GH GambleHub

Operations and Compliance → Sanction Screening and PEP Filtering

Sanction screening and PEP filtration

1) Purpose and area

Reduce legal/financial risks and ensure compliance with licenses: weed out sanctioned persons/organizations, identify PEP and related persons, take into account negative media and take proportional measures. Applies to players (KYC), partners (KYB), providers and employees with access to personal data/finance.

2) Terms and coverage

Sanctions: prohibitions/restrictions on interaction with persons/organizations/courts/courts.
PEP (Politically Exposed Person): Public Officials and Their Closest Related Persons (RCAs).
Adverse media: significantly negative publications (financial crimes, corruption, etc.).
Match-The profile entry matches a list item (exact/probabilistic).
RCA (Relatives & Close Associates): spouse, children, business partners, etc.

3) Principles

1. Risk-Based Approach (RBA): The verification depth and frequency depend on the risk profile (country, payment method, amounts, role).
2. Explainable Matching: comparison rules are transparent; solution justification is stored.
3. Evidence-by-Design: Each hit/miss is accompanied by artifacts.
4. Privacy-first: minimum personal data, strict access, retention by law.
5. Continuous Screening: events → immediate rescreening; periodically - batch checks.
6. One Source of Truth: a single register of screening results and decisions (audit trail).

4) Sources and updates

Sanctions and control lists: global/regional/national; industry/territory; lists of carriers/vessels (if necessary).
PEP/RCA: multilevel (national/regional/international).
Adverse media: aggregated sources with risk categorization.
Updates: daily/weekly; keep the reference book version and loading time.

5) Screening policy (framework)

When we check: registration, before the first deposit/withdrawal, when changing payment details, reaching turnover thresholds, when changing the profile/address/document, when updating lists.
Who we check: players (KYC), partners/providers (KYB), employees with access (HR/KC).
What we do in case of matches: triage → confirmation/exclusion/escalation → measures: refusal/hold/EDD/closure.

Policy-as-Code (example): 
yaml policy_id: SANC-PEP-POL-001 scope: players, partners, employees triggers:
- on_event: signup, pre_deposit, pre_payout, kyc_update, payout_destination_change
- on_list_update: sanctions    pep    adverse_media risk_bands:
low: [EU_ trusted methods]
high: [high_risk_geo, multiple_payment_methods, turnover>threshold]
actions_by_match:
sanctions_confirmed: block_all & report & freeze_payouts pep_confirmed: edd & enhanced_monitoring adverse_media_high: manual_review & edd review_sla_days: 180 owner: head_of_compliance

6) Matching algorithms

Exact comparison: name + DR/document/country.
Fuzzy mapping: tokenization, normalization, transliteration/aliases, row distances; phonetics (e.g. Soundex/Metaphone-like).
Contextual weights: date of birth> citizenship> address> aliases> country.
Reduction of false matches: "must-have" fields, thresholds of similarity by name types, ignoring frequent words.
Geo sensitivity: for high-risk geo, the threshold is lower at fuzzy speed.
Whitelists with expiration: temporary exceptions (whitelist) with cause and term.

7) Rescreening triggers

Updating list version.
Profile events: change of full name/address/document, new output method.
Threshold amounts/turnover, limit increase, VIP status.
AML/Risk signals: velocity, source-to-source mismatch, device/IP anomalies.

8) Integrations and data

KYC/KYB: IDV/dock/registry providers; UBO/directors at partners.
Payments: "pre-payout" block and hold/reverse negotiation.
Case-management: Match cards, status and decision log.
DWH/BI: display cases by hit-rate/precision/quality drift.

9) Controls-as-Code (fragments)

Primary screening at enrollment/withdrawal: 
yaml control_id: SANC-PEP-SIGNUP scope: player_profile trigger:
expr: event in {signup, pre_deposit, pre_payout}
actions:
- screen: sanctions    pep    adverse_media
- block: payout if match_score>=0. 85 until triage_done evidence:
fields: [list_version, query_payload, top_matches]
owner: compliance_ops
Rescreening on list updates: 
yaml control_id: SANC-PEP-RESCREEN scope: population trigger:
expr: sanctions_list. version_changed==true OR pep_list. version_changed==true actions:
- enqueue: rescreen_batch(population_segments=[high_risk, active_payouts])
- notify: compliance_channel
PEP surveillance policy: 
yaml control_id: PEP-MONITOR-01 scope: players trigger:
expr: pep_status==confirmed actions:
- require: edd & source_of_funds
- monitor: payouts frequency>=weekly
- set: limits=pep_limits_schema
Negative media (high risk): 
yaml control_id: ADV-MEDIA-HI scope: players    partners trigger:
expr: adverse_media. severity in {high, severe}
actions:
- flag: manual_review
- limit: payouts "hold_24h"
- collect: additional_evidence

10) SOP (fragments)

SOP: Sanctions Match Triage/REP

1. Check context: full name/DR/citizenship/aliases/document.
2. Verify sources (record id, update date, legal status).
3. Solution: 'confirmed/ false_positive/inconclusive'.
4. For 'confirmed': apply measures (block/EDD/report), fix the justification.
5. For'inconclusive ': request additional data (document/address confirmation).
6. Close the case, update whitelist/blacklist (if applicable), attach evidence.

SOP: Rescreen when updating lists

1. Automatic batch start, segments: active payments, high-risk.
2. New Match Report, Case Allocation SLA.
3. Indirectly related accounts (RCA) - in a separate queue.

SOP: Communication with player/partner

1. Neutral wording, without disclosing internal criteria.
2. Dates and list of requested documents (if EDD is required).
3. Fixing communications in the case, reminders and deadlines.

11) Privacy, security, audit

RBAC/ABAC: only Compliance/MLRO has access to match details and documents.
Retention: keep results and evidence by jurisdictional timeframe; auto-cleaning.
Encryption: in transit/at rest; keys in HSM/Vault.
Audit: read/decision log, rule/threshold versions, autotest results.

12) Dashboards and metrics

Screening Overview: volume of checks, hit-rate by segment, fuzzy share.
Quality: Precision/Recall of confirmed cases, False Positive Rate, Time-to-Triage (P50/P95).
Latency: providers' response time, rescreening queue.
Drift: Changing name/geo distributions, rising proportion of uncertain matches.
Compliance: SLA compliance on reports and escalations.

KPI/OKR (target ideas):
  • Precision for sanctions ≥ 95%, for PEP ≥ 90%.
  • Time-to-Triage (P95) ≤ 24 h (sanctions), ≤ 48 h (PEP/adverse).
  • False Positive Rate ↓ QoQ without loss of Recall.
  • SLA rescreening when updating lists ≥ 98% on time.
  • Evidence Completeness ≥ 98%.

13) Checklists

Onboarding screening:
  • List sources are connected, versions are logged.
  • RBA policy approved, fuzzy thresholds agreed.
  • The process and roles (Compliance/MLRO) are assigned.
  • Integrations: KYC/KYB/Payments/Case-tool.
  • Dashboards and alerts deployed.
Case checklist (sanctions/POP):
  • Key fields (full name/DR/citizenship/aliases) are mapped.
  • Checked sources and record date.
  • Decision and measures are fixed; notifications have been sent.
  • Evidence attached, whitelist/blacklist updated (if needed).
Quality and control:
  • Rule/threshold autotests have passed.
  • Quarterly audit of decisions (sampling).
  • Drift monitoring is normal; thresholds revised.

14) Anti-patterns

"One threshold for all" without regard to geo and data quality.
No logging of list version and solution reasons.
Permanent whitelist without expiration and cause.
Two versions of the truth: Excel solutions and separate logs in the prod.
Unreasonable payment delays without ETA and communications.
Disabled rescreening for list updates.

15) 30/60/90 - plan

30 days (foundation):
  • Approve SANC-PEP policy, matching thresholds, roles, and SLAs.
  • Connect list providers; logging 'list _ version'.
  • Enable three basic controls: 'SIGNUP', 'PRE _ PAYOUT', 'RESCREEN'.
  • Deploy case management, dashboards and evidence storage.
60 days (scaling):
  • Add RCA/address media, high-risk and VIP segments.
  • Optimize fuzzy (transliteration/aliases), reduce FPR ≥ 20%.
  • Automate rescreening by events and list updates.
  • Include quality sampling and quarterly audits.
90 days (fixation):
  • Achieve Precision/Recall and Time-to-Triage target KPIs.
  • Integrate with AML (EDD/SoF) and payout gates (source-to-source).
  • Include KPI in command OKR, conduct external/internal audit.

16) FAQ

Q: How do you tell a namesake from a true match?
A: Use confirmation fields (DR/document/citizenship), geo context and aliases; for borderline - manual triage with confidence threshold.

Q: Do affiliates and their UBOs need to be screened?
A: Yes. KYB mandatory: UBO/directors + sanctions/PEP + negative media; when changing UBO - re-faith and rescreening.

Q: What to do with a confirmed sanction?
A: Immediate block, freeze payments, notifications to regulators/banks on jurisdictional requirements, retention of full evidence package.

Q: Why adverse media if there are sanctions?
A: It's often an early risk signal (before sanctions). Use for EDD/monitoring and preventive restrictions.

Contact

Get in Touch

Reach out with any questions or support needs.We are always ready to help!

Start Integration

Email is required. Telegram or WhatsApp — optional.

Your Name optional
Email optional
Subject optional
Message optional
Telegram optional
@
If you include Telegram — we will reply there as well, in addition to Email.
WhatsApp optional
Format: +country code and number (e.g., +380XXXXXXXXX).

By clicking this button, you agree to data processing.