Run a Sanctions and adverse media screening check using the API
This developer guide takes you through the steps to run a Sanctions and Adverse Media Screening check in the Passfort API 4.0 to get a list of a company's potential matches to sanctioned companies and, if you have access to politically exposed persons and adverse media results through your data provider, politically exposed persons (PEPs) and/or instances of adverse media.
To learn more about data provider results, see the data provider articles linked at the bottom of the description of the Sanctions and adverse media screening check.
This check can be run on the following tasks:
Assess sanctions (
COMPANY_ASSESS_SANCTIONS_EXPOSURE
)Assess sanctions and adverse media (
COMPANY_ASSESS_MEDIA_AND_SANCTIONS_EXPOSURE
)
Choose a profile and get the profile ID
Sanctions and adverse media screening checks are always run on profiles with the COMPANY
entity type.
Choose a company profile to run the check on, and take note of the profile's ID number, for example, a2c4393a-e219-67a4-5ab4-2186952e9038
. You'll need it to confirm it has the required fields and also to run the check later.
If you haven't created the profile yet, follow the steps to create a profile using the API. If you have access to the full Passfort product, you can also create a profile via the portal. To get the profile ID, view the profile in the portal and copy the string of letters and numbers after /profiles/
in the URL.
Confirm the profile has the required fields for the check
To see all data on the profile, make a request to the following endpoint.
Required endpoint:
GET https://api.passfort.com/4.0/profiles/{profile_id}
In this example, data is returned for a company profile named "Aerial Traders."
Sample response:
{ "applications": [ ... ], "category": "APPLICANT", "checks": [ ], "collected_data": { "entity_type": "COMPANY", "metadata": { "country_of_incorporation": "GBR", "name": "AERIAL TRADERS", "number": "012345678" ] } }, "collection_steps": [ ], "creation_date": "2021-05-06 10:51:40", "display_name": "AERIAL TRADERS", "document_images": [ ], "events": [ ], "has_associates": false, "id": "a2c4393a-e219-67a4-5ab4-2186952e9038", "last_modified_date": "2021-05-06 10:51:44", "linked_to": [ ], "role": "COMPANY_CUSTOMER", "root_id": "6bba3592-d9de-1ee5-8e97-ba8d8d13c558", "status": "NORMAL", "tags": [ ], "unresolved_event_types": [ ] }
Use the response to:
Confirm the profile has data for these required keys, which are in the collected_data
object:
metadata.country_of_incorporation
: The country in which the company is incorporated.metadata.name
: The legal name of the company.
If the required fields do not exist on the profile or do not contain valid data, the check will return an error when you try to run it.
To learn how to add/update the fields in the profile's collected_data
, see Update Passfort's profile data.
To learn which optional profile fields can be used for this check, see the information for your data provider: Configuring ComplyAdvantage, Dow Jones Risk and Compliance, Configuring Refinitiv World-Check One, and Configuring Moody's Grid.
If you're using the full Passfort product, you should also take this opportunity to confirm the profile has the tasks you want to run the check on and note the task ID (tasks.id
). Use the corresponding task alias (tasks.variant.alias
) to confirm you're looking at the right task. If there is more than one task with the same alias (which happens when a task has more than one version), use the task with "is_expired": "false"
.
Run the check
To run the check, send a request to the following endpoint.
Request endpoint:
POST https://api.passfort.com/4.0/profiles/{profile_id}/checks
By default, the Sanctions and adverse media screening runs asynchronously. You can also send mode
as a query parameter to run the check synchronously.
Body parameters:
When you make the POST
request, include the following parameters in the body.
Key | Value | Description |
---|---|---|
*Required string |
| The type of check that's being run. |
*Required object | For a sample value, see the following sample request body. | Object to indicate which variant of the check will run. |
*Required string This key is optional if | Sample value:
| The check variant alias. |
Optional string This key is required if | Sample value:
| The unique identifier for the check variant. |
In the next example, we'll run the check.
Sample request body:
{ "check_type": "COMPANY_PEPS_AND_SANCTIONS_SCREEN", "variant": { "alias": "screening_companies" } }
Sample response:
{ "check_type": "COMPANY_PEPS_AND_SANCTIONS_SCREEN", "id": "ea565b55-47d9-1858-4588-3a22a3838707", "instructed_on": "2021-06-08 11:13:43", "performed_on": "2021-06-08 11:13:43", "providers": [], "state": "PENDING", "task_ids": [], "variant": { "alias": "screening_companies", "id": "ea70ade9-3de3-1785-203b-68044cd3ecbb", "name": "Sanctions and adverse media screening" }, }
Take note of the check id
in the response because you'll need it for the next steps to get the check result.
If you're using the full Passfort product, you should also include the task_ids
in the request to indicate which task(s) the check should run on. If you don't provide a task_ids
, the check will run on whichever applicable task(s) the profile has. Because this check runs asynchronously, the check state
is expected to be PENDING
in the response.
Get the check result
Listen to the Check completed webhook to get a notification when the check is finished running and to learn what the result is.
This webhook sends a payload whenever results are returned from any check, including checks other than the Sanctions and adverse media screening.
Payloads from this webhook have several important keys:
secret
: Authenticate the request by ensuring this secret matches your secret.id
: The check ID. Use it to confirm the payload is for your check by matching it to the check ID you captured when you ran the check.data.check.check_type
: The type of check that was run. When the Sanctions and adverse media screening was run, the value will beCOMPANY_PEPS_AND_SANCTIONS_SCREEN
.data.check.result
: The result of the check. Possible results for the Sanctions and adverse media screening arePass
,PEP
,Sanction
,Media
,Refer
, orError
. To learn what causes these check results, see the description for the Company sanctions and adverse media screening result.
In this example, the Sanctions and adverse media screening discovered at least one sanction result for the company.
Sample payload:
{ "id": "33bae6b8-5689-b96b-143c-06e93ab8527e", "event": "CHECK_COMPLETED", "secret": "yourSecret", "timestamp": 1620300390, "data": { "check": { "check_type": "COMPANY_PEPS_AND_SANCTIONS_SCREEN", "id": "ea565b55-47d9-1858-4588-3a22a3838707", "result": "Sanction", "variant": { "alias": "screening_companies", "id": "ea70ade9-3de3-1785-203b-68044cd3ecbb", "name": "Sanctions and adverse media screening" } }, "customer_ref": null, "profile_id": "a2c4393a-e219-67a4-5ab4-2186952e9038" } }
See Get more information about the check result to learn which data was sent to the data provider and which data provider was used.
Get more information about the check result
If you want to get more information about the check result, make a call to the following endpoint.
In the request body, include the profile ID and the check ID.
Request endpoint:
GET https://api.passfort.com/4.0/profiles/{profile_id}/checks/{check_id}
Sample response:
{ "check_type": "COMPANY_PEPS_AND_SANCTIONS_SCREEN", "completed_on": "2021-06-08 11:18:01", "errors": [ ], "id": "ea565b55-47d9-1858-4588-3a22a3838707", "instructed_on": "2021-06-08 11:13:43", "performed_on": "2021-06-08 11:13:43", "providers": [ { "instructed_on": "2021-06-08 11:13:43", "is_monitored": true, "provider_name": "Grid", "variant_name": "grid_sync" } ], "started_on": "2021-06-08 11:13:43", "state": "COMPLETE", "task_ids": [ ], "variant": { "alias": "screening_companies", "id": "ea70ade9-3de3-1785-203b-68044cd3ecbb", "name": "Screening" }, "result": "Sanction", "decision": "FAIL", "input_data": { "entity_type": "COMPANY", "metadata": { "country_of_incorporation": "GBR", "name": "Aerial Traders" } }, "output_data": { "entity_type": "COMPANY", "sanctions_results": [ "aliases": [ "Aerial Traders Limited" ], "documents": [ ], "match_countries": [ … ], "match_id": "F0WGP81952TJM5T", "match_name": "Aerial Traders", "media": [ ], "modified_date": "2018-04-08 00:00:00", "pep": { "match": false, "roles": [ ] }, "profile_notes": "**Watch List (Sanction):** The request has been made in proceedings between Aerial Traders and Her Majesty's Treasury concerning restrictive measures adopted by the European Union. [2018-04-08]\n", "sanctions": [ "is_current": true, "name": "The request has been made in proceedings between Aerial Traders and Her Majesty's Treasury concerning restrictive measures adopted by the European Union.", "time_periods": [ { "from_date": "2018-04-08" } ], "type": "Watch List / Sanction" ] ], "score": 1.0 } }
Use the response to see:
input_data
: Shows which information about the company was sent to the data provider.output_data
: Shows the information returned from the check.providers
: Shows which data provider was used to run the check.
See sanctions, PEPs, and adverse media matches
If you want to learn which sanctions, and if your data provider shows them, which PEPs and/or adverse media matches a company has, make a call to the following endpoint. In the API, matches are called events.
POST https://api.passfort.com/4.0/profiles/{profile_id}/events
In this example, the company has one sanctions match.
Sample response:
[ { "creation_date": "2021-06-08 11:18:01", "data": { "entity_type": "COMPANY", "sanctions_results": [ "aliases": [ "Aerial Traders Limited" ], "associates": [ ], "documents": [ ], "event_type": "SANCTION_FLAG", "match_countries": [ … ], "match_countries_addresses": [ … ], "match_dates": [ … ], "match_id": "F0WGP81952TJM5T", "match_name": "Aerial Traders", "media": [ ], "modified_date": "2018-04-08 00:00:00", "previous_names": [ ], "profile_notes": "**Watch List (Sanction):** The request has been made in proceedings between Aerial Traders and Her Majesty's Treasury concerning restrictive measures adopted by the European Union. [2018-04-08]\n", "provider_name": "Grid", "sanctions": [ "is_current": true, "name": "The request has been made in proceedings between Aerial Traders and Her Majesty's Treasury concerning restrictive measures adopted by the European Union.", "time_periods": [ { "from_date": "2018-04-08" } ], "type": "Watch List / Sanction" ] ], "score": 1.0 }, "id": "033abcd3-33be-4166-9749-aee93b4c85e8", "resolution": "UNRESOLVED" } ]
Each object in the response corresponds to a sanctions, PEPs, or adverse media event.
These are all the events for the profile, not just the latest results from your check. Use the creation_date
to see which events were created recently and the event_type
to find the events that are relevant to you.
The event_type
could be any of the following:
PEP_FLAG
: The match is a politically exposed person (PEP).SANCTION_FLAG
: The match is a sanctioned company.ADVERSE_MEDIA_FLAG
: There is an instance of adverse media about the company.REFER_FLAG
: The match does not fall into any of the categories here.
Your data provider may group adverse media matches with refer matches. For more information, see the information about your data provider.
The data provider returns potential matches, and it's up to you to decide if these are true matches to the profile or if they should be ignored. The event's resolution
shows whether the event is:
UNRESOLVED
: This is a potential match for the company.MATCH
: The match is confirmed for the company.MISMATCH
: The match does not correspond to the company. This can happen when a user ignores the match via the portal, when the match is updated as a mismatch using the API , or when Passfort marks the match as a false positive.
IGNORE
and CREATED_TASK
are not used for the PEPs and sanctions screening.
The information in the data
object shows all the match information returned by the data provider. For example, it could show the aliases used by the match (aliases
), the associates of the match (associates
), or the sources used to get the information about the match (sources
). This information should help you make your decision about whether the match is a true match to the company or whether it should be ignored.
For a list of all the possible fields that can be returned in the data
object, see the response for Get a list of profile events in the full Passfort API reference.
Update sanctions, PEPs, and adverse media matches
Once you've used the information in the data
object to determine whether the match is a true match to the company or whether it should be ignored, you can update the event with the new resolution
.
To update the event, send the new resolution
to the following endpoint. The resolution
can be one of the following:
MATCH
: The match is confirmed as a true match to the individual.MISMATCH
: The match does not correspond to the individual.
Request endpoint:
POST https://api.passfort.com/4.0/profiles/{profile_id}/events/{event_id}
In this example, we'll update the match for Aerial Traders to be a true match to the company.
Sample request body:
{ "resolution": "MATCH" }
Sample response:
{ "creation_date": "2021-06-08 11:18:01", "data": { "entity_type": "COMPANY", "sanctions_results": [ "aliases": [ … ], "associates": [ ], "documents": [ ], "event_type": "SANCTION_FLAG", "match_countries": [ … ], "match_countries_addresses": [ … ], "match_dates": [ … ], "match_id": "F0WGP81952TJM5T", "match_name": "Aerial Traders, "media": [ ], "modified_date": "2018-04-08 00:00:00", "previous_names": [ ], "profile_notes": "**Watch List (Sanction):** The request has been made in proceedings between Aerial Traders and Her Majesty's Treasury concerning restrictive measures adopted by the European Union. [2018-04-08]\n", "provider_name": "Grid", "sanctions": [ … ] ], "score": 1.0 }, "id": "033abcd3-33be-4166-9749-aee93b4c85e8", "resolution": "MATCH" }
Monitored Sanctions and adverse media screening
Some data providers offer ongoing monitoring for the Sanctions and adverse media screening. This means that after the check has been run the first time, the profile is monitored for any new matches that could be imported to the check results. To find out how to enable ongoing monitoring in the Policy Builder, see the article for your data provider.
To update the profile with any new matches that your data provider discovers, first ensure you're listening to the Events created webhook.
Your data provider may also update a match. To handle any updated matches that your data provider discovers, ensure you're listening to the Events updated webhook.
You can choose which webhooks to listen to by logging in to the portal following the instructions described in How to configure webhooks.
After this:
If the data provider discovers new matches for the profile, the Events created webhook will be fired. If the data provider discovers updated matches for the profile, the Events updated webhook will be fired. Either webhook will have one of these values for the
event_type
:PEP_FLAG
,SANCTION_FLAG
,ADVERSE_MEDIA_FLAG
, orREFER_FLAG
. You can see sample payloads in the API resources.When you receive the payload, take note of the
profile_id
to learn which profile is impacted andevents.id
to get the ID of the new event.Make a call to the following endpoint to get the details of the event:
POST https://api.passfort.com/4.0/profiles/{profile_id}/events/{event_id}
Follow the preceding steps to update the match resolution to indicate whether it's a true match or a mismatch.
The Events updated webhook also fires when you update the resolution
of a match. Make sure you only act on the payload when it shows that the data returned does not match an event you've just updated.
It's important to look at the event_type
in the payload because the Events created and Events updated webhooks fire for any check type with ongoing monitoring, including checks other than the Sanctions and adverse media screening.