PEP screening and sanction lists

1) Why do you need it

• prevent customers, partners and transactions with sanctions risks;
• Identify Politically Exposed Persons (PEPs) and Associated Persons for Enhanced Verification (EDD);
• reduce reputational and regulatory risks by complying with the requirements of licensing authorities and payment partners.

2) List sources and types

• International and supranational: UN, EU.
• National: USA (OFAC), UK (HMT), Canada, Australia, etc.
• Local/industry: lists of law enforcement officers, financial supervisory authorities, export control.

• International, national and local officials.
• Close relatives and "related persons" (RCA/Close Associates).
• Former PEPs - remain at increased risk for a specified period (conditional 12-36 months, by policy).

• Adverse Media (negative media): topics - corruption, fraud, laundering, illegal gambling, terrorism, etc.

3) PEP classification (example)

PEP-level 1 (state upper echelon): heads/deputy heads of state, ministers, parliamentarians, senior judges, management of state-owned companies.
PEP-level 2 (region/municipality): governors, mayors, deputies of the regional level, judges of the subjects.
PEP-related persons (RCA): spouse, parents/children, partners, beneficiaries, business companions.
Former PEPs: Retain increased attention status for the duration set by the policy.

4) Embedding in processes (LCC/LCC/disbursement)

Onboarding: primary sanction and PEP screening for all clients/partners/UBO/directors.
Payments/conclusions: a short rescreen of sanctions before significant tranches.
Ongoing: daily list updates → automatic rescreen of the live database.
Event: when changing full name, citizenship, address, UBO, payment details, devices.

5) Matchmaking: Quality, Transliteration and Fuzzy

• Transliteration (Latin/Cyrillic, etc.), accounting for double surnames, patronymics, ordinal prepositions (bin/ibn/de/van).
• Clearing accents/diacritics, unifying registers and spaces.
• Division into tokens: last name, first name, patronymic/middle name, aliases.

• `≥ 0. 94 '- High Confidence: High level auto-alert, immediate clearing required.
• `0. 88–0. 93 '- Medium: manual clearing by analyst.
• `0. 80–0. 87 '- Low: secondary signals (date of birth, citizenship, address) are required; otherwise auto-deviation.

• Date of birth, citizenship/country of residence, known aliases, position and period, address/region, related companies.

6) The process of clearing matches (tiered review)

1. Alert created (sanctions/PEP/Adverse Media).
2. Level-1 check (operator): compare full name/dates/citizenship, context (position/period).
3. Level-2 (AML specialist): confirmation/rejection, if necessary - request for documents/explanations.
4. MLRO/Level-3: final decision on complex cases, escalation (block/EDD/SAR).
5. Documentation: record matching criteria, sources, results and motivation of the decision (audit trail, WORM storage).

• Sanction high-alert: immediately/up to 4 hours.
• PEP medium-alert: up to 24 h.
• Adverse Media: up to 48 hours (unless there is a blocking risk).

7) Control actions

• Confirmed match → immediate freeze/fail, SAR/STR if necessary and regulator/bank notification per procedure.
• The edge case → the critical function block before clearing is complete.

• Assign PEP/RCA status, perform EDD (sources of funds/wealth), set thresholds and manual checks of large transactions.
• Increased frequency of rescreening and monitoring (transactions/Adverse Media).

• Categorize by topic/severity (A/B/C).
• For A/High - MLRO escalation, suspension pending clarification is possible.
• For B/C - monitoring, conditions/limits, surveillance plan.

8) Adverse Media: How not to "clutter" an alert

Sources with high confidence, disabling the "yellow" press and takes.
Thematic filters: only economic crimes, corruption, terrorism, organized crime groups, illegal gambling.
Case/person deduplication, aggregation of articles into one event.
Language models/search operators for extracting facts (no AI decision "instead of" human).

9) Metrics and quality control

Precision/Recall on sanctions and PEP alerts.
False Positive Rate and mean clearing time.
Auto-clear vs Manual-review rate.
Coverage: the share of the base that has passed the daily rescreen.

Reopen Rate: Returns of cases after "false clear."

Audit Findings Closed on Time.

10) Solution architecture (recommendations)

Data Ingestion: daily (or more often) update of sanctions and PEP registers from the vendor + local sources.
Matching Engine: normalization, transliteration, fuzzy metrics, auxiliary fields (DOB, citizenship).
Decision Layer: escalation rules, thresholds, integration with ML signals (affiliations, link graph).
Case Management: priority queues, solution templates, SLA timers, four-eye control.
WORM storage: immutable logs, profile versions and evidence base files.
Observability: metrics/logs/trails, versioning dictionaries and thresholds, canary-inclusion of new rules.
DLP/Security: encryption, RBAC/ABAC, secret management, upload restriction.

11) Policies and thresholds (example)

Fuzzy match thresholds: High ≥0. 94; Medium 0. 88–0. 93; Low 0. 80–0. 87 (configurable by language/alphabet).
PEP-EDD: mandatory for all current PEPs and RCAs; for former PEPs - by RBA within N months of leaving.
Rescreening: sanctions - daily; PEP/Adverse Media - daily by delta and event by profile change.
Payouts: Sanctions rescreen before major withdrawal/cross-border payout.
Documentation: motivation of decisions, links to sources/screenshots, L2/MLRO signatures.

12) Checklists

• Sanctions: full-name + aliases + date of birth/citizenship.
• PEP status + RCA, authorization period.
• Adverse Media: relevant topics, trusted sources.
• Dossier: archive of solutions, versions, SLA tags.

• Sanctions - fast rescreening.
• For PEP, update EDD/SOF/SOW (if deadlines expire).
• Check if the payment instrument owner matches.

• Change of full name/citizenship/address/UBO.
• Atypical geo-activity or new payment details.
• New negative high-category media signal.

13) Working with false matches (False Positives)

Pull up secondary fields (DOB, citizenship) to quickly weed out.
Keep "whitelist solutions" with TTL and conditions (e.g. valid until DOB/citizenship change).
Use "reason codes" to learn rules and adjust thresholds.
Regular calibration sessions with MLRO/analytics.

14) Privacy, fairness and explainability

Minimization of data and legal basis for processing; DPIA when adding new sources.
Non-discrimination: countries/ethnic characteristics are not grounds in themselves - only regulatory statuses and facts.
Explainability: keep factors that influenced the decision; ready-made communication templates without tipping-off.

15) Communication templates (fragments)

• "In order to comply with anti-money laundering legislation, we are required to confirm the sources of funds/wealth... (list of documents)... Thanks for understanding"

• "Your request is subject to standard regulatory review. We will report the result as soon as it is complete"

16) Solution matrix example

17) Implementation: Roadmap

1. Approve policy, roles (RACI), match thresholds and SLAs.
2. Integrate list provider + local sources, set up updates.
3. Launch the normalization/fuzzy match engine and case system.
4. Train teams (L1-L3 levels, clearing, documentation).
5. Pilot 2-4 weeks, then threshold/rule calibration and Board/MLRO report.
6. Quarterly rule/metric reviews, annual policy audit.

Result

A strong PEP and sanction circuit are accurate data sources, competent normalization of names, transparent fuzzy match thresholds, clearing discipline and continuous rescreening. Pair this with EDD/SOF for PEP, tidy work with Adverse Media, good documentation and metrics - and you get a managed, auditable and efficient process that meets regulatory requirements and payment partner expectations.