Customer screening is central to FCA-regulated onboarding, but phonetic matching and fuzzy search limits mean firms must test tools carefully to avoid missed risk signals.
In my professional view, customer screening is one of the most critical components of onboarding for any FCA-regulated entity. It is not merely a procedural requirement—it is a core control that enables a firm to understand who it is dealing with, assess financial crime exposure, and meet its regulatory obligations.
However, effective screening requires more than simply integrating a well-known provider. It requires a clear understanding of how the screening engine actually works—and, more importantly, where its limitations lie.
To better understand these mechanics, we tested two widely used screening engines from major global providers. For Clarity, they are referred to below as Provider A and Provider B.
Based on testing and provider confirmation, screening engines primarily rely on phonetic name search. Additional data—such as date of birth, nationality, or gender—is not used to generate new search results, but rather to confirm whether a detected match is valid.
This approach ensures consistency and reduces excessive false positives. However, it also creates a structural limitation: if the name is not phonetically matched, additional identifiers will not compensate for that mismatch.
This is where the concept of fuzziness becomes particularly relevant.
Fuzziness allows minor spelling variations when searching for names. Settings typically range between 0% (exact match only) and 100% (maximum deviation), with most firms operating between 0% and 40%.
For example:
- In a 5-letter word, one letter deviation equals 20%.
- Therefore, fuzziness must exceed 20% to return a match.
However, the theoretical flexibility of fuzzy matching does not always translate into practical effectiveness.
During testing, Provider A confirmed that, at 40% fuzziness, fuzzy logic applies only to words with 7 or more letters. Therefore, shorter names are not subject to fuzzy search at all.
Case observations
Case 1: Friedrich Merz
German politician and Politically Exposed Person.
Fuzzy spelling tested: Friedrich Mertz
- Provider A (40% fuzziness): No match
- Provider B: Match found
Provider B confirmed that its engine applies approximately 22% fuzziness without a minimum word-length restriction and categorises results from weak to exact. However, like Provider A, it does not use secondary data to initiate new searches.
Case 2: Xu Lin
Chinese politician and Politically Exposed Person.
Fuzzy spelling tested: Xu Lun
- Provider A: No match
- Provider B: No match
Despite adding date of birth, nationality, and gender, no match was generated. Both providers confirmed that additional data serves only as a validation tool, not as a search trigger.
These results highlight an important operational reality: fuzzy matching is constrained by structural rules, and short names represent a heightened risk of false negatives.
The purpose of this analysis is not to criticise any specific provider. Screening vendors are transparent about their system limitations. However, in my experience, not every firm conducts a sufficiently deep technical review before relying on the output of such systems.
From a compliance and risk management perspective, I strongly recommend that firms:
- Thoroughly analyse and document all technical limitations of a potential screening provider before entering into an agreement.
- Independently test the screening system—particularly fuzzy matching and short-name scenarios—before implementation and at least every six months thereafter.
- Prioritise accurate name input by integrating screening data directly from identity documents, with manual input used only for a secondary screening.
- Apply enhanced scrutiny to short names, which present a structurally higher risk of false negatives.
- Consider using a second independent screening resource to reduce reliance on a single matching methodology and strengthen overall control effectiveness.
Screening technology is essential—but it is not infallible. Compliance effectiveness depends not only on having a screening engine in place but also on understanding its logic, testing its boundaries, and implementing appropriate governance.
In financial crime prevention, technology supports judgment—it does not replace it.
