🔎Russia Sanction Screening Penetration Test Guide🔍
👊💥Ensure your Screening Filter Packs a Punch💥👊

Many of us feel helpless watching the #UkraineCrisis unfold.
🔥🔥!!But, we can make a difference!! We can make sure these sanctions stick it to them. 🔥🔥

And, we can do that by making sure that the names added by the U.S. Department of the Treasury #OFAC and their variations, are stopped in our screening filters!!

📝#HOW #TO #USE #THE #GUIDE: Below is a Screening Penetration Test guide aimed at assessing your filter’s day-to-day effectiveness. The guide was created using one name from the OFAC list. The entity’s names/AKAs contain PAO and/or PJSC, and was selected as they tend to lead to high non-detection rates (entity’s with non-western prefix and suffix corporate identifiers tend to yield high non-detection during testing of most systems). 🤓 The same test should be run for all sanctioned names/aliases containing the long or short form of: OAO OOO, ZAO, IP, and GP as well as any non-western, new, or non- traditional Corp identifier as most name variations with these typically lead to non-detection. 🤓

🚩#NON#DETECTION #REMEDIATION: For those test scenarios not generating a match, contact your screening vendor to augment screening detection. If your vendor is unable to anything in the short term, add the missed name variations to your in-house screening list as a stop gap.  

💡 #REMEMBER #FILTERS #ARENT #HUMAN: Screening filters are not intuitive, they don’t “see” what you and I “see”. They typically read from left to right, and assume that every known name-variation has been included on your screening lists. Since we know filters aren’t intuitive and that OFAC lists are not exhaustive of all realistic name combinations…things go un-detected.

– Like and Follow Crystal Noe, M.S.
– Like and Follow Noe Compliance
– Also, follow NoeCompliance on TikTok
📢 More screening guides and videos are on their way!!

📌 #DISCLAIMER: These test scenarios don’t focus on typos, but simply re-arranging the words in manners consistent with what I have seen in real life as the root cause of non-detection. For rigorous testing, the test should be run again at least 3 more times to include typos in the name variations: 1) type in first letter of a name, 2) typo in the middle of a name, 3) typo as the last letter of the name, 4.) followed by any combos of those.

#Russia#Ukraine#Cybersecurity#MoneyLaundering#Sanctions#War#Belarus,  #cyberattcks #NLP #Crypto #UkraineCrisis 

More about how this post came to be: While reviewing names on the OFAC list, I am reminded of the many non-detection scenarios I have seen in my career that are caused by Corporate Prefixes/Suffixes such as PJSC, PAO, and PUBLICHNOE AKTSIONERNOY OBSHCHESTVO.  Because screening filters typically read from left to right, they are not intuitive enough to know that PJSC ROSTELEKOM is the same as ROSTELEKOM PJSC. Most would not generate that match. 

Now there are some cases, where an institution or the vendor themselves has created logic for the system to ignore PJSC altogether from the screening text and the list name, and can therefore create these matches. But, honestly that is most often not the case. 

To ensure that your system will detect these like names, test these scenarios. For those scenarios not generating a match, you should ask your screening vendor how to create detection for these variations.  If they are unable to do anything in the short term, add the names to a manual list.   


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>