforce. For more complex systems, a best-in-class vendor should require about 30 to 40 hours of actual configurations. After which there is a testing schedule, determined by the customer (typically one or two weeks) and then the solution is turned on.
- How can I determine the level of IT resources needed? The vendor you choose should provide detailed configuration guides with a clear roadmap of what the technical solution looks like, how it works, what the responses are etc. At Descartes, our configuration guide is able to demonstrate the simplicity of our integration which involves plugging in a web service call when the client determines an alert should be triggered. Our web service isn’t dependent on anything and does not affect other areas of the business where other vendor software might.
- What complications should I be wary of? Validate how well your business applications integrate with the solution by leveraging different use cases to test for weaknesses. Often, large enterprises operate with different rules and regulations around their own business systems which can limit the effectiveness of automated workflows. For example, we have seen a few cases where the internal team does not have access to their ERP to control the flow of data or create custom fields, so if they get a red alert from screening, they don’t have the capability to put a block or hold on the activity. They have to get the 3rd party ERP vendor involved. This can complicate how issues are identified and resolved.
The support of an experienced and knowledgeable vendor cannot be over emphasized. Ensure that your vendor is able to implement and integrate the automated solution based on the defined business requirements. We have had clients who never performed denied party screenings and were approaching it for the first time. In this scenario, they were able to rely on our experience and leverage our expertise to guide their integration project. From the implementation team to the customer support team, we provide them with best practices of what has worked for numerous organizations similar to theirs.
5. Manage Talent
Embrace the Need to Upskill for Ongoing Success
With automated compliance solutions, business processes are now reshaped to perform with new capabilities. This in turn requires that the compliance team and everyone involved in working with the integrated denied party screening platform is equipped with the right skillsets to use the tools. This is a vital best practice to ensure the new solution is successful beyond the implementation stage and pays off early on the investment.
Providing frequent and relevant training to your compliance team can be achieved by developing easy to access knowledge centers, planning periodic webinars, and selecting a vendor partner that provides additional resources and free education as part of their service offering.
Descartes Denied Party Screening Integrates with All Major Business Systems
Descartes is a provider of an industry-leading suite of denied party screening, 3rd party risk management solutions, as well as trade content for leading business systems, that can be integrated with minimal disruption, sometimes in under an hour.
With best-in-class features and a human-centric approach to automation, our simple and straightforward integration solutions enable organizations to quickly connect denied party screening capabilities to their business applications across the enterprise to improve compliance processes, accelerate decision-making, and drive business growth globally.
Descartes Visual Compliance and Descartes MK Denied Party Screening solutions are flexible and modular, allowing organizations to pick the specific and exact functionality and content they need for their particular compliance needs and scale up later as and when necessary.
Find out what our customers are saying about Descartes Denied Party Screening on G2 – an online third-party business software review platform. Additionally, you can read this essential buyer’s guide to denied party screening to help you select a solution that fits your needs.
We Answer Your Questions About Denied Party Screening
- How Much Does A Denied Party Screening Solution Cost?
- Top Red Flags to Look Out for When Selecting a Denied Party Screening Software Vendor
- How to Identify a Best-In-Class Denied Party Screening Software
- How to Manage False Positives in Denied Party Screening
- How to Effectively Compare Denied Party Screening Software Vendors
- What do Organizations in my Industry Need to be Mindful of When it Comes to Denied Party Screening and Export Compliance?
- Unforced Errors in the World of Export and International Trade Compliance Violations That You Need to Know About
- 12 Steps to Optimize Your Denied Party Screening Program
- ROI of Compliance: How Denied Party Screening Drives Value Creation for the Organization
- Top Five Best Practices to Integrated Denied Party Screening