Sanctions Screening / Learning brief
Name matching and fuzzy logic
Your notes
In simple terms / 01
What this means in plain language
How fuzzy matching catches names that resemble a sanctions-list entry without being spelled identically — handling transliteration, spelling variants, missing words, and word order — and why that reach is bought at the price of innocent lookalikes.
Names are unreliable labels, and sanctions screening is built around that fact. The same person can be written Mohammed, Muhammad, or Mohamed depending on who transliterated the name from another script; family names come first in some cultures and last in others; a typist can drop or double a letter anywhere. A control that demanded letter-perfect spelling would miss the very party a list describes, because list entries and payment records are written by different hands. Fuzzy matching is the answer: a set of techniques that match a name whose spelling, pattern, or sound is close to a list entry without being identical. It deliberately accepts a cost — more innocent people with similar names are stopped for a moment and then cleared. Screening makes that trade on purpose, because a check that only catches perfect spellings is barely a check at all. The dial that governs the trade is the match threshold.
Complete lesson / 02
Understand the full idea, step by step
Type a friend's name into your phone's contacts search with one letter wrong and it still finds them. The search is not looking for an identical string — it is looking for something close enough. A sanctions filter faces the same problem with far higher stakes, because a listed party rarely arrives spelled exactly as the list has it.
Why exact matching fails on purpose-built data
Exact string comparison fails for reasons baked into the data, not because anyone erred. Transliteration — rewriting a name from Arabic, Cyrillic, Chinese, or another script into Latin letters — has no single correct answer, so one real person legitimately appears under several spellings. Naming conventions differ: patronymics, the order of given and family names, and compound family names all vary by culture. Payment messages add their own noise through abbreviation and truncation, because a field has limited room. So a list entry and a payment can point at the same party while sharing not one identical character.
Fuzzy matching — matching names that are close without being identical
Fuzzy matching is a family of algorithm-based techniques that flag a name whose spelling, pattern, or sound is close to a list entry without being the same. It answers the transliteration problem directly. List issuers help from their side by publishing aliases and original-script names, which is why an engine matches against every alias on an entry, not only its primary name — a hit on an alias is precisely how a known alternate name of a listed party gets caught.
Inside the matching pipeline
- VALIDATION
Normalise. Strip case, diacritics, punctuation, titles, and legal-form suffixes, so surface differences stop generating either misses or noise.
- VALIDATION
Tokenise. Split the name into parts, so a reversed given-and-family order can still line up rather than defeating the match.
- VALIDATION
Score by similarity. Edit-distance counts the character changes to turn one string into another; phonetic methods compare how names sound; n-gram methods compare overlapping letter fragments to catch partial overlaps and missing words.
- VALIDATION
Combine and threshold. Real engines weight several techniques by field, because no single one catches every class of variation, then compare the combined score against the configured line.
Match threshold
The threshold is the configured line a similarity score must cross to raise an alert. It is the practitioner's main dial, and it has no universally correct setting. Tighten it and alert volume falls, but the risk of missing a genuinely misspelled target rises. Loosen it and fewer real variants slip through, but the queue fills with namesakes who must each be cleared by hand. Because there is no free setting, the calibration is a documented risk decision — usually differentiated by list, by data type, and by field.
| Tighter threshold | Looser threshold | |
|---|---|---|
| Alert volume | Lower — fewer holds | Higher — more holds to clear by hand |
| False positives (innocent lookalikes) | Fewer | More |
| False negatives (a real target missed) | More likely | Less likely |
| What it costs | Risk of missing a variant spelling | Reviewer time on namesakes |
What is worse — a false positive or a false negative?
They are not equal. A false positive is an innocent party held by mistake: costly and annoying, but recoverable, because a reviewer clears it with evidence. A false negative is a genuine target that slipped through unseen: a real sanctions breach that no one noticed. Because the two failures are asymmetric, screening is deliberately tuned to over-alert rather than under-alert — the innocent lookalikes in the queue are the accepted price of not missing the real one.
COMMON CONFUSION
“A good screening engine should be tuned until it stops producing false positives.”
Driving false positives to zero would mean tightening the filter until it also misses real variants — trading a recoverable nuisance for an unnoticed breach. The goal is not zero alerts; it is a defensible balance, documented and tested, in which the cost of catching variation is paid in namesakes rather than in missed targets.
STRICTLY SPEAKING
Strictly speaking, standards here are principles-based: no authority prescribes a specific algorithm or a magic number. An institution instead defines the variation classes it intends to catch — transliteration variants, letter transpositions, missing name parts, reordering — and tests the engine against constructed fictional examples of each. A capability that has never been verified is an assumption, not a control. None of this is guidance on evading a filter; it is how an institution sets, explains, and later defends the sensitivity of its own control.
FOR NOW, REMEMBER
- Exact matching fails by design of the data: transliteration, naming conventions, and truncation mean the same party appears under many spellings.
- Fuzzy matching scores closeness using edit-distance, phonetic, and n-gram techniques, and matches against every alias on an entry.
- The match threshold trades false positives against false negatives; there is no cost-free setting, so it is a documented risk decision.
- False negatives (a missed target) are worse than false positives (a recoverable hold), so screening is tuned to over-alert.
TRY IT YOURSELF
An institution is under pressure to cut its screening alert queue and proposes raising the match threshold sharply. From a sanctions-risk view, what is the most important thing to weigh?
A close name only opens a question. The next lesson shows what closes it: how dates of birth, nationalities, and document numbers turn a lookalike into a confident release or a confirmed concern.
KEEP GOINGKey takeaways / 03
Three things to remember
- 01
Listed names arrive spelled inconsistently, so exact string comparison would miss real targets.
- 02
Fuzzy matching catches close spellings, sound-alikes, missing words, and reordered names.
- 03
The reach is paid for in false positives, tuned through a documented match threshold.
Practical use cases / 04
Where you would use this
A screening engineer calibrates the match threshold per list and field, documenting why each setting balances missed targets against alert volume.
A model-testing analyst builds fictional transliteration and word-order variants to confirm the engine actually catches each class of variation.
A reviewer uses secondary identifiers to clear a fuzzy name collision, or to confirm a true match caught on an alias.
Worked example / 05
Put the idea into a real situation
Illustrative example: a fictional listed name reads Aleksandr Voronov. A payment names its beneficiary Alexander Voronoff. Exact comparison finds no match because five characters differ, but fuzzy matching scores the pair at 88 against a configured threshold of 80 — the first name is a common transliteration variant and the doubled final consonant is a near, not identical, spelling. The engine raises an alert for a reviewer, who compares birthdates and nationality before deciding. A second payment addressed to Voronoff Alexander — the same two words in reversed order — also scores above the line, because the matcher compares name parts rather than a fixed sequence. Both payments are held for review, and a plain letter-for-letter filter would have released both. The comparison here is illustrative; real engines combine several techniques and weight them by field.
Evidence & review / 07
Evidence & review
Name-matching in sanctions screening generally; algorithm choices and thresholds are set per institution, not by a single standard.
What this brief simplifies: Names three technique families to convey the idea; production engines blend more methods, weighted per field. No specific algorithm or numeric threshold is prescribed.
Sources for this brief2
- Market practice
Wolfsberg Group Sanctions Screening Guidance ↗ — The Wolfsberg Group
Wolfsberg guidance is industry market practice, not law; institutions vary in how they apply it.
- Simplified educational illustration
Payments Signal editorial teaching models — Payments Signal
Used wherever diagrams, scenarios, figures, or example values are didactic constructions rather than sourced facts; every such use carries a simplifications disclosure. All people, companies, banks, and list entries in examples are fictional.