Firm Configuration Report ZIP delivery with expanded insights

We’ve enhanced the Firm Configuration Report (FCR) so that you can more easily understand your current screening setup and how it has changed over time. 

When an FCR is requested via API, it will now be delivered as a ZIP package containing three files:

1. Firm Configuration Report (PDF): A snapshot of the firm’s current screening configuration.
2. List of Lists (Excel): New with this release, this file provides a clear, filter‑aware view of which monitored lists a firm is screening against. Each FCR request regenerates this file to reflect the most current eligible lists. This file:
   • Shows included and excluded lists.
   • Accounts for the firm’s filter and, if applicable, CVIP profile.
   • Uses a dynamic list source so that new lists added to Grid appear automatically. Intentionally suppressed lists, for example, a test list used for validation, do not impact results.
3. Consolidated Filter & CVIP Audit Log (PDF): New with this release, this file provides a centralized history of filter and CVIP configuration evolution over time, showing when key screening rules were added, updated, or removed.
   • Includes up to 3 years of history.
   • Limited to 10,000 records per category, for example, FILTER_PROFILE or CVIP. If more than 10,000 changes exist in a category, only the most recent 10,000 records will be available
   • Covers filter and CVIP changes only. Other firm‑level changes are not included in this release.

For CVIP changes made before the March 3rd release, the audit entries do not include details of which risk event codes, stage codes, or entity types were modified.

For CVIP changes made after the March 3rd release: 

• Audit log will display a record indicating CVIP profile details along with the change request number, which is required, after every change.
• Some users may see Expression: STAGE[-1] in a CVIP Audit log rule record. This indicates the rule code has not been applied to any stages, as shown by the detail Stages: None in the record. This scenario is invalid but noted here for reference.

We have also enhanced the format of the Last Updated timestamp in the FCR to MM/DD/YYYY HH:MM UTC to improve consistency. This provides a precise and reliable reference that can be used for audits, internal control reviews, and regulatory documentation.

These changes reduce the need for ad‑hoc explanations of a firm’s screening configuration and recent history by providing a self‑service view directly within the FCR ZIP package. To learn more about this ZIP package, reach out to your Moody's representative.

Audit Log Search for self‑service filter and CVIP history

We have introduced a new Audit Log Search screen in Review to give you clearer visibility into how your screening configuration has changed over time.

The Audit Log Search screen allows you to:

• Review configuration history for filters and CVIP in one place.
• Search and filter audit records to identify what changed and when.
• Export the returned audit log records so they can be used for internal review or regulatory and audit documentation.

The PDF generated from the Audit Log Search screen includes only the events associated with the selected category, for example, just filter-related or just CVIP-related changes.

Key benefits

You can now review how your filter and CVIP configurations have evolved over time, prepare materials for governance or regulatory reviews, and answer common questions about firm configuration changes without contacting support.

This enhancement provides:

• Self‑service access to filter and CVIP configuration history in one place
• Faster answers to configuration change questions without manual investigation
• Standardized, exportable audit logs for client discussions, audits, and regulatory reviews
• Reduced reliance on support for routine configuration history requests

Notes

Audit Log Search provides configuration history within the following scopes.

• Searchable and exportable audit data is limited to a three-year date range.
• Records are limited to 10,000 per category, for example,  FILTER_PROFILE or CVIP. If there are more than 10,000 changes in a category, only the most recent 10,000 records will be available in the exports.
• Audit history focuses on filter and CVIP changes. Other firm‑level configuration changes are out of scope for this release.

For CVIP changes made before the March 3rd release, the audit entries do not include details of which risk event codes, stage codes, or entity types were modified.

For CVIP changes made after the March 3rd release: 

• Audit log will display a record indicating CVIP profile details along with the change request number, which is required, after every change.
• Some users may see Expression: STAGE[-1] in a CVIP Audit log rule record. This indicates the rule code has not been applied to any stages, as shown by the detail Stages: None in the record. This scenario is invalid but noted here for reference.

If you require a more exhaustive history than what is available in the UI and PDFs, contact your Moody’s representative.

Access

To access the Audit Log Search screen, you must have an audit-specific role enabled. If you can not currently access the Audit Log Search screen, please contact your Moody’s representative to request that the appropriate role be granted.

OAuth2 scope support for GRID webhooks

This release adds support for an optional OAuth2 scope parameter in Grid API webhook token requests. The scope value can be configured for your integration by a Moody’s team member. When enabled, it is included in the OAuth2 token request body while preserving existing behavior for all current integrations.

Inquiry History API performance and data quality improvements

We’ve enhanced the grid-service/v2/inquiry/history endpoint to provide:

• Faster responses: The query has been optimized, significantly reducing response times for Tracking IDs with very large volumes of related records.
• No duplicate entries: We’ve corrected issues that could cause duplicate entries to appear in the history response in certain batch scenarios.

No changes are required to your integration. The endpoint and payloads are unchanged, and all existing calls will automatically benefit from these improvements.

Upcoming data enhancement for Nordic Politically Exposed Persons (PEP) data

As part of our ongoing commitment to data excellence, we are making a significant enhancement to our Nordic Politically Exposed Persons (PEP) collection. We will be consolidating our data to a single, superior suite of lists for all Nordic PEP designations, built on the advanced Bogard Nordic PEPs methodology.

This upgrade substantially improves screening precision by integrating key national identifiers. The dataset now includes Social Security numbers for PEPs and their Relatives and Close Associates (RCAs) in Sweden and comprehensive date of birth information for them in Denmark, Norway, and Finland.

This data enrichment, combined with the systematic removal of outdated information, ensures closer alignment with regional regulations. Consequently, your team will experience a significant reduction in false positives and receive more relevant, actionable alerts.

List changes and timeline

Effective March 31st, 2026, we will be retiring our legacy PEP lists for the Nordic region to streamline our offering and improve screening efficiency. The Nordic PEPs lists will remain as the primary, high-quality data sets for all your Nordic PEP screening needs.

The following table details the datasets that will be decommissioned and those that will persist:

Transition actions

No action is required on your part. This transition is an internal process that will be managed entirely by our data services team to ensure service continuity.