OH

WF-09 — Sanctions Refresh & Rescreen

End-to-end process map for daily sanctions source synchronization, delist handling and risk-based enterprise rescreening. Owner: Ahmed Al Blooshi (MLRO) · Version 4 (active since 02 May 2026) · Last run: 17 Jul 2026 05:00.

WF-09 CMP-06
Open Sanctions Sync
Last successful sync
05:22
17 Jul 2026 · all 4 sources
Delta today
+14 / −3
14 new active · 3 delisted (retained)
Rescreen batch
99.8%
RSB-2026-0198 · 1,842 parties
Potential hits open
2
1 closed false positive today
Manual holds
1
EU list delta anomaly · MLRO release
Process map — happy path Trigger: source update Per §8.2 Table 14
Source update published Fetch & validate source / version / checksum Compute delta · mark delists (dated, never deleted) Activate list version (checker) Risk-based enterprise rescreen batch Review potential hits (maker-checker) Batch complete · evidence archived

Legend: start / trigger plain = system step · gate = control or approval · terminal (happy) · terminal (exception). Historical screening decisions are never erased by a refresh (CMP-06).

Exception paths3 modelled exceptions
Scheduled fetch 05:00 Fetch source Timeout / checksum mismatch Retry ×3 per provider SLA Source failure — provider incident · stale-data banner on screening
Rescreen batch running Worker checkpoint every 500 parties Queue stall > 60 min Resume from checkpoint (idempotent) Partial batch — completion < 100% at breach · escalate to MLRO
Delta computed Anomaly rule: delta > ±20% of list size Automatic activation hold Manual hold — MLRO release with reason required · prior version stays active
Owner & definition (§8.3)Published v4
Workflow ID
WF-09
Owner
ABAhmed Al Blooshi — MLRO
Version
4 · effective 02 May 2026 · validated + simulated before publication
Trigger
Sanctions source update (scheduled daily 05:00 GST or provider push)
Preconditions
Licensed source credentials valid · queue healthy · prior list version active
States
Fetching → Validating → Delta → Activation → Rescreening → Review → Complete
Terminal outcomes
Batch complete Source failure Partial batch Manual hold
Required evidence
Source version + checksum · delta report · delist dates · activation approval · batch completion report · hit decisions with reviewer
Policy snapshot
Approvals resolve from authority policy at activation; re-evaluation only via named legal/security rule
Controls (Table 14, expanded)CMP-06
ControlEnforcementStatus
No silent deleteRemoved entries marked delisted with dates; history immutableEnforced
Batch completion visibilityCompletion % and stragglers on Sanctions Sync; incomplete batches block sign-offEnforced
Source / version validationSchema + SHA-256 checksum per fetch; version monotonicity checkEnforced
Risk-based populationRescreen population from approved rule RS-POP-02 (risk ≥ Medium, active relationships)Enforced
Maker-checker on hitsYusuf Karim proposes · Noura Saeed decides · self-review blocked (SoD)Enforced
Activation anomaly holdDelta > ±20% requires MLRO release with reason1 hold open
Exception paths & recovery
ExceptionDetectionRecoveryAuthority
Source failureFetch timeout / checksum mismatch after 3 retriesProvider incident on Provider Health; screening banner “list stale since …”; manual re-fetchMLRO
Partial batchCompletion < 100% at 12h breachResume from checkpoint (idempotent retry); stragglers requeued; completion report notes gapCompliance admin
Manual holdDelta anomaly rule ±20%MLRO reviews delta report, releases or rejects version; prior version remains active throughoutMLRO only
False positiveReviewer decision on potential hitClosed with reason + evidence; decision retained for future match suppressionKYC Checker
Timers & escalation (§8.3)Calendar: 24/7 (compliance)
TimerCalendarWarningBreachEscalation
Fetch & validate24/7 · daily 05:00 GST+30m+2hCompliance admin → MLRO
Version activation24/7+1h+4hMLRO (Ahmed Al Blooshi)
Rescreen completion24/7+8h+12hMLRO + platform on-call
Hit review (per hit)Business (Mon–Fri)18h24hChecker → MLRO → AML case
Manual hold decisionBusiness (Mon–Fri)4h1 dayMLRO → Compliance dashboard flag
Screens involved
Today’s delta detail — no silent deleteList version LV-2026-198
SourceVersionAddedDelistedDelist handling
UN Consolidatedv2026-07-1692Marked delisted 17 Jul · retained
OFAC SDNv2026-07-1551Marked delisted 17 Jul · retained
EU Consolidatedv2026-07-1600Held — delta anomaly (−24%)
UAE Local Listv2026-07-1000No change
Total1430 records deleted
Worked instance — run SYNC-2026-0717-01 · rescreen batch RSB-2026-0198 In review · 2 hits open
  • 17 Jul 2026 · 05:00
    Fetch — UN Consolidated v2026-07-16
    SHA-256 a91f…c22e verified · OFAC SDN v2026-07-15 fetched · EU + UAE polled
  • 05:04
    Validate — schema & version checks passed (3 of 4 sources)
    EU Consolidated delta −24% breached anomaly rule → automatic activation hold, prior EU version stays active
  • 05:09
    Delta — 14 new active, 3 delisted
    Delisted entries marked with delist date 17 Jul 2026; historical decisions untouched (CMP-06)
  • 05:22
    Activation approved — list version LV-2026-198
    Checker: Noura Saeed · authority snapshot AUTH-2026-0717 · UN + OFAC + UAE active; EU held
  • 05:25
    Rescreen batch queued — RSB-2026-0198
    Population 1,842 parties via rule RS-POP-02 (risk ≥ Medium, active relationships incl. Falcon Trading FZ-LLC UBOs)
  • 08:41
    Batch 99.8% complete — 1,839 clear · 3 potential matches
    3 stragglers resumed from checkpoint and completed 08:55; completion visible on Sanctions Sync
  • 09:20
    Hit 1 closed — false positive
    “Khalid Mansour” name-only match, DOB + nationality mismatch · closed by Noura Saeed, reason + evidence stored
  • 11:05
    Hit 2 escalated — AML case AML-2026-031
    Ahmed Al Blooshi (MLRO) · source evidence linked immutably · case access restricted
  • 14:00
    Hit 3 pending review — SLA due 18 Jul 09:00
    Assigned Yusuf Karim (maker) → Noura Saeed (checker) · warning at 18h

Static render mockup — no live data. Source: ERP Modern Development Specification v2.0 · Covers: WF-09, CMP-06.