AML Customer Screening – Integration & Onboarding Guide

This guide will help you quickly set up and optimize our solution, ensuring you can leverage its full potential to streamline your compliance workflows, reduce false positives, and confidently meet regulatory requirements.

Why SEON?

SEON's AML (Anti-Money Laundering) Compliance solution offers a unified platform combining fraud and AML data, providing comprehensive risk management across the customer journey. Our solution enables risk teams to:

• Make faster, smarter decisions with real-time insights from thousands of data sources, eliminating fraud before KYC and AML checks
• Stay ahead of evolving regulations with flexible rules and risk thresholds tailored to your specific business needs
• Save time and reduce errors with automated, AI-powered reporting

Part 1: Integration

1. Integration methods & API access

To begin integrating SEON's AML solution into your system, you can access the Knowledge Base and API documentation. Here, you will find detailed instructions on API configurations and general setup processes.

SEON offers several integration options for using AML customer screening within its ecosystem, which can support different use cases:

• Fraud API: For the ultimate compliance experience, the Fraud API allows you to integrate fraud prevention and AML operations into a single, unified API. Process all relevant data in one touchpoint, enabling compliance checks and fraud detection within one solution.
• Standalone AML API: Designed for clients who prefer to conduct AML customer screening checks and regular monitoring through a dedicated channel, independent of other operations.
• Entity API: Best suited for sanction and watchlist checks specific to entities, providing focused functionality for these purposes.
• Manual Lookup: For those quick, one-off checks, the Manual Lookup feature in SEON lets you search individuals or businesses instantly without integration. Perfect for ad-hoc verifications.
• Batch Upload: Handle high volumes of customer or entity screenings effortlessly. With Batch Upload, you can process bulk AML checks via a simple CSV file—no coding required.

2. Configuring the API for AML Screening and monitoring

To properly configure SEON’s APIs and ensure your screening and monitoring is aligned with your business needs:

• Set the config object to true if you need to screen specific individuals against AML data sources.
• Schedule monitoring checks (e.g., daily, weekly, or triggered by changes in sanction lists) based on your risk tolerance and compliance requirements.
• See the API Reference for code examples and payload structure guidelines.

3. Using Fuzzy Search for Name Variations

Fuzzy Search allows you to refine searches in SEON, through Settings page or API configuration or manual lookups.

When sending data via API, you can enable or disable fuzzy search using the fuzzy_enabled parameter. Additionally, you can fine-tune fuzzy search settings based on your needs. Learn more.

Pro Tip: Set up your fuzzy matching configuration at the account level via Settings » AML » Fuzzy Search.

When sending the API request, use fuzzy_enabled: 'true' with an empty config object. This allows you to manage the fuzzy search settings directly in the UI.

Advantages:

• You can update the fuzzy configuration without changing any code.
• Changes apply immediately, even for ongoing monitoring.

Note: Note: If you update the fuzzy settings later, you may see an increase in case reopenings during monitoring due to the new matching criteria.

4. Selecting AML Data Sources

SEON provides access to a wide range of global data sources. To optimize your screening:

• Go to Settings » AML » Sources
• Enable relevant sources based on your business needs:
  • Sanctions - OFAC, EU, UN, and others
  • Crime lists - Criminal Watchlists & Law Enforcement Databases
  • PEP lists - Politically Exposed Persons (PEP) and Relatives and Close Associates (RCA) Lists
  • Watchlists - Global Financial Crime Watchlists
  • Adverse media - Negative News Screening

Note: Pro tip: Use SEON's unique digital footprinting and device intelligence signals to gain insights beyond traditional AML sources. By identifying fraudsters early –during onboarding and before KYC or AML checks –you can significantly reduce compliance costs and improve overall efficiency. 

Part 2: Onboarding

1. Setting Up Your Team

Roles and Responsibilities

To maximize the effectiveness of SEON's solution, consider the following key roles:

1. AML Analysts: Investigate alerts and cases
2. Compliance Officer / AML Manager / Risk Manager: Oversees the entire AML program and configures and optimizes rules and risk thresholds
3. MLRO / AMLCO / Regulatory Reporting Specialist: Manages regulatory filings
   Setting Up Team Roles & Permissions

Log in to your SEON dashboard

• Navigate to Settings » Organization » Roles
• Select Create New
• Add a new Role and set Role permissions

2. Configuring Notifications

• Navigate to Settings » Personal » Notifications
• Set up real-time alerts for critical events (e.g., high-risk customers, suspicious transactions)
• Each team member can configure email notifications based on their roles

3. Creating Investigation Checklists for Alerts and Cases

The checklist function helps compliance professionals and investigators ensure thorough and consistent reviews of suspicious activities, transactions, and customer behavior that may indicate potential money laundering, terrorist financing or other financial crimes.

The checklist ensures that all critical aspects of an investigation are addressed, reducing the risk of oversight and aiding compliance with regulatory requirements.

• Navigate to Settings » Systems » Case management » Checklist
• Select Create new to customize checklists to align with your organization's specific needs

4. Setting Up Workflows

In SEON's system, there are three different escalation levels: Alerts, Cases and Reports. Each level offers different workflow configuration options.

Alert Level: At the alert level, you can assign specific analysts to designated alert triggers, enabling the automatic creation of queues for different risk categories.

Additionally, you can attach an investigation checklist to the alert, outlining the workflow for managing it. The checklist can be set as mandatory or optional for the analyst, ensuring consistent process adherence while maintaining a flexible workflow.

To configure new alert triggers:

• Go to Alerts » Alert Triggers » New trigger » Automatically Assign To
• Add a checklist and/or mark it as mandatory

Case Level: Once an alert has been escalated to a case, you can create custom statuses (or escalation levels) for your AML case management workflow with predefined assignees for each status.

To configure:

• Go to Settings » Case Management » General 
• Select Edit or Add Status
• Available settings options:
  • Add an assignee to the status.
  • Set the possible escalation options of the status.

Report Level: When cases require regulatory reporting, SEON simplifies the process by integrating reporting tools directly into the workflow.

SEON offers a  solution for direct reporting to FinCEN. To use this feature, you need to authenticate the connection with your FinCEN credentials.

• Go to the Settings » System » Case management » Filing information tab.
• Enter your user ID and password provided by FinCEN.
• Click Save settings.

5. Manual Lookups 

In addition to automated checks, you can manually search names:

• Navigate to the Manual Lookup page and click on the AML tab.
• Enter the individual’s name to perform a detailed search and review the hits, relevancy scores, and other key details such as aliases and updates on sanction lists.
• Or use the batch tester.

AML Tab 

The AML Tab allows users to view a log of all screenings performed within the system. It provides detailed records of screened names or entities, along with their status and any potential matches against compliance lists.

Screening List Details

The AML list includes the following information for each screening:

• Name or Entity – The individual or company that has been screened.
• Hit or No Hit – Indicates whether a match was found against compliance lists.
• Sanctions – Checks if the name appears on any sanctions lists.
• Crime List – Identifies potential matches related to criminal activities.
• PEP (Politically Exposed Persons) – Screens for individuals in politically influential positions.
• Watchlist – Cross-references global and local watchlists.
• Adverse Media – Flags negative mentions in media sources.
• Local AML – Checks against regional AML compliance databases.
• Last Update – Displays the most recent update of the screening record.
• Status – Shows whether the entity is flagged, cleared, or under review.
• Monitoring – Indicates if ongoing monitoring is enabled or disabled.

Detailed Screening Review

• Click on a name or entity in the log to view a detailed match report.
• Review match details to determine whether it is a positive match or a false positive.
• Based on findings, you can take action or update the status of the screening result.

Exporting Reports

Screening logs and details can be exported as a PDF for record-keeping and compliance documentation.

Setting Up Rules and Alerts for AML Screening and Transaction Monitoring

Custom Rules

You can create your own custom rules using a no-code rules builder.  

• Go to Scoring Engine » Custom Rules 
• Select the New Rule icon at the top right of the dashboard

Here are examples of how customizing rules can enhance your risk management and compliance workflows.

Tailor thresholds to your business needs. For example:

• Flag high-value transactions exceeding $25,000 to prevent potential money laundering activities (Rule: Payment Limit Outbound)
• Detect structuring by flagging more than 20 incoming transactions just below $10,000 within a 30-day period (Rule: Structuring - Inbound). Monitor dormant accounts by flagging the first transaction after 12 months of inactivity, helping to catch suspicious account behavior early (Rule: Dormant Account).

Set up complex multi-part rules for more nuanced risk detection, such as:

• Identify suspicious patterns, such as high-value outgoing transactions following a large number of inbound deposits (Rule: High Value Outgoing Transaction Following High Number of Inbound Deposits).
• Catch potential fraud by flagging a high sum of cash deposits by a cash withdrawal (Rule: High Sum of Cash Deposits Followed By Cash Withdrawal)

Enhance customer behavior monitoring:

• Flag transactions that exceed a customer's declared limit or identify behavior such as consistently high account balances or limit-seeking activity, helping you detect unusual patterns and prevent fraud. Rules include: Transaction Value Exceeds Customer Declared Limit, High Account Balance, Limit Seeking Behavior

Customize rules by product type: Create rules specific to different product lines (e.g., loan products, insurance, or securities). This enables you to fine-tune risk assessments based on the nature of the product and its associated risks.

Industry-specific and regional rules: Customize rules to align with industry regulations (e.g., securities accounts) and adapt them to local requirements for specific regions, ensuring compliance without compromising operational efficiency.

Personalize for different customer types: Create separate rule sets for high-risk and low-risk customers, enabling a more accurate risk assessment and reducing false positives.

Note: Pro tip: Easily adjust default rules by selecting the rule and clicking the copy icon to create a customized version. This allows you to quickly configure rules that align with your specific business requirements.

Setting up Alerts

Alert settings are configured in a similar way to rules, using the same logic. However, there are a few key differences between Rules and Alerts that are important to understand:

Rules:

1. Transaction Data Changes:
   1. Rules directly impact transaction data by changing its status (e.g., approve, decline or review).
   2. This allows users to take immediate action based on the result of an executed rule.
   3. Additionally, rules provide detailed feedback, showing which specific rule was applied to the transaction.
2. Case Management:
   1. The results of rules do not appear in the case management system. Instead, they show up under the Transactions section, specifically under the Applied Rules tab.
3. Real-Time Application:
   1. Rules are applied in real time, meaning they are executed as soon as the transaction is processed.
   2. Depending on the specific use case, a transaction in SEON can be tied to various stages, such as customer onboarding, ongoing monitoring, payment screening or transaction monitoring.

Alerts:

1. No Transaction Data Changes:
   1. While alerts use the same triggering logic as rules, they do not modify the transaction data. The alert trigger simply raises a notification without making any changes made to the transaction itself.
2. Case Management Integration:
   1. Transactions that trigger an Alert will appear in the Case Management system. These alerts can then be escalated within the case management workflow for further action.
3. Asynchronous Execution:
   1. Custom alerts are executed asynchronously, which makes them suitable for triggers that require higher computational demand. For example, alerts can be used to monitor long-term transaction patterns, such as averages over a specific time period, or to trigger based on more complex calculations that require additional processing.

Managing Alerts

SEON's alert system allows you to efficiently manage investigations and distribute workloads between your fraud and AML teams. Here's everything you need to know about managing alerts effectively within the SEON platform. 

Assigning Alerts

When a new alert arises, it is automatically delegated to team members subscribed to the related alert trigger. The system ensures even task distribution by assigning new tasks to team members with the fewest pending tasks.

Once an alert is assigned to an AML analyst, their role is to assess whether the alert indicates a genuine AML threat requiring escalation, if it has a simple explanation, or if it’s a false positive.

Analysts can view their assigned alerts in a list format, similar to a task list, with the goal of clearing these alerts as efficiently as possible.

Additionally, alerts can be manually assigned to colleagues:

• Select one or more alerts from the list on the Alerts page.
• Click the Assign button at the bottom of the screen to delegate the alert to a specific team member.

Investigation checklists

Most organizations follow structured internal AML policies for clearing alerts, rather than handling them on an ad-hoc basis. SEON’s case management system supports this process through customizable checklists, ensuring that every alert is managed according to your internal procedures.

Reviewing alerts

In the Alert details page, all relevant information is organized into tabs, similar to how Transaction details are displayed in the Summary tab. 

Within the tab, you can find all relevant information organized into widgets.

You can also upload related documents for the alert as part of the investigation process in the Documents widget.

Analysts can take detailed Notes directly on the alert details page, aiding the investigation process by capturing valuable insights and ensuring that investigations are thoroughly documented.

All actions taken on the alert are logged in the Analyst Log tab, which can be exported or reviewed during audits.

From the Alert Details page, you can:

• Assign or reassign the alert to a team member.
• Change the status of the alert as the investigation progresses.
• Hide/show check list.

Alert statuses

All new alerts are initially created with an Open status, indicating that action is required.

Once an analyst begins working on an alert, they should update its status to In Progress to reflect ongoing activity.

Upon completing the investigation, the analyst has three options:

• Mark as False Positive: If the alert is determined not to be a threat.
• Close: If the alert identified an actual issue, but no further action is required.
• Escalate to a Case: If the alert requires further investigation, it can be escalated into a case, which will then appear in the Cases list.

Investigating cases

Overview

Once an alert is triggered, an analyst must determine whether it is a false positive. If it is not a false positive, the alert should be escalated to a case for further investigation. Multiple alerts and transactions can be linked to a single case, ensuring a comprehensive review.

Creating a case

You can create cases in two ways:

• From scratch: Navigate to the Cases page and click the New Case button.
• From an alert: On the alert details page, select Change Status and choose Escalate to a Case.

After escalating, you can either create a new case or add the alert to an existing case. If the user ID is already involved in an ongoing investigation, SEON will notify you with a link to the current case. You can easily add the new alert to this open case for a streamlined investigation process.

Case details

The Case Summary page is the central hub for investigations, containing all critical information about the case. This includes:

• The affected amount of suspicious behavior, which helps investigators assess the severity and determine the appropriate action.
• A list of alert triggers, which serve as red flags pointing to areas requiring further investigation.
• The number of linked Suspects and Linked transactions associated with the case.
• You can also add additional transactions to the case by clicking on the Customers activity tab, which shows all transactions related to the customer. Adding new transactions is as simple as selecting them from the list and linking them to the case.
• The Case Summary page also allows you to upload relevant documents that are connected to the case for record-keeping and further analysis.
• You can also provide a "Investigation Overview" to a case. This section serves as a place to summarize the investigation, document the conclusion, and explain the reasoning behind the final decision.

Case handling workflow

Once an alert is escalated to a case, you can assign the case to colleagues for investigation. During the escalation process, you can also set up the status of the newly created case. To change the status, simply click Change Status in the upper right corner of the Case summary tab.

Filing SAR reports (US only)

Connect SEON to Your FinCEN Account

Providing your FinCEN authentication details allows you too send SAR, CAR, CTR or Form 8300 reports directly to FinCEN from the SEON interface with a single click.

To set this up: 

• Navigate to Settings » Case Management » Filing Information
• Enter your FinCEN User ID and password 

Note: Important: A standard FinCEN account will not be sufficient – you need to apply for a direct filing user account separately to enable the direct filing feature with FinCEN.

Setting Up Your Institution Details

Manual work for entering your organization's data in every SAR filing is now a thing of the past.

You can input your organization’s details once, and SEON will automatically pre-fill them for all new reports. 

To configure:

• Settings » Case Management » Filing Information
• Input your institutional details, including:
• Identification numbers
• Taxpayer identification
• Regulator information
• Contact information

This ensures you have everything ready for efficient report submission to FinCEN.

Note: Pro Tip:
If you don’t have any affiliates or different locations where the transaction can occur, click the checkbox for Insert all applicable institution information to Activity Locations. This will allow us to fill in the transaction location section of your report automatically.

Filing SAR, CTR, 8300, CAR and amendment reports without manual work

Once the investigation of a case is complete, or a CTR or 8300 alert is triggered, you can start the reporting process to FinCEN.

Filing a report manually involves completing an extensive form with all relevant transaction details and red flags, which can take hours. SEON simplifies this process through the autofill capability, which automates repetitive tasks and allows you to complete reports with just one click.

Additionally, SEON provides helpful tooltips to guide less experienced SAR, CTR, and 8300 reporters throughout the process. Our SAR, CTR, 8300 file generator incorporates over 140 business validations, ensuring your SAR is accurately completed and meets FinCEN’s requirements.

Filing Options

Once your SAR report is ready and all validations have passed without errors, you have two options for issuing the report:

• Download and Upload: You can download your SAR report in XML or ZIP format, which you can easily upload to FinCEN's e-filing system.
• Direct Filing: If you have a direct filing connection set up with FinCEN, you can simply click the File Report to FinCEN button, and the report will be sent automatically.
   

After submission, the report’s status will change from Pending to either Accepted or Accepted with Warnings.

The status of your report will appear in your FinCEN account, and FinCEN will also send official email notifications. This ensures full governance of your reporting workflow with FinCEN. Additionally, SEON will automatically update the report’s status in your system for seamless tracking.

Easy Correction of Initial Reports

If FinCEN does not accept your report due to insufficient information, they will provide details on what needs to be corrected. This feedback is automatically integrated into SEON, making it easy to issue amended reports. 

To handle amendment requests:

• Navigate to the initial report with the Accepted with Warnings status (indicating that some information is missing as required by FinCEN).
• Click the Correct/Amend Prior Report button. SEON will create a new version of the report categorized as an Amendment Report that includes pre-filled data from the initial report.
• SEON will highlight the fields that need correction and auto-fill the BSA ID to link the amendment to the original report.
• Correct the highlighted fields, click File Report to FinCEN, and your amendment report will be submitted.

Setting Up Data Integration

It’s important to strike the right balance that maximizes your detection capabilities without causing unnecessary business overhead. Fortunately, SEON is here to assist you in identifying the right data.

There are several data types you can provide:

1. Customer Data: Information related to your customers, including their identity and any known affiliations or relationships that may be relevant to risk assessment.
2. Transaction Data: Details of individual transactions, such as amounts, currencies, locations, parties involved and transaction methods.
3. Geographic Data: Location-based information that helps identify trends or anomalies in transaction patterns, such as transactions originating from high-risk jurisdictions or unusual cross-border activity.
4. Counterparty Data: Information about entities involved in transactions, such as businesses, individuals or intermediaries, including their identities.
5. Organization Data: Providing detailed organization information, including contact details, enables automated prefilling of SAR forms, significantly reducing repetitive manual work.

SEON can also provide additional data signals to assist with your investigations:

1. Behavioral Signals: SEON analyzes transaction data to identify patterns in customer and account behavior that may indicate suspicious activity. This includes unusual transaction amounts, abnormal frequencies or irregular timing.
2. Alert Data: SEON generates alerts for potentially suspicious activities, providing details such as the alert type, severity levels and timestamps. This information helps prioritize investigations.
3. Compliance Data: SEON tracks all compliance-related activities, including due diligence checks, investigations, SAR filings and audit trails, ensuring you maintain a clear record of compliance actions.
4. Fraud Signals: SEON enhances your fraud detection by verifying emails, identifying risky emails, and providing IP address and phone number risk assessments. It also assigns an overall risk score based on your customer’s digital footprint.
5. AML Customer Screening: SEON checks individual and entity names against various watchlists and databases to identify potential matches with known criminals, terrorists or sanctioned individuals and entities. It also screens for politically exposed persons (PEPs) and adverse media mentions to assess reputational risks and ensure compliance with AML regulations.

Acceptable Data Formats

For a quick and seamless integration with SEON, we recommend starting by using our default transaction rules and enabling SAR autofill capabilities. To do this effectively, you need to have the correct data mapping in your API request. Upon request, the Service Team can provide the appropriate data mapping.

Optimizing Screening for Accuracy

Minimizing False Positives

• Use SEON's machine learning-suggested rules
• Utilize SEON's unique fraud signals to contextualize AML hits

Setting Risk Thresholds

• Start with SEON's recommended thresholds
• Monitor false positive rates and adjust as needed
• Use A/B testing to compare different threshold configurations

Team Collaboration

• Assign alerts to team members based on expertise
• Use the "Notes" feature to discuss complex cases
• Set up approval workflows for high-risk decision

Record Keeping

• Analyst Log: This log tracks and displays all actions taken on a case or alert, providing a comprehensive audit trail for transparency and accountability.
• Comments, Investigation Summary, and Investigation Checklist: These features ensure that every step of alert handling, escalation, and case investigation is properly documented. This detailed record-keeping supports future audits and compliance requirements, ensuring that all processes are traceable and meet regulatory standards.

Final Go-Live Checklist

Before going live, ensure you've completed the following:

• Configure API Request and Ensure Correct Data Format
• Configure team roles and permissions
• Enable relevant data sources
• Customize and test AML screening rules
• Implement false positive reduction measures
• Set up workflow automation
• Complete regulatory reporting integrations
• Team training on SEON's platform
• Test transactions through the system
• Keep SEON support team’s emergency contact information on hand

Support and Resources

Technical Support

• Email: support@seon.io
• SEON Knowledge Base: https://docs.seon.io/knowledge-base

Conclusion

By following this guide, you're well on your way to leveraging SEON's powerful AML Compliance solution, including our advanced transaction monitoring capabilities. Remember, our team is always here to support you in your compliance journey. We're committed to your success and look forward to helping you achieve a more efficient, effective and confident AML compliance program.

Welcome to the SEON family – together, we're redefining the future of financial crime prevention.