Sanctions screening

Introducing and automating Sanctions screening to achieve Anti-Money Laundering and Counter-Terrorist Financing compliance.

Product Uber Carshare

Role Product Manager

Timeframe November 2023 - September 2024

Results Achieved Anti-Money Laundering and Counter-Terrorist Financing compliance globally by introducing and automating Sanctions screening at Carshare

Background

Prior to Uber acquisition, Car Next Door did not have a Sanctions screening policy. When Uber acquired the business, this became a compliance requirement, especially with the goal of launching into the US and Canada. Uber has an existing team specialising in Sanctions screening and had a system in place, but since Carshare’s platform was still existing as a separate entity, our job was to connect the two together so that every member on the Carshare platform could be screened before any payments are made to them.

The ideal state was to have an automated system that would check when a new member signed up with Carshare and at each disbursement. We first established a manual MVP process then worked with the Uber Sanctions team to develop the automated process.

My role

My role as a Product Manager in the Risk squad was to first establish a manual MVP process. Once this was established and working consistently on a monthly basis, I worked on the ideal automated state and mapped out the flows for each scenario. I then broke down the scenarios and worked closely with the Uber Sanctions team to outline the requirements for each. I conducted business analysis and research, managed stakeholders, and collaborated closely with the Uber Sanctions team and the engineering team.

The process

1. Understanding Sanctions screening

Since this was a new area for me, I first needed to understand how Sanctions screening work and what needed to happen if a match was confirmed. Through Uber’s Global Sanctions screening policy document and speaking to the Uber Sanctions team, I narrowed down the whole process into this basic flow.

2. Establishing a manual MVP process

Manual MVP process for Sanctions screening was quite simple.

  1. Create a list of all users on the platform each month with member details to Uber Sanctions team.

  2. This list would be stored on a secured Google drive, only accessible to certain members on both Carshare and Uber teams.

  3. The list is then screened by the Uber Sanctions team, any flags or matches are marked on the list.

  4. Once Carshare receives the screened list, any flags or matches are notified to the Finance and Comms teams so that these members are not able to receive payment and an email is sent out to the member.

Carshare’s disbursement happened on a monthly cycle, to ensure all if not most members were screened at the time of processing payouts, we set the monthly list generation 3 days prior to the monthly cycle. This is because Uber team’s SLA was 48 hours and this lined up well and also gave us an additional 24 hours incase we needed to manually fix status on system.

This MVP process worked well but there were some downsides we needed to consider:

  • Inefficient manual process - each month, a list had to be created manually.

  • The Finance team had to keep a track of anyone who was blocked from payments.

  • The Communications team had to send out emails for blocked payments or banned status, these resulted in no response or questions that required additional work.

  • Human error - since there were multiple teams working manually, process was prone to human error.

  • Not screening at the time of disbursement - to cater for the Uber team’s 48 hour SLA, we had to conduct screening 3 days prior to the payout cycle, this meant anyone who fell within this 3 days would miss the payment cycle and had to wait another month.

This prompted us to develop the automated process to remove all of the inefficiencies and problems of the manual MVP process.

3. Automating Sanctions screening

In order to automate this process, there were three main steps that we needed to take.

  1. Have a one to one match of entity on Carshare and Uber - since we were still not fully integrated into the Uber ecosystem, we needed to created a way for us to identify an entity on both sides. We then had to create payment profiles for those entities since they could have more than one.

  2. Once we’ve established the entity and it’s payment profiles, we need to run the Disbursement API to check if the entity was cleared or blocked for payment.

  3. Lastly we needed to run the Go_Online API to check if the entity was cleared or banned on the platform.

Below are the workflows for entity creation, payment profile creation, callback URL webhooks and monthly disbursement.

Above flow shows when a new user logs in, we create a new entity profile on the Uber database. Is also triggers a entity profile update when a change is made to an existing entity profile.

Very similar workflow to entity profile, when a new bank account is added or account details are changed, it creates or update the payment profile on Uber database.

If Uber found a confirmed hit, potential hit or missing information, they would trigger a decision update callback URL. Carshare then hits the Disbursement workflow API or Go_Online workflow API to receive the updated decision, this decision would then trigger comms and change member status to blocked payment or banned status on the Carshare side.

We also needed to ensure both Disbursement and Go_Online APIs were hit at the time of monthly payouts to ensure we had the latest results from the Uber team. In theory this isn’t necessary since the callback URL webhook would notify our system of any changes, but we wanted to incorporate this as a fall back.

4. Getting the right set of data for entity creation

Uber Sanctions team required certain information for each member, to make sure we had the right data for every member, we had to collect these from various places. This is because Carshare has car owner and borrowers, as well as members in Australia, United States and Canada, and these regions all had slightly different data collection and structure.

5. Potential hits and missing information

A confirmed hit is very low for Sanctions screening with around 0.1%, what was more likely is that the information we had on file was not sufficient and therefore would flag the member.

When this occurred, we had to collect the data manually from a member. We had to do this discretely so not to create unnecessary concerns on the member.

We also had 30 days to collect the information from the member before they were banned from the platform. In order to collect the missing information, we created a procedure for an agent to follow starting with an initial outreach, 7 days, 14 days, 30 days and a final call. We created macros for each email template in Zendesk to minimise the work required from the agent.

Initially we created the MVP manual flow and also created a new flow for the automated process.

With the manual MVP process, Carshare agents were required to sent you missing information comms to the member to collect all the data. Each interaction was kept on a google sheet tracker.

The automated process allows us to push all the comms through the Uber team who already had their comms automated, this removed a lot of unnecessary work from our agents.

6. Getting agents ready to support members

Since Sanctions screening was a new process being introduced to Carshare, I wanted to ensure agents knew how to handle calls when they inevitably came. I mapped out a very basic flow and from there worked with content designer and legal team to draft a template for the agents handling the calls. Once the script was finalised, it was published on confluence for agents to follow.

Below illustrates the early stages of this thinking.

Results

  • Achieved Anti-Money Laundering and Counter-Terrorist Financing compliance globally by introducing and automating Sanctions screening at Carshare.

  • Manual MVP process was achieved within the first month of starting this project and automated process was achieve September 2024.

Reflection

  • Compliance projects are difficult to prioritise because they do not directly affect the business profitability but are necessary. Though the Uber Sanctions team was adamant the automation was important, I would not have completed it if I had a chance to do it over again. Once we started, sunk cost fallacy kept us going and in the end it took away important resources from improving the business that would have given us much needed profitability.

  • Working with other teams can be really difficult because you are not only competing with your own squad’s priorities but also theirs. It also did not help that we were all working in different time zones which made meetings a bit of a pain. In the future I would set a more concrete plan before starting on a project so we are all aligned on when it should be done and if we do not achieve it, what the plan might be.

See more of my work: