Blog Main Image

PEP screening and sanctions screening are both essential AML controls, but they do different jobs. PEP screening identifies elevated bribery and corruption risk, while sanctions screening identifies persons, entities, or jurisdictions subject to legal restrictions. Used together, they help regulated financial services teams make stronger onboarding decisions, support ongoing monitoring, and build a more complete view of customer risk. 

Key takeaways: 

  • PEP screening and sanctions screening serve different purposes, but both are essential for effective AML compliance.
  • PEP screening helps identify customers who may require enhanced due diligence because of elevated corruption or bribery risk, while sanctions screening identifies persons, entities, or jurisdictions subject to legal restrictions.
  • A PEP match starts a risk assessment. A confirmed sanctions match requires firms to take immediate action in line with applicable sanctions laws.
  • PEP and sanctions checks should continue throughout the customer relationship through ongoing monitoring, not just during onboarding.
  • Bringing PEP screening, sanctions screening, adverse media screening, KYB, KYC, and ongoing monitoring together helps firms build a more complete view of customer risk and make more consistent onboarding decisions.

What is PEP screening?

PEP screening exists because some customers present a higher risk of bribery or corruption due to the public positions they hold, not because they are suspected of wrongdoing. 

What is a politically exposed person?

A politically exposed person (PEP) is, in the FATF's words, “an individual who is or has been entrusted with a prominent public function.” Screening obligations also extend to relatives and close associates (RCAs), as financial crime often flows through those relationships rather than through the PEP directly.

For acquirers, payment providers and PayFacs, this means screening goes beyond the named merchant. A director, shareholder, or beneficial owner may be a PEP or an RCA, and identifying that connection is the firm's responsibility.

Not all PEPs present the same level of risk:

  • Foreign PEPs, i.e heads of state, senior politicians, military leaders, judges, and executives of foreign state-owned enterprises, are generally treated as higher risk and require enhanced due diligence. 
  • Domestic PEPs and officials of international organizations, including the UN, IMF, and World Bank, require a risk-based assessment. The FCA's FG25/3 states that domestic PEPs should generally be treated as lower risk than foreign PEPs unless other risk factors exist.

PEP status indicates exposure to bribery and corruption risk, not wrongdoing. FATF makes clear that PEP measures "should not be interpreted as meaning that all PEPs are involved in criminal activity." A PEP match requires enhanced scrutiny, not automatic rejection, and refusing a customer solely because they are a PEP is inconsistent with FATF Recommendation 12 and the FCA's risk-based approach.

What is sanctions screening?

Sanctions screening identifies persons, entities, or jurisdictions that are subject to legal restrictions or prohibitions. Unlike PEP screening, it isn't used to assess risk. It's a legal compliance control that helps firms avoid prohibited dealings. 

Sanctions are instruments of foreign policy and national security. Governments and multilateral bodies use them to restrict dealings with specific persons, entities, and jurisdictions through asset freezes, transaction prohibitions, investment bans, and trade restrictions. The major lists for firms in regulated payments are:

Screening against these lists helps firms prevent prohibited dealings and meet their AML and CTF obligations. 

Being sanctioned doesn’t mean elevated risk in the PEP sense, it just means the relevant authority has determined that dealing with this party may be legally prohibited. A merchant screened clean at onboarding can be designated the following morning, which is why sanctions screening must continue after onboarding and why delayed action can create serious compliance consequences. 

PEP screening vs sanctions screening: the key differences

PEP and sanctions screening often use the same data and technology, but they address different risks and require different responses. The comparison below highlights the key differences. Confusing the two can lead to inconsistent risk decisions or missed legal obligations. 

PEP Screening Sanctions Screening
Purpose Identify individuals with elevated bribery or corruption risk due to their public position. Identify persons, entities, or jurisdictions subject to legal restrictions or prohibitions.
What it identifies Elevated risk, not wrongdoing. A legal designation.
What a match means Starts a risk assessment. Triggers legal obligations.
Typical response Enhanced due diligence, additional approvals, source of wealth or funds checks, and enhanced ongoing monitoring. Block or freeze activity where required, escalate internally, and report to the relevant authority.
Role of risk assessment Central. The response depends on the customer's risk profile. Limited. Once a true match is confirmed, the required response is usually non-discretionary.
Regulatory basis FATF Recommendation 12: Enhanced Due Diligence (EDD), and jurisdiction-specific AML/CTF rules on enhanced due diligence and ongoing monitoring. OFAC, UN Security Council measures, EU and UK sanctions regimes, DFAT, and other jurisdiction-specific sanctions regimes.

Confusing the two creates risk in both directions. Treating a PEP match as grounds for automatic rejection is inconsistent with a risk-based approach. Treating a confirmed sanctions match as something to assess rather than act on immediately can result in a regulatory breach. Recognizing the distinction helps firms handle each alert more appropriately and supports both legal compliance and risk management. 

Why financial services teams need both

PEP and sanctions screening address different risks, so regulated firms need both. A customer can be a PEP without appearing on a sanctions list, while a sanctioned individual or entity may have no political exposure. The overlap is limited, making each control necessary.

The distinction is reflected in the FATF Recommendations. Recommendation 12 covers PEPs, while Recommendation 6 covers targeted financial sanctions. Together they form part of an effective AML/CTF program, with separate obligations and different responses.

For firms supporting merchant onboarding in the UK, merchant onboarding in Australia, and merchant onboarding in the US, the underlying expectation is consistent even though local rules differ. The FCA, AUSTRAC, and OFAC all expect firms to screen appropriately for both PEPs and sanctions. Treating them as a single control, or relying on one without the other, creates a compliance gap that regulators readily identify.

Who should be screened?

PEP and sanctions screening should extend beyond the individual submitting the application. Depending on the customer type, ownership structure, and jurisdiction, firms may also consider screening: 

  • Customers: The individual or business applying for the relationship.
  • Ultimate beneficial owners (UBOs): Individuals who ultimately own or control the business.
  • Directors: Individuals responsible for managing and governing the business.
  • Related parties: People connected to the customer or business who may influence the overall risk assessment.
  • Relatives and close associates of identified PEPs: Connected individuals who may also require screening under a risk-based approach.

Screening beyond the applicant helps firms understand who owns, controls, or influences the business, providing a more complete view of customer risk. 

When should PEP and sanctions checks be run?

PEP and sanctions screening should begin before a customer is onboarded and continue throughout the customer relationship. A customer's risk can change over time, and many regulators expect firms to keep customer due diligence up to date through ongoing monitoring.

PEP and sanctions screening should be performed at key stages of the customer lifecycle, including:

  • Before onboarding: Screen customers before establishing the relationship.
  • During onboarding: Screen new customers, beneficial owners, directors, and other relevant parties before the account becomes active.
  • On an ongoing basis: Monitor for changes in PEP status, sanctions exposure, or adverse media throughout the customer relationship.
  • After key ownership or account changes: Rescreen when ownership, directors, beneficial owners, or other significant account details change.

While periodic reviews remain an important part of customer due diligence, firms should also use ongoing monitoring and event-driven rescreening to identify new risks as they emerge. A customer's risk can change between review cycles, making ongoing monitoring and event-driven rescreening equally important for identifying new PEPs, sanctions exposure, or adverse media as risks emerge. 

What happens when a match is found?

A screening alert isn't a decision. It's the start of a workflow, and that workflow depends on whether the match relates to sanctions or a politically exposed person.

When a sanctions match is identified

First confirm the match is genuine by cross-checking details such as date of birth, nationality, and other available identifiers. If confirmed, firms must act in line with the applicable sanctions regime, which may include blocking or freezing action, reporting, and internal escalation. Depending on the jurisdiction, that may include reporting to the relevant authority, for example, OFAC within 10 business days under 31 CFR 501.603 or to OFSI for UK firms. 

When a PEP match is identified

A PEP match should trigger a risk assessment rather than an automatic decline. The outcome of that assessment determines the appropriate response. For customers assessed as higher risk, firms may apply enhanced due diligence (EDD), obtain additional approvals, or increase ongoing monitoring. 

A PEP match is not an automatic rejection

A PEP match starts a risk-based review. Depending on the jurisdiction and customer profile, firms may apply enhanced due diligence, additional approvals, or closer ongoing monitoring.

Alert handling and management-by-exception

Not every screening alert is a true match. Effective screening workflows use a management-by-exception approach, where false positives and lower-risk matches are filtered out so reviewers can focus on genuine or higher-risk cases.

Clear alert handling procedures should define how matches are reviewed, when cases are escalated, and who is responsible for approving higher-risk PEP matches. Clear alert handling improves consistency, reduces unnecessary manual reviews, and supports a stronger audit trail. 

Why disconnected screening creates risk

PEP and sanctions screening does not end once a customer has been screened. Firms still need to investigate matches, apply enhanced due diligence, document decisions, and continue monitoring risk over time. When those activities are split across disconnected tools, maintaining a consistent view of customer risk becomes much harder.

Risk visibility starts to fragment. Teams spend more time gathering context, tracing decisions, and reconciling outcomes across systems that do not share the same customer view. Common issues include: 

  • Duplicate reviews: Customer information and screening results may need to be reviewed multiple times across different systems. 
  • Disconnected risk assessments: PEP and sanctions screening results may not automatically feed into enhanced due diligence, onboarding decisions, or ongoing monitoring. 
  • Delayed alert handling: Compliance teams may spend more time gathering supporting information before they can investigate or clear a potential match. 
  • Inconsistent decision-making: Different teams may make onboarding or compliance decisions without access to the same customer information or previous review history. 
  • Gaps in auditability: Evidence, approvals, and investigation outcomes can become difficult to trace when they are stored across multiple platforms. 

What regulated firms should review in their screening process

A well-designed screening program should be able to answer yes to each of the following:

  • Screening runs before customer activation, not afterwards.
  • The named customer, directors, beneficial owners, and relevant RCAs are all screened.
  • Sanctions lists are updated as soon as new designations are published.
  • Match thresholds are configured for the firm's jurisdiction and risk appetite.
  • Alerts have clear ownership, escalation paths, and approval requirements.
  • PEP classifications are reviewed periodically and de-escalated through documented decisions where appropriate.
  • Ongoing monitoring continues throughout the customer relationship.
  • Audit trails record both decisions and the reasoning behind them.

Firms that can confidently answer yes to all of these are generally better placed to demonstrate effective compliance than those relying on fragmented or outdated screening processes.

From verified to trusted onboarding

PEP and sanctions screening plays an important role in merchant onboarding, but it is only one part of the overall onboarding decision. To understand the full risk of a merchant, payment providers also need to consider other risk signals, including transaction behavior, geographic exposure, industry risk, business model complexity, and historical fraud patterns.

This is the difference between verified and trusted onboarding.

Verified onboarding means individual checks have been completed. A merchant may pass PEP and sanctions screening, KYB, KYC, or other verification checks, but passing each control independently does not always provide a complete understanding of risk.

Trusted onboarding takes a broader, risk-based approach. It brings together PEP screening, sanctions screening, adverse media, beneficial ownership, KYB, KYC, risk rules, and ongoing due diligence to build a complete view of customer risk. Rather than relying on isolated checks, firms combine risk signals, auditability, and operational controls to make more confident and consistent onboarding decisions.

Bringing these controls together requires more than standalone screening tools. It requires an onboarding process where customer data, risk assessments, and compliance decisions work together to support confident, consistent decision-making. 

How OnBoard by MVSI supports connected screening

OnBoard by MVSI supports this connected approach by bringing digital onboarding, KYB, KYC, AML screening, underwriting, and ongoing customer due diligence into one governed workflow. Rather than treating PEP and sanctions screening as standalone checks, it connects screening results to the broader onboarding decision so teams can act with greater consistency, visibility, and control. 

Key capabilities include:

  • Connected onboarding workflows: Bring PEP and sanctions screening, KYB, AML, underwriting, and OCDD together within a single onboarding process.
  • Ongoing monitoring: Continue monitoring PEP status, sanctions exposure, and adverse media throughout the customer relationship.
  • Configurable workflows: Tailor screening rules, review processes, and escalation paths to align with your organization's risk appetite.
  • Audit-ready decisioning: Maintain a complete audit trail of screening results, risk assessments, approvals, and onboarding decisions.
  • One connected workflow: Replace disconnected point solutions with a single workflow that supports consistent, risk-based onboarding decisions.

This connected approach helps payment providers manage customer risk more consistently while maintaining the governance, visibility, and auditability expected throughout the merchant onboarding lifecycle. For providers operating across partners, regions, or branded channels, it also supports consistent screening and governance within white-label onboarding journeys

PEP screening and sanctions screening work better together

PEP screening and sanctions screening answer different questions, but neither is sufficient on its own. Used together, they help firms build a more complete understanding of customer risk. 

The firms that do this well don't treat screening as a standalone compliance task. They connect PEP screening, sanctions screening, KYB, KYC, beneficial ownership, adverse media, and ongoing due diligence within a wider merchant onboarding and compliance workflow. This helps keep onboarding decisions grounded in a complete view of customer risk rather than individual screening results. 

As regulatory expectations continue to evolve, the objective is no longer just to complete compliance checks. It's to make faster, more consistent, and more defensible onboarding decisions supported by connected risk data and well-governed processes.

Book a Demo 

Explore AML On Demand 

Disclaimer: This article is provided for informational purposes only and does not constitute legal, regulatory, or compliance advice. PEP screening, sanctions screening, AML obligations, and reporting requirements vary across jurisdictions. Organizations should seek appropriate professional advice when developing or reviewing their AML and customer due diligence programs. 

Frequently Asked Questions

What is the difference between PEP and sanctions screening?

PEP screening identifies individuals who may present a higher risk of bribery or corruption because of the positions they hold. Sanctions screening identifies persons, entities, or jurisdictions subject to legal restrictions or prohibitions. A PEP match triggers a risk assessment, while a confirmed sanctions match requires firms to meet their legal obligations.

Can I do business with a PEP?

Yes. PEP status is not a legal prohibition, but it may require enhanced due diligence, additional approvals, and closer ongoing monitoring. The appropriate response depends on the customer’s risk profile and the jurisdiction involved.

What happens when a sanctions match is found?

Confirm the match is genuine, halt the transaction, freeze assets where required, and report to the relevant authority. For OFAC that means within 10 business days under 31 CFR 501.603. The obligation is non-discretionary.

How often should PEP and sanctions checks be run?

PEP and sanctions checks should begin before onboarding and continue throughout the customer relationship through ongoing monitoring. Because sanctions lists and customer risk can change at any time, firms should also perform event-driven rescreening when ownership, control, or other significant customer information changes.

Are family members of a PEP also subject to screening?

Often, yes. Depending on the jurisdiction and the firm’s risk-based approach, screening may extend to relatives and close associates because financial crime risk can flow through those relationships as well as through the PEP directly.

Does PEP status last forever?

Not always. PEP treatment varies by jurisdiction. For example, some regimes apply enhanced due diligence for a defined period after a person leaves office, while others require firms to make a documented risk-based decision about when enhanced treatment is no longer required.

What is adverse media screening and why does it matter?

Adverse media screening identifies publicly available information that may indicate financial crime, fraud, corruption, or other reputational risks. Used alongside PEP screening, sanctions screening, and ongoing monitoring, it helps firms build a more complete picture of customer risk and supports enhanced due diligence for higher-risk relationships.

Scroll To Top Arrow