Developer's Guide to Dynamic Sanctions Screening with Didit

Leverage Real-time WebhooksIntegrate Didit's webhooks to receive instant notifications about changes in AML screening status, enabling immediate response to new risks.

Automate with Serverless FunctionsUtilize Azure Functions for event-driven processing of webhook payloads, efficiently handling compliance workflows without managing infrastructure.

Ensure Continuous ComplianceImplement Didit's continuous monitoring feature to automatically rescreen users daily against global watchlists, maintaining up-to-date due diligence.

Didit Streamlines AML ProcessesDidit provides an AI-native, modular AML Screening solution with a two-score risk system and configurable thresholds, all accessible via clean APIs or a no-code Business Console, including a free core KYC tier.

The Imperative for Dynamic Sanctions Screening

In today's rapidly evolving regulatory landscape, static sanctions screening is no longer sufficient. Financial institutions and businesses across sectors must adopt dynamic, real-time approaches to Anti-Money Laundering (AML) and Counter-Terrorist Financing (CTF) compliance. The challenge lies in efficiently integrating these checks into existing systems, processing vast amounts of data, and responding swiftly to emerging risks. This is where the power of modern identity verification platforms, combined with serverless architectures, becomes invaluable. Traditional batch processing or manual reviews simply cannot keep pace with the fluidity of global sanctions lists and adverse media. A proactive, event-driven system is essential for minimizing exposure to financial crime and avoiding hefty regulatory penalties. Didit's AML Screening solution is designed to meet this demand, offering real-time screening against over 1300 global sanctions, PEP, and watchlist databases.

Understanding Didit's AML Screening and Webhooks

Didit's AML Screening is a core component of its identity platform, providing robust risk detection by screening users against global watchlists and databases. It employs a sophisticated two-score system: a Match Score for identity confidence and a Risk Score for entity risk level. This allows for precise identification of potential matches and accurate assessment of their associated risk. Matches with a Match Score below 93 are typically classified as false positives, while those above are considered 'unreviewed' and proceed to risk scoring. The Risk Score, influenced by factors like country risk and category (PEP/Sanctions), determines the final AML status (Approved, In Review, or Declined) based on configurable thresholds.

Crucially, Didit integrates seamlessly with your existing infrastructure through its webhook system. When an AML check is performed, or its status changes, Didit sends a real-time notification to a pre-configured endpoint. This immediate feedback loop is vital for dynamic sanctions screening, allowing your application to react instantly to new information. For instance, if a previously approved user is added to a sanctions list, Didit's continuous monitoring feature will detect this, trigger a status change, and send a webhook alert, enabling prompt action.

Setting Up Azure Functions for Webhook Processing

Azure Functions provide an ideal serverless environment for processing Didit's webhooks. They are event-driven, scalable, and cost-effective, executing code only when triggered by an incoming HTTP request (the webhook payload). This eliminates the need to provision or manage servers, allowing developers to focus purely on the logic of handling AML status updates.

Here’s a simplified Python example for an Azure Function that receives and processes a Didit webhook:

import logging
import json
import azure.functions as func

def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')

    try:
        req_body = req.get_json()
    except ValueError:
        return func.HttpResponse(
             "Please pass a JSON body in the request",
             status_code=400
        )

    # Assuming the webhook payload has a 'session_id' and 'aml_status'
    session_id = req_body.get('session_id')
    aml_status = req_body.get('aml_status')
    aml_report = req_body.get('aml_report') # Contains detailed AML data

    if session_id and aml_status:
        logging.info(f"Received webhook for Session ID: {session_id}, AML Status: {aml_status}")
        
        # Implement your business logic here based on aml_status:
        if aml_status == 'DECLINED':
            # Trigger alert, block user, send to manual review
            logging.warning(f"User {session_id} DECLINED due to AML match.")
        elif aml_status == 'IN_REVIEW':
            # Notify compliance team, mark for manual review
            logging.info(f"User {session_id} requires manual AML review.")
        elif aml_status == 'APPROVED':
            # Proceed with onboarding, update user status
            logging.info(f"User {session_id} APPROVED for AML.")

        # You can also parse the detailed aml_report for more granular data
        # For example, checking specific sanction matches or risk scores
        if aml_report and 'sanction_matches' in aml_report:
            for match in aml_report['sanction_matches']:
                logging.info(f"Sanction Match Found: {match.get('list_name')}, {match.get('matched_name')}")

        return func.HttpResponse(f"Webhook processed successfully for session {session_id}", status_code=200)
    else:
        return func.HttpResponse(
             "Webhook payload missing 'session_id' or 'aml_status'",
             status_code=400
        )

This function receives the webhook, extracts key information like session_id and aml_status, and then triggers appropriate downstream actions. This could involve updating a user's status in your database, notifying a compliance officer, or initiating further automated checks based on the detailed AML report provided by Didit.

Implementing Continuous Monitoring for Ongoing Compliance

One of the most powerful aspects of dynamic sanctions screening is continuous monitoring. Regulatory bodies increasingly require ongoing vigilance, not just a one-time check during onboarding. Didit's Continuous Monitoring feature automates this critical process. Once an AML check has been performed, Didit automatically rescreens the user daily against its comprehensive database of watchlists and sanctions lists. This zero-touch integration means you don't need additional development work to keep your customer due diligence up-to-date.

If new hits are found that exceed your configured review or decline thresholds, the session status changes accordingly (e.g., to 'In Review' or 'Declined'), and a webhook notification is immediately sent to your Azure Function. This allows your system to react in real-time to new risks, ensuring ongoing adherence to AML/KYC regulations and mitigating emerging threats. The Business Console also reflects these changes, providing a complete audit trail for compliance teams.

Best Practices for Robust Implementation

To ensure a robust and secure dynamic sanctions screening system, consider these best practices:

• Secure Webhook Endpoints: Always validate webhook signatures to ensure requests originate from Didit and haven't been tampered with. Azure Functions support built-in authentication and authorization.
• Idempotency: Design your webhook handler to be idempotent, meaning processing the same webhook multiple times has the same effect as processing it once. This prevents issues if webhooks are delivered more than once.
• Error Handling and Retries: Implement robust error handling and a retry mechanism for downstream actions. If a database update fails, ensure the system can reattempt or log the error for manual intervention.
• Logging and Monitoring: Comprehensive logging within your Azure Function is crucial for debugging and auditing. Monitor function execution and integrate with Azure Monitor for alerts on failures or anomalies.
• Configurable Thresholds: Leverage Didit's configurable compliance thresholds for Match Score and Risk Score. This allows you to fine-tune your risk appetite and compliance posture without code changes.
• Modular Workflows: Use Didit's orchestrated workflows in the Business Console to define the automated actions based on AML status changes, creating a flexible and adaptable compliance framework.

How Didit Helps

Didit provides the essential tools for implementing dynamic sanctions screening with unparalleled ease and efficiency. Our AML Screening & Monitoring product screens users against 1300+ global sanctions, PEP, and watchlist databases in real-time, utilizing an AI-powered two-score risk system with configurable compliance thresholds. The modular architecture means you can plug-and-play identity checks, while our developer-first approach offers instant sandboxes and clean APIs for quick integration. For businesses requiring ongoing vigilance, Didit's Continuous Monitoring automatically rescreens verified users daily, sending webhook alerts on new sanctions hits and status changes for ongoing compliance.

With Didit, you benefit from Free Core KYC, no setup fees, and a pay-per-successful check model, making advanced compliance accessible to businesses of all sizes. Our AI-native platform automates trust and orchestrates risk, reducing manual review and providing structured identity data for better decision-making.

Ready to Get Started?

Ready to see Didit in action? Get a free demo today.

Start verifying identities for free with Didit's free tier.