An Accept List is a set of data composed of a certain type of information, such as names, addresses or IP addresses that an organization is exempting from its controls. In the case of financial crime compliance, this is generally exemption from watchlist screening. These lists are also called White List, False Hit Lists, and False Positives Lists.
They are used for several reasons, which include, but are not limited to:
- False positives: this is the worst, but also most common name for Accept List usage. Often a name is very similar to a watchlisted name, and occasionally it is even the same name. This becomes problematic if the name is of a customer whose transactions are being regularly stopped. A bank may then Accept List that name, so that when a watchlist system shows a match, it does not get stopped because and its automatically categorized as a false positive. While useful in reducing false positives, this method also carries risks as because should the actual watchlisted party engage in a transaction, their business would now be allowed through. Castellum.AI does not recommend using Accept Listing for this purpose, and instead recommends adjusting screening thresholds and criteria.
- Permitted Activity: sometimes an organization is legally permitted to engage in activity with a designee, and it therefore wants to stop rejecting the designees payments.
In all cases, Accept Lists must be reviewed on a very frequent basis to ensure that they correspond to regulatory and risk-driven changes. Improperly configured Accept Lists can lead to regulatory infractions and penalties, such as this fine from the US government: https://home.treasury.gov/system/files/126/20151021_bmo_harris.pdf
The bank added "Persian" to its Accept List system due to false positives for permitted activity, but did not review the Accept List after regulatory changes, leading to sanctions violations.